16:00:56 <CaseyODL> #startmeeting advisory group 16:00:56 <odl_meetbot> Meeting started Thu Jan 19 16:00:56 2017 UTC. The chair is CaseyODL. Information about MeetBot at http://ci.openstack.org/meetbot.html. 16:00:56 <odl_meetbot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:56 <odl_meetbot> The meeting name has been set to 'advisory_group' 16:04:49 <CaseyODL> #chair phrobb 16:04:49 <odl_meetbot> Current chairs: CaseyODL phrobb 16:04:54 <CaseyODL> #info colindixon 16:05:18 <colindixon> did you mena #info or #chair? 16:05:53 <CaseyODL> #chair colindixon 16:05:53 <odl_meetbot> Current chairs: CaseyODL colindixon phrobb 16:06:29 <CaseyODL> #topic Improvements in NETCONF 16:07:07 <colindixon> #info rgoulding is going to present some details on how we've improved the NETCONF usability 16:08:26 <colindixon> #info ryan explains a bit about how historically, NETCONF has been potentially annoying to use in OpenDaylight 16:09:27 <colindixon> #info two key reasons: 1.) strict enforceent of the YANG language both itself and that data matches the schema 2.) devices that don't support netconf-monitoring and thus don't serve their YANG models 16:10:10 <colindixon> #info ryan describes a common problem which is that you'd go to mount a device, get an HTTP 201 response that it succeeded, but no device would mount 16:10:44 <colindixon> #info usually this was becuase some model didn't parse and the errors weren't particularly helpful to figure out what actually went wrong and then fix the failing file 16:12:17 <colindixon> #link https://www.youtube.com/watch?v=_ZP8UhWF7OE Mount ODL NETCONF Devices Using a Custom Schema Cache 16:12:33 <colindixon> #link https://www.youtube.com/watch?v=-MUneHaTCh0 OpenDaylight NETCONF Boron Improvements Demo 16:12:45 <colindixon> #Info the above videos show some of what Ryan's going ot demo, but you can go back to check it out 16:14:31 <colindixon> #info ryan starts his demo, showing the features being installed: odl-restconf (for REST interfaces), odl-netconf-clustered-topology (the newer, cluster-capable way to mount NETCONF devices, but runs fine on a single node too), odl-netconf-mdsal (a NETCONF NB interface for the MD-SAL that we'll mount), and odl-mdsal-apidocs (which gives a nice web interface to REST APIs) 16:14:45 <colindixon> #info this demo is using the latest Boron release 16:15:41 <colindixon> #info Ryan has mounted a device called lb (which is a NETCONF mount of the OpenDaylight MD-SAL datastore itslef) using postman to create the REST call 16:16:44 <colindixon> #info ryan moves to the apidocs to see the operational topology, it lists the NETCONF node with a bunch of available capabiliies which show what models actually work 16:17:15 <colindixon> #info there are also unavailable capabilities, which is models that have problems 16:17:59 <colindixon> #info ryan had previously broken the ted model just to show that this works, he removed the type of a leaf 16:18:34 <colindixon> #Info this also broke ISIS and another model because they depended on the broken model 16:19:38 <colindixon> #info as part of Boron, we now mount devices even if some models fail and also give information (as you could see in the topology output) and also in the logs 16:20:36 <colindixon> #info says LEAF is missing TYPE at line 116 character 4, which lets you fix things quickly 16:21:11 <colindixon> #info the partial device mount is exclusive to Boron, but other features are mostly backported to Beryllium as well 16:24:03 <colindixon> #info beau says that this is really cool stuff and the kind of things we need in a new beginner's guide 16:24:50 <colindixon> #info Brian Freeman also says this is really cool stuff and thanks! 16:29:00 <colindixon> #info the other half is about how you can have custom scheme cache directories so you can update the models for specific devices to help fix OpenDaylight NETCONF to work with a broader range of models 16:29:17 <colindixon> #info this includes being able to fix device models, and even common models just for a single device 16:32:42 <colindixon> #info there are bunch of things that this enables: you can side-load models if the device doesn't support netconf monitoring, or to keep different copies of different models for different devices 16:34:14 <colindixon> #info Brian Freeman points out this is really good, in part because there are more ways to fix things on the ODL side than on the vendor side 16:35:52 <colindixon> #info Brian has two other requests: avoiding credentials in the clear, also would like to have the ability to do multi devices edits and transactions are a thing we need to move there 16:38:21 <colindixon> #Info if people are interested, colindixon says to reach out about starting a project or anything else about multi-device NETCONF tools 16:39:12 <colindixon> #info for credentials, Ryan suggests using certificates, alternatively the "right" solution if you have to use passwords is to encrypt at rest and decrypt at use 16:39:47 <colindixon> #info Brian and Chris both say that many devices are still password-only 16:43:36 <colindixon> #info the key issues seem to be (a) making sure we encrypt things at rest and (b) ensure that most users don't have access to read the passwords over REST 16:45:08 <colindixon> #info the general idea from Chris and Brian is that you can only get the credentials from the shell into OpenDaylight, but not from any remote APIs, basically there should be no way to get any 16:45:11 <colindixon> #undo 16:45:11 <odl_meetbot> Removing item from minutes: <MeetBot.ircmeeting.items.Info object at 0x27f3550> 16:45:16 <colindixon> #info the general idea from Chris and Brian is that you can only get the credentials from the shell into OpenDaylight, but not from any remote APIs 16:46:10 <colindixon> #Info the general idea is that we should try to avoid sending the credentials anywhere but to the SB device itself 16:50:21 <colindixon> #info colindixon asks if other people have done better things with best practice for handling credentials like this 16:51:19 <colindixon> #info ryan says that there are two ways to do this better: certificate-based authorization, and doing delegation of authentication 16:52:23 <colindixon> #info there seems to be no way for this that works well with NETCONF, but that we know about it 16:53:31 <colindixon> #action colindixon to ask if there are best practices for handling password data in models 16:53:38 <colindixon> #topic RESTCONF draft 18 16:54:42 <colindixon> #Info ryan points out that we have draft 02 of RESTCONF implemented in the default one, but we have a draft 18 (that will hopefully be the RFC version or near it) as /apidoc/18/ instead of just /apidoc/ 16:54:55 <colindixon> #info people should start to look at it and note the differences sooner rather than later 16:55:01 <colindixon> #topic apidocs scalability issues 16:55:42 <colindixon> #info Brian and others point out that large configs and large numbers of models causes it just give up 16:55:56 <colindixon> #info swagger and postman seem to struggle at certain sizes 16:56:01 <colindixon> #info people have been moving back to curl 16:59:41 <colindixon> #info there might be an update to swagger soon, that might help 17:00:17 <colindixon> #info ODL folks are aware it's an issue, but we're not actively trying to fix it 17:00:24 <colindixon> #info Open Networking Summit 17:01:02 <CaseyODL> Still typing, or should I end it? :) 17:01:04 <colindixon> #link http://events.linuxfoundation.org/events/open-networking-summit/program/cfp call for submissions is here and closes Saturday, 1/21, please submit cool ODL content 17:01:17 <colindixon> #info especially user content and especially especially enterprise user content 17:01:21 <colindixon> you can close it 17:02:01 <CaseyODL> #endmeeting