Adding Netconf Server on Custom device

[virajmistry]

Hi,

I am new to NETCONF protocol. I want to add NETCONF server on my custom device. I found LibNetconf library, does it sufficient to add Netconf server support on my board ? if libnetconf is sufficiant then how can i start netconf server ? or Do i need to install Netopeer Package ?

Thanks Viraj

[michalvasko]

Hi Viraj, our software consists of 2 main packages:

• libnetconf is a library that is meant for building NETCONF servers and clients with everything that is required.
• netopeer is an implementation of a full NETCONF server (netopeer-server) and a NETCONF client (netopeer-cli). It is build using libnetconf and is ready to be deployed and used.

However, libnetconf is now quite old and no longer updated, only maintained. There are several known issues (which will not be fixed) and it often does things ineffectively and is generally quite complex. That is why we started from scratch and are working on a new generation of this software:

• libnetconf2 is a NETCONF library just like libnetconf, but excludes YANG module processing and a datastore implementation, these are provided separately.
• libyang is a library for YANG module processing, as mentioned previously, required by libnetconf2.
• sysrepo is a complex datastore implementation, but it is actually meant to manage and interconnect all the applications and their configuration files on a system. This is not developed by us, but we cooperate with its development team.
• netopeer2 is again a NETCONF server and a client, which uses libnetconf2 and sysrepo for a fully working NETCONF solution.

The new generation is usable and offers some basic functionality, but it is still work-in-progress and definitely not ready for deployment.

Regards, Michal

[virajmistry]

Hi Michal,

Thank you for prompt reply. I appreciate your suggestion.

Regards, Viraj

[virajmistry]

Hi Michal,

I have successfully loaded Netopeer and Netconf on My PC. I am able to connect to PC using Netconf Client over SSH. I want to add now support of Interface information on Server .e.g Eth Interface In/Out packets,Ip address... How can i achieve this ?

Regards, Viraj

[michalvasko]

Hi Viraj, look at the third directory in the netopeer repository, transAPI, I haven't mentioned that one. In it you can find 3 example transAPI modules for netopeer-server. I suggest you read this to understrand what they are. Then you can install cfginterfaces (just ./configure && make and #make install) into the server, it provides among other the information about packets and the IP as well (DHCP support is not included in the standard models, so in that case the information will be incomplete).

Regards, Michal

[virajmistry]

Hi Michal,

I have configured and install cfginterfaces into server. But how can i verify it whether it is installed successfully on server or not ? is there any way to find this ?

Regards, Viraj

[michalvasko]

Hi Viraj, you can try operation for instance, it should return state information about the interfaces or , in it you should see interface configuration. But this really is a trivial question, these are the most basic NETCONF operations, you should definitely know about them and how they work.

Regards, Michal

[virajmistry]

Hi Michal,

Thank you for your reply. As i said earlier i am really new to NETCONF though i have worked with SNMP. And NETCONF protocol requirement is quite urgent to me. So i have started study RFC for detail operation but still it would be helpful for me if you could help me more. is there any start up guide which can help me for NETCONF ?

Regards, Viraj

[michalvasko]

Hi Viraj, I do not know about any NETCONF guides, but there may be some, just search for it. I can help you to certain extent, but it would help if you at least read carefully and understood the NETCONF RFC.

Regards, Michal

[virajmistry]

Hi Michal,

Yes i have to read it in depth.

Regards, Viraj

[virajmistry]

Hi Michal,

I have compiled and Successfully loaded libnetconf and Netopeer on my Custom board. But when i start netopeer-server it shows below error, netopeer-server[618]: Reading configuration for NETCONF-server module failed netopeer-server[618]: Starting necessary NETCONF server plugin failed!

I have also tried netopeer-configurator but it does not work.

Kindly help us in this matter.

Thanks Viraj

[michalvasko]

Hi Viraj, please look at the file /usr/local/etc/netopeer/cfgnetopeer/datastore-server.xml (or substitute by any other custom prefix you used). It should basically be empty, with the XML tree just datastores with children running, startup, and candidate. Just to make sure, you did install netopeer-server, right?

Regards, Michal

[virajmistry]

Hi Michal,

We have followed below link http://seguesoft.com/how-to-set-up-netopeer-server-to-use-with-netconfc to install Netopeer-server. On custom board it show below commands, netopeer-configurator netopeer-manager netopeer-server so i guess netopeer-server is installed.(Not sure fully installed)

One more think as mentioned in above link we have not installed TransAPI yet on our custom board.

Also i have checked this path /usr/local/etc/netopeer/cfgnetopeer/datastore-server.xml but on custom board it is not there.

Also on my custom board when i search for netopeer directory it shows me only /usr/share/netopeer dirctory and in this one only three html files are there namely, netopeer-configurator.1.html netopeer-manager.1.html netopeer-server.8.html.

Please let me know your view. Also suggest any other way to install netopeer-server if any

Thanks Viraj

[michalvasko]

Hi Viraj, where is actually the netopeer-server binary? You can learn it easily with which netopeer-server, if your platform supports it. My guess is that it will be /usr/bin/netopeer-server (based on the path of your manual pages). Then the NETCONF server datastore should be in /usr/etc/netopeer/cfgnetopeer/datastore-server.xml. Still, if the file does not exist, it should automatically be created. So, can you please post the content of the datastore file, if any? And can you please provide output of netopeer-server -v3?

Regards, Michal

PS: It is always a risk to follow 3rd party netopeer install guides, but this one seems fairly up-to-date (except the D-Bus error, we don't use it for a few years now).

[virajmistry]

Hi Michal,

Below is log of netopeer-server -v3

netopeer-server[726]: Shared memory location: /dev/shm/libnetconfshm netopeer-server[726]: Shared memory file libnetconfshm already exists - opening netopeer-server[726]: POSIX SHM File Descriptor: 4 (568B). netopeer-server[726]: ncds_features_parse: no feature definitions found in data model ietf-inet-types. netopeer-server[726]: ncds_features_parse: no feature definitions found in data model ietf-yang-types. netopeer-server[726]: ncds_features_parse: no feature definitions found in data model ietf-netconf-monitoring. netopeer-server[726]: ncds_features_parse: no feature definitions found in data model ietf-netconf-notifications. netopeer-server[726]: ncds_features_parse: no feature definitions found in data model nc-notifications. netopeer-server[726]: ncds_features_parse: no feature definitions found in data model notifications. netopeer-server[726]: ncds_features_parse: no feature definitions found in data model ietf-netconf-with-defaults. netopeer-server[726]: ncds_features_parse: no feature definitions found in data model ietf-netconf-acm. netopeer-server[726]: ncds_set_validation: Relax NG validator set (//var/lib/libnetconf//ietf-netconf-acm-config.rng) netopeer-server[726]: ncds_set_validation: Schematron validator set (//var/lib/libnetconf//ietf-netconf-acm-schematron.xsl) netopeer-server[726]: Datastore ietf-netconf-acm initiated with ID 8. netopeer-server[726]: Checking the default Events stream path //var/lib/libnetconf//streams/. netopeer-server[726]: Reading configuration for NETCONF-server module failed netopeer-server[726]: Starting necessary NETCONF server plugin failed!

My Netopeer-server binary is in /usr/bin/ folder. I have found that we dont have /usr/etc/netopeer directory in our custom board. Can you please tell me what is the reason ?

Regards Viraj

[michalvasko]

Hi Viraj, the configuration file that cannot be read is actually /usr/etc/netopeer/modules.conf.d/NETCONF-server.xml, it should have been copied over during #make install of netopeer-server. I don't know why it was not, but you can do so manually, you can find it in netopeer/server/config directory, it is supposed to be generated from NETCONF-server.xml.in during ./configure. Did installation display any errors or warnings?

Regards, Michal

[virajmistry]

Hi Michal,

We come to know that there is issue while install. Not all the files are copied to Custom Board. We are working on it.

Regards, Viraj

[virajmistry]

Hi Michal,

I have manually copied usr/etc folder to my custom board but when i run netopeer-server is shows below error netopeer-server[778]: sock_listen: could not bind "::0" port 830 (Permission denied) netopeer-server[778]: Server is not listening on any address!

I have also gone through below link in which u have suggested https://github.com/CESNET/netopeer/issues/80 but i did not get where i need to change ?

Can you please help us in this matter ?

Thanks Viraj

[michalvasko]

Hi Viraj, that will again be something platform-specific, since you started netopeer with root access. If it does not support IPv6, you can try listening on "0.0.0.0" instead. Just put that into your startup configuration (/etc/netopeer/cfgnetopeer/datastore-server.xml). To do that, insert this into the <startup> element:

<netconf xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
  <ssh>
    <listen>
      <interface>
        <address>0.0.0.0</address>
        <port>830</port>
      </interface>
    </listen>
  </ssh>
</netconf>

Regards, Michal

[virajmistry]

Hi Michal,

I have update file /usr/etc/netopeer/cfgnetopeer/datastore-server.xml as per below,

**<?xml version="1.0" encoding="UTF-8"?>

0.0.0.0

830 /> ** I am still getting error. Am I missing any steps or above config is wrong ? Also I have checked by giving hard reboot to my Custom device but results is same. Please suggest us. Thanks, Viraj

[michalvasko]

Hi Viraj, you mentioned you are new to NETCONF, fair enough, that is why I provided the whole config for you. But it seems you have problems with XML as well and that is basically a prerequisite to understand NETCONF. Yes, the file is wrong, this is the correct one:

<?xml version="1.0" encoding="UTF-8"?>
<datastores xmlns="urn:cesnet:tmc:datastores:file">
  <running lock=""/>
  <startup lock="">
    <netconf xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
      <ssh>
        <listen>
          <interface>
            <address>0.0.0.0</address>
            <port>830</port>
          </interface>
        </listen>
      </ssh>
    </netconf>
  </startup>
  <candidate modified="false" lock=""/>
</datastores>

And please provide the error messages if you need help solving any errors.

Regards, Michal

[virajmistry]

Hi Michal,

Sorry for my bad.

I have changed startup config as per your suggestion. After reboot startup config is copied to running config. But i am getting same error on board.

Error is "netopeer-server[378]: sock_listen: could not bind "0.0.0.0" port 830 (Permission denied) netopeer-server[378]: Server is not listening on any address!"

Also i have attached log of netopeer-server -v 3 for your reference.

Please share your view for the same.

Regards, Viraj Netopeer_Server_Error.txt

[michalvasko]

Hi Viraj, your log is quite weird, but let's break it down.

The I/O warnings are a minor issue, but still, it seems you did not copy all the files that were supposed to be copied over during installation of libnetconf. The effect is that RNG validation does not work at all.

Next, I see that the server first wants to listen on "::0:830". Then the node is replaced, so it decides to listening on "10.99.18.189:830" instead. This would all be fine if you had that IP in the configuration instead of the universal "0.0.0.0" one. If you did what I told you to, it cannot be there. Do you perhaps know something about how did that address appear there?

Lastly, when the server wants to actually start listening on the address, it fails to bind(3). Despite netopeer running with root privileges the error says Permission denied. This will likely be the result of some platform-specific problem, I have no means of learning what it is and how to solve it.

The only thing I can think of is that even "0.0.0.0" address is not recognized and you must specify the exact interface and port for it to work. To try it just replace 0.0.0.0 in the config file with the IP you want the server to listen on.

Regards, Michal

[vishalkalal]

Hi Michal,

Yes you are correct. I have also tried to bind server with Static IP 10.99.18.189:830 but it does not work. Also find the attached log of 0.0.0.0:830 but results is same. So i have tried to bind our server to 0.0.0.0 and 10.99.18.189 ip address one by one but issue still remains. I have mixed up two logs of different IPs in one thats why you got confused. I have also tried to change the port but results is same. We came to know that bind gives error called EACCESS when we start netopeer-server.

FYI:SNMP server is running with out any binding issue.

Please suggest if you have any idea of this.

Regards, Viraj

Error_log_1.txt

[michalvasko]

Hi Viraj, so what address/port does SNMP server listens on? You can try something similar, just add 1 to the port, for instance. You often need root privileges for listening on ports <1000, but not for the rest, so may that is the difference and the reason why it does not work. Anyway, this is an issue of your platform, bind(3) fails on it with correct parameters, so there is nothing else I can do. You need to learn exactly when can bind give this error on the platform you are using.

Regards, Michal

[virajmistry]

Hi Michal,

SNMP is listening on 161 **udp 0 0 0.0.0.0:161 0.0.0.0:*** Any ways i will try to listen on any other port which is not used by other process and greater than 1024. Meanwhile you can share your view if you have any on this. Regards, Viraj

[michalvasko]

Hi Viraj, the only difference I noticed is that SNMP uses UDP, while netopeer-server uses TCP. Not sure if it is relevant.

Regards, Michal

[virajmistry]

HI Michal,

You are correct. My Custom board is not allowing me bind port less 1024. So tried to bind netopeer-server by 9999 port number with 0.0.0.0 ip then it works.

Log is attached for your reference with 0.0.0.0:9999.

Kindly suggest your view for the same.

Regards, Viraj Error_Log_2.txt

[michalvasko]

Hi Viraj, the logs is fine now, expect for those RNG libraries, you should be able to connect. I am closing the issue for now, you can reopen it if you encounter any other problems.

Regards, Michal

[alfredomantilla]

As I said in another post I solved the exact same issue compiling libssh without libgcrypt support and only openssl

If you are using yocto try to add this to a libssh_*.bbappend:

EXTRA_OECMAKE = " -DWITH_GCRYPT=0 -DWITH_PCAP=0 -DWITH_SFTP=1 -DWITH_ZLIB=0 -DLIB_SUFFIX=${@d.getVar('baselib', True).replace('lib', '')} " Now netopeer-server can bind to ports lower than 1024

[adamzyg]

Hi @alfredomantilla , now i develop on the yocto platform, but i use your configuration of libssh, but binding 830 failed because of permission denied. How do you resolve this issue?