Readme

.gitignore

@@ -159,4 +159,7 @@ cython_debug/
 #  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
+#.idea/
+
+*.bak
+example-topologies/*/

README.md

@@ -1,70 +1,184 @@
-# Containerlab EDA Connector tool
-
-> :warning: **Made for EDA version 24.8.1**
-
-There are two ways of creating a network and experiment with the functions that EDA provides. The first one is having real hardware, and the second one is the sandbox system. Both approaches have drawbacks, however: real hardware is sometimes difficult to come by and lab space / lab installment is difficult to set up and maintain - especially for large setups. The sandbox system is very flexible, although it is much more difficult to add secondary containers such as authentication servers, linux testboxes, or establishing external connectivity.
-
-[Containerlab](https://containerlab.dev/) provides a very elegant solution to these problems, and this tool aims to provide a smooth experience for onboarding a containerlab topology into the EDA application. It is not a replacement for containerlab (so it won't define architectures for you - although some [examples](./example-topologies/) are provided in this repository), nor is it an extension of containerlab. This tool will not check whether the containerlab setup has been named correctly, or is ready to accept configuration from EDA. It is however created to work with a brand new containerlab setup that has not been touched manually.
-
-## Check this first!
-
-Below is a list of prerequisites before you can run the script. Please check them first. If you have checked all these prerequisites and the script is still not working correctly, please create a Github issue or [mail me](mailto:zeno.dhaene@nokia.com). 
-- your EDA setup should be set up without simulation. This requires a special parameter when EDA is initially installed. **This tool will not work with a 'typical' installation**
-- you should be able to ping your containerlab's management IP from your EDA node(s)
-- the containerlab should be deployed with the required [startup configuration](./startup-configurations/)
-- this program does not use the proxy (e.g. `$http_proxy`) variables. Instead, optional arguments were provided if you want to specify a proxy to reach your FSS. Note that they have not been tested very well, so please reach out if it's not working as expected
-- the software image for your node must be uploaded first using the template below (replace the version numbers as necessary). I plan to include this step in this tool, but it has not yet been done.
-- change the password of the default user that connects to the remote nodes
-
-```yaml
----
-apiVersion: artifacts.eda.nokia.com/v1
-kind: Artifact
-metadata:
-  name: srlinux-24.7.1-bin
-spec:
-  repo: srlimages
-  filePath: srlinux.bin
-  remoteFileUrl:
-    fileUrl: http://<http-server>:8080/SRLinux/srlinux-24.7.1-330.bin
----
-apiVersion: artifacts.eda.nokia.com/v1
-kind: Artifact
-metadata:
-  name: srlinux-24.7.1-md5
-spec:
-  repo: srlimages
-  filePath: srlinux.md5
-  remoteFileUrl:
-    fileUrl: http://<http-server>:8080/SRLinux/srlinux-24.7.1-330.bin.md5
-```
-
-Apply this configuration on EDA with the `kubectl apply -f artifacts.yaml` command. 
+# Containerlab EDA Connector Tool
+
+
+Integrate your [Containerlab](https://containerlab.dev/) topology seamlessly with [EDA (Event-Driven Automation)](https://docs.eda.dev) to streamline network automation and management.
+
+## Overview
+
+There are two primary methods to create and experiment with network functions provided by EDA:
+
+1. **Real Hardware:** Offers robust and reliable performance but can be challenging to acquire and maintain, especially for large-scale setups.
+2. **Sandbox System:** Highly flexible and cost-effective but limited in adding secondary containers like authentication servers or establishing external connectivity.
+
+[Containerlab](https://containerlab.dev/) bridges these gaps by providing an elegant solution for network emulation using container-based topologies. This tool enhances your Containerlab experience by automating the onboarding process into EDA, ensuring a smooth and efficient integration.
+
+## 🚨 Important Requirements
+
+> [!IMPORTANT]
+> **EDA Installation Mode:** This tool **requires EDA to be installed with `Simulate=False`**. Ensure that your EDA deployment is configured accordingly.
+>
+> **Hardware License:** A valid **`hardware license` for EDA version 24.12.0** is mandatory for using this connector tool.
+
+## Prerequisites
+
+Before running the Containerlab EDA Connector tool, ensure the following prerequisites are met:
+
+- **EDA Setup:**
+  - Installed without simulation (`Simulate=False`).
+  - Contains a valid `hardware license` for version 24.12.0.
+- **Network Connectivity:**
+  - EDA nodes can ping the Containerlab's management IP.
+- **Containerlab Configuration:**
+  - Deployed with the required [startup configurations](./startup-configurations/).
+- **srlinux YANG Models:**
+  - The `srlinux-yang-models` for your specific SR Linux version must be uploaded to EDA. By default, `srlinux-yang-models` for SR Linux version `24.10.1` are installed. For other versions, you need to create and apply an Artifact.
+
+    **Example Artifact YAML for SR Linux 24.7.1:**
+    ~~~yaml
+    apiVersion: artifacts.eda.nokia.com/v1
+    kind: Artifact
+    metadata:
+      name: srlinux-ghcr-24.7.1
+      namespace: eda-system
+    spec:
+      filePath: srlinux-24.7.1.zip
+      remoteFileUrl:
+        fileUrl: https://github.com/nokia/srlinux-yang-models/releases/download/v24.7.1/srlinux-24.7.1.zip
+      repo: schemaprofiles
+    ~~~
+
+    Apply this configuration using:
+    ~~~
+    kubectl apply -f path/to/artifact.yaml
+    ~~~
+
+    You can find all YANG model releases [here](https://github.com/nokia/srlinux-yang-models/releases).
+
+> [!TIP]
+> **Network Connectivity between Kind and Containerlab:**
+>
+> If you're running EDA in Kind (Kubernetes in Docker) and Containerlab on the same host, and need network connectivity between the EDA nodes and the Containerlab containers, you can add the following iptables rules:
+>
+> ```bash
+> sudo iptables -I DOCKER-ISOLATION-STAGE-2 1 -i <kind_bridge> -o <clab_bridge> -j ACCEPT
+> sudo iptables -I DOCKER-ISOLATION-STAGE-2 1 -i <clab_bridge> -o <kind_bridge> -j ACCEPT
+> ```
+>
+> Replace `<kind_bridge>` and `<clab_bridge>` with the actual bridge names used by Kind and Containerlab respectively.
+
+
+> [!NOTE]
+> **Proxy Settings:** This tool does not utilize the system's proxy (`$http_proxy`) variables. Instead, it provides optional arguments to specify HTTP and HTTPS proxies for communicating with EDA.
 
 ## Installation
 
-1. Create a new Python environment: 
+Follow these steps to set up the Containerlab EDA Connector tool:
+
+> [!TIP]
+> Using a virtual environment is recommended to avoid version conflicts with global Python packages.
+
+
+1. **Create a Virtual Environment:**
+
+    ```
+    python3 -m venv venv/
+    ```
+
+
+2. **Activate the Virtual Environment:**
+
 
-    `python3 -m venv venv/`
-2. Activate the Python environment
+    ```
+    source venv/bin/activate
+    ```
+
+
+3. **Upgrade pip:**
+
+    ```
+    python -m pip install --upgrade pip
+    ```
+
+4. **Install Required Python Modules:**
+
+    ```
+    python -m pip install -r requirements.txt
+    ```
 
-    `source venv/bin/activate`
-3. Upgrade pip
+5. **Verify Installation:**
 
-    `python -m pip install --upgrade pip`
-4. Install the required python modules
+    ```
+    python eda_containerlab_connector.py --help
+    ```
 
-    `python -m pip install -r requirements.txt`
-5. Run the tool
+## Usage
 
-    `python eda_containerlab_connector.py --help`
+The tool offers two primary subcommands: `integrate` and `remove`.
+
+### Integrate Containerlab with EDA
+
+Integrate your Containerlab topology into EDA:
+
+```
+python eda_containerlab_connector.py integrate \
+    --topology-file path/to/topology.yaml \
+    --eda-url https://eda.example.com \
+    --eda-user admin \
+    --eda-password yourpassword \
+    --http-proxy http://proxy.example.com:8080 \
+    --https-proxy https://proxy.example.com:8443 \
+    --verify
+```
 
-## Running the tool
+### Remove Containerlab Integration from EDA
+
+Remove the previously integrated Containerlab topology from EDA:
+
+```
+python eda_containerlab_connector.py remove \
+    --topology-file path/to/topology.yaml \
+    --eda-url https://eda.example.com \
+    --eda-user admin \
+    --eda-password yourpassword
+```
+
+> [!NOTE]
+> **Logging Levels:** Use the `--log-level` flag to set the desired logging verbosity (`DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`). For example, `--log-level DEBUG` provides detailed logs for troubleshooting.
+
+### Example Command
+
+```
+python eda_containerlab_connector.py integrate -t example-topology.yaml -e https://eda.example.com -u admin -p adminpassword -l INFO
+```
+
+## Example Topologies
+
+Explore the [example-topologies](./example-topologies/) directory for sample Containerlab topology files to get started quickly.
+
+## Instruction video
 
 The video below shows off how the tool can be run:
 
-![Instruction video](./assets/demo.mp4)
+<a href="./assets/demo.mp4">View demo video</a>
+
+## Requesting Support
+
+If you encounter issues or have questions, please reach out through the following channels:
+
+- **GitHub Issues:** [Create an issue](https://github.com/eda-labs/clab-connector/issues) on GitHub.
+- **Discord:** Join our [Discord community](https://eda.dev/discord) 
+
+
+> [!TIP]
+> Running the script with `-l INFO` or `-l DEBUG` flags can provide additional insights into any failures or issues.
+
+## Contributing
+
+Contributions are welcome! Please fork the repository and submit a pull request with your enhancements.
+
+
+## Acknowledgements
 
-## Requesting support
+- [Containerlab](https://containerlab.dev/) for providing an excellent network emulation platform.
+- [EDA (Event-Driven Automation)](https://docs.eda.dev/) for the robust automation capabilities.
 
-You can request support through the Gitlab issues, via Discord, or personally via Teams or Mail. Note that you can run the script with the flag `-l INFO` or `-l DEBUG` flag for greater detail in where the script is failing.

example-topologies/EDA-T2.clab.yml

@@ -7,38 +7,38 @@ mgmt:
 topology:
   kinds:
     srl:
-      image: ghcr.io/nokia/srlinux:24.7.1
+      image: ghcr.io/nokia/srlinux:24.10.1
   nodes:
     spine-1:
       kind: srl
       type: ixrd3l
       mgmt-ipv4: 10.58.2.115
-      startup-config: startup/spine-1/config.cfg
+      startup-config: srlinux.cfg
     spine-2:
       kind: srl
       type: ixrd3l
       mgmt-ipv4: 10.58.2.116
-      startup-config: startup/spine-2/config.cfg
+      startup-config: srlinux.cfg
     leaf-1:
       kind: srl
       type: ixrd2l
       mgmt-ipv4: 10.58.2.117
-      startup-config: startup/leaf-1/config.cfg
+      startup-config: srlinux.cfg
     leaf-2:
       kind: srl
       type: ixrd2l
       mgmt-ipv4: 10.58.2.118
-      startup-config: startup/leaf-2/config.cfg
+      startup-config: srlinux.cfg
     leaf-3:
       kind: srl
       type: ixrd2l
       mgmt-ipv4: 10.58.2.119
-      startup-config: startup/leaf-3/config.cfg
+      startup-config: srlinux.cfg
     leaf-4:
       kind: srl
       type: ixrd2l
       mgmt-ipv4: 10.58.2.120
-      startup-config: startup/leaf-4/config.cfg
+      startup-config: srlinux.cfg
   links:
     # spine - leaf
     - endpoints: ["spine-1:e1-3", "leaf-1:e1-31"]

example-topologies/EDA-tiny.clab.yml

@@ -2,28 +2,28 @@ name: eda_tiny
 
 mgmt:
   network: eda_tiny_mgmt
-  ipv4-subnet: 10.58.2.128/28
+  ipv4-subnet: 10.58.2.0/24
 
 topology:
   kinds:
     srl:
-      image: ghcr.io/nokia/srlinux:24.7.1
+      image: ghcr.io/nokia/srlinux:24.10.1
   nodes:
     dut1:
       kind: srl
       type: ixrd3l
       mgmt-ipv4: 10.58.2.130
-      startup-config: startup/dut1/config.cfg
+      startup-config: srlinux.cfg
     dut2:
       kind: srl
       type: ixrd3l
       mgmt-ipv4: 10.58.2.131
-      startup-config: startup/dut2/config.cfg
+      startup-config: srlinux.cfg
     dut3:
       kind: srl
       type: ixrd5
       mgmt-ipv4: 10.58.2.132
-      startup-config: startup/dut3/config.cfg
+      startup-config: srlinux.cfg
   links:
     # spine - leaf
     - endpoints: ["dut1:e1-1", "dut3:e1-1"]

example-topologies/srlinux.cfg

@@ -0,0 +1,31 @@
+set / acl acl-filter cpm type ipv4 entry 261
+set / acl acl-filter cpm type ipv4 entry 261 description "Accept incoming gNMI messages when the other host initiates the TCP connection"
+set / acl acl-filter cpm type ipv4 entry 261 action
+set / acl acl-filter cpm type ipv4 entry 261 action accept
+set / acl acl-filter cpm type ipv4 entry 261 match
+set / acl acl-filter cpm type ipv4 entry 261 match ipv4 protocol tcp
+set / acl acl-filter cpm type ipv4 entry 261 match transport
+set / acl acl-filter cpm type ipv4 entry 261 match transport destination-port
+set / acl acl-filter cpm type ipv4 entry 261 match transport destination-port operator eq
+set / acl acl-filter cpm type ipv4 entry 261 match transport destination-port value 50052
+
+set / system grpc-server discovery
+set / system grpc-server discovery admin-state enable
+set / system grpc-server discovery rate-limit 65535
+set / system grpc-server discovery session-limit 1024
+set / system grpc-server discovery metadata-authentication true
+set / system grpc-server discovery default-tls-profile true
+set / system grpc-server discovery network-instance mgmt
+set / system grpc-server discovery port 50052
+set / system grpc-server discovery services [ gnmi gnsi ]
+
+
+set / system grpc-server mgmt
+set / system grpc-server mgmt admin-state enable
+set / system grpc-server mgmt rate-limit 65535
+set / system grpc-server mgmt session-limit 1024
+set / system grpc-server mgmt metadata-authentication true
+set / system grpc-server mgmt tls-profile EDA
+set / system grpc-server mgmt network-instance mgmt
+set / system grpc-server mgmt port 57400
+set / system grpc-server mgmt services [ gnmi gnoi gnsi ]

src/node_srl.py

@@ -130,6 +130,8 @@ def get_node_profile(self, topology):
             "version_match": "v{}.*".format(self.version.replace(".", "\.")),
             "yang_path": self.YANG_PATH.format(version=self.version),
             "node_user": "admin",
+            "onboarding_password": self.SRL_PASSWORD,
+            "onboarding_username": self.SRL_USERNAME,
             "pool_name": topology.get_mgmt_pool_name(),
             "sw_image": self.SRL_IMAGE.format(version=self.version),
             "sw_image_md5": self.SRL_IMAGE_MD5.format(version=self.version),

templates/node-profile.j2

@@ -13,6 +13,8 @@ spec:
   versionMatch: {{ version_match }}
   yang: {{ yang_path }}
   nodeUser: {{ node_user }}
+  onboardingPassword: {{ onboarding_password }}
+  onboardingUsername: {{ onboarding_username}}
   dhcp:
     managementPoolv4: '{{ pool_name }}'
   images: