root / docs / source / manager.rst @ bfcf8aea
History | View | Annotate | Download (12.5 kB)
| 1 |
:mod:`~ncclient.manager` -- High-level API |
|---|---|
| 2 |
========================================== |
| 3 |
|
| 4 |
.. module:: ncclient.manager |
| 5 |
:synopsis: High-level API |
| 6 |
|
| 7 |
.. data:: CAPABILITIES |
| 8 |
|
| 9 |
List of URI strings representing the client's capabilities. This is used during the initial |
| 10 |
capability exchange. Modify this if you need to announce some capability not already included. |
| 11 |
|
| 12 |
.. data:: OPERATIONS |
| 13 |
|
| 14 |
Dictionary of method names and corresponding `~ncclient.operations.RPC` classes. `Manager` uses |
| 15 |
this to lookup operations, e.g. "get_config" is mapped to `ncclient.operations.GetConfig`. It |
| 16 |
is thus possible to add additional operations to the `Manager` API. |
| 17 |
|
| 18 |
Factory functions |
| 19 |
----------------- |
| 20 |
|
| 21 |
A `Manager` instance is created using a factory function. |
| 22 |
|
| 23 |
.. function:: connect_ssh(host[, port=830, timeout=None, unknown_host_cb=default_unknown_host_cb, username=None, password, key_filename=None, allow_agent=True, look_for_keys=True]) |
| 24 |
|
| 25 |
Initializes a NETCONF session over SSH, and creates a connected `Manager` instance. *host* must |
| 26 |
be specified, all the other arguments are optional and depend on the kind of host key |
| 27 |
verification and user authentication you want to complete. |
| 28 |
|
| 29 |
For the purpose of host key verification, on -NIX systems a user's :file:`~/.ssh/known_hosts` |
| 30 |
file is automatically considered. The *unknown_host_cb* argument specifies a callback that will |
| 31 |
be invoked when the server's host key cannot be verified. See |
| 32 |
:func:`~ncclient.transport.ssh.default_known_host_cb` for function signature. |
| 33 |
|
| 34 |
First, ``publickey`` authentication is attempted. If a specific *key_filename* is specified, it |
| 35 |
will be loaded and authentication attempted using it. If *allow_agent* is :const:`True` and an |
| 36 |
SSH agent is running, the keys provided by the agent will be tried. If *look_for_keys* is |
| 37 |
:const:`True`, keys in the :file:`~/.ssh/id_rsa` and :file:`~.ssh/id_dsa` will be tried. In case |
| 38 |
an encrypted key file is encountered, the *password* argument will be used as a decryption |
| 39 |
passphrase. |
| 40 |
|
| 41 |
If ``publickey`` authentication fails and the *password* argument has been supplied, |
| 42 |
``password`` / ``keyboard-interactive`` SSH authentication will be attempted. |
| 43 |
|
| 44 |
:param host: hostname or address on which to connect |
| 45 |
:type host: `string` |
| 46 |
|
| 47 |
:param port: port on which to connect |
| 48 |
:type port: `int` |
| 49 |
|
| 50 |
:param timeout: timeout for socket connect |
| 51 |
:type timeout: `int` |
| 52 |
|
| 53 |
:param unknown_host_cb: optional; callback that is invoked when host key verification fails |
| 54 |
:type unknown_host_cb: `function` |
| 55 |
|
| 56 |
:param username: username to authenticate with, if not specified the username of the logged-in |
| 57 |
user is used |
| 58 |
:type username: `string` |
| 59 |
|
| 60 |
:param password: password for ``password`` authentication or passphrase for decrypting |
| 61 |
private key files |
| 62 |
:type password: `string` |
| 63 |
|
| 64 |
:param key_filename: location of a private key file on the file system |
| 65 |
:type key_filename: `string` |
| 66 |
|
| 67 |
:param allow_agent: whether to try connecting to SSH agent for keys |
| 68 |
:type allow_agent: `bool` |
| 69 |
|
| 70 |
:param look_for_keys: whether to look in usual locations for keys |
| 71 |
:type look_for_keys: `bool` |
| 72 |
|
| 73 |
:raises: :exc:`~ncclient.transport.SSHUnknownHostError` |
| 74 |
:raises: :exc:`~ncclient.transport.AuthenticationError` |
| 75 |
|
| 76 |
:rtype: `Manager` |
| 77 |
|
| 78 |
.. function:: connect() |
| 79 |
|
| 80 |
Same as :func:`connect_ssh`, since SSH is the default (and currently, the |
| 81 |
only) transport. |
| 82 |
|
| 83 |
Manager |
| 84 |
------- |
| 85 |
|
| 86 |
Exposes an API for RPC operations as method calls. The return type of these methods depends on |
| 87 |
whether we are is in :attr:`asynchronous or synchronous mode <ncclient.manager.Manager.async_mode>`. |
| 88 |
|
| 89 |
In synchronous mode replies are awaited and the corresponding `~ncclient.operations.RPCReply` object |
| 90 |
is returned. Depending on the :attr:`exception raising mode <ncclient.manager.Manager.raise_mode>`, |
| 91 |
an *rpc-error* in the reply may be raised as :exc:`RPCError` exceptions. |
| 92 |
|
| 93 |
However in asynchronous mode, operations return immediately with an `~ncclient.operations.RPC` |
| 94 |
object. Error handling and checking for whether a reply has been received must be dealt with |
| 95 |
manually. See the `~ncclient.operations.RPC` documentation for details. |
| 96 |
|
| 97 |
Note that in case of the *get* and *get-config* operations, the reply is an instance of |
| 98 |
`~ncclient.operations.GetReply` which exposes the additional attributes |
| 99 |
:attr:`~ncclient.operations.GetReply.data` (as `~xml.etree.ElementTree.Element`) and |
| 100 |
:attr:`~ncclient.operations.GetReply.data_xml` (as `string`), which are of primary interest in case |
| 101 |
of these operations. |
| 102 |
|
| 103 |
Presence of capabilities is verified to the extent possible, and you can expect a |
| 104 |
:exc:`~ncclient.operations.MissingCapabilityError` if something is amiss. In case of transport-layer |
| 105 |
errors, e.g. unexpected session close, :exc:`~ncclient.transport.TransportError` will be raised. |
| 106 |
|
| 107 |
.. class:: Manager |
| 108 |
|
| 109 |
For details on the expected behavior of the operations and their parameters |
| 110 |
refer to :rfc:`4741`. |
| 111 |
|
| 112 |
Manager instances are also context managers so you can use it like this:: |
| 113 |
|
| 114 |
with manager.connect("host") as m:
|
| 115 |
# do your stuff |
| 116 |
|
| 117 |
... or like this:: |
| 118 |
|
| 119 |
m = manager.connect("host")
|
| 120 |
try: |
| 121 |
# do your stuff |
| 122 |
finally: |
| 123 |
m.close() |
| 124 |
|
| 125 |
.. method:: get_config(source[, filter=None]) |
| 126 |
|
| 127 |
Retrieve all or part of a specified configuration. |
| 128 |
|
| 129 |
:param source: name of the configuration datastore being queried |
| 130 |
:type source: `string` |
| 131 |
|
| 132 |
:param filter: portions of the device configuration to retrieve (by default entire configuration is retrieved) |
| 133 |
:type filter: :ref:`filter_params` |
| 134 |
|
| 135 |
.. method:: edit_config(target, config[, default_operation=None, test_option=None, error_option=None]) |
| 136 |
|
| 137 |
Loads all or part of a specified configuration to the specified target configuration. |
| 138 |
|
| 139 |
The ``"rollback-on-error"`` *error_option* depends on the ``:rollback-on-error`` capability. |
| 140 |
|
| 141 |
:param target: name of the configuration datastore being edited |
| 142 |
:type target: `string` |
| 143 |
|
| 144 |
:param config: configuration (must be rooted in *<config> .. </config>*) |
| 145 |
:type config: `string` or `~xml.etree.ElementTree.Element` |
| 146 |
|
| 147 |
:param default_operation: one of { ``"merge"``, ``"replace"``, or ``"none"`` }
|
| 148 |
:type default_operation: `string` |
| 149 |
|
| 150 |
:param test_option: one of { ``"test_then_set"``, ``"set"`` }
|
| 151 |
:type test_option: `string` |
| 152 |
|
| 153 |
:param error_option: one of { ``"stop-on-error"``, ``"continue-on-error"``, ``"rollback-on-error"`` }
|
| 154 |
:type error_option: `string` |
| 155 |
|
| 156 |
.. method:: copy_config(source, target) |
| 157 |
|
| 158 |
Create or replace an entire configuration datastore with the contents of another complete |
| 159 |
configuration datastore. |
| 160 |
|
| 161 |
:param source: configuration datastore to use as the source of the copy operation or *<config>* element containing the configuration subtree to copy |
| 162 |
:type source: :ref:`srctarget_params` |
| 163 |
|
| 164 |
:param target: configuration datastore to use as the destination of the copy operation |
| 165 |
:type target: :ref:`srctarget_params` |
| 166 |
|
| 167 |
.. method:: delete_config(target) |
| 168 |
|
| 169 |
Delete a configuration datastore. |
| 170 |
|
| 171 |
:param target: name or URL of configuration datastore to delete |
| 172 |
:type: :ref:`srctarget_params` |
| 173 |
|
| 174 |
.. method:: lock(target) |
| 175 |
|
| 176 |
Allows the client to lock the configuration system of a device. |
| 177 |
|
| 178 |
:param target: name of the configuration datastore to lock |
| 179 |
:type target: `string` |
| 180 |
|
| 181 |
.. method:: unlock(target) |
| 182 |
|
| 183 |
Release a configuration lock, previously obtained with the |
| 184 |
:meth:`~ncclient.manager.Manager.lock` operation. |
| 185 |
|
| 186 |
:param target: name of the configuration datastore to unlock |
| 187 |
:type target: `string` |
| 188 |
|
| 189 |
.. method:: locked(target) |
| 190 |
|
| 191 |
Returns a context manager for a lock on a datastore, e.g.:: |
| 192 |
|
| 193 |
with m.locked("running"):
|
| 194 |
# do your stuff |
| 195 |
|
| 196 |
... instead of:: |
| 197 |
|
| 198 |
m.lock("running")
|
| 199 |
try: |
| 200 |
# do your stuff |
| 201 |
finally: |
| 202 |
m.unlock("running")
|
| 203 |
|
| 204 |
:param target: name of configuration datastore to lock |
| 205 |
:type target: `string` |
| 206 |
|
| 207 |
:rtype: `~ncclient.operations.LockContext` |
| 208 |
|
| 209 |
.. method:: get([filter=None]) |
| 210 |
|
| 211 |
Retrieve running configuration and device state information. |
| 212 |
|
| 213 |
:param filter: portions of the device configuration to retrieve (by default entire configuration is retrieved) |
| 214 |
:type filter: :ref:`filter_params` |
| 215 |
|
| 216 |
.. method:: close_session() |
| 217 |
|
| 218 |
Request graceful termination of the NETCONF session, and also close the transport. |
| 219 |
|
| 220 |
.. method:: kill_session(session_id) |
| 221 |
|
| 222 |
Force the termination of a NETCONF session (not the current one!). |
| 223 |
|
| 224 |
:param session_id: session identifier of the NETCONF session to be terminated |
| 225 |
:type session_id: `string` |
| 226 |
|
| 227 |
.. method:: commit([confirmed=False, timeout=None]) |
| 228 |
|
| 229 |
Commit the candidate configuration as the device's new current configuration. Depends on the |
| 230 |
*:candidate* capability. |
| 231 |
|
| 232 |
A confirmed commit (i.e. if *confirmed* is :const:`True`) is reverted if there is no |
| 233 |
followup commit within the *timeout* interval. If no timeout is specified the confirm |
| 234 |
timeout defaults to 600 seconds (10 minutes). A confirming commit may have the *confirmed* |
| 235 |
parameter but this is not required. Depends on the *:confirmed-commit* capability. |
| 236 |
|
| 237 |
:param confirmed: whether this is a confirmed commit |
| 238 |
:type confirmed: `bool` |
| 239 |
|
| 240 |
:param timeout: confirm timeout in seconds |
| 241 |
:type timeout: `int` |
| 242 |
|
| 243 |
.. method:: discard_changes() |
| 244 |
|
| 245 |
Revert the candidate configuration to the currently running configuration. Any uncommitted |
| 246 |
changes are discarded. |
| 247 |
|
| 248 |
.. method:: validate(source) |
| 249 |
|
| 250 |
Validate the contents of the specified configuration. |
| 251 |
|
| 252 |
:param source: name of the configuration datastore being validated or *<config>* element containing the configuration subtree to be validated |
| 253 |
:type source: :ref:`srctarget_params` |
| 254 |
|
| 255 |
.. attribute:: async_mode |
| 256 |
|
| 257 |
Specify whether operations are executed asynchronously (:const:`True`) |
| 258 |
or synchronously (:const:`False`) (the default). |
| 259 |
|
| 260 |
.. attribute:: raise_mode |
| 261 |
|
| 262 |
Specify which errors are raised as :exc:`~ncclient.operations.RPCError` exceptions. |
| 263 |
Valid values: |
| 264 |
|
| 265 |
* ``"all"`` -- any kind of *rpc-error* (error or warning) |
| 266 |
* ``"errors"`` -- where the *error-type* attribute says it is an error |
| 267 |
* ``"none"`` -- neither |
| 268 |
|
| 269 |
.. attribute:: client_capabilities |
| 270 |
|
| 271 |
`~ncclient.capabilities.Capabilities` object representing the client's capabilities. |
| 272 |
|
| 273 |
.. attribute:: server_capabilities |
| 274 |
|
| 275 |
`~ncclient.capabilities.Capabilities` object representing the server's capabilities. |
| 276 |
|
| 277 |
.. attribute:: session_id |
| 278 |
|
| 279 |
*session-id* assigned by the NETCONF server. |
| 280 |
|
| 281 |
.. attribute:: connected |
| 282 |
|
| 283 |
Bolean value indicating whether currently connected to the NETCONF server. |
| 284 |
|
| 285 |
|
| 286 |
Special kinds of parameters |
| 287 |
--------------------------- |
| 288 |
|
| 289 |
Some parameters can take on different types to keep the interface simple. |
| 290 |
|
| 291 |
.. _srctarget_params: |
| 292 |
|
| 293 |
Source and target parameters |
| 294 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 295 |
|
| 296 |
Where an method takes a *source* or *target* argument, usually a datastore name or URL is expected. |
| 297 |
The latter depends on the ``:url`` capability and on whether the specific URL scheme is supported. |
| 298 |
Either must be specified as a `string`. For example, ``"running"``, |
| 299 |
``"ftp://user:pass@host/config"``. |
| 300 |
|
| 301 |
If the source may be a *<config>* element, e.g. as allowed for the *validate* RPC, it can also be |
| 302 |
specified as an XML string or an `~xml.etree.ElementTree.Element` object. |
| 303 |
|
| 304 |
.. _filter_params: |
| 305 |
|
| 306 |
Filter parameters |
| 307 |
^^^^^^^^^^^^^^^^^ |
| 308 |
|
| 309 |
Where a method takes a *filter* argument, it can take on the following types: |
| 310 |
|
| 311 |
* A ``tuple`` of *(type, criteria)*. |
| 312 |
|
| 313 |
Here *type* has to be one of ``"xpath"`` or ``"subtree"``. |
| 314 |
|
| 315 |
* For ``"xpath"`` the *criteria* should be a `string` containing the XPath expression. |
| 316 |
* For ``"subtree"`` the *criteria* should be an XML string or an |
| 317 |
`~xml.etree.ElementTree.Element` object containing the criteria. |
| 318 |
|
| 319 |
* A *<filter>* element as an XML string or an `~xml.etree.ElementTree.Element` object. |