-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
Dublin Release, El Alto Release
-
None
I am assisting a VNF vendor onboard their VNF to ONAP. As part of this activity they want to implement scale out using the ConfigureScaleOut action on APPC. Their VNF only supports netconf and uses ConfD. We ran into an issue we think is similar to one described here:
https://jira.onap.org/browse/APPC-1617
Issue is around capabilities exchange not happening when connection is established from APPC to ConfD server during the configScaleOut processing. Note that configScaleOut uses JCraft JSch library for SSH transport.
However; during an ODL mount, capabilities exchange happens properly. The ODL mount uses the Apache SSD library for SSH transport.
When analyzing the logs (APPC and ConfD), during the ODL mount we see ssh login logs on ConfD and soon afterwards it allocates a netconf session. During configScaleOut we see ssh login logs as well but no netconf session is allocated.
We took a look at the how APPC uses JCraft JSch:
In the connect code we were wondering why PTY is being set to true as it could cause issue
We managed to confirm this using the ssh command line
when we do ssh without forcing pseuso-terminal allocation option, the connection succeeds and ConfD sends a hello
ssh vnfuser@10.0.0.50 -p 830 -s netconf vnfuser@10.0.0.50's password: <?xml version="1.0" encoding="UTF-8"?> <hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <capabilities> <capability>urn:ietf:params:netconf:base: ---> we recive hello
ConfD logs confirm a successful allocation of netconf session
<INFO> 7-Nov-2019::03:10:33.331 vnf-oct23-vnf-instance-14-xxx-riq72zdg3kdt confd[9245]: audit user: vnfuser/0 local authentication succeeded via netconf from 10.0.0.10:47878 with ssh, member of gro ups: vsmuser <INFO> 7-Nov-2019::03:10:33.331 vnf-oct23-vnf-instance-14-xxx-riq72zdg3kdt confd[9245]: audit user: vnfuser/0 logged in via netconf from 10.0.0.10:47878 with ssh using local authentication <INFO> 7-Nov-2019::03:10:33.332 vnf-oct23-vnf-instance-14-xxx-riq72zdg3kdt confd[9245]: audit user: vnfuser/80 assigned to groups: vnfuser==> netconf.log1 <== <INFO> 7-Nov-2019::03:10:33.333 vnf-oct23-vnf-instance-14-xxxx-riq72zdg3kdt confd[9245]: netconf id=80 new ssh session for user "vnfuser" from 10.0.0.10==> netconf.trace.log1 <== **> sess:80 new session
When we do same command but force pseudo-terminal allocation (-t option), no hello is received from ConfD
root@rancher:~# ssh -t vnfuser@10.0.0.50 -p 830 -s netconf vnfuser@10.0.0.50's password: Connection to 10.0.0.50 closed.
ConfD logs confirm that no netconf session is being allocated in this case
<INFO> 7-Nov-2019::03:14:29.322 vnf-oct23-vnf-instance-14-xxx-riq72zdg3kdt confd[9245]: audit user: vnfuser/0 local authentication succeeded via netconf from 10.0.0.10:47880 with ssh, member of groups: vsmuser <INFO> 7-Nov-2019::03:14:29.322 vnf-oct23-vnf-instance-14-xxx-riq72zdg3kdt confd[9245]: audit user: vnfuser/0 logged in via netconf from 10.0.0.10:47880 with ssh using local authentication <INFO> 7-Nov-2019::03:14:29.324 vnf-oct23-vnf-instance-14-xxx-riq72zdg3kdt confd[9245]: audit user: vnfuser/0 logged out <local> user