Use rousette for RESTCONFish info retrieval
In the past we used a hacked-together set of shell scripts which invoked
`sysrepocfg` and some custom sysrepo wrappers in order to quickly get
JSON bits from the operational datastore. Switch from that to a little
more mature implementation of an HTTP server (which is still not really
RESTCONF).
There've been some changes in module revisions, so bump the YANG
revision dates as well. While doing that I discovered that the YANG
module installation is too complex; since 34d2f48 we do not preserve the
*.yang files anymore and we always start from an empty state. And while
I'm at this, always install the ietf-hardware module, that wouldn't hurt
on any box.
Change-Id: Ida87c3869bc538fe6c5fb597cf8624f2467ac0fe
diff --git a/package/cla-sysrepo/czechlight-install-yang.sh b/package/cla-sysrepo/czechlight-install-yang.sh
index b4484d6..01d33fc 100755
--- a/package/cla-sysrepo/czechlight-install-yang.sh
+++ b/package/cla-sysrepo/czechlight-install-yang.sh
@@ -2,7 +2,6 @@
set -ex
-IETF_HW_STATE=0
YANG_ROADM=0
YANG_COHERENT=0
YANG_INLINE=0
@@ -25,25 +24,20 @@
sdn-roadm-line*)
YANG_ROADM=1
WITH_FEATURE=hw-line-9
- IETF_HW_STATE=1
;;
sdn-roadm-add-drop*)
YANG_ROADM=1
WITH_FEATURE=hw-add-drop-20
- IETF_HW_STATE=1
;;
sdn-roadm-hires-add-drop*)
YANG_ROADM=1
WITH_FEATURE=hw-add-drop-20
- IETF_HW_STATE=1
INITIAL_DATA=sdn-roadm-add-drop
;;
sdn-roadm-coherent-a-d*)
- IETF_HW_STATE=1
YANG_COHERENT=1
;;
sdn-inline*)
- IETF_HW_STATE=1
YANG_INLINE=1
;;
calibration-box)
@@ -51,28 +45,12 @@
;;
esac
-# asks ietf-yang-library model in sysrepo for the state of a module given by $1
-# can return "implement", "import" or "" if the module is not present in the tree
-yang-module-state() {
- sysrepocfg -f xml -X --xpath "/ietf-yang-library:modules-state/module[name='$1']/conformance-type" -d operational | sed -n 's/\s*<conformance-type>\(.*\)<\/conformance-type>/\1/p'
-}
+sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/iana-hardware@2018-03-13.yang
+sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/ietf-hardware@2018-03-13.yang
+sysrepoctl --change ietf-hardware --permissions 0664 --enable-feature hardware-sensor --apply
-if [[ ${IETF_HW_STATE} == 1 ]]; then
- # if old model is implemented, remove it first. This uninstall dependent ietf-hardware if imported and not implemented
- if [[ "$(yang-module-state ietf-hardware-state)" == "implement" ]]; then
- sysrepoctl -u ietf-hardware-state --apply
- fi
-
- # if new model is not implemented
- if [[ "$(yang-module-state ietf-hardware)" != "implement" ]]; then
- sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/iana-hardware@2018-03-13.yang
- sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/ietf-hardware@2018-03-13.yang
- sysrepoctl --change ietf-hardware --permissions 0664 --enable-feature hardware-sensor --apply
- fi
-fi
-
-if [[ ${YANG_ROADM} == 1 && ! -f ${REPO}/czechlight-roadm-device@2019-09-30.yang ]]; then
- sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-roadm-device@2019-09-30.yang
+if [[ ${YANG_ROADM} == 1 ]]; then
+ sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-roadm-device@2021-03-05.yang
sysrepoctl --change czechlight-roadm-device --group optics --permissions 0664 --apply
if [[ ${WITH_FEATURE} ]]; then
sysrepoctl --change czechlight-roadm-device --enable-feature ${WITH_FEATURE}
@@ -80,48 +58,36 @@
sysrepocfg --datastore=startup --format=json --module=czechlight-roadm-device --import="${YANG_DIR}/${INITIAL_DATA}.json"
fi
-if [[ ${YANG_COHERENT} == 1 && ! -f ${REPO}/czechlight-coherent-add-drop@2019-09-30.yang ]]; then
- sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-coherent-add-drop@2019-09-30.yang
+if [[ ${YANG_COHERENT} == 1 ]]; then
+ sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-coherent-add-drop@2021-03-05.yang
sysrepocfg --datastore=startup --format=json --module=czechlight-coherent-add-drop --new-data="${YANG_DIR}/${INITIAL_DATA}.json"
sysrepoctl --change czechlight-coherent-add-drop --group optics --permissions 0664 --apply
fi
-if [[ ${YANG_INLINE} == 1 && ! -f ${REPO}/czechlight-inline-amp@2019-09-30.yang ]]; then
- sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-inline-amp@2019-09-30.yang
+if [[ ${YANG_INLINE} == 1 ]]; then
+ sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-inline-amp@2021-03-05.yang
sysrepocfg --datastore=startup --format=json --module=czechlight-inline-amp --import="${YANG_DIR}/${INITIAL_DATA}.json"
sysrepoctl --change czechlight-inline-amp --group optics --permissions 0664 --apply
fi
-if [[ ${YANG_CALIBRATION} == 1 && ! -f ${REPO}/czechlight-calibration-device@2019-06-25.yang ]]; then
+if [[ ${YANG_CALIBRATION} == 1 ]]; then
sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-calibration-device@2019-06-25.yang
sysrepocfg --datastore=startup --format=json --module=czechlight-calibration-device --import="${YANG_DIR}/${INITIAL_DATA}.json"
sysrepoctl --change czechlight-calibration-device --group optics --permissions 0664 --apply
fi
-if [[ ! -f ${REPO}/ietf-system@2014-08-06.yang ]]; then
- sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/ietf-system@2014-08-06.yang
- sysrepoctl --change ietf-system --permissions 0664 --apply
-fi
+sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/ietf-system@2014-08-06.yang
+sysrepoctl --change ietf-system --permissions 0664 --apply
-if [[ ! -f ${REPO}/czechlight-lldp@2020-11-04.yang ]]; then
- if compgen -G "${REPO}/czechlight-lldp@*.yang" >/dev/null; then
- sysrepoctl --search-dirs /usr/share/lldp-systemd-networkd-sysrepo/yang --update /usr/share/lldp-systemd-networkd-sysrepo/yang/czechlight-lldp@2020-11-04.yang
- else
- sysrepoctl --search-dirs /usr/share/lldp-systemd-networkd-sysrepo/yang --install /usr/share/lldp-systemd-networkd-sysrepo/yang/czechlight-lldp@2020-11-04.yang
- fi
- sysrepoctl --change czechlight-lldp --permissions 0664 --apply
-fi
+sysrepoctl --search-dirs /usr/share/lldp-systemd-networkd-sysrepo/yang --install /usr/share/lldp-systemd-networkd-sysrepo/yang/czechlight-lldp@2020-11-04.yang
+sysrepoctl --change czechlight-lldp --permissions 0664 --apply
-if [[ ! -f ${REPO}/czechlight-system@2021-01-13.yang ]]; then
- sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/czechlight-system@2021-01-13.yang
- sysrepoctl --change czechlight-system --permissions 0664 --apply
-fi
+sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/czechlight-system@2021-01-13.yang
+sysrepoctl --change czechlight-system --permissions 0664 --apply
-if [[ ! -f ${REPO}/czechlight-firewall@2021-01-25.yang ]]; then
- sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/czechlight-firewall@2021-01-25.yang
- sysrepoctl --change czechlight-firewall --permissions 0600 --apply
- sysrepoctl --change ietf-access-control-list --enable-feature eth --enable-feature match-on-eth --enable-feature match-on-ipv4 --enable-feature ipv4 --enable-feature match-on-ipv6 --enable-feature ipv6 --enable-feature mixed-eth-ipv4-ipv6
-fi
+sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/czechlight-firewall@2021-01-25.yang
+sysrepoctl --change czechlight-firewall --permissions 0600 --apply
+sysrepoctl --change ietf-access-control-list --enable-feature eth --enable-feature match-on-eth --enable-feature match-on-ipv4 --enable-feature ipv4 --enable-feature match-on-ipv6 --enable-feature ipv6 --enable-feature mixed-eth-ipv4-ipv6
# If not do not copy here from startup -> running, running might be stale.
sysrepocfg -C startup
diff --git a/package/gammarus/gammarus.mk b/package/gammarus/gammarus.mk
index ec50798..8315285 100644
--- a/package/gammarus/gammarus.mk
+++ b/package/gammarus/gammarus.mk
@@ -9,8 +9,4 @@
$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
endef
-define GAMMARUS_USERS
- yangnobody 333666 yangnobody 333666 * - - - Unauthenticated operations via RESTCONF
-endef
-
$(eval $(generic-package))
diff --git a/package/reset-sysrepo/reset-sysrepo.mk b/package/reset-sysrepo/reset-sysrepo.mk
index f52a8cd..1c5f327 100644
--- a/package/reset-sysrepo/reset-sysrepo.mk
+++ b/package/reset-sysrepo/reset-sysrepo.mk
@@ -27,6 +27,7 @@
velia-system.service \
velia-hardware-g1.service \
velia-hardware-g2.service \
+ rousette.service \
; do \
echo "Adding systemd drop-ins $${UNIT} <-> /run/sysrepo"; \
$(INSTALL) -d -m 0755 $(TARGET_DIR)/usr/lib/systemd/system/$${UNIT}.d/ ; \
diff --git a/package/rousette/rousette.mk b/package/rousette/rousette.mk
index b51983d..38d26d2 100644
--- a/package/rousette/rousette.mk
+++ b/package/rousette/rousette.mk
@@ -9,4 +9,16 @@
ROUSETTE_CONF_OPTS = \
-DTHREADS_PTHREAD_ARG:STRING=-pthread
+define ROUSETTE_INSTALL_INIT_SYSTEMD
+ mkdir -p $(TARGET_DIR)/usr/lib/systemd/system/multi-user.target.wants/
+ $(INSTALL) -D -m 0644 \
+ $(BR2_EXTERNAL_CZECHLIGHT_PATH)/package/rousette/rousette.service \
+ $(TARGET_DIR)/usr/lib/systemd/system/
+ ln -sf ../rousette.service $(TARGET_DIR)/usr/lib/systemd/system/multi-user.target.wants/
+endef
+
+define ROUSETTE_USERS
+ yangnobody 333666 yangnobody 333666 * - - - Unauthenticated operations via RESTCONF
+endef
+
$(eval $(cmake-package))
diff --git a/package/rousette/rousette.service b/package/rousette/rousette.service
new file mode 100644
index 0000000..1f373e0
--- /dev/null
+++ b/package/rousette/rousette.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=RESTCONFish server
+After=syslog.target network.target czechlight-install-yang.service cfg-restore-sysrepo.service nacm-restore.service
+PartOf=netopeer2.service
+Requires=czechlight-install-yang.service cfg-restore-sysrepo.service nacm-restore.service
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/rousette
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=yes
+ProtectHome=yes
+Restart=always
+RestartSec=10s
+LogRateLimitIntervalSec=10
+LogRateLimitBurst=30000
+SyslogLevel=alert
+User=yangnobody
+Group=yangnobody
+
+[Install]
+WantedBy=multi-user.target
diff --git a/submodules/cla-sysrepo b/submodules/cla-sysrepo
index a6e96e9..810a3e9 160000
--- a/submodules/cla-sysrepo
+++ b/submodules/cla-sysrepo
@@ -1 +1 @@
-Subproject commit a6e96e9e9a3382daa0189fdacd22cf08ca926127
+Subproject commit 810a3e9bfaa7cb6f422618620d4cc3e93e21c77a
diff --git a/submodules/gammarus b/submodules/gammarus
index 293e6ae..c2783da 160000
--- a/submodules/gammarus
+++ b/submodules/gammarus
@@ -1 +1 @@
-Subproject commit 293e6ae00e7e43a29c66b657fdc325ff2b6517a4
+Subproject commit c2783da221ac431322f6cd9a931aa0ebb87c2186
diff --git a/submodules/netconf-cli b/submodules/netconf-cli
index a31d4c4..1d59390 160000
--- a/submodules/netconf-cli
+++ b/submodules/netconf-cli
@@ -1 +1 @@
-Subproject commit a31d4c4d571955fbda0aa9b9ffd702d10f72c4e0
+Subproject commit 1d593904dd5f775642dbfd591d19dc0409600c8b
diff --git a/submodules/rousette b/submodules/rousette
index 30f3b3e..f3c0203 160000
--- a/submodules/rousette
+++ b/submodules/rousette
@@ -1 +1 @@
-Subproject commit 30f3b3e954d456792988322b148b22ec6c302f92
+Subproject commit f3c0203ef066d10d04858e73e7f2cadd68658ebf
diff --git a/submodules/velia b/submodules/velia
index b5fa10b..210a852 160000
--- a/submodules/velia
+++ b/submodules/velia
@@ -1 +1 @@
-Subproject commit b5fa10b532334f5070061a96a1c43fc849cf649c
+Subproject commit 210a8529241ecc1d2ee6e2e3a5581c0926bb4a57