ssh&examples

srl-labs · Jun 9, 2021 · 8593138 · 8593138
1 parent 4016ea4
commit 8593138
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 19 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.0.0
+    hooks:
+      - id: codespell
diff --git a/clab/config/transport/ssh.go b/clab/config/transport/ssh.go
@@ -3,6 +3,7 @@ package transport
 import (
 	"fmt"
 	"io"
+	"net"
 	"runtime"
 	"strings"
 	"time"
@@ -51,6 +52,38 @@ type SSHTransport struct {
 	K SSHKind
 }
 
+// Add username & password authentication
+func WithUserNamePassword(username, password string) SSHTransportOption {
+	return func(tx *SSHTransport) error {
+		tx.SSHConfig.User = username
+		if tx.SSHConfig.Auth == nil {
+			tx.SSHConfig.Auth = []ssh.AuthMethod{}
+		}
+		tx.SSHConfig.Auth = append(tx.SSHConfig.Auth, ssh.Password(password))
+		return nil
+	}
+}
+
+// Add a basic username & password to a config.
+// Will initilize the config if required
+func HostKeyCallback(callback ...ssh.HostKeyCallback) SSHTransportOption {
+	return func(tx *SSHTransport) error {
+		tx.SSHConfig.HostKeyCallback = func(hostname string, remote net.Addr, key ssh.PublicKey) error {
+			if len(callback) == 0 {
+				log.Warnf("Skipping host key verification for %s", hostname)
+				return nil
+			}
+			for _, hkc := range callback {
+				if hkc(hostname, remote, key) == nil {
+					return nil
+				}
+			}
+			return fmt.Errorf("invalid host key %s: %s", hostname, key)
+		}
+		return nil
+	}
+}
+
 func NewSSHTransport(node *types.Node, options ...SSHTransportOption) (*SSHTransport, error) {
 	switch node.Kind {
 	case "vr-sros", "srl":
@@ -59,7 +92,10 @@ func NewSSHTransport(node *types.Node, options ...SSHTransportOption) (*SSHTrans
 
 		// apply options
 		for _, opt := range options {
-			opt(c)
+			err := opt(c)
+			if err != nil {
+				return nil, err
+			}
 		}
 
 		switch node.Kind {
@@ -277,23 +313,6 @@ func (t *SSHTransport) Close() {
 	t.ses.Close()
 }
 
-// Add a basic username & password to a config.
-// Will initilize the config if required
-func WithUserNamePassword(username, password string) SSHTransportOption {
-	return func(tx *SSHTransport) error {
-		if tx.SSHConfig == nil {
-			tx.SSHConfig = &ssh.ClientConfig{}
-		}
-		tx.SSHConfig.User = username
-		if tx.SSHConfig.Auth == nil {
-			tx.SSHConfig.Auth = []ssh.AuthMethod{}
-		}
-		tx.SSHConfig.Auth = append(tx.SSHConfig.Auth, ssh.Password(password))
-		tx.SSHConfig.HostKeyCallback = ssh.InsecureIgnoreHostKey()
-		return nil
-	}
-}
-
 // Create a new SSH session (Dial, open in/out pipes and start the shell)
 // pass the authntication details in sshConfig
 func NewSSHSession(host string, sshConfig *ssh.ClientConfig) (*SSHSession, error) {

diff --git a/cmd/config.go b/cmd/config.go
@@ -73,6 +73,7 @@ var configCmd = &cobra.Command{
 						transport.WithUserNamePassword(
 							clab.DefaultCredentials[cs.TargetNode.Kind][0],
 							clab.DefaultCredentials[cs.TargetNode.Kind][1]),
+						transport.HostKeyCallback(),
 					)
 					if err != nil {
 						log.Errorf("%s: %s", kind, err)

diff --git a/lab-examples/vr05/conf1.clab.yml → lab-examples/vr05/sros4.clab.yml b/lab-examples/vr05/conf1.clab.yml → lab-examples/vr05/sros4.clab.yml
@@ -30,13 +30,17 @@ topology:
         port: 1/1/c1/1, 1/1/c2/1
         ip: 1.1.1.2/30
         vlan: "99,99"
+        isis_iid: 0
     - endpoints: [sr2:eth1, sr3:eth2]
       labels:
         port: 1/1/c1/1, 1/1/c2/1
         vlan: 98
+        isis_iid: 0
     - endpoints: [sr3:eth1, sr4:eth2]
       labels:
         port: 1/1/c1/1, 1/1/c2/1
+        isis_iid: 0
     - endpoints: [sr4:eth1, sr1:eth2]
       labels:
         port: 1/1/c1/1, 1/1/c2/1
+        isis_iid: 0
diff --git a/lab-examples/vr05/vr01.clab.yml b/lab-examples/vr05/vr01.clab.yml
@@ -0,0 +1,28 @@
+name: vr01
+
+topology:
+  nodes:
+    srl:
+      kind: srl
+      image: registry.srlinux.dev/pub/srlinux:21.3.1-410
+      license: /home/kellerza/license/srl21.key
+      labels:
+        systemip: 10.0.50.50/32
+        isis_iid: 0
+        sid_idx: 11
+    sros:
+      kind: vr-sros
+      image: registry.srlinux.dev/pub/vr-sros:21.2.R1
+      type: sr-1
+      license: /home/kellerza/license/license-sros21.txt
+      labels:
+        systemip: 10.0.50.51/32
+        sid_idx: 10
+        isis_iid: 0
+
+  links:
+    - endpoints: ["srl:e1-1", "sros:eth1"]
+      labels:
+        port: ethernet-1/1, 1/1/c1/1
+        vlan: 10
+        isis_iid: 0
diff --git a/templates/config/base-srl.tmpl b/templates/config/base-srl.tmpl
@@ -44,7 +44,7 @@
  /system lldp admin-state enable
 
 
-{{ .range links }}
+{{ range .links }}
 /interface {{ .port }} {
     admin-state enable
     vlan-tagging true