AAA-Transform example

dileep · July 31, 2020, 11:55am

Hi,

I have modified users.yang to add a must statement as below

  container users {
    tailf:callpoint simple-aaa {
      tailf:transform true;
    }
   must "user/enabled='true'" {
      error-message "At least one account needs to be enabled.";
    }

When i add a user node in aaa_init.xml and run confd i am getting bellow error

31-Jul-2020::17:52:40.092 confd[15829]: - CDB load: processing file: ./confd-cdb/aaa_init.xml
31-Jul-2020::17:52:40.125 confd[15829]: - no registration found for callpoint simple-aaa/get_elem of type=external
31-Jul-2020::17:52:40.135 confd[15829]: - CDB boot error: failed to load ./confd-cdb/aaa_init.xml:59: application communication failure

josephm · July 31, 2020, 12:14pm

You have added validation dependency (must statement) to a model which requires external application (it has a callpoint…) to function.

To resolve it, you need to start ConfD in phases.
(see user guide or other examples that address “start-phase”)

Try editing the example’s Makefile:

--- a/examples.confd/misc/aaa_transform/Makefile
+++ b/examples.confd/misc/aaa_transform/Makefile
@@ -58,8 +58,11 @@ clean:       iclean
                2> /dev/null || true

 start:  stop
-       $(CONFD) -c confd.conf $(CONFD_FLAGS)
+       $(CONFD) --start-phase0 -c confd.conf $(CONFD_FLAGS)
+       $(CONFD) --wait-phase0
        ./users_aaa $(START_FLAGS) &
+       $(CONFD) --start-phase1 $(CONFD_FLAGS)
+       $(CONFD) --start-phase2 $(CONFD_FLAGS)

This allows to do step-by-step startup:

part of confd (phase0)
external dependency - transformation daemon
rest of confd - phase1/2

edit: fixed order of commands

dileep · July 31, 2020, 1:09pm

I made the changes you had mentioned, but still same error.

dileep · July 31, 2020, 1:12pm

problem with first change only

$(CONFD) --start-phase0 -c confd.conf $(CONFD_FLAGS)

josephm · July 31, 2020, 1:20pm

mea culpa - i forgot to add some sleep or explicit check after the ./users_aaa $(START_FLAGS) & - which is started on background.

try to add e.g. sleep 2 after start of users_aaa to make sure that callpoint is registered before next phase of ConfD is started:

       $(CONFD) --start-phase0 -c confd.conf $(CONFD_FLAGS)
       $(CONFD) --wait-phase0
       ./users_aaa $(START_FLAGS) &
+      sleep 2;
       $(CONFD) --start-phase1 $(CONFD_FLAGS)
       $(CONFD) --start-phase2 $(CONFD_FLAGS)

(may need longer wait on heavily loaded system, but users_aaa app is very simple, so it should be fine with very short sleep…)

dileep · July 31, 2020, 1:51pm

No. Problem with first statement its-self.

/home/dileep/tail-f/confD/bin/confd --start-phase0 -c confd.conf --addloadpath /home/dileep/tail-f/confD/etc/confd

I have tried all options, then only posted in the forum

josephm · August 3, 2020, 8:53am

ahh, mea culpa again i didn’t notice/ignored this initially:

When i add a user node in aaa_init.xml

From the above, and error encountered, I assume that you tried to add node to the /users YANG subtree, that is managed by callpoint.

The _init.xml are CDB init files. The transformed YANG model though is not stored in CDB per say, and thus cannot be used to initialize data in this way.

Imho, the ideal approach is to prepare _init.xml file contents with CDB data - /aaa:aaa/authentication/users, not the one managed/transformed by callpoint - /users.