From cf84f5f7e822a9bfc59e17ced65e77eb89e0a318 Mon Sep 17 00:00:00 2001 From: Roman Dodin Date: Thu, 4 Apr 2024 18:05:55 +0200 Subject: [PATCH] Added grpc config to the mgmt grpc server (#1971) * added grpc config to the mgmt grpc server * remove default tls profile --- docs/manual/kinds/srl.md | 11 +++++++++++ nodes/srl/version.go | 19 ++++++++++--------- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/docs/manual/kinds/srl.md b/docs/manual/kinds/srl.md index 4f078f304..394e80369 100644 --- a/docs/manual/kinds/srl.md +++ b/docs/manual/kinds/srl.md @@ -327,6 +327,17 @@ IP Address:172.20.20.3, IP Address:2001:172:20:20:0:0:0:3 Nokia SR Linux nodes support setting of [SANs](../nodes.md#subject-alternative-names-san). +### gRPC server + +Starting with SR Linux 24.3.1, the gRPC server config block is used to configure gRPC-based services such as gNMI, gNOI, gRIBI and P4RT. The factory configuration includes the `mgmt` gRPC server block to which containerlab adds all those services and: + +* generated TLS profile +* unix-socket access for gRPC services +* increased rate limit +* trace options + +These additions are meant to make all gRPC services available to the user out of the box with the enabled tracing and a custom TLS profile. + ### License SR Linux container can run without a license emulating the datacenter types (7220 IXR) :partying_face:. diff --git a/nodes/srl/version.go b/nodes/srl/version.go index fffb31ee9..f56c9cc50 100644 --- a/nodes/srl/version.go +++ b/nodes/srl/version.go @@ -22,15 +22,6 @@ set / system gnmi-server rate-limit 65000 set / system gnmi-server trace-options [ request response common ] set / system gnmi-server unix-socket admin-state enable` - // grpc contains the grpc server(s) configuration for srlinux versions >= 24.3. - grpcConfig = `set / system grpc-server clab services [ gnmi gnoi gribi p4rt ] -set / system grpc-server clab tls-profile clab-profile -set / system grpc-server clab rate-limit 65000 -set / system grpc-server clab network-instance mgmt -set / system grpc-server clab trace-options [ request response common ] -set / system grpc-server clab unix-socket admin-state enable -set / system grpc-server clab admin-state enable` - // aclConfig contains the ACL configuration for srlinux versions >= 24.3 to enable // non secure telnet and http access to the router which are useful for labs. aclConfig = `set / acl acl-filter cpm type ipv4 entry 88 description "Containerlab-added rule: Accept incoming Telnet when the other host initiates the TCP connection" @@ -63,6 +54,16 @@ set / acl acl-filter cpm type ipv6 entry 188 match ipv6 next-header tcp set / acl acl-filter cpm type ipv6 entry 188 match transport destination-port operator eq set / acl acl-filter cpm type ipv6 entry 188 match transport destination-port value 80 set / acl acl-filter cpm type ipv6 entry 188 action accept` + + // grpc contains the grpc server(s) configuration for srlinux versions >= 24.3. + grpcConfig = `set / system grpc-server mgmt services [ gnmi gnoi gribi p4rt ] +set / system grpc-server mgmt tls-profile clab-profile +set / system grpc-server mgmt rate-limit 65000 +set / system grpc-server mgmt network-instance mgmt +set / system grpc-server mgmt trace-options [ request response common ] +set / system grpc-server mgmt unix-socket admin-state enable +set / system grpc-server mgmt admin-state enable +delete / system grpc-server mgmt default-tls-profile` ) // SrlVersion represents an sr linux version as a set of fields.