#opendaylight-users log

16:00:56 <CaseyODL> #startmeeting advisory group
16:00:56 <odl_meetbot> Meeting started Thu Jan 19 16:00:56 2017 UTC.  The chair is CaseyODL. Information about MeetBot at http://ci.openstack.org/meetbot.html.
16:00:56 <odl_meetbot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:56 <odl_meetbot> The meeting name has been set to 'advisory_group'
16:04:49 <CaseyODL> #chair phrobb
16:04:49 <odl_meetbot> Current chairs: CaseyODL phrobb
16:04:54 <CaseyODL> #info colindixon
16:05:18 <colindixon> did you mena #info or #chair?
16:05:53 <CaseyODL> #chair colindixon
16:05:53 <odl_meetbot> Current chairs: CaseyODL colindixon phrobb
16:06:29 <CaseyODL> #topic Improvements in NETCONF
16:07:07 <colindixon> #info rgoulding is going to present some details on how we've improved the NETCONF usability
16:08:26 <colindixon> #info ryan explains a bit about how historically, NETCONF has been potentially annoying to use in OpenDaylight
16:09:27 <colindixon> #info two key reasons: 1.) strict enforceent of the YANG language both itself and that data matches the schema 2.) devices that don't support netconf-monitoring and thus don't serve their YANG models
16:10:10 <colindixon> #info ryan describes a common problem which is that you'd go to mount a device, get an HTTP 201 response that it succeeded, but no device would mount
16:10:44 <colindixon> #info usually this was becuase some model didn't parse and the errors weren't particularly helpful to figure out what actually went wrong and then fix the failing file
16:12:17 <colindixon> #link https://www.youtube.com/watch?v=_ZP8UhWF7OE Mount ODL NETCONF Devices Using a Custom Schema Cache
16:12:33 <colindixon> #link https://www.youtube.com/watch?v=-MUneHaTCh0 OpenDaylight NETCONF Boron Improvements Demo
16:12:45 <colindixon> #Info the above videos show some of what Ryan's going ot demo, but you can go back to check it out
16:14:31 <colindixon> #info ryan starts his demo, showing the features being installed: odl-restconf (for REST interfaces), odl-netconf-clustered-topology (the newer, cluster-capable way to mount NETCONF devices, but runs fine on a single node too), odl-netconf-mdsal (a NETCONF NB interface for the MD-SAL that we'll mount), and odl-mdsal-apidocs (which gives a nice web interface to REST APIs)
16:14:45 <colindixon> #info this demo is using the latest Boron release
16:15:41 <colindixon> #info Ryan has mounted a device called lb (which is a NETCONF mount of the OpenDaylight MD-SAL datastore itslef) using postman to create the REST call
16:16:44 <colindixon> #info ryan moves to the apidocs to see the operational topology, it lists the NETCONF node with a bunch of available capabiliies which show what models actually work
16:17:15 <colindixon> #info there are also unavailable capabilities, which is models that have problems
16:17:59 <colindixon> #info ryan had previously broken the ted model just to show that this works, he removed the type of a leaf
16:18:34 <colindixon> #Info this also broke ISIS and another model because they depended on the broken model
16:19:38 <colindixon> #info as part of Boron, we now mount devices even if some models fail and also give information (as you could see in the topology output) and also in the logs
16:20:36 <colindixon> #info says LEAF is missing TYPE at line 116 character 4, which lets you fix things quickly
16:21:11 <colindixon> #info the partial device mount is exclusive to Boron, but other features are mostly backported to Beryllium as well
16:24:03 <colindixon> #info beau says that this is really cool stuff and the kind of things we need in a new beginner's guide
16:24:50 <colindixon> #info Brian Freeman also says this is really cool stuff and thanks!
16:29:00 <colindixon> #info the other half is about how you can have custom scheme cache directories so you can update the models for specific devices to help fix OpenDaylight NETCONF to work with a broader range of models
16:29:17 <colindixon> #info this includes being able to fix device models, and even common models just for a single device
16:32:42 <colindixon> #info there are bunch of things that this enables: you can side-load models if the device doesn't support netconf monitoring, or to keep different copies of different models for different devices
16:34:14 <colindixon> #info Brian Freeman points out this is really good, in part because there are more ways to fix things on the ODL side than on the vendor side
16:35:52 <colindixon> #info Brian has two other requests: avoiding credentials in the clear, also would like to have the ability to do multi devices edits and transactions are a thing we need to move there
16:38:21 <colindixon> #Info if people are interested, colindixon says to reach out about starting a project or anything else about multi-device NETCONF tools
16:39:12 <colindixon> #info for credentials, Ryan suggests using certificates, alternatively the "right" solution if you have to use passwords is to encrypt at rest and decrypt at use
16:39:47 <colindixon> #info Brian and Chris both say that many devices are still password-only
16:43:36 <colindixon> #info the key issues seem to be (a) making sure we encrypt things at rest and (b) ensure that most users don't have access to read the passwords over REST
16:45:08 <colindixon> #info the general idea from Chris and Brian is that you can only get the credentials from the shell into OpenDaylight, but not from any remote APIs, basically there should be no way to get any
16:45:11 <colindixon> #undo
16:45:11 <odl_meetbot> Removing item from minutes: <MeetBot.ircmeeting.items.Info object at 0x27f3550>
16:45:16 <colindixon> #info the general idea from Chris and Brian is that you can only get the credentials from the shell into OpenDaylight, but not from any remote APIs
16:46:10 <colindixon> #Info the general idea is that we should try to avoid sending the credentials anywhere but to the SB device itself
16:50:21 <colindixon> #info colindixon asks if other people have done better things with best practice for handling credentials like this
16:51:19 <colindixon> #info ryan says that there are two ways to do this better: certificate-based authorization, and doing delegation of authentication
16:52:23 <colindixon> #info there seems to be no way for this that works well with NETCONF, but that we know about it
16:53:31 <colindixon> #action colindixon to ask if there are best practices for handling password data in models
16:53:38 <colindixon> #topic RESTCONF draft 18
16:54:42 <colindixon> #Info ryan points out that we have draft 02 of RESTCONF implemented in the default one, but we have a draft 18 (that will hopefully be the RFC version or near it) as /apidoc/18/ instead of just /apidoc/
16:54:55 <colindixon> #info people should start to look at it and note the differences sooner rather than later
16:55:01 <colindixon> #topic apidocs scalability issues
16:55:42 <colindixon> #info Brian and others point out that large configs and large numbers of models causes it just give up
16:55:56 <colindixon> #info swagger and postman seem to struggle at certain sizes
16:56:01 <colindixon> #info people have been moving back to curl
16:59:41 <colindixon> #info there might be an update to swagger soon, that might help
17:00:17 <colindixon> #info ODL folks are aware it's an issue, but we're not actively trying to fix it
17:00:24 <colindixon> #info Open Networking Summit
17:01:02 <CaseyODL> Still typing, or should I end it?  :)
17:01:04 <colindixon> #link http://events.linuxfoundation.org/events/open-networking-summit/program/cfp call for submissions is here and closes Saturday, 1/21, please submit cool ODL content
17:01:17 <colindixon> #info especially user content and especially especially enterprise user content
17:01:21 <colindixon> you can close it
17:02:01 <CaseyODL> #endmeeting