2 * Copyright (c) 2016 Brocade Communication Systems and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.callhome.mount;
10 import com.google.common.util.concurrent.FutureCallback;
11 import com.google.common.util.concurrent.MoreExecutors;
12 import java.io.IOException;
13 import java.security.GeneralSecurityException;
14 import java.security.PublicKey;
15 import java.util.Collection;
16 import java.util.Collections;
17 import java.util.Optional;
18 import java.util.concurrent.ExecutionException;
19 import org.opendaylight.mdsal.binding.api.DataBroker;
20 import org.opendaylight.mdsal.binding.api.DataObjectModification;
21 import org.opendaylight.mdsal.binding.api.DataTreeChangeListener;
22 import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
23 import org.opendaylight.mdsal.binding.api.DataTreeModification;
24 import org.opendaylight.mdsal.binding.api.ReadTransaction;
25 import org.opendaylight.mdsal.binding.api.WriteTransaction;
26 import org.opendaylight.mdsal.common.api.CommitInfo;
27 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
28 import org.opendaylight.netconf.callhome.protocol.AuthorizedKeysDecoder;
29 import org.opendaylight.netconf.callhome.protocol.StatusRecorder;
30 import org.opendaylight.netconf.topology.spi.NetconfNodeUtils;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.callhome.device.status.rev170112.Device1;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.callhome.device.status.rev170112.Device1.DeviceStatus;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.callhome.device.status.rev170112.Device1Builder;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev221225.NetconfNode;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.NetconfCallhomeServer;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.AllowedDevices;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.Device;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.DeviceBuilder;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.DeviceKey;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.Ssh;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.SshBuilder;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.ssh.SshClientParamsBuilder;
43 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
44 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
45 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.NodeKey;
46 import org.opendaylight.yangtools.concepts.ListenerRegistration;
47 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
48 import org.slf4j.Logger;
49 import org.slf4j.LoggerFactory;
51 final class CallhomeStatusReporter implements DataTreeChangeListener<Node>, StatusRecorder, AutoCloseable {
52 private static final Logger LOG = LoggerFactory.getLogger(CallhomeStatusReporter.class);
54 private final DataBroker dataBroker;
55 private final ListenerRegistration<CallhomeStatusReporter> reg;
57 CallhomeStatusReporter(final DataBroker broker) {
59 reg = dataBroker.registerDataTreeChangeListener(DataTreeIdentifier.create(LogicalDatastoreType.OPERATIONAL,
60 NetconfNodeUtils.DEFAULT_TOPOLOGY_IID.child(Node.class)), this);
64 public void onDataTreeChanged(final Collection<DataTreeModification<Node>> changes) {
65 for (DataTreeModification<Node> change : changes) {
66 final DataObjectModification<Node> rootNode = change.getRootNode();
67 final InstanceIdentifier<Node> identifier = change.getRootPath().getRootIdentifier();
68 switch (rootNode.getModificationType()) {
70 case SUBTREE_MODIFIED:
71 if (isNetconfNode(rootNode.getDataAfter())) {
72 NodeId nodeId = getNodeId(identifier);
74 NetconfNode nnode = rootNode.getDataAfter().augmentation(NetconfNode.class);
75 handledNetconfNode(nodeId, nnode);
80 if (isNetconfNode(rootNode.getDataBefore())) {
81 final NodeId nodeId = getNodeId(identifier);
83 handleDisconnectedNetconfNode(nodeId);
93 private static boolean isNetconfNode(final Node node) {
94 return node.augmentation(NetconfNode.class) != null;
97 private static NodeId getNodeId(final InstanceIdentifier<?> path) {
98 NodeKey key = path.firstKeyOf(Node.class);
99 return key != null ? key.getNodeId() : null;
102 private void handledNetconfNode(final NodeId nodeId, final NetconfNode nnode) {
103 switch (nnode.getConnectionStatus()) {
105 handleConnectedNetconfNode(nodeId);
109 case UnableToConnect: {
110 handleUnableToConnectNetconfNode(nodeId);
116 private void handleConnectedNetconfNode(final NodeId nodeId) {
117 // Fully connected, all services for remote device are
118 // available from the MountPointService.
119 LOG.debug("NETCONF Node: {} is fully connected", nodeId.getValue());
121 Device opDev = readAndGetDevice(nodeId);
123 LOG.warn("No corresponding callhome device found - exiting.");
125 Device modifiedDevice = withConnectedStatus(opDev);
126 if (modifiedDevice == null) {
129 LOG.info("Setting successful status for callhome device id:{}.", nodeId);
130 writeDevice(nodeId, modifiedDevice);
134 private void handleDisconnectedNetconfNode(final NodeId nodeId) {
135 LOG.debug("NETCONF Node: {} disconnected", nodeId.getValue());
137 Device opDev = readAndGetDevice(nodeId);
139 LOG.warn("No corresponding callhome device found - exiting.");
141 Device modifiedDevice = withDisconnectedStatus(opDev);
142 if (modifiedDevice == null) {
145 LOG.info("Setting disconnected status for callhome device id:{}.", nodeId);
146 writeDevice(nodeId, modifiedDevice);
150 private void handleUnableToConnectNetconfNode(final NodeId nodeId) {
151 // The maximum configured number of reconnect attempts
152 // have been reached. No more reconnects will be
153 // attempted by the Netconf Connector.
154 LOG.debug("NETCONF Node: {} connection failed", nodeId.getValue());
156 Device opDev = readAndGetDevice(nodeId);
158 LOG.warn("No corresponding callhome device found - exiting.");
160 Device modifiedDevice = withFailedStatus(opDev);
161 if (modifiedDevice == null) {
164 LOG.info("Setting failed status for callhome device id:{}.", nodeId);
165 writeDevice(nodeId, modifiedDevice);
169 void asForceListedDevice(final String id, final PublicKey serverKey) {
170 NodeId nid = new NodeId(id);
171 Device device = newDevice(id, serverKey, Device1.DeviceStatus.DISCONNECTED);
172 writeDevice(nid, device);
175 void asUnlistedDevice(final String id, final PublicKey serverKey) {
176 NodeId nid = new NodeId(id);
177 Device device = newDevice(id, serverKey, Device1.DeviceStatus.FAILEDNOTALLOWED);
178 writeDevice(nid, device);
181 private static Device newDevice(final String id, final PublicKey serverKey, final Device1.DeviceStatus status) {
182 // used only for netconf devices that are connected via SSH transport and global credentials
183 String sshEncodedKey = serverKey.toString();
185 sshEncodedKey = AuthorizedKeysDecoder.encodePublicKey(serverKey);
186 } catch (IOException e) {
187 LOG.warn("Unable to encode public key to ssh format.", e);
189 return new DeviceBuilder()
191 .withKey(new DeviceKey(id))
192 .setTransport(new SshBuilder()
193 .setSshClientParams(new SshClientParamsBuilder().setHostKey(sshEncodedKey).build())
195 .addAugmentation(new Device1Builder().setDeviceStatus(status).build())
199 private Device readAndGetDevice(final NodeId nodeId) {
200 return readDevice(nodeId).orElse(null);
203 private Optional<Device> readDevice(final NodeId nodeId) {
204 try (ReadTransaction opTx = dataBroker.newReadOnlyTransaction()) {
205 InstanceIdentifier<Device> deviceIID = buildDeviceInstanceIdentifier(nodeId);
206 return opTx.read(LogicalDatastoreType.OPERATIONAL, deviceIID).get();
207 } catch (InterruptedException | ExecutionException e) {
208 return Optional.empty();
212 private void writeDevice(final NodeId nodeId, final Device modifiedDevice) {
213 WriteTransaction opTx = dataBroker.newWriteOnlyTransaction();
214 opTx.merge(LogicalDatastoreType.OPERATIONAL, buildDeviceInstanceIdentifier(nodeId), modifiedDevice);
215 commit(opTx, modifiedDevice.key());
218 private static InstanceIdentifier<Device> buildDeviceInstanceIdentifier(final NodeId nodeId) {
219 return InstanceIdentifier.create(NetconfCallhomeServer.class)
220 .child(AllowedDevices.class)
221 .child(Device.class, new DeviceKey(nodeId.getValue()));
224 private static Device withConnectedStatus(final Device opDev) {
225 return deviceWithStatus(opDev, Device1.DeviceStatus.CONNECTED);
228 private static Device withFailedStatus(final Device opDev) {
229 return deviceWithStatus(opDev, DeviceStatus.FAILED);
232 private static Device withDisconnectedStatus(final Device opDev) {
233 return deviceWithStatus(opDev, DeviceStatus.DISCONNECTED);
236 private static Device withFailedAuthStatus(final Device opDev) {
237 return deviceWithStatus(opDev, DeviceStatus.FAILEDAUTHFAILURE);
240 private static Device deviceWithStatus(final Device opDev, final DeviceStatus status) {
241 final DeviceBuilder deviceBuilder = new DeviceBuilder()
242 .setUniqueId(opDev.getUniqueId())
243 .addAugmentation(new Device1Builder().setDeviceStatus(status).build());
244 if (opDev.getTransport() != null) {
245 deviceBuilder.setTransport(opDev.getTransport());
247 deviceBuilder.setSshHostKey(opDev.getSshHostKey());
249 return deviceBuilder.build();
252 private void setDeviceStatus(final Device device) {
253 WriteTransaction tx = dataBroker.newWriteOnlyTransaction();
254 InstanceIdentifier<Device> deviceIId = InstanceIdentifier.create(NetconfCallhomeServer.class)
255 .child(AllowedDevices.class)
256 .child(Device.class, device.key());
258 tx.merge(LogicalDatastoreType.OPERATIONAL, deviceIId, device);
259 commit(tx, device.key());
262 private static void commit(final WriteTransaction tx, final DeviceKey device) {
263 tx.commit().addCallback(new FutureCallback<CommitInfo>() {
265 public void onSuccess(final CommitInfo result) {
266 LOG.debug("Device {} committed", device);
270 public void onFailure(final Throwable cause) {
271 LOG.warn("Failed to commit device {}", device, cause);
273 }, MoreExecutors.directExecutor());
276 private AllowedDevices getDevices() {
277 try (ReadTransaction rxTransaction = dataBroker.newReadOnlyTransaction()) {
278 return rxTransaction.read(LogicalDatastoreType.OPERATIONAL, IetfZeroTouchCallHomeServerProvider.ALL_DEVICES)
280 } catch (ExecutionException | InterruptedException e) {
281 LOG.error("Error trying to read the whitelist devices", e);
286 private Collection<Device> getDevicesAsList() {
287 AllowedDevices devices = getDevices();
288 return devices == null ? Collections.emptyList() : devices.nonnullDevice().values();
292 public void reportFailedAuth(final PublicKey sshKey) {
293 AuthorizedKeysDecoder decoder = new AuthorizedKeysDecoder();
295 for (final Device device : getDevicesAsList()) {
296 final String keyString;
297 if (device.getTransport() instanceof Ssh ssh) {
298 keyString = ssh.getSshClientParams().getHostKey();
300 keyString = device.getSshHostKey();
302 if (keyString == null) {
303 LOG.info("Whitelist device {} does not have a host key, skipping it", device.getUniqueId());
308 PublicKey pubKey = decoder.decodePublicKey(keyString);
309 if (sshKey.getAlgorithm().equals(pubKey.getAlgorithm()) && sshKey.equals(pubKey)) {
310 Device failedDevice = withFailedAuthStatus(device);
311 if (failedDevice == null) {
314 LOG.info("Setting auth failed status for callhome device id:{}.", failedDevice.getUniqueId());
315 setDeviceStatus(failedDevice);
318 } catch (GeneralSecurityException e) {
319 LOG.error("Failed decoding a device key with host key: {}", keyString, e);
324 LOG.error("No match found for the failed auth device (should have been filtered by whitelist). Key: {}",
329 public void close() {