gRPC API Usage Tutorial

The XOS gRPC API may be used directly for operating on objects in the XOS data model as an alternative to REST or TOSCA. This short tutorial will walk the reader through the necessary steps to generate protobufs and to create a working gRPC API client.


Several python packages need to be installed into your development environment. You may use our supplied virtualenv, or you can install the necessary packages directly into your development environment:

# for running xosgenx
sudo pip install plyxproto jinja2 pyyaml colorama

# for building protobufs
sudo pip install grpcio grpcio-tools

# install the xos-genx library (not currently available on pypi)
cd ~/cord/orchestration/xos/lib/xos-genx
sudo python ./ install

This guide assumes that you have checked out CORD using the repo tool into the directory ~/cord. It is also assumed that you have a working SEBA installation that uses the att-workflow profile.

Build common protobufs

There are a number of common protobufs that are referenced by the XOS API that need to be generated. This can be done as follows:

cd ~/cord/orchestration/xos/xos/coreapi/protos

Note that you may want to clean these up (make clean) after you've completed this tutorial, particularly if you plan on building any XOS docker containers from your build environment.

Generating and build protobufs and gRPC from a subset of the XOS API

The XOS API is relatively large, but if you want to only operate over a subset of it, there are options that can be used with xosgenx. Here's an example:

mkdir -p ~/cord/sample_client
cd ~/cord/sample_client
xosgenx --target protoapi.xtarget --include-apps volt --include-apps rcord --include-apps att-workflow-driver --include-apps fabric-crossconnect  ~/cord/orchestration/xos/xos/core/models/core.xproto ~/cord/orchestration/xos-services/olt-service/xos/synchronizer/models/volt.xproto ~/cord/orchestration/xos-services/att-workflow-driver/xos/synchronizer/models/att-workflow-driver.xproto ~/cord/orchestration/xos-services/fabric-crossconnect/xos/synchronizer/models/fabric-crossconnect.xproto ~/cord/orchestration/xos-services/rcord/xos/synchronizer/models/rcord.xproto > ~/cord/sample_client/seba.proto

Note that it's necessary to supply the source xproto files that you're going to use. For this example, we've provided a list that includes popular SEBA services. We've also included the core xprotos, since they include necessary base classes for the services.

The --include-apps directive is used to filter which apps are included in the output. In this example, we've included all apps present in the source files, excluding the core, as the core includes many models that we aren't directly interested in.

It's also time to copy the common protobuf stubs into your working directory:

cp ~/cord/orchestration/xos/xos/coreapi/protos/*_pb2*.py ~/cord/sample_client/

Finally, we can build our custom protobufs:

cd ~/cord/sample-client
COMMON_PROTO_DIR=`realpath ~/cord/orchestration/xos/xos/coreapi/protos`
python -m grpc_tools.protoc -I. -I$COMMON_PROTO_DIR --python_out=. --grpc_python_out=. seba.proto

This will generate and, and they will be residing alongside the common protobuf stubs that we copied into our working directory earlier.

Get the ca-cert-chain

In order to use the gRPC API, we need to have a certificate that we can use to talk to the core. That certificate chain is located in the file xos-core/values.yaml in the helm-charts repositry. You'll need to locate the value ca_cert_chain in values.yaml, extract that value into a text file called, and then run the following:

base64 --decode > xos_core_ca_cert.out

The reason we had to base64 decode it is because secrets in kubernetes are always base64 encoded when they're placed into helm charts.

Create and run the test client

Below is a simple test client:

import base64
import grpc
import seba_pb2, seba_pb2_grpc

from grpc import metadata_call_credentials, ssl_channel_credentials, composite_channel_credentials
from google.protobuf.empty_pb2 import Empty


class UsernamePasswordCallCredentials(grpc.AuthMetadataPlugin):
      """Metadata wrapper for raw access token credentials."""
      def __init__(self, username, password):
            self._username = username
            self._password = password
      def __call__(self, context, callback):
            basic_auth = "Basic %s" % base64.b64encode("%s:%s" % (self._username, self._password))
            metadata = (('authorization', basic_auth),)
            callback(metadata, None)

server_ca = open(CACERT,"r").read()
call_creds = metadata_call_credentials(UsernamePasswordCallCredentials(USERNAME, PASSWORD))
chan_creds = ssl_channel_credentials(server_ca)
chan_creds = composite_channel_credentials(chan_creds, call_creds)

with grpc.secure_channel('xos-core:30010', chan_creds) as channel:
    stub = seba_pb2_grpc.xosStub(channel)
    print stub.ListVOLTService(Empty())

Note that the name xos-core must resolve inside of the environment you will be using to run the client. The name xos-core is baked into the certificate, so it must be that named used, and no other name. When operating inside of a container, Kubernetes will usually have name resolution already provided, but if operating in a development environment outside of a container, it may be necessary to provide name resolution yourself, such as an entry in /etc/hosts.

Paste the above to a file, such as and then run it (python The output should be a list of VOLTService currently in the data model. If there are no VOLTServices, then it'll emit an empty list.

results matching ""

    No results matching ""