Netopeer2
Introduction
Netopeer2 is an open source NETCONF server developed by CESNET, an association of universities of the Czech Republic and the Czech Academy of Sciences.
Installation
We use an AWS t2.medium instance with 8 GB of disk running Ubuntu server 22.04 LTS.
Follow the netopeer2 installation instructions documented here:
Update apt:
$ sudo apt update
If any of the following steps generates a popup window, use tab and enter to select Ok.
Install cmake:
$ sudo apt install -y cmake
Install libpcre2-dev:
$ sudo apt install -y libpcre2-dev
Install libssh-dev:
$ sudo apt install -y libssh-dev
Install openssl:
$ sudo apt install -y openssl
Install valgrind:
$ sudo apt install -y valgrind
Install libcmocka-dev:
$ sudo apt install -y libcmocka-dev
Install libsystemd-dev:
$ sudo apt install -y libsystemd-dev
Install build-essential:
$ sudo apt install -y build-essential
Install shunit2:
$ sudo apt-get install -y shunit2
Install expect:
$ sudo apt-get install -y expect
Clone the libyang repo:
$ cd ~ $ git clone https://github.com/CESNET/libyang.git
Build libyang from source code:
$ cd libyang $ mkdir build $ cd build $ cmake .. $ make $ sudo make install
Clone the libnetconf2 repo:
$ cd ~ $ git clone https://github.com/CESNET/libnetconf2.git
Build libnetconf2 from source code:
$ cd libnetconf2 $ mkdir build $ cd build $ cmake .. $ make $ sudo make install
Clone the sysrepo repo:
$ cd ~ $ git clone https://github.com/sysrepo/sysrepo
Build sysrepo from source code:
$ cd sysrepo $ mkdir build $ cd build $ cmake .. $ make $ sudo make install
Clone the netopeer2 repo:
$ cd ~ $ git clone https://github.com/CESNET/netopeer2.git
Build netopeer2 from source code (note the extra ldconfig step):
$ cd netopeer2 $ mkdir build $ cd build $ cmake .. $ make $ sudo ldconfig $ sudo make install
Verify installation
Verify that netopeer2-server has been installed:
$ netopeer2-server -V netopeer2-server 2.1.23
Verify that netopeer2-cli has been installed. Type exit to return to the shell.
$ netopeer2-cli get_netconf_dir: Configuration directory "/home/ubuntu/.netopeer2-cli" did not exist, created. load_config: No saved history. load_config: No saved configuration. > exit $s
Note: manual pages are available for netopeer2-server and netopeer2-cli:
$ man netopeer2-server $ man netopeer2-cli
Verify that sysrepo has been installed:
$ sudo sysrepoctl -l Sysrepo repository: /home/ubuntu/sysrepo/build/repository Module Name | Revision | Flags | Owner | Startup Perms | Submodules | Features ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ iana-crypt-hash | 2014-08-06 | i | | | | ietf-crypto-types | 2019-07-02 | I | ubuntu:ubuntu | 600 | | ietf-datastores | 2018-02-14 | I | root:root | 444 | | ietf-inet-types | 2013-07-15 | i | | | | ietf-interfaces | 2018-02-20 | I | ubuntu:ubuntu | 600 | | ietf-ip | 2018-02-22 | I | ubuntu:ubuntu | 600 | | ietf-keystore | 2019-07-02 | I | ubuntu:ubuntu | 600 | | keystore-supported ietf-netconf | 2013-09-29 | I | ubuntu:ubuntu | 600 | | writable-running candidate confirmed-commit rollback-on-error validate startup url xpath ietf-netconf-acm | 2018-02-14 | I | root:root | 600 | | ...
Set a password for user ubuntu
Set the password for user ubuntu to secret to allows netopeer2-cli
(the NETCONF client) to use password authentication (for now) when connecting to
netopeer2-server (the NETCONF server):
$ sudo passwd ubuntu New password: secret Retype new password: secret
Start the NETCONF server
Start the netopeer2-server NETCONF server as a daemon:
$ cd ~ $ sudo netopeer2-server $
Verify that the server is running:
$ ps aux | grep netopeer2-server root 18132 0.1 0.1 337832 7372 ? Ssl 10:54 0:00 netopeer2-server ubuntu 18144 0.0 0.0 7008 2120 pts/0 S+ 10:55 0:00 grep --color=auto netopeer2-server
Start the NETCONF client
Start the netopeer2-cli NETCONF client:
$ cd ~ $ netopeer2-client >
Enter help to see the list of client commands:
> help Available commands: auth Manage SSH authentication options knownhosts Manage the user knownhosts file ... exit Quit the program >
Connect the client to the server (running on the same host)
> connect Interactive SSH Authentication Type your password: Password: secret >
Retrieve the running configuration:
> get-config --source running
DATA
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<keystore xmlns="urn:ietf:params:xml:ns:yang:ietf-keystore">
<asymmetric-keys>
<asymmetric-key>
<name>genkey</name>
<algorithm>rsa2048</algorithm>
<public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIbDXmMsEeQKJhOP9gn4IIO/MwijcOpB9AxjYdMa/WEYjacNXOWAzFHsO8OuYi8gYGo69M+2XtdF4xid3hoE9HPlE3/tOnMA7UBbtbPoYSKei5wN8zobUmtbwJyRHJciyShDKUS8zxM+2P1FoqjIzg0Il3ELfUnxmWoCvDOz1ekkRISuKxDTz2PLnPEqr2HyuBxkMBBRudxfkSfFSQhB7rjPg0UolGOUP+ffOTJuWeodYNnX9NXPc/kKnTNhD2423pANGjFJbM56H6GUpBIDpzuTo6+ds+NcZgYJazk1OiIXpEqLadgVa4nxe/BtbUZYvIccMNbxP4nl6QukjU/74QIDAQAB</public-key>
</asymmetric-key>
</asymmetric-keys>
</keystore>
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<listen>
<endpoint>
<name>default-ssh</name>
<ssh>
<tcp-server-parameters>
<local-address>0.0.0.0</local-address>
<keepalives>
<idle-time>1</idle-time>
<max-probes>10</max-probes>
<probe-interval>5</probe-interval>
</keepalives>
</tcp-server-parameters>
<ssh-server-parameters>
<server-identity>
<host-key>
<name>default-key</name>
<public-key>
<keystore-reference>genkey</keystore-reference>
</public-key>
</host-key>
</server-identity>
<client-authentication>
<supported-authentication-methods>
<publickey/>
<passsword/>
<other>interactive</other>
</supported-authentication-methods>
</client-authentication>
</ssh-server-parameters>
</ssh>
</endpoint>
</listen>
</netconf-server>
</data>
TODO
-
Certificate-based authentication
-
The fancier NETCONF command-line client
-
The NETCONF client GUI
-
Loading our own YANG data model
-
Implementing the back-end for our own YANG data model