diff --git a/docs/manual/kinds/vr-sros.md b/docs/manual/kinds/vr-sros.md index 927adda04..214ad009e 100644 --- a/docs/manual/kinds/vr-sros.md +++ b/docs/manual/kinds/vr-sros.md @@ -341,6 +341,15 @@ Containerlab v0.48.0+ supports SSH key injection into the Nokia SR OS nodes. Fir Next it will filter out public keys that are not of RSA/ECDSA type. The remaining valid public keys will be configured for the admin user of the Nokia SR OS node using key IDs from 32 downwards[^2]. This will enable key-based authentication next time you connect to the node. +/// details | Skipping keys injection +If you want to disable this feature (e.g. when using classic CLI mode), you can do so by setting the `CLAB_SKIP_SROS_SSH_KEY_CONFIG=true` env variable: + +```bash +CLAB_SKIP_SROS_SSH_KEY=true sudo -E clab deploy -t +``` + +/// + ### License Path to a valid license must be provided for all Nokia SR OS nodes with a [`license`](../nodes.md#license) directive. diff --git a/docs/rn/0.48.md b/docs/rn/0.48.md index c8efbbccb..d8061d0a7 100644 --- a/docs/rn/0.48.md +++ b/docs/rn/0.48.md @@ -68,3 +68,4 @@ Now containerlab will add group ACLs to the lab directory to allow original user * fixed `destroy -t ` case where topology file referred a directory #1747 * fixed SR OS getting stuck when partial config is used with ssh keys provisioning #1750 +* introduced `CLAB_SKIP_SROS_SSH_KEY_CONFIG` env var to skip SSH key provisioning for SR OS #1756 diff --git a/nodes/vr_sros/vr-sros.go b/nodes/vr_sros/vr-sros.go index d7ac11971..1ab17da1c 100644 --- a/nodes/vr_sros/vr-sros.go +++ b/nodes/vr_sros/vr-sros.go @@ -139,7 +139,13 @@ func (s *vrSROS) PostDeploy(ctx context.Context, _ *nodes.PostDeployParams) erro log.Infof("%s: configuration applied", s.Cfg.LongName) } - if len(s.sshPubKeys) > 0 { + // skip ssh key configuration if CLAB_SKIP_SROS_SSH_KEY_CONFIG env var is set + // which is needed for SR OS nodes running in classic CLI mode, because our key + // injection mechanism assumes MD-CLI mode. + _, skipSSHKeyCfg := os.LookupEnv("CLAB_SKIP_SROS_SSH_KEY_CONFIG") + + if len(s.sshPubKeys) > 0 && !skipSSHKeyCfg { + log.Warn("here1") err := s.configureSSHPublicKeys(ctx) if err != nil { return err