diff --git a/README.en.md b/README.en.md index acf58f9279f62d01339d33527d92110cc7161c50..fab9349679ac56534ba361585b878f6244a66af5 100644 --- a/README.en.md +++ b/README.en.md @@ -1,36 +1,8 @@ # netopeer2 - -#### Description -NETCONF tools suite including a server and command-line client - -#### Software Architecture -Software architecture description - -#### Installation - -1. xxxx -2. xxxx -3. xxxx - -#### Instructions - -1. xxxx -2. xxxx -3. xxxx - -#### Contribution - -1. Fork the repository -2. Create Feat_xxx branch -3. Commit your code -4. Create Pull Request - - -#### Gitee Feature - -1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md -2. Gitee blog [blog.gitee.com](https://blog.gitee.com) -3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore) -4. The most valuable open source project [GVP](https://gitee.com/gvp) -5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help) -6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) +Netopeer2 is a server for implementing network configuration management based +on the NETCONF Protocol. This is the second generation, originally +available as the [Netopeer project](https://github.com/CESNET/netopeer). Netopeer2 +is based on the new generation of the NETCONF and YANG libraries - +[libyang](https://github.com/CESNET/libyang) and [libnetconf2](https://github.com/CESNET/libnetconf2). +The Netopeer2 server uses [sysrepo](https://github.com/sysrepo/sysrepo) as a NETCONF +datastore implementation. diff --git a/README.md b/README.md index 76ea00431d332a0e38c53081b1d5856b66a719bf..2c6f18fc273563f8ac332f42b127d2df7079ec46 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,8 @@ # netopeer2 - -#### 介绍 -NETCONF tools suite including a server and command-line client - -#### 软件架构 -软件架构说明 - - -#### 安装教程 - -1. xxxx -2. xxxx -3. xxxx - -#### 使用说明 - -1. xxxx -2. xxxx -3. xxxx - -#### 参与贡献 - -1. Fork 本仓库 -2. 新建 Feat_xxx 分支 -3. 提交代码 -4. 新建 Pull Request - - -#### 特技 - -1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md -2. Gitee 官方博客 [blog.gitee.com](https://blog.gitee.com) -3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解 Gitee 上的优秀开源项目 -4. [GVP](https://gitee.com/gvp) 全称是 Gitee 最有价值开源项目,是综合评定出的优秀开源项目 -5. Gitee 官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) -6. Gitee 封面人物是一档用来展示 Gitee 会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) +Netopeer2 是一个实现基于网络配置管理的服务器 +关于 NETCONF 协议。这是第二代,原本 +可用作 [Netopeer 项目](https://github.com/CESNET/netopeer)。网络对等2 +基于新一代的 NETCONF 和 YANG 库 - +[libyang](https://github.com/CESNET/libyang) 和 [libnetconf2](https://github.com/CESNET/libnetconf2)。 +Netopeer2 服务器使用 [sysrepo](https://github.com/sysrepo/sysrepo) 作为 NETCONF +数据存储实现。 diff --git a/netopeer2-1.1.70.tar.gz b/netopeer2-1.1.70.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..56a3fb6ea8a77414e49757e2d6fd0f77aa4d2967 Binary files /dev/null and b/netopeer2-1.1.70.tar.gz differ diff --git a/netopeer2.spec b/netopeer2.spec new file mode 100644 index 0000000000000000000000000000000000000000..8956d089b85dbc289e51a97912613980c2f21e67 --- /dev/null +++ b/netopeer2.spec @@ -0,0 +1,474 @@ +Name: netopeer2 +Version: 1.1.70 +Release: 1.2 +Summary: NETCONF tools +Url: https://github.com/cesnet/netopeer2 +Source: https://github.com/cesnet/netopeer2/archive/netopeer2-1.1.70.tar.gz +License: BSD-3-Clause +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release} + +%if 0%{?suse_version} +Requires: libssh4 >= 0.7.1 +%else +Requires: libssh >= 0.7.1 +%endif + +Requires: libyang1 +Requires: sysrepo >= 1.4.122 +Requires: libnetconf2 >= 1.1.43 +Requires: openssl + +BuildRequires: cmake +BuildRequires: gcc +BuildRequires: libssh-devel >= 0.7.1 +BuildRequires: libyang-devel >= 1.0 +BuildRequires: sysrepo-devel >= 1.4.122 +BuildRequires: libnetconf2-devel >= 1.1.43 +BuildRequires: openssl-devel + +%if 0%{?suse_version} +BuildRequires: timezone +%endif + +%description +NETCONF tools suite including a server and command-line client + +%prep +%setup -n netopeer2-1.1.70 +mkdir build + +%build +cd build +cmake -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_BUILD_TYPE="Package" \ + -DINSTALL_MODULES=OFF \ + -DGENERATE_HOSTKEY=OFF \ + -DMERGE_LISTEN_CONFIG=OFF .. +make + +%install +cd build +make DESTDIR=%{buildroot} install + +%post +#!/bin/bash +groupadd -f netconf +NP2_MODULE_DIR=/usr/share/yang/modules/netopeer2 NP2_MODULE_PERMS=660 NP2_MODULE_OWNER=root NP2_MODULE_GROUP=netconf +#!/usr/bin/env bash + +# env variables NP2_MODULE_DIR, NP2_MODULE_PERMS must be defined and NP2_MODULE_OWNER, NP2_MODULE_GROUP will be used if +# defined when executing this script! +if [ -z "$NP2_MODULE_DIR" -o -z "$NP2_MODULE_PERMS" ]; then + echo "Required environment variables not defined!" + exit 1 +fi + +# optional env variable override +if [ -n "$SYSREPOCTL_EXECUTABLE" ]; then + SYSREPOCTL="$SYSREPOCTL_EXECUTABLE" +# avoid problems with sudo PATH +elif [ `id -u` -eq 0 ]; then + SYSREPOCTL=`su -c 'which sysrepoctl' -l $USER` +else + SYSREPOCTL=`which sysrepoctl` +fi +MODDIR=${DESTDIR}${NP2_MODULE_DIR} +PERMS=${NP2_MODULE_PERMS} +OWNER=${NP2_MODULE_OWNER} +GROUP=${NP2_MODULE_GROUP} + +# array of modules to install +MODULES=( +"ietf-netconf-acm@2018-02-14.yang" +"ietf-netconf@2013-09-29.yang -e writable-running -e candidate -e rollback-on-error -e validate -e startup -e url -e xpath" +"ietf-netconf-monitoring@2010-10-04.yang" +"ietf-netconf-nmda@2019-01-07.yang -e origin -e with-defaults" +"nc-notifications@2008-07-14.yang" +"notifications@2008-07-14.yang" +"ietf-x509-cert-to-name@2014-12-10.yang" +"ietf-crypto-types@2019-07-02.yang" +"ietf-keystore@2019-07-02.yang -e keystore-supported" +"ietf-truststore@2019-07-02.yang -e truststore-supported -e x509-certificates" +"ietf-tcp-common@2019-07-02.yang -e keepalives-supported" +"ietf-ssh-server@2019-07-02.yang -e local-client-auth-supported" +"ietf-tls-server@2019-07-02.yang -e local-client-auth-supported" +"ietf-netconf-server@2019-07-02.yang -e ssh-listen -e tls-listen -e ssh-call-home -e tls-call-home" +) + +# functions +INSTALL_MODULE() { + CMD="'$SYSREPOCTL' -a -i $MODDIR/$1 -s '$MODDIR' -p '$PERMS' -v2" + if [ ! -z ${OWNER} ]; then + CMD="$CMD -o '$OWNER'" + fi + if [ ! -z ${GROUP} ]; then + CMD="$CMD -g '$GROUP'" + fi + eval $CMD + local rc=$? + if [ $rc -ne 0 ]; then + exit $rc + fi +} + +UPDATE_MODULE() { + CMD="'$SYSREPOCTL' -a -U $MODDIR/$1 -s '$MODDIR' -p '$PERMS' -v2" + if [ ! -z ${OWNER} ]; then + CMD="$CMD -o '$OWNER'" + fi + if [ ! -z ${GROUP} ]; then + CMD="$CMD -g '$GROUP'" + fi + eval $CMD + local rc=$? + if [ $rc -ne 0 ]; then + exit $rc + fi +} + +ENABLE_FEATURE() { + "$SYSREPOCTL" -a -c $1 -e $2 -v2 + local rc=$? + if [ $rc -ne 0 ]; then + exit $rc + fi +} + +# get current modules +SCTL_MODULES=`$SYSREPOCTL -l` + +for i in "${MODULES[@]}"; do + name=`echo "$i" | sed 's/\([^@]*\).*/\1/'` + + SCTL_MODULE=`echo "$SCTL_MODULES" | grep "^$name \+|[^|]*| I"` + if [ -z "$SCTL_MODULE" ]; then + # install module with all its features + INSTALL_MODULE "$i" + continue + fi + + sctl_revision=`echo "$SCTL_MODULE" | sed 's/[^|]*| \([^ ]*\).*/\1/'` + revision=`echo "$i" | sed 's/[^@]*@\([^\.]*\).*/\1/'` + if [ "$sctl_revision" \< "$revision" ]; then + # update module without any features + file=`echo "$i" | cut -d' ' -f 1` + UPDATE_MODULE "$file" + fi + + # parse sysrepoctl features and add extra space at the end for easier matching + sctl_features="`echo "$SCTL_MODULE" | sed 's/\([^|]*|\)\{6\}\(.*\)/\2/'` " + # parse features we want to enable + features=`echo "$i" | sed 's/[^ ]* \(.*\)/\1/'` + while [ "${features:0:3}" = "-e " ]; do + # skip "-e " + features=${features:3} + # parse feature + feature=`echo "$features" | sed 's/\([^[:space:]]*\).*/\1/'` + + # enable feature if not already + sctl_feature=`echo "$sctl_features" | grep " ${feature} "` + if [ -z "$sctl_feature" ]; then + # enable feature + ENABLE_FEATURE $name $feature + fi + + # next iteration, skip this feature + features=`echo "$features" | sed 's/[^[:space:]]* \(.*\)/\1/'` + done +done + +#!/usr/bin/env bash + +set -e + +# optional env variable override +if [ -n "$SYSREPOCFG_EXECUTABLE" ]; then + SYSREPOCFG="$SYSREPOCFG_EXECUTABLE" +# avoid problems with sudo PATH +elif [ `id -u` -eq 0 ]; then + SYSREPOCFG=`su -c 'which sysrepocfg' -l $USER` +else + SYSREPOCFG=`which sysrepocfg` +fi + +# avoid problems with sudo PATH +if [ `id -u` -eq 0 ]; then + OPENSSL=`su -c 'which openssl' -l $USER` +else + OPENSSL=`which openssl` +fi + +# check that there is no SSH key with this name yet +KEYSTORE_KEY=`$SYSREPOCFG -X -x "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='genkey']/name"` +if [ -z "$KEYSTORE_KEY" ]; then + +# generate a new key +PRIVPEM=`$OPENSSL genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM 2>/dev/null` +# remove header/footer +PRIVKEY=`grep -v -- "-----" - </dev/null < + + + genkey + rsa2048 + $PUBKEY + $PRIVKEY + + +" +TMPFILE=`mktemp -u` +printf -- "$CONFIG" > $TMPFILE +# apply it to startup and running +$SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-keystore -v2 +$SYSREPOCFG -C startup -m ietf-keystore -v2 +# remove the tmp file +rm $TMPFILE + +fi + +#!/usr/bin/env bash + +set -e + +# optional env variable override +if [ -n "$SYSREPOCFG_EXECUTABLE" ]; then + SYSREPOCFG="$SYSREPOCFG_EXECUTABLE" +# avoid problems with sudo PATH +elif [ `id -u` -eq 0 ]; then + SYSREPOCFG=`su -c 'which sysrepocfg' -l $USER` +else + SYSREPOCFG=`which sysrepocfg` +fi +KS_KEY_NAME=genkey + +# check that there is no listen/Call Home configuration yet +SERVER_CONFIG=`$SYSREPOCFG -X -x "/ietf-netconf-server:netconf-server/listen/endpoint[1]/name | /ietf-netconf-server:netconf-server/call-home/netconf-client[1]/name"` +if [ -z "$SERVER_CONFIG" ]; then + +# import default config +CONFIG=" + + + default-ssh + + + 0.0.0.0 + + 1 + 10 + 5 + + + + + + default-key + + $KS_KEY_NAME + + + + + + + + interactive + + + + + + + +" +TMPFILE=`mktemp -u` +printf -- "$CONFIG" > $TMPFILE +# apply it to startup and running +$SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-netconf-server -v2 +$SYSREPOCFG -C startup -m ietf-netconf-server -v2 +# remove the tmp file +rm $TMPFILE + +fi + + +%files +%defattr(-,root,root) +%{_bindir}/netopeer2-server +%{_datadir}/yang +%{_bindir}/netopeer2-cli +%{_mandir}/man1 + +%changelog +* Mon Mar 08 2021 Michal Vasko 1.1.70 +- common BUGFIX set error to event session (Michal Vasko) + + +* Mon Mar 08 2021 Michal Vasko 1.1.69 +- common BUGFIX set error to event session (Michal Vasko) +- netconf server BUGFIX set periodic connection parameters (Michal Vasko) +- nacm BUGFIX partial access overwriting default access (Michal Vasko) +- netconf BUGFIX discard non-applied changes (Michal Vasko) +- netconf BUGFIX do not unsubscribe on subsc exists error (Michal Vasko) +- netconf BUGFIX all RPC callbacks ignore abort event (Michal Vasko) +- netconf BUGFIX always use user SR sessions in RPC callbacks (Michal Vasko) +- netconf BUGFIX forbid more subscriptions on a session (Michal Vasko) +- netconf BUGFIX use global sessions for locking (Michal Vasko) +- netconf BUGFIX Clb func ignore the ABORT event (aPiecek) +- main BUGFIX use event session ID (Michal Vasko) +- common BUGFIX content match node handling (Michal Vasko) +- netconf BUGFIX server crash protection (aPiecek) +- nacm BUGFIX differentiate explicit and implicit permit (Michal Vasko) +- netconf BUGFIX apply selection filters for get (Michal Vasko) +- netconf BUGFIX store username locally (Michal Vasko) +- build BUGFIX remove obsolete cmake option (Michal Vasko) +- netconf BUGFIX graceful handling of NULL username (Michal Vasko) +- common BUGFIX subtree filter selection and content filters (Michal Vasko) +- common BUGFIX memory leak (Michal Vasko) +- packages CHANGE update required sysrepo version (Michal Vasko) +- packages CHANGE increase dependency versions (Michal Vasko) + + +* Tue Jan 26 2021 Michal Vasko 1.1.53 +- nacm BUGFIX proper read access filtering (Michal Vasko) +- build FEATURE options for specifying custom paths of authorized_keys (#812) (Jan Kundrát) +- log BUGFIX shorten unknown priority flag (#806) (gwendlan) +- netconf BUGFIX avoid invalid argument error (Michal Vasko) +- netconf BUGFIX uninitialized variable (Michal Vasko) +- main BUGFIX configure timeout in seconds as intended (Michal Vasko) +- build FEATURE increase required cmake version (Michal Vasko) +- cli BUGFIX start notification thread before subscribing (Michal Vasko) +- netconf BUGFIX get data filtering (Michal Vasko) +- main BUGFIX handle both grouping and augment with-defaults (Michal Vasko) +- main FEATURE custom PID file path (#764) (Václav Kubernát) +- nacm BUGFIX odr violation (#765) (Václav Kubernát) +- nacm BUGFIX proper path matching (Michal Vasko) +- server ssh BUGFIX missing param (Michal Vasko) +- server ssh BUGFIX missing param (Michal Vasko) +- cmake BUGFIX _FOUND variable names (#731) (Robin Jarry) +- log BUGFIX encode % only when using the string as format (Michal Vasko) +- netconf monitoring BUGFIX creation of locks container missing (Michal Vasko) +- build BUGFIX non-standard paths of lnc2 lib/headers (Michal Vasko) +- build BUGFIX do not require openssl and libssh (Michal Vasko) +- server ssh FEATURE ignore auth key file access error (#708) (Václav Kubernát) +- build FEATURE add env var sysrepo tools override (Václav Kubernát) +- main BUGFIX correct help string for an optional argument (Michal Vasko) +- scripts FEATURE support using current user for SR modules (Michal Vasko) +- server ssh BUGFIX missing param (Michal Vasko) +- netopeer2 FEATURE support for any transport combination (Michal Vasko) +- main BUGFIX standard NC error tags lock-denied, in-use and data-exists (#657) (jkmuller) + + +* Tue Jul 21 2020 Radek Krejci 1.1.39 +- netconf acm BUGFIX notification and rpc name matching (Michal Vasko) +- netconf BUGFIX copy-config invalid-value error (Michal Vasko) +- netconf BUGFIX proper lock error tag (Michal Vasko) +- netconf BUGFIX set nc session notif flag sooner (Michal Vasko) +- main BUGFIX lnc2 and libssh logging level fixed (Michal Vasko) +- scripts CHANGE use su only for effective root (Michal Vasko) +- scripts BUGFIX issues with shell variables containing spaces (#646) (Andrei Pavel) +- build BUGFIX take DESTDIR into account (#649) (Heiko Thiery) + + +* Tue Jun 02 2020 Michal Vasko 1.1.34 +- build BUGFIX vasprintf detection on BSD (Michal Vasko) +- netconf BUGFIX forward get_data errors to client (#628) (#631) (Robin Jarry) +- server CHANGE continue applying changes on error (#633) (Robin Jarry) +- build CHANGE rename timeout so that it is accurate (Michal Vasko) +- netconf FEATURE use data change timeout for sr_get_data (#632) (Robin Jarry) +- build BUGFIX revert changes supported only in cmake 3.1 and newer (Michal Vasko) +- cmake BUGFIX ssh_threads linking (Michal Vasko) +- build BUGFIX set PIC for compat (Michal Vasko) +- main FEATURE improve op exec NACM fail message (Michal Vasko) +- cli BUGFIX define variables only in sources (Michal Vasko) +- build FEATURE support for latest libssh (Michal Vasko) +- log BUGFIX header variables must be extern (Michal Vasko) +- nacm BUGFIX all groups match (Michal Vasko) +- readme CHANGE include links to the packages (Michal Vasko) +- packages FEATURE initial working script commit (Michal Vasko) +- packages FEATURE initial working script commit (Michal Vasko) +- build FEATURE allow setting specific module permissions (Michal Vasko) + + +* Tue May 12 2020 Michal Vasko 1.1.30 +- build FEATURE allow setting specific module permissions (Michal Vasko) +- netconf_nmda BUGFIX get username based on nc session (Michal Vasko) +- build CHANGE do not generate scripts (Michal Vasko) +- build CHANGE do not use compile-time tool paths (Michal Vasko) +- build BUGFIX specify supported target flags (Michal Vasko) +- fixup! build BUGFIX openssl must be found for libnetconf2 checks (Michal Vasko) +- build BUGFIX openssl must be found for libnetconf2 checks (Michal Vasko) +- build CHANGE do not exit whole script if nothing to do (Michal Vasko) + + +* Mon May 11 2020 Michal Vasko 1.1.29 +- nacm BUGFIX match descendant nodes too (Michal Vasko) +- build CHANGE install YANG modules into system (Michal Vasko) +- nacm BUGFIX match only exact paths (Michal Vasko) +- nacm BUGFIX match nested nodes too (Michal Vasko) +- build BUGFIX put all binaries into one directory (Michal Vasko) +- build CHANGE find libyang module c++ bindings (Michal Vasko) +- netconf CHANGE reflect latest sysrepo API changes (Michal Vasko) +- server BUGFIX check log level for messages from all sources (Michal Vasko) +- server BUGFIX only load any data (Michal Vasko) +- server BUGFIX script return (Michal Vasko) +- server CHANGE merge configuration only if there is none (Michal Vasko) +- server CHANGE enable setting modules group from cmake (Michal Vasko) +- server BUGFIX fix partial processing of tcp params changes (#606) (Robin Jarry) +- server CHANGE make installing modules much more robust (Michal Vasko) +- build CHANGE make sure compat.h is always generated (Michal Vasko) +- build CHANGE do not call use_compat() twice (Michal Vasko) +- cmake BUGFIX no dot wrap long strings (Michal Vasko) +- server FEATURE customizable poll timeout (Michal Vasko) +- cmake BUGFIX duplicate definition (Michal Vasko) +- compat CHANGE added more functions (#600) (apropp-molex) +- compat BUGFIX avoid macro collision (Michal Vasko) +- build CHANGE use compat library (Michal Vasko) +- server CHANGE do not require libcrypt as it is not used (Michal Vasko) +- server CHANGE cover new libnetconf2 log level (Michal Vasko) +- server BUGFIX propagate custom copy-config and commit errors (Michal Vasko) +- server BUGFIX handle applying emtpy config correctly (Michal Vasko) +- server BUGFIX manually remove all callhome clients (Michal Vasko) +- server CHANGE set proper required cmake variables (Michal Vasko) +- cli CHANGE use . instead of , as floating point (Michal Vasko) +- server CHANGE no need to install ietf-datastores (Michal Vasko) +- server CHANGE subscribe for all used data (Michal Vasko) +- server BUGFIX comment redundant notification container (Michal Vasko) +- server BUGFIX sending nested notifications (Michal Vasko) +- server CHANGE support for more authorized keys in file (Michal Vasko) +- server CHANGE set owner for all the server modules (Michal Vasko) +- build CHANGE new compile time variable for RPC timeout (K.Sriram) +- server CHANGE use small timeout for polling (Michal Vasko) +- server BUGFIX use correct wd mode in reply (Michal Vasko) +- server BUGFIX do not collect wd mode (Michal Vasko) +- server CHANGE skip NACM check for copy from running to startup (Michal Vasko) +- cli CHANGE include a sample script (Michal Vasko) +- server BUGFIX use seconds for data timeout as intended (Michal Vasko) +- server BUGFIX use proper username for NACM check (Michal Vasko) +- server BUGFIX leaked session (Michal Vasko) +- server CHANGE improve NACM denied error (Michal Vasko) +- server CHANGE remove ietf-yang-library oper callback (Michal Vasko) +- server CHANGE compile options for sysrepo timeout and wait (Michal Vasko) +- server CHANGE adjust based on latest sysrepo API changes (Michal Vasko) +- server CHANGE adjust for latest sysrepo API changes (Michal Vasko) +- server BUGFIX do not modify deleted endpoints (Michal Vasko) +- server CHANGE configurable edit-config timeout (Michal Vasko) +- server BUGFIX double free (Michal Vasko) +- cli BUGFIX endless argument processing loop (Michal Vasko) +- cli CHANGE timeout param for all commands (Michal Vasko) +- server BUGFIX nmda params handling (Michal Vasko) +- cli CHANGE native support for NMDA RPCs (Michal Vasko) +- cli BUGFIX create subscription thread only if not running (Michal Vasko) +