NETCONF toolset Netopeer
Netopeer is a set of NETCONF tools built on the libnetconf library. It allows operators to connect to their NETCONF-enabled devices as well as developers to allow control their devices via NETCONF. More information about NETCONF protocol can be found at NETCONF WG.
With the experiences from Netopeer, we have moved our activities to work on next generation of this NETCONF toolset based on libyang library. Netopeer2 is mature enough to be used as a replacement of the original Netopeer tools. Therefore, the Netopeer is no more developed neither maintained.
Tools Overview
netopeer-cli
CLI interface allowing user to connect to a NETCONF-enabled device and to obtain and manipulate its configuration data.
- Man Pages
- netopeer-cli(1)
netopeer-server
The main Netopeer server following the integrated architecture.
netopeer-server
is supposed to run as a system service controlling a device. By default,
we provide example modules to control several areas of a GNU/Linux desktop (network interfaces,
packet filter and overall system information). The netopeer-server
allows you to simply switch
the modules to use your own control modules.
As part of the Netopeer server, there is a set of the following tools:
-
netopeer-server
as the main service daemon integrating the SSH/TLS server. -
netopeer-manager
as a tool to manage thenetopeer-server
's modules. -
netopeer-configurator
as a tool for the server first run configuration. -
Man Pages
Running the server in docker
This repository has a Dockerfile
that can be used to create a container that
builds netopeer-server and starts the service. You need a linux with
working docker installation to use it.
To build the container:
git clone https://github.com/CESNET/netopeer.git
cd netopeer
docker build -t netopeer .
To start it:
docker run -it --rm -p 8300:830 --name netopeer netopeer
The line above maps netopeer's netconf port to 8300 on the host. You can connect to that port with ncclient without any user or password (as long as you have a valid private key on the host).
TransAPI modules
Netopeer projects provides several basic transAPI modules that, besides their functionality, serve as examples for writing the libnetconf transAPI modules. These modules are located inside the transAPI/ directory.
cfgsystem
TransAPI module implementing ietf-system data model following RFC 7317.
Netopeer GUI
The Apache module with a web-based GUI allowing user to connect to a NETCONF-enabled device and to obtain and manipulate its configuration data from a graphical interface.
This part is available as a standalone project at GitHub.
Interoperability
In November 2012, prior to the IETF 85 meeting, some of these tools were participating in NETCONF Interoperability Testing.
All tools are built on top of the libnetconf library and allows you to use the following NETCONF features:
- NETCONF v1.0 and v1.1 compliant (RFC 6241)
- NETCONF over SSH (RFC 6242) including Chunked Framing Mechanism
- DNSSEC SSH Key Fingerprints (RFC 4255)
- NETCONF over TLS (RFC 5539bis)
- NETCONF Writable-running capability (RFC 6241)
- NETCONF Candidate configuration capability (RFC 6241)
- NETCONF Validate capability ( RFC 6241)
- NETCONF Distinct startup capability ( RFC 6241)
- NETCONF URL capability (RFC 6241
- NETCONF Event Notifications (RFC 5277 and RFC 6470)
- NETCONF With-defaults capability (RFC 6243)
- NETCONF Access Control (RFC 6536)
- NETCONF Call Home (Reverse SSH draft, RFC 5539bis)
- NETCONF Server Configuration (IETF Draft)
Other Resources
Solving Issues
Since the development activities were moved to the Netopeer2 project, we do not maintain this project. However, the issue tracker is kept open to allow community to discuss the issues and possibly share the solutions or advices. Anyway, note that authors propose to move to the Netopeer2 project.