experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Restconf evhtp using network namespaces implemented

Browse source
This commit is contained in:
Olof hagsand 2021-01-26 17:33:24 +01:00
parent 3fe218da2e
commit a5f32fbedf
8 changed files with 479 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -55,6 +55,7 @@ Users may have to change how they access the system
### Minor changes
* Restconf evhtp using network namespaces implemented
* Added validation of clixon-restconf.yang: server-key-path and server-cert-path must be present if ssl enabled.
* Only if `CLICON_BACKEND_RESTCONF_PROCESS` is true
* Experimental IPC API, `clixon_client`, to support a loose integration model
@ -63,7 +64,7 @@ Users may have to change how they access the system
* This is work-in-progress and is expected to change
* Use [https://github.com/clicon/libevhtp](https://github.com/clicon/libevhtp) instead of [https://github.com/criticalstack/libevhtp](https://github.com/criticalstack/libevhtp) as a source of the evhtp source
* Added callback to process-control RPC feature in clixon-lib.yang to manage processes
* WHen an RPC comes in, be able to look at configuration
* When an RPC comes in, be able to look at configuration
* Changed behavior of starting restconf internally using `CLICON_BACKEND_RESTCONF_PROCESS` monitoring changes in enable flag, not only the RPC. The semantics is as follows:
* on RPC start, if enable is true, start the service, if false, error or ignore it
* on RPC stop, stop the service

60
apps/restconf/restconf_main_evhtp.c
View file

@ -623,33 +623,39 @@ cx_verify_certs(int pre_verify,
return pre_verify;
}
/*!
/*! Create and bind restconf socket
*
* @param[out] addr Address as string, eg "0.0.0.0", "::"
* @param[in] netns0 Network namespace, special value "default" is same as NULL
* @param[in] addr Address as string, eg "0.0.0.0", "::"
* @param[in] addrtype One of inet:ipv4-address or inet:ipv6-address
* @param[in] port TCP port
* @param[out] ss Server socket (bound for accept)
*/
static int
restconf_socket_init(clicon_handle h,
restconf_socket_init(const char *netns0,
const char *addr,
const char *addrtype,
uint16_t port,
int *ss)
{
int retval = -1;
int s = -1;
struct sockaddr * sa;
struct sockaddr_in6 sin6 = { 0 };
struct sockaddr_in sin = { 0 };
size_t sin_len;
int on = 1;
const char *netns;
/* netns default -> NULL */
if (netns0 != NULL && strcmp(netns0, "default")==0)
netns = NULL;
else
netns = netns0;
if (strcmp(addrtype, "inet:ipv6-address") == 0) {
sin_len = sizeof(struct sockaddr_in6);
sin6.sin6_port = htons(port);
sin6.sin6_family = AF_INET6;
evutil_inet_pton(AF_INET6, addr, &sin6.sin6_addr);
inet_pton(AF_INET6, addr, &sin6.sin6_addr);
sa = (struct sockaddr *)&sin6;
}
else if (strcmp(addrtype, "inet:ipv4-address") == 0) {
@ -664,43 +670,11 @@ restconf_socket_init(clicon_handle h,
clicon_err(OE_XML, EINVAL, "Unexpected addrtype: %s", addrtype);
return -1;
}
/* create inet socket */
if ((s = socket(sa->sa_family, SOCK_STREAM, 0)) < 0) {
clicon_err(OE_UNIX, errno, "socket");
if (clixon_netns_socket(netns, sa, sin_len, SOCKET_LISTEN_BACKLOG, ss) < 0)
goto done;
}
evutil_make_socket_closeonexec(s);
evutil_make_socket_nonblocking(s);
if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) == -1) {
clicon_err(OE_UNIX, errno, "setsockopt SO_KEEPALIVE");
goto done;
}
if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)) == -1) {
clicon_err(OE_UNIX, errno, "setsockopt SO_REUSEADDR");
goto done;
}
/* only bind ipv6, otherwise it may bind to ipv4 as well which is strange but seems default */
if (sa->sa_family == AF_INET6 &&
setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1) {
clicon_err(OE_UNIX, errno, "setsockopt IPPROTO_IPV6");
goto done;
}
if (bind(s, sa, sin_len) == -1) {
clicon_err(OE_UNIX, errno, "bind port %u", port);
goto done;
}
if (listen(s, SOCKET_LISTEN_BACKLOG) < 0){
clicon_err(OE_UNIX, errno, "listen");
goto done;
}
if (ss)
*ss = s;
retval = 0;
done:
if (retval != 0 && s != -1)
evutil_closesocket(s);
return retval;
// return evhtp_bind_sockaddr(htp, sa, sin_len, SOCKET_LISTEN_BACKLOG);
}
/*! Usage help routine
@ -865,12 +839,12 @@ cx_evhtp_socket(clicon_handle h,
int auth_type_client_certificate)
{
int retval = -1;
char *namespace = NULL;
char *netns = NULL;
char *address = NULL;
char *addrtype = NULL;
uint16_t ssl = 0;
uint16_t port = 0;
int ss;
int ss = -1;
evhtp_t *htp = NULL;
/* This is socket create a new evhtp_t instance */
@ -900,7 +874,7 @@ cx_evhtp_socket(clicon_handle h,
evhtp_set_gencb(htp, cx_gencb, h);
/* Extract socket parameters from single socket config: ns, addr, port, ssl */
if (cx_evhtp_socket_extract(h, xs, nsc, &namespace, &address, &addrtype, &port, &ssl) < 0)
if (cx_evhtp_socket_extract(h, xs, nsc, &netns, &address, &addrtype, &port, &ssl) < 0)
goto done;
/* Sanity checks of socket parameters */
if (ssl){
@ -915,7 +889,7 @@ cx_evhtp_socket(clicon_handle h,
}
}
/* Open restconf socket and bind */
if (restconf_socket_init(h, address, addrtype, port, &ss) < 0)
if (restconf_socket_init(netns, address, addrtype, port, &ss) < 0)
goto done;
/* ss is a server socket that the clients connect to. The callback
therefore accepts clients on ss */

1
lib/clixon/clixon.h.in
View file

@ -73,6 +73,7 @@ extern "C" {
#include <clixon/clixon_hash.h>
#include <clixon/clixon_handle.h>
#include <clixon/clixon_log.h>
#include <clixon/clixon_netns.h>
#include <clixon/clixon_yang.h>
#include <clixon/clixon_yang_type.h>
#include <clixon/clixon_event.h>

14
lib/clixon/clixon_netns.h Normal file
View file

@ -0,0 +1,14 @@
/*
* Network namespace code
* @thanks Anders Franzén, especially get_sock() and send_sock() functions
*/
#ifndef _CLIXON_NETNS_H_
#define _CLIXON_NETNS_H_
/*
* Prototypes
*/
int clixon_netns_socket(const char *netns, struct sockaddr *sa, size_t sin_len, int backlog, int *sock);
#endif /* _CLIXON_NETNS_H_ */

2
lib/src/Makefile.in
View file

@ -83,7 +83,7 @@ SRC = clixon_sig.c clixon_uid.c clixon_log.c clixon_err.c clixon_event.c \
clixon_proto.c clixon_proto_client.c \
clixon_xpath.c clixon_xpath_ctx.c clixon_xpath_eval.c clixon_xpath_function.c clixon_xpath_optimize.c \
clixon_sha1.c clixon_datastore.c clixon_datastore_write.c clixon_datastore_read.c \
clixon_netconf_lib.c clixon_stream.c clixon_nacm.c clixon_client.c
clixon_netconf_lib.c clixon_stream.c clixon_nacm.c clixon_client.c clixon_netns.c
YACCOBJS = lex.clixon_xml_parse.o clixon_xml_parse.tab.o \
lex.clixon_yang_parse.o clixon_yang_parse.tab.o \

247
lib/src/clixon_netns.c Normal file
View file

@ -0,0 +1,247 @@
/*
*
* Network namespace code
* @thanks Anders Franzén, especially get_sock() and send_sock() functions
*
* fork,
* child:
* switch to ns,
* create sock,
* bind to address,
* sendmsg sock back to parent
* parent:
* readmsg sock from child
* kill child?
* return sock
*/
#ifdef HAVE_CONFIG_H
#include "clixon_config.h" /* generated by config & autoconf */
#endif
#define _GNU_SOURCE
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
#include <sched.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/param.h>
#include <netinet/in.h>
#include "clixon_err.h"
#include "clixon_log.h"
#include "clixon_netns.h"
/*
* @thanks Anders Franzén
*/
static int
send_sock(int usock,
int fd)
{
int retval = -1;
int *fdptr;
struct msghdr msg={0};
struct cmsghdr *cmsg;
char buf[CMSG_SPACE(sizeof(fd))];
memset(buf,0,sizeof(buf));
msg.msg_control=buf;
msg.msg_controllen=sizeof(buf);
cmsg=CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level=SOL_SOCKET;
cmsg->cmsg_type=SCM_RIGHTS;
cmsg->cmsg_len=CMSG_LEN(sizeof(fd));
fdptr=(int *)CMSG_DATA(cmsg);
memcpy(fdptr,&fd,sizeof(fd));
msg.msg_controllen=CMSG_SPACE(sizeof(fd));
if (sendmsg(usock, &msg, 0) < 0){
clicon_err(OE_UNIX, errno, "sendmsg");
goto done;
}
retval = 0;
done:
return retval;
}
/*
* @thanks Anders Franzén
*/
static int
get_sock(int usock,
int *fd)
{
int retval = -1;
struct msghdr msg={0};
struct cmsghdr *cmsg;
char buf[128];
msg.msg_iov=0;
msg.msg_iovlen=0;
msg.msg_control=buf;
msg.msg_controllen=sizeof(buf);
/* Block here */
if (recvmsg(usock, &msg, 0) < 0){
clicon_err(OE_UNIX, errno, "recvmsg");
goto done;
}
cmsg=CMSG_FIRSTHDR(&msg);
memcpy(fd, CMSG_DATA(cmsg), sizeof(*fd));
retval = 0;
done:
return retval;
}
/*! Create and bind stream socket
* @param[in] sa Socketaddress
* @param[in] sa_len Length of sa. Tecynicaliyu to be independent of sockaddr sa_len
* @param[in] backlog Listen backlog, queie of pending connections
* @param[out] sock Server socket (bound for accept)
*/
int
create_socket(struct sockaddr *sa,
size_t sin_len,
int backlog,
int *sock)
{
int retval = -1;
int s = -1;
int on = 1;
clicon_debug(1, "%s", __FUNCTION__);
if (sock == NULL){
clicon_err(OE_PROTO, EINVAL, "Requires socket output parameter");
goto done;
}
/* create inet socket */
if ((s = socket(sa->sa_family,
SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC,
0)) < 0) {
clicon_err(OE_UNIX, errno, "socket");
goto done;
}
if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) == -1) {
clicon_err(OE_UNIX, errno, "setsockopt SO_KEEPALIVE");
goto done;
}
if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)) == -1) {
clicon_err(OE_UNIX, errno, "setsockopt SO_REUSEADDR");
goto done;
}
/* only bind ipv6, otherwise it may bind to ipv4 as well which is strange but seems default */
if (sa->sa_family == AF_INET6 &&
setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1) {
clicon_err(OE_UNIX, errno, "setsockopt IPPROTO_IPV6");
goto done;
}
if (bind(s, sa, sin_len) == -1) {
clicon_err(OE_UNIX, errno, "bind");
goto done;
}
if (listen(s, backlog) < 0){
clicon_err(OE_UNIX, errno, "listen");
goto done;
}
if (sock)
*sock = s;
retval = 0;
done:
if (retval != 0 && s != -1)
close(s);
return retval;
}
int
fork_netns_socket(const char *netns,
struct sockaddr *sa,
size_t sin_len,
int backlog,
int *sock)
{
int retval = -1;
int sp[2] = {0,};
pid_t child;
if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, sp) < 0){
clicon_err(OE_UNIX, errno, "socketpair");
goto done;
}
if ((child = fork()) < 0) {
clicon_err(OE_UNIX, errno, "fork");
goto done;
}
if (child == 0) { /* Child */
char path[MAXPATHLEN];
int fd;
int s = -1;
close(sp[0]);
/* Switch to namespace */
sprintf(path,"/var/run/netns/%s", netns);
if ((fd=open(path, O_RDONLY)) < 0) {
clicon_err(OE_UNIX, errno, "open");
return -1;
}
if (setns(fd, CLONE_NEWNET) < 0){
clicon_err(OE_UNIX, errno, "setns");
return -1;
}
close(fd);
/* Create socket in this namespace */
if (create_socket(sa, sin_len, backlog, &s) < 0)
return -1;
/* Send socket to parent */
if (send_sock(sp[1], s) < 0)
return -1;
close(s);
close(sp[1]);
exit(0);
}
/* Parent */
close(sp[1]);
if (get_sock(sp[0], sock) < 0)
goto done;
close(sp[0]);
retval = 0;
done:
return retval;
}
/*! Create and bind stream socket in network namespace
* @param[in] netns Network namespace
* @param[in] sa Socketaddress
* @param[in] sa_len Length of sa. Tecynicaliyu to be independent of sockaddr sa_len
* @param[in] backlog Listen backlog, queie of pending connections
* @param[out] sock Server socket (bound for accept)
*/
int
clixon_netns_socket(const char *netns,
struct sockaddr *sa,
size_t sin_len,
int backlog,
int *sock)
{
int retval = -1;
clicon_debug(1, "%s", __FUNCTION__);
if (netns == NULL){
if (create_socket(sa, sin_len, backlog, sock) < 0)
goto done;
goto ok;
}
else {
if (fork_netns_socket(netns, sa, sin_len, backlog, sock) < 0)
goto done;
}
ok:
retval = 0;
done:
return retval;
}

195
test/test_restconf_netns.sh Executable file
View file

@ -0,0 +1,195 @@
#!/usr/bin/env bash
# Restconf evhtp using socket network namespace (netns) support
# Listen to a default and a separate netns
# Init running with a=42
# Get the config from default and netns namespace with/without SSL
# Write b=99 in netns and read from default
# Magic line must be first in script (see README.md)
s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
# Skip it other than evhtp
if [ "${WITH_RESTCONF}" != "evhtp" ]; then
if [ "$s" = $0 ]; then exit 0; else return 0; fi # skip
fi
APPNAME=example
cfg=$dir/conf.xml
startupdb=$dir/startup_db
netns=clixonnetns
veth=veth0
vethpeer=veth1
vaddr=10.23.1.1 # address in netns
# Create server certs
certdir=$dir/certs
srvkey=$certdir/srv_key.pem
srvcert=$certdir/srv_cert.pem
cakey=$certdir/ca_key.pem # needed?
cacert=$certdir/ca_cert.pem
test -d $certdir || mkdir $certdir
. ./certs.sh
# XXX Note default port need to be 80 for wait_restconf to work
RESTCONFIG=$(cat <<EOF
<restconf>
<enable>true</enable>
<auth-type>password</auth-type>
<server-cert-path>$srvcert</server-cert-path>
<server-key-path>$srvkey</server-key-path>
<server-ca-cert-path>$cakey</server-ca-cert-path>
<socket> <!-- reference and to get wait-restconf to work -->
<namespace>default</namespace>
<address>0.0.0.0</address>
<port>80</port>
<ssl>false</ssl>
</socket>
<!-- namespace http -->
<socket>
<namespace>$netns</namespace>
<address>0.0.0.0</address>
<port>80</port>
<ssl>false</ssl>
</socket>
<!-- namespace https -->
<socket>
<namespace>$netns</namespace>
<address>0.0.0.0</address>
<port>443</port>
<ssl>true</ssl>
</socket>
</restconf>"
EOF
)
cat <<EOF > $cfg
<clixon-config xmlns="http://clicon.org/config">
<CLICON_CONFIGFILE>$cfg</CLICON_CONFIGFILE>
<CLICON_FEATURE>ietf-netconf:startup</CLICON_FEATURE>
<CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
<CLICON_YANG_DIR>$IETFRFC</CLICON_YANG_DIR>
<CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>
<CLICON_CLISPEC_DIR>/usr/local/lib/$APPNAME/clispec</CLICON_CLISPEC_DIR>
<CLICON_BACKEND_DIR>/usr/local/lib/$APPNAME/backend</CLICON_BACKEND_DIR>
<CLICON_BACKEND_REGEXP>example_backend.so$</CLICON_BACKEND_REGEXP>
<CLICON_RESTCONF_DIR>/usr/local/lib/$APPNAME/restconf</CLICON_RESTCONF_DIR>
<CLICON_RESTCONF_PRETTY>false</CLICON_RESTCONF_PRETTY>
<CLICON_CLI_DIR>/usr/local/lib/$APPNAME/cli</CLICON_CLI_DIR>
<CLICON_CLI_MODE>$APPNAME</CLICON_CLI_MODE>
<CLICON_SOCK>/usr/local/var/$APPNAME/$APPNAME.sock</CLICON_SOCK>
<CLICON_BACKEND_PIDFILE>/usr/local/var/$APPNAME/$APPNAME.pidfile</CLICON_BACKEND_PIDFILE>
<CLICON_XMLDB_DIR>$dir</CLICON_XMLDB_DIR>
<CLICON_MODULE_LIBRARY_RFC7895>true</CLICON_MODULE_LIBRARY_RFC7895>
$RESTCONFIG
</clixon-config>
EOF
new "Create netns: $netns"
sudo ip netns delete $netns
# Create netns
sudo ip netns add $netns
if [ -z "$(ip netns list | grep $netns)" ]; then
err "$netns" "$netns does not exist"
fi
new "Create veth pair: $veth and $vethpeer"
sudo ip link delete $veth 2> /dev/null
sudo ip link delete $vethpeer 2> /dev/null
sudo ip link add $veth type veth peer name $vethpeer
if [ -z "$(ip netns show $veth)" ]; then
err "$veth" "$veth does not exist"
fi
if [ -z "$(ip netns show $vethpeer)" ]; then
err "$veth" "$vethpeer does not exist"
fi
new "Move $vethpeer to netns $netns"
sudo ip link set $vethpeer netns $netns
if [ -z "$( sudo ip netns exec $netns ip link show $vethpeer)" ]; then
err "$veth" "$vethpeer does not exist"
fi
new "Assign address $vaddr on $veth in netns $netns"
sudo ip netns exec $netns ip addr add $vaddr/24 dev $vethpeer
sudo ip netns exec $netns ip link set dev $vethpeer up
sudo ip netns exec $netns ip link set dev lo up
#sudo ip netns exec $netns ping $vaddr
#-----------------
new "test params: -f $cfg"
if [ $BE -ne 0 ]; then
new "kill old backend"
sudo clixon_backend -z -f $cfg
if [ $? -ne 0 ]; then
err
fi
new "start backend -s init -f $cfg"
start_backend -s init -f $cfg
new "waiting"
wait_backend
fi
if [ $RC -ne 0 ]; then
new "kill old restconf daemon"
stop_restconf_pre
new "start restconf daemon"
start_restconf -f $cfg
new "waiting"
wait_restconf # need to use port 80/443
fi
new "add sample config w netconf"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><candidate/></target><config><table xmlns=\"urn:example:clixon\"><parameter><name>a</name><value>42</value></parameter></table></config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "netconf commit"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
new "restconf http get config on default netns"
expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' http://127.0.0.1/restconf/data/clixon-example:table)" 0 "HTTP/1.1 200 OK" '<table xmlns="urn:example:clixon"><parameter><name>a</name><value>42</value></parameter></table>'
new "restconf http get config on addr:$vaddr in netns:$netns"
expectpart "$(sudo ip netns exec $netns curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' https://$vaddr/restconf/data/clixon-example:table)" 0 "HTTP/1.1 200 OK" '<table xmlns="urn:example:clixon"><parameter><name>a</name><value>42</value></parameter></table>'
new "restconf https/SSL get config on addr:$vaddr in netns:$netns"
expectpart "$(sudo ip netns exec $netns curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' https://$vaddr/restconf/data/clixon-example:table)" 0 "HTTP/1.1 200 OK" '<table xmlns="urn:example:clixon"><parameter><name>a</name><value>42</value></parameter></table>'
new "restconf https/SSL put table b"
expectpart "$(sudo ip netns exec $netns curl $CURLOPTS -X POST -H 'Content-Type: application/yang-data+xml' -d '<parameter xmlns="urn:example:clixon"><name>b</name><value>99</value></parameter>' https://$vaddr/restconf/data/clixon-example:table)" 0 "HTTP/1.1 201 Created"
new "restconf http get table b on default ns"
expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' http://127.0.0.1/restconf/data/clixon-example:table/parameter=b)" 0 "HTTP/1.1 200 OK" '<parameter xmlns="urn:example:clixon"><name>b</name><value>99</value></parameter>'
# Negative
new "restconf get config on wrong port in netns:$netns"
expectpart "$(sudo ip netns exec $netns curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' $RCPROTO://$vaddr:8888/restconf/data/clixon-example:table)" 7
if [ $RC -ne 0 ]; then
new "Kill restconf daemon"
stop_restconf
fi
if [ $BE -ne 0 ]; then
new "Kill backend"
# Check if premature kill
pid=$(pgrep -u root -f clixon_backend)
if [ -z "$pid" ]; then
err "backend already dead"
fi
# kill backend
stop_backend -f $cfg
fi
sudo ip link delete $veth
sudo ip netns delete $netns
new "endtest"
endtest
rm -rf $dir

55
test/test_restconf_rpc.sh
View file

@ -6,7 +6,7 @@
# - on backend start make the state as configured
# - on enable change, make the state as configured
# - No restconf config means enable: false (extra rule)
# Also work-in-progress network namespaces, ip netns
# See test_restconf_netns for network namespaces
# Magic line must be first in script (see README.md)
s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
@ -270,61 +270,10 @@ expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><edit-config><target><ca
new "netconf validate should fail"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><validate><source><candidate/></source></validate></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><rpc-error><error-type>application</error-type><error-tag>operation-failed</error-tag><error-severity>error</error-severity><error-message>SSL enabled but server-cert-path not set</error-message></rpc-error></rpc-reply>]]>]]>$"
if false; then # Work in progress - namespace
#-------------------------------
# Now in a separate network namespace
new "restconf rpc in network namespace"
netns=xxx
sudo ip netns delete $netns
#sudo ip netns add $netns
new "test params: -f $cfg"
if [ $BE -ne 0 ]; then
new "kill old backend"
sudo clixon_backend -z -f $cfg
if [ $? -ne 0 ]; then
err
fi
new "start backend -s init -f $cfg -- -n $netns"
start_backend -s init -f $cfg -- -n $netns
new "waiting"
wait_backend
fi
new "kill old restconf"
stop_restconf_pre
new "netconf start restconf"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><process-control xmlns=\"http://clicon.org/lib\"><name>restconf</name><operation>start</operation></process-control></rpc>]]>]]>" "<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>"
new "10)check status on"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><process-control xmlns=\"http://clicon.org/lib\"><name>restconf</name><operation>status</operation></process-control></rpc>]]>]]>" "<rpc-reply $DEFAULTNS><status xmlns=\"http://clicon.org/lib\">true</status></rpc-reply>]]>]]>"
new "stop restconf"
expecteof "$clixon_netconf -qf $cfg" 0 "<rpc $DEFAULTNS><process-control xmlns=\"http://clicon.org/lib\"><name>restconf</name><operation>stop</operation></process-control></rpc>]]>]]>" "<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>"
if [ $BE -ne 0 ]; then
new "Kill backend"
# Check if premature kill
pid=$(pgrep -u root -f clixon_backend)
if [ -z "$pid" ]; then
err "backend already dead"
fi
# kill backend
stop_backend -f $cfg
new "11)check no restconf"
ps=$(ps aux|grep "$WWWDIR/clixon_restconf" | grep -v grep)
fi
sudo ip netns delete $netns
fi # namespaces
unset pid
sleep $DEMWAIT # Lots of processes need to die before next test
new "endtest"
endtest
rm -rf $dir