diff --git a/.github/container-matrix.yml b/.github/container-matrix.yml index 75d6ade..6fee82e 100644 --- a/.github/container-matrix.yml +++ b/.github/container-matrix.yml @@ -3,25 +3,49 @@ # SPDX-License-Identifier: BSD-3-Clause # a matrix list of variables used in the container build process +# it is used to define what ansible core images that define both ansible core and the python interpreter +# are going to be used in the container build process for the collection. # # python version are taken from ansible's support matrix - https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#support-life # ansible-core-image version is taken from https://github.com/orgs/srl-labs/packages?repo_name=ansible-core include: - # 2.14.11 - - ansible-core-image: "2.14.11:pypy3.10" + # 2.14 + - ansible-core-image: "2.14.17:pypy3.10" runs-on: "ubuntu-22.04" - - ansible-core-image: "2.14.11:py3.11" + - ansible-core-image: "2.14.17:py3.11" runs-on: "ubuntu-22.04" addional-tags: "latest" - # 2.15.5 - - ansible-core-image: "2.15.5:pypy3.10" + # 2.15 + - ansible-core-image: "2.15.12:pypy3.10" runs-on: "ubuntu-22.04" - - ansible-core-image: "2.15.5:py3.11" + - ansible-core-image: "2.15.12:py3.11" + runs-on: "ubuntu-22.04" + + - ansible-core-image: "2.15.12:py3.12" + runs-on: "ubuntu-22.04" + addional-tags: "latest" + + # 2.16 + - ansible-core-image: "2.16.8:pypy3.10" + runs-on: "ubuntu-22.04" + + - ansible-core-image: "2.16.8:py3.11" + runs-on: "ubuntu-22.04" + + - ansible-core-image: "2.16.8:py3.12" runs-on: "ubuntu-22.04" addional-tags: "latest" - - ansible-core-image: "2.15.5:py3.12" + # 2.17 + - ansible-core-image: "2.17.1:pypy3.10" + runs-on: "ubuntu-22.04" + + - ansible-core-image: "2.17.1:py3.11" runs-on: "ubuntu-22.04" + + - ansible-core-image: "2.17.1:py3.12" + runs-on: "ubuntu-22.04" + addional-tags: "latest" diff --git a/.github/matrix.yml b/.github/matrix.yml index 7b7fa0e..978c313 100644 --- a/.github/matrix.yml +++ b/.github/matrix.yml @@ -3,39 +3,20 @@ # SPDX-License-Identifier: BSD-3-Clause # a matrix list of variables used in testing -# kind of a manual way of creating a testing matrix with a flexibility of selecting permuatations +# kind of a manual way of creating a testing matrix with a flexibility of selecting permutations # support matrix for ansible control node - https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#node-requirement-summary include: - #################### - # Python 3.8 - #################### - - &latest-2_12 - ansible-core-version: "2.12.10" - runs-on: "ubuntu-22.04" - python-version: "3.8" - - - &latest-2_13 - ansible-core-version: "2.13.13" - runs-on: "ubuntu-22.04" - python-version: "3.8" - #################### # Python 3.9 #################### - - <<: *latest-2_12 - python-version: "3.9" - - - <<: *latest-2_13 - python-version: "3.9" - - &latest-2_14 - ansible-core-version: "2.14.11" + ansible-core-version: "2.14.17" runs-on: "ubuntu-22.04" python-version: "3.9" - &latest-2_15 - ansible-core-version: "2.15.5" + ansible-core-version: "2.15.12" runs-on: "ubuntu-22.04" python-version: "3.9" @@ -43,39 +24,46 @@ include: # Python 3.10 #################### - # removing 2_12 and 2_13 because TLS tests are failing - # this doesn't make the collection unusable with these versions - # when 23.10 comes out with TLS 1.3 we will remove these checks and bring back 2_12 and 2_13 - # - <<: *latest-2_12 - # python-version: "3.10" - - # - <<: *latest-2_13 - # python-version: "3.10" - - <<: *latest-2_14 python-version: "3.10" - <<: *latest-2_15 python-version: "3.10" + - &latest-2_16 + ansible-core-version: "2.16.8" + runs-on: "ubuntu-22.04" + python-version: "3.10" + + - &latest-2_17 + ansible-core-version: "2.17.1" + runs-on: "ubuntu-22.04" + python-version: "3.10" + #################### # Python 3.11 #################### - # - <<: *latest-2_12 - # python-version: "3.11" - - # - <<: *latest-2_13 - # python-version: "3.11" - - <<: *latest-2_14 python-version: "3.11" - <<: *latest-2_15 python-version: "3.11" + - <<: *latest-2_16 + python-version: "3.11" + + - <<: *latest-2_17 + python-version: "3.11" + #################### # Python 3.12 #################### - <<: *latest-2_15 python-version: "3.12" + + - <<: *latest-2_16 + python-version: "3.12" + + - <<: *latest-2_17 + python-version: "3.12" diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 4cea483..9c7ca69 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -10,12 +10,17 @@ name: CICD srlinux-version: description: "SR Linux version" required: true - default: "23.3.2" - start-tmate: + default: "24.3.2" + start-tmate-before-test: description: "start tmate before running tests" type: boolean required: false default: false + start-tmate-after-test: + description: "start tmate after running tests" + type: boolean + required: false + default: false pull_request: push: tags: @@ -27,7 +32,7 @@ jobs: outputs: matrix: ${{ steps.matrix.outputs.output }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: fabasoad/data-format-converter-action@main id: matrix with: @@ -37,7 +42,8 @@ jobs: test: runs-on: ${{ matrix.runs-on }} - needs: [prepare-matrix] + needs: + - prepare-matrix strategy: fail-fast: false matrix: ${{ fromJson(needs.prepare-matrix.outputs.matrix) }} @@ -47,15 +53,19 @@ jobs: run: | echo "SRLINUX_VERSION=${{ inputs.srlinux-version }}" >> $GITHUB_ENV - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Install ansible core run: pip install ansible-core==${{ matrix.ansible-core-version }} + - name: start tmate session + uses: mxschmitt/action-tmate@v3 + if: ${{ inputs.start-tmate-before-test }} + # Uncomment this section to use private images # - name: ghcr.io login # uses: docker/login-action@v2 @@ -63,25 +73,27 @@ jobs: # registry: ghcr.io # username: ${{ github.actor }} # password: ${{ secrets.GITHUB_TOKEN }} + - name: Test + run: ./run.sh ci-test + # uncomment this line when you want to continue on error + # and run tmate after it + # continue-on-error: true - name: start tmate session uses: mxschmitt/action-tmate@v3 - if: ${{ inputs.start-tmate }} - - - name: Test - run: ./run.sh ci-test + if: ${{ inputs.start-tmate-after-test }} ansible-sanity-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: - python-version: 3.8 + python-version: 3.11 - name: Install ansible core - run: pip install ansible-core==2.13.8 + run: pip install ansible-core==2.15.12 - name: Ansible sanity test run: ./run.sh sanity-test diff --git a/.gitignore b/.gitignore index 3a54e6c..e9eb549 100644 --- a/.gitignore +++ b/.gitignore @@ -106,7 +106,7 @@ ipython_config.py # pyenv # For a library or package, you might want to ignore these files since the code is # intended to run in multiple environments; otherwise, check them in: -# .python-version +.python-version # pipenv # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. diff --git a/galaxy.yml b/galaxy.yml index f83b151..00cbcf5 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -46,7 +46,8 @@ tags: # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version # range specifiers can be set and are separated by ',' dependencies: - "ansible.netcommon": ">=5.2.0" + "ansible.netcommon": ">=5.2.0,<=6.1.3" + "ansible.utils": ">=3.0.0,<5.0.0" # The URL of the originating SCM repository repository: https://github.com/nokia/srlinux-ansible-collection diff --git a/plugins/module_utils/srlinux.py b/plugins/module_utils/srlinux.py index 239c171..29ae140 100644 --- a/plugins/module_utils/srlinux.py +++ b/plugins/module_utils/srlinux.py @@ -2,7 +2,7 @@ # Licensed under the BSD 3-Clause License. # SPDX-License-Identifier: BSD-3-Clause -""" srlinux module utils """ +"""srlinux module utils""" # -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function @@ -13,7 +13,6 @@ from ansible.module_utils._text import to_text from ansible.module_utils.connection import Connection -from ansible.module_utils.urls import CertificateError class JSONRPCClient: @@ -47,10 +46,7 @@ def _httpapi_error_handle(self, method="POST", path="/jsonrpc", payload=None): self.module.fail_json( msg=f"connection error occurred: {e}", ) - except CertificateError as e: - self.module.fail_json( - msg=f"certificate error occurred: {e}", - ) + except ValueError as e: try: self.module.fail_json(msg=f"certificate not found: {e}") diff --git a/run.sh b/run.sh index ab4cf42..fe7b84d 100755 --- a/run.sh +++ b/run.sh @@ -16,6 +16,9 @@ SCRIPTS_DIR="scripts" # Directory where the tests are located. TESTS_DIR="$(pwd)/tests" +# Containerlab version to use in CI tests +CLAB_VERSION="0.55.1" + # ----------------------------------------------------------------------------- # Helper functions start with _ and aren't listed in this script's help menu. # ----------------------------------------------------------------------------- @@ -57,10 +60,6 @@ function remove-local-collection { rm -rf ~/.ansible/collections/ansible_collections/nokia } -# Install a netcommon dependency in case ansible-core is installed. -function install-netcommon { - ansible-galaxy collection install --force ansible.netcommon:==4.1.0 -} # Deploy test lab. function deploy-lab { @@ -87,14 +86,7 @@ function revert-to-checkpoint { docker exec ${NODE_NAME} sr_cli /tools system configuration checkpoint initial revert } -# copy sanity ignore files from ignore-2.10.txt to all other supported ansible versions -function copy-sanity-ignore { - _cdTests - cd sanity - for version in 2.11 2.12 2.13 2.14; do - cp ignore-2.10.txt ignore-${version}.txt - done -} + # ----------------------------------------------------------------------------- # Test functions. @@ -297,9 +289,12 @@ function _run-tests { test-commit-confirm "$@" # OC-related tests - test-get-oc-container "$@" - test-set-oc-leaf "$@" - test-oc-validate "$@" + if [[ " $* " == *" oc-tests "* ]]; then + # OC-related tests + test-get-oc-container "$@" + test-set-oc-leaf "$@" + test-oc-validate "$@" + fi } # prepare local dev environment and run tests @@ -311,11 +306,21 @@ function test { _run-tests "$@" } +function dump-logs { + ansible-galaxy collection list + echo + pip list + python --version +} + # ci-test is a wrapper for testing in CI which first setups the environment. function ci-test { - install-containerlab 0.48.6 + install-containerlab ${CLAB_VERSION} install-local-collection deploy-lab + + dump-logs + # at this point we are already in ./tests dir # since we changed into it in deploy-lab @@ -323,6 +328,15 @@ function ci-test { ANSIBLE_CONFIG=ci-ansible.cfg _run-tests "$@" } +# copy sanity ignore files from ignore-2.10.txt to all other supported ansible versions +function copy-sanity-ignore { + _cdTests + cd sanity + for version in 2.14 2.15 2.16 2.17; do + cp ignore-2.10.txt ignore-${version}.txt + done +} + # sanity-test runs ansible-test tool with sanity checks. function sanity-test { install-local-collection diff --git a/scripts/oc.cfg b/scripts/oc.cfg index 9ad7590..535f8ff 100644 --- a/scripts/oc.cfg +++ b/scripts/oc.cfg @@ -6,4 +6,5 @@ system { } lldp { admin-state enable - } \ No newline at end of file + } +} \ No newline at end of file diff --git a/scripts/topo.clab.yml b/scripts/topo.clab.yml index b40b3f1..371e457 100644 --- a/scripts/topo.clab.yml +++ b/scripts/topo.clab.yml @@ -8,7 +8,4 @@ topology: nodes: srl: kind: nokia_srlinux - image: ghcr.io/nokia/srlinux:${SRLINUX_VERSION:=23.10.1} - # type and startup config are used to test Openconfig modules - type: ixr6 - startup-config: oc.cfg + image: ghcr.io/nokia/srlinux:${SRLINUX_VERSION:=24.3.2} diff --git a/tests/playbooks/get-multiple-paths.yml b/tests/playbooks/get-multiple-paths.yml index d6459e1..77d7e52 100644 --- a/tests/playbooks/get-multiple-paths.yml +++ b/tests/playbooks/get-multiple-paths.yml @@ -11,8 +11,8 @@ nokia.srlinux.get: paths: # skipped datastore defaults to state - - path: /system/state/hostname - yang_models: oc + # - path: /system/state/hostname + # yang_models: oc - path: /system/information/description datastore: state yang_models: srl @@ -20,7 +20,7 @@ datastore: running yang_models: srl register: response - failed_when: '("srl" not in response.result[0]) or ("SRLinux" not in response.result[1]) or ("mgmt" not in response.result[2]["network-instance"][0].name)' + failed_when: '("SRLinux" not in response.result[0]) or ("mgmt" not in response.result[1]["network-instance"][0].name)' - debug: var: response diff --git a/tests/playbooks/golden/clab-ansible-srl-golden.cfg.json.j2 b/tests/playbooks/golden/clab-ansible-srl-golden.cfg.json.j2 index c1a6925..b985ba7 100644 --- a/tests/playbooks/golden/clab-ansible-srl-golden.cfg.json.j2 +++ b/tests/playbooks/golden/clab-ansible-srl-golden.cfg.json.j2 @@ -1,7 +1,7 @@ { "srl_nokia-acl:acl": { - "cpm-filter": { - "ipv4-filter": { + "acl-filter": [ + { "entry": [ { "action": { @@ -13,18 +13,12 @@ }, "description": "Accept incoming ICMP unreachable messages", "match": { - "icmp": { - "code": [ - 0, - 1, - 2, - 3, - 4, - 13 - ], - "type": "dest-unreachable" - }, - "protocol": "icmp" + "ipv4": { + "icmp": { + "type": "dest-unreachable" + }, + "protocol": "icmp" + } }, "sequence-id": 10 }, @@ -38,29 +32,14 @@ }, "description": "Accept incoming ICMP time-exceeded messages", "match": { - "icmp": { - "type": "time-exceeded" - }, - "protocol": "icmp" - }, - "sequence-id": 20 - }, - { - "action": { - "accept": { - "rate-limit": { - "system-cpu-policer": "icmp" - } + "ipv4": { + "icmp": { + "type": "time-exceeded" + }, + "protocol": "icmp" } }, - "description": "Accept incoming ICMP parameter problem messages", - "match": { - "icmp": { - "type": "param-problem" - }, - "protocol": "icmp" - }, - "sequence-id": 30 + "sequence-id": 20 }, { "action": { @@ -72,10 +51,12 @@ }, "description": "Accept incoming ICMP echo messages", "match": { - "icmp": { - "type": "echo" - }, - "protocol": "icmp" + "ipv4": { + "icmp": { + "type": "echo" + }, + "protocol": "icmp" + } }, "sequence-id": 40 }, @@ -89,10 +70,12 @@ }, "description": "Accept incoming ICMP echo-reply messages", "match": { - "icmp": { - "type": "echo-reply" - }, - "protocol": "icmp" + "ipv4": { + "icmp": { + "type": "echo-reply" + }, + "protocol": "icmp" + } }, "sequence-id": 50 }, @@ -102,11 +85,15 @@ }, "description": "Accept incoming SSH when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 22 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 22 + } + } }, "sequence-id": 60 }, @@ -116,10 +103,14 @@ }, "description": "Accept incoming SSH when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 22 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 22 + } } }, "sequence-id": 70 @@ -128,29 +119,37 @@ "action": { "accept": {} }, - "description": "Accept incoming Telnet when the other host initiates the TCP connection", + "description": "Containerlab-added rule: Accept incoming Telnet when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 23 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "source-port": { + "operator": "eq", + "value": 23 + } + } }, - "sequence-id": 80 + "sequence-id": 88 }, { "action": { "accept": {} }, - "description": "Accept incoming Telnet when this router initiates the TCP connection", + "description": "Containerlab-added rule: Accept incoming Telnet when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 23 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 23 + } } }, - "sequence-id": 90 + "sequence-id": 98 }, { "action": { @@ -158,11 +157,15 @@ }, "description": "Accept incoming TACACS+ when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 49 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 49 + } + } }, "sequence-id": 100 }, @@ -172,10 +175,14 @@ }, "description": "Accept incoming TACACS+ when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 49 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 49 + } } }, "sequence-id": 110 @@ -186,10 +193,14 @@ }, "description": "Accept incoming DNS response messages", "match": { - "protocol": "udp", - "source-port": { - "operator": "eq", - "value": 53 + "ipv4": { + "protocol": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 53 + } } }, "sequence-id": 120 @@ -200,11 +211,15 @@ }, "description": "Accept incoming DHCP messages targeted for BOOTP/DHCP client", "match": { - "destination-port": { - "operator": "eq", - "value": 68 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 68 + } + } }, "sequence-id": 130 }, @@ -212,29 +227,19 @@ "action": { "accept": {} }, - "description": "Accept incoming TFTP read-request and write-request messages", + "description": "Containerlab-added rule: Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 69 + "ipv4": { + "protocol": "tcp" }, - "protocol": "udp" - }, - "sequence-id": 140 - }, - { - "action": { - "accept": {} - }, - "description": "Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection", - "match": { - "destination-port": { - "operator": "eq", - "value": 80 - }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 80 + } + } }, - "sequence-id": 150 + "sequence-id": 158 }, { "action": { @@ -242,10 +247,14 @@ }, "description": "Accept incoming HTTP(JSON-RPC) when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 80 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 80 + } } }, "sequence-id": 160 @@ -256,10 +265,14 @@ }, "description": "Accept incoming NTP messages from servers", "match": { - "protocol": "udp", - "source-port": { - "operator": "eq", - "value": 123 + "ipv4": { + "protocol": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 123 + } } }, "sequence-id": 170 @@ -270,11 +283,15 @@ }, "description": "Accept incoming SNMP GET/GETNEXT messages from servers", "match": { - "destination-port": { - "operator": "eq", - "value": 161 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 161 + } + } }, "sequence-id": 180 }, @@ -284,11 +301,15 @@ }, "description": "Accept incoming BGP when the other router initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 179 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 179 + } + } }, "sequence-id": 190 }, @@ -298,10 +319,14 @@ }, "description": "Accept incoming BGP when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 179 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 179 + } } }, "sequence-id": 200 @@ -312,11 +337,15 @@ }, "description": "Accept incoming HTTPS(JSON-RPC) when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 443 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 443 + } + } }, "sequence-id": 210 }, @@ -326,10 +355,14 @@ }, "description": "Accept incoming HTTPS(JSON-RPC) when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 443 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 443 + } } }, "sequence-id": 220 @@ -340,11 +373,15 @@ }, "description": "Accept incoming single-hop BFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 3784 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 3784 + } + } }, "sequence-id": 230 }, @@ -354,11 +391,15 @@ }, "description": "Accept incoming multi-hop BFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 4784 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 4784 + } + } }, "sequence-id": 240 }, @@ -368,11 +409,15 @@ }, "description": "Accept incoming uBFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 6784 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 6784 + } + } }, "sequence-id": 250 }, @@ -380,13 +425,17 @@ "action": { "accept": {} }, - "description": "Accept incoming gNMI messages when the other host initiates the TCP connection", + "description": "Accept incoming gRPC messages when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 57400 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 57400 + } + } }, "sequence-id": 260 }, @@ -396,32 +445,19 @@ }, "description": "Accept incoming UDP traceroute messages", "match": { - "destination-port": { - "range": { - "end": 33464, - "start": 33434 - } + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" - }, - "sequence-id": 270 - }, - { - "action": { - "accept": { - "rate-limit": { - "system-cpu-policer": "icmp" + "transport": { + "destination-port": { + "range": { + "end": 33464, + "start": 33434 + } } } }, - "description": "Accept incoming ICMP timestamp messages", - "match": { - "icmp": { - "type": "timestamp" - }, - "protocol": "icmp" - }, - "sequence-id": 280 + "sequence-id": 270 }, { "action": { @@ -429,7 +465,9 @@ }, "description": "Accept incoming OSPF messages", "match": { - "protocol": 89 + "ipv4": { + "protocol": 89 + } }, "sequence-id": 290 }, @@ -439,11 +477,15 @@ }, "description": "Accept incoming DHCP relay messages targeted for BOOTP/DHCP server", "match": { - "destination-port": { - "operator": "eq", - "value": 67 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 67 + } + } }, "sequence-id": 300 }, @@ -457,8 +499,10 @@ }, "description": "Accept ICMP fragment packets", "match": { - "fragment": true, - "protocol": "icmp" + "ipv4": { + "fragment": true, + "protocol": "icmp" + } }, "sequence-id": 310 }, @@ -468,10 +512,14 @@ }, "description": "Accept incoming LDP packets", "match": { - "protocol": "udp", - "source-port": { - "operator": "eq", - "value": 646 + "ipv4": { + "protocol": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 646 + } } }, "sequence-id": 320 @@ -482,10 +530,14 @@ }, "description": "Accept incoming LDP packets with source-port 646", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 646 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 646 + } } }, "sequence-id": 330 @@ -496,11 +548,15 @@ }, "description": "Accept incoming LDP packets with destination-port 646", "match": { - "destination-port": { - "operator": "eq", - "value": 646 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 646 + } + } }, "sequence-id": 340 }, @@ -508,63 +564,188 @@ "action": { "accept": {} }, - "description": "Accept incoming gRIBI packets with destination-port 57401", + "description": "Containerlab-added rule: Accept incoming gRPC over port 57401 for the insecure-mgmt gRPC server", "match": { - "destination-port": { - "operator": "eq", - "value": 57401 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 57401 + } + } }, - "sequence-id": 350 + "sequence-id": 358 }, { "action": { "accept": {} }, - "description": "Accept incoming p4rt packets with destination-port 9559", + "description": "Accept incoming IGMP packets", "match": { - "destination-port": { - "operator": "eq", - "value": 9559 + "ipv4": { + "protocol": "igmp" + } + }, + "sequence-id": 370 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming PIM packets", + "match": { + "ipv4": { + "protocol": "pim" + } + }, + "sequence-id": 380 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming RADIUS AAA packets", + "match": { + "ipv4": { + "protocol": "udp" }, - "protocol": "tcp" + "transport": { + "source-port": { + "range": { + "end": 1813, + "start": 1812 + } + } + } }, - "sequence-id": 360 + "sequence-id": 390 }, { "action": { "accept": {} }, - "description": "Accept incoming IGMP packets", + "description": "Accept incoming PTP messages with destination-ports 319 and 320", "match": { - "protocol": "igmp" + "ipv4": { + "protocol": "udp" + }, + "transport": { + "destination-port": { + "range": { + "end": 320, + "start": 319 + } + } + } }, - "sequence-id": 370 + "sequence-id": 410 }, { "action": { "accept": {} }, - "description": "Accept incoming PIM packets", + "description": "Accept incoming PCEP packets with destination-port 4189", "match": { - "protocol": "pim" + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 4189 + } + } }, - "sequence-id": 380 + "sequence-id": 420 }, { "action": { - "drop": { - "log": true + "accept": {} + }, + "description": "Accept incoming SBFD session messages", + "match": { + "ipv4": { + "protocol": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 7784 + } } }, + "sequence-id": 430 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming SBFD session messages", + "match": { + "ipv4": { + "protocol": "udp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 7784 + } + } + }, + "sequence-id": 440 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming LSP MPLS Echo requests and replies", + "match": { + "ipv4": { + "protocol": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 3503 + } + } + }, + "sequence-id": 450 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming LSP MPLS Echo requests and replies", + "match": { + "ipv4": { + "protocol": "udp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 3503 + } + } + }, + "sequence-id": 460 + }, + { + "action": { + "drop": {}, + "log": true + }, "description": "Drop all else", - "sequence-id": 390 + "sequence-id": 1000 } ], - "statistics-per-entry": true + "name": "cpm", + "statistics-per-entry": true, + "type": "ipv4" }, - "ipv6-filter": { + { "entry": [ { "action": { @@ -576,19 +757,12 @@ }, "description": "Accept incoming ICMPv6 unreachable messages", "match": { - "icmp6": { - "code": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "dest-unreachable" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "dest-unreachable" + }, + "next-header": "icmp6" + } }, "sequence-id": 10 }, @@ -602,10 +776,12 @@ }, "description": "Accept incoming ICMPv6 packet-too-big messages", "match": { - "icmp6": { - "type": "packet-too-big" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "packet-too-big" + }, + "next-header": "icmp6" + } }, "sequence-id": 20 }, @@ -619,29 +795,14 @@ }, "description": "Accept incoming ICMPv6 time-exceeded messages", "match": { - "icmp6": { - "type": "time-exceeded" - }, - "next-header": "icmp6" - }, - "sequence-id": 30 - }, - { - "action": { - "accept": { - "rate-limit": { - "system-cpu-policer": "icmp" - } + "ipv6": { + "icmp6": { + "type": "time-exceeded" + }, + "next-header": "icmp6" } }, - "description": "Accept incoming ICMPv6 parameter problem messages", - "match": { - "icmp6": { - "type": "param-problem" - }, - "next-header": "icmp6" - }, - "sequence-id": 40 + "sequence-id": 30 }, { "action": { @@ -653,10 +814,12 @@ }, "description": "Accept incoming ICMPv6 echo-request messages", "match": { - "icmp6": { - "type": "echo-request" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "echo-request" + }, + "next-header": "icmp6" + } }, "sequence-id": 50 }, @@ -670,10 +833,12 @@ }, "description": "Accept incoming ICMPv6 echo-reply messages", "match": { - "icmp6": { - "type": "echo-reply" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "echo-reply" + }, + "next-header": "icmp6" + } }, "sequence-id": 60 }, @@ -687,10 +852,12 @@ }, "description": "Accept incoming ICMPv6 router-advertisement messages", "match": { - "icmp6": { - "type": "router-advertise" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "router-advertise" + }, + "next-header": "icmp6" + } }, "sequence-id": 70 }, @@ -704,10 +871,12 @@ }, "description": "Accept incoming ICMPv6 neighbor-solicitation messages", "match": { - "icmp6": { - "type": "neighbor-solicit" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "neighbor-solicit" + }, + "next-header": "icmp6" + } }, "sequence-id": 80 }, @@ -721,10 +890,12 @@ }, "description": "Accept incoming ICMPv6 neighbor-advertisement messages", "match": { - "icmp6": { - "type": "neighbor-advertise" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "neighbor-advertise" + }, + "next-header": "icmp6" + } }, "sequence-id": 90 }, @@ -734,11 +905,15 @@ }, "description": "Accept incoming SSH when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 22 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 22 + } + } }, "sequence-id": 100 }, @@ -748,10 +923,14 @@ }, "description": "Accept incoming SSH when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 22 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 22 + } } }, "sequence-id": 110 @@ -760,29 +939,37 @@ "action": { "accept": {} }, - "description": "Accept incoming Telnet when the other host initiates the TCP connection", + "description": "Containerlab-added rule: Accept incoming Telnet when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 23 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "source-port": { + "operator": "eq", + "value": 23 + } + } }, - "sequence-id": 120 + "sequence-id": 128 }, { "action": { "accept": {} }, - "description": "Accept incoming Telnet when this router initiates the TCP connection", + "description": "Containerlab-added rule: Accept incoming Telnet when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 23 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 23 + } } }, - "sequence-id": 130 + "sequence-id": 138 }, { "action": { @@ -790,11 +977,15 @@ }, "description": "Accept incoming TACACS+ when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 49 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 49 + } + } }, "sequence-id": 140 }, @@ -804,10 +995,14 @@ }, "description": "Accept incoming TACACS+ when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 49 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 49 + } } }, "sequence-id": 150 @@ -818,10 +1013,14 @@ }, "description": "Accept incoming DNS response messages", "match": { - "next-header": "udp", - "source-port": { - "operator": "eq", - "value": 53 + "ipv6": { + "next-header": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 53 + } } }, "sequence-id": 160 @@ -830,29 +1029,19 @@ "action": { "accept": {} }, - "description": "Accept incoming TFTP read-request and write-request messages", + "description": "Containerlab-added rule: Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 69 + "ipv6": { + "next-header": "tcp" }, - "next-header": "udp" - }, - "sequence-id": 170 - }, - { - "action": { - "accept": {} - }, - "description": "Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection", - "match": { - "destination-port": { - "operator": "eq", - "value": 80 - }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 80 + } + } }, - "sequence-id": 180 + "sequence-id": 188 }, { "action": { @@ -860,10 +1049,14 @@ }, "description": "Accept incoming HTTP(JSON-RPC) when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 80 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 80 + } } }, "sequence-id": 190 @@ -874,10 +1067,14 @@ }, "description": "Accept incoming NTP messages from servers", "match": { - "next-header": "udp", - "source-port": { - "operator": "eq", - "value": 123 + "ipv6": { + "next-header": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 123 + } } }, "sequence-id": 200 @@ -888,11 +1085,15 @@ }, "description": "Accept incoming SNMP GET/GETNEXT messages from servers", "match": { - "destination-port": { - "operator": "eq", - "value": 161 + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 161 + } + } }, "sequence-id": 210 }, @@ -902,11 +1103,15 @@ }, "description": "Accept incoming BGP when the other router initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 179 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 179 + } + } }, "sequence-id": 220 }, @@ -916,10 +1121,14 @@ }, "description": "Accept incoming BGP when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 179 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 179 + } } }, "sequence-id": 230 @@ -930,11 +1139,15 @@ }, "description": "Accept incoming HTTPS(JSON-RPC) when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 443 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 443 + } + } }, "sequence-id": 240 }, @@ -944,10 +1157,14 @@ }, "description": "Accept incoming HTTPS(JSON-RPC) when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 443 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 443 + } } }, "sequence-id": 250 @@ -958,11 +1175,15 @@ }, "description": "Accept incoming DHCPv6 client messages", "match": { - "destination-port": { - "operator": "eq", - "value": 546 + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 546 + } + } }, "sequence-id": 260 }, @@ -972,11 +1193,15 @@ }, "description": "Accept incoming single-hop BFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 3784 + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 3784 + } + } }, "sequence-id": 270 }, @@ -986,11 +1211,15 @@ }, "description": "Accept incoming multi-hop BFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 4784 + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 4784 + } + } }, "sequence-id": 280 }, @@ -1000,11 +1229,15 @@ }, "description": "Accept incoming uBFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 6784 + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 6784 + } + } }, "sequence-id": 290 }, @@ -1012,13 +1245,17 @@ "action": { "accept": {} }, - "description": "Accept incoming gNMI messages when the other host initiates the TCP connection", + "description": "Accept incoming gRPC messages when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 57400 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 57400 + } + } }, "sequence-id": 300 }, @@ -1028,13 +1265,17 @@ }, "description": "Accept incoming UDP traceroute messages", "match": { - "destination-port": { - "range": { - "end": 33464, - "start": 33434 - } + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "range": { + "end": 33464, + "start": 33434 + } + } + } }, "sequence-id": 310 }, @@ -1044,7 +1285,9 @@ }, "description": "Accept incoming IPV6 hop-in-hop messages", "match": { - "next-header": 0 + "ipv6": { + "next-header": 0 + } }, "sequence-id": 320 }, @@ -1052,136 +1295,284 @@ "action": { "accept": {} }, - "description": "Accept incoming IPV6 fragment header messages", + "description": "Accept incoming OSPF messages", "match": { - "next-header": 44 + "ipv6": { + "next-header": 89 + } }, - "sequence-id": 330 + "sequence-id": 340 }, { "action": { "accept": {} }, - "description": "Accept incoming OSPF messages", + "description": "Accept incoming DHCPv6 relay messages", "match": { - "next-header": 89 + "ipv6": { + "next-header": "udp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 547 + } + } }, - "sequence-id": 340 + "sequence-id": 350 }, { "action": { "accept": {} }, - "description": "Accept incoming DHCPv6 relay messages", + "description": "Containerlab-added rule: Accept incoming gRPC over port 57401 for the insecure-mgmt gRPC server", "match": { - "destination-port": { - "operator": "eq", - "value": 547 + "ipv6": { + "next-header": "tcp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 57401 + } + } }, - "sequence-id": 350 + "sequence-id": 368 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming MLDv1 report messages", + "match": { + "ipv6": { + "icmp6": { + "type": "mld-report" + }, + "next-header": "icmp6" + } + }, + "sequence-id": 380 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming MLDv2 report messages", + "match": { + "ipv6": { + "icmp6": { + "type": "mld-v2" + }, + "next-header": "icmp6" + } + }, + "sequence-id": 390 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming MLDv1 done messages", + "match": { + "ipv6": { + "icmp6": { + "type": "mld-done" + }, + "next-header": "icmp6" + } + }, + "sequence-id": 400 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming MLD query messages", + "match": { + "ipv6": { + "icmp6": { + "type": "mld-query" + }, + "next-header": "icmp6" + } + }, + "sequence-id": 410 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming PIM messages", + "match": { + "ipv6": { + "next-header": "pim" + } + }, + "sequence-id": 420 }, { "action": { "accept": {} }, - "description": "Accept incoming gRIBI packets with destination-port 57401", + "description": "Accept incoming RADIUS AAA messages", "match": { - "destination-port": { - "operator": "eq", - "value": 57401 + "ipv6": { + "next-header": "udp" }, - "next-header": "tcp" + "transport": { + "source-port": { + "range": { + "end": 1813, + "start": 1812 + } + } + } }, - "sequence-id": 360 + "sequence-id": 430 }, { "action": { "accept": {} }, - "description": "Accept incoming p4rt packets with destination-port 9559", + "description": "Accept incoming PTP messages with destination-ports 319 and 320", "match": { - "destination-port": { - "operator": "eq", - "value": 9559 + "ipv6": { + "next-header": "udp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "range": { + "end": 320, + "start": 319 + } + } + } }, - "sequence-id": 370 + "sequence-id": 450 }, { "action": { "accept": {} }, - "description": "Accept incoming IGMP packets", + "description": "Accept incoming PCEP packets with destination-port 4189", "match": { - "next-header": "igmp" + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 4189 + } + } }, - "sequence-id": 380 + "sequence-id": 460 }, { "action": { "accept": {} }, - "description": "Accept incoming MLDv1 report messages", + "description": "Accept incoming SBFD session messages", "match": { - "icmp6": { - "type": "mld-report" + "ipv6": { + "next-header": "udp" }, - "next-header": "icmp6" + "transport": { + "source-port": { + "operator": "eq", + "value": 7784 + } + } }, - "sequence-id": 390 + "sequence-id": 470 }, { "action": { "accept": {} }, - "description": "Accept incoming MLDv2 report messages", + "description": "Accept incoming SBFD session messages", "match": { - "icmp6": { - "type": "mld-v2" + "ipv6": { + "next-header": "udp" }, - "next-header": "icmp6" + "transport": { + "destination-port": { + "operator": "eq", + "value": 7784 + } + } }, - "sequence-id": 400 + "sequence-id": 480 }, { "action": { "accept": {} }, - "description": "Accept incoming MLDv1 done messages", + "description": "Accept incoming LDP packets", "match": { - "icmp6": { - "type": "mld-done" + "ipv6": { + "next-header": "udp" }, - "next-header": "icmp6" + "transport": { + "source-port": { + "operator": "eq", + "value": 646 + } + } }, - "sequence-id": 410 + "sequence-id": 490 }, { "action": { "accept": {} }, - "description": "Accept incoming PIM messages", + "description": "Accept incoming LDP packets with source-port 646", "match": { - "next-header": "pim" + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 646 + } + } }, - "sequence-id": 420 + "sequence-id": 500 }, { "action": { - "drop": { - "log": true + "accept": {} + }, + "description": "Accept incoming LDP packets with destination-port 646", + "match": { + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 646 + } } }, + "sequence-id": 510 + }, + { + "action": { + "drop": {}, + "log": true + }, "description": "Drop all else", - "sequence-id": 430 + "sequence-id": 1000 } ], - "statistics-per-entry": true + "name": "cpm", + "statistics-per-entry": true, + "type": "ipv6" } - }, + ], "policers": { "system-cpu-policer": [ { @@ -1207,6 +1598,7 @@ { "admin-state": "enable", "index": 0, + "ip-mtu": 1500, "ipv4": { "admin-state": "enable", "srl_nokia-interfaces-ip-dhcp:dhcp-client": {} @@ -1240,12 +1632,51 @@ } ], "srl_nokia-system:system": { + "control-plane-traffic": { + "input": { + "srl_nokia-acl:acl": { + "acl-filter": [ + { + "name": "cpm", + "type": "ipv4" + }, + { + "name": "cpm", + "type": "ipv6" + } + ] + } + } + }, "srl_nokia-aaa:aaa": { "authentication": { + "admin-user": { + "ssh-key": [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBJRPA9kC25PYrFE8+DPAvxlzj7KNAloyKPsBEHjmLFgRbkjhK3F3kNHTd/afnPx5nC5R9g7mIPXjsHnzcR9n7OxegyqEQvwGJYOC5n94UfC/Htod5FhB4FcMAR1iuJWQCmGrg+Evs4LEBdST81PKIOORsFquZ84P5i/ZifjbKE+m+3tJLu484slMZqHANNUlfmTT1MkRDeXlv6eif9YWzP3w1M4l6+WOhowfyKU5N1scEf2gPIa5uqdzL3YTWWVid/EjTx4WNLO4w8FRRxxabcqAZ6rmw5CEHfQyXfqCW+v5d3thkylYpHMGohf7BifF0oDiJkaQUgO6vQBOpSbkLZ/ZCth4RqDEmZPO8DH25Hr+rkYZleWQoNL5JpHAMlNMHAOk+b2icBT+qw0+1zpzHuQow+48BkCLwQNyZmkqJB4SABzx5JWC8nLMczvpJqkWhG/Nzp5PdoDrsqxTNt9oaTUWdBDgFCTDduisyqvtzn6UOJJn6+hKqdxMyT1bcezd9s4AiJTTBzpLy560QrANyEIX+nt2yR8fJhfg+R4RsXw0hVlYh31a9oG2+NwCwBaTrCML97m/lVFsoSb4uJ1rwqUKbdzCV3EB2xINkkKXwafYh5lHMjo7TPcgo0VQIe2lSWLiHF4h3HTD/HIP0NqxIm+Pk5pVE99gC+IUUXlmhJQ==", + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKdXYzPIq8kHRJtDrh21wMVI76AnuPk7HDLeDteKN74", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtxsljGhy2DWg9/VwyRwsz2xEfscEuXOgd+z9aXLBXjEEPedzVAs84fAo981ap4xVmbB7gZOPwDM0jWWrGhv94WbWG5ZA7RjoAdp7EscCtv68r2gudagfxvaRHFQntgZt0c5tJztleXYLjaSvH5Nk/TDnVmOKiVKz/DZLuUx80YTb0udtz4qmFxSLswVbCr5YDtkdfaZ2fef3uEq21siVe+KNwL3gurBSUMKiWAPcQiSlBFXOjt0dLT3juy3D7ck3RaLirq07xeJvrJwDghEpvSpZnPZf7v8UmyIyv90edjC/0YogJV962IMzoT8s8+179glEKQBNHHRPm0KdX1BKjOpAFhx3zcTK6cxbG5Zbjcq0Vw86SjsiO4gz8QkBda6o/AtvqdQ8KOg+IpfVJ/j9/zyIeU1Ep9oWXzmx8i2s+rSTkNTdvi1lTKGpTCD2jFa5uxisR5dVoeKxMsJNaS7NxjIo0ZARriwGMnh+s8mA3ZZVYqnKJsGMUs02I0aSd0QU=", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLTxDZjy70GF3lZIePu/yz0lqaglkIYm2actUb4/Fq43z1VkSsdUKknCZuMnnAuHoAI3nMs8bmm5Ba9Kc9mqfZg8A6LYUYjUbRyv1qUgfok80G4k6JqUdly9E6CiI301ysxbqzYMyX0uWz3K/mY3kClNJJVuNXw+pDu9Obm8g2BDBVH9ecQ+IVtrt8s2rwoBzb2uSCLdqpTGQvo3RF5Ds4x7uSYyMNPvyQfewUnF60PPe/BlPL1DGFXX9xYxIMnbAuQ/KnpdyB216AnOd1xakY0l7n7iw6CNbbusN0WwnuyeWtO3sD7dNBaSd6ZtwU9Vaw0tZYbrvVc2ZIG6wLX+semg//DWwvcPxAZGSUyg3KjmTS0iWLCB93bif/tzrim/cZXfe2LPYAIXtWMEELzt+iUbKOMx9zrmjZ1gcaNLOTPY4XYTSwJslER5DScz1W9VtL7cKDe+2JVsrwSIb3MMq9XwIAFptApZBlhkjLLFBu0oBJ1z8JKD9mkJb3S2uH4icsGgZU7mY8n7xl3rSurSHuM8y5gAhy7fso0U/Rk7hsUjhElwTxMRtU+zjyV8G3pUyN4yx8uYEz3KPAO/aWrZqO0uoqj+F1Mb71Bn1wNUK5QnPaDEH1ByzTGIAIyJgs++i/KxiTwIskpR02ZrN87cw8ZzDSnL/fegF12UQhzN4o5Q==", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNEsOytypejPqd4csAycRShsJAtCKAy/PxXtTzcpoU7PTLaxTGiZUGhZ33pZ86/hzyA8/GksvHsYj3tumILe1HTdV2rKGkbRIYJ8sAEkmhKtEiC0PuXVCLS4zy7YMOIQAJ1edn0RUqvAe+rb/E50eucqzJeMriEuWUtrLZpRRaUCQOmqTkTpxHR3T+5TF+ia/ii4ZY3VwsChVrPHfoVNk3NGSb8hPsjuSE61kwYxI135hHK2ZI9iv/QKUUrR9xFaMGMCAPX+9C1EhclwkeB1t4EKwam6qQs15jnhBO7kEq9oCX7vjrmra5neQD7yxkM+I0aJTYRfmldlyf/pWpGXxPn55f1eLFH5uTKxCnEJepe5P1jm24vvTdij9DF256GVjEwBrZ0ro8Pg45PT4ZT/jkAkfC+SLpQutcDggvNbOOUOjCak/lBv5bAIQOe/sbfIW6NOdWSNm6HZShYZUAfik1oXu2VasCZHcyNpwGx3p3Cr7HSVInDpzC9WGzv+hOzJ8=", + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8N+eYfTO7cF0d7AAnDceARMG6ftHfomgJ4UZb2HuRe", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQComgPcG3DJaOI/Hj6SteEvwuIObe9qSLdecDHmAPLbhyvClEKN7i2AVc0UHCY10Lxxc0XsLuNPgHZYlWk1Ii9SFMHE/60MdlpP7TvcUdLBTuy0Byhx7i+0LO+vMTDJMWsil8Ivgc9xCT6iL5a/kEc3AR7FQwf3K/3jidyLpLFBy+Nliz060Y5j7X+u5sqPogdoa47qdSOJCzCD7DfThaxyPLcnNiGuco/5OoAujC/ZLCFgj2JnIrsf3ZAvl8yzrJfH3KtDK3klNlA5oc2+l92NOcTdasE7iTHZfZg3HXWvdKP5U63FsXNzisIeHkmjs4AtuTvTyCam2PEKwPuy1X+ogTBTKTSAlud5rkDeoGBIyhbO6gZTQnqb8dyLpD4mz2Fyn/6k97YcZn3KVgS6OTEzHhOOhEd1OlFlRgNdREw3YqL4B2ooq/In0GJjhPHQg6L8cyyhL+oPm2noQUp8jw9Sp42EHDgG33dYPiwbQ2eq6Ql2PLCc0M8YXJdVtFhENV6zoPTtosxx4OEWtauoART931a000/qa51cvuJX7bSEvJGhGUh3sTSYGke3X0gQKMHtVh/5iDcb0IowW0J/e/UnITwP6FgTE2AhOsEXaoJiSd4BcUUDG1mHMuLKxRSFw63V7T0XTOHSousHS8QNKMJoNe1PcaArFCJ+gOZmY68Mzw==" + ] + }, "authentication-method": [ "local" ], - "idle-timeout": 7200 + "idle-timeout": 7200, + "linuxadmin-user": { + "password": "$y$j9T$DbT6fPrCRIFoKCGhsL3pB0$Rb53YfyCdnjkUtguz8KWuI4ADfYM8WKI9XavXvzvS/C", + "ssh-key": [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBJRPA9kC25PYrFE8+DPAvxlzj7KNAloyKPsBEHjmLFgRbkjhK3F3kNHTd/afnPx5nC5R9g7mIPXjsHnzcR9n7OxegyqEQvwGJYOC5n94UfC/Htod5FhB4FcMAR1iuJWQCmGrg+Evs4LEBdST81PKIOORsFquZ84P5i/ZifjbKE+m+3tJLu484slMZqHANNUlfmTT1MkRDeXlv6eif9YWzP3w1M4l6+WOhowfyKU5N1scEf2gPIa5uqdzL3YTWWVid/EjTx4WNLO4w8FRRxxabcqAZ6rmw5CEHfQyXfqCW+v5d3thkylYpHMGohf7BifF0oDiJkaQUgO6vQBOpSbkLZ/ZCth4RqDEmZPO8DH25Hr+rkYZleWQoNL5JpHAMlNMHAOk+b2icBT+qw0+1zpzHuQow+48BkCLwQNyZmkqJB4SABzx5JWC8nLMczvpJqkWhG/Nzp5PdoDrsqxTNt9oaTUWdBDgFCTDduisyqvtzn6UOJJn6+hKqdxMyT1bcezd9s4AiJTTBzpLy560QrANyEIX+nt2yR8fJhfg+R4RsXw0hVlYh31a9oG2+NwCwBaTrCML97m/lVFsoSb4uJ1rwqUKbdzCV3EB2xINkkKXwafYh5lHMjo7TPcgo0VQIe2lSWLiHF4h3HTD/HIP0NqxIm+Pk5pVE99gC+IUUXlmhJQ==", + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKdXYzPIq8kHRJtDrh21wMVI76AnuPk7HDLeDteKN74", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtxsljGhy2DWg9/VwyRwsz2xEfscEuXOgd+z9aXLBXjEEPedzVAs84fAo981ap4xVmbB7gZOPwDM0jWWrGhv94WbWG5ZA7RjoAdp7EscCtv68r2gudagfxvaRHFQntgZt0c5tJztleXYLjaSvH5Nk/TDnVmOKiVKz/DZLuUx80YTb0udtz4qmFxSLswVbCr5YDtkdfaZ2fef3uEq21siVe+KNwL3gurBSUMKiWAPcQiSlBFXOjt0dLT3juy3D7ck3RaLirq07xeJvrJwDghEpvSpZnPZf7v8UmyIyv90edjC/0YogJV962IMzoT8s8+179glEKQBNHHRPm0KdX1BKjOpAFhx3zcTK6cxbG5Zbjcq0Vw86SjsiO4gz8QkBda6o/AtvqdQ8KOg+IpfVJ/j9/zyIeU1Ep9oWXzmx8i2s+rSTkNTdvi1lTKGpTCD2jFa5uxisR5dVoeKxMsJNaS7NxjIo0ZARriwGMnh+s8mA3ZZVYqnKJsGMUs02I0aSd0QU=", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLTxDZjy70GF3lZIePu/yz0lqaglkIYm2actUb4/Fq43z1VkSsdUKknCZuMnnAuHoAI3nMs8bmm5Ba9Kc9mqfZg8A6LYUYjUbRyv1qUgfok80G4k6JqUdly9E6CiI301ysxbqzYMyX0uWz3K/mY3kClNJJVuNXw+pDu9Obm8g2BDBVH9ecQ+IVtrt8s2rwoBzb2uSCLdqpTGQvo3RF5Ds4x7uSYyMNPvyQfewUnF60PPe/BlPL1DGFXX9xYxIMnbAuQ/KnpdyB216AnOd1xakY0l7n7iw6CNbbusN0WwnuyeWtO3sD7dNBaSd6ZtwU9Vaw0tZYbrvVc2ZIG6wLX+semg//DWwvcPxAZGSUyg3KjmTS0iWLCB93bif/tzrim/cZXfe2LPYAIXtWMEELzt+iUbKOMx9zrmjZ1gcaNLOTPY4XYTSwJslER5DScz1W9VtL7cKDe+2JVsrwSIb3MMq9XwIAFptApZBlhkjLLFBu0oBJ1z8JKD9mkJb3S2uH4icsGgZU7mY8n7xl3rSurSHuM8y5gAhy7fso0U/Rk7hsUjhElwTxMRtU+zjyV8G3pUyN4yx8uYEz3KPAO/aWrZqO0uoqj+F1Mb71Bn1wNUK5QnPaDEH1ByzTGIAIyJgs++i/KxiTwIskpR02ZrN87cw8ZzDSnL/fegF12UQhzN4o5Q==", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNEsOytypejPqd4csAycRShsJAtCKAy/PxXtTzcpoU7PTLaxTGiZUGhZ33pZ86/hzyA8/GksvHsYj3tumILe1HTdV2rKGkbRIYJ8sAEkmhKtEiC0PuXVCLS4zy7YMOIQAJ1edn0RUqvAe+rb/E50eucqzJeMriEuWUtrLZpRRaUCQOmqTkTpxHR3T+5TF+ia/ii4ZY3VwsChVrPHfoVNk3NGSb8hPsjuSE61kwYxI135hHK2ZI9iv/QKUUrR9xFaMGMCAPX+9C1EhclwkeB1t4EKwam6qQs15jnhBO7kEq9oCX7vjrmra5neQD7yxkM+I0aJTYRfmldlyf/pWpGXxPn55f1eLFH5uTKxCnEJepe5P1jm24vvTdij9DF256GVjEwBrZ0ro8Pg45PT4ZT/jkAkfC+SLpQutcDggvNbOOUOjCak/lBv5bAIQOe/sbfIW6NOdWSNm6HZShYZUAfik1oXu2VasCZHcyNpwGx3p3Cr7HSVInDpzC9WGzv+hOzJ8=", + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8N+eYfTO7cF0d7AAnDceARMG6ftHfomgJ4UZb2HuRe", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQComgPcG3DJaOI/Hj6SteEvwuIObe9qSLdecDHmAPLbhyvClEKN7i2AVc0UHCY10Lxxc0XsLuNPgHZYlWk1Ii9SFMHE/60MdlpP7TvcUdLBTuy0Byhx7i+0LO+vMTDJMWsil8Ivgc9xCT6iL5a/kEc3AR7FQwf3K/3jidyLpLFBy+Nliz060Y5j7X+u5sqPogdoa47qdSOJCzCD7DfThaxyPLcnNiGuco/5OoAujC/ZLCFgj2JnIrsf3ZAvl8yzrJfH3KtDK3klNlA5oc2+l92NOcTdasE7iTHZfZg3HXWvdKP5U63FsXNzisIeHkmjs4AtuTvTyCam2PEKwPuy1X+ogTBTKTSAlud5rkDeoGBIyhbO6gZTQnqb8dyLpD4mz2Fyn/6k97YcZn3KVgS6OTEzHhOOhEd1OlFlRgNdREw3YqL4B2ooq/In0GJjhPHQg6L8cyyhL+oPm2noQUp8jw9Sp42EHDgG33dYPiwbQ2eq6Ql2PLCc0M8YXJdVtFhENV6zoPTtosxx4OEWtauoART931a000/qa51cvuJX7bSEvJGhGUh3sTSYGke3X0gQKMHtVh/5iDcb0IowW0J/e/UnITwP6FgTE2AhOsEXaoJiSd4BcUUDG1mHMuLKxRSFw63V7T0XTOHSousHS8QNKMJoNe1PcaArFCJ+gOZmY68Mzw==" + ] + } }, "server-group": [ { @@ -1254,25 +1685,57 @@ } ] }, - "srl_nokia-gnmi-server:gnmi-server": { - "admin-state": "enable", - "network-instance": [ - { - "admin-state": "enable", - "name": "mgmt", - "tls-profile": "clab-profile" + "srl_nokia-dns:dns": { + "network-instance": "mgmt", + "server-list": [ + "10.171.10.1", + "10.171.10.2" + ] + }, + "srl_nokia-grpc:grpc-server": [ + { + "admin-state": "enable", + "name": "insecure-mgmt", + "network-instance": "mgmt", + "port": 57401, + "rate-limit": 65000, + "services": [ + "srl_nokia-grpc:gnmi", + "srl_nokia-grpc:gnoi", + "srl_nokia-grpc:gribi", + "srl_nokia-grpc:p4rt" + ], + "trace-options": [ + "request", + "response", + "common" + ], + "unix-socket": { + "admin-state": "enable" + } + }, + { + "admin-state": "enable", + "name": "mgmt", + "network-instance": "mgmt", + "rate-limit": 65000, + "services": [ + "srl_nokia-grpc:gnmi", + "srl_nokia-grpc:gnoi", + "srl_nokia-grpc:gribi", + "srl_nokia-grpc:p4rt" + ], + "tls-profile": "clab-profile", + "trace-options": [ + "request", + "response", + "common" + ], + "unix-socket": { + "admin-state": "enable" } - ], - "rate-limit": 65000, - "trace-options": [ - "request", - "response", - "common" - ], - "unix-socket": { - "admin-state": "enable" } - }, + ], "srl_nokia-json-rpc:json-rpc-server": { "admin-state": "enable", "network-instance": [ @@ -1436,7 +1899,30 @@ } ] }, - "srl_nokia-ssh:ssh-server": { + "srl_nokia-ssh:ssh-server": [ + { + "admin-state": "enable", + "name": "mgmt", + "network-instance": "mgmt", + "use-credentialz": true + } + ], + "srl_nokia-system-banner:banner": { + "login-banner": "................................................................\n: Welcome to Nokia SR Linux! :\n: Open Network OS for the NetOps era. :\n: :\n: This is a freely distributed official container image. :\n: Use it - Share it :\n: :\n: Get started: https://learn.srlinux.dev :\n: Container: https://go.srlinux.dev/container-image :\n: Docs: https://doc.srlinux.dev/24-3 :\n: Rel. notes: https://doc.srlinux.dev/rn24-3-2 :\n: YANG: https://yang.srlinux.dev/release/v24.3.2 :\n: Discord: https://go.srlinux.dev/discord :\n: Contact: https://go.srlinux.dev/contact-sales :\n................................................................\n" + }, + "srl_nokia-system-snmp:snmp": { + "access-group": [ + { + "community-entry": [ + { + "community": "$aes1$AWBtjFCTurY1fG8=$pH/M5cgn/zKEl7OuOv8HSA==", + "name": "RO-Community" + } + ], + "name": "SNMPv2-RO-Community", + "security-level": "no-auth-no-priv" + } + ], "network-instance": [ { "admin-state": "enable", @@ -1444,15 +1930,12 @@ } ] }, - "srl_nokia-system-banner:banner": { - "login-banner": "................................................................\n: Welcome to Nokia SR Linux! :\n: Open Network OS for the NetOps era. :\n: :\n: This is a freely distributed official container image. :\n: Use it - Share it :\n: :\n: Get started: https://learn.srlinux.dev :\n: Container: https://go.srlinux.dev/container-image :\n: Docs: https://doc.srlinux.dev/0-0 :\n: Rel. notes: https://doc.srlinux.dev/rn0-0-0 :\n: YANG: https://yang.srlinux.dev/v0.0.0 :\n: Discord: https://go.srlinux.dev/discord :\n: Contact: https://go.srlinux.dev/contact-sales :\n................................................................\n" - }, "srl_nokia-tls:tls": { "server-profile": [ { "authenticate-client": false, - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDrTCCApWgAwIBAgIUM35+H0DzlBw0HuJKNkph1GZ3jUowDQYJKoZIhvcNAQEL\nBQAwMzEVMBMGA1UEChMMY29udGFpbmVybGFiMRowGAYDVQQDExFhbnNpYmxlbGFi\nIGxhYiBDQTAeFw0yMzAyMjQxMzU4MDBaFw0yNDAyMjQxMzU4MDBaMDMxFTATBgNV\nBAoTDGNvbnRhaW5lcmxhYjEaMBgGA1UEAxMRc3JsLmFuc2libGVsYWIuaW8wggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAR2MU3oYc+80VzjvGEDPDB3pU\nB4dVR+NJx4pqShZ5nTgnqQXc2iiQIYMFiS5NIz4gzuN1Jv9dhsxCrcl4Ss7ZwI3T\nin+kGJBBwTPJ2BB5gbQ6eBK4kzTAofrEP8UV0JqpvDwjxvfYy2XXIAeXI8hxvGyv\nQnO6Nx/qpICahVDjrgQZM1YvBsNWhDyifV0/BU4d0QhUXQ1SRUQNQXG6F4p3fCzn\nnKuTLn4bhi9RVsgktF8IrpR9/Gj+cPE8fPXjSolGLDbh7ADZORnp1z+KQGjp5Y2M\ne8GNyB09KmBi8dZeKzyUqzdQx249Ply9g+0DGfmDOYlesSYvzRI4eiL1y3VRAgMB\nAAGjgbgwgbUwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr\nBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQlh8Zll7vBjuHyaFvqJxuG\n6GVvOTAfBgNVHSMEGDAWgBSqM3Xl1qLSqdOu1t8r3esFZgdB2zA2BgNVHREELzAt\nggNzcmyCE2NsYWItYW5zaWJsZWxhYi1zcmyCEXNybC5hbnNpYmxlbGFiLmlvMA0G\nCSqGSIb3DQEBCwUAA4IBAQAK01yoaxYgV4AKR30T8lKr8PFflApqpO9MyymMkOUS\nR/YleBVY7Ncl9tMTXJCA9hUZOw/nNRT9BQztDiv6SR5WA5VaB5u09/cXTT47/b4v\noByZ2ICkymopXfWttWMwRXHghxoxD60F2qxRO317yYLc8uJWPTQ0/qDdrQOB6vYc\nrtYrSOLDoHaQQpfFE2N4ZRJvneiYvEPCBULKR8f9WY/OdanqT0x0bc+uDpg+l6ev\nhIN494PzhRihJvuHhozHyEOjYrV3jZNvE60PCbfzs2USAZ2/uzG6FsGmQgNL1KMy\nkjtKE6rdm7v9NiVYnAgmIJIy4Val7u1xZGl8gK0cZRu3\n-----END CERTIFICATE-----\n\n", - "key": "$aes$cqqFic+wozOA=$4EbaSOyQpY6OCMsnDvXG9MvD1AiA0v9OxCzKYBvJLR5jhMsBH5ytO87+YuI9/jsykHI1mhOet4S4CoQwa0qRHOfPEgLjPyARdwSK7ObcjxSg7MgoQ43l0CK/WkhZhfO4PcujKJLx8gxx5zQt5MHtXTdCo5+n0095kV+iBxyq/ArledE48J5RJPLOtXlVUl1lGIgHuBrnZDhTOlDbHVg2Zty8GKHOnPfQd5tlmmD7JfQDAZMc9qLeMhWdTuIgpBrWqW/3Q60BGTQCtV1NDfXOMKDcWbJZqWgMtmApteBZ+EOHNuc2pcNOMPLCBncKBCxTdTwR/07d/ciF+b0IstfWqyyy7joct4ZoO8f9KkNIuxeGEQguQnXi+J9PKHkP2xUW6EOhsM7x60zDuPBzs/Nv8HPPQXJ8VyOvmlw1msQiQcXT90Bty0XlL/Pjs+paPDMWSvCh7dFSQ3CysRZU6yG1/hY8c/3pYTXzHtW4Kmol1ITPxoduoNP60oxBX9Otum+9lZfPrsj3Ix5ltdHlXTmDTDmuH7JKuZmhbp0DCMJqYTMFL8UWbQNVriwE6ivtw5PNX2L73prkwxFi59kmNAW1hqjGYSS2giTu74txbdhC82svE1VpOHknKlsPDYn7tVA/7rlE4Q3Hq0w2L8AzCIveCLIn4iU0FwqELfXZXPzbfCfuHCWZCe4tWN0oZ3/E0sHWEF0mcWjaGAukFineDVow6hzjQJInkiKaXXzruC5VS2vGj2G435okU95sKzpJx5shqAIle/StahuNZoA/ymXbKkcQFmpRy4Bni7/0RW8aZUL5EpSXd08b3s+zqnStcLb7Wp3bbJdu9sznF3cJ+uqCqUdIl2DDu1QHGMFTsuEd1Lb2Xv0RrHuHaPwtRyIUrYV/Wi4N6oDPSWB5p6GHiieDuj9F4jZ/U50BMEW29dH6/hhmV6zAFrr2XFrhcZrKRc2caFPyCxfalD6gUj9kFM0StBaRp31UdMg7vP/SP4HJFv1CTO6X8PxQEH8WPIjV4EV0++uY4YaCakT/PO58MZhrj0k6aRnGop09K13hlwOiFb1TvelgsRVpcqKyftlShQC49J4oXGFxaic7KXQxqHV+zBi3VW1CVKldELcGrOwPmOXMEJjYXxslSVExpN3qFIU3pglfQmkh+Qs0bgmLrM1jEfENzQAmH7d1LHJShs8muMEhVDZbXooqR373nah1lPsCQ65kpspBTdGZo04MqEOF5T+fcsSeWnqnR0Bsoe09V4VNKl2DmhvGO1cOPQ2BupHL0jWSdRBGw/iv0Tid9QC/J5KlfHxCPeVZyurDT2pQIDgxxfNv7M6mAf/LaSHsxITsGgqGHKXa0ZWRSQoD9/Nh1FdO7/1EQROjHxCs5Rp0k+DNB1mKKt7kr053rMLqmpTA04A07POWfb8mhscfTzFTQ21VwGm1iDYAFFLWg+HTxVL2f2gRIzTViCQ0N8v9ex30tBnMRFku5UAsAgmV315OLHBfDQ9OJ78PoSGMXLW66NFHLhTxKg7HA53MBmxJaeEIFy4nzpF6yjWXqbe9aqtiWafA0xShBisggBgf2GYrQGAblM3G1x+k7ZXFczF7Bm1Xccem/7KYYR2UukN89XDKV7+vWV/vuXQnl38J4mD8/XPJTKVWKKbIjeQCetGL9YVsqzcEQd5rfcx4I+vCV94nzjl0U6DUfr7GNBovYcs29pJkT078abhDwkne31K7OVcUSHFdCj3YJEBx9LEWnodFf9R2B510Iwa4B26sN5ZmQUfeZTTmL2QfFpbD6AlqfRCQZjkpB3cPqhwMb8kGFk0q1yd8UclcoTvOVmtmTFWOc5xJkAH7vQxXzkmvu7ws2cSpi3xvkq3ezCftqmVgw9hNzPN1oDg+41I6x9zLgoAq+xUOFA51zaPizo/X1JyNS0YFc/A5/b92eTiM3Z0RyMARjRX3nyUQ4+qMVFyxjKaaYkl5HgwTDVxP5DXd03tvZ+L6Ihc6/KDAvQt1F/p+kKY8ohXpKojS2+5+3PCk33bvXuGPkWSP3xJzkzdlcUIHaVtzt1tOV7ObSQw++WA7FMImSrPT05CXhwU2Y1xNe3g0p8YGdITyNuogFlHSi/8jvnMq056WeX7CseYzxoTkZxyibO90onZEqXzeCTkqMN4dnGLYlFSlZBk1dZE1e5+xvJ5P7l6q72HGiz4oqP0dd1RFZVP08q0GqjeMXg+3rDo0j/xPHGBjZSh4C42GDRhhY4NT", + "certificate": "-----BEGIN CERTIFICATE-----\nMIID0DCCArigAwIBAgICBnowDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCVVMx\nCTAHBgNVBAcTADEVMBMGA1UEChMMY29udGFpbmVybGFiMQkwBwYDVQQLEwAxFzAV\nBgNVBAMTDmFuc2libGUgbGFiIENBMB4XDTI0MDYyMjE1MDk1NFoXDTI1MDYyMjE1\nMDk1NFowUzELMAkGA1UEBhMCVVMxCTAHBgNVBAcTADEVMBMGA1UEChMMY29udGFp\nbmVybGFiMQkwBwYDVQQLEwAxFzAVBgNVBAMTDnNybC5hbnNpYmxlLmlvMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfMTDTDaVdyFORkN8PEkjPcTeei9\nOnMXMPtX4gHGrC/2JUmUJVdT8T5QBLEzCICQGJYpm4J1K7K/OWAFUIffZlR0oLQT\nXb9vW+aXsabxyZ8uFoDq5/PrMqTl/hze6jNmtgZTULOAazFGY+ULXKDyDlDZv+12\nqdXbgEnu7Ooued8bcb9wCR85wbKhoeD1FT48ifQIk6eAU8xNyy6PiMW/4xYF4+m1\nBcqPYTrkTCZxsdfXPEDEPZn30Arwpavv+Uy8VX626uiNIHY28Qc9Qw1m+7HTHy8j\n+9K0xQ+r0EHjw6WQWpe3Qs5Js0I4Z2RSDZZWQpx4dSaZrjyOchGeo/+y4wIDAQAB\no4GtMIGqMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB\nBQUHAwEwDgYDVR0OBAcEBQECAwQGMB8GA1UdIwQYMBaAFNLlMFe7s2fIb4VLOFmE\ng5+ebA23MEgGA1UdEQRBMD+CA3NybIIQY2xhYi1hbnNpYmxlLXNybIIOc3JsLmFu\nc2libGUuaW+HBKwUFAKHECABAXIAIAAgAAAAAAAAAAIwDQYJKoZIhvcNAQELBQAD\nggEBABQxO1P8xid+ZNhjlT1L+HEf3mOlxy76DBF4jni6yaPPHQqbKXHWUh9hFMLK\nY4uo/XIdx5oeIG8xrJ/4UCzWMiV7bGzw19kXm7L+u17IN42Wgtx0o50mrKOuc4d7\nO9cgF/9tE0T5AJVOtskDHgEI71RFxfC8+NEwZkKtB6nN78en03/JDPKjRlOEc+XM\n92/C743EZK6ttQpliFkohYZKWLdML8SRX2R/P5ks4qlhxw14TbLNVOT7tkdfJZBe\npDERkQUHB6vJh7Sd1tNixdK+CndDqUEbaKSGA1/3gwQ259lQvwcgzRowgCdxtlxW\nwDk+ysL4hAnVWCOrdlbipGFlS6U=\n-----END CERTIFICATE-----\n", + "key": "$aes1$ATSWKgszP5gks28=$0SduUiumzR1/sZ5kOtMirQia+45v1bYv6crBTnuAbXfFhKRLstMSAlZGKtDyXedSW2wAv99XubAewY2/ndSur0QcxVqOAaT0A9tHzr44KcDGvonSdChoP9nDg+4EgRYPH18l6/d26OjutuXicDBaRMRa5UIWvhaVU44hF9DLYsujPP2W/jwT50Fw1hQm/T4s9CgD69uGraLvnuBHusTgkQSpHzK++/xzuvDbnlv00jYlc0fAJgV7rePYQDIYoTIrPwfo7DiGK7/vfGDaFNyq2urH5p4R3jPugQo61J7aegp2MT6xtAiiuPawPTjVJYP/ZMJGqXR84HxyzeLShq5jSge2qcYDNO/23pJ5zwJ49+mde1AeCT8vfq+Rfshfclyxi0EZQEYwS6yc5QrXyRxOr6WETTGutqHSs24EFvWBpV5KmAPWuHzoZ2838Rzt33NiQCQaBgHgdSCghF1MfRs6uq1QS23Fzj0hp0F4Ukp0KdBpwTNJ9yTJD2yxVvz0Jwv4XdzkwhR08OWsDl4HXAg0pGdS1d0edpnqKtV1RS+MoQRC//DuknjwI6o3Hc5LByxzW+jmYsd2ZNnUs7dB+k5x2n7K+Uim0Dt8UiO8deExuwNFq7HvIYx18xWdmGHsIkf9Zm3JMuntEVk6OxOYy/j2NQV6R+vo2ybc66hOKxlackBXOdKJ9QwG6L3DIuuE3PjT6a2Qq1VQYWcYWRtnc7JJ6mcx5SuYTvbZtHldiaL/oH2Fn6Ql9pkBoW/GS3r+MVh6rBKNd8dWPbvDqXgFEZPz/9elf4jCxCSnpdf3vaLgDymp3BaIpC8wthbe6Mosw6uNQJWIvNxsc/onIT+NWtlCS6tH7nwCwi/5XM9JCF2DWPMJ1QtkG853kLmMh8/PC5YILoTbkILdzXfCbsyWWyVXMqelFX1vvC0eQ0aRtmioSrqIqYhlUTARk6NC+jXjp5os4IeXADbuq3OfaIbtdo9iKNv+MYxqgB2PRINgTzvKYhCuxqca/q+cgguaTDWNG96jyjyL1SGkciJ0AOQ1BMH6sRl5PExoxHY65Ql1bG4neBpg+9bJTEN4AHWHTu3Eh1FYqc9OUuI1UWJHY4/pmt5uU7x2WZQ/kSSu7zrxsLwEku7S77x4k8Gs/3+MkfBp/KX6YeCZ2EeHGUjH0TZs2+Y1HUDJifBVTJz7YFsx5j73sSSZ4gtd9W9bBQ3hnKOTYFItM2TIYGd5h0jU3lnWoTgDSkvMenpPhiA1X3dHKc2jxWkBd8dzmn88W5KYWAlUOHtRi4KiQdIx42e1jOB0CJReGVOD9XleKJWC3GW2qTv3xLWjbX3T5pzn3xH0UAH2uQBX1833xOhTaqxl4OqNdtMqRmnFy59n/FUiM00qkM+2R2Qr2lm9oVY26aO5781WslGBx3Yb/gIIAYWmk3svMmjEsFV8csserfqxhenfZwiQOKKHOHuTT2KtKH1oGz4glSP1J/kjhTJ4AXUBy2WpdZf+bjC9XQDoHJu+NYOu1jppMSEJ9CnvipVGLLdoeoSubcex4Rx+JG7tVCOEmbxJQ+InAo9IGUOIcB75q0hZef677fxDXDf4BDaSUGQh8cH4mVgkOCupOXEbp/ht0qeTp15chItXGlNEoN/5IYTKLrFPaOdvAHObXMbSgFR8Nm+h2coyPS3tGVQeDKVV45CWxVOpmaaTXHWsOAyHBoaAINhzULST+qMi2zoHStcaZxO4I1EatmuUHkMywb3vp7co9yruRrStN440k6n53yEdVj511uG/CIyyK4lPlbxNSgPrHII5on5YI4X9SMozOVTb/YLFajdl/Lr38i0iphySg4ZRQvDTe55q6wG6xxUiunAdV+FQhaCTTILTM5qhvw/7ecdrfognQhzT3UkRHrxmFfXe+5xEeazWZfjSOBdVDUl0vZjsbnO5rKzuPgYg/PmYi2CerrzqfQiYJ0qErheVjwmCXqS+7udbynDB1rypMeJxSUBtz+KDvitR4m/ZU/1RsZVf/WaxMegcrJqq+YJ7l1YbRw5J0r59lm8EhVZdjVJ1ccXUtP66tASnvZTs5dxIkY5pCjZqBmnZWyZFStakyMlJzkAB96GQZRIn+bXcBvNvmoQGubzH+VP75Mn5wop9bF3txzv7+TFi0kT9zkQZHHhrbyAlvKwyGYfruuJLT/HV8yqo8ITfTCkuSSMg7n/qBdIN1vxglhQgq+TFXvuew5GE3BHyqm5iEFTBIfVxAU3o7N90", "name": "clab-profile" } ] diff --git a/tests/playbooks/golden/clab-ansible-srl.cfg.json b/tests/playbooks/golden/clab-ansible-srl.cfg.json index 706d686..286887f 100644 --- a/tests/playbooks/golden/clab-ansible-srl.cfg.json +++ b/tests/playbooks/golden/clab-ansible-srl.cfg.json @@ -1,7 +1,7 @@ { "srl_nokia-acl:acl": { - "cpm-filter": { - "ipv4-filter": { + "acl-filter": [ + { "entry": [ { "action": { @@ -13,18 +13,12 @@ }, "description": "Accept incoming ICMP unreachable messages", "match": { - "icmp": { - "code": [ - 0, - 1, - 2, - 3, - 4, - 13 - ], - "type": "dest-unreachable" - }, - "protocol": "icmp" + "ipv4": { + "icmp": { + "type": "dest-unreachable" + }, + "protocol": "icmp" + } }, "sequence-id": 10 }, @@ -38,29 +32,14 @@ }, "description": "Accept incoming ICMP time-exceeded messages", "match": { - "icmp": { - "type": "time-exceeded" - }, - "protocol": "icmp" - }, - "sequence-id": 20 - }, - { - "action": { - "accept": { - "rate-limit": { - "system-cpu-policer": "icmp" - } + "ipv4": { + "icmp": { + "type": "time-exceeded" + }, + "protocol": "icmp" } }, - "description": "Accept incoming ICMP parameter problem messages", - "match": { - "icmp": { - "type": "param-problem" - }, - "protocol": "icmp" - }, - "sequence-id": 30 + "sequence-id": 20 }, { "action": { @@ -72,10 +51,12 @@ }, "description": "Accept incoming ICMP echo messages", "match": { - "icmp": { - "type": "echo" - }, - "protocol": "icmp" + "ipv4": { + "icmp": { + "type": "echo" + }, + "protocol": "icmp" + } }, "sequence-id": 40 }, @@ -89,10 +70,12 @@ }, "description": "Accept incoming ICMP echo-reply messages", "match": { - "icmp": { - "type": "echo-reply" - }, - "protocol": "icmp" + "ipv4": { + "icmp": { + "type": "echo-reply" + }, + "protocol": "icmp" + } }, "sequence-id": 50 }, @@ -102,11 +85,15 @@ }, "description": "Accept incoming SSH when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 22 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 22 + } + } }, "sequence-id": 60 }, @@ -116,10 +103,14 @@ }, "description": "Accept incoming SSH when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 22 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 22 + } } }, "sequence-id": 70 @@ -128,29 +119,37 @@ "action": { "accept": {} }, - "description": "Accept incoming Telnet when the other host initiates the TCP connection", + "description": "Containerlab-added rule: Accept incoming Telnet when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 23 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "source-port": { + "operator": "eq", + "value": 23 + } + } }, - "sequence-id": 80 + "sequence-id": 88 }, { "action": { "accept": {} }, - "description": "Accept incoming Telnet when this router initiates the TCP connection", + "description": "Containerlab-added rule: Accept incoming Telnet when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 23 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 23 + } } }, - "sequence-id": 90 + "sequence-id": 98 }, { "action": { @@ -158,11 +157,15 @@ }, "description": "Accept incoming TACACS+ when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 49 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 49 + } + } }, "sequence-id": 100 }, @@ -172,10 +175,14 @@ }, "description": "Accept incoming TACACS+ when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 49 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 49 + } } }, "sequence-id": 110 @@ -186,10 +193,14 @@ }, "description": "Accept incoming DNS response messages", "match": { - "protocol": "udp", - "source-port": { - "operator": "eq", - "value": 53 + "ipv4": { + "protocol": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 53 + } } }, "sequence-id": 120 @@ -200,11 +211,15 @@ }, "description": "Accept incoming DHCP messages targeted for BOOTP/DHCP client", "match": { - "destination-port": { - "operator": "eq", - "value": 68 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 68 + } + } }, "sequence-id": 130 }, @@ -212,29 +227,19 @@ "action": { "accept": {} }, - "description": "Accept incoming TFTP read-request and write-request messages", + "description": "Containerlab-added rule: Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 69 + "ipv4": { + "protocol": "tcp" }, - "protocol": "udp" - }, - "sequence-id": 140 - }, - { - "action": { - "accept": {} - }, - "description": "Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection", - "match": { - "destination-port": { - "operator": "eq", - "value": 80 - }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 80 + } + } }, - "sequence-id": 150 + "sequence-id": 158 }, { "action": { @@ -242,10 +247,14 @@ }, "description": "Accept incoming HTTP(JSON-RPC) when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 80 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 80 + } } }, "sequence-id": 160 @@ -256,10 +265,14 @@ }, "description": "Accept incoming NTP messages from servers", "match": { - "protocol": "udp", - "source-port": { - "operator": "eq", - "value": 123 + "ipv4": { + "protocol": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 123 + } } }, "sequence-id": 170 @@ -270,11 +283,15 @@ }, "description": "Accept incoming SNMP GET/GETNEXT messages from servers", "match": { - "destination-port": { - "operator": "eq", - "value": 161 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 161 + } + } }, "sequence-id": 180 }, @@ -284,11 +301,15 @@ }, "description": "Accept incoming BGP when the other router initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 179 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 179 + } + } }, "sequence-id": 190 }, @@ -298,10 +319,14 @@ }, "description": "Accept incoming BGP when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 179 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 179 + } } }, "sequence-id": 200 @@ -312,11 +337,15 @@ }, "description": "Accept incoming HTTPS(JSON-RPC) when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 443 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 443 + } + } }, "sequence-id": 210 }, @@ -326,10 +355,14 @@ }, "description": "Accept incoming HTTPS(JSON-RPC) when this router initiates the TCP connection", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 443 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 443 + } } }, "sequence-id": 220 @@ -340,11 +373,15 @@ }, "description": "Accept incoming single-hop BFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 3784 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 3784 + } + } }, "sequence-id": 230 }, @@ -354,11 +391,15 @@ }, "description": "Accept incoming multi-hop BFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 4784 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 4784 + } + } }, "sequence-id": 240 }, @@ -368,11 +409,15 @@ }, "description": "Accept incoming uBFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 6784 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 6784 + } + } }, "sequence-id": 250 }, @@ -380,13 +425,17 @@ "action": { "accept": {} }, - "description": "Accept incoming gNMI messages when the other host initiates the TCP connection", + "description": "Accept incoming gRPC messages when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 57400 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 57400 + } + } }, "sequence-id": 260 }, @@ -396,32 +445,19 @@ }, "description": "Accept incoming UDP traceroute messages", "match": { - "destination-port": { - "range": { - "end": 33464, - "start": 33434 - } + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" - }, - "sequence-id": 270 - }, - { - "action": { - "accept": { - "rate-limit": { - "system-cpu-policer": "icmp" + "transport": { + "destination-port": { + "range": { + "end": 33464, + "start": 33434 + } } } }, - "description": "Accept incoming ICMP timestamp messages", - "match": { - "icmp": { - "type": "timestamp" - }, - "protocol": "icmp" - }, - "sequence-id": 280 + "sequence-id": 270 }, { "action": { @@ -429,7 +465,9 @@ }, "description": "Accept incoming OSPF messages", "match": { - "protocol": 89 + "ipv4": { + "protocol": 89 + } }, "sequence-id": 290 }, @@ -439,11 +477,15 @@ }, "description": "Accept incoming DHCP relay messages targeted for BOOTP/DHCP server", "match": { - "destination-port": { - "operator": "eq", - "value": 67 + "ipv4": { + "protocol": "udp" }, - "protocol": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 67 + } + } }, "sequence-id": 300 }, @@ -457,8 +499,10 @@ }, "description": "Accept ICMP fragment packets", "match": { - "fragment": true, - "protocol": "icmp" + "ipv4": { + "fragment": true, + "protocol": "icmp" + } }, "sequence-id": 310 }, @@ -468,10 +512,14 @@ }, "description": "Accept incoming LDP packets", "match": { - "protocol": "udp", - "source-port": { - "operator": "eq", - "value": 646 + "ipv4": { + "protocol": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 646 + } } }, "sequence-id": 320 @@ -482,10 +530,14 @@ }, "description": "Accept incoming LDP packets with source-port 646", "match": { - "protocol": "tcp", - "source-port": { - "operator": "eq", - "value": 646 + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 646 + } } }, "sequence-id": 330 @@ -496,11 +548,15 @@ }, "description": "Accept incoming LDP packets with destination-port 646", "match": { - "destination-port": { - "operator": "eq", - "value": 646 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 646 + } + } }, "sequence-id": 340 }, @@ -508,63 +564,188 @@ "action": { "accept": {} }, - "description": "Accept incoming gRIBI packets with destination-port 57401", + "description": "Containerlab-added rule: Accept incoming gRPC over port 57401 for the insecure-mgmt gRPC server", "match": { - "destination-port": { - "operator": "eq", - "value": 57401 + "ipv4": { + "protocol": "tcp" }, - "protocol": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 57401 + } + } }, - "sequence-id": 350 + "sequence-id": 358 }, { "action": { "accept": {} }, - "description": "Accept incoming p4rt packets with destination-port 9559", + "description": "Accept incoming IGMP packets", "match": { - "destination-port": { - "operator": "eq", - "value": 9559 + "ipv4": { + "protocol": "igmp" + } + }, + "sequence-id": 370 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming PIM packets", + "match": { + "ipv4": { + "protocol": "pim" + } + }, + "sequence-id": 380 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming RADIUS AAA packets", + "match": { + "ipv4": { + "protocol": "udp" }, - "protocol": "tcp" + "transport": { + "source-port": { + "range": { + "end": 1813, + "start": 1812 + } + } + } }, - "sequence-id": 360 + "sequence-id": 390 }, { "action": { "accept": {} }, - "description": "Accept incoming IGMP packets", + "description": "Accept incoming PTP messages with destination-ports 319 and 320", "match": { - "protocol": "igmp" + "ipv4": { + "protocol": "udp" + }, + "transport": { + "destination-port": { + "range": { + "end": 320, + "start": 319 + } + } + } }, - "sequence-id": 370 + "sequence-id": 410 }, { "action": { "accept": {} }, - "description": "Accept incoming PIM packets", + "description": "Accept incoming PCEP packets with destination-port 4189", "match": { - "protocol": "pim" + "ipv4": { + "protocol": "tcp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 4189 + } + } }, - "sequence-id": 380 + "sequence-id": 420 }, { "action": { - "drop": { - "log": true + "accept": {} + }, + "description": "Accept incoming SBFD session messages", + "match": { + "ipv4": { + "protocol": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 7784 + } } }, + "sequence-id": 430 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming SBFD session messages", + "match": { + "ipv4": { + "protocol": "udp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 7784 + } + } + }, + "sequence-id": 440 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming LSP MPLS Echo requests and replies", + "match": { + "ipv4": { + "protocol": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 3503 + } + } + }, + "sequence-id": 450 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming LSP MPLS Echo requests and replies", + "match": { + "ipv4": { + "protocol": "udp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 3503 + } + } + }, + "sequence-id": 460 + }, + { + "action": { + "drop": {}, + "log": true + }, "description": "Drop all else", - "sequence-id": 390 + "sequence-id": 1000 } ], - "statistics-per-entry": true + "name": "cpm", + "statistics-per-entry": true, + "type": "ipv4" }, - "ipv6-filter": { + { "entry": [ { "action": { @@ -576,19 +757,12 @@ }, "description": "Accept incoming ICMPv6 unreachable messages", "match": { - "icmp6": { - "code": [ - 0, - 1, - 2, - 3, - 4, - 5, - 6 - ], - "type": "dest-unreachable" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "dest-unreachable" + }, + "next-header": "icmp6" + } }, "sequence-id": 10 }, @@ -602,10 +776,12 @@ }, "description": "Accept incoming ICMPv6 packet-too-big messages", "match": { - "icmp6": { - "type": "packet-too-big" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "packet-too-big" + }, + "next-header": "icmp6" + } }, "sequence-id": 20 }, @@ -619,29 +795,14 @@ }, "description": "Accept incoming ICMPv6 time-exceeded messages", "match": { - "icmp6": { - "type": "time-exceeded" - }, - "next-header": "icmp6" - }, - "sequence-id": 30 - }, - { - "action": { - "accept": { - "rate-limit": { - "system-cpu-policer": "icmp" - } + "ipv6": { + "icmp6": { + "type": "time-exceeded" + }, + "next-header": "icmp6" } }, - "description": "Accept incoming ICMPv6 parameter problem messages", - "match": { - "icmp6": { - "type": "param-problem" - }, - "next-header": "icmp6" - }, - "sequence-id": 40 + "sequence-id": 30 }, { "action": { @@ -653,10 +814,12 @@ }, "description": "Accept incoming ICMPv6 echo-request messages", "match": { - "icmp6": { - "type": "echo-request" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "echo-request" + }, + "next-header": "icmp6" + } }, "sequence-id": 50 }, @@ -670,10 +833,12 @@ }, "description": "Accept incoming ICMPv6 echo-reply messages", "match": { - "icmp6": { - "type": "echo-reply" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "echo-reply" + }, + "next-header": "icmp6" + } }, "sequence-id": 60 }, @@ -687,10 +852,12 @@ }, "description": "Accept incoming ICMPv6 router-advertisement messages", "match": { - "icmp6": { - "type": "router-advertise" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "router-advertise" + }, + "next-header": "icmp6" + } }, "sequence-id": 70 }, @@ -704,10 +871,12 @@ }, "description": "Accept incoming ICMPv6 neighbor-solicitation messages", "match": { - "icmp6": { - "type": "neighbor-solicit" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "neighbor-solicit" + }, + "next-header": "icmp6" + } }, "sequence-id": 80 }, @@ -721,10 +890,12 @@ }, "description": "Accept incoming ICMPv6 neighbor-advertisement messages", "match": { - "icmp6": { - "type": "neighbor-advertise" - }, - "next-header": "icmp6" + "ipv6": { + "icmp6": { + "type": "neighbor-advertise" + }, + "next-header": "icmp6" + } }, "sequence-id": 90 }, @@ -734,11 +905,15 @@ }, "description": "Accept incoming SSH when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 22 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 22 + } + } }, "sequence-id": 100 }, @@ -748,10 +923,14 @@ }, "description": "Accept incoming SSH when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 22 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 22 + } } }, "sequence-id": 110 @@ -760,29 +939,37 @@ "action": { "accept": {} }, - "description": "Accept incoming Telnet when the other host initiates the TCP connection", + "description": "Containerlab-added rule: Accept incoming Telnet when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 23 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "source-port": { + "operator": "eq", + "value": 23 + } + } }, - "sequence-id": 120 + "sequence-id": 128 }, { "action": { "accept": {} }, - "description": "Accept incoming Telnet when this router initiates the TCP connection", + "description": "Containerlab-added rule: Accept incoming Telnet when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 23 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 23 + } } }, - "sequence-id": 130 + "sequence-id": 138 }, { "action": { @@ -790,11 +977,15 @@ }, "description": "Accept incoming TACACS+ when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 49 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 49 + } + } }, "sequence-id": 140 }, @@ -804,10 +995,14 @@ }, "description": "Accept incoming TACACS+ when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 49 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 49 + } } }, "sequence-id": 150 @@ -818,10 +1013,14 @@ }, "description": "Accept incoming DNS response messages", "match": { - "next-header": "udp", - "source-port": { - "operator": "eq", - "value": 53 + "ipv6": { + "next-header": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 53 + } } }, "sequence-id": 160 @@ -830,29 +1029,19 @@ "action": { "accept": {} }, - "description": "Accept incoming TFTP read-request and write-request messages", + "description": "Containerlab-added rule: Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 69 + "ipv6": { + "next-header": "tcp" }, - "next-header": "udp" - }, - "sequence-id": 170 - }, - { - "action": { - "accept": {} - }, - "description": "Accept incoming HTTP(JSON-RPC) when the other host initiates the TCP connection", - "match": { - "destination-port": { - "operator": "eq", - "value": 80 - }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 80 + } + } }, - "sequence-id": 180 + "sequence-id": 188 }, { "action": { @@ -860,10 +1049,14 @@ }, "description": "Accept incoming HTTP(JSON-RPC) when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 80 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 80 + } } }, "sequence-id": 190 @@ -874,10 +1067,14 @@ }, "description": "Accept incoming NTP messages from servers", "match": { - "next-header": "udp", - "source-port": { - "operator": "eq", - "value": 123 + "ipv6": { + "next-header": "udp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 123 + } } }, "sequence-id": 200 @@ -888,11 +1085,15 @@ }, "description": "Accept incoming SNMP GET/GETNEXT messages from servers", "match": { - "destination-port": { - "operator": "eq", - "value": 161 + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 161 + } + } }, "sequence-id": 210 }, @@ -902,11 +1103,15 @@ }, "description": "Accept incoming BGP when the other router initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 179 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 179 + } + } }, "sequence-id": 220 }, @@ -916,10 +1121,14 @@ }, "description": "Accept incoming BGP when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 179 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 179 + } } }, "sequence-id": 230 @@ -930,11 +1139,15 @@ }, "description": "Accept incoming HTTPS(JSON-RPC) when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 443 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 443 + } + } }, "sequence-id": 240 }, @@ -944,10 +1157,14 @@ }, "description": "Accept incoming HTTPS(JSON-RPC) when this router initiates the TCP connection", "match": { - "next-header": "tcp", - "source-port": { - "operator": "eq", - "value": 443 + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 443 + } } }, "sequence-id": 250 @@ -958,11 +1175,15 @@ }, "description": "Accept incoming DHCPv6 client messages", "match": { - "destination-port": { - "operator": "eq", - "value": 546 + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 546 + } + } }, "sequence-id": 260 }, @@ -972,11 +1193,15 @@ }, "description": "Accept incoming single-hop BFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 3784 + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 3784 + } + } }, "sequence-id": 270 }, @@ -986,11 +1211,15 @@ }, "description": "Accept incoming multi-hop BFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 4784 + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 4784 + } + } }, "sequence-id": 280 }, @@ -1000,11 +1229,15 @@ }, "description": "Accept incoming uBFD session messages", "match": { - "destination-port": { - "operator": "eq", - "value": 6784 + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 6784 + } + } }, "sequence-id": 290 }, @@ -1012,13 +1245,17 @@ "action": { "accept": {} }, - "description": "Accept incoming gNMI messages when the other host initiates the TCP connection", + "description": "Accept incoming gRPC messages when the other host initiates the TCP connection", "match": { - "destination-port": { - "operator": "eq", - "value": 57400 + "ipv6": { + "next-header": "tcp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 57400 + } + } }, "sequence-id": 300 }, @@ -1028,13 +1265,17 @@ }, "description": "Accept incoming UDP traceroute messages", "match": { - "destination-port": { - "range": { - "end": 33464, - "start": 33434 - } + "ipv6": { + "next-header": "udp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "range": { + "end": 33464, + "start": 33434 + } + } + } }, "sequence-id": 310 }, @@ -1044,7 +1285,9 @@ }, "description": "Accept incoming IPV6 hop-in-hop messages", "match": { - "next-header": 0 + "ipv6": { + "next-header": 0 + } }, "sequence-id": 320 }, @@ -1052,139 +1295,284 @@ "action": { "accept": {} }, - "description": "Accept incoming IPV6 fragment header messages", + "description": "Accept incoming OSPF messages", "match": { - "next-header": 44 + "ipv6": { + "next-header": 89 + } }, - "sequence-id": 330 + "sequence-id": 340 }, { "action": { "accept": {} }, - "description": "Accept incoming OSPF messages", + "description": "Accept incoming DHCPv6 relay messages", "match": { - "next-header": 89 + "ipv6": { + "next-header": "udp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 547 + } + } }, - "sequence-id": 340 + "sequence-id": 350 }, { "action": { "accept": {} }, - "description": "Accept incoming DHCPv6 relay messages", + "description": "Containerlab-added rule: Accept incoming gRPC over port 57401 for the insecure-mgmt gRPC server", "match": { - "destination-port": { - "operator": "eq", - "value": 547 + "ipv6": { + "next-header": "tcp" }, - "next-header": "udp" + "transport": { + "destination-port": { + "operator": "eq", + "value": 57401 + } + } }, - "sequence-id": 350 + "sequence-id": 368 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming MLDv1 report messages", + "match": { + "ipv6": { + "icmp6": { + "type": "mld-report" + }, + "next-header": "icmp6" + } + }, + "sequence-id": 380 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming MLDv2 report messages", + "match": { + "ipv6": { + "icmp6": { + "type": "mld-v2" + }, + "next-header": "icmp6" + } + }, + "sequence-id": 390 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming MLDv1 done messages", + "match": { + "ipv6": { + "icmp6": { + "type": "mld-done" + }, + "next-header": "icmp6" + } + }, + "sequence-id": 400 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming MLD query messages", + "match": { + "ipv6": { + "icmp6": { + "type": "mld-query" + }, + "next-header": "icmp6" + } + }, + "sequence-id": 410 + }, + { + "action": { + "accept": {} + }, + "description": "Accept incoming PIM messages", + "match": { + "ipv6": { + "next-header": "pim" + } + }, + "sequence-id": 420 }, { "action": { "accept": {} }, - "description": "Accept incoming gRIBI packets with destination-port 57401", + "description": "Accept incoming RADIUS AAA messages", "match": { - "destination-port": { - "operator": "eq", - "value": 57401 + "ipv6": { + "next-header": "udp" }, - "next-header": "tcp" + "transport": { + "source-port": { + "range": { + "end": 1813, + "start": 1812 + } + } + } }, - "sequence-id": 360 + "sequence-id": 430 }, { "action": { "accept": {} }, - "description": "Accept incoming p4rt packets with destination-port 9559", + "description": "Accept incoming PTP messages with destination-ports 319 and 320", "match": { - "destination-port": { - "operator": "eq", - "value": 9559 + "ipv6": { + "next-header": "udp" }, - "next-header": "tcp" + "transport": { + "destination-port": { + "range": { + "end": 320, + "start": 319 + } + } + } }, - "sequence-id": 370 + "sequence-id": 450 }, { "action": { "accept": {} }, - "description": "Accept incoming MLDv1 report messages", + "description": "Accept incoming PCEP packets with destination-port 4189", "match": { - "icmp6": { - "type": "mld-report" + "ipv6": { + "next-header": "tcp" }, - "next-header": "icmp6" + "transport": { + "destination-port": { + "operator": "eq", + "value": 4189 + } + } }, - "sequence-id": 380 + "sequence-id": 460 }, { "action": { "accept": {} }, - "description": "Accept incoming MLDv2 report messages", + "description": "Accept incoming SBFD session messages", "match": { - "icmp6": { - "type": "mld-v2" + "ipv6": { + "next-header": "udp" }, - "next-header": "icmp6" + "transport": { + "source-port": { + "operator": "eq", + "value": 7784 + } + } }, - "sequence-id": 390 + "sequence-id": 470 }, { "action": { "accept": {} }, - "description": "Accept incoming MLDv1 done messages", + "description": "Accept incoming SBFD session messages", "match": { - "icmp6": { - "type": "mld-done" + "ipv6": { + "next-header": "udp" }, - "next-header": "icmp6" + "transport": { + "destination-port": { + "operator": "eq", + "value": 7784 + } + } }, - "sequence-id": 400 + "sequence-id": 480 }, { "action": { "accept": {} }, - "description": "Accept incoming MLD query messages", + "description": "Accept incoming LDP packets", "match": { - "icmp6": { - "type": "mld-query" + "ipv6": { + "next-header": "udp" }, - "next-header": "icmp6" + "transport": { + "source-port": { + "operator": "eq", + "value": 646 + } + } }, - "sequence-id": 410 + "sequence-id": 490 }, { "action": { "accept": {} }, - "description": "Accept incoming PIM messages", + "description": "Accept incoming LDP packets with source-port 646", "match": { - "next-header": "pim" + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "source-port": { + "operator": "eq", + "value": 646 + } + } }, - "sequence-id": 420 + "sequence-id": 500 }, { "action": { - "drop": { - "log": true + "accept": {} + }, + "description": "Accept incoming LDP packets with destination-port 646", + "match": { + "ipv6": { + "next-header": "tcp" + }, + "transport": { + "destination-port": { + "operator": "eq", + "value": 646 + } } }, + "sequence-id": 510 + }, + { + "action": { + "drop": {}, + "log": true + }, "description": "Drop all else", - "sequence-id": 430 + "sequence-id": 1000 } ], - "statistics-per-entry": true + "name": "cpm", + "statistics-per-entry": true, + "type": "ipv6" } - }, + ], "policers": { "system-cpu-policer": [ { @@ -1204,6 +1592,7 @@ { "admin-state": "enable", "index": 0, + "ip-mtu": 1500, "ipv4": { "admin-state": "enable", "srl_nokia-interfaces-ip-dhcp:dhcp-client": {} @@ -1237,14 +1626,50 @@ } ], "srl_nokia-system:system": { + "control-plane-traffic": { + "input": { + "srl_nokia-acl:acl": { + "acl-filter": [ + { + "name": "cpm", + "type": "ipv4" + }, + { + "name": "cpm", + "type": "ipv6" + } + ] + } + } + }, "srl_nokia-aaa:aaa": { "authentication": { + "admin-user": { + "ssh-key": [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBJRPA9kC25PYrFE8+DPAvxlzj7KNAloyKPsBEHjmLFgRbkjhK3F3kNHTd/afnPx5nC5R9g7mIPXjsHnzcR9n7OxegyqEQvwGJYOC5n94UfC/Htod5FhB4FcMAR1iuJWQCmGrg+Evs4LEBdST81PKIOORsFquZ84P5i/ZifjbKE+m+3tJLu484slMZqHANNUlfmTT1MkRDeXlv6eif9YWzP3w1M4l6+WOhowfyKU5N1scEf2gPIa5uqdzL3YTWWVid/EjTx4WNLO4w8FRRxxabcqAZ6rmw5CEHfQyXfqCW+v5d3thkylYpHMGohf7BifF0oDiJkaQUgO6vQBOpSbkLZ/ZCth4RqDEmZPO8DH25Hr+rkYZleWQoNL5JpHAMlNMHAOk+b2icBT+qw0+1zpzHuQow+48BkCLwQNyZmkqJB4SABzx5JWC8nLMczvpJqkWhG/Nzp5PdoDrsqxTNt9oaTUWdBDgFCTDduisyqvtzn6UOJJn6+hKqdxMyT1bcezd9s4AiJTTBzpLy560QrANyEIX+nt2yR8fJhfg+R4RsXw0hVlYh31a9oG2+NwCwBaTrCML97m/lVFsoSb4uJ1rwqUKbdzCV3EB2xINkkKXwafYh5lHMjo7TPcgo0VQIe2lSWLiHF4h3HTD/HIP0NqxIm+Pk5pVE99gC+IUUXlmhJQ==", + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKdXYzPIq8kHRJtDrh21wMVI76AnuPk7HDLeDteKN74", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtxsljGhy2DWg9/VwyRwsz2xEfscEuXOgd+z9aXLBXjEEPedzVAs84fAo981ap4xVmbB7gZOPwDM0jWWrGhv94WbWG5ZA7RjoAdp7EscCtv68r2gudagfxvaRHFQntgZt0c5tJztleXYLjaSvH5Nk/TDnVmOKiVKz/DZLuUx80YTb0udtz4qmFxSLswVbCr5YDtkdfaZ2fef3uEq21siVe+KNwL3gurBSUMKiWAPcQiSlBFXOjt0dLT3juy3D7ck3RaLirq07xeJvrJwDghEpvSpZnPZf7v8UmyIyv90edjC/0YogJV962IMzoT8s8+179glEKQBNHHRPm0KdX1BKjOpAFhx3zcTK6cxbG5Zbjcq0Vw86SjsiO4gz8QkBda6o/AtvqdQ8KOg+IpfVJ/j9/zyIeU1Ep9oWXzmx8i2s+rSTkNTdvi1lTKGpTCD2jFa5uxisR5dVoeKxMsJNaS7NxjIo0ZARriwGMnh+s8mA3ZZVYqnKJsGMUs02I0aSd0QU=", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLTxDZjy70GF3lZIePu/yz0lqaglkIYm2actUb4/Fq43z1VkSsdUKknCZuMnnAuHoAI3nMs8bmm5Ba9Kc9mqfZg8A6LYUYjUbRyv1qUgfok80G4k6JqUdly9E6CiI301ysxbqzYMyX0uWz3K/mY3kClNJJVuNXw+pDu9Obm8g2BDBVH9ecQ+IVtrt8s2rwoBzb2uSCLdqpTGQvo3RF5Ds4x7uSYyMNPvyQfewUnF60PPe/BlPL1DGFXX9xYxIMnbAuQ/KnpdyB216AnOd1xakY0l7n7iw6CNbbusN0WwnuyeWtO3sD7dNBaSd6ZtwU9Vaw0tZYbrvVc2ZIG6wLX+semg//DWwvcPxAZGSUyg3KjmTS0iWLCB93bif/tzrim/cZXfe2LPYAIXtWMEELzt+iUbKOMx9zrmjZ1gcaNLOTPY4XYTSwJslER5DScz1W9VtL7cKDe+2JVsrwSIb3MMq9XwIAFptApZBlhkjLLFBu0oBJ1z8JKD9mkJb3S2uH4icsGgZU7mY8n7xl3rSurSHuM8y5gAhy7fso0U/Rk7hsUjhElwTxMRtU+zjyV8G3pUyN4yx8uYEz3KPAO/aWrZqO0uoqj+F1Mb71Bn1wNUK5QnPaDEH1ByzTGIAIyJgs++i/KxiTwIskpR02ZrN87cw8ZzDSnL/fegF12UQhzN4o5Q==", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNEsOytypejPqd4csAycRShsJAtCKAy/PxXtTzcpoU7PTLaxTGiZUGhZ33pZ86/hzyA8/GksvHsYj3tumILe1HTdV2rKGkbRIYJ8sAEkmhKtEiC0PuXVCLS4zy7YMOIQAJ1edn0RUqvAe+rb/E50eucqzJeMriEuWUtrLZpRRaUCQOmqTkTpxHR3T+5TF+ia/ii4ZY3VwsChVrPHfoVNk3NGSb8hPsjuSE61kwYxI135hHK2ZI9iv/QKUUrR9xFaMGMCAPX+9C1EhclwkeB1t4EKwam6qQs15jnhBO7kEq9oCX7vjrmra5neQD7yxkM+I0aJTYRfmldlyf/pWpGXxPn55f1eLFH5uTKxCnEJepe5P1jm24vvTdij9DF256GVjEwBrZ0ro8Pg45PT4ZT/jkAkfC+SLpQutcDggvNbOOUOjCak/lBv5bAIQOe/sbfIW6NOdWSNm6HZShYZUAfik1oXu2VasCZHcyNpwGx3p3Cr7HSVInDpzC9WGzv+hOzJ8=", + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8N+eYfTO7cF0d7AAnDceARMG6ftHfomgJ4UZb2HuRe", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQComgPcG3DJaOI/Hj6SteEvwuIObe9qSLdecDHmAPLbhyvClEKN7i2AVc0UHCY10Lxxc0XsLuNPgHZYlWk1Ii9SFMHE/60MdlpP7TvcUdLBTuy0Byhx7i+0LO+vMTDJMWsil8Ivgc9xCT6iL5a/kEc3AR7FQwf3K/3jidyLpLFBy+Nliz060Y5j7X+u5sqPogdoa47qdSOJCzCD7DfThaxyPLcnNiGuco/5OoAujC/ZLCFgj2JnIrsf3ZAvl8yzrJfH3KtDK3klNlA5oc2+l92NOcTdasE7iTHZfZg3HXWvdKP5U63FsXNzisIeHkmjs4AtuTvTyCam2PEKwPuy1X+ogTBTKTSAlud5rkDeoGBIyhbO6gZTQnqb8dyLpD4mz2Fyn/6k97YcZn3KVgS6OTEzHhOOhEd1OlFlRgNdREw3YqL4B2ooq/In0GJjhPHQg6L8cyyhL+oPm2noQUp8jw9Sp42EHDgG33dYPiwbQ2eq6Ql2PLCc0M8YXJdVtFhENV6zoPTtosxx4OEWtauoART931a000/qa51cvuJX7bSEvJGhGUh3sTSYGke3X0gQKMHtVh/5iDcb0IowW0J/e/UnITwP6FgTE2AhOsEXaoJiSd4BcUUDG1mHMuLKxRSFw63V7T0XTOHSousHS8QNKMJoNe1PcaArFCJ+gOZmY68Mzw==" + ] + }, "authentication-method": [ "local" ], "idle-timeout": 7200, "linuxadmin-user": { - "password": "$6$cSqd./ztK3niTzo$V/8fIwHeZ5FcfQDH7ZAyCY.852zH3SNMYvz6OJgO8S4uuXRxBtlaukyFqkpjImHJOJgws0kuSez8OKxl5Nw9n." + "password": "$y$j9T$DbT6fPrCRIFoKCGhsL3pB0$Rb53YfyCdnjkUtguz8KWuI4ADfYM8WKI9XavXvzvS/C", + "ssh-key": [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBJRPA9kC25PYrFE8+DPAvxlzj7KNAloyKPsBEHjmLFgRbkjhK3F3kNHTd/afnPx5nC5R9g7mIPXjsHnzcR9n7OxegyqEQvwGJYOC5n94UfC/Htod5FhB4FcMAR1iuJWQCmGrg+Evs4LEBdST81PKIOORsFquZ84P5i/ZifjbKE+m+3tJLu484slMZqHANNUlfmTT1MkRDeXlv6eif9YWzP3w1M4l6+WOhowfyKU5N1scEf2gPIa5uqdzL3YTWWVid/EjTx4WNLO4w8FRRxxabcqAZ6rmw5CEHfQyXfqCW+v5d3thkylYpHMGohf7BifF0oDiJkaQUgO6vQBOpSbkLZ/ZCth4RqDEmZPO8DH25Hr+rkYZleWQoNL5JpHAMlNMHAOk+b2icBT+qw0+1zpzHuQow+48BkCLwQNyZmkqJB4SABzx5JWC8nLMczvpJqkWhG/Nzp5PdoDrsqxTNt9oaTUWdBDgFCTDduisyqvtzn6UOJJn6+hKqdxMyT1bcezd9s4AiJTTBzpLy560QrANyEIX+nt2yR8fJhfg+R4RsXw0hVlYh31a9oG2+NwCwBaTrCML97m/lVFsoSb4uJ1rwqUKbdzCV3EB2xINkkKXwafYh5lHMjo7TPcgo0VQIe2lSWLiHF4h3HTD/HIP0NqxIm+Pk5pVE99gC+IUUXlmhJQ==", + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKdXYzPIq8kHRJtDrh21wMVI76AnuPk7HDLeDteKN74", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtxsljGhy2DWg9/VwyRwsz2xEfscEuXOgd+z9aXLBXjEEPedzVAs84fAo981ap4xVmbB7gZOPwDM0jWWrGhv94WbWG5ZA7RjoAdp7EscCtv68r2gudagfxvaRHFQntgZt0c5tJztleXYLjaSvH5Nk/TDnVmOKiVKz/DZLuUx80YTb0udtz4qmFxSLswVbCr5YDtkdfaZ2fef3uEq21siVe+KNwL3gurBSUMKiWAPcQiSlBFXOjt0dLT3juy3D7ck3RaLirq07xeJvrJwDghEpvSpZnPZf7v8UmyIyv90edjC/0YogJV962IMzoT8s8+179glEKQBNHHRPm0KdX1BKjOpAFhx3zcTK6cxbG5Zbjcq0Vw86SjsiO4gz8QkBda6o/AtvqdQ8KOg+IpfVJ/j9/zyIeU1Ep9oWXzmx8i2s+rSTkNTdvi1lTKGpTCD2jFa5uxisR5dVoeKxMsJNaS7NxjIo0ZARriwGMnh+s8mA3ZZVYqnKJsGMUs02I0aSd0QU=", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLTxDZjy70GF3lZIePu/yz0lqaglkIYm2actUb4/Fq43z1VkSsdUKknCZuMnnAuHoAI3nMs8bmm5Ba9Kc9mqfZg8A6LYUYjUbRyv1qUgfok80G4k6JqUdly9E6CiI301ysxbqzYMyX0uWz3K/mY3kClNJJVuNXw+pDu9Obm8g2BDBVH9ecQ+IVtrt8s2rwoBzb2uSCLdqpTGQvo3RF5Ds4x7uSYyMNPvyQfewUnF60PPe/BlPL1DGFXX9xYxIMnbAuQ/KnpdyB216AnOd1xakY0l7n7iw6CNbbusN0WwnuyeWtO3sD7dNBaSd6ZtwU9Vaw0tZYbrvVc2ZIG6wLX+semg//DWwvcPxAZGSUyg3KjmTS0iWLCB93bif/tzrim/cZXfe2LPYAIXtWMEELzt+iUbKOMx9zrmjZ1gcaNLOTPY4XYTSwJslER5DScz1W9VtL7cKDe+2JVsrwSIb3MMq9XwIAFptApZBlhkjLLFBu0oBJ1z8JKD9mkJb3S2uH4icsGgZU7mY8n7xl3rSurSHuM8y5gAhy7fso0U/Rk7hsUjhElwTxMRtU+zjyV8G3pUyN4yx8uYEz3KPAO/aWrZqO0uoqj+F1Mb71Bn1wNUK5QnPaDEH1ByzTGIAIyJgs++i/KxiTwIskpR02ZrN87cw8ZzDSnL/fegF12UQhzN4o5Q==", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNEsOytypejPqd4csAycRShsJAtCKAy/PxXtTzcpoU7PTLaxTGiZUGhZ33pZ86/hzyA8/GksvHsYj3tumILe1HTdV2rKGkbRIYJ8sAEkmhKtEiC0PuXVCLS4zy7YMOIQAJ1edn0RUqvAe+rb/E50eucqzJeMriEuWUtrLZpRRaUCQOmqTkTpxHR3T+5TF+ia/ii4ZY3VwsChVrPHfoVNk3NGSb8hPsjuSE61kwYxI135hHK2ZI9iv/QKUUrR9xFaMGMCAPX+9C1EhclwkeB1t4EKwam6qQs15jnhBO7kEq9oCX7vjrmra5neQD7yxkM+I0aJTYRfmldlyf/pWpGXxPn55f1eLFH5uTKxCnEJepe5P1jm24vvTdij9DF256GVjEwBrZ0ro8Pg45PT4ZT/jkAkfC+SLpQutcDggvNbOOUOjCak/lBv5bAIQOe/sbfIW6NOdWSNm6HZShYZUAfik1oXu2VasCZHcyNpwGx3p3Cr7HSVInDpzC9WGzv+hOzJ8=", + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8N+eYfTO7cF0d7AAnDceARMG6ftHfomgJ4UZb2HuRe", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQComgPcG3DJaOI/Hj6SteEvwuIObe9qSLdecDHmAPLbhyvClEKN7i2AVc0UHCY10Lxxc0XsLuNPgHZYlWk1Ii9SFMHE/60MdlpP7TvcUdLBTuy0Byhx7i+0LO+vMTDJMWsil8Ivgc9xCT6iL5a/kEc3AR7FQwf3K/3jidyLpLFBy+Nliz060Y5j7X+u5sqPogdoa47qdSOJCzCD7DfThaxyPLcnNiGuco/5OoAujC/ZLCFgj2JnIrsf3ZAvl8yzrJfH3KtDK3klNlA5oc2+l92NOcTdasE7iTHZfZg3HXWvdKP5U63FsXNzisIeHkmjs4AtuTvTyCam2PEKwPuy1X+ogTBTKTSAlud5rkDeoGBIyhbO6gZTQnqb8dyLpD4mz2Fyn/6k97YcZn3KVgS6OTEzHhOOhEd1OlFlRgNdREw3YqL4B2ooq/In0GJjhPHQg6L8cyyhL+oPm2noQUp8jw9Sp42EHDgG33dYPiwbQ2eq6Ql2PLCc0M8YXJdVtFhENV6zoPTtosxx4OEWtauoART931a000/qa51cvuJX7bSEvJGhGUh3sTSYGke3X0gQKMHtVh/5iDcb0IowW0J/e/UnITwP6FgTE2AhOsEXaoJiSd4BcUUDG1mHMuLKxRSFw63V7T0XTOHSousHS8QNKMJoNe1PcaArFCJ+gOZmY68Mzw==" + ] } }, "server-group": [ @@ -1254,25 +1679,57 @@ } ] }, - "srl_nokia-gnmi-server:gnmi-server": { - "admin-state": "enable", - "network-instance": [ - { - "admin-state": "enable", - "name": "mgmt", - "tls-profile": "clab-profile" + "srl_nokia-dns:dns": { + "network-instance": "mgmt", + "server-list": [ + "10.171.10.1", + "10.171.10.2" + ] + }, + "srl_nokia-grpc:grpc-server": [ + { + "admin-state": "enable", + "name": "insecure-mgmt", + "network-instance": "mgmt", + "port": 57401, + "rate-limit": 65000, + "services": [ + "srl_nokia-grpc:gnmi", + "srl_nokia-grpc:gnoi", + "srl_nokia-grpc:gribi", + "srl_nokia-grpc:p4rt" + ], + "trace-options": [ + "request", + "response", + "common" + ], + "unix-socket": { + "admin-state": "enable" + } + }, + { + "admin-state": "enable", + "name": "mgmt", + "network-instance": "mgmt", + "rate-limit": 65000, + "services": [ + "srl_nokia-grpc:gnmi", + "srl_nokia-grpc:gnoi", + "srl_nokia-grpc:gribi", + "srl_nokia-grpc:p4rt" + ], + "tls-profile": "clab-profile", + "trace-options": [ + "request", + "response", + "common" + ], + "unix-socket": { + "admin-state": "enable" } - ], - "rate-limit": 65000, - "trace-options": [ - "request", - "response", - "common" - ], - "unix-socket": { - "admin-state": "enable" } - }, + ], "srl_nokia-json-rpc:json-rpc-server": { "admin-state": "enable", "network-instance": [ @@ -1436,7 +1893,30 @@ } ] }, - "srl_nokia-ssh:ssh-server": { + "srl_nokia-ssh:ssh-server": [ + { + "admin-state": "enable", + "name": "mgmt", + "network-instance": "mgmt", + "use-credentialz": true + } + ], + "srl_nokia-system-banner:banner": { + "login-banner": "................................................................\n: Welcome to Nokia SR Linux! :\n: Open Network OS for the NetOps era. :\n: :\n: This is a freely distributed official container image. :\n: Use it - Share it :\n: :\n: Get started: https://learn.srlinux.dev :\n: Container: https://go.srlinux.dev/container-image :\n: Docs: https://doc.srlinux.dev/24-3 :\n: Rel. notes: https://doc.srlinux.dev/rn24-3-2 :\n: YANG: https://yang.srlinux.dev/release/v24.3.2 :\n: Discord: https://go.srlinux.dev/discord :\n: Contact: https://go.srlinux.dev/contact-sales :\n................................................................\n" + }, + "srl_nokia-system-snmp:snmp": { + "access-group": [ + { + "community-entry": [ + { + "community": "$aes1$AWBtjFCTurY1fG8=$pH/M5cgn/zKEl7OuOv8HSA==", + "name": "RO-Community" + } + ], + "name": "SNMPv2-RO-Community", + "security-level": "no-auth-no-priv" + } + ], "network-instance": [ { "admin-state": "enable", @@ -1444,19 +1924,12 @@ } ] }, - "srl_nokia-system-banner:banner": { - "login-banner": "................................................................\n: Welcome to Nokia SR Linux! :\n: Open Network OS for the NetOps era. :\n: :\n: This is a freely distributed official container image. :\n: Use it - Share it :\n: :\n: Get started: https://learn.srlinux.dev :\n: Container: https://go.srlinux.dev/container-image :\n: Docs: https://doc.srlinux.dev/23-3 :\n: Rel. notes: https://doc.srlinux.dev/rn23-3-1 :\n: YANG: https://yang.srlinux.dev/v23.3.1 :\n: Discord: https://go.srlinux.dev/discord :\n: Contact: https://go.srlinux.dev/contact-sales :\n................................................................\n" - }, - "srl_nokia-system-info:information": { - "contact": "SomeContact", - "location": "SomeLocation" - }, "srl_nokia-tls:tls": { "server-profile": [ { "authenticate-client": false, - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDoTCCAomgAwIBAgIUZUKaX6pUN9avcjyijUM5V2g1Z68wDQYJKoZIhvcNAQEL\nBQAwMDEVMBMGA1UEChMMY29udGFpbmVybGFiMRcwFQYDVQQDEw5hbnNpYmxlIGxh\nYiBDQTAeFw0yMzAzMjExMDM0MDBaFw0yNDAzMjAxMDM0MDBaMDAxFTATBgNVBAoT\nDGNvbnRhaW5lcmxhYjEXMBUGA1UEAxMOc3JsLmFuc2libGUuaW8wggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmRr9OrX+zas7MhyJUqOJ9gWKsSDPUjPQd\nQxmvCMWcZpP/eSZ1MxN3LZgCQhUjdwG0JUCUdyXzc1zJeWMMsPLBf/VznL+Yyk5E\nDBxVbvkfGwicna7mHrc+F0524G0DdEPwaQmkepbP+8SWbG8GJaRb98W+Ht+GDSVe\naPoqymLObHtYczfPwqsorJpYj3hYXk53Qt39R03pVlBKphGRaCQFXW4+qmCAbrIh\nbcD7oUalR4dUAjxuuHe2SpNuEVn0iHlU+Z1Tbty/dWuYBkkFQ830UWWuRJmpSdeF\n/8cbrTJAdG/ipOmmqAuea2JauY9wxSSqiJxG71/XN5dP/arUEY6rAgMBAAGjgbIw\nga8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD\nAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRfyJKEJ2T3wCv7bBq2hvR28eJgGzAf\nBgNVHSMEGDAWgBSkVKCXzQCXNFEBZJEnc+/loVwuIjAwBgNVHREEKTAnggNzcmyC\nEGNsYWItYW5zaWJsZS1zcmyCDnNybC5hbnNpYmxlLmlvMA0GCSqGSIb3DQEBCwUA\nA4IBAQAAReCwyDA916navpfdUjeqpwERcAAsRC5wIsHnT0flP3RR7yTjTHFOkagB\n3px/jUJ2R9gACK9FxS3edqm3KLsowYXyd81h7LTuVlisow2gmmNtDoa9xByg+LWC\n2MXj30r1PgiOq1jVADf4hjL3LXKIgwKF/2VcibJLiUFcRBXLld2QLroA0p5nptfb\nJ0HmzBBd4jDlWGmd9jowwRV/7FqdfBceecmXroGqNmh4pfTA5PkRJXiHly6fqCN3\n//UmBRAQXlH0im2KHum8/hBkrV6yIuVaSZgJXEHBc8eG7E1BO47JjbU/LjbiArQ2\nYgR/BmCbd4n2+b3+O5UrEYX7HPkJ\n-----END CERTIFICATE-----", - "key": "$aes$eBg/yJ1yPlP0=$joZN6obaSbxEItumWVHpNDQQm1E04Soa7Jb4DInr2/Rm+kxWr4l8ee2nM5TpJk//8T0V3t/xAV2dvK/TEQMifOYBmQ+vk4A+uW6XKs6gFBBQ3I4Wz4oRveSFGqTBoFJPvDwuLZqAbgQs1oGaXgVuXhvNAwNQSQ266tlN9jfpIJrkx+8dJNaYve9boMnp8r6yhI+VwGbaW7xXsrqSfoAHhWdhL7KejvqmachUOmYaMqwhXlflFfQVRtcgqrM1n7ZZxXwP98zwvL2M6CGbcfc6bah5T5gWXh9mxMbIZEIn/KqqpzzaQUpoWTQtDjge4K6F6R4yEMB9vuPblAEVGtS/SHQetQlF2X4t3YKlLWGfMS2G1Xiv7GdCY67PDs9NNb2E6eKFXp873Ohx8XaTg3kYnwjQZzbTS3/KOeUZGzfgtK8e1BTAj6CyxfsomDBi9NQXctX7/FDdHTz2b5ZYzMLufq5Wkqdv4L0oBfPBQSKBgRD7zykKNt/IBX2RWunmXK2qEzuSjwE0gotP/GmeLp1A9oHsiJwVn3b+LFzkQbbs1tjyar88aMjsHAETlTR97f5Y1n1AhK7zxVifAaY8MeN+PZglYfueY0mMYthESy9Asd7pjTurtsR+F6NdNW0oeuSNOWIW+ZkPzx5m79XvRiy8mt2pY/7zHXAN+Pd7XO6styXTlgbpr2dQ6sh26d/0m9BcWnEzRZd5XCHPK9h8aKRoOWNoakywsEI5uXDxmHOeyWzIyXZfUkeFoqwApdZb0pw/watjhNUCjwLbeV4xSoFvxvzI2HTxl26//qDRNhaMmRjU2zRDBMph8eZ6LlmJIgT2fMq53ZrAKnPKq8RkQun086f1g4tHYsY1qdUj4sKRxHhaw51nYREDgj0upP/+beoFqoejlxfMKI3INPZV82mqKBxY0Juc+BzE2WFsg+0tIYVgnhoH0aRkyz4B00rYQiTrxFsQQB13mWdCIcGDmPwEOSE6hJ11UMqgvx2Rj7pEe2WiJH5gJU0rxxVrUKuOnhEqpZMN5PI9lXwMfO3jD+nttvgx52wakazMEUK4jsRCnQocOfI6k6DmDWIvN0myg2pJXHtd8rJuWo//DFoVoflYM930K7Za9MnFbiQ3dLTH9zRZKgtf+/GkSiwmmt/8+74c18z5H+oJk2of+whzmHFnVBsCvqrCydNtmfwMCCqytQaMT8Ogpl2TuVdJCTChN/Js6td4m//+jEIbsvU+2xWRCEbmjxaLgDnv1DoIkRU7oOC2MTREWl+1p5GwDf50mJm8bw2cugY3hQSpob6o+FH9vecE0zhnMcgXp7laAeQqaGLTnfJt/oLXjol4aizBrBbTCIbxJ6cYzgJPFtJtz0OYzsSLEdxK+10CJ0IX29iaSgE9Aqzk8BDQI9v13jjhxAnSj0V4MRtZ7v8vNPHOJrKmLE8wAJwAZLzr2bhqGBnZJ82hLgrs37ucKpLWXybX2c++J6LHuwbbNNpb3dCUGyZ3zh5KCnf5v0z89fZipGQNQJ8lvfzT5PuTdTcuaf8KFsols5oOkyqrwEIWNjxSiki/7fBb+1QBiWDIHude1DmZ5DpwU6M2DMxFjKyCZLvwnVl639WDR2QxE9qwvFdPA4VB4wJpGxWmq+9gluz1jtYmWD7QgkHfmBRTDriAI2j/0brzjhhMrovDVwq5+rUw9FnZDMZ4FFIc7IpFf+zuUutVPobHQv27WSCusiWk+vYPa68pTMaGG/q2oc4HdhQGxA04RYVseYG0J8EMQ+Ka8icC3QCvSYT3u6MNUZtXS24SiavR9x181PIgtGmCP6/Z5CvnLZSWklzIJDgh37kEwYSBPZuud7GYo6KWFTDkNnQsV/K2+87zIHfCqRmrYXzZFwgDQTg2h2cIprRE+wQf1MsC+nOkTLkCJx4CJom2+yDSnM4752mxrCr//zaVQ4/Uh1wc63JXiLdhH2q4ZncBvTXCOVi1JxwB3Oii/lAmIf6ZUD5KikVSeWLIbdZwbRaxBmVurPrwGuIBsrb2GjPuDe24jUu+2V3IBxwXvXomm9Q+sKUPxvPSdyecHO9MrT8ZJPocS1Ckemsq2LrbIts/SBNdlvuYThXhsOD9p7D6PV4u6mmchbbMmbHMo20mtfBWAzdfV+kSnSiZ1O4mUo7Ot7ZWcFTI7T58tCpDXXu3ueHzkkleXoK3H1kB2/UE4a3YMQzc2/5RMOTK95f1pQ9QDDT3Efz2X7rC5B343sPA9gq7QW+1", + "certificate": "-----BEGIN CERTIFICATE-----\nMIID0DCCArigAwIBAgICBnowDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCVVMx\nCTAHBgNVBAcTADEVMBMGA1UEChMMY29udGFpbmVybGFiMQkwBwYDVQQLEwAxFzAV\nBgNVBAMTDmFuc2libGUgbGFiIENBMB4XDTI0MDYyMjE1MDk1NFoXDTI1MDYyMjE1\nMDk1NFowUzELMAkGA1UEBhMCVVMxCTAHBgNVBAcTADEVMBMGA1UEChMMY29udGFp\nbmVybGFiMQkwBwYDVQQLEwAxFzAVBgNVBAMTDnNybC5hbnNpYmxlLmlvMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfMTDTDaVdyFORkN8PEkjPcTeei9\nOnMXMPtX4gHGrC/2JUmUJVdT8T5QBLEzCICQGJYpm4J1K7K/OWAFUIffZlR0oLQT\nXb9vW+aXsabxyZ8uFoDq5/PrMqTl/hze6jNmtgZTULOAazFGY+ULXKDyDlDZv+12\nqdXbgEnu7Ooued8bcb9wCR85wbKhoeD1FT48ifQIk6eAU8xNyy6PiMW/4xYF4+m1\nBcqPYTrkTCZxsdfXPEDEPZn30Arwpavv+Uy8VX626uiNIHY28Qc9Qw1m+7HTHy8j\n+9K0xQ+r0EHjw6WQWpe3Qs5Js0I4Z2RSDZZWQpx4dSaZrjyOchGeo/+y4wIDAQAB\no4GtMIGqMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB\nBQUHAwEwDgYDVR0OBAcEBQECAwQGMB8GA1UdIwQYMBaAFNLlMFe7s2fIb4VLOFmE\ng5+ebA23MEgGA1UdEQRBMD+CA3NybIIQY2xhYi1hbnNpYmxlLXNybIIOc3JsLmFu\nc2libGUuaW+HBKwUFAKHECABAXIAIAAgAAAAAAAAAAIwDQYJKoZIhvcNAQELBQAD\nggEBABQxO1P8xid+ZNhjlT1L+HEf3mOlxy76DBF4jni6yaPPHQqbKXHWUh9hFMLK\nY4uo/XIdx5oeIG8xrJ/4UCzWMiV7bGzw19kXm7L+u17IN42Wgtx0o50mrKOuc4d7\nO9cgF/9tE0T5AJVOtskDHgEI71RFxfC8+NEwZkKtB6nN78en03/JDPKjRlOEc+XM\n92/C743EZK6ttQpliFkohYZKWLdML8SRX2R/P5ks4qlhxw14TbLNVOT7tkdfJZBe\npDERkQUHB6vJh7Sd1tNixdK+CndDqUEbaKSGA1/3gwQ259lQvwcgzRowgCdxtlxW\nwDk+ysL4hAnVWCOrdlbipGFlS6U=\n-----END CERTIFICATE-----\n", + "key": "$aes1$ATSWKgszP5gks28=$0SduUiumzR1/sZ5kOtMirQia+45v1bYv6crBTnuAbXfFhKRLstMSAlZGKtDyXedSW2wAv99XubAewY2/ndSur0QcxVqOAaT0A9tHzr44KcDGvonSdChoP9nDg+4EgRYPH18l6/d26OjutuXicDBaRMRa5UIWvhaVU44hF9DLYsujPP2W/jwT50Fw1hQm/T4s9CgD69uGraLvnuBHusTgkQSpHzK++/xzuvDbnlv00jYlc0fAJgV7rePYQDIYoTIrPwfo7DiGK7/vfGDaFNyq2urH5p4R3jPugQo61J7aegp2MT6xtAiiuPawPTjVJYP/ZMJGqXR84HxyzeLShq5jSge2qcYDNO/23pJ5zwJ49+mde1AeCT8vfq+Rfshfclyxi0EZQEYwS6yc5QrXyRxOr6WETTGutqHSs24EFvWBpV5KmAPWuHzoZ2838Rzt33NiQCQaBgHgdSCghF1MfRs6uq1QS23Fzj0hp0F4Ukp0KdBpwTNJ9yTJD2yxVvz0Jwv4XdzkwhR08OWsDl4HXAg0pGdS1d0edpnqKtV1RS+MoQRC//DuknjwI6o3Hc5LByxzW+jmYsd2ZNnUs7dB+k5x2n7K+Uim0Dt8UiO8deExuwNFq7HvIYx18xWdmGHsIkf9Zm3JMuntEVk6OxOYy/j2NQV6R+vo2ybc66hOKxlackBXOdKJ9QwG6L3DIuuE3PjT6a2Qq1VQYWcYWRtnc7JJ6mcx5SuYTvbZtHldiaL/oH2Fn6Ql9pkBoW/GS3r+MVh6rBKNd8dWPbvDqXgFEZPz/9elf4jCxCSnpdf3vaLgDymp3BaIpC8wthbe6Mosw6uNQJWIvNxsc/onIT+NWtlCS6tH7nwCwi/5XM9JCF2DWPMJ1QtkG853kLmMh8/PC5YILoTbkILdzXfCbsyWWyVXMqelFX1vvC0eQ0aRtmioSrqIqYhlUTARk6NC+jXjp5os4IeXADbuq3OfaIbtdo9iKNv+MYxqgB2PRINgTzvKYhCuxqca/q+cgguaTDWNG96jyjyL1SGkciJ0AOQ1BMH6sRl5PExoxHY65Ql1bG4neBpg+9bJTEN4AHWHTu3Eh1FYqc9OUuI1UWJHY4/pmt5uU7x2WZQ/kSSu7zrxsLwEku7S77x4k8Gs/3+MkfBp/KX6YeCZ2EeHGUjH0TZs2+Y1HUDJifBVTJz7YFsx5j73sSSZ4gtd9W9bBQ3hnKOTYFItM2TIYGd5h0jU3lnWoTgDSkvMenpPhiA1X3dHKc2jxWkBd8dzmn88W5KYWAlUOHtRi4KiQdIx42e1jOB0CJReGVOD9XleKJWC3GW2qTv3xLWjbX3T5pzn3xH0UAH2uQBX1833xOhTaqxl4OqNdtMqRmnFy59n/FUiM00qkM+2R2Qr2lm9oVY26aO5781WslGBx3Yb/gIIAYWmk3svMmjEsFV8csserfqxhenfZwiQOKKHOHuTT2KtKH1oGz4glSP1J/kjhTJ4AXUBy2WpdZf+bjC9XQDoHJu+NYOu1jppMSEJ9CnvipVGLLdoeoSubcex4Rx+JG7tVCOEmbxJQ+InAo9IGUOIcB75q0hZef677fxDXDf4BDaSUGQh8cH4mVgkOCupOXEbp/ht0qeTp15chItXGlNEoN/5IYTKLrFPaOdvAHObXMbSgFR8Nm+h2coyPS3tGVQeDKVV45CWxVOpmaaTXHWsOAyHBoaAINhzULST+qMi2zoHStcaZxO4I1EatmuUHkMywb3vp7co9yruRrStN440k6n53yEdVj511uG/CIyyK4lPlbxNSgPrHII5on5YI4X9SMozOVTb/YLFajdl/Lr38i0iphySg4ZRQvDTe55q6wG6xxUiunAdV+FQhaCTTILTM5qhvw/7ecdrfognQhzT3UkRHrxmFfXe+5xEeazWZfjSOBdVDUl0vZjsbnO5rKzuPgYg/PmYi2CerrzqfQiYJ0qErheVjwmCXqS+7udbynDB1rypMeJxSUBtz+KDvitR4m/ZU/1RsZVf/WaxMegcrJqq+YJ7l1YbRw5J0r59lm8EhVZdjVJ1ccXUtP66tASnvZTs5dxIkY5pCjZqBmnZWyZFStakyMlJzkAB96GQZRIn+bXcBvNvmoQGubzH+VP75Mn5wop9bF3txzv7+TFi0kT9zkQZHHhrbyAlvKwyGYfruuJLT/HV8yqo8ITfTCkuSSMg7n/qBdIN1vxglhQgq+TFXvuew5GE3BHyqm5iEFTBIfVxAU3o7N90", "name": "clab-profile" } ] diff --git a/tests/playbooks/golden/clab-ansible-srl.cfg.yml b/tests/playbooks/golden/clab-ansible-srl.cfg.yml index 75461b2..af7ea6b 100644 --- a/tests/playbooks/golden/clab-ansible-srl.cfg.yml +++ b/tests/playbooks/golden/clab-ansible-srl.cfg.yml @@ -1,778 +1,980 @@ -# Copyright 2023 Nokia -# Licensed under the BSD 3-Clause License. -# SPDX-License-Identifier: BSD-3-Clause - srl_nokia-acl:acl: - cpm-filter: - ipv4-filter: - entry: - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMP unreachable messages - match: + acl-filter: + - entry: + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMP unreachable messages + match: + ipv4: icmp: - code: - - 0 - - 1 - - 2 - - 3 - - 4 - - 13 type: dest-unreachable protocol: icmp - sequence-id: 10 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMP time-exceeded messages - match: + sequence-id: 10 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMP time-exceeded messages + match: + ipv4: icmp: type: time-exceeded protocol: icmp - sequence-id: 20 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMP parameter problem messages - match: - icmp: - type: param-problem - protocol: icmp - sequence-id: 30 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMP echo messages - match: + sequence-id: 20 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMP echo messages + match: + ipv4: icmp: type: echo protocol: icmp - sequence-id: 40 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMP echo-reply messages - match: + sequence-id: 40 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMP echo-reply messages + match: + ipv4: icmp: type: echo-reply protocol: icmp - sequence-id: 50 - - action: - accept: {} - description: Accept incoming SSH when the other host initiates the - TCP connection - match: + sequence-id: 50 + - action: + accept: {} + description: Accept incoming SSH when the other host initiates the TCP + connection + match: + ipv4: + protocol: tcp + transport: destination-port: operator: eq value: 22 + sequence-id: 60 + - action: + accept: {} + description: Accept incoming SSH when this router initiates the TCP connection + match: + ipv4: protocol: tcp - sequence-id: 60 - - action: - accept: {} - description: Accept incoming SSH when this router initiates the TCP - connection - match: - protocol: tcp + transport: source-port: operator: eq value: 22 - sequence-id: 70 - - action: - accept: {} - description: Accept incoming Telnet when the other host initiates - the TCP connection - match: - destination-port: + sequence-id: 70 + - action: + accept: {} + description: 'Containerlab-added rule: Accept incoming Telnet when the + other host initiates the TCP connection' + match: + ipv4: + protocol: tcp + transport: + source-port: operator: eq value: 23 + sequence-id: 88 + - action: + accept: {} + description: 'Containerlab-added rule: Accept incoming Telnet when this + router initiates the TCP connection' + match: + ipv4: protocol: tcp - sequence-id: 80 - - action: - accept: {} - description: Accept incoming Telnet when this router initiates the - TCP connection - match: - protocol: tcp - source-port: + transport: + destination-port: operator: eq value: 23 - sequence-id: 90 - - action: - accept: {} - description: Accept incoming TACACS+ when the other host initiates - the TCP connection - match: + sequence-id: 98 + - action: + accept: {} + description: Accept incoming TACACS+ when the other host initiates the + TCP connection + match: + ipv4: + protocol: tcp + transport: destination-port: operator: eq value: 49 + sequence-id: 100 + - action: + accept: {} + description: Accept incoming TACACS+ when this router initiates the TCP + connection + match: + ipv4: protocol: tcp - sequence-id: 100 - - action: - accept: {} - description: Accept incoming TACACS+ when this router initiates the - TCP connection - match: - protocol: tcp + transport: source-port: operator: eq value: 49 - sequence-id: 110 - - action: - accept: {} - description: Accept incoming DNS response messages - match: + sequence-id: 110 + - action: + accept: {} + description: Accept incoming DNS response messages + match: + ipv4: protocol: udp + transport: source-port: operator: eq value: 53 - sequence-id: 120 - - action: - accept: {} - description: Accept incoming DHCP messages targeted for BOOTP/DHCP - client - match: - destination-port: - operator: eq - value: 68 + sequence-id: 120 + - action: + accept: {} + description: Accept incoming DHCP messages targeted for BOOTP/DHCP client + match: + ipv4: protocol: udp - sequence-id: 130 - - action: - accept: {} - description: Accept incoming TFTP read-request and write-request messages - match: + transport: destination-port: operator: eq - value: 69 - protocol: udp - sequence-id: 140 - - action: - accept: {} - description: Accept incoming HTTP(JSON-RPC) when the other host initiates - the TCP connection - match: + value: 68 + sequence-id: 130 + - action: + accept: {} + description: 'Containerlab-added rule: Accept incoming HTTP(JSON-RPC) + when the other host initiates the TCP connection' + match: + ipv4: + protocol: tcp + transport: destination-port: operator: eq value: 80 + sequence-id: 158 + - action: + accept: {} + description: Accept incoming HTTP(JSON-RPC) when this router initiates + the TCP connection + match: + ipv4: protocol: tcp - sequence-id: 150 - - action: - accept: {} - description: Accept incoming HTTP(JSON-RPC) when this router initiates - the TCP connection - match: - protocol: tcp + transport: source-port: operator: eq value: 80 - sequence-id: 160 - - action: - accept: {} - description: Accept incoming NTP messages from servers - match: + sequence-id: 160 + - action: + accept: {} + description: Accept incoming NTP messages from servers + match: + ipv4: protocol: udp + transport: source-port: operator: eq value: 123 - sequence-id: 170 - - action: - accept: {} - description: Accept incoming SNMP GET/GETNEXT messages from servers - match: + sequence-id: 170 + - action: + accept: {} + description: Accept incoming SNMP GET/GETNEXT messages from servers + match: + ipv4: + protocol: udp + transport: destination-port: operator: eq value: 161 - protocol: udp - sequence-id: 180 - - action: - accept: {} - description: Accept incoming BGP when the other router initiates the - TCP connection - match: + sequence-id: 180 + - action: + accept: {} + description: Accept incoming BGP when the other router initiates the TCP + connection + match: + ipv4: + protocol: tcp + transport: destination-port: operator: eq value: 179 + sequence-id: 190 + - action: + accept: {} + description: Accept incoming BGP when this router initiates the TCP connection + match: + ipv4: protocol: tcp - sequence-id: 190 - - action: - accept: {} - description: Accept incoming BGP when this router initiates the TCP - connection - match: - protocol: tcp + transport: source-port: operator: eq value: 179 - sequence-id: 200 - - action: - accept: {} - description: Accept incoming HTTPS(JSON-RPC) when the other host initiates - the TCP connection - match: + sequence-id: 200 + - action: + accept: {} + description: Accept incoming HTTPS(JSON-RPC) when the other host initiates + the TCP connection + match: + ipv4: + protocol: tcp + transport: destination-port: operator: eq value: 443 + sequence-id: 210 + - action: + accept: {} + description: Accept incoming HTTPS(JSON-RPC) when this router initiates + the TCP connection + match: + ipv4: protocol: tcp - sequence-id: 210 - - action: - accept: {} - description: Accept incoming HTTPS(JSON-RPC) when this router initiates - the TCP connection - match: - protocol: tcp + transport: source-port: operator: eq value: 443 - sequence-id: 220 - - action: - accept: {} - description: Accept incoming single-hop BFD session messages - match: + sequence-id: 220 + - action: + accept: {} + description: Accept incoming single-hop BFD session messages + match: + ipv4: + protocol: udp + transport: destination-port: operator: eq value: 3784 + sequence-id: 230 + - action: + accept: {} + description: Accept incoming multi-hop BFD session messages + match: + ipv4: protocol: udp - sequence-id: 230 - - action: - accept: {} - description: Accept incoming multi-hop BFD session messages - match: + transport: destination-port: operator: eq value: 4784 + sequence-id: 240 + - action: + accept: {} + description: Accept incoming uBFD session messages + match: + ipv4: protocol: udp - sequence-id: 240 - - action: - accept: {} - description: Accept incoming uBFD session messages - match: + transport: destination-port: operator: eq value: 6784 - protocol: udp - sequence-id: 250 - - action: - accept: {} - description: Accept incoming gNMI messages when the other host initiates - the TCP connection - match: + sequence-id: 250 + - action: + accept: {} + description: Accept incoming gRPC messages when the other host initiates + the TCP connection + match: + ipv4: + protocol: tcp + transport: destination-port: operator: eq value: 57400 - protocol: tcp - sequence-id: 260 - - action: - accept: {} - description: Accept incoming UDP traceroute messages - match: + sequence-id: 260 + - action: + accept: {} + description: Accept incoming UDP traceroute messages + match: + ipv4: + protocol: udp + transport: destination-port: range: end: 33464 start: 33434 - protocol: udp - sequence-id: 270 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMP timestamp messages - match: - icmp: - type: timestamp - protocol: icmp - sequence-id: 280 - - action: - accept: {} - description: Accept incoming OSPF messages - match: + sequence-id: 270 + - action: + accept: {} + description: Accept incoming OSPF messages + match: + ipv4: protocol: 89 - sequence-id: 290 - - action: - accept: {} - description: Accept incoming DHCP relay messages targeted for BOOTP/DHCP - server - match: + sequence-id: 290 + - action: + accept: {} + description: Accept incoming DHCP relay messages targeted for BOOTP/DHCP + server + match: + ipv4: + protocol: udp + transport: destination-port: operator: eq value: 67 - protocol: udp - sequence-id: 300 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept ICMP fragment packets - match: + sequence-id: 300 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept ICMP fragment packets + match: + ipv4: fragment: true protocol: icmp - sequence-id: 310 - - action: - accept: {} - description: Accept incoming LDP packets - match: + sequence-id: 310 + - action: + accept: {} + description: Accept incoming LDP packets + match: + ipv4: protocol: udp + transport: source-port: operator: eq value: 646 - sequence-id: 320 - - action: - accept: {} - description: Accept incoming LDP packets with source-port 646 - match: + sequence-id: 320 + - action: + accept: {} + description: Accept incoming LDP packets with source-port 646 + match: + ipv4: protocol: tcp + transport: source-port: operator: eq value: 646 - sequence-id: 330 - - action: - accept: {} - description: Accept incoming LDP packets with destination-port 646 - match: + sequence-id: 330 + - action: + accept: {} + description: Accept incoming LDP packets with destination-port 646 + match: + ipv4: + protocol: tcp + transport: destination-port: operator: eq value: 646 + sequence-id: 340 + - action: + accept: {} + description: 'Containerlab-added rule: Accept incoming gRPC over port + 57401 for the insecure-mgmt gRPC server' + match: + ipv4: protocol: tcp - sequence-id: 340 - - action: - accept: {} - description: Accept incoming gRIBI packets with destination-port 57401 - match: + transport: destination-port: operator: eq value: 57401 + sequence-id: 358 + - action: + accept: {} + description: Accept incoming IGMP packets + match: + ipv4: + protocol: igmp + sequence-id: 370 + - action: + accept: {} + description: Accept incoming PIM packets + match: + ipv4: + protocol: pim + sequence-id: 380 + - action: + accept: {} + description: Accept incoming RADIUS AAA packets + match: + ipv4: + protocol: udp + transport: + source-port: + range: + end: 1813 + start: 1812 + sequence-id: 390 + - action: + accept: {} + description: Accept incoming PTP messages with destination-ports 319 and + 320 + match: + ipv4: + protocol: udp + transport: + destination-port: + range: + end: 320 + start: 319 + sequence-id: 410 + - action: + accept: {} + description: Accept incoming PCEP packets with destination-port 4189 + match: + ipv4: protocol: tcp - sequence-id: 350 - - action: - accept: {} - description: Accept incoming p4rt packets with destination-port 9559 - match: + transport: destination-port: operator: eq - value: 9559 - protocol: tcp - sequence-id: 360 - - action: - accept: {} - description: Accept incoming IGMP packets - match: - protocol: igmp - sequence-id: 370 - - action: - accept: {} - description: Accept incoming PIM packets - match: - protocol: pim - sequence-id: 380 - - action: - drop: - log: true - description: Drop all else - sequence-id: 390 - statistics-per-entry: true - ipv6-filter: - entry: - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMPv6 unreachable messages - match: + value: 4189 + sequence-id: 420 + - action: + accept: {} + description: Accept incoming SBFD session messages + match: + ipv4: + protocol: udp + transport: + source-port: + operator: eq + value: 7784 + sequence-id: 430 + - action: + accept: {} + description: Accept incoming SBFD session messages + match: + ipv4: + protocol: udp + transport: + destination-port: + operator: eq + value: 7784 + sequence-id: 440 + - action: + accept: {} + description: Accept incoming LSP MPLS Echo requests and replies + match: + ipv4: + protocol: udp + transport: + source-port: + operator: eq + value: 3503 + sequence-id: 450 + - action: + accept: {} + description: Accept incoming LSP MPLS Echo requests and replies + match: + ipv4: + protocol: udp + transport: + destination-port: + operator: eq + value: 3503 + sequence-id: 460 + - action: + drop: {} + log: true + description: Drop all else + sequence-id: 1000 + name: cpm + statistics-per-entry: true + type: ipv4 + - entry: + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMPv6 unreachable messages + match: + ipv6: icmp6: - code: - - 0 - - 1 - - 2 - - 3 - - 4 - - 5 - - 6 type: dest-unreachable next-header: icmp6 - sequence-id: 10 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMPv6 packet-too-big messages - match: + sequence-id: 10 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMPv6 packet-too-big messages + match: + ipv6: icmp6: type: packet-too-big next-header: icmp6 - sequence-id: 20 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMPv6 time-exceeded messages - match: + sequence-id: 20 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMPv6 time-exceeded messages + match: + ipv6: icmp6: type: time-exceeded next-header: icmp6 - sequence-id: 30 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMPv6 parameter problem messages - match: - icmp6: - type: param-problem - next-header: icmp6 - sequence-id: 40 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMPv6 echo-request messages - match: + sequence-id: 30 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMPv6 echo-request messages + match: + ipv6: icmp6: type: echo-request next-header: icmp6 - sequence-id: 50 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMPv6 echo-reply messages - match: + sequence-id: 50 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMPv6 echo-reply messages + match: + ipv6: icmp6: type: echo-reply next-header: icmp6 - sequence-id: 60 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMPv6 router-advertisement messages - match: + sequence-id: 60 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMPv6 router-advertisement messages + match: + ipv6: icmp6: type: router-advertise next-header: icmp6 - sequence-id: 70 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMPv6 neighbor-solicitation messages - match: + sequence-id: 70 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMPv6 neighbor-solicitation messages + match: + ipv6: icmp6: type: neighbor-solicit next-header: icmp6 - sequence-id: 80 - - action: - accept: - rate-limit: - system-cpu-policer: icmp - description: Accept incoming ICMPv6 neighbor-advertisement messages - match: + sequence-id: 80 + - action: + accept: + rate-limit: + system-cpu-policer: icmp + description: Accept incoming ICMPv6 neighbor-advertisement messages + match: + ipv6: icmp6: type: neighbor-advertise next-header: icmp6 - sequence-id: 90 - - action: - accept: {} - description: Accept incoming SSH when the other host initiates the - TCP connection - match: + sequence-id: 90 + - action: + accept: {} + description: Accept incoming SSH when the other host initiates the TCP + connection + match: + ipv6: + next-header: tcp + transport: destination-port: operator: eq value: 22 + sequence-id: 100 + - action: + accept: {} + description: Accept incoming SSH when this router initiates the TCP connection + match: + ipv6: next-header: tcp - sequence-id: 100 - - action: - accept: {} - description: Accept incoming SSH when this router initiates the TCP - connection - match: - next-header: tcp + transport: source-port: operator: eq value: 22 - sequence-id: 110 - - action: - accept: {} - description: Accept incoming Telnet when the other host initiates - the TCP connection - match: - destination-port: + sequence-id: 110 + - action: + accept: {} + description: 'Containerlab-added rule: Accept incoming Telnet when the + other host initiates the TCP connection' + match: + ipv6: + next-header: tcp + transport: + source-port: operator: eq value: 23 + sequence-id: 128 + - action: + accept: {} + description: 'Containerlab-added rule: Accept incoming Telnet when this + router initiates the TCP connection' + match: + ipv6: next-header: tcp - sequence-id: 120 - - action: - accept: {} - description: Accept incoming Telnet when this router initiates the - TCP connection - match: - next-header: tcp - source-port: + transport: + destination-port: operator: eq value: 23 - sequence-id: 130 - - action: - accept: {} - description: Accept incoming TACACS+ when the other host initiates - the TCP connection - match: + sequence-id: 138 + - action: + accept: {} + description: Accept incoming TACACS+ when the other host initiates the + TCP connection + match: + ipv6: + next-header: tcp + transport: destination-port: operator: eq value: 49 + sequence-id: 140 + - action: + accept: {} + description: Accept incoming TACACS+ when this router initiates the TCP + connection + match: + ipv6: next-header: tcp - sequence-id: 140 - - action: - accept: {} - description: Accept incoming TACACS+ when this router initiates the - TCP connection - match: - next-header: tcp + transport: source-port: operator: eq value: 49 - sequence-id: 150 - - action: - accept: {} - description: Accept incoming DNS response messages - match: + sequence-id: 150 + - action: + accept: {} + description: Accept incoming DNS response messages + match: + ipv6: next-header: udp + transport: source-port: operator: eq value: 53 - sequence-id: 160 - - action: - accept: {} - description: Accept incoming TFTP read-request and write-request messages - match: - destination-port: - operator: eq - value: 69 - next-header: udp - sequence-id: 170 - - action: - accept: {} - description: Accept incoming HTTP(JSON-RPC) when the other host initiates - the TCP connection - match: + sequence-id: 160 + - action: + accept: {} + description: 'Containerlab-added rule: Accept incoming HTTP(JSON-RPC) + when the other host initiates the TCP connection' + match: + ipv6: + next-header: tcp + transport: destination-port: operator: eq value: 80 + sequence-id: 188 + - action: + accept: {} + description: Accept incoming HTTP(JSON-RPC) when this router initiates + the TCP connection + match: + ipv6: next-header: tcp - sequence-id: 180 - - action: - accept: {} - description: Accept incoming HTTP(JSON-RPC) when this router initiates - the TCP connection - match: - next-header: tcp + transport: source-port: operator: eq value: 80 - sequence-id: 190 - - action: - accept: {} - description: Accept incoming NTP messages from servers - match: + sequence-id: 190 + - action: + accept: {} + description: Accept incoming NTP messages from servers + match: + ipv6: next-header: udp + transport: source-port: operator: eq value: 123 - sequence-id: 200 - - action: - accept: {} - description: Accept incoming SNMP GET/GETNEXT messages from servers - match: + sequence-id: 200 + - action: + accept: {} + description: Accept incoming SNMP GET/GETNEXT messages from servers + match: + ipv6: + next-header: udp + transport: destination-port: operator: eq value: 161 - next-header: udp - sequence-id: 210 - - action: - accept: {} - description: Accept incoming BGP when the other router initiates the - TCP connection - match: + sequence-id: 210 + - action: + accept: {} + description: Accept incoming BGP when the other router initiates the TCP + connection + match: + ipv6: + next-header: tcp + transport: destination-port: operator: eq value: 179 + sequence-id: 220 + - action: + accept: {} + description: Accept incoming BGP when this router initiates the TCP connection + match: + ipv6: next-header: tcp - sequence-id: 220 - - action: - accept: {} - description: Accept incoming BGP when this router initiates the TCP - connection - match: - next-header: tcp + transport: source-port: operator: eq value: 179 - sequence-id: 230 - - action: - accept: {} - description: Accept incoming HTTPS(JSON-RPC) when the other host initiates - the TCP connection - match: + sequence-id: 230 + - action: + accept: {} + description: Accept incoming HTTPS(JSON-RPC) when the other host initiates + the TCP connection + match: + ipv6: + next-header: tcp + transport: destination-port: operator: eq value: 443 + sequence-id: 240 + - action: + accept: {} + description: Accept incoming HTTPS(JSON-RPC) when this router initiates + the TCP connection + match: + ipv6: next-header: tcp - sequence-id: 240 - - action: - accept: {} - description: Accept incoming HTTPS(JSON-RPC) when this router initiates - the TCP connection - match: - next-header: tcp + transport: source-port: operator: eq value: 443 - sequence-id: 250 - - action: - accept: {} - description: Accept incoming DHCPv6 client messages - match: + sequence-id: 250 + - action: + accept: {} + description: Accept incoming DHCPv6 client messages + match: + ipv6: + next-header: udp + transport: destination-port: operator: eq value: 546 + sequence-id: 260 + - action: + accept: {} + description: Accept incoming single-hop BFD session messages + match: + ipv6: next-header: udp - sequence-id: 260 - - action: - accept: {} - description: Accept incoming single-hop BFD session messages - match: + transport: destination-port: operator: eq value: 3784 + sequence-id: 270 + - action: + accept: {} + description: Accept incoming multi-hop BFD session messages + match: + ipv6: next-header: udp - sequence-id: 270 - - action: - accept: {} - description: Accept incoming multi-hop BFD session messages - match: + transport: destination-port: operator: eq value: 4784 + sequence-id: 280 + - action: + accept: {} + description: Accept incoming uBFD session messages + match: + ipv6: next-header: udp - sequence-id: 280 - - action: - accept: {} - description: Accept incoming uBFD session messages - match: + transport: destination-port: operator: eq value: 6784 - next-header: udp - sequence-id: 290 - - action: - accept: {} - description: Accept incoming gNMI messages when the other host initiates - the TCP connection - match: + sequence-id: 290 + - action: + accept: {} + description: Accept incoming gRPC messages when the other host initiates + the TCP connection + match: + ipv6: + next-header: tcp + transport: destination-port: operator: eq value: 57400 - next-header: tcp - sequence-id: 300 - - action: - accept: {} - description: Accept incoming UDP traceroute messages - match: + sequence-id: 300 + - action: + accept: {} + description: Accept incoming UDP traceroute messages + match: + ipv6: + next-header: udp + transport: destination-port: range: end: 33464 start: 33434 - next-header: udp - sequence-id: 310 - - action: - accept: {} - description: Accept incoming IPV6 hop-in-hop messages - match: + sequence-id: 310 + - action: + accept: {} + description: Accept incoming IPV6 hop-in-hop messages + match: + ipv6: next-header: 0 - sequence-id: 320 - - action: - accept: {} - description: Accept incoming IPV6 fragment header messages - match: - next-header: 44 - sequence-id: 330 - - action: - accept: {} - description: Accept incoming OSPF messages - match: + sequence-id: 320 + - action: + accept: {} + description: Accept incoming OSPF messages + match: + ipv6: next-header: 89 - sequence-id: 340 - - action: - accept: {} - description: Accept incoming DHCPv6 relay messages - match: - destination-port: - operator: eq - value: 547 + sequence-id: 340 + - action: + accept: {} + description: Accept incoming DHCPv6 relay messages + match: + ipv6: next-header: udp - sequence-id: 350 - - action: - accept: {} - description: Accept incoming gRIBI packets with destination-port 57401 - match: + transport: destination-port: operator: eq - value: 57401 + value: 547 + sequence-id: 350 + - action: + accept: {} + description: 'Containerlab-added rule: Accept incoming gRPC over port + 57401 for the insecure-mgmt gRPC server' + match: + ipv6: next-header: tcp - sequence-id: 360 - - action: - accept: {} - description: Accept incoming p4rt packets with destination-port 9559 - match: + transport: destination-port: operator: eq - value: 9559 - next-header: tcp - sequence-id: 370 - - action: - accept: {} - description: Accept incoming IGMP packets - match: - next-header: igmp - sequence-id: 380 - - action: - accept: {} - description: Accept incoming MLDv1 report messages - match: + value: 57401 + sequence-id: 368 + - action: + accept: {} + description: Accept incoming MLDv1 report messages + match: + ipv6: icmp6: type: mld-report next-header: icmp6 - sequence-id: 390 - - action: - accept: {} - description: Accept incoming MLDv2 report messages - match: + sequence-id: 380 + - action: + accept: {} + description: Accept incoming MLDv2 report messages + match: + ipv6: icmp6: type: mld-v2 next-header: icmp6 - sequence-id: 400 - - action: - accept: {} - description: Accept incoming MLDv1 done messages - match: + sequence-id: 390 + - action: + accept: {} + description: Accept incoming MLDv1 done messages + match: + ipv6: icmp6: type: mld-done next-header: icmp6 - sequence-id: 410 - - action: - accept: {} - description: Accept incoming PIM messages - match: + sequence-id: 400 + - action: + accept: {} + description: Accept incoming MLD query messages + match: + ipv6: + icmp6: + type: mld-query + next-header: icmp6 + sequence-id: 410 + - action: + accept: {} + description: Accept incoming PIM messages + match: + ipv6: next-header: pim - sequence-id: 420 - - action: - drop: - log: true - description: Drop all else - sequence-id: 430 - statistics-per-entry: true + sequence-id: 420 + - action: + accept: {} + description: Accept incoming RADIUS AAA messages + match: + ipv6: + next-header: udp + transport: + source-port: + range: + end: 1813 + start: 1812 + sequence-id: 430 + - action: + accept: {} + description: Accept incoming PTP messages with destination-ports 319 and + 320 + match: + ipv6: + next-header: udp + transport: + destination-port: + range: + end: 320 + start: 319 + sequence-id: 450 + - action: + accept: {} + description: Accept incoming PCEP packets with destination-port 4189 + match: + ipv6: + next-header: tcp + transport: + destination-port: + operator: eq + value: 4189 + sequence-id: 460 + - action: + accept: {} + description: Accept incoming SBFD session messages + match: + ipv6: + next-header: udp + transport: + source-port: + operator: eq + value: 7784 + sequence-id: 470 + - action: + accept: {} + description: Accept incoming SBFD session messages + match: + ipv6: + next-header: udp + transport: + destination-port: + operator: eq + value: 7784 + sequence-id: 480 + - action: + accept: {} + description: Accept incoming LDP packets + match: + ipv6: + next-header: udp + transport: + source-port: + operator: eq + value: 646 + sequence-id: 490 + - action: + accept: {} + description: Accept incoming LDP packets with source-port 646 + match: + ipv6: + next-header: tcp + transport: + source-port: + operator: eq + value: 646 + sequence-id: 500 + - action: + accept: {} + description: Accept incoming LDP packets with destination-port 646 + match: + ipv6: + next-header: tcp + transport: + destination-port: + operator: eq + value: 646 + sequence-id: 510 + - action: + drop: {} + log: true + description: Drop all else + sequence-id: 1000 + name: cpm + statistics-per-entry: true + type: ipv6 policers: system-cpu-policer: - entry-specific: false @@ -785,6 +987,7 @@ srl_nokia-interfaces:interface: subinterface: - admin-state: enable index: 0 + ip-mtu: 1500 ipv4: admin-state: enable srl_nokia-interfaces-ip-dhcp:dhcp-client: {} @@ -804,21 +1007,73 @@ srl_nokia-network-instance:network-instance: import-routes: true type: srl_nokia-network-instance:ip-vrf srl_nokia-system:system: + control-plane-traffic: + input: + srl_nokia-acl:acl: + acl-filter: + - name: cpm + type: ipv4 + - name: cpm + type: ipv6 srl_nokia-aaa:aaa: authentication: + admin-user: + ssh-key: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBJRPA9kC25PYrFE8+DPAvxlzj7KNAloyKPsBEHjmLFgRbkjhK3F3kNHTd/afnPx5nC5R9g7mIPXjsHnzcR9n7OxegyqEQvwGJYOC5n94UfC/Htod5FhB4FcMAR1iuJWQCmGrg+Evs4LEBdST81PKIOORsFquZ84P5i/ZifjbKE+m+3tJLu484slMZqHANNUlfmTT1MkRDeXlv6eif9YWzP3w1M4l6+WOhowfyKU5N1scEf2gPIa5uqdzL3YTWWVid/EjTx4WNLO4w8FRRxxabcqAZ6rmw5CEHfQyXfqCW+v5d3thkylYpHMGohf7BifF0oDiJkaQUgO6vQBOpSbkLZ/ZCth4RqDEmZPO8DH25Hr+rkYZleWQoNL5JpHAMlNMHAOk+b2icBT+qw0+1zpzHuQow+48BkCLwQNyZmkqJB4SABzx5JWC8nLMczvpJqkWhG/Nzp5PdoDrsqxTNt9oaTUWdBDgFCTDduisyqvtzn6UOJJn6+hKqdxMyT1bcezd9s4AiJTTBzpLy560QrANyEIX+nt2yR8fJhfg+R4RsXw0hVlYh31a9oG2+NwCwBaTrCML97m/lVFsoSb4uJ1rwqUKbdzCV3EB2xINkkKXwafYh5lHMjo7TPcgo0VQIe2lSWLiHF4h3HTD/HIP0NqxIm+Pk5pVE99gC+IUUXlmhJQ== + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKdXYzPIq8kHRJtDrh21wMVI76AnuPk7HDLeDteKN74 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtxsljGhy2DWg9/VwyRwsz2xEfscEuXOgd+z9aXLBXjEEPedzVAs84fAo981ap4xVmbB7gZOPwDM0jWWrGhv94WbWG5ZA7RjoAdp7EscCtv68r2gudagfxvaRHFQntgZt0c5tJztleXYLjaSvH5Nk/TDnVmOKiVKz/DZLuUx80YTb0udtz4qmFxSLswVbCr5YDtkdfaZ2fef3uEq21siVe+KNwL3gurBSUMKiWAPcQiSlBFXOjt0dLT3juy3D7ck3RaLirq07xeJvrJwDghEpvSpZnPZf7v8UmyIyv90edjC/0YogJV962IMzoT8s8+179glEKQBNHHRPm0KdX1BKjOpAFhx3zcTK6cxbG5Zbjcq0Vw86SjsiO4gz8QkBda6o/AtvqdQ8KOg+IpfVJ/j9/zyIeU1Ep9oWXzmx8i2s+rSTkNTdvi1lTKGpTCD2jFa5uxisR5dVoeKxMsJNaS7NxjIo0ZARriwGMnh+s8mA3ZZVYqnKJsGMUs02I0aSd0QU= + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLTxDZjy70GF3lZIePu/yz0lqaglkIYm2actUb4/Fq43z1VkSsdUKknCZuMnnAuHoAI3nMs8bmm5Ba9Kc9mqfZg8A6LYUYjUbRyv1qUgfok80G4k6JqUdly9E6CiI301ysxbqzYMyX0uWz3K/mY3kClNJJVuNXw+pDu9Obm8g2BDBVH9ecQ+IVtrt8s2rwoBzb2uSCLdqpTGQvo3RF5Ds4x7uSYyMNPvyQfewUnF60PPe/BlPL1DGFXX9xYxIMnbAuQ/KnpdyB216AnOd1xakY0l7n7iw6CNbbusN0WwnuyeWtO3sD7dNBaSd6ZtwU9Vaw0tZYbrvVc2ZIG6wLX+semg//DWwvcPxAZGSUyg3KjmTS0iWLCB93bif/tzrim/cZXfe2LPYAIXtWMEELzt+iUbKOMx9zrmjZ1gcaNLOTPY4XYTSwJslER5DScz1W9VtL7cKDe+2JVsrwSIb3MMq9XwIAFptApZBlhkjLLFBu0oBJ1z8JKD9mkJb3S2uH4icsGgZU7mY8n7xl3rSurSHuM8y5gAhy7fso0U/Rk7hsUjhElwTxMRtU+zjyV8G3pUyN4yx8uYEz3KPAO/aWrZqO0uoqj+F1Mb71Bn1wNUK5QnPaDEH1ByzTGIAIyJgs++i/KxiTwIskpR02ZrN87cw8ZzDSnL/fegF12UQhzN4o5Q== + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNEsOytypejPqd4csAycRShsJAtCKAy/PxXtTzcpoU7PTLaxTGiZUGhZ33pZ86/hzyA8/GksvHsYj3tumILe1HTdV2rKGkbRIYJ8sAEkmhKtEiC0PuXVCLS4zy7YMOIQAJ1edn0RUqvAe+rb/E50eucqzJeMriEuWUtrLZpRRaUCQOmqTkTpxHR3T+5TF+ia/ii4ZY3VwsChVrPHfoVNk3NGSb8hPsjuSE61kwYxI135hHK2ZI9iv/QKUUrR9xFaMGMCAPX+9C1EhclwkeB1t4EKwam6qQs15jnhBO7kEq9oCX7vjrmra5neQD7yxkM+I0aJTYRfmldlyf/pWpGXxPn55f1eLFH5uTKxCnEJepe5P1jm24vvTdij9DF256GVjEwBrZ0ro8Pg45PT4ZT/jkAkfC+SLpQutcDggvNbOOUOjCak/lBv5bAIQOe/sbfIW6NOdWSNm6HZShYZUAfik1oXu2VasCZHcyNpwGx3p3Cr7HSVInDpzC9WGzv+hOzJ8= + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8N+eYfTO7cF0d7AAnDceARMG6ftHfomgJ4UZb2HuRe + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQComgPcG3DJaOI/Hj6SteEvwuIObe9qSLdecDHmAPLbhyvClEKN7i2AVc0UHCY10Lxxc0XsLuNPgHZYlWk1Ii9SFMHE/60MdlpP7TvcUdLBTuy0Byhx7i+0LO+vMTDJMWsil8Ivgc9xCT6iL5a/kEc3AR7FQwf3K/3jidyLpLFBy+Nliz060Y5j7X+u5sqPogdoa47qdSOJCzCD7DfThaxyPLcnNiGuco/5OoAujC/ZLCFgj2JnIrsf3ZAvl8yzrJfH3KtDK3klNlA5oc2+l92NOcTdasE7iTHZfZg3HXWvdKP5U63FsXNzisIeHkmjs4AtuTvTyCam2PEKwPuy1X+ogTBTKTSAlud5rkDeoGBIyhbO6gZTQnqb8dyLpD4mz2Fyn/6k97YcZn3KVgS6OTEzHhOOhEd1OlFlRgNdREw3YqL4B2ooq/In0GJjhPHQg6L8cyyhL+oPm2noQUp8jw9Sp42EHDgG33dYPiwbQ2eq6Ql2PLCc0M8YXJdVtFhENV6zoPTtosxx4OEWtauoART931a000/qa51cvuJX7bSEvJGhGUh3sTSYGke3X0gQKMHtVh/5iDcb0IowW0J/e/UnITwP6FgTE2AhOsEXaoJiSd4BcUUDG1mHMuLKxRSFw63V7T0XTOHSousHS8QNKMJoNe1PcaArFCJ+gOZmY68Mzw== authentication-method: - local idle-timeout: 7200 + linuxadmin-user: + password: $y$j9T$DbT6fPrCRIFoKCGhsL3pB0$Rb53YfyCdnjkUtguz8KWuI4ADfYM8WKI9XavXvzvS/C + ssh-key: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBJRPA9kC25PYrFE8+DPAvxlzj7KNAloyKPsBEHjmLFgRbkjhK3F3kNHTd/afnPx5nC5R9g7mIPXjsHnzcR9n7OxegyqEQvwGJYOC5n94UfC/Htod5FhB4FcMAR1iuJWQCmGrg+Evs4LEBdST81PKIOORsFquZ84P5i/ZifjbKE+m+3tJLu484slMZqHANNUlfmTT1MkRDeXlv6eif9YWzP3w1M4l6+WOhowfyKU5N1scEf2gPIa5uqdzL3YTWWVid/EjTx4WNLO4w8FRRxxabcqAZ6rmw5CEHfQyXfqCW+v5d3thkylYpHMGohf7BifF0oDiJkaQUgO6vQBOpSbkLZ/ZCth4RqDEmZPO8DH25Hr+rkYZleWQoNL5JpHAMlNMHAOk+b2icBT+qw0+1zpzHuQow+48BkCLwQNyZmkqJB4SABzx5JWC8nLMczvpJqkWhG/Nzp5PdoDrsqxTNt9oaTUWdBDgFCTDduisyqvtzn6UOJJn6+hKqdxMyT1bcezd9s4AiJTTBzpLy560QrANyEIX+nt2yR8fJhfg+R4RsXw0hVlYh31a9oG2+NwCwBaTrCML97m/lVFsoSb4uJ1rwqUKbdzCV3EB2xINkkKXwafYh5lHMjo7TPcgo0VQIe2lSWLiHF4h3HTD/HIP0NqxIm+Pk5pVE99gC+IUUXlmhJQ== + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKdXYzPIq8kHRJtDrh21wMVI76AnuPk7HDLeDteKN74 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtxsljGhy2DWg9/VwyRwsz2xEfscEuXOgd+z9aXLBXjEEPedzVAs84fAo981ap4xVmbB7gZOPwDM0jWWrGhv94WbWG5ZA7RjoAdp7EscCtv68r2gudagfxvaRHFQntgZt0c5tJztleXYLjaSvH5Nk/TDnVmOKiVKz/DZLuUx80YTb0udtz4qmFxSLswVbCr5YDtkdfaZ2fef3uEq21siVe+KNwL3gurBSUMKiWAPcQiSlBFXOjt0dLT3juy3D7ck3RaLirq07xeJvrJwDghEpvSpZnPZf7v8UmyIyv90edjC/0YogJV962IMzoT8s8+179glEKQBNHHRPm0KdX1BKjOpAFhx3zcTK6cxbG5Zbjcq0Vw86SjsiO4gz8QkBda6o/AtvqdQ8KOg+IpfVJ/j9/zyIeU1Ep9oWXzmx8i2s+rSTkNTdvi1lTKGpTCD2jFa5uxisR5dVoeKxMsJNaS7NxjIo0ZARriwGMnh+s8mA3ZZVYqnKJsGMUs02I0aSd0QU= + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLTxDZjy70GF3lZIePu/yz0lqaglkIYm2actUb4/Fq43z1VkSsdUKknCZuMnnAuHoAI3nMs8bmm5Ba9Kc9mqfZg8A6LYUYjUbRyv1qUgfok80G4k6JqUdly9E6CiI301ysxbqzYMyX0uWz3K/mY3kClNJJVuNXw+pDu9Obm8g2BDBVH9ecQ+IVtrt8s2rwoBzb2uSCLdqpTGQvo3RF5Ds4x7uSYyMNPvyQfewUnF60PPe/BlPL1DGFXX9xYxIMnbAuQ/KnpdyB216AnOd1xakY0l7n7iw6CNbbusN0WwnuyeWtO3sD7dNBaSd6ZtwU9Vaw0tZYbrvVc2ZIG6wLX+semg//DWwvcPxAZGSUyg3KjmTS0iWLCB93bif/tzrim/cZXfe2LPYAIXtWMEELzt+iUbKOMx9zrmjZ1gcaNLOTPY4XYTSwJslER5DScz1W9VtL7cKDe+2JVsrwSIb3MMq9XwIAFptApZBlhkjLLFBu0oBJ1z8JKD9mkJb3S2uH4icsGgZU7mY8n7xl3rSurSHuM8y5gAhy7fso0U/Rk7hsUjhElwTxMRtU+zjyV8G3pUyN4yx8uYEz3KPAO/aWrZqO0uoqj+F1Mb71Bn1wNUK5QnPaDEH1ByzTGIAIyJgs++i/KxiTwIskpR02ZrN87cw8ZzDSnL/fegF12UQhzN4o5Q== + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNEsOytypejPqd4csAycRShsJAtCKAy/PxXtTzcpoU7PTLaxTGiZUGhZ33pZ86/hzyA8/GksvHsYj3tumILe1HTdV2rKGkbRIYJ8sAEkmhKtEiC0PuXVCLS4zy7YMOIQAJ1edn0RUqvAe+rb/E50eucqzJeMriEuWUtrLZpRRaUCQOmqTkTpxHR3T+5TF+ia/ii4ZY3VwsChVrPHfoVNk3NGSb8hPsjuSE61kwYxI135hHK2ZI9iv/QKUUrR9xFaMGMCAPX+9C1EhclwkeB1t4EKwam6qQs15jnhBO7kEq9oCX7vjrmra5neQD7yxkM+I0aJTYRfmldlyf/pWpGXxPn55f1eLFH5uTKxCnEJepe5P1jm24vvTdij9DF256GVjEwBrZ0ro8Pg45PT4ZT/jkAkfC+SLpQutcDggvNbOOUOjCak/lBv5bAIQOe/sbfIW6NOdWSNm6HZShYZUAfik1oXu2VasCZHcyNpwGx3p3Cr7HSVInDpzC9WGzv+hOzJ8= + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8N+eYfTO7cF0d7AAnDceARMG6ftHfomgJ4UZb2HuRe + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQComgPcG3DJaOI/Hj6SteEvwuIObe9qSLdecDHmAPLbhyvClEKN7i2AVc0UHCY10Lxxc0XsLuNPgHZYlWk1Ii9SFMHE/60MdlpP7TvcUdLBTuy0Byhx7i+0LO+vMTDJMWsil8Ivgc9xCT6iL5a/kEc3AR7FQwf3K/3jidyLpLFBy+Nliz060Y5j7X+u5sqPogdoa47qdSOJCzCD7DfThaxyPLcnNiGuco/5OoAujC/ZLCFgj2JnIrsf3ZAvl8yzrJfH3KtDK3klNlA5oc2+l92NOcTdasE7iTHZfZg3HXWvdKP5U63FsXNzisIeHkmjs4AtuTvTyCam2PEKwPuy1X+ogTBTKTSAlud5rkDeoGBIyhbO6gZTQnqb8dyLpD4mz2Fyn/6k97YcZn3KVgS6OTEzHhOOhEd1OlFlRgNdREw3YqL4B2ooq/In0GJjhPHQg6L8cyyhL+oPm2noQUp8jw9Sp42EHDgG33dYPiwbQ2eq6Ql2PLCc0M8YXJdVtFhENV6zoPTtosxx4OEWtauoART931a000/qa51cvuJX7bSEvJGhGUh3sTSYGke3X0gQKMHtVh/5iDcb0IowW0J/e/UnITwP6FgTE2AhOsEXaoJiSd4BcUUDG1mHMuLKxRSFw63V7T0XTOHSousHS8QNKMJoNe1PcaArFCJ+gOZmY68Mzw== server-group: - name: local type: srl_nokia-aaa-types:local - srl_nokia-gnmi-server:gnmi-server: - admin-state: enable - network-instance: - - admin-state: enable - name: mgmt - tls-profile: clab-profile + srl_nokia-dns:dns: + network-instance: mgmt + server-list: + - 10.171.10.1 + - 10.171.10.2 + srl_nokia-grpc:grpc-server: + - admin-state: enable + name: insecure-mgmt + network-instance: mgmt + port: 57401 + rate-limit: 65000 + services: + - srl_nokia-grpc:gnmi + - srl_nokia-grpc:gnoi + - srl_nokia-grpc:gribi + - srl_nokia-grpc:p4rt + trace-options: + - request + - response + - common + unix-socket: + admin-state: enable + - admin-state: enable + name: mgmt + network-instance: mgmt rate-limit: 65000 + services: + - srl_nokia-grpc:gnmi + - srl_nokia-grpc:gnoi + - srl_nokia-grpc:gribi + - srl_nokia-grpc:p4rt + tls-profile: clab-profile trace-options: - request - response @@ -910,9 +1165,10 @@ srl_nokia-system:system: rotate: 3 size: '10000000' srl_nokia-ssh:ssh-server: - network-instance: - - admin-state: enable - name: mgmt + - admin-state: enable + name: mgmt + network-instance: mgmt + use-credentialz: true srl_nokia-system-banner:banner: login-banner: '................................................................ @@ -932,11 +1188,11 @@ srl_nokia-system:system: : Container: https://go.srlinux.dev/container-image : - : Docs: https://doc.srlinux.dev/0-0 : + : Docs: https://doc.srlinux.dev/24-3 : - : Rel. notes: https://doc.srlinux.dev/rn0-0-0 : + : Rel. notes: https://doc.srlinux.dev/rn24-3-2 : - : YANG: https://yang.srlinux.dev/v0.0.0 : + : YANG: https://yang.srlinux.dev/release/v24.3.2 : : Discord: https://go.srlinux.dev/discord : @@ -945,54 +1201,65 @@ srl_nokia-system:system: ................................................................ ' + srl_nokia-system-snmp:snmp: + access-group: + - community-entry: + - community: $aes1$AWBtjFCTurY1fG8=$pH/M5cgn/zKEl7OuOv8HSA== + name: RO-Community + name: SNMPv2-RO-Community + security-level: no-auth-no-priv + network-instance: + - admin-state: enable + name: mgmt srl_nokia-tls:tls: server-profile: - authenticate-client: false certificate: '-----BEGIN CERTIFICATE----- - MIIDrTCCApWgAwIBAgIUIBqNghRy9dzyI4xW/G7iX1ZTtYMwDQYJKoZIhvcNAQEL + MIID0DCCArigAwIBAgICBnowDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCVVMx - BQAwMzEVMBMGA1UEChMMY29udGFpbmVybGFiMRowGAYDVQQDExFhbnNpYmxlbGFi + CTAHBgNVBAcTADEVMBMGA1UEChMMY29udGFpbmVybGFiMQkwBwYDVQQLEwAxFzAV - IGxhYiBDQTAeFw0yMzAyMjQxODExMDBaFw0yNDAyMjQxODExMDBaMDMxFTATBgNV + BgNVBAMTDmFuc2libGUgbGFiIENBMB4XDTI0MDYyMjE1MDk1NFoXDTI1MDYyMjE1 - BAoTDGNvbnRhaW5lcmxhYjEaMBgGA1UEAxMRc3JsLmFuc2libGVsYWIuaW8wggEi + MDk1NFowUzELMAkGA1UEBhMCVVMxCTAHBgNVBAcTADEVMBMGA1UEChMMY29udGFp - MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCmTGJfHHi5bHBC6GO/VqMEqAT + bmVybGFiMQkwBwYDVQQLEwAxFzAVBgNVBAMTDnNybC5hbnNpYmxlLmlvMIIBIjAN - CEPQ16h6mlz8Ev1ESNEkf0BsLYf5YM32eHn6V1z1r2I+wWejFdxy6YntvlAEDXcS + BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfMTDTDaVdyFORkN8PEkjPcTeei9 - ki9SOCBDd5ElxS1InDVztC2QohG0n/TXKwuQNS+M6Bzl9XIeT8u1ysubSThhZA7l + OnMXMPtX4gHGrC/2JUmUJVdT8T5QBLEzCICQGJYpm4J1K7K/OWAFUIffZlR0oLQT - HOAP8tbKtb4cdKl48E3Oxzebu+Gx4Yju8qLBpTD+uoNEZDDxc4XZ1kQzaIRi6fNB + Xb9vW+aXsabxyZ8uFoDq5/PrMqTl/hze6jNmtgZTULOAazFGY+ULXKDyDlDZv+12 - BnXVtMCMoC8zp7voOAW8hOg5uPlNX4DzPx6GPIlmNvT+p6et5XqmXuok5jjvfldm + qdXbgEnu7Ooued8bcb9wCR85wbKhoeD1FT48ifQIk6eAU8xNyy6PiMW/4xYF4+m1 - zR3uznZ9ZfyQxG+Zot5Mr5kw0i+DXwB4Cg/L25OMOyDBSTMuF5E7WKgnTXyhAgMB + BcqPYTrkTCZxsdfXPEDEPZn30Arwpavv+Uy8VX626uiNIHY28Qc9Qw1m+7HTHy8j - AAGjgbgwgbUwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr + +9K0xQ+r0EHjw6WQWpe3Qs5Js0I4Z2RSDZZWQpx4dSaZrjyOchGeo/+y4wIDAQAB - BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRkdCg3wYumYOCEXvp5D83/ + o4GtMIGqMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB - oxFbfTAfBgNVHSMEGDAWgBTJiUG6PnWRQeaDvCYlatEuObMKZTA2BgNVHREELzAt + BQUHAwEwDgYDVR0OBAcEBQECAwQGMB8GA1UdIwQYMBaAFNLlMFe7s2fIb4VLOFmE - ggNzcmyCE2NsYWItYW5zaWJsZWxhYi1zcmyCEXNybC5hbnNpYmxlbGFiLmlvMA0G + g5+ebA23MEgGA1UdEQRBMD+CA3NybIIQY2xhYi1hbnNpYmxlLXNybIIOc3JsLmFu - CSqGSIb3DQEBCwUAA4IBAQDMaTvHICtB033ON9Ok3llmSTU5AsTCczMnIMIc6SM+ + c2libGUuaW+HBKwUFAKHECABAXIAIAAgAAAAAAAAAAIwDQYJKoZIhvcNAQELBQAD - nePHZopmJbQQMX+GEx1UKaqQV8WNWG9jfa8hASRh1FffKwosbOo0XJbUa+tR5rqP + ggEBABQxO1P8xid+ZNhjlT1L+HEf3mOlxy76DBF4jni6yaPPHQqbKXHWUh9hFMLK - Lan+UVqcpsxliziXO2vn65w+JK6JbKAy54v50bWmhdBfAaGcGV8TV60AGURsVZP2 + Y4uo/XIdx5oeIG8xrJ/4UCzWMiV7bGzw19kXm7L+u17IN42Wgtx0o50mrKOuc4d7 - JpHyIN0rBLPksLzZ9mFcYJbWaaGkruV+Y3tFPc2TP8AhJmq/29k8MnjOG76rsdkI + O9cgF/9tE0T5AJVOtskDHgEI71RFxfC8+NEwZkKtB6nN78en03/JDPKjRlOEc+XM - 7MaMEKxMFeOBZfwhqYiZuOjHu+cav4r6Dw3qfiCj9QF1sqA/mLLQQBwOIrwzQFji + 92/C743EZK6ttQpliFkohYZKWLdML8SRX2R/P5ks4qlhxw14TbLNVOT7tkdfJZBe - +t3aKOs20ZZwWWuuV/sXihEgn9r69a2cCliOrqoaAOe7 + pDERkQUHB6vJh7Sd1tNixdK+CndDqUEbaKSGA1/3gwQ259lQvwcgzRowgCdxtlxW - -----END CERTIFICATE----- + wDk+ysL4hAnVWCOrdlbipGFlS6U= + -----END CERTIFICATE----- ' - key: $aes$cyACHrYTECsY=$fYGcaMje0T6+b9G8OQfUHEN1vm/wELSAXmymHHcHPcnXke12tJARakN5G8Ta9He0YzHvtxx+J7bnK6hk2lZGbmB5a1y/pTxP+7S4N3/91/Ahy11mKg79R5aY6vaipPGJkji0pVMwj/5Hxlm/yQVJMOREHSXSigsUU6JMlwE4CrlrzFtRcf5IZ3KI3TrWh6EIiz8qvoCPf9LVp2qFjWJZwg/NLIEXcnpHAOTkbEh9xBTSCEed4gdRLyiBlushBvvbYm3BlbAvtRF21xaXBr9FZBt1M+NeFgxsNY30zOppIbzidZ1ZHuRGj4W33SD36i6Mxu3BvyjqC00dpqS18XCPlSIXh8vlilZpaK2613auY3idQbTJJ2DuayZWpJC51I8unoQDn+rVtbnzkGVSkvwsNmzvtNSPSc0Ifp9CptW4hZFIUJERc7kTd0XvWz+ymN+sR1uPTLlr74q6AsM7ba9YUQaMRl7RFxn7Qo47PKY496SMLwblK3IqIsWP2DtWhyMJEnkZ8WkNJntyMdGVDswApKdku4DapGmwoQxAGAjYBvzpCzYPw3D2f+g66pcpMcyvGXUIELoCu3I4kffZhrAjnQDWx5X4e2oDNmQJwLv2LqS+o63HSEpKJ0cqzpmSO/97LbMh5a9Her4W8wd9D/TiC4cmvbt8erblaF5FFnaeD0d6IU9Ud+2qHOLsWYyaZ0sByKDQ6QinHAroyEyJDXXjd0safQNut5C3sC2u72MFQmoP/f+LV2lo12g26IG0sBd6cOXDK3EPoV4JqTroV4s0XZwK1oWCWf/x8ubdpa+vJMqO2Fy+gPh6XY7/6IUMdN6jGWWsoOT3rMgGEQ7sve6wRRcd17ZepIUbyxNDRQvREqhmjhgrPIYzwIFCxguzsHUnAKgIpa8S9zYEFaXmBqZ2OhMUL65BBvponMiWxGgEgYU1JVl+HoOuPhmZf4WhS8U/MIB/rhKVqDxiZJWByCDu4VZSo6s5hyHFArBGbd3oeQ/koGReY8uCf8u9n5gIaAidpjfGSDT1tqJd+LuI5DyNSjDkp2uZ+JeIMCM8oKZ2OnqqEAZOzoFx13CFkCYFU17xuFm/Tm5medz7lXJ4g8vxc4rr4O/cv69jCdYqzVMzZB6SSSyBO+9fqKix60ua7wBR0I3fYO3m5Hk0SYfb4wyfgzrQx+5nCo2fxvb6WBC70ymXYqFw/FoXfu/cSN7jaNdH+Wea/MlAzQY7oWw+tnilWTxaCaHkgPyraGIXU6zYy+k3j0oTjw3PnrycC0fN5f5kkDDnqWT1f5hR171NOx4XYpMxP0BUwKTsfOMLnOvGbZupX1YmnzdluI2zafWtRfugaZ1D09RXBim0a6RcTwRUxIjgOriyyn/SuXHhSIxkeAHyr0qzI9+x/CJGS44DhyU223qU6w7tyLQIGugxLyQGosYdOKW/GX41uEaAK7gCo8OqnJYmsSdQGVENVs07bFiW8XOtB9efxJDihEzxaOzXe5/qjBgKDWhSEKZcaKXqa+V9aTmGdHkrZzUKV34HFC8QiHHTfTUmeQjP46y2/rLlbdidkQ523cxzXsaBA3ZvxKTmAl4HHHiJU+16J6j0XVQTQ9W+3M4r2jD28c+Tu0WwtB70U4mTAYDXM8dL1860+Di/aAhyHjDUNwsW+8FYOA5saVO5PboFHQa5QHcQLd3Prh2qDwgwIYFVxuuZUXyANFAhyUH5nY0ZqUztJyztoyG2RWbSBm/nML428NRkK4z235wem7G7nbCTIAplPDJOPOaYHVAjku2qcJq1cbRlbEIC+OP2jzJ9VEc+dvv3OhyjafdRwNBBoo2ieBPPR2jWnCwPC4Tvp7SpMICnmtmOi8WY7GT2DjT7F9LtkZaSQN/MBcOX4hHRaHAwcM26yYrSJ0f66gC7Lmpr9pJ95MpXkcT7DBFGWdxcUZGBUgaphdU1Gu2DL2OO4Rgr0WzDO1sfNKFDcUpL5KUb/P1KZxBp8IsjkzpyP6g7SjXKA23KEJe3oRbBudwuyR33Mx7ybbqTa51n7Gi/jusJRb2TIXMBzMghM/jOQL9Ccq9q9/8RWbZuqKYo4z3/cTggK+pHC207JVfbaroh24JCelV0PpsgKb7sUU3MzxPwPz+Fpvn1Yf8dyI5Kj6IaUwjVLXr3pqqOIOEUYTH6bYfrieJbtriwgz0dj7XjmDE2ijuL51gdZqmE84aS8B3PpgFFcFrXGj1h/ZCOAoJzIrhwNh6hXvAiVzxk - name: clab-profile \ No newline at end of file + key: $aes1$ATSWKgszP5gks28=$0SduUiumzR1/sZ5kOtMirQia+45v1bYv6crBTnuAbXfFhKRLstMSAlZGKtDyXedSW2wAv99XubAewY2/ndSur0QcxVqOAaT0A9tHzr44KcDGvonSdChoP9nDg+4EgRYPH18l6/d26OjutuXicDBaRMRa5UIWvhaVU44hF9DLYsujPP2W/jwT50Fw1hQm/T4s9CgD69uGraLvnuBHusTgkQSpHzK++/xzuvDbnlv00jYlc0fAJgV7rePYQDIYoTIrPwfo7DiGK7/vfGDaFNyq2urH5p4R3jPugQo61J7aegp2MT6xtAiiuPawPTjVJYP/ZMJGqXR84HxyzeLShq5jSge2qcYDNO/23pJ5zwJ49+mde1AeCT8vfq+Rfshfclyxi0EZQEYwS6yc5QrXyRxOr6WETTGutqHSs24EFvWBpV5KmAPWuHzoZ2838Rzt33NiQCQaBgHgdSCghF1MfRs6uq1QS23Fzj0hp0F4Ukp0KdBpwTNJ9yTJD2yxVvz0Jwv4XdzkwhR08OWsDl4HXAg0pGdS1d0edpnqKtV1RS+MoQRC//DuknjwI6o3Hc5LByxzW+jmYsd2ZNnUs7dB+k5x2n7K+Uim0Dt8UiO8deExuwNFq7HvIYx18xWdmGHsIkf9Zm3JMuntEVk6OxOYy/j2NQV6R+vo2ybc66hOKxlackBXOdKJ9QwG6L3DIuuE3PjT6a2Qq1VQYWcYWRtnc7JJ6mcx5SuYTvbZtHldiaL/oH2Fn6Ql9pkBoW/GS3r+MVh6rBKNd8dWPbvDqXgFEZPz/9elf4jCxCSnpdf3vaLgDymp3BaIpC8wthbe6Mosw6uNQJWIvNxsc/onIT+NWtlCS6tH7nwCwi/5XM9JCF2DWPMJ1QtkG853kLmMh8/PC5YILoTbkILdzXfCbsyWWyVXMqelFX1vvC0eQ0aRtmioSrqIqYhlUTARk6NC+jXjp5os4IeXADbuq3OfaIbtdo9iKNv+MYxqgB2PRINgTzvKYhCuxqca/q+cgguaTDWNG96jyjyL1SGkciJ0AOQ1BMH6sRl5PExoxHY65Ql1bG4neBpg+9bJTEN4AHWHTu3Eh1FYqc9OUuI1UWJHY4/pmt5uU7x2WZQ/kSSu7zrxsLwEku7S77x4k8Gs/3+MkfBp/KX6YeCZ2EeHGUjH0TZs2+Y1HUDJifBVTJz7YFsx5j73sSSZ4gtd9W9bBQ3hnKOTYFItM2TIYGd5h0jU3lnWoTgDSkvMenpPhiA1X3dHKc2jxWkBd8dzmn88W5KYWAlUOHtRi4KiQdIx42e1jOB0CJReGVOD9XleKJWC3GW2qTv3xLWjbX3T5pzn3xH0UAH2uQBX1833xOhTaqxl4OqNdtMqRmnFy59n/FUiM00qkM+2R2Qr2lm9oVY26aO5781WslGBx3Yb/gIIAYWmk3svMmjEsFV8csserfqxhenfZwiQOKKHOHuTT2KtKH1oGz4glSP1J/kjhTJ4AXUBy2WpdZf+bjC9XQDoHJu+NYOu1jppMSEJ9CnvipVGLLdoeoSubcex4Rx+JG7tVCOEmbxJQ+InAo9IGUOIcB75q0hZef677fxDXDf4BDaSUGQh8cH4mVgkOCupOXEbp/ht0qeTp15chItXGlNEoN/5IYTKLrFPaOdvAHObXMbSgFR8Nm+h2coyPS3tGVQeDKVV45CWxVOpmaaTXHWsOAyHBoaAINhzULST+qMi2zoHStcaZxO4I1EatmuUHkMywb3vp7co9yruRrStN440k6n53yEdVj511uG/CIyyK4lPlbxNSgPrHII5on5YI4X9SMozOVTb/YLFajdl/Lr38i0iphySg4ZRQvDTe55q6wG6xxUiunAdV+FQhaCTTILTM5qhvw/7ecdrfognQhzT3UkRHrxmFfXe+5xEeazWZfjSOBdVDUl0vZjsbnO5rKzuPgYg/PmYi2CerrzqfQiYJ0qErheVjwmCXqS+7udbynDB1rypMeJxSUBtz+KDvitR4m/ZU/1RsZVf/WaxMegcrJqq+YJ7l1YbRw5J0r59lm8EhVZdjVJ1ccXUtP66tASnvZTs5dxIkY5pCjZqBmnZWyZFStakyMlJzkAB96GQZRIn+bXcBvNvmoQGubzH+VP75Mn5wop9bF3txzv7+TFi0kT9zkQZHHhrbyAlvKwyGYfruuJLT/HV8yqo8ITfTCkuSSMg7n/qBdIN1vxglhQgq+TFXvuew5GE3BHyqm5iEFTBIfVxAU3o7N90 + name: clab-profile diff --git a/tests/playbooks/set-multiple-paths.yml b/tests/playbooks/set-multiple-paths.yml index a78285d..09f4a91 100644 --- a/tests/playbooks/set-multiple-paths.yml +++ b/tests/playbooks/set-multiple-paths.yml @@ -12,7 +12,7 @@ - path: /system/information/location value: Some location replace: - - path: /system/gnmi-server/trace-options + - path: /system/grpc-server[name=mgmt]/trace-options value: - request - common @@ -28,7 +28,7 @@ paths: - path: /system/information/location datastore: state - - path: /system/gnmi-server/trace-options + - path: /system/grpc-server[name=mgmt]/trace-options datastore: state - path: /system/json-rpc-server/network-instance[name=mgmt]/https datastore: state diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt index a4d2f23..51a8449 100644 --- a/tests/sanity/ignore-2.10.txt +++ b/tests/sanity/ignore-2.10.txt @@ -1,29 +1,47 @@ plugins/httpapi/srlinux.py validate-modules:missing-gplv3-license plugins/httpapi/srlinux.py validate-modules:import-before-documentation -plugins/modules/cli.py import-2.7!skip # srlinux collection requires py3.6+ +plugins/modules/cli.py import-2.7!skip # srlinux collection requires py3.10+ plugins/modules/cli.py import-3.5!skip +plugins/modules/cli.py import-3.6!skip +plugins/modules/cli.py import-3.7!skip +plugins/modules/cli.py import-3.8!skip plugins/modules/cli.py validate-modules:missing-gplv3-license plugins/modules/cli.py validate-modules:import-before-documentation plugins/modules/get.py import-2.7!skip plugins/modules/get.py import-3.5!skip +plugins/modules/get.py import-3.6!skip +plugins/modules/get.py import-3.7!skip +plugins/modules/get.py import-3.8!skip plugins/modules/get.py validate-modules:missing-gplv3-license plugins/modules/get.py validate-modules:import-before-documentation plugins/modules/config.py import-2.7!skip plugins/modules/config.py import-3.5!skip +plugins/modules/config.py import-3.6!skip +plugins/modules/config.py import-3.7!skip +plugins/modules/config.py import-3.8!skip plugins/modules/config.py validate-modules:missing-gplv3-license plugins/modules/config.py validate-modules:import-before-documentation plugins/modules/validate.py import-2.7!skip plugins/modules/validate.py import-3.5!skip +plugins/modules/validate.py import-3.6!skip +plugins/modules/validate.py import-3.7!skip +plugins/modules/validate.py import-3.8!skip plugins/modules/validate.py validate-modules:missing-gplv3-license plugins/modules/validate.py validate-modules:import-before-documentation +plugins/module_utils/srlinux.py compile-2.7!skip +plugins/module_utils/srlinux.py compile-3.5!skip plugins/module_utils/srlinux.py import-2.7!skip plugins/module_utils/srlinux.py import-3.5!skip +plugins/module_utils/srlinux.py import-3.6!skip +plugins/module_utils/srlinux.py import-3.7!skip +plugins/module_utils/srlinux.py import-3.8!skip plugins/module_utils/const.py import-2.7!skip plugins/module_utils/const.py import-3.5!skip plugins/module_utils/const.py compile-2.7!skip plugins/module_utils/const.py compile-3.5!skip -plugins/module_utils/srlinux.py compile-2.7!skip -plugins/module_utils/srlinux.py compile-3.5!skip +plugins/module_utils/const.py import-3.6!skip +plugins/module_utils/const.py import-3.7!skip +plugins/module_utils/const.py import-3.8!skip plugins/module_utils/const.py future-import-boilerplate!skip plugins/module_utils/const.py metaclass-boilerplate!skip tests/playbooks/golden/clab-ansible-srl.cfg.yml yamllint!skip \ No newline at end of file diff --git a/tests/sanity/ignore-2.14.txt b/tests/sanity/ignore-2.14.txt index a4d2f23..51a8449 100644 --- a/tests/sanity/ignore-2.14.txt +++ b/tests/sanity/ignore-2.14.txt @@ -1,29 +1,47 @@ plugins/httpapi/srlinux.py validate-modules:missing-gplv3-license plugins/httpapi/srlinux.py validate-modules:import-before-documentation -plugins/modules/cli.py import-2.7!skip # srlinux collection requires py3.6+ +plugins/modules/cli.py import-2.7!skip # srlinux collection requires py3.10+ plugins/modules/cli.py import-3.5!skip +plugins/modules/cli.py import-3.6!skip +plugins/modules/cli.py import-3.7!skip +plugins/modules/cli.py import-3.8!skip plugins/modules/cli.py validate-modules:missing-gplv3-license plugins/modules/cli.py validate-modules:import-before-documentation plugins/modules/get.py import-2.7!skip plugins/modules/get.py import-3.5!skip +plugins/modules/get.py import-3.6!skip +plugins/modules/get.py import-3.7!skip +plugins/modules/get.py import-3.8!skip plugins/modules/get.py validate-modules:missing-gplv3-license plugins/modules/get.py validate-modules:import-before-documentation plugins/modules/config.py import-2.7!skip plugins/modules/config.py import-3.5!skip +plugins/modules/config.py import-3.6!skip +plugins/modules/config.py import-3.7!skip +plugins/modules/config.py import-3.8!skip plugins/modules/config.py validate-modules:missing-gplv3-license plugins/modules/config.py validate-modules:import-before-documentation plugins/modules/validate.py import-2.7!skip plugins/modules/validate.py import-3.5!skip +plugins/modules/validate.py import-3.6!skip +plugins/modules/validate.py import-3.7!skip +plugins/modules/validate.py import-3.8!skip plugins/modules/validate.py validate-modules:missing-gplv3-license plugins/modules/validate.py validate-modules:import-before-documentation +plugins/module_utils/srlinux.py compile-2.7!skip +plugins/module_utils/srlinux.py compile-3.5!skip plugins/module_utils/srlinux.py import-2.7!skip plugins/module_utils/srlinux.py import-3.5!skip +plugins/module_utils/srlinux.py import-3.6!skip +plugins/module_utils/srlinux.py import-3.7!skip +plugins/module_utils/srlinux.py import-3.8!skip plugins/module_utils/const.py import-2.7!skip plugins/module_utils/const.py import-3.5!skip plugins/module_utils/const.py compile-2.7!skip plugins/module_utils/const.py compile-3.5!skip -plugins/module_utils/srlinux.py compile-2.7!skip -plugins/module_utils/srlinux.py compile-3.5!skip +plugins/module_utils/const.py import-3.6!skip +plugins/module_utils/const.py import-3.7!skip +plugins/module_utils/const.py import-3.8!skip plugins/module_utils/const.py future-import-boilerplate!skip plugins/module_utils/const.py metaclass-boilerplate!skip tests/playbooks/golden/clab-ansible-srl.cfg.yml yamllint!skip \ No newline at end of file diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt new file mode 100644 index 0000000..51a8449 --- /dev/null +++ b/tests/sanity/ignore-2.15.txt @@ -0,0 +1,47 @@ +plugins/httpapi/srlinux.py validate-modules:missing-gplv3-license +plugins/httpapi/srlinux.py validate-modules:import-before-documentation +plugins/modules/cli.py import-2.7!skip # srlinux collection requires py3.10+ +plugins/modules/cli.py import-3.5!skip +plugins/modules/cli.py import-3.6!skip +plugins/modules/cli.py import-3.7!skip +plugins/modules/cli.py import-3.8!skip +plugins/modules/cli.py validate-modules:missing-gplv3-license +plugins/modules/cli.py validate-modules:import-before-documentation +plugins/modules/get.py import-2.7!skip +plugins/modules/get.py import-3.5!skip +plugins/modules/get.py import-3.6!skip +plugins/modules/get.py import-3.7!skip +plugins/modules/get.py import-3.8!skip +plugins/modules/get.py validate-modules:missing-gplv3-license +plugins/modules/get.py validate-modules:import-before-documentation +plugins/modules/config.py import-2.7!skip +plugins/modules/config.py import-3.5!skip +plugins/modules/config.py import-3.6!skip +plugins/modules/config.py import-3.7!skip +plugins/modules/config.py import-3.8!skip +plugins/modules/config.py validate-modules:missing-gplv3-license +plugins/modules/config.py validate-modules:import-before-documentation +plugins/modules/validate.py import-2.7!skip +plugins/modules/validate.py import-3.5!skip +plugins/modules/validate.py import-3.6!skip +plugins/modules/validate.py import-3.7!skip +plugins/modules/validate.py import-3.8!skip +plugins/modules/validate.py validate-modules:missing-gplv3-license +plugins/modules/validate.py validate-modules:import-before-documentation +plugins/module_utils/srlinux.py compile-2.7!skip +plugins/module_utils/srlinux.py compile-3.5!skip +plugins/module_utils/srlinux.py import-2.7!skip +plugins/module_utils/srlinux.py import-3.5!skip +plugins/module_utils/srlinux.py import-3.6!skip +plugins/module_utils/srlinux.py import-3.7!skip +plugins/module_utils/srlinux.py import-3.8!skip +plugins/module_utils/const.py import-2.7!skip +plugins/module_utils/const.py import-3.5!skip +plugins/module_utils/const.py compile-2.7!skip +plugins/module_utils/const.py compile-3.5!skip +plugins/module_utils/const.py import-3.6!skip +plugins/module_utils/const.py import-3.7!skip +plugins/module_utils/const.py import-3.8!skip +plugins/module_utils/const.py future-import-boilerplate!skip +plugins/module_utils/const.py metaclass-boilerplate!skip +tests/playbooks/golden/clab-ansible-srl.cfg.yml yamllint!skip \ No newline at end of file diff --git a/tests/sanity/ignore-2.16.txt b/tests/sanity/ignore-2.16.txt new file mode 100644 index 0000000..51a8449 --- /dev/null +++ b/tests/sanity/ignore-2.16.txt @@ -0,0 +1,47 @@ +plugins/httpapi/srlinux.py validate-modules:missing-gplv3-license +plugins/httpapi/srlinux.py validate-modules:import-before-documentation +plugins/modules/cli.py import-2.7!skip # srlinux collection requires py3.10+ +plugins/modules/cli.py import-3.5!skip +plugins/modules/cli.py import-3.6!skip +plugins/modules/cli.py import-3.7!skip +plugins/modules/cli.py import-3.8!skip +plugins/modules/cli.py validate-modules:missing-gplv3-license +plugins/modules/cli.py validate-modules:import-before-documentation +plugins/modules/get.py import-2.7!skip +plugins/modules/get.py import-3.5!skip +plugins/modules/get.py import-3.6!skip +plugins/modules/get.py import-3.7!skip +plugins/modules/get.py import-3.8!skip +plugins/modules/get.py validate-modules:missing-gplv3-license +plugins/modules/get.py validate-modules:import-before-documentation +plugins/modules/config.py import-2.7!skip +plugins/modules/config.py import-3.5!skip +plugins/modules/config.py import-3.6!skip +plugins/modules/config.py import-3.7!skip +plugins/modules/config.py import-3.8!skip +plugins/modules/config.py validate-modules:missing-gplv3-license +plugins/modules/config.py validate-modules:import-before-documentation +plugins/modules/validate.py import-2.7!skip +plugins/modules/validate.py import-3.5!skip +plugins/modules/validate.py import-3.6!skip +plugins/modules/validate.py import-3.7!skip +plugins/modules/validate.py import-3.8!skip +plugins/modules/validate.py validate-modules:missing-gplv3-license +plugins/modules/validate.py validate-modules:import-before-documentation +plugins/module_utils/srlinux.py compile-2.7!skip +plugins/module_utils/srlinux.py compile-3.5!skip +plugins/module_utils/srlinux.py import-2.7!skip +plugins/module_utils/srlinux.py import-3.5!skip +plugins/module_utils/srlinux.py import-3.6!skip +plugins/module_utils/srlinux.py import-3.7!skip +plugins/module_utils/srlinux.py import-3.8!skip +plugins/module_utils/const.py import-2.7!skip +plugins/module_utils/const.py import-3.5!skip +plugins/module_utils/const.py compile-2.7!skip +plugins/module_utils/const.py compile-3.5!skip +plugins/module_utils/const.py import-3.6!skip +plugins/module_utils/const.py import-3.7!skip +plugins/module_utils/const.py import-3.8!skip +plugins/module_utils/const.py future-import-boilerplate!skip +plugins/module_utils/const.py metaclass-boilerplate!skip +tests/playbooks/golden/clab-ansible-srl.cfg.yml yamllint!skip \ No newline at end of file diff --git a/tests/sanity/ignore-2.17.txt b/tests/sanity/ignore-2.17.txt new file mode 100644 index 0000000..51a8449 --- /dev/null +++ b/tests/sanity/ignore-2.17.txt @@ -0,0 +1,47 @@ +plugins/httpapi/srlinux.py validate-modules:missing-gplv3-license +plugins/httpapi/srlinux.py validate-modules:import-before-documentation +plugins/modules/cli.py import-2.7!skip # srlinux collection requires py3.10+ +plugins/modules/cli.py import-3.5!skip +plugins/modules/cli.py import-3.6!skip +plugins/modules/cli.py import-3.7!skip +plugins/modules/cli.py import-3.8!skip +plugins/modules/cli.py validate-modules:missing-gplv3-license +plugins/modules/cli.py validate-modules:import-before-documentation +plugins/modules/get.py import-2.7!skip +plugins/modules/get.py import-3.5!skip +plugins/modules/get.py import-3.6!skip +plugins/modules/get.py import-3.7!skip +plugins/modules/get.py import-3.8!skip +plugins/modules/get.py validate-modules:missing-gplv3-license +plugins/modules/get.py validate-modules:import-before-documentation +plugins/modules/config.py import-2.7!skip +plugins/modules/config.py import-3.5!skip +plugins/modules/config.py import-3.6!skip +plugins/modules/config.py import-3.7!skip +plugins/modules/config.py import-3.8!skip +plugins/modules/config.py validate-modules:missing-gplv3-license +plugins/modules/config.py validate-modules:import-before-documentation +plugins/modules/validate.py import-2.7!skip +plugins/modules/validate.py import-3.5!skip +plugins/modules/validate.py import-3.6!skip +plugins/modules/validate.py import-3.7!skip +plugins/modules/validate.py import-3.8!skip +plugins/modules/validate.py validate-modules:missing-gplv3-license +plugins/modules/validate.py validate-modules:import-before-documentation +plugins/module_utils/srlinux.py compile-2.7!skip +plugins/module_utils/srlinux.py compile-3.5!skip +plugins/module_utils/srlinux.py import-2.7!skip +plugins/module_utils/srlinux.py import-3.5!skip +plugins/module_utils/srlinux.py import-3.6!skip +plugins/module_utils/srlinux.py import-3.7!skip +plugins/module_utils/srlinux.py import-3.8!skip +plugins/module_utils/const.py import-2.7!skip +plugins/module_utils/const.py import-3.5!skip +plugins/module_utils/const.py compile-2.7!skip +plugins/module_utils/const.py compile-3.5!skip +plugins/module_utils/const.py import-3.6!skip +plugins/module_utils/const.py import-3.7!skip +plugins/module_utils/const.py import-3.8!skip +plugins/module_utils/const.py future-import-boilerplate!skip +plugins/module_utils/const.py metaclass-boilerplate!skip +tests/playbooks/golden/clab-ansible-srl.cfg.yml yamllint!skip \ No newline at end of file