Use rousette for RESTCONFish info retrieval
In the past we used a hacked-together set of shell scripts which invoked
`sysrepocfg` and some custom sysrepo wrappers in order to quickly get
JSON bits from the operational datastore. Switch from that to a little
more mature implementation of an HTTP server (which is still not really
RESTCONF).
There've been some changes in module revisions, so bump the YANG
revision dates as well. While doing that I discovered that the YANG
module installation is too complex; since 34d2f48 we do not preserve the
*.yang files anymore and we always start from an empty state. And while
I'm at this, always install the ietf-hardware module, that wouldn't hurt
on any box.
Change-Id: Ida87c3869bc538fe6c5fb597cf8624f2467ac0fe
diff --git a/package/cla-sysrepo/czechlight-install-yang.sh b/package/cla-sysrepo/czechlight-install-yang.sh
index b4484d6..01d33fc 100755
--- a/package/cla-sysrepo/czechlight-install-yang.sh
+++ b/package/cla-sysrepo/czechlight-install-yang.sh
@@ -2,7 +2,6 @@
set -ex
-IETF_HW_STATE=0
YANG_ROADM=0
YANG_COHERENT=0
YANG_INLINE=0
@@ -25,25 +24,20 @@
sdn-roadm-line*)
YANG_ROADM=1
WITH_FEATURE=hw-line-9
- IETF_HW_STATE=1
;;
sdn-roadm-add-drop*)
YANG_ROADM=1
WITH_FEATURE=hw-add-drop-20
- IETF_HW_STATE=1
;;
sdn-roadm-hires-add-drop*)
YANG_ROADM=1
WITH_FEATURE=hw-add-drop-20
- IETF_HW_STATE=1
INITIAL_DATA=sdn-roadm-add-drop
;;
sdn-roadm-coherent-a-d*)
- IETF_HW_STATE=1
YANG_COHERENT=1
;;
sdn-inline*)
- IETF_HW_STATE=1
YANG_INLINE=1
;;
calibration-box)
@@ -51,28 +45,12 @@
;;
esac
-# asks ietf-yang-library model in sysrepo for the state of a module given by $1
-# can return "implement", "import" or "" if the module is not present in the tree
-yang-module-state() {
- sysrepocfg -f xml -X --xpath "/ietf-yang-library:modules-state/module[name='$1']/conformance-type" -d operational | sed -n 's/\s*<conformance-type>\(.*\)<\/conformance-type>/\1/p'
-}
+sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/iana-hardware@2018-03-13.yang
+sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/ietf-hardware@2018-03-13.yang
+sysrepoctl --change ietf-hardware --permissions 0664 --enable-feature hardware-sensor --apply
-if [[ ${IETF_HW_STATE} == 1 ]]; then
- # if old model is implemented, remove it first. This uninstall dependent ietf-hardware if imported and not implemented
- if [[ "$(yang-module-state ietf-hardware-state)" == "implement" ]]; then
- sysrepoctl -u ietf-hardware-state --apply
- fi
-
- # if new model is not implemented
- if [[ "$(yang-module-state ietf-hardware)" != "implement" ]]; then
- sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/iana-hardware@2018-03-13.yang
- sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/ietf-hardware@2018-03-13.yang
- sysrepoctl --change ietf-hardware --permissions 0664 --enable-feature hardware-sensor --apply
- fi
-fi
-
-if [[ ${YANG_ROADM} == 1 && ! -f ${REPO}/czechlight-roadm-device@2019-09-30.yang ]]; then
- sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-roadm-device@2019-09-30.yang
+if [[ ${YANG_ROADM} == 1 ]]; then
+ sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-roadm-device@2021-03-05.yang
sysrepoctl --change czechlight-roadm-device --group optics --permissions 0664 --apply
if [[ ${WITH_FEATURE} ]]; then
sysrepoctl --change czechlight-roadm-device --enable-feature ${WITH_FEATURE}
@@ -80,48 +58,36 @@
sysrepocfg --datastore=startup --format=json --module=czechlight-roadm-device --import="${YANG_DIR}/${INITIAL_DATA}.json"
fi
-if [[ ${YANG_COHERENT} == 1 && ! -f ${REPO}/czechlight-coherent-add-drop@2019-09-30.yang ]]; then
- sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-coherent-add-drop@2019-09-30.yang
+if [[ ${YANG_COHERENT} == 1 ]]; then
+ sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-coherent-add-drop@2021-03-05.yang
sysrepocfg --datastore=startup --format=json --module=czechlight-coherent-add-drop --new-data="${YANG_DIR}/${INITIAL_DATA}.json"
sysrepoctl --change czechlight-coherent-add-drop --group optics --permissions 0664 --apply
fi
-if [[ ${YANG_INLINE} == 1 && ! -f ${REPO}/czechlight-inline-amp@2019-09-30.yang ]]; then
- sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-inline-amp@2019-09-30.yang
+if [[ ${YANG_INLINE} == 1 ]]; then
+ sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-inline-amp@2021-03-05.yang
sysrepocfg --datastore=startup --format=json --module=czechlight-inline-amp --import="${YANG_DIR}/${INITIAL_DATA}.json"
sysrepoctl --change czechlight-inline-amp --group optics --permissions 0664 --apply
fi
-if [[ ${YANG_CALIBRATION} == 1 && ! -f ${REPO}/czechlight-calibration-device@2019-06-25.yang ]]; then
+if [[ ${YANG_CALIBRATION} == 1 ]]; then
sysrepoctl --search-dirs ${YANG_DIR} --install ${YANG_DIR}/czechlight-calibration-device@2019-06-25.yang
sysrepocfg --datastore=startup --format=json --module=czechlight-calibration-device --import="${YANG_DIR}/${INITIAL_DATA}.json"
sysrepoctl --change czechlight-calibration-device --group optics --permissions 0664 --apply
fi
-if [[ ! -f ${REPO}/ietf-system@2014-08-06.yang ]]; then
- sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/ietf-system@2014-08-06.yang
- sysrepoctl --change ietf-system --permissions 0664 --apply
-fi
+sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/ietf-system@2014-08-06.yang
+sysrepoctl --change ietf-system --permissions 0664 --apply
-if [[ ! -f ${REPO}/czechlight-lldp@2020-11-04.yang ]]; then
- if compgen -G "${REPO}/czechlight-lldp@*.yang" >/dev/null; then
- sysrepoctl --search-dirs /usr/share/lldp-systemd-networkd-sysrepo/yang --update /usr/share/lldp-systemd-networkd-sysrepo/yang/czechlight-lldp@2020-11-04.yang
- else
- sysrepoctl --search-dirs /usr/share/lldp-systemd-networkd-sysrepo/yang --install /usr/share/lldp-systemd-networkd-sysrepo/yang/czechlight-lldp@2020-11-04.yang
- fi
- sysrepoctl --change czechlight-lldp --permissions 0664 --apply
-fi
+sysrepoctl --search-dirs /usr/share/lldp-systemd-networkd-sysrepo/yang --install /usr/share/lldp-systemd-networkd-sysrepo/yang/czechlight-lldp@2020-11-04.yang
+sysrepoctl --change czechlight-lldp --permissions 0664 --apply
-if [[ ! -f ${REPO}/czechlight-system@2021-01-13.yang ]]; then
- sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/czechlight-system@2021-01-13.yang
- sysrepoctl --change czechlight-system --permissions 0664 --apply
-fi
+sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/czechlight-system@2021-01-13.yang
+sysrepoctl --change czechlight-system --permissions 0664 --apply
-if [[ ! -f ${REPO}/czechlight-firewall@2021-01-25.yang ]]; then
- sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/czechlight-firewall@2021-01-25.yang
- sysrepoctl --change czechlight-firewall --permissions 0600 --apply
- sysrepoctl --change ietf-access-control-list --enable-feature eth --enable-feature match-on-eth --enable-feature match-on-ipv4 --enable-feature ipv4 --enable-feature match-on-ipv6 --enable-feature ipv6 --enable-feature mixed-eth-ipv4-ipv6
-fi
+sysrepoctl --search-dirs /usr/share/velia/yang --install /usr/share/velia/yang/czechlight-firewall@2021-01-25.yang
+sysrepoctl --change czechlight-firewall --permissions 0600 --apply
+sysrepoctl --change ietf-access-control-list --enable-feature eth --enable-feature match-on-eth --enable-feature match-on-ipv4 --enable-feature ipv4 --enable-feature match-on-ipv6 --enable-feature ipv6 --enable-feature mixed-eth-ipv4-ipv6
# If not do not copy here from startup -> running, running might be stale.
sysrepocfg -C startup
diff --git a/package/gammarus/gammarus.mk b/package/gammarus/gammarus.mk
index ec50798..8315285 100644
--- a/package/gammarus/gammarus.mk
+++ b/package/gammarus/gammarus.mk
@@ -9,8 +9,4 @@
$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
endef
-define GAMMARUS_USERS
- yangnobody 333666 yangnobody 333666 * - - - Unauthenticated operations via RESTCONF
-endef
-
$(eval $(generic-package))
diff --git a/package/reset-sysrepo/reset-sysrepo.mk b/package/reset-sysrepo/reset-sysrepo.mk
index f52a8cd..1c5f327 100644
--- a/package/reset-sysrepo/reset-sysrepo.mk
+++ b/package/reset-sysrepo/reset-sysrepo.mk
@@ -27,6 +27,7 @@
velia-system.service \
velia-hardware-g1.service \
velia-hardware-g2.service \
+ rousette.service \
; do \
echo "Adding systemd drop-ins $${UNIT} <-> /run/sysrepo"; \
$(INSTALL) -d -m 0755 $(TARGET_DIR)/usr/lib/systemd/system/$${UNIT}.d/ ; \
diff --git a/package/rousette/rousette.mk b/package/rousette/rousette.mk
index b51983d..38d26d2 100644
--- a/package/rousette/rousette.mk
+++ b/package/rousette/rousette.mk
@@ -9,4 +9,16 @@
ROUSETTE_CONF_OPTS = \
-DTHREADS_PTHREAD_ARG:STRING=-pthread
+define ROUSETTE_INSTALL_INIT_SYSTEMD
+ mkdir -p $(TARGET_DIR)/usr/lib/systemd/system/multi-user.target.wants/
+ $(INSTALL) -D -m 0644 \
+ $(BR2_EXTERNAL_CZECHLIGHT_PATH)/package/rousette/rousette.service \
+ $(TARGET_DIR)/usr/lib/systemd/system/
+ ln -sf ../rousette.service $(TARGET_DIR)/usr/lib/systemd/system/multi-user.target.wants/
+endef
+
+define ROUSETTE_USERS
+ yangnobody 333666 yangnobody 333666 * - - - Unauthenticated operations via RESTCONF
+endef
+
$(eval $(cmake-package))
diff --git a/package/rousette/rousette.service b/package/rousette/rousette.service
new file mode 100644
index 0000000..1f373e0
--- /dev/null
+++ b/package/rousette/rousette.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=RESTCONFish server
+After=syslog.target network.target czechlight-install-yang.service cfg-restore-sysrepo.service nacm-restore.service
+PartOf=netopeer2.service
+Requires=czechlight-install-yang.service cfg-restore-sysrepo.service nacm-restore.service
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/rousette
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=yes
+ProtectHome=yes
+Restart=always
+RestartSec=10s
+LogRateLimitIntervalSec=10
+LogRateLimitBurst=30000
+SyslogLevel=alert
+User=yangnobody
+Group=yangnobody
+
+[Install]
+WantedBy=multi-user.target