Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
gizmoguy committed May 24, 2018
0 parents commit 32a3c36
Show file tree
Hide file tree
Showing 12 changed files with 421 additions and 0 deletions.
58 changes: 58 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
## Image name: faucet/gnmi

FROM ubuntu:16.04

RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -qy --no-install-recommends \
apt-utils \
ca-certificates \
software-properties-common \
&& add-apt-repository -y ppa:longsleep/golang-backports \
&& apt-get update

RUN DEBIAN_FRONTEND=noninteractive apt-get install -qy --no-install-recommends \
fping \
git \
golang-go \
iproute2 \
iputils-ping \
net-tools \
netcat-openbsd \
openssh-client \
psmisc \
sudo \
vim

ENV HOME=/home/faucet
RUN mkdir $HOME
WORKDIR $HOME

COPY ./ .

ENV GOPATH=$HOME/go
ENV GOBIN=$GOPATH/bin
ENV PATH=$GOBIN:${PATH}

RUN mkdir -p \
$GOPATH \
&& go get -u \
github.com/google/gnxi/gnmi_capabilities \
github.com/google/gnxi/gnmi_get \
github.com/google/gnxi/gnmi_set \
github.com/google/gnxi/gnmi_target

RUN go install -v \
github.com/google/gnxi/gnmi_capabilities \
github.com/google/gnxi/gnmi_get \
github.com/google/gnxi/gnmi_set \
github.com/google/gnxi/gnmi_target


RUN cd $HOME/certs/ \
&& ./generate.sh

ENV GNMI_TARGET=localhost
ENV GNMI_PORT=10161

CMD ./_startup.sh \
&& /bin/bash
58 changes: 58 additions & 0 deletions Dockerfile.pi
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
## Image name: faucet/gnmi-pi

FROM multiarch/ubuntu-core:armhf-xenial

RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -qy --no-install-recommends \
apt-utils \
ca-certificates \
software-properties-common \
&& add-apt-repository -y ppa:longsleep/golang-backports \
&& apt-get update

RUN DEBIAN_FRONTEND=noninteractive apt-get install -qy --no-install-recommends \
fping \
git \
golang-go \
iproute2 \
iputils-ping \
net-tools \
netcat-openbsd \
openssh-client \
psmisc \
sudo \
vim

ENV HOME=/home/faucet
RUN mkdir $HOME
WORKDIR $HOME

COPY ./ .

ENV GOPATH=$HOME/go
ENV GOBIN=$GOPATH/bin
ENV PATH=$GOBIN:${PATH}

RUN mkdir -p \
$GOPATH \
&& go get -u \
github.com/google/gnxi/gnmi_capabilities \
github.com/google/gnxi/gnmi_get \
github.com/google/gnxi/gnmi_set \
github.com/google/gnxi/gnmi_target

RUN go install -v \
github.com/google/gnxi/gnmi_capabilities \
github.com/google/gnxi/gnmi_get \
github.com/google/gnxi/gnmi_set \
github.com/google/gnxi/gnmi_target


RUN cd $HOME/certs/ \
&& ./generate.sh

ENV GNMI_TARGET=localhost
ENV GNMI_PORT=10161

CMD ./_startup.sh \
&& /bin/bash
84 changes: 84 additions & 0 deletions README.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
gNMI - gRPC Network Management Interface
========================================

A docker image that facilitates testing the gNMI protocol using Openconfig models.

* See `gNMI Protocol documentation <https://github.com/openconfig/reference/tree/master/rpc/gnmi>`_.
* See `Openconfig documentation <http://www.openconfig.net/>`_.

How to build
------------

From the gnmi directory:

.. code:: bash
docker build -t faucet/gnmi -f Dockerfile .
When building the image, a set of helper certificates is generated and added to ``$HOME/certs/`` folder:

* Self signed CA Certificates
* Client Certificates signed by the CA
* Server Certificates signed by the CA

How to run
----------

.. code:: bash
docker run -ti faucet/gnmi:latest
When running the docker image a default test gNMI target is initiated with a default mock configuration defined in json:

.. code:: bash
root@090fe3d66fe7:~# cat run_target.sh
#!/bin/sh
gnmi_target \
-bind_address :$GNMI_PORT \
-key $HOME/certs/server.key \
-cert $HOME/certs/server.crt \
-ca $HOME/certs/ca.crt \
-alsologtostderr \
-config target_configs/typical_ofsw_config.json
root@090fe3d66fe7:~# set | grep GNMI
GNMI_PORT=32123
GNMI_TARGET=localhost
Run a gNMI Get:

.. code:: bash
root@090fe3d66fe7:~# cat get.sh
#!/bin/sh
gnmi_get \
-target_addr $GNMI_TARGET:$GNMI_PORT \
-key $HOME/certs/client.key \
-cert $HOME/certs/client.crt \
-ca $HOME/certs/ca.crt \
-target_name server.com \
-alsologtostderr \
-xpath "/system/openflow/agent/config/datapath-id" \
-xpath "/system/openflow/controllers/controller[name=main]/connections/connection[aux-id=0]/config/address"
Run gNMI Capabilities:

.. code:: bash
root@090fe3d66fe7:~# cat capabilities.sh
#!/bin/sh
gnmi_capabilities \
-target_addr $GNMI_TARGET:$GNMI_PORT \
-key $HOME/certs/client.key \
-cert $HOME/certs/client.crt \
-ca $HOME/certs/ca.crt \
-target_name server.com \
-alsologtostderr
Override ``GNMI_TARGET`` and ``GNMI_PORT`` to perform the gNMI Get against other targets, or use the binaries directly.

gNxI tools
----------

* `gNxI <https://github.com/google/gnxi>`_
2 changes: 2 additions & 0 deletions _startup.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#!/bin/sh
nohup ./run_target.sh > $HOME/target.log &
8 changes: 8 additions & 0 deletions capabilities.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/sh
gnmi_capabilities \
-target_addr $GNMI_TARGET:$GNMI_PORT \
-key $HOME/certs/client.key \
-cert $HOME/certs/client.crt \
-ca $HOME/certs/ca.crt \
-target_name server.com \
-alsologtostderr
80 changes: 80 additions & 0 deletions certs/generate.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
#!/bin/sh

rm -f *.key *.csr *.crt *.pem *.srl

SUBJ="/C=NZ/ST=Test/L=Test/O=Test/OU=Test/CN=ca"

# Generate CA Private Key
openssl req \
-newkey rsa:2048 \
-nodes \
-keyout ca.key \
-subj $SUBJ

# Generate Req
openssl req \
-key ca.key \
-new -out ca.csr \
-subj $SUBJ

# Generate self signed x509
openssl x509 \
-signkey ca.key \
-in ca.csr \
-req \
-days 365 -out ca.crt

SUBJ="/C=NZ/ST=Test/L=Test/O=Test/OU=Test/CN=server.com"

# Generate Server Private Key
openssl req \
-newkey rsa:2048 \
-nodes \
-keyout server.key \
-subj $SUBJ

# Generate Req
openssl req \
-key server.key \
-new -out server.csr \
-subj $SUBJ

# Generate x509 with signed CA
openssl x509 \
-req \
-in server.csr \
-CA ca.crt \
-CAkey ca.key \
-CAcreateserial \
-out server.crt

SUBJ="/C=NZ/ST=Test/L=Test/O=Test/OU=Test/CN=client.com"

# Generate Client Private Key
openssl req \
-newkey rsa:2048 \
-nodes \
-keyout client.key \
-subj $SUBJ

# Generate Req
openssl req \
-key client.key \
-new -out client.csr \
-subj $SUBJ

# Generate x509 with signed CA
openssl x509 \
-req \
-in client.csr \
-CA ca.crt \
-CAkey ca.key \
-out client.crt

echo ""
echo " == Validate Server"
openssl verify -verbose -CAfile ca.crt server.crt
echo ""
echo " == Validate Client"
openssl verify -verbose -CAfile ca.crt client.crt

10 changes: 10 additions & 0 deletions get.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/sh
gnmi_get \
-target_addr $GNMI_TARGET:$GNMI_PORT \
-key $HOME/certs/client.key \
-cert $HOME/certs/client.crt \
-ca $HOME/certs/ca.crt \
-target_name server.com \
-alsologtostderr \
-xpath "/system/openflow/agent/config/datapath-id" \
-xpath "/system/openflow/controllers/controller[name=main]/connections/connection[aux-id=0]/config/address"
4 changes: 4 additions & 0 deletions hooks/pre_build
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash

# We need qemu-user-static for arm/pi builds
docker run --rm --privileged multiarch/qemu-user-static:register --reset
8 changes: 8 additions & 0 deletions run_target.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/sh
gnmi_target \
-bind_address :$GNMI_PORT \
-key $HOME/certs/server.key \
-cert $HOME/certs/server.crt \
-ca $HOME/certs/ca.crt \
-alsologtostderr \
-config target_configs/typical_ofsw_config.json
10 changes: 10 additions & 0 deletions set.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/sh
gnmi_set \
-replace /system/openflow/agent/config/max-backoff:12 \
-update /system/clock/config/timezone-name:"US/New York" \
-target_addr $GNMI_TARGET:$GNMI_PORT \
-key $HOME/certs/client.key \
-cert $HOME/certs/client.crt \
-ca $HOME/certs/ca.crt \
-target_name server.com \
-alsologtostderr
Loading

0 comments on commit 32a3c36

Please sign in to comment.