Skip to content

Populate the correct non-legacy gRPC server config #653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
gmacf wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Populate the correct non-legacy gRPC server config #653

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
10ba45e
Populate the correct non-legacy gRPC server config
gmacf Oct 15, 2025
a1da388
Update cloudbuild topology tags to include D47 changes.
gmacf Oct 15, 2025
2575a60
Fix TLS statement
gmacf Oct 15, 2025
f4f0bb9
Fix test
gmacf Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions cloudbuild/vendors/topology.textproto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ nodes: {
name: "ncptx"
vendor: JUNIPER
model: "ncptx"
# Disables the legacy gRPC server config that configures hot reloading
# and PKI support. These are now configured by default in D47 and onwards.
labels: {
key: "legacy_grpc_server_config"
value: "disabled"
}
config: {
image: "us-west1-docker.pkg.dev/gep-kne/juniper/ncptx:ga"
file: "juniper.cfg"
Expand Down
29 changes: 16 additions & 13 deletions topo/node/juniper/juniper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,28 +195,31 @@ func (n *Node) GRPCConfig() []string {
}
}
log.Infof("gNMI Port %d", port)
portConfig := fmt.Sprintf("set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config port %d", port)
conf := []string{
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config services GNMI",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config enable true",
portConfig,
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config transport-security true",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config certificate-id grpc-server-cert",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config listen-addresses 0.0.0.0",
"commit",
}
// In newer Juniper releases such as D47, hot reloading and PKI support is enabled by default. On these systems, the legacy
// syntax below is mutually exclusive with the new gRPC service config. Attempting to configure both will cause the config
// commit to fail. Therefore, if configuring gRPC services via CLI on a release from D47 onwards, a KNE Node label of
// `legacy_grpc_server_config`` should be set to `disabled.`
if n.GetProto().GetLabels()["legacy_grpc_server_config"] != "disabled" {
legacyConf := []string{
return []string{
"set system services extension-service request-response grpc ssl hot-reloading",
"set system services extension-service request-response grpc ssl use-pki",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config services GNMI",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config enable true",
fmt.Sprintf("set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config port %d", port),
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config transport-security true",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config certificate-id grpc-server-cert",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config listen-addresses 0.0.0.0",
"commit",
}
conf = append(legacyConf, conf...)
}
return conf
return []string{
"set system services http servers server grpc-server",
fmt.Sprintf("set system services http servers server grpc-server port %d", port),
"set system services http servers server grpc-server grpc gnmi",
"set system services http servers server grpc-server tls local-certificate grpc-server-cert",
"set system services http servers server grpc-server listen-address 0.0.0.0",
"commit",
}
}

// Waits and retries until CLI config mode is up and config is applied
Expand Down
11 changes: 5 additions & 6 deletions topo/node/juniper/juniper_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -286,12 +286,11 @@ func TestGRPCConfig(t *testing.T) {
},
},
want: []string{
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config services GNMI",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config enable true",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config port 32767",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config transport-security true",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config certificate-id grpc-server-cert",
"set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config listen-addresses 0.0.0.0",
"set system services http servers server grpc-server",
"set system services http servers server grpc-server port 32767",
"set system services http servers server grpc-server grpc gnmi",
"set system services http servers server grpc-server tls local-certificate grpc-server-cert",
"set system services http servers server grpc-server listen-address 0.0.0.0",
"commit",
},
},
Expand Down
Loading