-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
syslog messages forwarding hld #72
base: master
Are you sure you want to change the base?
Conversation
Add gnmi doc
Includes changes from Sachin, Arun and Partha.
…into mgmt-framework
Added text and images for the Transformer section of the HLD.
This reverts commit 702f9af.
The first reversion was pushed by accident. This reverts commit 308a985.
Updated GNMI information
Updated GNMI information
Updated the overall architecture diagram to reflect the addition of the Transformer component.
…into mgmt-framework
* Put document in DRAFT state * Made changes throughout to account for Transformer module * MIscellaneous fixes for typos
…an image that did not add much in the gnmi section
* Concurrent Access via Redis CAS transactions
* Added support for Subscribe API in translib
update the transformer section with the latest progress
HLD: show/clear ip/ipv6 arp/neighbors
add initial version of data VRF HLD in mgmt framework
Merge from master
Mgmt framework HLD update for CVL enhancements
Add REST API versioning details to HLD
* Update Mgmt framework HLD for CLI/Transformer enhancements
respect to OpenAPI 3.0 upgrade
* Update gNMI sections * Address comments
Updated mgmt-framework to include details with
Updated HLD for show ip arp vrf support
Change PortChannel Creation command
doc/logging/syslog_forward_hld.md
Outdated
|
||
``` | ||
sonic(config)# logging server host 10.59.142.126 | ||
sonic(config)# logging server host 10.59.143.28 source-ip 10.10.10.1 vrf-name Vrf1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add remote-port configuration in KLISH?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like it's already added but with wrong description, please correct it.
sonic(config)# logging server host 1::1
remote-port RADIUS server's authentication port
source-ip Source ip address
vrf-name VRF to use
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add the CLI command syntax and examples.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use source-interface instead of source-ip to match behavior of various NOS vendors today? we're planning to migrate to source-interface instead source-ip for other IP services as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sonic(config)# logging server host 1::1 vrf-name
Name of VRF (Max size 32, (mgmt, or prefixed by Vrf_)
Vrf name cant be 32, please follow other vrf-name syntax and fix accordingly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remote host should accept "Hostname" as well for configuration, please make the change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for 2 and 3) we will take care.
for 4)I think source-ip is better. Even if we use source interface, we have to get its ip address and use it as source-ip while sending out packtes. What if interface has more than one ipadddress?. What logic should be followed to choose ip?. this makes more complex. For simplicity source-ip is better. I think ask from customer also source-ip.
5) We will take care.
6)Not sure radius/tacacs uses hostname. If other clients uses we will also follow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-
source interface is better from user perspective that's what IS-CLI follows, yes, internally we have to take the IP address from the source interface and use it for IP services. why do you expect more than one IPv4/IPv6 address on an interface that we want to use for any IP services, we can discuss in the email.
-
I've added the changes for radius/tacacs already, please add the same for logging server.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll ask Jose (PLM) to comment on 4) further.
|
||
RESTCONF-APIs are supported for following yang models | ||
|
||
openconfig-system-logging.yang |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please provide REST URI CRUD and get examples.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Swagger UI can be used for REST uri and examples.
doc/logging/syslog_forward_hld.md
Outdated
-------------------------------------------------------------------------------- | ||
10.59.136.33 514 10.10.10.1 - | ||
10.59.142.126 514 - - | ||
10.59.143.28 514 10.10.10.1 Vrf1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did we test rsyslog on non-default VRF?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we already support mgmt-vrf which is non default-vrf
doc/logging/syslog_forward_hld.md
Outdated
|
||
|
||
#### 3.6.2.4 IS-CLI Compliance | ||
KLISH Based cli |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some of the CLIs are not IS-CLI complaint, please see below for IS-CLI examples,
ct-ms-arista(config)#logging ?
host Set syslog server IP address and parameters
source-interface Use IP Address of interface as source IP of log messages
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is IS-CLI?. cisco, brocade also follows this. Also as per yang source interface and vrf is per server
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as per IS-CLI, source interface suppose to be global resource not to be tied with server configuration, I'll start a email thread to clarify this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As per logging yang "openconfig-system-logging.yang" source interface is per server.
I feel this is better than global one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see CISCO/Arista follow source interface at the global level for all IP services but in OC, I see few services follow source IP at the global level and few services follow at the server level, this is confusing when it comes to complaint with IS-CLI, Dell PLM reached out to BRCM PLM for this, hope we'll sort out this soon.
doc/logging/syslog_forward_hld.md
Outdated
| | +--rw host? oc-inet:host | ||
| | +--rw source-address? oc-inet:ip-address | ||
| | +--rw remote-port? oc-inet:port-number | ||
| | +--rw oc-sys-ext:vrf-name? string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do leafref to network-instance name (/oc-netinst:network-instances/network-instance/config/name) not string..also...I suggest to use network-instance..instead of vrf....OC model follow network-instance convention.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why this is required? vrf instance can be created after configuring syslog server with vrf.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okay, if we dont have any dependency on VRF for configuration, then it's fine.
doc/logging/syslog_forward_hld.md
Outdated
|
||
|
||
``` | ||
sonic(config)# no logging server host 10.59.143.28 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do we need both "server" & "host" keyword, shall we just use server?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
server to tell that its remote server configuration
host is for ipaddress as we are following param=val syntax
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggest to either follow "logging server "ip" or logging host "ip" but not logging server host "ip" syntax to be align with IS-CLI.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure what is IS-CLI?. Cisco nexus uses "logging server host".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Following is the CISCO nexus CLI command. There is a "IS_CLI compilance" section in the HLD, please update that section.
switch(config)# logging server ?
A:B::C:D|WORD Hostname/IPv4/IPv6 address of the Remote Syslog Server
# 9 Unit Test | ||
|
||
1)Verify add/delete syslog server configuration using KLISH cli and make sure that /etc/rsyslog.conf is updated accordingly | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add test cases for syslog configuration in default & mgmt & non-default VRFs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we will add for mgmt and user defined VRFs
doc/logging/syslog_forward_hld.md
Outdated
# About this Manual | ||
This document provides general information about the configuration of remote syslog server using management framework | ||
# Scope | ||
This document describes the REST-API, KLISH, VRF and source-ip support for remote syslog server based on OpenConfig yang model. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The scope is not to test via gNMI interface? not planning to enhance Click commands for the new options?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gNMI also supported. no plan to extended click unless comes from PM.
doc/logging/syslog_forward_hld.md
Outdated
### Table 1: Abbreviations | ||
| **Term** | **Meaning** | | ||
| -------- | ------------------------- | | ||
| VRF | Virtual router forwarding | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use "Virtual routing and forwarding".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we will take care
No description provided.