Junos
Highlighted
Junos

Unable to start grpc services on Junos 19.1R1

[ Edited ]
2 weeks ago

Hello,

I am not able to enable grpc services on Junos 19.1R1. I am following Junos open config feature guide. below is the error i am getting.

 

{master:0}[edit]

root# set extension-service
^
syntax error.

 

I am in the configure mode, I checked for openconfig and network telemetry agent packages. They are already present.

 

Thank you

7 REPLIES 7
Junos

Re: Unable to start grpc services on Junos 19.1R1

2 weeks ago

Hi ,

 

I see you are at the root of the hierarchy [edit] .. Could you please check this hierarchy -


[edit system services]
user@host# set extension-service request-response grpc

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/grpc-services-telemetry.html

 

Regards,
Pradeep 2xJNCIE(SEC/ENT)
Junos

Re: Unable to start grpc services on Junos 19.1R1

a week ago

Thank for your reply Pradeep.

Current problem: How do I configure local certificate in 'security certificates local'  ?

 

This what i did so far

I was unable to configre grpc for unsecured API connection. So i went ahead and generated a local SSL certificate with below command. 

 

request security pki local-certificate generate-self-signed certificate-id jsd_certificate domain-name xx.xx.com ip-address xx.xx.xx.xx email dummy@xxx.xxx subject CN=abc

 

and loaded the certificate with

request security pki local-certificate load certificate-id jsd_certificate filename /var/tmp/jsd_certificate

 

I made sure the certificate is loaded by checking

{master:0}

root> show security pki local-certificate                                  

Certificate identifier: jsd_certificate

  Issued to: abc, Issued by: CN = abc

  Validity:

    Not before: 06- 6-2019 06:01 UTC

    Not after: 06- 4-2024 06:01 UTC

  Public key algorithm: rsaEncryption(512 bits)

 

Now when I try to configure grpc below is what i see

{master:0}[edit system services extension-service request-response grpc]
root#set ssl local-certificate jsd_certificate port 32767  

{master:0}[edit system services extension-service request-response grpc]

root# show

ssl {

    port 32767;

    ##

    ## Warning: certificate must be configured under 'security certificates local'

    ##

    local-certificate jsd_certificate; ## 'jsd_certificate' is not defined

}

I see this warning that certificate must be configured under security certificates local? How do I do this?

 

 

 

 

Junos

Re: Unable to start grpc services on Junos 19.1R1

a week ago

Hi ,

 

Enter the name of a certificate you have configured with the local certificate-name statement at the [edit security certificates] hierarchy level.

Regards,
Pradeep 2xJNCIE(SEC/ENT)
Junos

Re: Unable to start grpc services on Junos 19.1R1

a week ago

It wouldnt allow me to execute local certificate name command. 

{master:0}[edit security certificates]
root# local
^
unknown command.
root# edit local

{master:0}[edit security certificates local]

root# jsd
^
unknown command.
root# set ?
Possible completions:
<name> Simple name to identify this certificate
{master:0}[edit security certificates local]
root# set jsd_certificate
^
missing argument.

{master:0}[edit security certificates local]
root# set jsd_certificate ?
Possible completions:
<certificate> Certificate and private key string
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
load-key-file File (URL) containing an SSL certificate and private key in PEM format

Do i have to use set command?

Junos

Re: Unable to start grpc services on Junos 19.1R1

Tuesday

Yes, please use the set command under [edit security certificates] hierarchy to specify the local certificate name .

{master:0}[edit]
root@mySwitch# show | compare 
[edit]
+  security {
+      certificates {
+          local {
+              mycert { >>>> any user-defined name goes here 
+                  jsd_certificate; ## SECRET-DATA >>>> match with your local-certificate name 
+              }
+          }
+      }
+  }

{master:0}[edit]
root@mySwitch# run show security pki local-certificate 
Certificate identifier: jsd_certificate >>>>>>>>local-cert name 
  Issued to: (null), Issued by: DC = juniper, DC = net
  Validity:
    Not before: 02- 3-2017 21:22
    Not after: 02- 2-2022 21:22
  Public key algorithm: rsaEncryption(1024 bits)

{master:0}[edit]
root@mySwitch# commit check 
configuration check succeeds

In set format : 

{master:0}[edit]
root@mySwitch# show security certificates | display set 
set security certificates local mycert jsd_certificate

{master:0}[edit]
root@mySwitch# 

Hope this helps.

Regards,
Pradeep 2xJNCIE(SEC/ENT)
Junos

Re: Unable to start grpc services on Junos 19.1R1

[ Edited ]
Wednesday

Can you give me what options should be given when I use set command, I can see three options? 

{master:0}[edit security certificates local]

root# set jsd_certificate ?
Possible completions:
<certificate> Certificate and private key string
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
load-key-file File (URL) containing an SSL certificate and private key in PEM format
{master:0}[edit security certificates local]

Junos

Re: Unable to start grpc services on Junos 19.1R1

Wednesday

Hi ,

 

As shown in my previous reply, please use the first option -

 

<certificate> Certificate and private key string

 

For example,

 

Here mycert is the user-defined identifier and the next argument is the actual certificate name (jsd_certificate).

 

#set security certificates local mycert jsd_certificate

Regards,
Pradeep 2xJNCIE(SEC/ENT)