[CONTROLLER-1361] Restconf attempt to change TCPMD5 password for PCEP client fails silently Created: 08/Jun/15  Updated: 17/Jun/15  Resolved: 17/Jun/15

Status: Resolved
Project: controller
Component/s: netconf
Affects Version/s: Lithium
Fix Version/s: None

Type: Bug
Reporter: Vratko Polak Assignee: Maros Marsalek
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All

Attachments: File log_20150608.tar.xz    
External issue ID: 3625

 Description   

This bug is critical for TCPMD5 usability.
This bug affects both RC0 and Snapshot Lithium builds.

There may be semantic errors in test data, or internal errors in TCPMD5 od PCEP. But in any case, NETCONF/RESTCONF should detect the change was unsuccessful and it should return different HTTP status.

Steps to reproduce, first alternative:
0. Download and unpack recent Lithium build.
1. Start ODL.
2. feature:install odl-restconf odl-bgpcep-pcep-all odl-netconf-connector-all
3. Kill ODL.
Steps 1-3 are to create config files in etc/opendaylight/karaf.
4. Edit config files accordingly to https://wiki.opendaylight.org/view/BGP_LS_PCEP:TCP_MD5_Guide#PCEP
5. rm -rf data/ snapshots/ journal/ lock idmlight.db.mv.db
6. Start ODL again.
7. feature:install odl-restconf odl-bgpcep-pcep-all odl-netconf-connector-all
8. Check the current configuration (address=192.0.2.2, password=changeme):
curl -u 'admin:admin' 127.0.0.1:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/controller-config/yang-ext:mount/config:modules/module/odl-pcep-topology-provider-cfg:pcep-topology-provider/pcep-topology
9. Attempt to use RESTCONF PUT to change the configuration:
curl -v -X PUT -u 'admin:admin' -H "Content-Type:application/xml" -d '<client xmlns="urn:opendaylight:params:xml:ns:yang:controller:pcep:topology:provider">
<address xmlns="urn:opendaylight:params:xml:ns:yang:controller:pcep:topology:provider">192.0.2.2</address>
<password xmlns="urn:opendaylight:params:xml:ns:yang:controller:pcep:topology:provider">topsecret</password>
</client>' 127.0.0.1:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/controller-config/yang-ext:mount/config:modules/module/odl-pcep-topology-provider-cfg:pcep-topology-provider/pcep-topology/odl-pcep-topology-provider-cfg:client/192.0.2.2
10. Observe HTTP status to be 200.
11. Repeat step 9. See that the password was not changed.

Second alternative: In step 4, edit only 20-tcpmd5.xml and 32-pcep.xml, step 8 shows no client configuration, step 10 is still 200, step 11 shows still no client configuration.

Third alternative: As in second, but use POST in step 9 (URI two levels shorter, XML data the same). Step 10 even reports new location, but no client configuration is created.

Fourth (and fifth) alternative: Do not edit files before step 6, use restconf to add the changes between steps 7 and 8.

In either case, there is nothing logged at INFO level, and it is not clear to me what is wrong when looking at the long DEBUG level log.

 Comments   
Comment by Vratko Polak [ 08/Jun/15 ]

This time I made sure to delete etc/opendaylight/current/controller.currentconfig.xml

Comment by Vratko Polak [ 08/Jun/15 ]

Attachment log_20150608.tar.xz has been added with description: archive with TRACE logs for PUT operation

Comment by Maros Marsalek [ 10/Jun/15 ]

The problem is in the config-netconf-connector component. It does not handle netconf operations for nested configuration DTOs properly.

Needs to be fixed, but in the meantime you can use a workaround: Putting the entire configuration for module, with changed client container. Instead of putting just the client container.

Comment by Maros Marsalek [ 15/Jun/15 ]

So far, there was no support for netconf operations apart from merge on nested containers and lists etc. in the netconf->config subsystem pipeline. So updating configuration relied on using merge operation (POST from RESTCONF used to perform merge) but since the RESTCONF change POST behavior, PUT is the only option.

Need to add support for nested netconf operations (at least replace to make PUT work from RESTCONF).

Comment by Vratko Polak [ 15/Jun/15 ]

> Putting the entire configuration for module, with changed client container.

I have verified this workaround works indeed.
Still, PUT on sub-element would more user friendly than GET, local merge and PUT on parent container.

Comment by Maros Marsalek [ 16/Jun/15 ]

Agree and heres the fix:

https://git.opendaylight.org/gerrit/#/c/22687/

But theres a catch, this works fine for nested containers, but the client attribute in pcep-topology-provider is a list and there is no support for replacing/merging specific elements in a list. So the replace operation(PUT from RESTCONF) replaces the entire list, which works fine for when theres only one client element. For other cases, the workaround has to be used.

I think we can add this support (full support for nested attributes, especially lists), but it would have to be targeted for Berylium.

Comment by Maros Marsalek [ 16/Jun/15 ]

One note: The replace of entire list when changing just one entry is also present when using merge operation. So the POST from RESTCONF on a list attribute (that used to work a while back) would also replace the entire list (list of dependencies was a special case).

Comment by Vratko Polak [ 16/Jun/15 ]

> So the replace operation(PUT from RESTCONF) replaces the entire list, which works fine for when theres only one client element. For other cases, the workaround has to be used.

Good enough for Lithium.

> I think we can add this support (full support for nested attributes, especially lists), but it would have to be targeted for Berylium.

Is this for config subsystem, or restconf in general?
Is such an enhancement request already created in Bugzilla?

Comment by Maros Marsalek [ 16/Jun/15 ]

I have already reported an enhancement bug for this:
https://bugs.opendaylight.org/show_bug.cgi?id=3753

I have set config component for it, but it is an issue of the mapping component between netconf <-> config subsystem

Generated at Wed Feb 07 19:55:21 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.