[SONiC/ODL] - Unable to connect the sonic device to RCgNMI controller app

[donbharath21]

Hi all,

Observation of bug Here we have tried using this "lighty-gnmi-community-restconf-app". Link which we have tried: https://github.com/PANTHEONtech/lighty/tree/main/lighty-examples/lighty-gnmi-community-restconf-app. In this we are able to start the RCgNMI Controller app & gNMI Device simulator and made connection between this two, then we can read the configuration from the device using the curl command.

Issue we are facing So next what we tried is make a connection between our sonic-vs.img and RCgNMI controller app. For that what we did is like for the cert instead of using default certificate we generated the certificate by using openssl.

Branch root@labuser-OptiPlex-390:~/lighty# git checkout M lighty-modules/lighty-gnmi/lighty-gnmi-connector/pom.xml Your branch is up to date with 'origin/main'.

To Reproduce Steps to reproduce the behavior:

1. git clone https://github.com/PANTHEONtech/lighty.git

2. cd lighty

3. mvn clean install

4. cd lighty-examples/lighty-gnmi-community-restconf-app

5. Start RCgNMI controller app

   • unzip ../../lighty-applications/lighty-rcgnmi-app-aggregator/lighty-rcgnmi-app/target/lighty-rcgnmi-app-20.0.0-SNAPSHOT-bin.zip
   • java -jar lighty-rcgnmi-app-20.0.0-SNAPSHOT/lighty-rcgnmi-app-20.0.0-SNAPSHOT.jar -c example_config.json

6. Starting the sonic-vs.img as simulator.

   • Link to download the sonic-vs.img : https://sonic-build.azurewebsites.net/ui/sonic/Pipelines
   • In this link download the latest complied "master" vs image.
   • Run the image virutally. Link how we running the image virtually(https://medium.com/sonic-nos/creating-a-sonic-nos-virtual-lab-5a9ec431e0d0).
   • Generate the certificates using openssl (Link for generating certs: https://karneliuk.com/2023/01/automation-19-enabling-ocp-sonic-to-be-managed-via-gnmi-with-pygnmi/)

7. Add client certificates to lighty.io gNMI keystore

curl --request POST 'http://192.168.122.2:443/restconf/operations/gnmi-certificate-storage:add-keystore-certificate' \
--header 'Content-Type: application/json' \
--data-raw "{
    \"input\": {
        \"keystore-id\": \"keystore-id-1\",
        \"ca-certificate\": \"$(cat certificates/ca.crt)\",
        \"client-key\": \"$(cat certificates/client.key)\",
        \"client-cert\": \"$(cat certificates/client.crt)\"
    }
}"

8. Connect simulator to controller

   curl --request PUT 'http://192.168.122.2:443/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator' \
   --header 'Content-Type: application/json' \
   --data-raw '{
   "node": [
       {
           "node-id": "gnmi-simulator",
           "connection-parameters": {
               "host": "127.0.0.1",
               "port": 10161,
               "keystore-id": "keystore-id-1",
               "credentials": {
                   "username": "admin",
                   "password": "admin"
               }
           },
           "extensions-parameters": {
               "gnmi-parameters": {
                   "use-model-name-prefix": true
               }
           }
       }
   ]
   }'

   Adding the interface details:

   root@sonic:~# ifconfig eth1
   eth1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 9122
       inet 192.168.122.2  netmask 255.255.255.0  broadcast 192.168.122.255
       inet6 fe80::5054:ff:fedc:56ed  prefixlen 64  scopeid 0x20<link>
       ether 52:54:00:dc:56:ed  txqueuelen 1000  (Ethernet)
       RX packets 56094  bytes 3135008 (2.9 MiB)
       RX errors 0  dropped 0  overruns 0  frame 0
       TX packets 55175  bytes 3129486 (2.9 MiB)
       TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

   Screenshot of ports are used by process on SONiC:

   

screenshot running dockers

Attaching the rest-server log for reference: [SONiC]rest-server-log.txt

Expected behavior So expected behavior should be once we run the "adding keystore-id" command we need to run the connection making command between "connector and controller" and we should see the logs on the RCgNMI terminal.

Environment (please complete the following information):

1. OS used here: root@labuser-OptiPlex-390:~/lighty# cat /etc/os-release NAME="Ubuntu" VERSION="20.04.6 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.6 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=focal UBUNTU_CODENAME=focal

2. Java Version root@labuser-OptiPlex-390:~/lighty# java --version java 17.0.10 2024-01-16 LTS Java(TM) SE Runtime Environment (build 17.0.10+11-LTS-240) Java HotSpot(TM) 64-Bit Server VM (build 17.0.10+11-LTS-240, mixed mode, sharing)

3. Maven version root@labuser-OptiPlex-390:~/lighty# mvn -v Apache Maven 3.9.6 (bc0240f3c744dd6b6ec2920b3cd08dcc295161ae) Maven home: /usr/share/maven Java version: 17.0.10, vendor: Oracle Corporation, runtime: /usr/lib/jvm/jdk-17-oracle-x64 Default locale: en_IN, platform encoding: UTF-8 OS name: "linux", version: "5.15.0-101-generic", arch: "amd64", family: "unix"

Query in ODL karaf terminal

• can we use any cli command from the karaf terminal to detect the device if connection as made between the simulator and controller.
• Am i using the correct things on the connection making curl commands.

Thank you!...

[ihrasko]

Thanks, we are going to look into this.

[Tobianas]

Hello @donbharath21 thank you for your report

I was able to connect SONiC device to lighty-gnmi-community-restconf-app on master branch using these steps:

Install the below packages

sudo apt-get -y install qemu-kvm qemu-utils bridge-utils

Create the bridge interface br0 (if it does not exist)

sudo brctl addbr br0 sudo ip link set dev br0 up sudo ip addr add 192.168.0.1/24 dev br0

Unzip the image if its compressed

I got the image from: https://sonic.software/ sudo gunzip sonic-vs.img.gz sudo cp sonic-vs.img /var/lib/libvirt/images

Define the VM using xml file

Download the sonic-vs.xml xml file from: https://github.com/Broadcom/sonic-VirtualSwitch/releases/tag/3.1.2 And inside the xml file, change the sonic-vs-3.1.2.img to sonic-vs.img then run: sudo virsh define sonic-vs.xml

Start the VM

sudo virsh start sonicvs312 Note: The is as defined in the sonic-vs.xml. The factory default is specificed as "sonicvs312"

Connect to the VM

Use this command to access the SONiC console sudo virsh console sonicvs312 Inside the SONiC device, run the following: ifconfig eth0 192.168.0.2 netmask 255.255.255.0 ip route add default via 192.168.0.1 sources: https://github.com/sonic-net/SONiC/wiki/Quick-Start https://github.com/Broadcom/sonic-VirtualSwitch/blob/master/3.1.2/README.md

Make sure the bridge br0 is working

You should be able to ping the SONiC device from your local network and get its capabilities at this point: ping 192.168.0.2 gnmic -a 192.168.0.2:8080 -u admin -p YourPaSsWoRd --insecure capabilities

Connect with lighty:

1. git clone https://github.com/PANTHEONtech/lighty.git
2. cd lighty
3. mvn clean install
4. cd lighty-examples/lighty-gnmi-community-restconf-app
5. Start RCgNMI controller app unzip ../../lighty-applications/lighty-rcgnmi-app-aggregator/lighty-rcgnmi-app/target/lighty-rcgnmi-app-20.0.0-SNAPSHOT-bin.zip java -jar lighty-rcgnmi-app-20.0.0-SNAPSHOT/lighty-rcgnmi-app-20.0.0-SNAPSHOT.jar -c example_config.json

   When Lighty starts:

   Send a PUT request to http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator With payload:

   {
   "node": [
      {
          "node-id": "gnmi-simulator",
          "connection-parameters": {
              "host": "192.168.0.2",
              "port": 8080,
              "connection-type": "PLAINTEXT",
              "credentials": {
                  "username": "admin",
                  "password": "YourPaSsWoRd"
              }
          },
          "extensions-parameters": {
              "gnmi-parameters": {
                  "use-model-name-prefix": true,
                  "path-target": "OC-YANG"
              }
          }
      }
   ]
   }

At this point, Lighty should either establish connection or give out an error because it is missing some of the SONiC devices models. You can find what models are missing by GET request: http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator If it is missing some models, please add them to directory lighty/lighty-models/openconfig-models/src/main/yang In my case i had to add following models: openconfig-acl.yang, openconfig-lldp.yang, openconfig-lldp-types.yang, openconfig-packet-match.yang, openconfig-packet-match-types.yang After adding these models, Lighty successfully connected:

Feel free to reach out if you encounter any issues or need further assistance. 🙂

[ihrasko]

In fact, the only thing you have forget in your original request is:

"path-target": "OC-YANG"

[ihrasko]

No issue present.

[donbharath21]

Hi Ivan Hrasko,

Thanks for the update!. But still getting some issue while try to "GET" the data. As you mentioned we are able to ping the SONiC device from your local network and get its capabilities:

Linux PC:
**root@labuser-OptiPlex-390:~# ifconfig virbr0**
virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.1  netmask 255.255.255.0  broadcast 192.168.0.255
        ether 52:54:00:3f:67:ef  txqueuelen 1000  (Ethernet)
        RX packets 1385  bytes 41677 (41.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1502  bytes 68872 (68.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

**root@labuser-OptiPlex-390:~# ping 192.168.0.2**
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.440 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.341 ms
64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.298 ms
64 bytes from 192.168.0.2: icmp_seq=4 ttl=64 time=0.312 ms
^C
--- 192.168.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3066ms
rtt min/avg/max/mdev = 0.298/0.347/0.440/0.055 ms

**root@labuser-OptiPlex-390:~# gnmic -a 192.168.0.2:8080 -u admin -p YourPaSsWoRd --insecure capabilities**
gNMI version: 0.7.0
supported models:
  - openconfig-acl, OpenConfig working group, 1.0.2
  - openconfig-acl, OpenConfig working group,
  - openconfig-sampling-sflow, OpenConfig working group,
  - openconfig-interfaces, OpenConfig working group, 1.0.2
  - openconfig-lldp, OpenConfig working group, 1.0.2
  - openconfig-platform, OpenConfig working group, 1.0.2
  - openconfig-system, OpenConfig working group, 1.0.2
  - ietf-yang-library, IETF NETCONF (Network Configuration) Working Group, 2016-06-21
  - sonic-db, SONiC, 0.1.0
supported encodings:
  - JSON
  - JSON_IETF
  - PROTO

As a next step sent a PUT request:

curl --request PUT 'http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator' \
--header 'Content-Type: application/json' \
--data-raw '{
    "node": [
        {
            "node-id": "gnmi-simulator",
            "connection-parameters": {
                "host": "192.168.0.2",
                "port": 8080,
                "connection-type": "PLAINTEXT",
                "credentials": {
                    "username": "admin",
                    "password": "YourPaSsWoRd"
                }
            },
            "extensions-parameters": {
                "gnmi-parameters": {
                    "use-model-name-prefix": true,
                    "path-target": "OC-YANG"
                }
            }
        }
    ]
}'

While trying the "GET" request printing some error: GET request : http://127.0.0.1:8888/restconf/data/network-topology:network-topology/topology=gnmi-topology/node=gnmi-simulator

{
    "network-topology:node": [
        {
            "node-id": "gnmi-simulator",
            "gnmi-topology:extensions-parameters": {
                "gnmi-parameters": {
                    "use-model-name-prefix": true,
                    "path-target": "OC-YANG"
                }
            },
            "gnmi-topology:connection-parameters": {
                "port": 8080,
                "credentials": {
                    "username": "admin",
                    "password": "YourPaSsWoRd"
                },
                "host": "192.168.0.2",
                "connection-type": "PLAINTEXT"
            },
            "gnmi-topology:node-state": {
                "node-status": "TRANSIENT_FAILURE"
            }
        }
    ]
}

I can see this "TRANSIENT_FAILURE" in the lighty logs after starting it, attaching the logs of it. TRANSIENT_FAILURE log.txt

Thanks you !...

[ihrasko]

Hello @donbharath21,

That is most probably a problem on device.

1. Please provide logs how telemetry is configured and started:

   • connect to telemetry container
   • invoke: ps -aux | grep telemetry

2. Logs of telemetry run:

   • connect to telemetry container
   • tail -f /proc/<pid>/fd/1

Thanks!