- `RFC-6022 <https://tools.ietf.org/html/rfc6022>`__
-- `draft-ietf-netconf-yang-library-06 <https://tools.ietf.org/html/draft-ietf-netconf-yang-library-06>`__
+- `RFC-7895 <https://tools.ietf.org/html/rfc7895>`__
**Netconf-connector is fully model-driven (utilizing the YANG modeling
language) so in addition to the above RFCs, it supports any
.. important::
- There are 2 different endpoints related to RESTCONF protocols:
-
- - | ``http://localhost:8181/restconf`` is related to `draft-bierman-netconf-restconf-02 <https://tools.ietf.org/html/draft-bierman-netconf-restconf-02>`__,
- | can be activated by installing ``odl-restconf-nb-bierman02``
- Karaf feature.
- | This user guide uses this approach.
+ Since 2022.09 Chlorine there is only one RESTCONF endpoint:
- | ``http://localhost:8181/rests`` is related to `RFC-8040 <https://tools.ietf.org/html/rfc8040>`__,
- | can be activated by installing ``odl-restconf-nb-rfc8040``
+ | can be activated by installing ``odl-restconf-nb``
Karaf feature.
- | In case of `RFC-8040 <https://tools.ietf.org/html/rfc8040>`__
- resources for configuration and operational datastores start
+ | Resources for configuration and operational datastores start
``/rests/data/``,
| e. g. GET
http://localhost:8181/rests/data/network-topology:network-topology
http://localhost:8181/rests/data/network-topology:network-topology?content=nonconfig
for operational datastore.
- | Also in case of `RFC-8040 <https://tools.ietf.org/html/rfc8040>`__,
- if a data node in the path expression is a YANG leaf-list or list
+ | Also if a data node in the path expression is a YANG leaf-list or list
node, the path segment has to be constructed by having leaf-list or
list node name, followed by an "=" character, then followed by the
leaf-list or list value. Any reserved characters must be
| e. g. GET
http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf?content=config
for retrieving data from configuration datastore for
- topology-netconf value of topology list is equivalent to the deprecated request
- | |ss| GET |se|
- http://localhost:8181/restconf/config/network-topology:network-topology/topology/topology-netconf,
- which is related to `draft-bierman-netconf-restconf-02
- <https://tools.ietf.org/html/draft-bierman-netconf-restconf-02>`__.
-
- Examples in the `Spawning new NETCONF connectors`_ section include both bierman02 and rfc8040
- formats
+ topology-netconf value of topology list.
Preconditions
^^^^^^^^^^^^^
2. In Karaf, you must have the ``odl-netconf-topology`` or
``odl-netconf-clustered-topology`` feature installed.
-3. Feature ``odl-restconf`` must be installed
+3. Feature ``odl-restconf-nb`` must be installed
Spawning new NETCONF connectors
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. list-table::
:widths: 1 5
- * - bierman02
- - http://localhost:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/new-netconf-device
* - rfc8040
- http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=new-netconf-device
.. list-table::
:widths: 1 5
- * - bierman02
- - http://localhost:8181/restconf/config/network-topology:network-topology/topology/topology-netconf
* - rfc8040
- http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf
Headers:
-- Accept: application/yang.patch-status+json
+- Accept: application/yang-data+json
-- Content-Type: application/yang.patch+json
+- Content-Type: application/yang-patch+json
Example JSON payload to modify the password entry:
.. list-table::
:widths: 1 5
- * - bierman02
- - http://localhost:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/new-netconf-device
* - rfc8040
- http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=new-netconf-device
Just invoke (no body needed):
GET
-http://localhost:8080/restconf/operational/network-topology:network-topology/topology/topology-netconf/node/new-netconf-device/yang-ext:mount/
+http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=new-netconf-device/yang-ext:mount?content=nonconfig
This will return the entire content of operation datastore from the
-device. To view just the configuration datastore, change **operational**
+device. To view just the configuration datastore, change **nonconfig**
in this URL to **config**.
Writing configuration data to the device
**ncmount** tutorial app.
POST
-http://localhost:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/new-netconf-device/yang-ext:mount/Cisco-IOS-XR-ifmgr-cfg:interface-configurations
+http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=new-netconf-device/yang-ext:mount/Cisco-IOS-XR-ifmgr-cfg:interface-configurations
::
netconf devices). Invoke:
POST
-http://localhost:8181/restconf/operations/network-topology:network-topology/topology/topology-netconf/node/new-netconf-device/yang-ext:mount/ietf-netconf-monitoring:get-schema
+http://localhost:8181/rests/operations/network-topology:network-topology/topology=topology-netconf/node=new-netconf-device/yang-ext:mount/ietf-netconf-monitoring:get-schema
::
A `Docker <https://www.docker.com/>`__ container with netopeer will be
used in this guide. To install Docker and start the `netopeer
-image <https://index.docker.io/u/dockeruser/netopeer/>`__ perform
+image <https://hub.docker.com/r/sysrepo/sysrepo-netopeer2>`__ perform
following steps:
1. Install docker http://docs.docker.com/linux/step_one/
::
- docker run --rm -t -p 1831:830 dockeruser/netopeer
+ docker run -it --name sysrepo -p 830:830 --rm sysrepo/sysrepo-netopeer2:latest
3. Verify netopeer is running by invoking (netopeer should send its
HELLO message right away:
::
- ssh root@localhost -p 1831 -s netconf
+ ssh root@localhost -p 830 -s netconf
(password root)
Mounting netopeer NETCONF server
using RESTCONF by invoking:
GET
-http://localhost:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/netopeer/yang-ext:mount/
+http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=netopeer/yang-ext:mount?content:config
Northbound (NETCONF servers)
----------------------------
- `RFC-6022 <https://tools.ietf.org/html/rfc6022>`__
-- `draft-ietf-netconf-yang-library-06 <https://tools.ietf.org/html/draft-ietf-netconf-yang-library-06>`__
+- `RFC-7895 <https://tools.ietf.org/html/rfc7895>`__
Notifications over NETCONF are not supported in the Boron release.
invoking:
GET
-http://localhost:8181/restconf/operational/network-topology:network-topology/topology/topology-netconf/node/controller-mdsal/yang-ext:mount
+http://localhost:8181/rests/data/network-topology:network-topology/topology=topology-netconf/node=controller-mdsal/yang-ext:mount?content:nonconfig
.. note::
::
<yang-library xmlns="urn:opendaylight:netconf-node-topology">
- <yang-library-url xmlns="urn:opendaylight:netconf-node-topology">http://localhost:8181/restconf/operational/ietf-yang-library:modules-state</yang-library-url>
+ <yang-library-url xmlns="urn:opendaylight:netconf-node-topology">http://localhost:8181/rests/data/ietf-yang-library:modules-state</yang-library-url>
<username xmlns="urn:opendaylight:netconf-node-topology">admin</username>
<password xmlns="urn:opendaylight:netconf-node-topology">admin</password>
</yang-library>
.. code-block::
- PUT
- /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/global/credentials HTTP/1.1
+ PUT HTTP/1.1
+ /rests/data/odl-netconf-callhome-server:netconf-callhome-server/global/credentials
Content-Type: application/json
Accept: application/json
.. code-block::
- POST
- /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/global HTTP/1.1
+ PUT HTTP/1.1
+ /rests/data/odl-netconf-callhome-server:netconf-callhome-server/global/accept-all-ssh-keys
Content-Type: application/json
Accept: application/json
.. code-block:: json
{
- "global": {
"accept-all-ssh-keys": "true"
- }
}
Device-Specific Configuration
Netconf Call Home Server uses device provided SSH server key (host key)
to identify device. The pairing of name and server key is configured in
``/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices``.
-This list is colloquially called a whitelist.
+This list is colloquially called a allowlist.
-If the Call-Home Server finds the SSH host key in the whitelist, it continues
+If the Call-Home Server finds the SSH host key in the allowlist, it continues
to negotiate a NETCONF connection over an SSH session. If the SSH host key is
not found, the connection between the Call Home server and the device is dropped
immediately. In either case, the device that connects to the Call home server
'''''''''''''''''''''''''''''''''''''''''''''''''''
Adding specific device to the allowed list is done by creating
-``/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device/{device}``
+``/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device={device}``
with device-id and connection parameters inside the ssh-client-params container.
*Configuring Device with Credentials*
.. code-block::
- PUT
- /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device/example HTTP/1.1
+ PUT HTTP/1.1
+ /rests/data/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device=example
Content-Type: application/json
Accept: application/json
"username": "example",
"passwords": [ "password" ]
},
- "ssh-host-key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDHoH1jMjltOJnCt999uaSfc48ySutaD3ISJ9fSECe1Spdq9o9mxj0kBTTTq+2V8hPspuW75DNgN+V/rgJeoUewWwCAasRx9X4eTcRrJrwOQKzb5Fk+UKgQmenZ5uhLAefi2qXX/agFCtZi99vw+jHXZStfHm9TZCAf2zi+HIBzoVksSNJD0VvPo66EAvLn5qKWQD4AdpQQbKqXRf5/W8diPySbYdvOP2/7HFhDukW8yV/7ZtcywFUIu3gdXsrzwMnTqnATSLPPuckoi0V2jd8dQvEcu1DY+rRqmqu0tEkFBurlRZDf1yhNzq5xWY3OXcjgDGN+RxwuWQK3cRimcosH"
+ "host-key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDHoH1jMjltOJnCt999uaSfc48ySutaD3ISJ9fSECe1Spdq9o9mxj0kBTTTq+2V8hPspuW75DNgN+V/rgJeoUewWwCAasRx9X4eTcRrJrwOQKzb5Fk+UKgQmenZ5uhLAefi2qXX/agFCtZi99vw+jHXZStfHm9TZCAf2zi+HIBzoVksSNJD0VvPo66EAvLn5qKWQD4AdpQQbKqXRf5/W8diPySbYdvOP2/7HFhDukW8yV/7ZtcywFUIu3gdXsrzwMnTqnATSLPPuckoi0V2jd8dQvEcu1DY+rRqmqu0tEkFBurlRZDf1yhNzq5xWY3OXcjgDGN+RxwuWQK3cRimcosH"
}
}
}
Configuring Device with Global Credentials
'''''''''''''''''''''''''''''''''''''''''''''''''''
-It is possible to omit 'username' and 'password' for ssh-client-params,
+It is possible to omit ``username`` and ``password`` for ssh-client-params,
in such case values from global credentials will be used.
*Example of configuring device*
.. code-block::
- PUT
- /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device/example HTTP/1.1
+ PUT HTTP/1.1
+ /rests/data/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device=example
Content-Type: application/json
Accept: application/json
.. code-block::
- PUT
- /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device/example HTTP/1.1
+ PUT HTTP/1.1
+ /rests/data/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device=example
Content-Type: application/json
Accept: application/json
.. code-block::
- PUT
- /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device/example HTTP/1.1
+ PUT HTTP/1.1
+ /rests/data/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device=example
Content-Type: application/json
Accept: application/json
.. code-block::
- POST
- /rests/operations/netconf-keystore:add-keystore-entry HTTP/1.1
+ POST HTTP/1.1
+ /rests/operations/netconf-keystore:add-keystore-entry
Content-Type: application/json
Accept: application/json
.. code-block::
- POST
- /rests/operations/netconf-keystore:add-private-key HTTP/1.1
+ POST HTTP/1.1
+ /rests/operations/netconf-keystore:add-private-key
Content-Type: application/json
Accept: application/json
.. code-block::
- POST
- /rests/operations/netconf-keystore:add-trusted-certificate HTTP/1.1
+ POST HTTP/1.1
+ /rests/operations/netconf-keystore:add-trusted-certificate
Content-Type: application/json
Accept: application/json
.. code-block::
- PUT
- /restconf/config/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device/example-device HTTP/1.1
+ PUT HTTP/1.1
+ /rests/data/odl-netconf-callhome-server:netconf-callhome-server/allowed-devices/device=example-device
Content-Type: application/json
Accept: application/json
Rogue Devices
'''''''''''''
-Devices which are not on the whitelist might try to connect to the Call-Home Server. In
+Devices which are not on the allowlist might try to connect to the Call-Home Server. In
these cases, the server will keep a record by instantiating an operational device. There
will be no corresponding config device for these rogues. They can be identified readily
because their device id, rather than being user-supplied, will be of the form
The Call-Home Server listens for incoming TCP connections and assumes that the other side of
the connection is a device calling home via a NETCONF connection with SSH for
-management. The server uses port 6666 by default and this can be configured via a
+management. The server uses port 4334 by default and this can be configured via a
blueprint configuration file.
The device **must** initiate the connection and the server will not try to re-establish the
Preparation of data
~~~~~~~~~~~~~~~~~~~
+For demonstration, we will define next YANG model:
+
+::
+
+ module test-module {
+ yang-version 1.1;
+ namespace "urn:opendaylight:test-module";
+ prefix "tm";
+ revision "2023-02-16";
+
+ container root {
+ container simple-root {
+ leaf leaf-a {
+ type string;
+ }
+ leaf leaf-b {
+ type string;
+ }
+ leaf-list ll {
+ type string;
+ }
+ container nested {
+ leaf sample-x {
+ type boolean;
+ }
+ leaf sample-y {
+ type boolean;
+ }
+ }
+ }
+
+ container list-root {
+ leaf branch-ab {
+ type int32;
+ }
+ list top-list {
+ key "key-1 key-2";
+ ordered-by user;
+ leaf key-1 {
+ type string;
+ }
+ leaf key-2 {
+ type string;
+ }
+ container next-data {
+ leaf switch-1 {
+ type empty;
+ }
+ leaf switch-2 {
+ type empty;
+ }
+ }
+ list nested-list {
+ key "identifier";
+ leaf identifier {
+ type string;
+ }
+ leaf foo {
+ type int32;
+ }
+ }
+ }
+ }
+ }
+ }
+
+Follow the :doc:`testtool` instructions to save this schema and run it with testtool.
+
Mounting NETCONF device that runs on NETCONF testtool:
.. code-block:: bash
{
"node-id": "testtool",
"netconf-node-topology:host": "127.0.0.1",
- "netconf-node-topology:port": 36000,
+ "netconf-node-topology:port": 17830,
"netconf-node-topology:keepalive-delay": 100,
"netconf-node-topology:tcp-only": false,
"netconf-node-topology:username": "admin",