#opendaylight-users: advisory group

Meeting started by CaseyODL at 16:00:56 UTC (full logs).

Meeting summary

    1. colindixon (CaseyODL, 16:04:54)

  2. Improvements in NETCONF (CaseyODL, 16:06:29)
    1. rgoulding is going to present some details on how we've improved the NETCONF usability (colindixon, 16:07:07)
    2. ryan explains a bit about how historically, NETCONF has been potentially annoying to use in OpenDaylight (colindixon, 16:08:26)
    3. two key reasons: 1.) strict enforceent of the YANG language both itself and that data matches the schema 2.) devices that don't support netconf-monitoring and thus don't serve their YANG models (colindixon, 16:09:27)
    4. ryan describes a common problem which is that you'd go to mount a device, get an HTTP 201 response that it succeeded, but no device would mount (colindixon, 16:10:10)
    5. usually this was becuase some model didn't parse and the errors weren't particularly helpful to figure out what actually went wrong and then fix the failing file (colindixon, 16:10:44)
    6. https://www.youtube.com/watch?v=_ZP8UhWF7OE Mount ODL NETCONF Devices Using a Custom Schema Cache (colindixon, 16:12:17)
    7. https://www.youtube.com/watch?v=-MUneHaTCh0 OpenDaylight NETCONF Boron Improvements Demo (colindixon, 16:12:33)
    8. the above videos show some of what Ryan's going ot demo, but you can go back to check it out (colindixon, 16:12:45)
    9. ryan starts his demo, showing the features being installed: odl-restconf (for REST interfaces), odl-netconf-clustered-topology (the newer, cluster-capable way to mount NETCONF devices, but runs fine on a single node too), odl-netconf-mdsal (a NETCONF NB interface for the MD-SAL that we'll mount), and odl-mdsal-apidocs (which gives a nice web interface to REST APIs) (colindixon, 16:14:31)
    10. this demo is using the latest Boron release (colindixon, 16:14:45)
    11. Ryan has mounted a device called lb (which is a NETCONF mount of the OpenDaylight MD-SAL datastore itslef) using postman to create the REST call (colindixon, 16:15:41)
    12. ryan moves to the apidocs to see the operational topology, it lists the NETCONF node with a bunch of available capabiliies which show what models actually work (colindixon, 16:16:44)
    13. there are also unavailable capabilities, which is models that have problems (colindixon, 16:17:15)
    14. ryan had previously broken the ted model just to show that this works, he removed the type of a leaf (colindixon, 16:17:59)
    15. this also broke ISIS and another model because they depended on the broken model (colindixon, 16:18:34)
    16. as part of Boron, we now mount devices even if some models fail and also give information (as you could see in the topology output) and also in the logs (colindixon, 16:19:38)
    17. says LEAF is missing TYPE at line 116 character 4, which lets you fix things quickly (colindixon, 16:20:36)
    18. the partial device mount is exclusive to Boron, but other features are mostly backported to Beryllium as well (colindixon, 16:21:11)
    19. beau says that this is really cool stuff and the kind of things we need in a new beginner's guide (colindixon, 16:24:03)
    20. Brian Freeman also says this is really cool stuff and thanks! (colindixon, 16:24:50)
    21. the other half is about how you can have custom scheme cache directories so you can update the models for specific devices to help fix OpenDaylight NETCONF to work with a broader range of models (colindixon, 16:29:00)
    22. this includes being able to fix device models, and even common models just for a single device (colindixon, 16:29:17)
    23. there are bunch of things that this enables: you can side-load models if the device doesn't support netconf monitoring, or to keep different copies of different models for different devices (colindixon, 16:32:42)
    24. Brian Freeman points out this is really good, in part because there are more ways to fix things on the ODL side than on the vendor side (colindixon, 16:34:14)
    25. Brian has two other requests: avoiding credentials in the clear, also would like to have the ability to do multi devices edits and transactions are a thing we need to move there (colindixon, 16:35:52)
    26. if people are interested, colindixon says to reach out about starting a project or anything else about multi-device NETCONF tools (colindixon, 16:38:21)
    27. for credentials, Ryan suggests using certificates, alternatively the "right" solution if you have to use passwords is to encrypt at rest and decrypt at use (colindixon, 16:39:12)
    28. Brian and Chris both say that many devices are still password-only (colindixon, 16:39:47)
    29. the key issues seem to be (a) making sure we encrypt things at rest and (b) ensure that most users don't have access to read the passwords over REST (colindixon, 16:43:36)
    30. the general idea from Chris and Brian is that you can only get the credentials from the shell into OpenDaylight, but not from any remote APIs (colindixon, 16:45:16)
    31. the general idea is that we should try to avoid sending the credentials anywhere but to the SB device itself (colindixon, 16:46:10)
    32. colindixon asks if other people have done better things with best practice for handling credentials like this (colindixon, 16:50:21)
    33. ryan says that there are two ways to do this better: certificate-based authorization, and doing delegation of authentication (colindixon, 16:51:19)
    34. there seems to be no way for this that works well with NETCONF, but that we know about it (colindixon, 16:52:23)
    35. ACTION: colindixon to ask if there are best practices for handling password data in models (colindixon, 16:53:31)

  3. RESTCONF draft 18 (colindixon, 16:53:38)
    1. ryan points out that we have draft 02 of RESTCONF implemented in the default one, but we have a draft 18 (that will hopefully be the RFC version or near it) as /apidoc/18/ instead of just /apidoc/ (colindixon, 16:54:42)
    2. people should start to look at it and note the differences sooner rather than later (colindixon, 16:54:55)

  4. apidocs scalability issues (colindixon, 16:55:01)
    1. Brian and others point out that large configs and large numbers of models causes it just give up (colindixon, 16:55:42)
    2. swagger and postman seem to struggle at certain sizes (colindixon, 16:55:56)
    3. people have been moving back to curl (colindixon, 16:56:01)
    4. there might be an update to swagger soon, that might help (colindixon, 16:59:41)
    5. ODL folks are aware it's an issue, but we're not actively trying to fix it (colindixon, 17:00:17)
    6. Open Networking Summit (colindixon, 17:00:24)
    7. http://events.linuxfoundation.org/events/open-networking-summit/program/cfp call for submissions is here and closes Saturday, 1/21, please submit cool ODL content (colindixon, 17:01:04)
    8. especially user content and especially especially enterprise user content (colindixon, 17:01:17)


Meeting ended at 17:02:01 UTC (full logs).

Action items

  1. colindixon to ask if there are best practices for handling password data in models


Action items, by person

  1. colindixon
    1. colindixon to ask if there are best practices for handling password data in models


People present (lines said)

  1. colindixon (51)
  2. CaseyODL (7)
  3. odl_meetbot (6)
  4. phrobb (0)


Generated by MeetBot 0.1.4.