ietf-netconf-server config correct ?

Question

ietf-netconf-server config correct ?

Closed this issue 4 months ago · 2 comments

mpet commented 4 months ago

hi,

I added the file ssh-listen.xml using:

/usr/bin/sysrepocfg --import=/opt/dev/ssh-listen.xml --datastore running --module ietf-netconf-server

I am using version:

libnetconf2 v.3.3.3
Netopeer2 v2.2.28

Then when I check the model using:

# sysrepocfg -X -m ietf-netconf-server

<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
  <listen>
    <endpoints>
      <endpoint>
        <name>default-ssh</name>
        <ssh>
          <tcp-server-parameters>
            <local-address>0.0.0.0</local-address>
          </tcp-server-parameters>
          <ssh-server-parameters>
            <server-identity>
              <host-key>
                <name>default-key</name>
                <public-key>
                  <central-keystore-reference>genkey</central-keystore-reference
>
                </public-key>
              </host-key>
            </server-identity>
            <client-authentication>
              <users>
                <user>
                  <name>netconf</name>
                  <keyboard-interactive xmlns="urn:cesnet:libnetconf2-netconf-se
rver">
                    <use-system-auth/>
                  </keyboard-interactive>
                </user>
              </users>
            </client-authentication>
          </ssh-server-parameters>
              <ee-certs>
                <central-truststore-reference>eecerts</central-truststore-reference>
              </ee-certs>
            </client-authentication>
          </tls-server-parameters>
          <netconf-server-parameters>
            <client-identity-mappings>
              <cert-to-name>
                <id>1</id>
                <fingerprint>02:20:e1:ad:cc:92:71:e9:ea:6a:85:df:a7:ff:8c:bb:b9:d5:e4:ee:74</fingerprint>
                <map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type>
                <name>tls-test</name>
              </cert-to-name>
            </client-identity-mappings>
          </netconf-server-parameters>
        </tls>
      </endpoint>
    </endpoints>
  </listen>
</netconf-server>

This does not look correct since there is not end tag for 'ssh' and no start tag for 'tls'.

//mikael

Answer 1 · 2024-08-27T13:19:26.000Z

Hi, obviously that is not a correct configuration and it most likely has something to do with the previous configuration before running the command you provided or with the XML file. I suggest resetting the datastore (for example by running make sr_clean in sysrepo's build directory and make install in netopeer2's build or you can simply do sysrepocfg -E vim -m ietf-netconf-server and delete everything there) and importing the XML again. Also not sure what your goal is, but you might want to use --edit instead of --import and -v3 for verbosity. Hope that helps.

Answer 2 · 2024-08-28T07:25:58.000Z

Hi
It seems to work now.
Thx!

//mike