yang base module¶
Generic yang handler module. This module only provides the basic yang support. Other modules add support for the device yang model.
Building Block Disclaimer¶
This module is licensed under the Inmanta EULA.
This module is an Inmanta internal tool, with no other purpose than assisting in the construction of specific other modules. This module provides no functionality of its own, has no implied warranties and has no fitness for any particular purpose. It requires specific training to use safely.
No support is provided on this module except through Inmanta supported and licensed modules that use its functionality.
Configuration¶
Credentials are always fetched from the environment variables. However, the name of this variable is configurable in the credentials entity. The device specific module should provide this.
By default the handler uses an RPC timeout of 30s. However, for large configuration trees this might not be sufficient. This value can be changed by setting the NETCONF_RPC_TIMEOUT environment variable. The value is a number expressed in seconds.
The ssh configuration of the client can be giving a path to a valid OpenSSH configuration file in NETCONF_SSH_CONFIG environment variable. If true
is set instead of a path, the default path will be ~/.ssh/config
as described here: https://github.com/ncclient/ncclient/blob/96fd03730ffad77c05d978303602673f39be35a8/ncclient/transport/ssh.py#L209
Device configuration is available through set of environment variables. Fallback mechanism is implemented - if vendor-specific value is not provided, common value of parameter is used. For example if YANG_JUNIPER_PORT
is not available, YANG_DEVICE_PORT
is used.
Middle section of variable name is used to identify a vendor. DEVICE
is a common/fallback one. Currently available vendors are: NOKIA
, CISCO
, JUNIPER
Advanced usage¶
Yin file in-memory caching¶
The yang module relies on big xml files to read the schema of the resources a device expects to receive. These xml files are loaded into memory once by module and by device. For some vendors (i.e. juniper), that can result in big memory consumption. The yang module offers the possibility to cache and share these yin files in memory, which can be very handy when all of the managed devices use the same model.
Advantage: no matter how many devices you have, your memory consumption is constant.
Disadvantage: the cache is persisted in memory and never invalidated, even if you stop managing the devices, or get a newer version of the device schema. The only way of clearing it is to restart the agent.
This feature is disabled by default, to enabled it, you need to set the environment variable YANG_NCDIFF_MODEL_CACHE_ENABLED
to true
.
Experimental diff calculation¶
A new standalone diff calculation method was added to this module. It aims to provide better diff in dryrun and reduce resource usage.
Diff calculation is controlled with INMANTA_YANG_DIFF_MODE
environment variable.
There are 3 allowed values:
ncdiff
- default if env not set, calculations are done with ncdiff; recommended for production usenon-ncdiff
- use only the new, standalone approachshadow
- calculate diff using both methods and compare if they behave in the same way. The behavior is the same as inncdiff
, but additional debug logs may be produced.
When env variable is not set at all, and PIP_INDEX_URL
points to Inmanta’s internal service, shadow
mode is enabled by default.
On-device diff detection during dry run¶
Some devices allow to calculate config difference between candidate and running netconf datastores. It provides the most reliable approach to determine whether config is in-sync with the desired state. Because of a need to lock device’s configuration and slightly longer diff time, this feature is only used during dry runs.
If a device does not support diff calculation, the handler will fall back to local diff method, which is the standard way of operation.
To completely disable on-device diff, set INMANTA_YANG_DISABLE_ON_DEVICE_DIFF
environment variable to true
.