- About this Guide
- Ultra Services Platform Overview
- Introduction to UGP
- System Operation and Configuration
- Getting Started
- System Settings
- Config Mode Lock Mechanisms
- Management Settings
- Verifying and Saving Your Configuration
- System Interfaces and Ports
- System Security
- Secure System Configuration File
- Software Management Operations
- Smart Licensing
- Monitoring the System
- Bulk Statistics
- System Logs
- Troubleshooting
- Packet Capture (PCAP) Trace
- System Recovery
- Access Control Lists
- Congestion Control
- Routing
- VLANs
- BGP MPLS VPNs
- Content Service Steering
- Session Recovery
- Interchassis Session Recovery
- Support Data Collector
- Engineering Rules
- StarOS Tasks
- NETCONF and ConfD
- ICSR Checkpointing
- UGP SDR CLI Command Strings
- VPC Commands
- KPI Descriptions
NETCONF and
ConfD
This chapter describes NETCONF and the StarOS process called ConfD manager.
It contains the following sections:
- Feature Summary and Revision History
- Overview
- Configuring ConfD
- Verifying the Configuration
- YANG Models
- Show Support Details (SSD)
- ConfD Examples
- CLI Based YANG Model for ECS Commands
Feature Summary and Revision History
Summary Data
Revision History
Note | Revision history details are not provided for features introduced before releases 21.2 and N5.5. |
Revision Details |
Release |
---|---|
SNMP MIB alerts and alarms are now able to be sent via NETCONF notifications. The netconf command in NETCONF Protocol Configuration Mode added a snmp keyword to enable this functionality. show confdmgr command output expanded. |
21.3 |
ConfD may now collect bulkstats operational data that is retrieved via REST interface. New StarOS bulkstats and server ConfD configuration YANG models are supported. Any updates via StarOS CLI are now automatically synced back to the ConfD Database. The CLI based YANG model is only applicable to StarOS ECS (Enhanced Charging System) commands. NETCONF Protocol Configuration Mode added bulkstats, netconf, and rest commands. autosave-config command obsoleted. show confdmgrcommand added keywords model bulkstats and model confd. show confdmgr command output expanded. |
21.2 |
First introduced. |
Pre 21.2 |
Overview
StarOS provides a northbound NETCONF interface that supports a YANG data model for transferring configuration and operational data with the Cisco Network Service Orchestrator (NSO). It also incorporates a ConfD manager (confdmgr) to communicate with the NSO management console.
NETCONF (Network Configuration Protocol) is a network management protocol developed and standardized by the IETF (RFC 6241). It provides mechanisms to install, manipulate, and delete the configuration of network devices. Its operations are realized on top of a simple remote procedure call (RPC) layer. The NETCONF protocol uses XML-based data encoding for the configuration data as well as the protocol messages. The protocol messages are exchanged on top of a secure transport protocol.
ConfD is an on-device management framework that provides a set of interfaces to manage a device. The ConfD framework automatically renders all the management interfaces from a data model. ConfD implements the full NETCONF specification and runs over SSH with content encoded in XML.
ConfD is configured to allow only authenticated/authorized access through external authentication. The confdmgr provides a standalone CLI module for ConfD to invoke when authenticating/authorizing any new users. ConfD is configured to allow only authorized access through StarOS authentication. Upon authentication, the user is given a privilege level (0-15) which is mapped to StarOS secure admin, admin, operator, and inspector, as defined in the YANG model. StarOS logs CLI authentication event/status messages for each ConfD authentication request.
On the southbound side, ConfD communicates with a StarOS process called via a set of APIs provided by the ConfD management agent. The ConfD Configuration Database (CDB) is used by ConfD to store objects. StarOS accesses the database through the ConfD-supplied APIs. Any updates via StarOS CLI are automatically synced back to the CDB.
YANG is a data modeling language for the NETCONF network configuration protocol. It can be used to model both configuration data as well as state data of network elements. YANG can also be used to define the format of event notifications emitted by network elements and it allows data modelers to define the signature of remote procedure calls that can be invoked on network elements via the NETCONF protocol (RFC 6020). The YANG file is compiled as part of StarOS and incorporates existing StarOS supported CLI commands.
ConfD may also collect bulkstats operational data. When enabled, StarOS will send schema information to confdmgr while gathering statistics. Collected bulkstats are stored in the ConfD CDB for later retrieval over REST (Representational State Transfer) interface. RESTCONF is an IETF draft (draft-bierman-netconf-restconf-4) that describes how to map a YANG specification to a RESTful interface using HTTP as transport. REST and RESTCONF are only enabled internally when a valid certificate and key are configured. If client authentication is enabled, CA-certificates may be required as well.
For additional NSO information, refer to the NSO user documentation.
Configuring ConfD
To enable NETCONF protocol in StarOS, you must enable server confd and enter the NETCONF Protocol Configuration mode. The NETCONF Protocol Configuration mode supports optional configuration commands.
SSH Key Requirement
NETCONF-ConfD support requires that a V2-RSA SSH key be configured on the local context.
If an SSH key is not available, StarOS generates an error message.
Failure: The ConfD (NETCONF) server requires an RSA key on the local context
You can run the show ssh key command to verify the existence of an SSH key on the system.
If an SSH key is not available, see the Configuring SSH Options section of the Getting Started chapter in this guide.
NETCONF Protocol Configuration Mode
The NETCONF protocol is enabled via the Context Configuration mode server conf command. This command is restricted to the local context only.
[local]host_name# configure
[local]host_name(config)# context local
[local]host_name(config-ctx)# server confd
[local]host_name(config-confd)# ?
bulkstats - Populate ConfD with bulkstats operational data
confd-user - Configures the default login user with full administrator rights for the ConfD server.
do - Spawns an exec mode command which displays information to the administrator
end - Exits configuration mode and returns to Exec Mode
exit - Exits current configuration mode, returning to previous mode
netconf - Configure the netconf interface
no - Enables/Disables the followed option
rest - Configure the rest interface
The following keywords are optional:
To disable NETCONF protocol, run the no server confd command in Context Configuration mode.
For additional information, see the NETCONF Protocol Configuration Mode Commands chapter of the Command Line Interface Reference.
- bulkstats
- confd-user
- netconf notifications events
- netconf notifications snmp
- netconf port
- rest auth-policy
- rest certificate
- rest hostname
- rest port
bulkstats
This NETCONF Protocol Configuration mode command enables bulkstats collection and reporting via REST interface. By default, this command is disabled.
The command syntax is: bulkstats.
During StarOS statistics gathering, bulk statistics are also stored in the CDB for later retrieval over REST interface.
Use no bulkstats to disable populating ConfD with bulkstats operational data.
For additional information, see the NETCONF Protocol Configuration Mode Commands chapter of the Command Line Interface Reference.
confd-user
This NETCONF Protocol Configuration mode command associates a username for all CLI operations via NETCONF. The user will be authenticated with verifiable credentials. This username is used for CLI logging purposes only.
The command syntax is: confd-user <username>, where <username> is an alphanumeric string of 1 to 144 characters.
The NETCONF or RESTful session must still be established with verifiable credentials.
netconf notifications events
This NETCONF Protocol Configuration mode command enables events logged in StarOS to be sent out as NETCONF notifications on the stream named "StarOS." Level specifies the lowest event severity level that results in a notification.
The command syntax is: netconf notifications events level { critical | error | warning | unusual | info }, where
-
critical - Level 1: Reports critical errors contained in log file.
-
error - Level 2: Reports error notifications contained in log file.
-
warning - Level 3: Reports warning messages contained in log file.
-
unusual - Level 4: Reports unexpected errors contained in log file.
-
info - Level 5: Reports informational messages contained in log file.
Use no netconf notifications events to disable NETCONF notifications.
Any event that is of category "critical-info" (regardless of severity) will also be converted to notifications.
netconf notifications snmp
This NETCONF Protocol Configuration mode command enables SNMP alerts and alarms to be sent out as NETCONF notifications on the stream named "StarOS_SNMP".
The command syntax is: netconf notifications snmp.
Use no netconf notifications snmp to disable NETCONF notifications.
netconf port
This NETCONF Protocol Configuration mode command sets the NETCONF interface port number. When server confd is enabled, the default port is automatically set to 830.
The command syntax is: netconf port port_number, where port_number must be an integer from 1 through 65535.
Use no netconf port to reset the port number to 830.
A change to the NETCONF interface port value will result in a planned restart of ConfD and temporary loss of connectivity over the NETCONF and REST (if enabled) interfaces.
rest auth-policy
This NETCONF Protocol Configuration mode command controls the level of verification the server does on client certificates. CA (certificate authority) certificates can be configured using the existing ca-certificate command in Global Configuration mode.
The command syntax is: rest auth-policy { none | peer | peer-fail }, where
-
none - No authentication performed.
-
peer - If the client does not provide a certificate, or the client provides a certificate and it is valid, the connection is allowed. If the client provides a certificate that is not valid, the connection is aborted.
Important: If peer is selected, CA certificates are recommended; otherwise, a client providing a valid certificate cannot be authenticated and connection will fail.
-
peer-fail - Server requires the client to supply a client certificate and will fail the connection if certificate is not successfully validated.
Important: If peer-fail is selected, one or more CA certificates must be present on the device; otherwise, the REST interface will not be enabled.
Use no rest auth-policy to set the auth-policy to none; no authentication will be performed.
A change to the REST interface auth-policy may result in a planned restart of ConfD and temporary loss of connectivity over the NETCONF and REST (if still enabled) interfaces.
Changes to global certificates which ConfD is using while REST is enabled will also result in a restart of ConfD.
rest certificate
This NETCONF Protocol Configuration mode command configures certificate and private-key for REST interface.
The command syntax is: rest certificate certificate_name, where certificate_name is an alphanumeric string of 1 to 128 characters.
The certificate specified must to be present on the device. Certificate and the associated private-key can be configured using the existing certificate command in Global Configuration mode.
Use no rest certificate to remove any configured certificate and key. REST will not be operational without a valid certificate and key.
A change to the REST interface certificate may result in a planned restart of ConfD and temporary loss of connectivity over the NETCONF and REST (if still enabled) interfaces.
Changes to global certificates which ConfD is using while REST is enabled will also result in a restart of ConfD.
rest hostname
This NETCONF Protocol Configuration mode command specifies a hostname the web server will serve. If configured, mandates the web server to only service requests whose Host field matches the configured hostname.
The command syntax is: rest hostname host_name, where host_name is an alphanumeric string of 1 to 63 characters.
Use no rest hostname to use the system name; matching of hostname is not mandated.
A change to the REST interface hostname may result in a planned restart of ConfD and temporary loss of connectivity over the NETCONF and REST (if still enabled) interfaces.
Changes to global certificates which ConfD is using while REST is enabled will also result in a restart of ConfD.
rest port
This NETCONF Protocol Configuration mode command sets the REST interface port number.
The command syntax is: rest port port_number, where port_number must be an integer from 1 through 65535.
Use no rest port to reset the port number to default 443.
A change to the REST interface port value may result in a planned restart of ConfD and temporary loss of connectivity over the NETCONF and REST (if still enabled) interfaces.
Changes to global certificates which ConfD is using while REST is enabled will also result in a restart of ConfD.
Sample Configuration
The following command sequence establishes a ConfD configuration in support of NETCONF protocol.
A type v2-RSA SSH key is required for enabling server confd.
configure context local ssh key <encrypted key text> len 938 type v2-rsa server confd bulkstats confd-user NETCONF rest certificate rest-cert #exit subscriber default exit aaa group default #exit gtpp group default #exit #exit end
Verifying the Configuration
There are two Exec mode show commands that display information about the NETCONF-ConfD configuration.
show confdmgr Command
This command displays information about the StarOS ConfD Manager (confdmgr) process.
The syntax for this command is:
show confdmgr [ confd { cdb | netconf | state } | model { bulkstats | confd } | subscriptions ] [ | { grep grep_options | more } ]
-
The confd keyword displays information about the ConfD engine based on the specified keyword in the following options:
-
The model keyword displays information about the ConfD model based on the specified keyword in the following options:
-
The subscriptions keyword displays ConfD CDB subscription information.
show confdmgr
See below for a sample output for show confdmgr:
[local]<host_name># show confdmgr State Information ----------------- State Started Subscriptions 5 Last successful id 1461-704882-705350 Last failed id None Username Not configured Bulkstats Enabled Event notification level Disabled SNMP notifications Disabled REST interface authentication none REST interface certificate rest-cert REST interface host name Not configured Interface Status Port ---------------------------------------------- NETCONF Enabled 830 REST Enabled 443 Statistics ---------- Triggers 1 Replays 0 Notifications 5 Notification failures 0 Trigger failures 0 Replay failures 0 NETCONF notification failures 0 Unexpected failures 0 [local]<host_name>#
-
Triggers – Number of times confdmgr has requested ConfD to dump the CDB contents back into confdmgr, which results in a configuration synchronization to SCT (Shared Configuration Task).
-
Replays – Number of times a transaction has been replayed. A replay is initiated if, upon startup, the last successful transaction ID in confdmgr does not match that of ConfD. This could occur, for example, if confdmgr task restarted when processing the notification for a configuration transaction.
-
Notifications – Number of times ConfD has sent a configuration update to confdmgr. For example, this can occur as the result of a "commit" via confd_cli or during a trigger event.
-
Notification failures – Number of times configuration received from ConfD was not processed successfully.
-
Trigger failures – Number of times a CDB dump to confdmgr failed.
-
Replay failures – Number of times an attempt to replay a transaction failed.
-
NETCONF notification failures – Number of times an attempt to issue a NETCONF notification failed.
-
Unexpected failures – Number of times an unexpected condition was encountered. An error log is generated for each case.
show confdmgr confd cdb
See below for a sample output for show confdmgr confd cdb:
[local]<host_name># show confdmgr confd cdb bulkstats server collection true bulkstats server historical-collection false bulkstats server gather-on-standby true bulkstats server sample-interval 60 bulkstats server transfer-interval 1440 bulkstats server limit 7500 bulkstats server receiver-mode secondary-on-failure bulkstats server file 1 ! bulkstats schemas file 1 schema-type system schema abc format %host% active-only false ! schema common format %host%,%ipaddr%,%time%,%uptime%,%swbuild%,%localtz% active-only false ! schema systemSch11 format PPM,system,systemSch11,%epochtime%,%localdate%,%localtime%,%uptime%,%diamauth-msg -saans%,%diamauth-msg-sarretry%,%diamauth-msg-saatimeout%,%diamauth-msg-saadropped%,%diamauth-ms g-uareq%,%diamauth-msg-uaans%,%diamauth-msg-uarretry%,%diamauth-msg-uaatimeout%,%diamauth-msg-ua adropped%,%diamauth-msg-lireq%,%diamauth-msg-lians%,%diamauth-msg-lirretry%,%diamauth-msg-liatim eout%,%diamauth-msg-liadropped%,%diamauth-msg-rtreq%,%diamauth-msg-rtans%,%diamauth-msg-rtrrejec t%,%diamauth-msg-ppreq%,%diamauth-msg-ppans%,%diamauth-msg-pprreject%,%diamauth-msg-dereq% active-only false ! ! ! confd bulkstats true confd netconf port 830 confd rest port 443 confd rest auth-policy none confd rest certificate rest-cert nacm read-default permit nacm groups group admin ! nacm groups group inspector ! nacm groups group operator ! nacm groups group secure_admin ! nacm rule-list secure_admin ! group [ secure_admin ] rule any-access action permit ! rule secure_admin_server_confd module-name cisco-staros-cli-config path /context/server/confd access-operations create,read,update action permit | | V nacm rule-list inspector group [ inspector ] rule any-access access-operations read action permit ! ! [local]<host_name>#
show confdmgr confd netconf
See below for a sample output for show confdmgr confd netconf:
[local]<host_name># show confdmgr confd netconf netconf-state capabilities capability urn:ietf:params:netconf:base:1.0 netconf-state capabilities capability urn:ietf:params:netconf:base:1.1 netconf-state capabilities capability urn:ietf:params:netconf:capability:writable-running:1.0 netconf-state capabilities capability urn:ietf:params:netconf:capability:candidate:1.0 | | V netconf-state statistics netconf-start-time 2016-03-30T17:09:49-04:00 netconf-state statistics in-bad-hellos 0 netconf-state statistics in-sessions 0 netconf-state statistics dropped-sessions 0 netconf-state statistics in-rpcs 0 | | V netconf-state datastores datastore candidate netconf-state schemas schema cisco-staros-bulkstats 2016-12-14 yang namespace http://www.cisco.com/staros-bulkstats location [ NETCONF ] netconf-state schemas schema cisco-staros-bulkstats-config 2016-12-14 yang namespace http://www.cisco.com/staros-config location [ NETCONF ] | | V NAME CREATOR CREATED CONTEXT ---------------------------------------------------------------------- /rollback0 system 2017-01-17T13:40:53-00:00 system /rollback1 system 2017-01-17T13:40:52-00:00 system /rollback2 system 2017-01-17T13:40:52-00:00 system /rollback3 system 2017-01-17T13:40:52-00:00 system /rollback4 system 2017-01-17T13:36:43-00:00 system | | V /cli-history/admin.hist /cli-history/root.hist /global.data netconf-state streams stream NETCONF description "default NETCONF event stream" replay-support false netconf-state streams stream StarOS description "StarOS Notifications" replay-support true replay-log-creation-time 2017-02-10T16:00:59+00:00 [local]<host_name>#
show confdmgr confd state
See below for a sample output for show confdmgr confd state:
[local]<host_name># show confdmgr confd state confd-state version 6.3 confd-state epoll false confd-state daemon-status started confd-state loaded-data-models data-model cisco-staros-bulkstats revision 2016-12-14 namespace http://www.cisco.com/staros-bulkstats prefix staros_bulkstats exported-to-all confd-state loaded-data-models data-model cisco-staros-cli-config revision 2016-12-14 namespace http://www.cisco.com/staros-cli-config prefix staros_cli exported-to-all confd-state loaded-data-models data-model cisco-staros-config revision 2016-12-14 namespace http://www.cisco.com/staros-config prefix staros_config exported-to-all confd-state loaded-data-models data-model cisco-staros-exec revision 2016-12-14 namespace http://www.cisco.com/staros-exec prefix staros_exec exported-to-all confd-state loaded-data-models data-model cisco-staros-notif revision 2016-12-14 namespace http://www.cisco.com/staros-notif prefix staros_notif exported-to-all confd-state loaded-data-models data-model iana-crypt-hash revision 2014-08-06 namespace urn:ietf:params:xml:ns:yang:iana-crypt-hash prefix ianach exported-to-all confd-state loaded-data-models data-model ietf-inet-types revision 2013-07-15 namespace urn:ietf:params:xml:ns:yang:ietf-inet-types prefix inet exported-to-all confd-state loaded-data-models data-model ietf-netconf-acm revision 2012-02-22 namespace urn:ietf:params:xml:ns:yang:ietf-netconf-acm prefix nacm exported-to-all confd-state loaded-data-models data-model ietf-netconf-monitoring revision 2010-10-04 namespace urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring prefix ncm exported-to-all confd-state loaded-data-models data-model ietf-netconf-notifications revision 2012-02-06 namespace urn:ietf:params:xml:ns:yang:ietf-netconf-notifications prefix ncn exported-to-all confd-state loaded-data-models data-model ietf-restconf-monitoring revision 2016-08-15 namespace urn:ietf:params:xml:ns:yang:ietf-restconf-monitoring prefix rcmon exported-to-all confd-state loaded-data-models data-model ietf-yang-library revision 2016-06-21 namespace urn:ietf:params:xml:ns:yang:ietf-yang-library prefix yanglib exported-to [ netconf rest ] confd-state loaded-data-models data-model ietf-yang-types revision 2013-07-15 namespace urn:ietf:params:xml:ns:yang:ietf-yang-types prefix yang exported-to-all confd-state loaded-data-models data-model netconf_netmod namespace urn:ietf:params:xml:ns:netmod:notification prefix nm exported-to [ netconf ] confd-state loaded-data-models data-model tailf-aaa revision 2015-06-16 namespace http://tail-f.com/ns/aaa/1.1 prefix aaa exported-to-all confd-state loaded-data-models data-model tailf-acm revision 2013-03-07 namespace http://tail-f.com/yang/acm prefix tacm exported-to-all confd-state loaded-data-models data-model tailf-common-monitoring revision 2013-06-14 namespace http://tail-f.com/yang/common-monitoring prefix tfcg exported-to-all confd-state loaded-data-models data-model tailf-confd-monitoring revision 2013-06-14 namespace http://tail-f.com/yang/confd-monitoring prefix tfcm exported-to-all confd-state loaded-data-models data-model tailf-kicker revision 2016-11-24 namespace http://tail-f.com/ns/kicker prefix kicker exported-to-all confd-state loaded-data-models data-model tailf-netconf-monitoring revision 2016-11-24 namespace http://tail-f.com/yang/netconf-monitoring prefix tncm exported-to-all confd-state loaded-data-models data-model tailf-rollback revision 2016-09-15 namespace http://tail-f.com/ns/rollback prefix rollback exported-to [ rest ] confd-state loaded-data-models data-model tailf-webui revision 2013-03-07 namespace http://tail-f.com/ns/webui prefix webui exported-to-all NETCONF SSH listen addresses: IP PORT --------------- 0.0.0.0 830 CLI SSH listen addresses: IP PORT ----------------- 127.0.0.1 2024 WebUI SSL listen addresses: IP PORT --------------- 0.0.0.0 443 REST SSL listen addresses: IP PORT --------------- 0.0.0.0 443 confd-state internal callpoints actionpoint StarOSexec daemon id 0 daemon name confdmgr confd-state internal callpoints notification-stream-replay NETCONF replay-support none confd-state internal callpoints notification-stream-replay StarOS replay-support builtin confd-state internal cdb datastore running transaction-id 1484-678453-229261 filename /hd-raid/confd_dir/var/confd/cdb/A.cdb disk-size "3.16 KiB" ram-size "9.43 KiB" read-locks 0 write-lock-set false waiting-for-replication-sync false confd-state internal cdb datastore operational filename /hd-raid/confd_dir/var/confd/cdb/O.cdb disk-size "4 bytes" ram-size "6.99 KiB" subscription-lock-set false confd-state internal cdb client name confdmgr info 5420/10 type subscriber subscription datastore running priority -2147483648 id 7 path /context subscription datastore running priority -2147483648 id 6 path /active-charging local]<host_name>#
show confdmgr model bulkstats
See below for a sample output for show confdmgr model bulkstats:
[local]<host_name># show confdmgr model bulkstats Model: Bulkstats ---------------- Operational Data: Requests 277 Records 831 Failures 0 Configuration: CLI updates 0 NETCONF updates 2 Aborts 0 Failures 0 local]<host_name>#
-
CLI updates – Number of push configuration requests from the CLI as well as configuration loads from SCT.
-
NETCONF updates – Number of bulkstats subscription notifications.
-
Aborts – Number of times a configuration update via NETCONF was aborted.
-
Failures – Number of errors detected processing any bulkstats configuration requests within confdmgr.
show confdmgr model confd
See below for a sample output for show confdmgr model confd:
[local]<host_name># show confdmgr model confd Model: ConfD ---------------- CLI updates 0 NETCONF updates 1 Aborts 0 Failures 0 local]<host_name>#
-
CLI updates – Number of push configuration requests from the CLI as well as configuration loads from SCT.
-
NETCONF updates – Number of ConfD configuration subscription notifications.
-
Failures – Number of errors detected processing any ConfD configuration requests within confdmgr.
-
Aborts – Number of times a configuration update via NETCONF was aborted.
show confdmgr subscriptions
See below for a sample output for show confdmgr subscriptions:
[local]<host_name># show confdmgr subscriptions Subscriptions: Path Index Namespace --------------------------------------------------- /active-charging 6 http://www.cisco.com/staros-cli-con fig /context 7 http://www.cisco.com/staros-cli-con fig /bulkstats/server 8 http://www.cisco.com/staros-config /bulkstats/schemas 9 http://www.cisco.com/staros-config /confd 10 http://www.cisco.com/staros-config [local<host_name>#
Subscriptions are configuration points defined in the Yang model for which confdmgr wants to be notified when a change occurs.
clear confdmgr confd cdb
This Exec mode command erases the configuration in the ConfD Configuration Database (CDB) which is used by ConfD to store configuration objects. StarOS accesses the database via ConfD-supplied APIs.
Note | The CDB cannot be erased unless the Context Configuration mode no server confd command is run in the local context to disable ConfD and NETCONF protocol support. |
The following is a sample command sequence for clearing the CDB:
[local]host_name# config [local]host_name(config)# context local [local]host_name(config-ctx)# no server confd [localhost_name(config-ctx)# end [local]host_name# clear confdmgr confd cdb About to delete the ConfD configuration database The running configuration is NOT affected. Are you sure? [Yes|No]: y [local]host_name#
Caution | Clearing the CDB is a terminal operation. The CDB will be repopulated when the Context Configuration mode server confd command is run in the local context to re-enable ConfD and NETCONF protocol support. |
clear confdmgr statistics
YANG Models
The following YANG files are available in the StarOS installation:
-
cisco-staros-bulkstats-config.yang - StarOS native bulkstats configuration model.
-
cisco-staros-bulkstats-schema-types.yang - An extension to the cisco-staros-bulkstats-config.yang model that contains an enumerated list of schema names pulled directly from the code.
-
cisco-staros-bulkstats.yang - Operational data model that enables customers to obtain bulk statistics via the RESTful interface. Only users with admin credentials may use this model.
-
cisco-staros-cli-config.yang - Obsolete CLI-centric model introduced in StarOS release 20.2; model no longer supported.
-
cisco-staros-confd-config.yang - Native server ConfD configuration model.
-
cisco-staros-config.yang - Container yang file used to include all other cisco-staros-* configuration models (all native models are included here under a common namespace).
-
cisco-staros-exec.yang - Model to enable CLI exec operations via the restful interface. Only users with admin credentials may use this model. Used by ConfD locally to parse input.
-
cisco-staros-notif.yang - Model to enable NETCONF notification streams for StarOS event logging. Debug level events are not supported; only informational messages and above are supported.
The ConfD server must be started at least once before these YANG files are populated and available.
YANG files must be pulled to the Cisco NSO to build StarOS Network Element Drivers (NEDs).
To copy YANG files, enter commands similar to the following:
#copy /hd-raid/confd_dir/etc/confd/cisco-staros-confd-config.yang sftp://<user>:<password>@<host>/sftp-directory/cisco-staros-confd-config.yang
Show Support Details (SSD)
The output of all show confdmgr commands has been added to the SSD.
ConfD Examples
Server ConfD
The following examples use full TLS authentication and curl to obtain server ConfD configuration.
Server ConfD Configuration
See below for a sample configuration for server ConfD with RESTful interface enabled using non-default NETCONF and HTTPS ports:
[local]<host_name># show configuration confd [local]<host_name># config [local]<host_name>(config)# ca-certificate name ca-cert pem url /flash/ssl/rootCA.pem [local]<host_name>(config)# certificate name rest-cert pem url /flash/ssl/host.crt private-key pem url /flash/ssl/host.key [local]<host_name>(config)# end [local]<host_name># config [local]<host_name>(config)# context local [local]<host_name>(config-ctx)# server confd [local]<host_name>(config-confd)# netconf port 123 [local]<host_name>(config-confd)# rest port 234 [local]<host_name>(config-confd)# rest certificate rest-cert [local]<host_name>(config-confd)# rest auth-policy peer-fail [local]<host_name>(config-confd)# end [local]<host_name># show confdmgr State Information ----------------- State Started Subscriptions 5 Last successful id 1488-211047-99241 Last failed id None Username Not configured Bulkstats Disabled Event notification level Disabled SNMP notifications Disabled REST interface authentication peer-fail REST interface certificate rest-cert REST interface host name Not configured Interface Status Port ---------------------------------------------- NETCONF Enabled 123 REST Enabled 234 Statistics ---------- Triggers 1 Replays 0 Notifications 8 Notification failures 0 Trigger failures 0 Replay failures 0 NETCONF notification failures 0 Unexpected failures 0
Using Netconf-console to Obtain the Server ConfD Configuration
See below for a sample use of netconf-console to obtain the server ConfD configuration via NETCONF:
[user@server]$ ./netconf-console --host 1.2.3.4 -u admin --password pswd! --port 123 --get-config -x confd <?xml version="1.0" encoding="UTF-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1"> <data> <confd xmlns="http://www.cisco.com/staros-config"> <bulkstats>false</bulkstats> <netconf> <port>123</port> </netconf> <rest> <port>234</port> <auth-policy>peer-fail</auth-policy> <certificate>rest-cert</certificate> </rest> </confd> </data> </rpc-reply>
Notes:
Using Curl to Obtain the Server ConfD Configuration
See below for a sample use of curl to perform the same get-config operation:
[<user>@server] ]$ curl -u admin:pswd! https://rtp-mitg-si06.cisco.com:234/api/running/confd?deep --cert /users/<user>/ssl_cert/client_cert/client.crt --key /users/<user>/ssl_cert/client_cert/client.key --cacert /users/<user>/ssl_cert/root_cert/rootCA.pem <confd xmlns="http://www.cisco.com/staros-config" xmlns:y="http://tail-f.com/ns/rest" xmlns:staros_config="http://www.cisco.com/staros-config"> <bulkstats>false</bulkstats> <netconf> <port>123</port> </netconf> <rest> <port>234</port> <auth-policy>peer-fail</auth-policy> <certificate>rest-cert</certificate> </rest> </confd>
Bulkstats
The following examples show bulk statistics operational data.
Enable Bulkstats
Enable bulkstats under server ConfD:
[local]<host_name># config [local]<host_name>(config)# context local [local]<host_name>(config-ctx)# server confd [local]<host_name>(config-confd)# bulkstats [local]<host_name>(config-confd)# end [local]<host_name># show confdmgr State Information ----------------- State Started Subscriptions 5 Last successful id 1488-216669-170664 Last failed id None Username Not configured Bulkstats Enabled Event notification level Disabled SNMP notifications Disabled REST interface authentication peer-fail REST interface certificate rest-cert REST interface host name Not configured Interface Status Port ---------------------------------------------- NETCONF Enabled 123 REST Enabled 234
Bulkstats Configuration
See below for a sample bulkstats configuration:
[local]<host_name># show config bulkstats config bulkstats collection bulkstats mode file 1 schema common format %uptime%,%host%,%ipaddr% #exit file 2 schema system format %uptime%,%host%,%ipaddr% #exit #exit End
Force Bulkstats Collection
See below for a sample to force statistics to be collected and pushed to the operational database for ConfD:
[local]<host_name># bulkstats force gather
Notes:
Using Curl to Read Statistics
See below for a sample use of curl to read statistics via the server ConfD RESTful interface:
[<user>@server] ]$ curl -u admin:pswd! https://rtp-mitg-si06.cisco.com:234/api/operational/bulkstats-operational?deep --cert /users/<user>/ssl_cert/client_cert/client.crt --key /users/<user>/ssl_cert/client_cert/client.key --cacert /users/<user>/ssl_cert/root_cert/rootCA.pem <bulkstats-operational xmlns="http://www.cisco.com/staros-bulkstats" xmlns:y="http://tail-f.com/ns/rest" xmlns:staros_bulkstats="http://www.cisco.com/staros-bulkstats"> <file> <number>1</number> <schemas> <schema>system</schema> <names> <name>common</name> <key_ids> <key_id>none</key_id> <variable> <name>host</name> <value><host_name></value> </variable> <variable> <name>ipaddr</name> <value>1.2.3.4</value> </variable> <variable> <name>uptime</name> <value>5781</value> </variable> </key_ids> </names> </schemas> </file> <file> <number>2</number> <schemas> <schema>system</schema> <names> <name>system</name> <key_ids> <key_id>none</key_id> <variable> <name>host</name> <value><host_name></value> </variable> <variable> <name>ipaddr</name> <value>1.2.3.4</value> </variable> <variable> <name>uptime</name> <value>5781</value> </variable> </key_ids> </names> </schemas> </file> </bulkstats-operational>
Exec CLI Model
The following examples use the Exec CLI model.
Using Curl to Obtain the 'show version' Output
See below for a sample use of curl to obtain the show version output:
cat exec_cli_show_version.xml <input><args>show version</args></input> ************ [<user>@server] ]$ curl -u admin:pswd! https://rtp-mitg-si06.cisco.com:234/api/running/staros_exec/_operations/exec --cert /users/<user>/ssl_cert/client_cert/client.crt --key /users/<user>/ssl_cert/client_cert/client.key --cacert /users/<user>/ssl_cert/root_cert/rootCA.pem -X POST -T ./exec_cli_show_version.xml <output xmlns='http://www.cisco.com/staros-exec'> <result>Active Software: Image Version: 21.2.M0.private Image Build Number: private Image Description: Developer_Build Image Date: Thu Feb 23 15:25:47 EST 2017 Boot Image: /flash/qvpc-si.bin.confd Source Commit ID: bd234043a93c68873ea77444733a8c632356d161 </result> </output>
Using Curl to Obtain Multiple Show Command Outputs
See below for a sample use of curl to obtain the show build and show confdmgroutputs, using "\r\n" as the delimiter between commands:
cat exec_cli_show_build_and_confdmgr.xml <input><args>show build \r\n show confdmgr</args></input> ************ [<user>@server] ]$ curl -u admin:pswd! https://rtp-mitg-si06.cisco.com:234/api/running/staros_exec/_operations/exec --cert /users/<user>/ssl_cert/client_cert/client.crt --key /users/<user>/ssl_cert/client_cert/client.key --cacert /users/<user>/ssl_cert/root_cert/rootCA.pem -X POST -T ./ exec_cli_show_build_and_confdmgr.xml <output xmlns='http://www.cisco.com/staros-exec'> <result>Active Software: Image Version: 21.2.M0.private Image Build Number: private Image Description: Developer_Build Image Date: Thu Feb 23 15:25:47 EST 2017 Boot Image: /flash/qvpc-si.bin.confd Source Commit ID: bd234043a93c68873ea77444733a8c632356d161 Kernel Version: 2.6.38-staros-v3-ssi-64 Kernel Machine Type: x86_64 Build Information: Kernel Build: #1 SMP PREEMPT Wed Feb 22 12:28:49 EST 2017 Image Build Type: Production build Image Build User: <user> Image Build Machine: <host_name> Image Build Changeset Version: + Image Build Changeset Author: <user> Image Build Changeset Location: cisco.com Image Build Changeset Number: bd234043a93c68873ea77444733a8c632356d161 Image Build Changeset PID: 2017-02-23 ********************************* ***** Local changes exist ***** ********************************* State Information ----------------- State Started Subscriptions 5 Last successful id 1488-216669-170664 Last failed id None Username Not configured Bulkstats Enabled Event notification level Disabled SNMP notifications Disabled REST interface authentication peer-fail REST interface certificate rest-cert REST interface host name Not configured Interface Status Port ---------------------------------------------- NETCONF Enabled 123 REST Enabled 234 Statistics ---------- Triggers 1 Replays 0 Notifications 27 Notification failures 0 Trigger failures 0 Replay failures 0 NETCONF notification failures 0 Unexpected failures 0 </result> </output> *************************************
CLI Based YANG Model for ECS Commands
In this release, the cisco-staros-cli-config.yang model supports a limited set of ECS (Enhanced Charging System) configuration commands via NSO.
On the southbound side, ConfD communicates with a StarOS process called via a set of APIs provided by the ConfD management agent. The ConfD CDB is used by ConfD to store objects. StarOS accesses the database through the ConfD-supplied APIs. Once the ConfD configuration database is populated, StarOS continues to allow CLI access to modify the overall configuration. There are no automatic updates to the CDB as a result. The CDB only receives updates via the NETCONF interface. In order to keep the CDB and the StarOS configuration databases in sync, all changes made via CLI access (external to NETCONF) to the cisco-staros-cli-config YANG model supported configuration objects must be applied to the CDB manually.
- Seeding and Synchronizing the CDB
- show configuration confd Command
- CDB Maintenance
- Supported StarOS ECS Configuration Commands
Seeding and Synchronizing the CDB
After enabling server confd you may need to initially seed the CDB with a local copy of the configuration database (CDB) managed by ConfD on StarOS. The seeding procedure creates a CDB used by ConfD on the StarOS platform that contains all CLI based YANG model supported configuration commands.
show configuration confd Command
The confd keyword filters the output of the show configuration command to display only configuration commands that are supported by the CLI based YANG model.
show configuration confd
A sample output appears below.
[local]<host_name># show configuration confd
config
context local
server confd
#exit
active-charging service ecs
ruledef rd1
tcp any-match = TRUE
#exit
rulebase default
#exit
#exit
end
[local]<host_name>#
CDB Maintenance
A local copy of the ConfD Configuration Database (CDB) is managed by ConfD on StarOS.
You can show and save all ConfD supported StarOS configuration commands to a URL. The confd keyword has been added to the show configuration and save configuration commands for these purposes.
After saving a ConfD-supported configuration to a URL, you can apply it directly to the CDB via the Exec mode configure confd <url> command. This command applies the contents of the file at the url to the running configuration of ConfD.
Additional detail regarding the above commands is provided below.
clear confdmgr confd cdb
This Exec mode command erases the configuration in the ConfD Configuration Database (CDB) which is used by ConfD to store configuration objects. StarOS accesses the database via ConfD-supplied APIs.
Note | The CDB cannot be erased unless the Context Configuration mode no server confd command is run in the local context to disable ConfD and NETCONF protocol support. |
The following is a sample command sequence for clearing the CDB:
[local]host_name# config [local]host_name(config)# context local [local]host_name(config-ctx)# no server confd [localhost_name(config-ctx)# end [local]host_name# clear confdmgr confd cdb About to delete the ConfD configuration database The running configuration is NOT affected. Are you sure? [Yes|No]: y [local]host_name#
Caution | Clearing the CDB is a terminal operation. The CDB must be repopulated afterwards. |
configure confd <url>
This Exec mode command applies the contents of the configuration script specified by the URL to the current ConfD configuration database (CDB).
A sample command sequence is provided below.
[local]host_name# save configuration /flash/confd.config confd [local]host_name# configure confd /flash/confd.config Info: #!$$ StarOS V20.2 Chassis 52767e9ff9e207bed12c76f7f8a5352c Info: config Info: active-charging service acs Info: rulebase default Info: #exit Info: #exit Info: end [local]host_name#
save configuration <url> confd
The keyword confd is added to the Exec mode save configuration command. This keyword filters the saved configuration commands to contain only configuration commands that are supported by the YANG model.
The command syntax for this process is:
[local]host_name# save configuration <url> confd
The output of the YANG model subset of configuration commands can be viewed via the show file url <url> command, where <url> is the pathname used to save the configuration. The saved configuration file can then be applied to the CDB using the configure confd command.
Supported StarOS ECS Configuration Commands
For this release, the following StarOS ECS commands are supported for the CLI based YANG model:
-
ruledef <ruledef_name> -
group-of-ruledefs <ruledefs_group_name> -
qos-group-of-ruledefs <group_name>
-
charging-action <charging_action_name>
-
rulebase <rulebase_name>
Note | "= *" indicates support for every option following the prior keyword/value. |