diff --git a/docs/manual/kinds/srl.md b/docs/manual/kinds/srl.md index 3390f6c4c..7f548140b 100644 --- a/docs/manual/kinds/srl.md +++ b/docs/manual/kinds/srl.md @@ -92,15 +92,30 @@ EOF SR Linux nodes come up with SNMPv2 server enabled and running on port 161. The default SNMP community is `public`. ```shell -docker run --init -ti goatatwork/snmpwalk:latest -v 2c -c public $address +docker run -i -t ghcr.io/hellt/net-snmp-tools:5.9.4-r0 \ + snmpwalk -v 2c -c public $address ``` /// -/// note -Default credentials[^4]: `admin:NokiaSrl1!` -Containerlab will automatically enable public-key authentication for `root`, `admin` and `linuxadmin` users if public key files are found at `~/.ssh` directory[^1]. + +/// tab | NETCONF +From SR Linux release 24.7.1 onwards, SR Linux comes with NETCONF server enabled and running on port 830. + +```bash +docker run --rm --network clab -i -t \ +ghcr.io/hellt/netconf-console2:3.0.1 \ +--host srl --port 830 -u admin -p 'NokiaSrl1!' \ +--hello +``` + /// +### Credentials + +Default credentials[^4]: `admin:NokiaSrl1!` + +Containerlab will automatically enable public-key authentication for `root`, `admin` and `linuxadmin` users if public key files are found at `~/.ssh` directory[^1]. + ## Interfaces naming You can use [interfaces names](../topo-def-file.md#interface-naming) in the topology file like they appear in SR Linux. @@ -165,7 +180,7 @@ SR Linux uses a `/etc/opt/srlinux/config.json` file to persist its configuration #### Default node configuration -When a node is defined without the `startup-config` statement present, containerlab will make [additional configurations](https://github.com/srl-labs/containerlab/blob/srl-template-in-a-file/nodes/srl/srl_default_config.go.tpl) on top of the factory config: +When a node is defined without the `startup-config` statement present, containerlab will make [additional configurations](https://github.com/srl-labs/containerlab/blob/main/nodes/srl/srl_default_config.go.tpl) on top of the factory config: ```yaml # example of a topo file that does not define a custom startup-config @@ -304,23 +319,6 @@ INFO[0001] saved SR Linux configuration from leaf2 node. Output: Saved current running configuration as initial (startup) configuration '/etc/opt/srlinux/config.json' ``` -#### User defined custom agents for SR Linux nodes - -SR Linux supports custom "agents", i.e. small independent pieces of software that extend the functionality of the core platform and integrate with the CLI and the rest of the system. To deploy an agent, a YAML configuration file must be placed under `/etc/opt/srlinux/appmgr/`. This feature adds the ability to copy agent YAML file(s) to the config directory of a specific SRL node, or all such nodes. - -```yaml -name: srl_lab_with_custom_agents -topology: - nodes: - srl1: - kind: nokia_srlinux - ... - extras: - srl-agents: - - path1/my_custom_agent.yml - - path2/my_other_agent.yml -``` - ### TLS By default, containerlab will generate TLS certificates and keys for each SR Linux node of a lab. The TLS-related files that containerlab creates are located in the TLS directory, which can be found by the `/.tls/` path. Here is a list of files that containerlab creates relative to the TLS directory: @@ -360,6 +358,14 @@ These additions are meant to make all gRPC services available to the user out of Besides augmenting the factory-provided `mgmt` gRPC server block, containerlab also adds a new `insecure-mgmt` gRPC server that provides the same services as the `mgmt` server but without TLS. This server runs on port 57401 and is meant to be used for testing purposes as well as for local gNMI clients running as part of the NDK apps or local Event Handler scripts. +### SSH Keys + +Containerlab will read the public keys found in `~/.ssh` directory of a sudo user as well as the contents of a `~/.ssh/authorized_keys` file if it exists[^2]. The public keys will be added to the startup configuration for `admin` and `linuxadmin` users to enable passwordless access. + +### NETCONF + +Containerlab will configure the `netconf-mgmt` ssh server running over port 830 and the netconf-server instance using this SSH server to enable NETCONF management. + ### License SR Linux container can run without a license emulating the datacenter types (7220 IXR) :partying_face:. @@ -369,7 +375,7 @@ The license file lifts these limitations as well as unlocks chassis-based platfo ## Container configuration -To start an SR Linux NOS containerlab uses the configuration that is described in [SR Linux Software Installation Guide](https://documentation.nokia.com/cgi-bin/dbaccessfilename.cgi/3HE16113AAAATQZZA01_V1_SR%20Linux%20R20.6%20Software%20Installation.pdf) +To start an SR Linux NOS containerlab uses the configuration that is described in SR Linux Software Installation Guide /// tab | Startup command `sudo bash -c /opt/srlinux/bin/sr_linux` @@ -410,16 +416,6 @@ banner cli config.json devices tls ztp The topology file that defines the emulated hardware type is driven by the value of the kinds `type` parameter. Depending on a specified `type`, the appropriate content will be populated into the `topology.yml` file that will get mounted to `/tmp/topology.yml` directory inside the container in `ro` mode. -#### Authorized keys - -Additionally, containerlab will mount the `authorized_keys` file that will have contents of every public key found in `~/.ssh` directory as well as the contents of a `~/.ssh/authorized_keys` file if it exists[^2]. This file will be mounted to `~/.ssh/authorized_keys` path for the following users: - -* `root` -* `linuxadmin` -* `admin` - -This will enable passwordless access for the users above if any public key is found in the user's directory. - #### YUM/APT repositories Containerlab will create and mount repository files for YUM and APT to ensure that SR Linux users can install packages from the aforementioned repos. diff --git a/docs/rn/0.18.md b/docs/rn/0.18.md index 35809f0a1..456881182 100644 --- a/docs/rn/0.18.md +++ b/docs/rn/0.18.md @@ -1,18 +1,23 @@ # Release 0.18 + :material-calendar: 2021-09-14 ## exec parameter + The new [`exec`](../manual/nodes.md#exec) node parameter allows users to specify a list of commands that will run once the nodes are created. A typical application of this parameter is to call some boot script that configures something on the node, for example its IP address. ## Entrypoint + With the new `entrypoint` node parameter it is possible to change the entrypoint of the container. ## SR Linux agents -A new [`srl-agents`](../manual/kinds/srl.md#user-defined-custom-agents-for-sr-linux-nodes) parameter of the node's extra config will allow to copy SR Linux agent definition file to the container's `appmgr` dir. + +A new `srl-agents` parameter of the node's extra config will allow to copy SR Linux agent definition file to the container's `appmgr` dir. ## Dell FTOS support + Thanks to @log1cb0mb contribution, containerlab now knows how to start [Dell FTOS](../manual/kinds/vr-ftosv.md) systems. ## Miscellaneous @@ -25,4 +30,5 @@ Thanks to @log1cb0mb contribution, containerlab now knows how to start [Dell FTO * `srl` nodes additional config is now pushed once the nodes are started, instead of templating the config beforehand. This allows to follow the factory config of the release, without keeping the outdated template as it was before. ## New contributors + Welcome [@nlgotz](https://github.com/nlgotz), [@log1cb0mb](https://github.com/log1cb0mb) and thank you for your contributions to containerlab! diff --git a/docs/rn/0.22.md b/docs/rn/0.22.md index c95827188..de81dc0db 100644 --- a/docs/rn/0.22.md +++ b/docs/rn/0.22.md @@ -1,22 +1,27 @@ # Release 0.22 + :material-calendar: 2021-12-22 ## SR Linux password-less login + Containerlab now generates yet another file that will be stored in a lab directory - `authorized_keys`. This file will catenate all public keys found in `~/.ssh` directory. -[SR Linux](../manual/kinds/srl.md#authorized-keys) nodes will mount this file for `admin`, `linuxadmin`, and `root` users; this will allow for password-less SSH access :joy: +SR Linux nodes will mount this file for `admin`, `linuxadmin`, and `root` users; this will allow for password-less SSH access :joy: ## Containerlab schema + To help users navigate in the sheer sea of configuration options containerlab has, we cleaned up the [JSON schema](https://github.com/srl-labs/containerlab/blob/main/schemas/clab.schema.json). ## Reworked prefix logic + In [0.16](0.16.md#0162), we added a new top-level field - `prefix` - to let users decide if they want to have containers prefixed with a string other than `clab`. Now we got a few requests to make containers ditch the prefixes altogether, such as if you named a node `mynode` it will be created as a `mynode` container. Your wish came true. Now, if you have an empty string `prefix`, the container name will be stripped of everything but name. The magic `__lab-name` prefix value will add lab name to the container name; leaving the prefix out in the topo file will set the container name to `clab--`. Read more [here](../manual/topo-def-file.md#prefix). ## Miscellaneous + * new SR Linux variants `ixrd2l` and `ixrd3l` have been added in #726 * containerlab assigned SR Linux MACs will have `1a:b0:` prefix and the node index will be the rightmost byte. This makes it easier to identify the macs in the outputs. #713 * our beloved users created some awesome blogs and streams about containerlab! We featured them on our [community page](../community.md). * fixed doubled dot in the container's fqdn #724 -* `tools cert` command gained more checks #725 \ No newline at end of file +* `tools cert` command gained more checks #725 diff --git a/nodes/srl/srl.go b/nodes/srl/srl.go index ae08c0450..df84c90fd 100644 --- a/nodes/srl/srl.go +++ b/nodes/srl/srl.go @@ -526,6 +526,8 @@ type srlTemplateData struct { GRPCConfig string // ACLConfig is a string containing ACL configuration ACLConfig string + // NetconfConfig is a string containing Netconf server configuration + NetconfConfig string } // tplIFace template interface struct. diff --git a/nodes/srl/srl_default_config.go.tpl b/nodes/srl/srl_default_config.go.tpl index deca9f8ab..a01aff9de 100644 --- a/nodes/srl/srl_default_config.go.tpl +++ b/nodes/srl/srl_default_config.go.tpl @@ -27,6 +27,8 @@ set / system json-rpc-server admin-state enable network-instance mgmt https admi {{ .SNMPConfig }} +{{ .NetconfConfig }} + set / system lldp admin-state enable set / system aaa authentication idle-timeout 7200 diff --git a/nodes/srl/version.go b/nodes/srl/version.go index ac160700e..48dd3687a 100644 --- a/nodes/srl/version.go +++ b/nodes/srl/version.go @@ -94,6 +94,13 @@ set / acl acl-filter cpm type ipv6 entry 368 match ipv6 next-header tcp set / acl acl-filter cpm type ipv6 entry 368 match transport destination-port operator eq set / acl acl-filter cpm type ipv6 entry 368 match transport destination-port value 57401 set / acl acl-filter cpm type ipv6 entry 368 action accept` + + netconfConfig = `set / system netconf-server mgmt admin-state enable ssh-server mgmt-netconf +set / system ssh-server mgmt-netconf admin-state enable +set / system ssh-server mgmt-netconf network-instance mgmt +set / system ssh-server mgmt-netconf port 830 +set / system ssh-server mgmt-netconf disable-shell true +` ) // SrlVersion represents an sr linux version as a set of fields. @@ -164,6 +171,11 @@ func (n *srl) setVersionSpecificParams(tplData *srlTemplateData) { tplData.ACLConfig = aclConfig } + // in srlinux >= v24.7+ we add Netconf server config to enable Netconf. + if semver.Compare(v, "v24.7") >= 0 || n.swVersion.Major == "0" { + tplData.NetconfConfig = netconfConfig + } + // in srlinux v23.10.x we need to enable GNMI unix socket services to enable // communications over unix socket (e.g. NDK agents) if semver.Compare(v, "v23.10") == 0 { diff --git a/tests/02-basic-srl/01-two-srls.robot b/tests/02-basic-srl/01-two-srls.robot index 0bb04308c..cc8e9b2a7 100644 --- a/tests/02-basic-srl/01-two-srls.robot +++ b/tests/02-basic-srl/01-two-srls.robot @@ -145,6 +145,14 @@ Verify TLS works with JSON-RPC, certificate check and IP address as SAN Should Be Equal As Integers ${rc} 0 Should Not Contain ${output} error +Verify NETCONF works + Skip If '${runtime}' != 'docker' + ${rc} ${output} = Run And Return Rc And Output + ... sudo docker run --rm --network clab ghcr.io/hellt/netconf-console2:3.0.1 --host clab-${lab-name}-srl1 --port 830 -u admin -p 'NokiaSrl1!' --hello + Log ${output} + Should Be Equal As Integers ${rc} 0 + Should Contain ${output} base:1.1 + *** Keywords *** Cleanup