Observing Compilation Error while compiling netopeer2 inside docker

[AravindaSwamy]

Hi Team,

We successfully compiled Libyang, Sysrepo, Libnetconf2, and Netopeer2 outside of Docker without any issues. However, when attempting to compile Netopeer2 inside Docker, we encountered an error. Below is the specific error message:

/usr/local/lib/libnetconf2.so: undefined reference to `PEM_read_bio_X509@OPENSSL_3.0.0'
/usr/local/lib/libnetconf2.so: undefined reference to `X509_verify_cert_error_string@OPENSSL_3.0.0'
/usr/local/lib/libnetconf2.so: undefined reference to `EVP_PKEY_get_bn_param@OPENSSL_3.0.0'
/usr/lib/x86_64-linux-gnu/libssh.so: undefined reference to `EVP_PKEY_keygen@OPENSSL_3.0.0'
/usr/local/lib/libnetconf2.so: undefined reference to `X509_LOOKUP_file@OPENSSL_3.0.0'
/usr/lib/x86_64-linux-gnu/libssh.so: undefined reference to `EVP_DigestInit@OPENSSL_3.0.0'
/usr/local/lib/libnetconf2.so: undefined reference to `PEM_write_bio_PrivateKey@OPENSSL_3.0.0'
collect2: error: ld returned 1 exit status
CMakeFiles/netopeer2-server.dir/build.make:135: recipe for target 'netopeer2-server' failed
make[2]: *** [netopeer2-server] Error 1
CMakeFiles/Makefile2:180: recipe for target 'CMakeFiles/netopeer2-server.dir/all' failed
make[1]: *** [CMakeFiles/netopeer2-server.dir/all] Error 2
Makefile:145: recipe for target 'all' failed
make: *** [all] Error 2

Libcurl Version inside docker :-

pkg-config --modversion libcurl
7.38.0

Please share your inputs on this.

Thanks, Aravind.

[jktjkt]

The macro CURL_AT_LEAST_VERSION which we're using was added in 2015 and released in version 7.43. Your version of curl has been released 10 years ago. I think it's time for you to upgrade your base Docker image.

This is in reply to your original report. Since then, you've changed your post to refer to linking issues with OpenSSL. It's up to you to set up your build environment properly I'm afraid; nobody can reasonably support that.

[michalvasko]

Not sure what the problem with curl was, there is no CURL_AT_LEAST_VERSION usage in the current version and it should properly support libcurl 7.30.0 and newer as stated in the README and checked by cmake. However, there is similar check for OpenSSL and version 3.0.0 is required. You must have bypassed that somehow and that is the reason for the linking errors.

[AravindaSwamy]

Hi Michal,

After successfully updating the OpenSSL version to 3.0.0, I encountered an issue with the authentication method when running sysrepocfg -Evim -m ietf-netconf-server inside Docker. Netopeer2Server and Netopeer2Cli are failing to connect due to authentication errors. Is there a way to update the authentication method to use password authentication within the Docker environment?

sysrepocfg -Evim -m ietf-netconf-server
sysrepocfg error: Exec failed (No such file or directory)
For more details you may try to increase the verbosity up to "-v3".

Netopeer2Server Log :-

[INF]: LN: Accepted a connection on 0.0.0.0:10830 from 127.0.0.1:57476.
[INF]: LN: Received an SSH message "request-service" of subtype "ssh-userauth".
[INF]: LN: Received an SSH message "request-auth" of subtype "none".
[INF]: LN: Received an SSH message "request-auth" of subtype "interactive".
[INF]: LN: User "root" is not allowed to authenticate using a password.
[ERR]: LN: Unable to get root's credentials.
[INF]: LN: Failed user "root" authentication attempt (#1).
[2024/04/24 11:39:43.872709, 1] ssh_packet_disconnect_callback:  Received SSH_MSG_DISCONNECT: 11:Bye Bye
[ERR]: LN: Communication SSH socket unexpectedly closed.

Netopeer2Cli log :-

 connect --host 127.0.0.1 --port 10830 --login root
nc ERROR: Unable to authenticate to the remote server (all attempts via supported authentication methods failed).
cmd_connect: Connecting to the 127.0.0.1:10830 as user "root" failed.

Please share your inputs on this.

Thanks.

[michalvasko]

Understand what the command sysrepocfg -Evim -m ietf-netconf-server does exactly (sysrepoctfg -h) and use a different text editor, one you actually have installed.

[AravindaSwamy]

Apologies, I updated the command using vi because vim doesn't work inside Docker. I'm attempting to establish an SSH call home, and while the TCP connection is established, the SSH session between Netopeer2Server and Netopeer2Cli is not forming. Here are the logs:

Netopeer2Server Log :-

[INF]: LN: Call Home client "default-client" timeout of 5 seconds expired, reconnecting.
[INF]: LN: Trying to connect via IPv4 to 127.0.0.1:4334.
[INF]: LN: Successfully connected to localhost:4334 over IPv4.

[ERR]: LN: SSH key exchange timeout.

Netopeer2Cli Log :-

> listen
Waiting 60s for an SSH Call Home connection on port 4334...
nc ERROR: Failed to use hostname "::ffff:127.0.0.1".
cmd_listen: Receiving SSH Call Home on port 4334 as user "root" failed.

Please share your inputs on this.

Thanks.

[michalvasko]

That is a libssh problem. What version are you using? Updating it may help.

[AravindaSwamy]

0.10.4 version we are using.

pkg-config --modversion libssh
0.10.4

[michalvasko]

Is the version the same for both the client and the server? It may also be an issue with OpenSSL, perhaps. I cannot really help you, it is a dependency problem.

[AravindaSwamy]

Yes, both the client and server versions are the same. However, I have a question.

Suppose I compile all components like OpenSSL, LibSSH, Libyang, Sysrepo, Libnetconf2, and Netopeer2 in Docker 'a'. I bring up Netopeer2Server in Docker 'a'. Then, I need to bring up Netopeer2Cli in another Docker because Docker 'a' has the server. So, I created Docker 'b' and brought up the CLI, which does not have LibSSH installed.

If I install LibSSH alone in Docker 'b', will it work? Or do I need to compile all components in Docker 'b' again and bring up the client?

Please share your inputs on this.

Thanks.

[michalvasko]

Please do not ask me about Docker, I had way too many problems with it and am avoiding it if possible. But you do not need 2 containers, you can run the CLI in the same container if you run the server as daemon. You can also connect to the server running in the container from your local machine if you set it up correctly.

[AravindaSwamy]

Great! I've successfully connected to the server using SSH and TLS callhome methods. Is there a way to change the default authentication method to password? After compilation, the authentication method defaults to keyboard-interactive, but I prefer password authentication as the default method.

Please Share your input on this.

Thanks, Aravind

[michalvasko]

Look at example_configuration/ssh_listen.xml for examples of configuration each authentication method. Note that some implementations depend on how libnetconf2 was compiled.