Comments (3)
Hi @thomarite!
The NoTLS
flag is actually a "don't verify TLS" flag. The gNMI specification states that
The session between the client and server MUST be encrypted using TLS - and a target or client MUST NOT fall back to unencrypted sessions.
as such we will always create the connection with a TLS transport, with the option to disable verification. I'm actually surprised that the Arista router started the gNMI server without TLS credentials. You should be able to get up and running with a self-signed certificate on your Arista router which you can generate with these commands:
conf t
security pki certificate generate self-signed cvp.crt key cvp.key generate rsa 2048 validity 30000 parameters common-name cvp
!
management api gnmi
transport grpc GRPC
ssl profile SELFSIGNED
!
management security
ssl profile SELFSIGNED
certificate cvp.crt key cvp.key
This could probably use some better documentation: that TLS is required and that the NoTLS
flag still initiates a TLS session but without verification. I'm thinking the NoTLS
flag should also be renamed/(or aliased) to NoTLSVerify
to be more clear.
I'll give more thought as well to possibly including the option to completely disable TLS for interoperability purposes given that it seems some implementations of gNMI targets support that.
from gnmi-gateway.
Thanks @colinmcintosh for the quick answer and clarification! I have followed your instructions and everything works fine. Yes, I think a clarification about the purpose of NoTLS could help to avoid confusions.
Anyway, it is a great tool what you have done! I will keep playing with it.
from gnmi-gateway.
I'll give more thought as well to possibly including the option to completely disable TLS for interoperability purposes given that it seems some implementations of gNMI targets support that.
I would appreciate this - Arista EOS does not require TLS, and I was querying devices successfully with gnmic and telegraf with no TLS. I was confused why gnmi-gateway would not work until I discovered this issue. Now I have to go generate self-signed certs on all my devices, or use different software.
from gnmi-gateway.
Related Issues (11)
- Support for Path.Origin field in Subscribe request HOT 4
- Cisco XR gnmi streaming telemetry error: unsupported encoding: JSON (need proto) HOT 2
- Prometheus exporter causes panic if result of e.deltaCalc.Calc(metricHash, value) is < 0 HOT 1
- Get "cache update error: update is stale," error after receiving subscription notification from a target. HOT 2
- Gateway exited with an error: could not open simple config file HOT 4
- Openconfig Path Question HOT 2
- Enhancement Request: Allow netbox configuration to be defined in JSON config file
- Feature request: Add support for Hashicorp Vault
- NX-OS issues HOT 1
- Using multiple instances within k8s deployment with zookeeper triggers panic and crashes pod
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gnmi-gateway.