-
Bug
-
Resolution: Done
-
Medium
-
Fluorine, Neon, Fluorine SR1
-
None
To configure keys and certificates to use in southbound Netconf over TLS, the RPCs
netconf-keystore:add-keystore-entry
netconf-keystore:add-private-key
netconf-keystore:add-trusted-certificate
are called over the restconf interface using URL like:
POST /restconf/operations/netconf-keystore:add-keystore-entry HTTP/1.1
Host: localhost:8181
Content-Type: application/json
cache-control: no-cache
Postman-Token: 77554403-01e5-4f99-8ab3-63cdf5c50261
{
"input": {
"key-credential": {
"key-id": "ODL-private-key",
"private-key" : "<key-data cut out>",
"passphrase" : ""
}
}
}-----WebKitFormBoundary7MA4YWxkTrZu0gW-
These work fine when using the non-clustered odl-netconf-topology feature, but when using the odl-netconf-clustered-topology feature, an error message is return that says "No implementation of RPC AbsoluteSchemaPath{path=[(urn:opendaylight:netconf:keystore?revision=2017-10-17)add-keystore-entry]} available" (and likewise for add-private-key and add-trusted-certificate).
A work-around that seems to get past this problem is to install odl-netconf-topology, install the keys and certificates, uninstall odl-netconf-topology and then install odl-netconf-clustered-topology. But it is obviously not a work-around that can be used in practice.