* Changed config and install options for Restconf

* clixon_restconf daemon is installed in /usr/local/sbin (as clixon_backend), instead of /www-data
    * `configure --with-wwwdir=<dir>` remains but only applies to fcgi socket and log
    * New option `CLICON_RESTCONF_INSTALL_DIR` is set to where clixon_restconf is installed, with default `/usr/local/sbin/`
  * Restconf drop privileges user is defined by `CLICON_RESTCONF_USER`
    * `configure --with-wwwuser=<user>` is removed
  * clixon_restconf drop of privileges is defined by `CLICON_RESTCONF_PRIVILEGES` option
* New clixon-restconf@2020-05-20.yang revision
  * Added: restconf `log-destination`

test/cicd/clixon-config.sh

@@ -10,7 +10,7 @@ fi
 restconf=$1
 
 if [ $(uname) = "FreeBSD" ]; then
-    ./configure  --with-cligen=/usr/local --with-wwwuser=www --enable-optyangs --with-restconf=$restconf
+    ./configure  --with-cligen=/usr/local --enable-optyangs --with-restconf=$restconf
 else
    ./configure --enable-optyangs --with-restconf=$restconf
 fi

test/config.sh.in

@@ -50,12 +50,6 @@ CXX=@CXX@
 # C compiler
 CC=@CC@
 
-# Web user default (ie what RESTCONF daemon runs as). Default: www-data
-wwwuser=@wwwuser@
-
-# Home dir for web user, by default /www-data
-WWWDIR=@wwwdir@
-
 # Top src dir
 TOP_SRCDIR=@top_srcdir@
 
@@ -68,8 +62,8 @@ DATASTORE_TOP="config"
 
 # clixon yang revisions occuring in tests
 CLIXON_LIB_REV="2021-03-08"
-CLIXON_CONFIG_REV="2021-03-08"
-CLIXON_RESTCONF_REV="2021-03-15"
+CLIXON_CONFIG_REV="2021-05-20"
+CLIXON_RESTCONF_REV="2021-05-20"
 CLIXON_EXAMPLE_REV="2020-12-01"
 
 # Length of TSL RSA key
@@ -80,3 +74,4 @@ CERTKEYLEN=2048
 # Linking: static or dynamic
 LINKAGE=@LINKAGE@
 SH_SUFFIX=@SH_SUFFIX@
+

test/lib.sh

@@ -148,7 +148,7 @@ BUSER=clicon
 
 : ${clixon_netconf:=$(which clixon_netconf)}
 
-: ${clixon_restconf:=$WWWDIR/clixon_restconf}
+: ${clixon_restconf:=clixon_restconf}
 
 : ${clixon_backend:=clixon_backend}
 
@@ -357,7 +357,6 @@ function stop_restconf_pre(){
 # 1) Dont use $clixon_restconf (dont work in valgrind)
 # 2) Dont use -u $WWWUSER since clixon_restconf may drop privileges.
 function stop_restconf(){
-    #    sudo pkill -u $wwwuser -f clixon_restconf # Dont use $clixon_restoconf doesnt work in valgrind
     sudo pkill -f clixon_restconf
     if [ $valgrindtest -eq 3 ]; then 
 	sleep 1

test/test_install.sh

@@ -26,10 +26,6 @@ new "Check installed files /usr"
 if [ ! -d $dir/usr ]; then
     err $dir/usr
 fi
-new "Check installed files /www-data"
-if [ ! -d $dir/www-data ]; then
-    err $dir/www-data
-fi
 new "Check installed files clixon-config"
 if [ ! -f $dir/usr/local/share/clixon/clixon-config* ]; then
     err $dir/usr/local/share/clixon/clixon-config*
@@ -49,6 +45,7 @@ if [ ! ${LIBOPT} $dir/usr/local/lib/libclixon_backend${SH_SUFFIX} ]; then
     fi
 fi
 
+
 new "Make DESTDIR install include"
 (cd ..; $make DESTDIR=$dir install-include)
 if [ $? -ne 0 ]; then

test/test_restconf_internal.sh

@@ -9,6 +9,7 @@
 # See test_restconf_netns for network namespaces
 # See test_restconf_internal_cases for some special use-cases
 # XXX Lots of sleeps to remove race conditions. I am sure there are others way to fix this
+# Note you cant rely on ps aux|grep <cmd> since ps delays after fork from clixon_backend->restconf
 
 # Magic line must be first in script (see README.md)
 s="$_" ; . ./lib.sh || if [ "$s" = $0 ]; then exit 0; else return 0; fi
@@ -22,6 +23,17 @@ startupdb=$dir/startup_db
 RESTCONFDBG=$DBG
 RCPROTO=http # no ssl here
 
+# log-destination in restconf xml: syslog or file
+: ${LOGDST:=syslog}
+# Set daemon command-line to -f
+if [ "$LOGDST" = syslog ]; then
+    LOGDST_CMD="s"      
+elif [ "$LOGDST" = file ]; then
+    LOGDST_CMD="f/var/log/clixon_restconf.log" 
+else
+    err1 "No such logdst: $LOGDST"
+fi
+
 if [ "${WITH_RESTCONF}" = "fcgi" ]; then
     EXTRACONF="<CLICON_FEATURE>clixon-restconf:fcgi</CLICON_FEATURE>"
 else
@@ -100,10 +112,10 @@ EOF
 	err "No pid return value" "$retx"
     fi
     if $active; then
-	expect="^<rpc-reply $DEFAULTNS><active $LIBNS>$active</active><description $LIBNS>Clixon RESTCONF process</description><command $LIBNS>/www-data/clixon_restconf -f $cfg -D [0-9]</command><status $LIBNS>$status</status><starttime $LIBNS>20[0-9][0-9]\-[0-9][0-9]\-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\.[0-9]*Z</starttime><pid $LIBNS>$pid</pid></rpc-reply>]]>]]>$"
+	expect="^<rpc-reply $DEFAULTNS><active $LIBNS>$active</active><description $LIBNS>Clixon RESTCONF process</description><command $LIBNS>/.*/clixon_restconf -f $cfg -D [0-9] -l ${LOGDST_CMD}</command><status $LIBNS>$status</status><starttime $LIBNS>20[0-9][0-9]\-[0-9][0-9]\-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\.[0-9]*Z</starttime><pid $LIBNS>$pid</pid></rpc-reply>]]>]]>$"
     else
 	# inactive, no startime or pid
-	expect="^<rpc-reply $DEFAULTNS><active $LIBNS>$active</active><description $LIBNS>Clixon RESTCONF process</description><command $LIBNS>/www-data/clixon_restconf -f $cfg -D [0-9]</command><status $LIBNS>$status</status></rpc-reply>]]>]]>$"
+	expect="^<rpc-reply $DEFAULTNS><active $LIBNS>$active</active><description $LIBNS>Clixon RESTCONF process</description><command $LIBNS>/.*/clixon_restconf -f $cfg -D [0-9] -l ${LOGDST_CMD}</command><status $LIBNS>$status</status></rpc-reply>]]>]]>$"
     fi
     match=$(echo "$retx" | grep --null -Go "$expect")
     if [ -z "$match" ]; then
@@ -140,6 +152,7 @@ cat<<EOF > $startupdb
       <auth-type>none</auth-type>
       <pretty>false</pretty>
       <debug>$RESTCONFDBG</debug>
+      <log-destination>$LOGDST</log-destination>
       <socket>
          <namespace>default</namespace>
 	 <address>0.0.0.0</address>
@@ -169,14 +182,19 @@ new "wait backend"
 wait_backend
 
 # For debug
-#>&2 echo "curl $CURLOPTS -X POST -H \"Content-Type: application/yang-data+json\" $RCPROTO://localhost/restconf/operations/clixon-lib:process-control -d '{\"clixon-lib:input\":{\"name\":\"restconf\",\"operation\":\"status\"}}'"
+>&2 echo "curl $CURLOPTS -X POST -H \"Content-Type: application/yang-data+json\" $RCPROTO://localhost/restconf/operations/clixon-lib:process-control -d '{\"clixon-lib:input\":{\"name\":\"restconf\",\"operation\":\"status\"}}'"
 
 # Get pid of running process and check return xml
 new "1. Get rpc status"
 rpcstatus true running 
+
 pid0=$pid # Save pid0
 if [ $pid0 -eq 0 ]; then err "Pid" 0; fi
 
+# pid0 is active but doesnt mean socket is open, wait for that
+new "Wait for restconf to start"
+wait_restconf
+
 new "check restconf process runnng using ps pid:$pid0"
 ps=$(ps -hp $pid0) 
 
@@ -219,6 +237,11 @@ if [ "$pid0" -eq "$pid1" ]; then
     err1 "not $pid0" "$pid1"
 fi
 
+# This is to avoid a race condition: $pid1 is starting and may not have come up yet when we
+# we later stop it.
+new "Wait for $pid1 to start"
+wait_restconf
+
 new "4. stop restconf RPC"
 rpcoperation stop
 if [ $? -ne 0 ]; then exit -1; fi
@@ -335,6 +358,7 @@ cat<<EOF > $startupdb
       <auth-type>none</auth-type>
       <pretty>false</pretty>
       <debug>$RESTCONFDBG</debug>
+      <log-destination>$LOGDST</log-destination>
       <socket>
          <namespace>default</namespace>
 	 <address>0.0.0.0</address>
@@ -375,7 +399,7 @@ rpcstatus false stopped
 if [ $pid -ne 0 ]; then err "Pid" "$pid"; fi
 
 new "Enable restconf"
-expecteof "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><edit-config><default-operation>merge</default-operation><target><candidate/></target><config><restconf xmlns=\"http://clicon.org/restconf\"><enable>true</enable><debug>$RESTCONFDBG</debug></restconf></config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
+expecteof "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><edit-config><default-operation>merge</default-operation><target><candidate/></target><config><restconf xmlns=\"http://clicon.org/restconf\"><enable>true</enable><debug>$RESTCONFDBG</debug><log-destination>$LOGDST</log-destination></restconf></config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
 
 new "commit enable"
 expecteof "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><commit/></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
@@ -457,6 +481,8 @@ new "endtest"
 endtest
 
 # Set by restconf_config
+unset LOGDST
+unset LOGDST_CMD
 unset pid
 unset RESTCONFIG
 unset RESTCONFDBG

test/test_restconf_internal_usecases.sh

@@ -34,6 +34,10 @@ RESTCONFDBG=$DBG
 RCPROTO=http # no ssl here
 INVALIDADDR=251.1.1.1 # used by fourth usecase as invalid
 
+# log-destination in restconf xml: syslog or file
+LOGDST=syslog
+LOGDST_CMD="s"
+
 if [ "${WITH_RESTCONF}" = "fcgi" ]; then
     EXTRACONF="<CLICON_FEATURE>clixon-restconf:fcgi</CLICON_FEATURE>"
 else
@@ -114,10 +118,10 @@ EOF
 	err "No pid return value" "$retx"
     fi
     if $active; then
-	expect="^<rpc-reply $DEFAULTNS><active $LIBNS>$active</active><description $LIBNS>Clixon RESTCONF process</description><command $LIBNS>/www-data/clixon_restconf -f $cfg -D [0-9]</command><status $LIBNS>$status</status><starttime $LIBNS>20[0-9][0-9]\-[0-9][0-9]\-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\.[0-9]*Z</starttime><pid $LIBNS>$pid</pid></rpc-reply>]]>]]>$"
+	expect="^<rpc-reply $DEFAULTNS><active $LIBNS>$active</active><description $LIBNS>Clixon RESTCONF process</description><command $LIBNS>/.*/clixon_restconf -f $cfg -D [0-9] -l ${LOGDST_CMD}</command><status $LIBNS>$status</status><starttime $LIBNS>20[0-9][0-9]\-[0-9][0-9]\-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\.[0-9]*Z</starttime><pid $LIBNS>$pid</pid></rpc-reply>]]>]]>$"
     else
 	# inactive, no startime or pid
-	expect="^<rpc-reply $DEFAULTNS><active $LIBNS>$active</active><description $LIBNS>Clixon RESTCONF process</description><command $LIBNS>/www-data/clixon_restconf -f $cfg -D [0-9]</command><status $LIBNS>$status</status></rpc-reply>]]>]]>$"
+	expect="^<rpc-reply $DEFAULTNS><active $LIBNS>$active</active><description $LIBNS>Clixon RESTCONF process</description><command $LIBNS>/.*/clixon_restconf -f $cfg -D [0-9] -l ${LOGDST_CMD}</command><status $LIBNS>$status</status></rpc-reply>]]>]]>$"
     fi
     match=$(echo "$retx" | grep --null -Go "$expect")
     if [ -z "$match" ]; then
@@ -158,6 +162,8 @@ new "1. get status"
 rpcstatus false stopped
 if [ $pid -ne 0 ]; then err "Pid" "$pid"; fi
 
+
+
 new "enable minimal restconf, no server"
 expecteof "$clixon_netconf -qf $cfg" 0 "$DEFAULTHELLO<rpc $DEFAULTNS><edit-config><target><candidate/></target><config>$RESTCONFIG1</config></edit-config></rpc>]]>]]>" "^<rpc-reply $DEFAULTNS><ok/></rpc-reply>]]>]]>$"
 
@@ -235,6 +241,7 @@ RESTCONFIG1=$(cat <<EOF
 <restconf xmlns="http://clicon.org/restconf">
    <enable>true</enable>
    <debug>$RESTCONFDBG</debug>
+   <log-destination>$LOGDST</log-destination>
    <auth-type>none</auth-type>
    <pretty>false</pretty>
    <socket><namespace>default</namespace><address>221.0.0.1</address><port>80</port><ssl>false</ssl></socket>
@@ -305,6 +312,7 @@ RESTCONFIG1=$(cat <<EOF
 <restconf xmlns="http://clicon.org/restconf">
    <enable>true</enable>
    <debug>$RESTCONFDBG</debug>
+   <log-destination>$LOGDST</log-destination>
    <auth-type>none</auth-type>
    <pretty>false</pretty>
    <socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket>
@@ -329,7 +337,7 @@ if [ $pid1 -eq 0 ]; then err "Pid" 0; fi
 sleep $DEMSLEEP
 
 new "Get restconf config 1"
-expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' $RCPROTO://localhost/restconf/data/clixon-restconf:restconf)" 0 "HTTP/1.1 200 OK" "<restconf xmlns=\"http://clicon.org/restconf\"><enable>true</enable><auth-type>none</auth-type><debug>$RESTCONFDBG</debug><enable-core-dump>false</enable-core-dump><pretty>false</pretty><socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket></restconf>"
+expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' $RCPROTO://localhost/restconf/data/clixon-restconf:restconf)" 0 "HTTP/1.1 200 OK" "<restconf xmlns=\"http://clicon.org/restconf\"><enable>true</enable><auth-type>none</auth-type><debug>$RESTCONFDBG</debug><log-destination>$LOGDST</log-destination><enable-core-dump>false</enable-core-dump><pretty>false</pretty><socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket></restconf>"
 
 # remove it
 new "Delete server"
@@ -398,6 +406,7 @@ RESTCONFIG1=$(cat <<EOF
 <restconf xmlns="http://clicon.org/restconf">
    <enable>true</enable>
    <debug>$RESTCONFDBG</debug>
+   <log-destination>$LOGDST</log-destination>
    <auth-type>none</auth-type>
    <pretty>false</pretty>
    <socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket>
@@ -423,7 +432,7 @@ if [ $pid1 -eq 0 ]; then err "Pid" 0; fi
 sleep $DEMSLEEP
 
 new "Get restconf config"
-expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' $RCPROTO://localhost/restconf/data/clixon-restconf:restconf)" 0 "HTTP/1.1 200 OK" "<restconf xmlns=\"http://clicon.org/restconf\"><enable>true</enable><auth-type>none</auth-type><debug>$RESTCONFDBG</debug><enable-core-dump>false</enable-core-dump><pretty>false</pretty><socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket><socket><namespace>default</namespace><address>$INVALIDADDR</address><port>8080</port><ssl>false</ssl></socket></restconf>"
+expectpart "$(curl $CURLOPTS -X GET -H 'Accept: application/yang-data+xml' $RCPROTO://localhost/restconf/data/clixon-restconf:restconf)" 0 "HTTP/1.1 200 OK" "<restconf xmlns=\"http://clicon.org/restconf\"><enable>true</enable><auth-type>none</auth-type><debug>$RESTCONFDBG</debug><log-destination>$LOGDST</log-destination><enable-core-dump>false</enable-core-dump><pretty>false</pretty><socket><namespace>default</namespace><address>0.0.0.0</address><port>80</port><ssl>false</ssl></socket><socket><namespace>default</namespace><address>$INVALIDADDR</address><port>8080</port><ssl>false</ssl></socket></restconf>"
 
 if [ $BE -ne 0 ]; then
     new "Kill backend"
@@ -445,6 +454,8 @@ new "endtest"
 endtest
 
 # Set by restconf_config
+unset LOGDST
+unset LOGDST_CMD
 unset RESTCONFIG1
 unset RESTCONFIG2
 unset RESTCONFDBG