Beginning in the 2023.2 release, Automation Gateway will work with OpenConfig (previously referred to as gRPC) for connecting devices. OpenConfig is a cross-platform, open source framework for implementing RPC (Remote Procedure Call) APIs in any environment. As a framework, OpenConfig offers pluggable support for load balancing, tracing, health checking and authentication with a lower processing complexity.
For related reading see → gRPC documentation.
Install OpenConfig
To get started, install pip in the virtual environment. Restart Automation Gateway.
pip install grpcio==1.53.0
pip install pygnmi
Verify OpenConfig is Enabled
Go to Configuration in Automation Gateway using the left side navigation and click the OpenConfig (e.g. gRPC) to verify the setting has been enabled. Select the checkbox and click the Save  icon.
Figure 1: Enable gRPC
Configure OpenConfig
Use the side-navigation menus in Automation Gateway to open the subheading options. In this example, gPRC contains nested subheadings (menus) for:
- Inventory
- gNMI
- gNOI
Inventory
The Inventory list contains devices created to run and use OpenConfig. The device will appear in the left side navigation bar. Clicking on the device will display parameters (i.e., host, port, username, etc) and values specific to the device. Click the pencil icon to edit the parameters.
Figure 2: Inventory
gNMI
Use gNMI to configure get and set for OpenConfig.
The gnmi_get mechanism is used to pull-in or acquire data.
Figure 3: gNMI_get
The gnmi_set mechanism is used to execute a command.
Figure 4: gNMI_set
gNOI
Use gNOI for operational commands on a device such as ping, trace route, and reboot.
Figure 5: gNOI
Creating Devices in OpenConfig
To create an OpenConfig device, click the + sign in the top toolbar above the left side navigation. A Create dialog opens. Use the dropdown to make your selection (e.g., GRPC Device). Input a device name and configure the variables needed to create the device. Once all the device variables are set, click the Create button.
Figure 6: Configure Device
OpenConfig Device Variables
Variable datatypes can be found in the OpenAPI v3 specification found in the help section UI of Automation Gateway.
| Variable | Description | Required |
|---|---|---|
| host | The hostname or IP address of the OpenConfig device. | Yes |
| port | The OpenConfig TCP port to use. | Yes |
| username | OpenConfig username | Yes |
| password | OpenConfig password | Yes |
| insecure | Used to support (or not support) a non-TLS connection to the device. | Yes |
| debug | Debug OpenConfig operations (advanced). | Yes |
| path_cert | Path to the TLS root certificate store. | No |
| path_key | Path to the OpenConfig client certificate key. | No |
| path_root | Path to the TLS root certificate store. | No |
| openconfig_override | OpenConfig override parameters (advanced). | No |
| skip_verify | Skip verification of the TLS server certificate that is presented. | No |
| openconfig_timeout | Timeout for OpenConfig connection and channel operations. | No |
| openconfig_options | Additional OpenConfig channel options (advanced). | No |
| show_diff​ | Show device gNMI differences (advanced, untested). | No |
| token | OpenConfig access token (advanced). | No |
Sending a JSON POST to Create Devices
A JSON POST can be sent to /api/v2.0/inventories/grpc/default/devicesto create a device.
Example post request:
{
"name": "iosxr-cloud",
"variables": {
"host": "sandbox-iosxr-1.cisco.com",
"password": "C1sco12345",
"username": "admin",
"insecure": true,
"port": 57777
}
}
Using TLS with OpenConfig Devices
Before connecting securely to OpenConfig devices, an appropriately configured system PKI infrastructure is required (trusted root certificates and client certificates). Please consult your system administrator to ensure these requirements are in place before proceeding with a secure OpenConfig device setup. To use secure TLS certificates when using OpenConfig, configure the device and set insecure to false.
A simple device example (JSON POST) that will skip server verification is shown below.
Example: TLS Secured OpenConfig Device without Server Certificate Validation
{
"name": "iosxr-cloud",
"variables": {
"host": "sandbox-iosxr-1.cisco.com",
"password": "C1sco12345",
"username": "admin",
"insecure": false,
"skip_verify": true,
"port": 57777
}
}