Closed krihal closed 2 months ago
Cannot recreate. Please submit netconf message traces -D 2)
Starting state:
debian@khn-dev> show configuration
<devices xmlns="http://clicon.org/controller">
<device>
<name>openconfig1</name>
<user>noc</user>
<conn-type>NETCONF_SSH</conn-type>
<addr>172.23.0.2</addr>
<config>
<restconf xmlns="http://clicon.org/restconf">
<enable>true</enable>
<auth-type>none</auth-type>
<debug>0</debug>
<log-destination>file</log-destination>
<pretty>false</pretty>
<socket>
<namespace>default</namespace>
<address>0.0.0.0</address>
<port>80</port>
<ssl>false</ssl>
</socket>
</restconf>
</config>
</device>
</devices>
debian@khn-dev>
Configuring one user (not a service, just adding the user):
debian@khn-dev[/]# show compare
config {
+ openconfig-system:system {
+ aaa {
+ authentication {
+ users {
+ user foo {
+ config {
+ username foo;
+ ssh-key "ssh-rsa A";
+ role admin;
+ }
+ }
+ }
+ }
+ }
+ }
}
debian@khn-dev[/]# commit
OK
debian@khn-dev[/]#
Configuring service:
debian@khn-dev[/]# show compare
+ clixon-controller:services {
+ ssh-users:ssh-users foo {
+ username foo {
+ ssh-key "ssh-rsa A";
+ role admin;
+ }
+ }
+ }
debian@khn-dev[/]#
Result of "commit diff":
debian@khn-dev[/]# commit diff
Mar 29 18:29:18.941927: transaction_notification_handler: pid: 2260026 Transaction 7 failed:
Service module ssh-users returned an error:
data-not-unique: /rpc/edit-config/config/devices/device[name="openconfig1"]/config/system/aaa/authentication/users/user[username="foo"]/username
debian@khn-dev[/]#
edit-config sent from Python API:
Mar 29 18:29:18.936952: clixon_msg_rcv11:650: Recv: <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" username="root" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="42" xmlns:cl="http://clicon.org/lib"><edit-config><target><actions xmlns="http://clicon.org/controller"/></target><default-operation>none</default-operation><config><devices xmlns="http://clicon.org/controller"><device><name>openconfig1</name><user>noc</user><conn-type>NETCONF_SSH</conn-type><addr>172.23.0.2</addr><config><restconf xmlns="http://clicon.org/restconf"><enable>true</enable><auth-type>none</auth-type><debug>0</debug><log-destination>file</log-destination><pretty>false</pretty><socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket></restconf><system xmlns="http://openconfig.net/yang/system"><aaa><authentication><users><user><username>foo</username><config><username>foo</username><ssh-key>ssh-rsa A</ssh-key><role>admin</role></config></user><user cl:creator="ssh-users[service-name='foo']" nc:operation="merge" xmlns:cl="http://clicon.org/lib"><username>foo</username><config><username>foo</username><ssh-key>ssh-rsa A</ssh-key><role>admin</role></config></user></users></authentication></aaa></system></config></device></devices></config></edit-config></rpc>
Response from backend:
Mar 29 18:29:18.938289: clixon_msg_send:405: Send [6]:
#468
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><rpc-error><error-type>application</error-type><error-tag>operation-failed</error-tag><error-app-tag>data-not-unique</error-app-tag><error-severity>error</error-severity><error-info><non-unique xmlns="urn:ietf:params:xml:ns:yang:1">/rpc/edit-config/config/devices/device[name="openconfig1"]/config/system/aaa/authentication/users/user[username="foo"]/username</non-unique></error-info></rpc-error></rpc-reply>
##
Debugging shows pyapi adds double entries. Have enabled CLICON_NETCONF_DUPLICATE_ALLOW=true to mitigate But origin of problem is in pyapi.
Test: One OpenConfig-container with a SSH-users configured from the CLI in the container. Then adding it to Clixon controller and configuring the same user with the service from test-python-service.sh.
Expected behaviour is that the configuration is created like before but instead I get an error back: