root / docs / source / manager.rst @ bfcf8aea
History | View | Annotate | Download (12.5 kB)
1 |
:mod:`~ncclient.manager` -- High-level API |
---|---|
2 |
========================================== |
3 |
|
4 |
.. module:: ncclient.manager |
5 |
:synopsis: High-level API |
6 |
|
7 |
.. data:: CAPABILITIES |
8 |
|
9 |
List of URI strings representing the client's capabilities. This is used during the initial |
10 |
capability exchange. Modify this if you need to announce some capability not already included. |
11 |
|
12 |
.. data:: OPERATIONS |
13 |
|
14 |
Dictionary of method names and corresponding `~ncclient.operations.RPC` classes. `Manager` uses |
15 |
this to lookup operations, e.g. "get_config" is mapped to `ncclient.operations.GetConfig`. It |
16 |
is thus possible to add additional operations to the `Manager` API. |
17 |
|
18 |
Factory functions |
19 |
----------------- |
20 |
|
21 |
A `Manager` instance is created using a factory function. |
22 |
|
23 |
.. function:: connect_ssh(host[, port=830, timeout=None, unknown_host_cb=default_unknown_host_cb, username=None, password, key_filename=None, allow_agent=True, look_for_keys=True]) |
24 |
|
25 |
Initializes a NETCONF session over SSH, and creates a connected `Manager` instance. *host* must |
26 |
be specified, all the other arguments are optional and depend on the kind of host key |
27 |
verification and user authentication you want to complete. |
28 |
|
29 |
For the purpose of host key verification, on -NIX systems a user's :file:`~/.ssh/known_hosts` |
30 |
file is automatically considered. The *unknown_host_cb* argument specifies a callback that will |
31 |
be invoked when the server's host key cannot be verified. See |
32 |
:func:`~ncclient.transport.ssh.default_known_host_cb` for function signature. |
33 |
|
34 |
First, ``publickey`` authentication is attempted. If a specific *key_filename* is specified, it |
35 |
will be loaded and authentication attempted using it. If *allow_agent* is :const:`True` and an |
36 |
SSH agent is running, the keys provided by the agent will be tried. If *look_for_keys* is |
37 |
:const:`True`, keys in the :file:`~/.ssh/id_rsa` and :file:`~.ssh/id_dsa` will be tried. In case |
38 |
an encrypted key file is encountered, the *password* argument will be used as a decryption |
39 |
passphrase. |
40 |
|
41 |
If ``publickey`` authentication fails and the *password* argument has been supplied, |
42 |
``password`` / ``keyboard-interactive`` SSH authentication will be attempted. |
43 |
|
44 |
:param host: hostname or address on which to connect |
45 |
:type host: `string` |
46 |
|
47 |
:param port: port on which to connect |
48 |
:type port: `int` |
49 |
|
50 |
:param timeout: timeout for socket connect |
51 |
:type timeout: `int` |
52 |
|
53 |
:param unknown_host_cb: optional; callback that is invoked when host key verification fails |
54 |
:type unknown_host_cb: `function` |
55 |
|
56 |
:param username: username to authenticate with, if not specified the username of the logged-in |
57 |
user is used |
58 |
:type username: `string` |
59 |
|
60 |
:param password: password for ``password`` authentication or passphrase for decrypting |
61 |
private key files |
62 |
:type password: `string` |
63 |
|
64 |
:param key_filename: location of a private key file on the file system |
65 |
:type key_filename: `string` |
66 |
|
67 |
:param allow_agent: whether to try connecting to SSH agent for keys |
68 |
:type allow_agent: `bool` |
69 |
|
70 |
:param look_for_keys: whether to look in usual locations for keys |
71 |
:type look_for_keys: `bool` |
72 |
|
73 |
:raises: :exc:`~ncclient.transport.SSHUnknownHostError` |
74 |
:raises: :exc:`~ncclient.transport.AuthenticationError` |
75 |
|
76 |
:rtype: `Manager` |
77 |
|
78 |
.. function:: connect() |
79 |
|
80 |
Same as :func:`connect_ssh`, since SSH is the default (and currently, the |
81 |
only) transport. |
82 |
|
83 |
Manager |
84 |
------- |
85 |
|
86 |
Exposes an API for RPC operations as method calls. The return type of these methods depends on |
87 |
whether we are is in :attr:`asynchronous or synchronous mode <ncclient.manager.Manager.async_mode>`. |
88 |
|
89 |
In synchronous mode replies are awaited and the corresponding `~ncclient.operations.RPCReply` object |
90 |
is returned. Depending on the :attr:`exception raising mode <ncclient.manager.Manager.raise_mode>`, |
91 |
an *rpc-error* in the reply may be raised as :exc:`RPCError` exceptions. |
92 |
|
93 |
However in asynchronous mode, operations return immediately with an `~ncclient.operations.RPC` |
94 |
object. Error handling and checking for whether a reply has been received must be dealt with |
95 |
manually. See the `~ncclient.operations.RPC` documentation for details. |
96 |
|
97 |
Note that in case of the *get* and *get-config* operations, the reply is an instance of |
98 |
`~ncclient.operations.GetReply` which exposes the additional attributes |
99 |
:attr:`~ncclient.operations.GetReply.data` (as `~xml.etree.ElementTree.Element`) and |
100 |
:attr:`~ncclient.operations.GetReply.data_xml` (as `string`), which are of primary interest in case |
101 |
of these operations. |
102 |
|
103 |
Presence of capabilities is verified to the extent possible, and you can expect a |
104 |
:exc:`~ncclient.operations.MissingCapabilityError` if something is amiss. In case of transport-layer |
105 |
errors, e.g. unexpected session close, :exc:`~ncclient.transport.TransportError` will be raised. |
106 |
|
107 |
.. class:: Manager |
108 |
|
109 |
For details on the expected behavior of the operations and their parameters |
110 |
refer to :rfc:`4741`. |
111 |
|
112 |
Manager instances are also context managers so you can use it like this:: |
113 |
|
114 |
with manager.connect("host") as m: |
115 |
# do your stuff |
116 |
|
117 |
... or like this:: |
118 |
|
119 |
m = manager.connect("host") |
120 |
try: |
121 |
# do your stuff |
122 |
finally: |
123 |
m.close() |
124 |
|
125 |
.. method:: get_config(source[, filter=None]) |
126 |
|
127 |
Retrieve all or part of a specified configuration. |
128 |
|
129 |
:param source: name of the configuration datastore being queried |
130 |
:type source: `string` |
131 |
|
132 |
:param filter: portions of the device configuration to retrieve (by default entire configuration is retrieved) |
133 |
:type filter: :ref:`filter_params` |
134 |
|
135 |
.. method:: edit_config(target, config[, default_operation=None, test_option=None, error_option=None]) |
136 |
|
137 |
Loads all or part of a specified configuration to the specified target configuration. |
138 |
|
139 |
The ``"rollback-on-error"`` *error_option* depends on the ``:rollback-on-error`` capability. |
140 |
|
141 |
:param target: name of the configuration datastore being edited |
142 |
:type target: `string` |
143 |
|
144 |
:param config: configuration (must be rooted in *<config> .. </config>*) |
145 |
:type config: `string` or `~xml.etree.ElementTree.Element` |
146 |
|
147 |
:param default_operation: one of { ``"merge"``, ``"replace"``, or ``"none"`` } |
148 |
:type default_operation: `string` |
149 |
|
150 |
:param test_option: one of { ``"test_then_set"``, ``"set"`` } |
151 |
:type test_option: `string` |
152 |
|
153 |
:param error_option: one of { ``"stop-on-error"``, ``"continue-on-error"``, ``"rollback-on-error"`` } |
154 |
:type error_option: `string` |
155 |
|
156 |
.. method:: copy_config(source, target) |
157 |
|
158 |
Create or replace an entire configuration datastore with the contents of another complete |
159 |
configuration datastore. |
160 |
|
161 |
:param source: configuration datastore to use as the source of the copy operation or *<config>* element containing the configuration subtree to copy |
162 |
:type source: :ref:`srctarget_params` |
163 |
|
164 |
:param target: configuration datastore to use as the destination of the copy operation |
165 |
:type target: :ref:`srctarget_params` |
166 |
|
167 |
.. method:: delete_config(target) |
168 |
|
169 |
Delete a configuration datastore. |
170 |
|
171 |
:param target: name or URL of configuration datastore to delete |
172 |
:type: :ref:`srctarget_params` |
173 |
|
174 |
.. method:: lock(target) |
175 |
|
176 |
Allows the client to lock the configuration system of a device. |
177 |
|
178 |
:param target: name of the configuration datastore to lock |
179 |
:type target: `string` |
180 |
|
181 |
.. method:: unlock(target) |
182 |
|
183 |
Release a configuration lock, previously obtained with the |
184 |
:meth:`~ncclient.manager.Manager.lock` operation. |
185 |
|
186 |
:param target: name of the configuration datastore to unlock |
187 |
:type target: `string` |
188 |
|
189 |
.. method:: locked(target) |
190 |
|
191 |
Returns a context manager for a lock on a datastore, e.g.:: |
192 |
|
193 |
with m.locked("running"): |
194 |
# do your stuff |
195 |
|
196 |
... instead of:: |
197 |
|
198 |
m.lock("running") |
199 |
try: |
200 |
# do your stuff |
201 |
finally: |
202 |
m.unlock("running") |
203 |
|
204 |
:param target: name of configuration datastore to lock |
205 |
:type target: `string` |
206 |
|
207 |
:rtype: `~ncclient.operations.LockContext` |
208 |
|
209 |
.. method:: get([filter=None]) |
210 |
|
211 |
Retrieve running configuration and device state information. |
212 |
|
213 |
:param filter: portions of the device configuration to retrieve (by default entire configuration is retrieved) |
214 |
:type filter: :ref:`filter_params` |
215 |
|
216 |
.. method:: close_session() |
217 |
|
218 |
Request graceful termination of the NETCONF session, and also close the transport. |
219 |
|
220 |
.. method:: kill_session(session_id) |
221 |
|
222 |
Force the termination of a NETCONF session (not the current one!). |
223 |
|
224 |
:param session_id: session identifier of the NETCONF session to be terminated |
225 |
:type session_id: `string` |
226 |
|
227 |
.. method:: commit([confirmed=False, timeout=None]) |
228 |
|
229 |
Commit the candidate configuration as the device's new current configuration. Depends on the |
230 |
*:candidate* capability. |
231 |
|
232 |
A confirmed commit (i.e. if *confirmed* is :const:`True`) is reverted if there is no |
233 |
followup commit within the *timeout* interval. If no timeout is specified the confirm |
234 |
timeout defaults to 600 seconds (10 minutes). A confirming commit may have the *confirmed* |
235 |
parameter but this is not required. Depends on the *:confirmed-commit* capability. |
236 |
|
237 |
:param confirmed: whether this is a confirmed commit |
238 |
:type confirmed: `bool` |
239 |
|
240 |
:param timeout: confirm timeout in seconds |
241 |
:type timeout: `int` |
242 |
|
243 |
.. method:: discard_changes() |
244 |
|
245 |
Revert the candidate configuration to the currently running configuration. Any uncommitted |
246 |
changes are discarded. |
247 |
|
248 |
.. method:: validate(source) |
249 |
|
250 |
Validate the contents of the specified configuration. |
251 |
|
252 |
:param source: name of the configuration datastore being validated or *<config>* element containing the configuration subtree to be validated |
253 |
:type source: :ref:`srctarget_params` |
254 |
|
255 |
.. attribute:: async_mode |
256 |
|
257 |
Specify whether operations are executed asynchronously (:const:`True`) |
258 |
or synchronously (:const:`False`) (the default). |
259 |
|
260 |
.. attribute:: raise_mode |
261 |
|
262 |
Specify which errors are raised as :exc:`~ncclient.operations.RPCError` exceptions. |
263 |
Valid values: |
264 |
|
265 |
* ``"all"`` -- any kind of *rpc-error* (error or warning) |
266 |
* ``"errors"`` -- where the *error-type* attribute says it is an error |
267 |
* ``"none"`` -- neither |
268 |
|
269 |
.. attribute:: client_capabilities |
270 |
|
271 |
`~ncclient.capabilities.Capabilities` object representing the client's capabilities. |
272 |
|
273 |
.. attribute:: server_capabilities |
274 |
|
275 |
`~ncclient.capabilities.Capabilities` object representing the server's capabilities. |
276 |
|
277 |
.. attribute:: session_id |
278 |
|
279 |
*session-id* assigned by the NETCONF server. |
280 |
|
281 |
.. attribute:: connected |
282 |
|
283 |
Bolean value indicating whether currently connected to the NETCONF server. |
284 |
|
285 |
|
286 |
Special kinds of parameters |
287 |
--------------------------- |
288 |
|
289 |
Some parameters can take on different types to keep the interface simple. |
290 |
|
291 |
.. _srctarget_params: |
292 |
|
293 |
Source and target parameters |
294 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
295 |
|
296 |
Where an method takes a *source* or *target* argument, usually a datastore name or URL is expected. |
297 |
The latter depends on the ``:url`` capability and on whether the specific URL scheme is supported. |
298 |
Either must be specified as a `string`. For example, ``"running"``, |
299 |
``"ftp://user:pass@host/config"``. |
300 |
|
301 |
If the source may be a *<config>* element, e.g. as allowed for the *validate* RPC, it can also be |
302 |
specified as an XML string or an `~xml.etree.ElementTree.Element` object. |
303 |
|
304 |
.. _filter_params: |
305 |
|
306 |
Filter parameters |
307 |
^^^^^^^^^^^^^^^^^ |
308 |
|
309 |
Where a method takes a *filter* argument, it can take on the following types: |
310 |
|
311 |
* A ``tuple`` of *(type, criteria)*. |
312 |
|
313 |
Here *type* has to be one of ``"xpath"`` or ``"subtree"``. |
314 |
|
315 |
* For ``"xpath"`` the *criteria* should be a `string` containing the XPath expression. |
316 |
* For ``"subtree"`` the *criteria* should be an XML string or an |
317 |
`~xml.etree.ElementTree.Element` object containing the criteria. |
318 |
|
319 |
* A *<filter>* element as an XML string or an `~xml.etree.ElementTree.Element` object. |