diff --git a/dialout/dialout_client/dialout_client.go b/dialout/dialout_client/dialout_client.go index 451a4c10c..a4d925401 100644 --- a/dialout/dialout_client/dialout_client.go +++ b/dialout/dialout_client/dialout_client.go @@ -5,18 +5,20 @@ import ( "crypto/tls" "errors" "fmt" + "net" + spb "github.com/Azure/sonic-telemetry/proto" sdc "github.com/Azure/sonic-telemetry/sonic_data_client" sdcfg "github.com/Azure/sonic-telemetry/sonic_db_config" + "github.com/Workiva/go-datastructures/queue" "github.com/go-redis/redis" log "github.com/golang/glog" gpb "github.com/openconfig/gnmi/proto/gnmi" "github.com/openconfig/ygot/ygot" - "github.com/Workiva/go-datastructures/queue" "golang.org/x/net/context" "google.golang.org/grpc" "google.golang.org/grpc/credentials" - "net" + //"reflect" "strconv" "strings" @@ -185,6 +187,8 @@ func (cs *clientSubscription) NewInstance(ctx context.Context) error { } target := cs.prefix.GetTarget() + log.V(7).Infof("Target %v", target) + if target == "" { return fmt.Errorf("Empty target data not supported yet") } @@ -264,9 +268,14 @@ func newClient(ctx context.Context, dest Destination) (*Client, error) { opts := []grpc.DialOption{ grpc.WithBlock(), } + if clientCfg.TLS != nil { opts = append(opts, grpc.WithTransportCredentials(credentials.NewTLS(clientCfg.TLS))) + } else { + opts = append(opts, grpc.WithInsecure()) + log.V(2).Infof("gRPC without TLS") } + conn, err := grpc.DialContext(ctx, dest.Addrs, opts...) if err != nil { return nil, fmt.Errorf("Dial to (%s, timeout %v): %v", dest, timeout, err) diff --git a/dialout/dialout_client_cli/dialout_client_cli.go b/dialout/dialout_client_cli/dialout_client_cli.go index d8d9014da..7b47713b1 100644 --- a/dialout/dialout_client_cli/dialout_client_cli.go +++ b/dialout/dialout_client_cli/dialout_client_cli.go @@ -4,13 +4,14 @@ package main import ( "crypto/tls" "flag" + "os" + "os/signal" + "time" + dc "github.com/Azure/sonic-telemetry/dialout/dialout_client" log "github.com/golang/glog" gpb "github.com/openconfig/gnmi/proto/gnmi" "golang.org/x/net/context" - "os" - "os/signal" - "time" ) var ( @@ -19,13 +20,16 @@ var ( RetryInterval: 30 * time.Second, Encoding: gpb.Encoding_JSON_IETF, Unidirectional: true, - TLS: &tls.Config{}, } + tlsCfg = tls.Config{} + + tlsDisable bool ) func init() { - flag.StringVar(&clientCfg.TLS.ServerName, "server_name", "", "When set, use this hostname to verify server certificate during TLS handshake.") - flag.BoolVar(&clientCfg.TLS.InsecureSkipVerify, "insecure", false, "When set, client will not verify the server certificate during TLS handshake.") + flag.StringVar(&tlsCfg.ServerName, "server_name", "", "When set, use this hostname to verify server certificate during TLS handshake.") + flag.BoolVar(&tlsCfg.InsecureSkipVerify, "skip_verify", false, "When set, client will not verify the server certificate during TLS handshake.") + flag.BoolVar(&tlsDisable, "insecure", false, "Without TLS, only for testing") flag.DurationVar(&clientCfg.RetryInterval, "retry_interval", 30*time.Second, "Interval at which client tries to reconnect to destination servers") flag.BoolVar(&clientCfg.Unidirectional, "unidirectional", true, "No repesponse from server is expected") } @@ -41,6 +45,12 @@ func main() { cancel() }() log.V(1).Infof("Starting telemetry publish client") + + if !tlsDisable { + clientCfg.TLS = &tlsCfg + log.V(1).Infof("TLS enable") + } + err := dc.DialOutRun(ctx, &clientCfg) log.V(1).Infof("Exiting telemetry publish client: %v", err) log.Flush() diff --git a/dialout/dialout_server_cli/dialout_server_cli.go b/dialout/dialout_server_cli/dialout_server_cli.go index 02b9cee06..ba3a924d4 100644 --- a/dialout/dialout_server_cli/dialout_server_cli.go +++ b/dialout/dialout_server_cli/dialout_server_cli.go @@ -11,7 +11,6 @@ import ( "google.golang.org/grpc/credentials" ds "github.com/Azure/sonic-telemetry/dialout/dialout_server" - testcert "github.com/Azure/sonic-telemetry/testdata/tls" ) var ( @@ -20,7 +19,7 @@ var ( caCert = flag.String("ca_crt", "", "CA certificate for client certificate validation. Optional.") serverCert = flag.String("server_crt", "", "TLS server certificate") serverKey = flag.String("server_key", "", "TLS server private key") - insecure = flag.Bool("insecure", false, "Skip providing TLS cert and key, for testing only!") + insecure = flag.Bool("insecure", false, "Without TLS, for testing only!") allowNoClientCert = flag.Bool("allow_no_client_auth", false, "When set, telemetry server will request but not require a client certificate.") ) @@ -36,11 +35,6 @@ func main() { var err error if *insecure { - certificate, err = testcert.NewCert() - if err != nil { - log.Exitf("could not load server key pair: %s", err) - } - } else { switch { case *serverCert == "": log.Errorf("serverCert must be set.") @@ -53,32 +47,33 @@ func main() { if err != nil { log.Exitf("could not load server key pair: %s", err) } - } - tlsCfg := &tls.Config{ - ClientAuth: tls.RequireAndVerifyClientCert, - Certificates: []tls.Certificate{certificate}, - } - if *allowNoClientCert { - // RequestClientCert will ask client for a certificate but won't - // require it to proceed. If certificate is provided, it will be - // verified. - tlsCfg.ClientAuth = tls.RequestClientCert - } + tlsCfg := &tls.Config{ + ClientAuth: tls.RequireAndVerifyClientCert, + Certificates: []tls.Certificate{certificate}, + } - if *caCert != "" { - ca, err := ioutil.ReadFile(*caCert) - if err != nil { - log.Exitf("could not read CA certificate: %s", err) + if *allowNoClientCert { + // RequestClientCert will ask client for a certificate but won't + // require it to proceed. If certificate is provided, it will be + // verified. + tlsCfg.ClientAuth = tls.RequestClientCert } - certPool := x509.NewCertPool() - if ok := certPool.AppendCertsFromPEM(ca); !ok { - log.Exit("failed to append CA certificate") + + if *caCert != "" { + ca, err := ioutil.ReadFile(*caCert) + if err != nil { + log.Exitf("could not read CA certificate: %s", err) + } + certPool := x509.NewCertPool() + if ok := certPool.AppendCertsFromPEM(ca); !ok { + log.Exit("failed to append CA certificate") + } + tlsCfg.ClientCAs = certPool } - tlsCfg.ClientCAs = certPool + opts = []grpc.ServerOption{grpc.Creds(credentials.NewTLS(tlsCfg))} } - opts := []grpc.ServerOption{grpc.Creds(credentials.NewTLS(tlsCfg))} cfg := &ds.Config{} cfg.Port = int64(*port) s, err := ds.NewServer(cfg, opts) diff --git a/sonic_data_client/db_client.go b/sonic_data_client/db_client.go index fdafe5976..d71792e07 100644 --- a/sonic_data_client/db_client.go +++ b/sonic_data_client/db_client.go @@ -16,15 +16,15 @@ import ( spb "github.com/Azure/sonic-telemetry/proto" sdcfg "github.com/Azure/sonic-telemetry/sonic_db_config" + "github.com/Workiva/go-datastructures/queue" "github.com/go-redis/redis" gnmipb "github.com/openconfig/gnmi/proto/gnmi" - "github.com/Workiva/go-datastructures/queue" ) const ( // indentString represents the default indentation string used for // JSON. Two spaces are used here. - indentString string = " " + indentString string = " " ) // Client defines a set of methods which every client must implement. @@ -45,9 +45,9 @@ type Client interface { // Get return data from the data source in format of *spb.Value Get(w *sync.WaitGroup) ([]*spb.Value, error) // Set data based on path and value - Set(path *gnmipb.Path, t *gnmipb.TypedValue, op int) error + Set(path *gnmipb.Path, t *gnmipb.TypedValue, op int) error // Capabilities of the switch - Capabilities() ([]gnmipb.ModelData) + Capabilities() []gnmipb.ModelData // Close provides implemenation for explicit cleanup of Client Close() error @@ -1012,10 +1012,9 @@ func dbTableKeySubscribe(gnmiPath *gnmipb.Path, c *DbClient) { } } -func (c *DbClient) Set(path *gnmipb.Path, t *gnmipb.TypedValue, flagop int) error { +func (c *DbClient) Set(path *gnmipb.Path, t *gnmipb.TypedValue, flagop int) error { return nil } -func (c *DbClient) Capabilities() ([]gnmipb.ModelData) { +func (c *DbClient) Capabilities() []gnmipb.ModelData { return nil } - diff --git a/sonic_data_client/virtual_db.go b/sonic_data_client/virtual_db.go index 7b1592cf7..88f36f175 100644 --- a/sonic_data_client/virtual_db.go +++ b/sonic_data_client/virtual_db.go @@ -2,8 +2,9 @@ package client import ( "fmt" - log "github.com/golang/glog" "strings" + + log "github.com/golang/glog" ) // virtual db is to Handle @@ -130,8 +131,9 @@ func getPfcwdMap() (map[string]map[string]string, error) { return nil, err } - keyName := fmt.Sprintf("PFC_WD_TABLE%v*", separator) + keyName := fmt.Sprintf("PFC_WD%v*", separator) resp, err := redisDb.Keys(keyName).Result() + log.V(10).Infof("Database response %v", resp) if err != nil { log.V(1).Infof("redis get keys failed for %v, key = %v, err: %v", dbName, keyName, err) return nil, err @@ -144,10 +146,12 @@ func getPfcwdMap() (map[string]map[string]string, error) { } for _, key := range resp { - name := key[13:] - pfcwdName_map[name] = make(map[string]string) + if len(key) > 15 && strings.EqualFold(key[:15], "PFC_WD|Ethernet") { //Need to be long enough so that we know it is a port not PFC_WD|Global and so we don't go beyond the end of the string. + name := key[7:] //Should be 7, but is there a more resilient way to do this? + pfcwdName_map[name] = make(map[string]string) + log.V(10).Infof("key 8: %v ,key: %v name: %v , pfcwdName_map: %v", key[8:8], key, name, pfcwdName_map[name]) + } } - // Get Queue indexes that are enabled with PFC-WD keyName = "PORT_QOS_MAP*" resp, err = redisDb.Keys(keyName).Result() diff --git a/testdata/CONFIG_PFCWD_PORTS.txt b/testdata/CONFIG_PFCWD_PORTS.txt index acb894a0a..98bf1f1a9 100644 --- a/testdata/CONFIG_PFCWD_PORTS.txt +++ b/testdata/CONFIG_PFCWD_PORTS.txt @@ -3,166 +3,166 @@ "3": "3", "4": "4" }, - "PFC_WD_TABLE|Ethernet0": { + "PFC_WD|Ethernet0": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet1": { + "PFC_WD|Ethernet1": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet10": { + "PFC_WD|Ethernet10": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet11": { + "PFC_WD|Ethernet11": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet12": { + "PFC_WD|Ethernet12": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet13": { + "PFC_WD|Ethernet13": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet14": { + "PFC_WD|Ethernet14": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet15": { + "PFC_WD|Ethernet15": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet16": { + "PFC_WD|Ethernet16": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet17": { + "PFC_WD|Ethernet17": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet18": { + "PFC_WD|Ethernet18": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet19": { + "PFC_WD|Ethernet19": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet2": { + "PFC_WD|Ethernet2": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet20": { + "PFC_WD|Ethernet20": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet21": { + "PFC_WD|Ethernet21": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet22": { + "PFC_WD|Ethernet22": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet23": { + "PFC_WD|Ethernet23": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet24": { + "PFC_WD|Ethernet24": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet25": { + "PFC_WD|Ethernet25": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet26": { + "PFC_WD|Ethernet26": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet27": { + "PFC_WD|Ethernet27": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet28": { + "PFC_WD|Ethernet28": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet29": { + "PFC_WD|Ethernet29": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet3": { + "PFC_WD|Ethernet3": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet30": { + "PFC_WD|Ethernet30": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet31": { + "PFC_WD|Ethernet31": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet32": { + "PFC_WD|Ethernet32": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet33": { + "PFC_WD|Ethernet33": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet34": { + "PFC_WD|Ethernet34": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet35": { + "PFC_WD|Ethernet35": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet36": { + "PFC_WD|Ethernet36": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet37": { + "PFC_WD|Ethernet37": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet38": { + "PFC_WD|Ethernet38": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet39": { + "PFC_WD|Ethernet39": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet4": { + "PFC_WD|Ethernet4": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet40": { + "PFC_WD|Ethernet40": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet41": { + "PFC_WD|Ethernet41": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet42": { + "PFC_WD|Ethernet42": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet43": { + "PFC_WD|Ethernet43": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet44": { + "PFC_WD|Ethernet44": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet45": { + "PFC_WD|Ethernet45": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet46": { + "PFC_WD|Ethernet46": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet47": { + "PFC_WD|Ethernet47": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet48": { + "PFC_WD|Ethernet48": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet5": { + "PFC_WD|Ethernet5": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet52": { + "PFC_WD|Ethernet52": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet56": { + "PFC_WD|Ethernet56": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet6": { + "PFC_WD|Ethernet6": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet60": { + "PFC_WD|Ethernet60": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet64": { + "PFC_WD|Ethernet64": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet68": { + "PFC_WD|Ethernet68": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet7": { + "PFC_WD|Ethernet7": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet8": { + "PFC_WD|Ethernet8": { "action": "drop" }, - "PFC_WD_TABLE|Ethernet9": { + "PFC_WD|Ethernet9": { "action": "drop" }, "PORT_QOS_MAP|Ethernet0,Ethernet1,Ethernet2,Ethernet3,Ethernet4,Ethernet5,Ethernet6,Ethernet7,Ethernet8,Ethernet9,Ethernet10,Ethernet11,Ethernet12,Ethernet13,Ethernet14,Ethernet15,Ethernet16,Ethernet17,Ethernet18,Ethernet19,Ethernet20,Ethernet21,Ethernet22,Ethernet23,Ethernet24,Ethernet25,Ethernet26,Ethernet27,Ethernet28,Ethernet29,Ethernet30,Ethernet31,Ethernet32,Ethernet33,Ethernet34,Ethernet35,Ethernet36,Ethernet37,Ethernet38,Ethernet39,Ethernet40,Ethernet41,Ethernet42,Ethernet43,Ethernet44,Ethernet45,Ethernet46,Ethernet47,Ethernet48,Ethernet52,Ethernet56,Ethernet60,Ethernet64,Ethernet68": {