From 5464eec5405b4f49432e8c906c66394a47d57b9a Mon Sep 17 00:00:00 2001 From: Olof hagsand Date: Tue, 7 Jul 2020 13:26:38 +0200 Subject: [PATCH] Added docker support for three restconf modes: nginx/fcgi(default); evhtp ; and none. --- CHANGELOG.md | 1 + configure.ac | 1 - docker/main/Dockerfile | 27 +----- docker/main/Dockerfile.evhtp | 139 +++++++++++++++++++++++++++++++ docker/main/Dockerfile.fcgi | 124 +++++++++++++++++++++++++++ docker/main/Makefile.in | 14 +++- docker/main/README.md | 33 +++++--- docker/main/start.sh | 6 +- docker/main/startsystem.sh | 61 ++------------ docker/main/startsystem_evhtp.sh | 124 +++++++++++++++++++++++++++ docker/main/startsystem_fcgi.sh | 126 ++++++++++++++++++++++++++++ test/test_ssl_certs.sh | 2 +- test/test_stream.sh | 2 +- test/test_yang_bind.sh | 3 +- test/travis/before_script.sh | 1 + 15 files changed, 569 insertions(+), 95 deletions(-) create mode 100644 docker/main/Dockerfile.evhtp create mode 100644 docker/main/Dockerfile.fcgi create mode 100755 docker/main/startsystem_evhtp.sh create mode 100755 docker/main/startsystem_fcgi.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index 5bc464ec..42da280c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -81,6 +81,7 @@ Expected: July 2020 ### Minor changes +* Added docker support for three restconf modes: nginx/fcgi(default); evhtp ; and none. * Added [Vagrant tests](test/vagrant/README.md) * Added new function `clicon_xml2str()` to complement xml_print and others that returns a malloced string. * Added new function `xml_child_index_each()` to iterate over the children of an XML node according to the order defined by an explicit index variable. This is a complement to `xml_child_each()` which iterates using the default order. diff --git a/configure.ac b/configure.ac index eb6aa639..27c8f465 100644 --- a/configure.ac +++ b/configure.ac @@ -104,7 +104,6 @@ AC_PROG_CC() AC_PROG_CPP AC_PROG_CXX - CPPFLAGS="-DHAVE_CONFIG_H ${CPPFLAGS}" AC_MSG_RESULT(compiler is $CC) diff --git a/docker/main/Dockerfile b/docker/main/Dockerfile index 08a74250..b53efbda 100644 --- a/docker/main/Dockerfile +++ b/docker/main/Dockerfile @@ -31,12 +31,13 @@ # # ***** END LICENSE BLOCK ***** # +# Clixon dockerfile without restconf FROM alpine MAINTAINER Olof Hagsand # For clixon and cligen -RUN apk add --update git make build-base gcc flex bison fcgi-dev curl-dev +RUN apk add --update git make build-base gcc flex bison curl-dev # Create a directory to hold source-code, dependencies etc RUN mkdir /clixon @@ -57,17 +58,12 @@ RUN mkdir /clixon/clixon WORKDIR /clixon/clixon COPY clixon . -# Need to add www user manually -RUN adduser -D -H www-data -# nginx adds group www-data -RUN apk add --update nginx - # Configure, build and install clixon -RUN ./configure --prefix=/clixon/build --with-cligen=/clixon/build --with-wwwuser=www-data --enable-optyangs +RUN ./configure --prefix=/clixon/build --with-cligen=/clixon/build --enable-optyangs --without-restconf RUN make RUN make install -# Install utils +# Install utils (for tests) WORKDIR /clixon/clixon/util RUN make RUN make install @@ -97,28 +93,13 @@ MAINTAINER Olof Hagsand # For clixon and cligen RUN apk add --update flex bison fcgi-dev -# need to add www user manually -RUN adduser -D -H www-data -# nginx adds group www-data -RUN apk add --update nginx - # Test-specific (for test scripts) RUN apk add --update sudo curl procps grep make bash -# Expose nginx port for restconf -EXPOSE 80 - # Create clicon user and group RUN adduser -D -H clicon -RUN adduser nginx clicon -RUN adduser www-data clicon COPY --from=0 /clixon/build/ /usr/local/ -COPY --from=0 /www-data /www-data - -# Manually created -RUN chown www-data /www-data -RUN chgrp www-data /www-data # Log to stderr. CMD /usr/local/bin/startsystem.sh diff --git a/docker/main/Dockerfile.evhtp b/docker/main/Dockerfile.evhtp new file mode 100644 index 00000000..3a316667 --- /dev/null +++ b/docker/main/Dockerfile.evhtp @@ -0,0 +1,139 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# +# Copyright (C) 2017-2019 Olof Hagsand +# Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate) +# +# This file is part of CLIXON +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Alternatively, the contents of this file may be used under the terms of +# the GNU General Public License Version 3 or later (the "GPL"), +# in which case the provisions of the GPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of the GPL, and not to allow others to +# use your version of this file under the terms of Apache License version 2, +# indicate your decision by deleting the provisions above and replace them with +# the notice and other provisions required by the GPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the Apache License version 2 or the GPL. +# +# ***** END LICENSE BLOCK ***** +# + +FROM alpine +MAINTAINER Olof Hagsand + +# For clixon and cligen +RUN apk add --update git make build-base gcc flex bison curl-dev + +# Create a directory to hold source-code, dependencies etc +RUN mkdir /clixon + +# libevht +# dependencies +RUN apk add --update libevent cmake libevent-dev + +# clone libevhtp +WORKDIR /clixon +RUN git clone https://github.com/criticalstack/libevhtp.git +WORKDIR /clixon/libevhtp/build +RUN cmake -DEVHTP_DISABLE_REGEX=ON -DEVHTP_DISABLE_EVTHR=ON .. +RUN make +RUN make install + +# NOTE: Patch include queue.h to use the queue.h included in the evhtp release instead +RUN (cd /usr/local/include/evhtp/; sed -i -e 's///' evhtp.h) + +RUN mkdir /clixon/build +WORKDIR /clixon + +# Clone cligen +RUN git clone https://github.com/clicon/cligen.git + +# Build cligen +WORKDIR /clixon/cligen +RUN ./configure --prefix=/clixon/build +RUN make +RUN make install + +# Copy Clixon from local dir +RUN mkdir /clixon/clixon +WORKDIR /clixon/clixon +COPY clixon . + +# Need to add www user manually +RUN adduser -D -H www-data + +# Configure, build and install clixon +RUN ./configure --prefix=/clixon/build --with-cligen=/clixon/build --with-wwwuser=www-data --enable-optyangs --with-restconf=evhtp + +RUN make +RUN make install + +# Install utils (for tests) +WORKDIR /clixon/clixon/util +RUN make +RUN make install + +# Build and install the clixon example +WORKDIR /clixon/clixon/example/main +RUN make +RUN make install +RUN install example.xml /clixon/build/etc/clixon.xml + +# Copy tests +WORKDIR /clixon/clixon/test +RUN install -d /clixon/build/bin/test +RUN install *.sh /clixon/build/bin/test + +# Copy startscript +WORKDIR /clixon +COPY startsystem_evhtp.sh startsystem.sh +RUN install startsystem.sh /clixon/build/bin/ + +# +# Stage 2 +# The second step skips the development environment and builds a runtime system +FROM alpine +MAINTAINER Olof Hagsand + +# For clixon and cligen +RUN apk add --update flex bison + +# need to add www user manually +RUN adduser -D -H www-data +# for libevtp +RUN apk add --update openssl libevent + +# Test-specific (for test scripts) +RUN apk add --update sudo curl procps grep make bash + +# Expose https port for restconf +EXPOSE 80 + +# Create clicon user and group +RUN adduser -D -H clicon +RUN adduser www-data clicon + +COPY --from=0 /clixon/build/ /usr/local/ +COPY --from=0 /www-data /www-data +#COPY --from=0 /usr/local/lib/libevhtp.a /usr/local/lib/libevhtp.a # maybe not necessary since static + +# Manually created +RUN chown www-data /www-data +RUN chgrp www-data /www-data + +# Log to stderr. +CMD /usr/local/bin/startsystem.sh diff --git a/docker/main/Dockerfile.fcgi b/docker/main/Dockerfile.fcgi new file mode 100644 index 00000000..7db8f9af --- /dev/null +++ b/docker/main/Dockerfile.fcgi @@ -0,0 +1,124 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# +# Copyright (C) 2017-2019 Olof Hagsand +# Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate) +# +# This file is part of CLIXON +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Alternatively, the contents of this file may be used under the terms of +# the GNU General Public License Version 3 or later (the "GPL"), +# in which case the provisions of the GPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of the GPL, and not to allow others to +# use your version of this file under the terms of Apache License version 2, +# indicate your decision by deleting the provisions above and replace them with +# the notice and other provisions required by the GPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the Apache License version 2 or the GPL. +# +# ***** END LICENSE BLOCK ***** +# + +FROM alpine +MAINTAINER Olof Hagsand + +# For clixon and cligen +RUN apk add --update git make build-base gcc flex bison fcgi-dev curl-dev + +# Create a directory to hold source-code, dependencies etc +RUN mkdir /clixon +RUN mkdir /clixon/build +WORKDIR /clixon + +# Clone cligen +RUN git clone https://github.com/clicon/cligen.git + +# Build cligen +WORKDIR /clixon/cligen +RUN ./configure --prefix=/clixon/build +RUN make +RUN make install + +# Copy Clixon from local dir +RUN mkdir /clixon/clixon +WORKDIR /clixon/clixon +COPY clixon . + +# Need to add www user manually +RUN adduser -D -H www-data +# nginx adds group www-data +RUN apk add --update nginx + +# Configure, build and install clixon +RUN ./configure --prefix=/clixon/build --with-cligen=/clixon/build --with-wwwuser=www-data --enable-optyangs --with-restconf=fcgi +RUN make +RUN make install + +# Install utils (for tests) +WORKDIR /clixon/clixon/util +RUN make +RUN make install + +# Build and install the clixon example +WORKDIR /clixon/clixon/example/main +RUN make +RUN make install +RUN install example.xml /clixon/build/etc/clixon.xml + +# Copy tests +WORKDIR /clixon/clixon/test +RUN install -d /clixon/build/bin/test +RUN install *.sh /clixon/build/bin/test + +# Copy startscript +WORKDIR /clixon +COPY startsystem_fcgi.sh startsystem.sh +RUN install startsystem.sh /clixon/build/bin/ + +# +# Stage 2 +# The second step skips the development environment and builds a runtime system +FROM alpine +MAINTAINER Olof Hagsand + +# For clixon and cligen +RUN apk add --update flex bison fcgi-dev + +# need to add www user manually +RUN adduser -D -H www-data +# nginx adds group www-data +RUN apk add --update nginx + +# Test-specific (for test scripts) +RUN apk add --update sudo curl procps grep make bash + +# Expose nginx port for restconf +EXPOSE 80 + +# Create clicon user and group +RUN adduser -D -H clicon +RUN adduser nginx clicon +RUN adduser www-data clicon + +COPY --from=0 /clixon/build/ /usr/local/ +COPY --from=0 /www-data /www-data + +# Manually created +RUN chown www-data /www-data +RUN chgrp www-data /www-data + +# Log to stderr. +CMD /usr/local/bin/startsystem.sh diff --git a/docker/main/Makefile.in b/docker/main/Makefile.in index fd38c175..c8c1e367 100644 --- a/docker/main/Makefile.in +++ b/docker/main/Makefile.in @@ -38,6 +38,12 @@ CC = @CC@ CFLAGS = @CFLAGS@ LDFLAGS = @LDFLAGS@ LIBS = @LIBS@ +with_restconf = @with_restconf@ +ifdef with_restconf +DOCKERFILE = Dockerfile.$(with_restconf) +else +DOCKERFILE = Dockerfile +endif # Example docker image. CHANGE THIS IF YOU PUSH IMG = clixon/clixon-system @@ -59,16 +65,18 @@ clean: distclean: clean rm -f Makefile *~ .depend -docker: clixon Dockerfile - sudo docker build -t $(IMG) . # --no-cache +docker: clixon $(DOCKERFILE) + sudo docker build -f $(DOCKERFILE) -t $(IMG) . # --no-cache push: sudo docker push $(IMG) # Start the clixon system container and run the test script +# sleep is for waiting for start script to run properly before starting tests +# Note tests will kill the daemons started in the start scrips test: docker ./cleanup.sh ; PORT=8080 ./start.sh # kill (ignore error) and the start it - sudo docker exec -it clixon-system bash -c 'cd /usr/local/bin/test && ./all.sh' + sleep 1; sudo docker exec -it clixon-system bash -c 'cd /usr/local/bin/test && ./all.sh' depend: diff --git a/docker/main/README.md b/docker/main/README.md index 0bb56c1a..b5da8f8d 100644 --- a/docker/main/README.md +++ b/docker/main/README.md @@ -4,13 +4,19 @@ This directory show how to build a "monolithic" clixon docker container exporting port 80 and contains the example application with both restconf, netconf, cli and backend. It also includes packages to be able to run the [Clixon tests](../../test). +Note that restconf capability depends on how clixon was configured using the `--with-restconf` option. + The directory contains the following files: - cleanup.sh kill containers - Dockerfile Docker build instructions - Makefile.in "make docker" builds the container - README.md This file - start.sh Start containers - startsystem.sh Internal start script copied to inside the container (dont run from shell) + - cleanup.sh Kill containers + - Dockerfile Docker build instructions without restconf + - Dockerfile.fcgi Docker build instructions with nginx/fcgi restconf (this is default) + - Dockerfile.evhtp Docker build instructions with libevhtp restconf + - Makefile.in "make docker" builds the container + - README.md This file + - start.sh Start containers + - startsystem.sh Internal start script copied to inside the container (dont run from shell). + - startsystem_fcgi.sh Variant for nginx/fcgi (default) + - startsystem_evhtp.sh Variant for libevhtp How to run the tests: ``` @@ -45,7 +51,14 @@ As netconf via stdin/stdout: ``` As restconf using curl on exposed port 80: ``` - $ curl -G http://localhost/restconf + $ curl -X GET http://localhost/restconf + { + "ietf-restconf:restconf": { + "data": {}, + "operations": {}, + "yang-library-version": "2016-06-21" + } + } ``` Or run tests: ``` @@ -63,6 +76,6 @@ You trigger the test scripts inside the container using `make test`. ## Changing code If you want to edit clixon code so it runs in the container? -You either -(1) "persistent": make your changes in the actual clixon code and commit; make clean to remove the local clone; make test again -(2) "volatile" edit the local clone, (in the subdir); `make test`. +You either: + 1. "persistent": make your changes in the actual clixon code and commit; make clean to remove the local clone; make test again + 2. "volatile" edit the local clone, (in the subdir); `make test`. diff --git a/docker/main/start.sh b/docker/main/start.sh index 3cf09c39..3a02e316 100755 --- a/docker/main/start.sh +++ b/docker/main/start.sh @@ -33,8 +33,10 @@ # Usage: ./startup.sh # Debug: DBG=1 ./startup.sh -# See also cleanup.sh - +# This script runs _outside_ the container on the host, and triggers the startsystem.sh that runs +# _inside_ the container. +# @see cleanup.sh and startsystem.sh +# >&2 echo "Running script: $0" # Error function diff --git a/docker/main/startsystem.sh b/docker/main/startsystem.sh index 55f26eb4..e3c772ef 100755 --- a/docker/main/startsystem.sh +++ b/docker/main/startsystem.sh @@ -1,5 +1,4 @@ #!/bin/sh - # ***** BEGIN LICENSE BLOCK ***** # # Copyright (C) 2017-2019 Olof Hagsand @@ -32,61 +31,36 @@ # # ***** END LICENSE BLOCK ***** +# Clixon start script without restconf. NOTE TESTS are very restricted # This script is copied into the container on build time and runs # _inside_ the container at start in runtime. It gets environment variables # from the start.sh script. -# It starts a backend, a restconf daemon and a nginx daemon and exposes ports +# It starts a backend and the sleeps # for restconf. # See also Dockerfile of the example # Log msg, see with docker logs +set -eux + >&2 echo "$0" DBG=${DBG:-0} -WWWUSER=${WWWUSER:-www-data} - # Initiate clixon configuration (env variable) echo "$CONFIG" > /usr/local/etc/clixon.xml # Initiate running db (env variable) echo "$STORE" > /usr/local/var/example/running_db ->&2 echo "Write nginx config files" -# nginx site config file -cat < /etc/nginx/conf.d/default.conf -# -server { - listen 80 default_server; - listen localhost:80 default_server; - listen [::]:80 default_server; - server_name localhost; - server_name _; - location / { - fastcgi_pass unix:/www-data/fastcgi_restconf.sock; - include fastcgi_params; - } - location /restconf { - fastcgi_pass unix:/www-data/fastcgi_restconf.sock; - include fastcgi_params; - } - location /streams { - fastcgi_pass unix:/www-data/fastcgi_restconf.sock; - include fastcgi_params; - proxy_http_version 1.1; - proxy_set_header Connection ""; - } -} -EOF - # This is a clixon site test file. # Add to skiplist: # - all 3rd party model testing (you need to download the repos) # - test_install.sh since you dont have the make environment # - test_order.sh XXX this is a bug need debugging +# - NOTE all restconf tests skipped which makes these tests very constrained cat < /usr/local/bin/test/site.sh # Add your local site specific env variables (or tests) here. -SKIPLIST="test_api.sh test_c++.sh test_yangmodels.sh test_openconfig.sh test_install.sh test_privileges.sh" +SKIPLIST="test_api.sh test_c++.sh test_yangmodels.sh test_openconfig.sh test_install.sh test_privileges.sh test_augment.sh test_choice.sh test_identity.sh test_nacm_datanode_read.sh test_nacm_datanode.sh test_nacm_datanode_write.sh test_nacm_default.sh test_nacm_ext.sh test_nacm_module_read.sh test_nacm_module_write.sh test_nacm_protocol.sh test_nacm.sh test_perf.sh test_perf_state_only.sh test_perf_state.sh test_restconf2.sh test_restconf_err.sh test_restconf_jukebox.sh test_restconf_listkey.sh test_restconf_patch.sh test_restconf.sh test_restconf_startup.sh test_rpc.sh test_ssl_certs.sh test_stream.sh test_submodule.sh test_upgrade_auto.sh test_upgrade_interfaces.sh test_upgrade_repair.sh test_yang_namespace.sh" #IETFRFC= EOF @@ -94,28 +68,11 @@ EOF # sudo: setrlimit(RLIMIT_CORE): Operation not permitted echo "Set disable_coredump false" > /etc/sudo.conf - chmod 775 /usr/local/bin/test/site.sh -if [ ! -d /run/nginx ]; then - mkdir /run/nginx -fi - -# Start nginx -#/usr/sbin/nginx -g 'daemon off;' -c /etc/nginx/nginx.conf -/usr/sbin/nginx -c /etc/nginx/nginx.conf ->&2 echo "nginx started" - -# Start clixon_restconf -su -c "/www-data/clixon_restconf -l f/www-data/restconf.log -D $DBG" -s /bin/sh $WWWUSER & ->&2 echo "clixon_restconf started" - -# Set grp write XXX do this when creating -chmod g+w /www-data/fastcgi_restconf.sock - -# Start clixon backend ->&2 echo "start clixon_backend:" -/usr/local/sbin/clixon_backend -FD $DBG -s running -l e # logs on docker logs +# Start clixon backend (tests will kill this) +/usr/local/sbin/clixon_backend -D $DBG -s running -l e # logs on docker logs +>&2 echo "clixon_backend started" # Alt: let backend be in foreground, but test scripts may # want to restart backend diff --git a/docker/main/startsystem_evhtp.sh b/docker/main/startsystem_evhtp.sh new file mode 100755 index 00000000..fd3cf9ba --- /dev/null +++ b/docker/main/startsystem_evhtp.sh @@ -0,0 +1,124 @@ +#!/bin/sh +# ***** BEGIN LICENSE BLOCK ***** +# +# Copyright (C) 2017-2019 Olof Hagsand +# Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate) +# +# This file is part of CLIXON +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Alternatively, the contents of this file may be used under the terms of +# the GNU General Public License Version 3 or later (the "GPL"), +# in which case the provisions of the GPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of the GPL, and not to allow others to +# use your version of this file under the terms of Apache License version 2, +# indicate your decision by deleting the provisions above and replace them with +# the notice and other provisions required by the GPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the Apache License version 2 or the GPL. +# +# ***** END LICENSE BLOCK ***** + +# Clixon startscript for evhtp and https +# This script is copied into the container on build time and runs +# _inside_ the container at start in runtime. It gets environment variables +# from the start.sh script. +# It starts a backend, a restconf daemon and exposes ports for restconf, and the sleeps +# See also Dockerfile of the example +# Log msg, see with docker logs + +set -eux + +>&2 echo "$0" + +DBG=${DBG:-0} + +WWWUSER=${WWWUSER:-www-data} + +# Initiate clixon configuration (env variable) +echo "$CONFIG" > /usr/local/etc/clixon.xml + +# Initiate running db (env variable) +echo "$STORE" > /usr/local/var/example/running_db + +# This is a clixon site test file. +# Add to skiplist: +# - all 3rd party model testing (you need to download the repos) +# - test_install.sh since you dont have the make environment +cat < /usr/local/bin/test/site.sh +# Add your local site specific env variables (or tests) here. +SKIPLIST="test_api.sh test_c++.sh test_yangmodels.sh test_openconfig.sh test_install.sh test_privileges.sh" +RCPROTO=https +#IETFRFC= +EOF + +# Workaround for this error output: +# sudo: setrlimit(RLIMIT_CORE): Operation not permitted +echo "Set disable_coredump false" > /etc/sudo.conf + +chmod 775 /usr/local/bin/test/site.sh + +# Generate self-signed server certificates +cat< ./ca.cnf +[ ca ] +default_ca = CA_default + +[ CA_default ] +serial = ca-serial +crl = ca-crl.pem +database = ca-database.txt +name_opt = CA_default +cert_opt = CA_default +default_crl_days = 9999 +default_md = md5 + +[ req ] +default_bits = 2048 +days = 1 +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = password + +[ req_distinguished_name ] +C = SE +L = Stockholm +O = Clixon +OU = clixon +CN = ca +emailAddress = olof@hagsand.se + +[ req_attributes ] +challengePassword = test +EOF + +# Generate self-signed server certificates +openssl req -x509 -config ./ca.cnf -nodes -newkey rsa:4096 -keyout /etc/ssl/private/clixon-server-key.pem -out /etc/ssl/certs/clixon-server-crt.pem -days 365 + +# Start clixon_restconf +# -s https +# But dont use -s exposing local ports since there is problem with self-signed certs? +/www-data/clixon_restconf -l f/www-data/restconf.log -D $DBG & +>&2 echo "clixon_restconf started" + +# Start clixon backend (tests will kill this) +# Note if tests start too quickly, a backend may only be running and get error when start here, +# therefore test starts need to be delayed slightly +/usr/local/sbin/clixon_backend -D $DBG -s running -l e # logs on docker logs +>&2 echo "clixon_backend started" + +# Alt: let backend be in foreground, but test scripts may +# want to restart backend +/bin/sleep 100000000 diff --git a/docker/main/startsystem_fcgi.sh b/docker/main/startsystem_fcgi.sh new file mode 100755 index 00000000..432f3554 --- /dev/null +++ b/docker/main/startsystem_fcgi.sh @@ -0,0 +1,126 @@ +#!/bin/sh +# ***** BEGIN LICENSE BLOCK ***** +# +# Copyright (C) 2017-2019 Olof Hagsand +# Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate) +# +# This file is part of CLIXON +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Alternatively, the contents of this file may be used under the terms of +# the GNU General Public License Version 3 or later (the "GPL"), +# in which case the provisions of the GPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of the GPL, and not to allow others to +# use your version of this file under the terms of Apache License version 2, +# indicate your decision by deleting the provisions above and replace them with +# the notice and other provisions required by the GPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the Apache License version 2 or the GPL. +# +# ***** END LICENSE BLOCK ***** + +# Clixon startscript for fcgi/nginx and http +# This script is copied into the container on build time and runs +# _inside_ the container at start in runtime. It gets environment variables +# from the start.sh script. +# It starts a backend, a restconf daemon, a nginx daemon, exposes ports and the sleeps +# for restconf. +# See also Dockerfile of the example +# Log msg, see with docker logs + +set -eux + +>&2 echo "$0" + +DBG=${DBG:-0} + +WWWUSER=${WWWUSER:-www-data} + +# Initiate clixon configuration (env variable) +echo "$CONFIG" > /usr/local/etc/clixon.xml + +# Initiate running db (env variable) +echo "$STORE" > /usr/local/var/example/running_db + +>&2 echo "Write nginx config files" +# nginx site config file +cat < /etc/nginx/conf.d/default.conf +# +server { + listen 80 default_server; + listen localhost:80 default_server; + listen [::]:80 default_server; + server_name localhost; + server_name _; + location / { + fastcgi_pass unix:/www-data/fastcgi_restconf.sock; + include fastcgi_params; + } + location /restconf { + fastcgi_pass unix:/www-data/fastcgi_restconf.sock; + include fastcgi_params; + } + location /streams { + fastcgi_pass unix:/www-data/fastcgi_restconf.sock; + include fastcgi_params; + proxy_http_version 1.1; + proxy_set_header Connection ""; + } +} +EOF + +# This is a clixon site test file. +# Add to skiplist: +# - all 3rd party model testing (you need to download the repos) +# - test_install.sh since you dont have the make environment +# - test_order.sh XXX this is a bug need debugging +cat < /usr/local/bin/test/site.sh +# Add your local site specific env variables (or tests) here. +SKIPLIST="test_api.sh test_c++.sh test_yangmodels.sh test_openconfig.sh test_install.sh test_privileges.sh" +#IETFRFC= +EOF + +# Workaround for this error output: +# sudo: setrlimit(RLIMIT_CORE): Operation not permitted +echo "Set disable_coredump false" > /etc/sudo.conf + + +chmod 775 /usr/local/bin/test/site.sh + +if [ ! -d /run/nginx ]; then + mkdir /run/nginx +fi + +# Start nginx +#/usr/sbin/nginx -g 'daemon off;' -c /etc/nginx/nginx.conf +/usr/sbin/nginx -c /etc/nginx/nginx.conf +>&2 echo "nginx started" + +# Start clixon_restconf (tests will kill this) +su -c "/www-data/clixon_restconf -l f/www-data/restconf.log -D $DBG" -s /bin/sh $WWWUSER & +>&2 echo "clixon_restconf started" + +# Set grp write XXX do this when creating +chmod g+w /www-data/fastcgi_restconf.sock + +# Start clixon backend (tests will kill this) +# Note if tests start too quickly, a backend may only be running and get error when start here, +# therefore test starts need to be delayed slightly +/usr/local/sbin/clixon_backend -D $DBG -s running -l e # logs on docker logs +>&2 echo "clixon_backend started" + +# Alt: let backend be in foreground, but test scripts may +# want to restart backend +/bin/sleep 100000000 diff --git a/test/test_ssl_certs.sh b/test/test_ssl_certs.sh index 4bb563b7..4f1fb55a 100755 --- a/test/test_ssl_certs.sh +++ b/test/test_ssl_certs.sh @@ -261,4 +261,4 @@ fi # kill backend stop_backend -f $cfg -#rm -rf $dir +rm -rf $dir diff --git a/test/test_stream.sh b/test/test_stream.sh index 1962be2c..021306bf 100755 --- a/test/test_stream.sh +++ b/test/test_stream.sh @@ -23,7 +23,7 @@ # Magic line must be first in script (see README.md) s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi -# Only works with fcgi and http +# Skip it other than fcgi and http if [ "${WITH_RESTCONF}" != "fcgi" -o "$RCPROTO" = https ]; then if [ "$s" = $0 ]; then exit 0; else return 0; fi # skip fi diff --git a/test/test_yang_bind.sh b/test/test_yang_bind.sh index 64719662..d5f8cd62 100755 --- a/test/test_yang_bind.sh +++ b/test/test_yang_bind.sh @@ -155,5 +155,4 @@ EOF new "JSON Add any on top" expectpart "$($clixon_util_xml -Jvy $fyang -f $fjson)" 0 '^$' - -#rm -rf $dir +rm -rf $dir diff --git a/test/travis/before_script.sh b/test/travis/before_script.sh index 99da8935..84edd2c1 100755 --- a/test/travis/before_script.sh +++ b/test/travis/before_script.sh @@ -1,5 +1,6 @@ #!/bin/sh # Travis pre-config script. # Clone and install CLIgen (needed for clixon configure and make) +# Note travis builds and installs, then starts a clixon container where all tests are run from. git clone https://github.com/clicon/cligen.git (cd cligen && ./configure && make && sudo make install)