Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Add sample apps to configure MACsec key chains
Includes three custom apps to configure different ciphers, durations and number of keys: nc-create-xr-lib-keychain-macsec-cfg-20-ydk.py - One AES-128-GCM key nc-create-xr-lib-keychain-macsec-cfg-22-ydk.py - One AES-256-GCM key nc-create-xr-lib-keychain-macsec-cfg-24-ydk.py - Two rolling keys
- Loading branch information
Showing
9 changed files
with
449 additions
and
0 deletions.
There are no files selected for viewing
98 changes: 98 additions & 0 deletions
98
...os-xr/Cisco-IOS-XR-lib-keychain-macsec-cfg/nc-create-xr-lib-keychain-macsec-cfg-20-ydk.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
#!/usr/bin/env python | ||
# | ||
# Copyright 2016 Cisco Systems, Inc. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
# | ||
|
||
""" | ||
Create configuration for model Cisco-IOS-XR-lib-keychain-macsec-cfg. | ||
usage: nc-create-xr-lib-keychain-macsec-cfg-20-ydk.py [-h] [-v] device | ||
positional arguments: | ||
device NETCONF device (ssh://user:password@host:port) | ||
optional arguments: | ||
-h, --help show this help message and exit | ||
-v, --verbose print debugging messages | ||
""" | ||
|
||
from argparse import ArgumentParser | ||
from urlparse import urlparse | ||
|
||
from ydk.services import CRUDService | ||
from ydk.providers import NetconfServiceProvider | ||
from ydk.models.cisco_ios_xr import Cisco_IOS_XR_lib_keychain_macsec_cfg \ | ||
as xr_lib_keychain_macsec_cfg | ||
import logging | ||
|
||
|
||
def config_mac_sec_keychains(mac_sec_keychains): | ||
"""Add config data to mac_sec_keychains object.""" | ||
mac_sec_keychain = mac_sec_keychains.MacSecKeychain() | ||
mac_sec_keychain.chain_name = "CHAIN1" | ||
key = mac_sec_keychain.keies.Key() | ||
key.key_id = "10" | ||
key.key_string = key.KeyString() | ||
key.key_string.string = "101E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F" | ||
key.key_string.cryptographic_algorithm = xr_lib_keychain_macsec_cfg.MacSecCryptoAlgEnum.aes_128_cmac | ||
key.lifetime.start_hour = 0 | ||
key.lifetime.start_minutes = 0 | ||
key.lifetime.start_seconds = 0 | ||
key.lifetime.start_date = 1 | ||
key.lifetime.start_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan | ||
key.lifetime.start_year = 2017 | ||
key.lifetime.infinite_flag = True | ||
mac_sec_keychain.keies.key.append(key) | ||
mac_sec_keychains.mac_sec_keychain.append(mac_sec_keychain) | ||
|
||
|
||
if __name__ == "__main__": | ||
"""Execute main program.""" | ||
parser = ArgumentParser() | ||
parser.add_argument("-v", "--verbose", help="print debugging messages", | ||
action="store_true") | ||
parser.add_argument("device", | ||
help="NETCONF device (ssh://user:password@host:port)") | ||
args = parser.parse_args() | ||
device = urlparse(args.device) | ||
|
||
# log debug messages if verbose argument specified | ||
if args.verbose: | ||
logger = logging.getLogger("ydk") | ||
logger.setLevel(logging.DEBUG) | ||
handler = logging.StreamHandler() | ||
formatter = logging.Formatter(("%(asctime)s - %(name)s - " | ||
"%(levelname)s - %(message)s")) | ||
handler.setFormatter(formatter) | ||
logger.addHandler(handler) | ||
|
||
# create NETCONF provider | ||
provider = NetconfServiceProvider(address=device.hostname, | ||
port=device.port, | ||
username=device.username, | ||
password=device.password, | ||
protocol=device.scheme) | ||
# create CRUD service | ||
crud = CRUDService() | ||
|
||
mac_sec_keychains = xr_lib_keychain_macsec_cfg.MacSecKeychains() # create object | ||
config_mac_sec_keychains(mac_sec_keychains) # add object configuration | ||
|
||
# create configuration on NETCONF device | ||
crud.create(provider, mac_sec_keychains) | ||
|
||
provider.close() | ||
exit() | ||
# End of script |
9 changes: 9 additions & 0 deletions
9
...s-xr/Cisco-IOS-XR-lib-keychain-macsec-cfg/nc-create-xr-lib-keychain-macsec-cfg-20-ydk.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
!! IOS XR Configuration version = 6.2.1 | ||
key chain CHAIN1 | ||
macsec | ||
key 10 | ||
key-string password 101E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F cryptographic-algorithm aes-128-cmac | ||
lifetime 00:00:00 january 01 2017 infinite | ||
! | ||
! | ||
! |
23 changes: 23 additions & 0 deletions
23
...s-xr/Cisco-IOS-XR-lib-keychain-macsec-cfg/nc-create-xr-lib-keychain-macsec-cfg-20-ydk.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
<mac-sec-keychains xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-lib-keychain-macsec-cfg"> | ||
<mac-sec-keychain> | ||
<chain-name>CHAIN1</chain-name> | ||
<keies> | ||
<key> | ||
<key-id>10</key-id> | ||
<key-string> | ||
<string>101E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F</string> | ||
<cryptographic-algorithm>aes-128-cmac</cryptographic-algorithm> | ||
</key-string> | ||
<lifetime> | ||
<start-hour>0</start-hour> | ||
<start-minutes>0</start-minutes> | ||
<start-seconds>0</start-seconds> | ||
<start-date>1</start-date> | ||
<start-month>jan</start-month> | ||
<start-year>2017</start-year> | ||
<infinite-flag>true</infinite-flag> | ||
</lifetime> | ||
</key> | ||
</keies> | ||
</mac-sec-keychain> | ||
</mac-sec-keychains> |
98 changes: 98 additions & 0 deletions
98
...os-xr/Cisco-IOS-XR-lib-keychain-macsec-cfg/nc-create-xr-lib-keychain-macsec-cfg-22-ydk.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
#!/usr/bin/env python | ||
# | ||
# Copyright 2016 Cisco Systems, Inc. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
# | ||
|
||
""" | ||
Create configuration for model Cisco-IOS-XR-lib-keychain-macsec-cfg. | ||
usage: nc-create-xr-lib-keychain-macsec-cfg-22-ydk.py [-h] [-v] device | ||
positional arguments: | ||
device NETCONF device (ssh://user:password@host:port) | ||
optional arguments: | ||
-h, --help show this help message and exit | ||
-v, --verbose print debugging messages | ||
""" | ||
|
||
from argparse import ArgumentParser | ||
from urlparse import urlparse | ||
|
||
from ydk.services import CRUDService | ||
from ydk.providers import NetconfServiceProvider | ||
from ydk.models.cisco_ios_xr import Cisco_IOS_XR_lib_keychain_macsec_cfg \ | ||
as xr_lib_keychain_macsec_cfg | ||
import logging | ||
|
||
|
||
def config_mac_sec_keychains(mac_sec_keychains): | ||
"""Add config data to mac_sec_keychains object.""" | ||
mac_sec_keychain = mac_sec_keychains.MacSecKeychain() | ||
mac_sec_keychain.chain_name = "CHAIN2" | ||
key = mac_sec_keychain.keies.Key() | ||
key.key_id = "20" | ||
key.key_string = key.KeyString() | ||
key.key_string.string = "0256550958525A771B1E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F07020006005E0D51570905574753520C5B575D72181B5F4E" | ||
key.key_string.cryptographic_algorithm = xr_lib_keychain_macsec_cfg.MacSecCryptoAlgEnum.aes_256_cmac | ||
key.lifetime.start_hour = 0 | ||
key.lifetime.start_minutes = 0 | ||
key.lifetime.start_seconds = 0 | ||
key.lifetime.start_date = 1 | ||
key.lifetime.start_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan | ||
key.lifetime.start_year = 2017 | ||
key.lifetime.infinite_flag = True | ||
mac_sec_keychain.keies.key.append(key) | ||
mac_sec_keychains.mac_sec_keychain.append(mac_sec_keychain) | ||
|
||
|
||
if __name__ == "__main__": | ||
"""Execute main program.""" | ||
parser = ArgumentParser() | ||
parser.add_argument("-v", "--verbose", help="print debugging messages", | ||
action="store_true") | ||
parser.add_argument("device", | ||
help="NETCONF device (ssh://user:password@host:port)") | ||
args = parser.parse_args() | ||
device = urlparse(args.device) | ||
|
||
# log debug messages if verbose argument specified | ||
if args.verbose: | ||
logger = logging.getLogger("ydk") | ||
logger.setLevel(logging.DEBUG) | ||
handler = logging.StreamHandler() | ||
formatter = logging.Formatter(("%(asctime)s - %(name)s - " | ||
"%(levelname)s - %(message)s")) | ||
handler.setFormatter(formatter) | ||
logger.addHandler(handler) | ||
|
||
# create NETCONF provider | ||
provider = NetconfServiceProvider(address=device.hostname, | ||
port=device.port, | ||
username=device.username, | ||
password=device.password, | ||
protocol=device.scheme) | ||
# create CRUD service | ||
crud = CRUDService() | ||
|
||
mac_sec_keychains = xr_lib_keychain_macsec_cfg.MacSecKeychains() # create object | ||
config_mac_sec_keychains(mac_sec_keychains) # add object configuration | ||
|
||
# create configuration on NETCONF device | ||
crud.create(provider, mac_sec_keychains) | ||
|
||
provider.close() | ||
exit() | ||
# End of script |
9 changes: 9 additions & 0 deletions
9
...s-xr/Cisco-IOS-XR-lib-keychain-macsec-cfg/nc-create-xr-lib-keychain-macsec-cfg-22-ydk.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
!! IOS XR Configuration version = 6.2.1 | ||
key chain CHAIN2 | ||
macsec | ||
key 20 | ||
key-string password 0256550958525A771B1E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F07020006005E0D51570905574753520C5B575D72181B5F4E cryptographic-algorithm aes-256-cmac | ||
lifetime 00:00:00 january 01 2017 infinite | ||
! | ||
! | ||
! |
23 changes: 23 additions & 0 deletions
23
...s-xr/Cisco-IOS-XR-lib-keychain-macsec-cfg/nc-create-xr-lib-keychain-macsec-cfg-22-ydk.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
<mac-sec-keychains xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-lib-keychain-macsec-cfg"> | ||
<mac-sec-keychain> | ||
<chain-name>CHAIN2</chain-name> | ||
<keies> | ||
<key> | ||
<key-id>20</key-id> | ||
<key-string> | ||
<string>0256550958525A771B1E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F07020006005E0D51570905574753520C5B575D72181B5F4E</string> | ||
<cryptographic-algorithm>aes-256-cmac</cryptographic-algorithm> | ||
</key-string> | ||
<lifetime> | ||
<start-hour>0</start-hour> | ||
<start-minutes>0</start-minutes> | ||
<start-seconds>0</start-seconds> | ||
<start-date>1</start-date> | ||
<start-month>jan</start-month> | ||
<start-year>2017</start-year> | ||
<infinite-flag>true</infinite-flag> | ||
</lifetime> | ||
</key> | ||
</keies> | ||
</mac-sec-keychain> | ||
</mac-sec-keychains> |
125 changes: 125 additions & 0 deletions
125
...os-xr/Cisco-IOS-XR-lib-keychain-macsec-cfg/nc-create-xr-lib-keychain-macsec-cfg-24-ydk.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
#!/usr/bin/env python | ||
# | ||
# Copyright 2016 Cisco Systems, Inc. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
# | ||
|
||
""" | ||
Create configuration for model Cisco-IOS-XR-lib-keychain-macsec-cfg. | ||
usage: nc-create-xr-lib-keychain-macsec-cfg-24-ydk.py [-h] [-v] device | ||
positional arguments: | ||
device NETCONF device (ssh://user:password@host:port) | ||
optional arguments: | ||
-h, --help show this help message and exit | ||
-v, --verbose print debugging messages | ||
""" | ||
|
||
from argparse import ArgumentParser | ||
from urlparse import urlparse | ||
|
||
from ydk.services import CRUDService | ||
from ydk.providers import NetconfServiceProvider | ||
from ydk.models.cisco_ios_xr import Cisco_IOS_XR_lib_keychain_macsec_cfg \ | ||
as xr_lib_keychain_macsec_cfg | ||
import logging | ||
|
||
|
||
def config_mac_sec_keychains(mac_sec_keychains): | ||
"""Add config data to mac_sec_keychains object.""" | ||
mac_sec_keychain = mac_sec_keychains.MacSecKeychain() | ||
mac_sec_keychain.chain_name = "CHAIN3" | ||
key = mac_sec_keychain.keies.Key() | ||
key.key_id = "10" | ||
key.key_string = key.KeyString() | ||
key.key_string.string = "01435756085F5359761C1F5B4A5142445C5C557878707D6562724255455754000E0802065D574D400E0806010101015D0C56560A04504650530B5A545C7519185E" | ||
key.key_string.cryptographic_algorithm = xr_lib_keychain_macsec_cfg.MacSecCryptoAlgEnum.aes_256_cmac | ||
key.lifetime.start_hour = 0 | ||
key.lifetime.start_minutes = 0 | ||
key.lifetime.start_seconds = 0 | ||
key.lifetime.start_date = 1 | ||
key.lifetime.start_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan | ||
key.lifetime.start_year = 2017 | ||
key.lifetime.end_hour = 23 | ||
key.lifetime.end_minutes = 59 | ||
key.lifetime.end_seconds = 59 | ||
key.lifetime.end_date = 7 | ||
key.lifetime.end_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan | ||
key.lifetime.end_year = 2017 | ||
key.lifetime.infinite_flag = False | ||
mac_sec_keychain.keies.key.append(key) | ||
|
||
# Second key | ||
key = mac_sec_keychain.keies.Key() | ||
key.key_id = "20" | ||
key.key_string = key.KeyString() | ||
key.key_string.string = "04035C505A751F1C58415241475F5F567B73737E66617141564E5457030D0B010556544E430D0B05020A02025E0F5555090F5345535008595757761A1B5D4A5746" | ||
key.key_string.cryptographic_algorithm = xr_lib_keychain_macsec_cfg.MacSecCryptoAlgEnum.aes_256_cmac | ||
key.lifetime.start_hour = 23 | ||
key.lifetime.start_minutes = 0 | ||
key.lifetime.start_seconds = 0 | ||
key.lifetime.start_date = 7 | ||
key.lifetime.start_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan | ||
key.lifetime.start_year = 2017 | ||
key.lifetime.end_hour = 23 | ||
key.lifetime.end_minutes = 59 | ||
key.lifetime.end_seconds = 59 | ||
key.lifetime.end_date = 13 | ||
key.lifetime.end_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan | ||
key.lifetime.end_year = 2017 | ||
key.lifetime.infinite_flag = False | ||
mac_sec_keychain.keies.key.append(key) | ||
mac_sec_keychains.mac_sec_keychain.append(mac_sec_keychain) | ||
|
||
|
||
if __name__ == "__main__": | ||
"""Execute main program.""" | ||
parser = ArgumentParser() | ||
parser.add_argument("-v", "--verbose", help="print debugging messages", | ||
action="store_true") | ||
parser.add_argument("device", | ||
help="NETCONF device (ssh://user:password@host:port)") | ||
args = parser.parse_args() | ||
device = urlparse(args.device) | ||
|
||
# log debug messages if verbose argument specified | ||
if args.verbose: | ||
logger = logging.getLogger("ydk") | ||
logger.setLevel(logging.DEBUG) | ||
handler = logging.StreamHandler() | ||
formatter = logging.Formatter(("%(asctime)s - %(name)s - " | ||
"%(levelname)s - %(message)s")) | ||
handler.setFormatter(formatter) | ||
logger.addHandler(handler) | ||
|
||
# create NETCONF provider | ||
provider = NetconfServiceProvider(address=device.hostname, | ||
port=device.port, | ||
username=device.username, | ||
password=device.password, | ||
protocol=device.scheme) | ||
# create CRUD service | ||
crud = CRUDService() | ||
|
||
mac_sec_keychains = xr_lib_keychain_macsec_cfg.MacSecKeychains() # create object | ||
config_mac_sec_keychains(mac_sec_keychains) # add object configuration | ||
|
||
# create configuration on NETCONF device | ||
crud.create(provider, mac_sec_keychains) | ||
|
||
provider.close() | ||
exit() | ||
# End of script |
Oops, something went wrong.