Does Netopeer2 support the "disable running datastore" feature?

[nullromo]

I updated libyang, libnetconf2, sysrepo, and netopeer2 to the latest master.

I tried running make sr_clean in sysrepo and then the netopeer2 setup script setup.sh. The Netopeer server runs fine with netopeer-server -d.

Then I tried that process again, but I modified the setup.sh script to include --module-plugin "running:" for the module install command.

- CMD_INSTALL="$CMD_INSTALL -i $1/$2 -p '$PERMS'"
+ CMD_INSTALL="$CMD_INSTALL -i $1/$2 -p '$PERMS' --module-plugin 'running:'"

Then when I run the Netopeer2 server, I just get an immediate segfault.

$ sudo netopeer2-server -d -v3
[INF]: SR: Connection 12 created.
[INF]: SR: Session 1 (user "root", CID 12) created.
Segmentation fault

Is Netopeer2 supposed to support disabling the running datastore?

[nullromo]

Update: I added the -m 'running:' flag to each module individually in the common.sh script, and I found that the only ones that cause the segfault are:

• ietf-keystore
• ietf-truststore
• ietf-netconf-server

If any of those include the -m 'running:' flag, then Netopeer2 segfaults.

[michalvasko]

Please try the latest sysrepo devel, it should be fixed.

[nullromo]

It does not segfault on the current devel branch; thank you. However, I noticed 2 strange behaviors.

Datastore inconsistency

With the running datastore disabled, sysrepocfg -X -d running -m my-module and sysrepocfg -X -d startup -m my-module produce the same results. This is what I would expect. The running datastore is disabled, so the output mirrors the startup datastore.

However, with Netopeer2, using <source><running/></source> in a get-config request will always output an empty tree if the running datastore is disabled. <source><startup/></source> gives me the data. Is this intended?

Connection problem

ietf-netconf-server

When I add -m 'running:' to the installation line for ietf-netconf-server, I get Operation failed: SSHError - Could not open socket to localhost:830 when I try to connect (I'm using netconf-console2 for what it's worth). But I think Netopeer might be setting up the SSH service incorrectly. The Netopeer logs don't say anything because the server is never reached I guess.

ietf-keystore

When I add -m 'running:' to ietf-keystore, I get a different error, shown below.

Error trace

Exception (client): Error reading SSH protocol banner[Errno 104] Connection reset by peer
Traceback (most recent call last):
  File "/home/kkovacs/.local/lib/python3.10/site-packages/paramiko/transport.py", line 2268, in _check_banner
    buf = self.packetizer.readline(timeout)
  File "/home/kkovacs/.local/lib/python3.10/site-packages/paramiko/packet.py", line 374, in readline
    buf += self._read_timeout(timeout)
  File "/home/kkovacs/.local/lib/python3.10/site-packages/paramiko/packet.py", line 601, in _read_timeout
    x = self.__socket.recv(128)
ConnectionResetError: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/kkovacs/.local/lib/python3.10/site-packages/paramiko/transport.py", line 2091, in run
    self._check_banner()
  File "/home/kkovacs/.local/lib/python3.10/site-packages/paramiko/transport.py", line 2272, in _check_banner
    raise SSHException(
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner[Errno 104] Connection reset by peer

Operation failed: SSHError - Negotiation failed: Error reading SSH protocol banner[Errno 104] Connection reset by peer

The Netopeer logs say

[INF]: LN: Accepted a connection on 0.0.0.0:830 from 127.0.0.1:57568.
[ERR]: LN: Keystore entry "genkey" not found.

I think it's trying to read from the running datastore, which is disabled.

[michalvasko]

Right, I have not tested disabling netopeer2 modules and as you observed, it did not work correctly. Please try it with the latest sysrepo devel, it should be fixed.

[nullromo]

Everything appears fixed on the latest devel for libyang, libnetconf2, sysrepo, and netopeer2. Excellent and thank you!

Would it be worth adding an option to the Netopeer setup.sh script for this? i.e. a variable alongside NP2_MODULE_DIR, NP2_MODULE_PERMS, and LN2_MODULE_DIR that causes the script to install the modules with the -m flag.

[michalvasko]

Okay, I have added the variable to the setup script but I would keep it "hidden" from cmake so if you want to use, you manually have to set the env variable.

[nullromo]

I think that's a good solution. Closing the issue.