From 10ba45e74db3e69ceb8c8bcf21acb18c81f2298d Mon Sep 17 00:00:00 2001 From: Gareth McFarlane Date: Wed, 15 Oct 2025 02:11:59 +0000 Subject: [PATCH 1/4] Populate the correct non-legacy gRPC server config --- topo/node/juniper/juniper.go | 29 ++++++++++++++++------------- topo/node/juniper/juniper_test.go | 11 +++++------ 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/topo/node/juniper/juniper.go b/topo/node/juniper/juniper.go index af5e55c7..52ee5201 100644 --- a/topo/node/juniper/juniper.go +++ b/topo/node/juniper/juniper.go @@ -195,28 +195,31 @@ func (n *Node) GRPCConfig() []string { } } log.Infof("gNMI Port %d", port) - portConfig := fmt.Sprintf("set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config port %d", port) - conf := []string{ - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config services GNMI", - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config enable true", - portConfig, - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config transport-security true", - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config certificate-id grpc-server-cert", - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config listen-addresses 0.0.0.0", - "commit", - } // In newer Juniper releases such as D47, hot reloading and PKI support is enabled by default. On these systems, the legacy // syntax below is mutually exclusive with the new gRPC service config. Attempting to configure both will cause the config // commit to fail. Therefore, if configuring gRPC services via CLI on a release from D47 onwards, a KNE Node label of // `legacy_grpc_server_config`` should be set to `disabled.` if n.GetProto().GetLabels()["legacy_grpc_server_config"] != "disabled" { - legacyConf := []string{ + return []string{ "set system services extension-service request-response grpc ssl hot-reloading", "set system services extension-service request-response grpc ssl use-pki", + "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config services GNMI", + "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config enable true", + fmt.Sprintf("set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config port %d", port), + "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config transport-security true", + "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config certificate-id grpc-server-cert", + "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config listen-addresses 0.0.0.0", + "commit", } - conf = append(legacyConf, conf...) } - return conf + return []string{ + "set system services http servers server grpc-server", + fmt.Sprintf("set system services http servers server grpc-server port %d", port), + "set system services http servers server grpc-server grpc gnmi", + "set system services http servers server grpc-server grpc tls local-certificate grpc-server-cert", + "set system services http servers server grpc-server listen-address 0.0.0.0", + "commit", + } } // Waits and retries until CLI config mode is up and config is applied diff --git a/topo/node/juniper/juniper_test.go b/topo/node/juniper/juniper_test.go index a7039b71..bef4176d 100644 --- a/topo/node/juniper/juniper_test.go +++ b/topo/node/juniper/juniper_test.go @@ -286,12 +286,11 @@ func TestGRPCConfig(t *testing.T) { }, }, want: []string{ - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config services GNMI", - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config enable true", - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config port 32767", - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config transport-security true", - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config certificate-id grpc-server-cert", - "set openconfig-system:system openconfig-system-grpc:grpc-servers grpc-server grpc-server config listen-addresses 0.0.0.0", + "set system services http servers server grpc-server", + "set system services http servers server grpc-server port 32767", + "set system services http servers server grpc-server grpc gnmi", + "set system services http servers server grpc-server grpc tls local-certificate grpc-server-cert", + "set system services http servers server grpc-server listen-address 0.0.0.0", "commit", }, }, From a1da3888b1f2de15768ab8660e2a410e9bcfd3e0 Mon Sep 17 00:00:00 2001 From: Gareth McFarlane Date: Wed, 15 Oct 2025 02:22:11 +0000 Subject: [PATCH 2/4] Update cloudbuild topology tags to include D47 changes. --- cloudbuild/vendors/topology.textproto | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cloudbuild/vendors/topology.textproto b/cloudbuild/vendors/topology.textproto index f2b29c6c..c043623d 100644 --- a/cloudbuild/vendors/topology.textproto +++ b/cloudbuild/vendors/topology.textproto @@ -12,6 +12,12 @@ nodes: { name: "ncptx" vendor: JUNIPER model: "ncptx" + # Disables the legacy gRPC server config that configures hot reloading + # and PKI support. These are now configured by default in D47 and onwards. + labels: { + key: "legacy_grpc_server_config" + value: "disabled" + } config: { image: "us-west1-docker.pkg.dev/gep-kne/juniper/ncptx:ga" file: "juniper.cfg" From 2575a60776b5e972f920a5f38b862174c66d4860 Mon Sep 17 00:00:00 2001 From: Gareth McFarlane Date: Wed, 15 Oct 2025 02:43:36 +0000 Subject: [PATCH 3/4] Fix TLS statement --- topo/node/juniper/juniper.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/topo/node/juniper/juniper.go b/topo/node/juniper/juniper.go index 52ee5201..436b9e36 100644 --- a/topo/node/juniper/juniper.go +++ b/topo/node/juniper/juniper.go @@ -216,7 +216,7 @@ func (n *Node) GRPCConfig() []string { "set system services http servers server grpc-server", fmt.Sprintf("set system services http servers server grpc-server port %d", port), "set system services http servers server grpc-server grpc gnmi", - "set system services http servers server grpc-server grpc tls local-certificate grpc-server-cert", + "set system services http servers server grpc-server tls local-certificate grpc-server-cert", "set system services http servers server grpc-server listen-address 0.0.0.0", "commit", } From f4f0bb91c758490859d0d063523d7c0396bd44c9 Mon Sep 17 00:00:00 2001 From: Gareth McFarlane Date: Wed, 15 Oct 2025 02:44:17 +0000 Subject: [PATCH 4/4] Fix test --- topo/node/juniper/juniper_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/topo/node/juniper/juniper_test.go b/topo/node/juniper/juniper_test.go index bef4176d..ffaab602 100644 --- a/topo/node/juniper/juniper_test.go +++ b/topo/node/juniper/juniper_test.go @@ -289,7 +289,7 @@ func TestGRPCConfig(t *testing.T) { "set system services http servers server grpc-server", "set system services http servers server grpc-server port 32767", "set system services http servers server grpc-server grpc gnmi", - "set system services http servers server grpc-server grpc tls local-certificate grpc-server-cert", + "set system services http servers server grpc-server tls local-certificate grpc-server-cert", "set system services http servers server grpc-server listen-address 0.0.0.0", "commit", },