-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement CNaaS-NMS REST API as alternative PortAdmin management backend #2126
base: master
Are you sure you want to change the base?
Conversation
3bebc51
to
413bcc2
Compare
bd6b79a
to
a843e2a
Compare
At this point, there is still more work to be done on abstracting the The CNaaS-NMS API functionality works only partially. There is still an issue of how to map VLAN/VXLAN information from CNaaS-NMS to NAV (since NAV has no concept of VXLAN yet). The new partially-implemented functionality is switched off by default, and the options to switch it on are not yet documented in the example I have been instructed to prioritize other aspects of the PortAdmin interface, namely NETCONF support. This work would rely on some of the structural changes and abstractions that have already been made in this PR, so this work will have to be based off this PR until it is merged. |
a843e2a
to
9d74ae0
Compare
Actually, I will probably try to extract all structural/API changes to a separate PR, and instead base this PR and the new PR on top of that instead. |
9d74ae0
to
3b5015e
Compare
And so I finally did. I.e. the structural changes have mostly taken place as part of the NETCONF/Juniper changes to PortAdmin, so I have rebased this entire branch onto I haven't tested the rebased code yet, I will need to verify my access tokens to SUNET's CNaaS lab environment first. |
3b5015e
to
f64068c
Compare
This will change. I do not have access to an actual CNaaS-NMS instance at the moment, and have too little experience with simple_rest_client to do a proper test.
Because: - We want a MixIn class to build hybrid Portadmin handler classes on the fly, where read operations can be handled directly by the vendor-specific ManagementHandler and write operations can instead be dispatched to the CNaaS NMS API.
Because: - When CNaaS NMS proxying is enabled, read operations should proceed as normal, directly against the device, using whatever ManagementHandler implementation deemed appropriate, while write operations should pass through the CNaaS NMS API.
Because: - HybridProxyHandler does not implement anything - The simple_rest_client API class produces dynamic member attributes based on the API definition. PyLint is unable to determine what valid member attributes exists anyway.
Because: - Device names aren't guaranteed to be the same in CNaaS-NMS and NAV: NAV's name is fetched from DNS, CNaaS-NMS' is set independently of DNS. - The management IP address is expected to be the same in both systems.
Because: - CNaaSNMSMixIn will need a generic helper method to fetch a matching device record from CNaaS-NMS - This helps separate concerns of generic device retrieval errors to that of verifying CNaaS NMS' willingness to actually configure this device.
Because: - Error message should be more specific about which CNaaS NMS management criteria aren't met.
Because: - Although the actual method to cycle may be different in different subclasses, the logic for verification/filtering of the incoming interfaces list remains largely the same. - This moves the heavy lifting to a private method that can be overriden by subclasses who do not need to reimplement or change the verification/filter logic.
The interface_status endpoint can be used to list the status of each interface of a device, but also to initiate a bounce operation for a list of interfaces on said device.
Because: - CNaaS-NMS supports this operation internally, so we do not need to use the inherited generic method from ManagementHandler.
Because: - The test server runs on a self-signed certificate, which makes the underlying HTTP library raise an exception. - We need to be able to disable SSL verification for testing purposes, (but we should never need this option in production!)
Because: - NAV's device sysname does not necessarily correspond to the hostname used by CNaaS-NMS, depending on the DNS setup. - The best way to find the corresponding device in CNaaS-NMS is to look it up using its management IP. - The code to look up the device already exists, so we re-use it to provide a device_name property that can be used in all generated API requests.
Because: - We need to make sure the commit finishes without error before reporting success or failure to the end user.
f64068c
to
830a7bd
Compare
This PR is a work in progress, intending to:
After deliberations with SUNET, these operations still remain to be mapped to CNaaS-NMS:
device_syncto
) to complete and report status back to end useris_dot1x_enabled()
andget_dot1x_enabled_interfaces()
PortAdmin operations using CNaaS-NMS APIAlso, there was a suggestion to have PortAdmin show port neighbor information in
cases where it exists, but this is outside the scope of this PR.
Reference: https://github.com/SUNET/cnaas-nms