3.2.51. gnmi (pushed)¶
Note
requires a specific license: Product.
GNMI service configuration.
vsr running config# vrf <vrf> gnmi
enabled (pushed)¶
Enable the gNMI service.
vsr running config# vrf <vrf> gnmi
vsr running gnmi# enabled true|false
- Default value
true
dial-in¶
GNMI dial-in configuration. This daemon exposes the state of the vRouter via gNMI. Dial-in allows this service to listen for gNMI collectors queries.
vsr running config# vrf <vrf> gnmi dial-in
enabled¶
Enable the gNMI dial-in service.
vsr running config# vrf <vrf> gnmi dial-in
vsr running dial-in# enabled true|false
- Default value
true
address¶
GNMI server address.
vsr running config# vrf <vrf> gnmi dial-in
vsr running dial-in# address ADDRESS
|
Description |
|---|---|
|
An IPv4 address. |
|
An IPv6 address. |
- Default value
::
port¶
GNMI server port.
vsr running config# vrf <vrf> gnmi dial-in
vsr running dial-in# port PORT
|
A 16-bit port number used by a transport protocol such as TCP or UDP. |
- Default value
9339
log-level¶
GNMI log level.
vsr running config# vrf <vrf> gnmi dial-in
vsr running dial-in# log-level LOG-LEVEL
|
Description |
|---|---|
|
System is unusable. |
|
Action must be taken immediately. |
|
Critical conditions. |
|
Error conditions. |
|
Warning conditions. |
|
Normal but significant condition. |
|
Informational messages. |
|
Debug-level messages. |
- Default value
error
tls¶
Configure the gNMI dial-in TLS (or mTLS) authentication.
vsr running config# vrf <vrf> gnmi dial-in tls
enabled¶
Enable TLS or mTLS authentication.
vsr running config# vrf <vrf> gnmi dial-in tls
vsr running tls# enabled true|false
- Default value
true
ca-certificate¶
PEM-encoded X509 certificate authority certificate.
vsr running config# vrf <vrf> gnmi dial-in tls
vsr running tls# ca-certificate <string>
require-mtls¶
Authorize only mutual TLS authentication.
vsr running config# vrf <vrf> gnmi dial-in tls
vsr running tls# require-mtls true|false
- Default value
false
auth¶
GNMI dial-in authentication configuration.
vsr running config# vrf <vrf> gnmi dial-in auth
username (mandatory)¶
Username for gNMI dial-in authentication towards the collector.
vsr running config# vrf <vrf> gnmi dial-in auth
vsr running auth# username <string>
password¶
The gNMI password between the device and the collector, supplied as its hashed value (md5 / sha-256 / sha-512), or using the interactive password prompt.
vsr running config# vrf <vrf> gnmi dial-in auth
vsr running auth# password PASSWORD
|
The crypt-hash type is used to store passwords using a hash function. The algorithms for applying the hash function and encoding the result are implemented in various UNIX systems as the function crypt(3). A value of this type matches one of the forms: $0$<clear text password> $<id>$<salt>$<password hash> $<id>$<parameter>$<salt>$<password hash> The ‘$0$’ prefix signals that the value is clear text. When such a value is received by the server, a hash value is calculated, and the string ‘$<id>$<salt>$’ or $<id>$<parameter>$<salt>$ is prepended to the result. This value is stored in the configuration data store. If a value starting with ‘$<id>$’, where <id> is not ‘0’, is received, the server knows that the value already represents a hashed value and stores it ‘as is’ in the data store. When a server needs to verify a password given by a user, it finds the stored password hash string for that user, extracts the salt, and calculates the hash with the salt and given password as input. If the calculated hash value is the same as the stored value, the password given by the client is accepted. This type defines the following hash functions: id | hash function | feature —+—————+——————- 1 | MD5 | crypt-hash-md5 5 | SHA-256 | crypt-hash-sha-256 6 | SHA-512 | crypt-hash-sha-512 The server indicates support for the different hash functions by advertising the corresponding feature. |