experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* New clixon-config@2020-12-30.yang revision

Browse source 
* New clixon-lib@2020-12-30.yang revision
* Added callback to process-control RPC feature in clixon-lib.yang to manage processes
* Changed behavior of starting restconf internally using `CLICON_BACKEND_RESTCONF_PROCESS` monitoring changes in enable flag, not only the RPC.
* Changed: RPC process-control output parameter status to pid
This commit is contained in:
Olof hagsand 2021-01-01 17:26:49 +01:00
parent 7459925bd0
commit cf63d0f761
21 changed files with 741 additions and 280 deletions
Download patch file Download diff file Expand all files Collapse all files

4
yang/clixon/Makefile.in
View file

@ -42,8 +42,8 @@ datarootdir = @datarootdir@
# See also OPT_YANG_INSTALLDIR for the standard yang files
YANG_INSTALLDIR = @YANG_INSTALLDIR@
YANGSPECS = clixon-config@2020-11-03.yang
YANGSPECS += clixon-lib@2020-12-08.yang
YANGSPECS = clixon-config@2020-12-30.yang
YANGSPECS += clixon-lib@2020-12-30.yang
YANGSPECS += clixon-rfc5277@2008-07-01.yang
YANGSPECS += clixon-xml-changelog@2019-03-21.yang
YANGSPECS += clixon-restconf@2020-10-30.yang

2
yang/clixon/clixon-config.yang
View file

@ -1 +1 @@
clixon-config@2020-10-01.yang
clixon-config@2020-12-30.yang

122
yang/clixon/clixon-config@2020-10-01.yang → yang/clixon/clixon-config@2020-12-30.yang
View file

@ -3,6 +3,9 @@ module clixon-config {
namespace "http://clicon.org/config";
prefix cc;
import clixon-restconf {
prefix clrc;
}
organization
"Clicon / Clixon";
@ -40,9 +43,33 @@ module clixon-config {
***** END LICENSE BLOCK *****";
revision 2020-12-30 {
description
"Removed obsolete options:
CLICON_RESTCONF_IPV4_ADDR
CLICON_RESTCONF_IPV6_ADDR
CLICON_RESTCONF_HTTP_PORT
CLICON_RESTCONF_HTTPS_PORT
CLICON_SSL_SERVER_CERT
CLICON_SSL_SERVER_KEY
CLICON_SSL_CA_CERT";
}
revision 2020-11-03 {
description
"Added CLICON_BACKEND_RESTCONF_PROCESS
Copied to clixon-restconf.yang and marked as obsolete:
CLICON_RESTCONF_IPV4_ADDR
CLICON_RESTCONF_IPV6_ADDR
CLICON_RESTCONF_HTTP_PORT
CLICON_RESTCONF_HTTPS_PORT
CLICON_SSL_SERVER_CERT
CLICON_SSL_SERVER_KEY
CLICON_SSL_CA_CERT
Removed obsolete option CLICON_TRANSACTION_MOD";
}
revision 2020-10-01 {
description
"Added: CLICON_CONFIGDIR";
"Added: CLICON_CONFIGDIR.";
}
revision 2020-08-17 {
description
@ -264,8 +291,22 @@ module clixon-config {
}
}
}
typedef socket_address_family {
description "Address family for internal socket";
type enumeration{
enum UNIX {
description "Unix domain socket";
}
enum IPv4 {
description "IPv4";
}
}
}
container clixon-config {
container restconf {
uses clrc:clixon-restconf;
}
leaf-list CLICON_FEATURE {
description
"Supported features as used by YANG feature/if-feature
@ -392,7 +433,8 @@ module clixon-config {
default "/www-data/fastcgi_restconf.sock";
description
"FastCGI unix socket. Should be specified in webserver
Eg in nginx: fastcgi_pass unix:/www-data/clicon_restconf.sock";
Eg in nginx: fastcgi_pass unix:/www-data/clicon_restconf.sock
Only if with-restconf=fcgi, NOT evhtp";
}
leaf CLICON_RESTCONF_PRETTY {
type boolean;
@ -407,58 +449,6 @@ module clixon-config {
Setting this value to false makes restconf return not pretty-printed
which may be desirable for performance or tests";
}
leaf CLICON_RESTCONF_IPV4_ADDR {
type string;
default "0.0.0.0";
description
"RESTCONF IPv4 socket binding address.
Applies to native http by config option --with-restconf=evhtp.";
}
leaf CLICON_RESTCONF_IPV6_ADDR {
type string;
default "::";
description
"RESTCONF IPv6 socket binding address.
Applies to native http by config option --with-restconf=evhtp.";
}
leaf CLICON_RESTCONF_HTTP_PORT {
type uint16;
default 80;
description
"RESTCONF socket binding port, non-ssl
In the restconf daemon, it can be overriden by -P <port>
Applies to native http only by config option --with-restconf=evhtp.";
}
leaf CLICON_RESTCONF_HTTPS_PORT {
type uint16;
default 443;
description
"RESTCONF socket binding port, ssl
In the restconf daemon, this is the port chosen if -s is given.
Note it can be overriden by -P <port>
Applies to native http by config option --with-restconf=evhtp.";
}
leaf CLICON_SSL_SERVER_CERT {
type string;
default "/etc/ssl/certs/clixon-server-crt.pem";
description
"SSL server cert for restconf https.
Applies to native http only by config option --with-restconf=evhtp.";
}
leaf CLICON_SSL_SERVER_KEY {
type string;
default "/etc/ssl/private/clixon-server-key.pem";
description
"SSL server private key for restconf https.
Applies to native http only by config option --with-restconf=evhtp.";
}
leaf CLICON_SSL_CA_CERT {
type string;
default "/etc/ssl/certs/clixon-ca_crt.pem";
description
"SSL CA cert for client authentication.
Applies to native http only by config option --with-restconf=evhtp.";
}
leaf CLICON_CLI_DIR {
type string;
description
@ -624,15 +614,15 @@ module clixon-config {
from a spec, such as in the autocli.";
}
leaf CLICON_SOCK_FAMILY {
type string;
default "UNIX";
type socket_address_family;
default UNIX;
description
"Address family for communicating with clixon_backend
(UNIX|IPv4). IPv6 not yet implemented.
"Address family for communicating with clixon_backend with one of:
Note IPv6 not implemented.
Note that UNIX socket makes credential check as follows:
(1) client needs rw access to the socket
(2) NACM credentials can be checked according to CLICON_NACM_CREDENTIALS
Warning: IPv4 and IPv6 sockets have no credential mechanism.
Warning: Only UNIX (not IPv4) sockets have credential mechanism.
";
}
leaf CLICON_SOCK {
@ -681,6 +671,20 @@ module clixon-config {
mandatory true;
description "Process-id file of backend daemon";
}
leaf CLICON_BACKEND_RESTCONF_PROCESS {
type boolean;
default false;
description
"If set, enable process-control of restconf daemon, ie start/stop restconf
daemon internally from backend daemon.
It uses clixon-restconf.yang for config and clixon-lib.yang for RPC
Process control of restconf daemon is as follows:
- on RPC start, if enable is true, start the service, if false, error or ignore it
- on RPC stop, stop the service
- on backend start make the state as configured
- on enable change, make the state as configured
Disable if you start the restconf daemon by other means.";
}
leaf CLICON_AUTOCOMMIT {
type int32;
default 0;

183
yang/clixon/clixon-lib@2020-12-30.yang Normal file
View file

@ -0,0 +1,183 @@
module clixon-lib {
yang-version 1.1;
namespace "http://clicon.org/lib";
prefix cl;
organization
"Clicon / Clixon";
contact
"Olof Hagsand <olof@hagsand.se>";
description
"Clixon Netconf extensions for communication between clients and backend.
***** BEGIN LICENSE BLOCK *****
Copyright (C) 2009-2019 Olof Hagsand
Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate)
This file is part of CLIXON
Licensed under the Apache License, Version 2.0 (the \"License\");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an \"AS IS\" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Alternatively, the contents of this file may be used under the terms of
the GNU General Public License Version 3 or later (the \"GPL\"),
in which case the provisions of the GPL are applicable instead
of those above. If you wish to allow use of your version of this file only
under the terms of the GPL, and not to allow others to
use your version of this file under the terms of Apache License version 2,
indicate your decision by deleting the provisions above and replace them with
the notice and other provisions required by the GPL. If you do not delete
the provisions above, a recipient may use your version of this file under
the terms of any one of the Apache License version 2 or the GPL.
***** END LICENSE BLOCK *****";
revision 2020-12-30 {
description
"Changed: RPC process-control output parameter status to pid";
}
revision 2020-12-08 {
description
"Added: autocli-op extension.
rpc process-control for process/daemon management
Released in clixon 4.9";
}
revision 2020-04-23 {
description
"Added: stats RPC for clixon XML and memory statistics.
Added: restart-plugin RPC for restarting individual plugins without restarting backend.";
}
revision 2019-08-13 {
description
"No changes (reverted change)";
}
revision 2019-06-05 {
description
"ping rpc added for liveness";
}
revision 2019-01-02 {
description
"Released in Clixon 3.9";
}
typedef service-operation {
type enumeration {
enum start {
description
"Start if not already running";
}
enum stop {
description
"Stop if running";
}
enum restart {
description
"Stop if running, then start";
}
enum status {
description
"Check status";
}
}
description
"Common operations that can be performed on a service";
}
extension autocli-op {
description
"Takes an argument an operation defing how to modify the clispec at
this point in the YANG tree for the automated generated CLI.
Note that this extension is only used in clixon_cli.
Operations is expected to be extended, but the following operations are defined:
- hide This command is active but not shown by ? or TAB";
argument cliop;
}
rpc debug {
description "Set debug level of backend.";
input {
leaf level {
type uint32;
}
}
}
rpc ping {
description "Check aliveness of backend daemon.";
}
rpc stats {
description "Clixon XML statistics.";
output {
container global{
description "Clixon global statistics";
leaf xmlnr{
description "Number of XML objects: number of residing xml/json objects
in the internal 'cxobj' representation.";
type uint64;
}
}
list datastore{
description "Datastore statistics";
key "name";
leaf name{
description "name of datastore (eg running).";
type string;
}
leaf nr{
description "Number of XML objects. That is number of residing xml/json objects
in the internal 'cxobj' representation.";
type uint64;
}
leaf size{
description "Size in bytes of internal datastore cache of datastore tree.";
type uint64;
}
}
}
}
rpc restart-plugin {
description "Restart specific backend plugins.";
input {
leaf-list plugin {
description "Name of plugin to restart";
type string;
}
}
}
rpc process-control {
description
"Control a specific process or daemon: start/stop, etc.
This is for direct managing of a porcess by the backend.
Alternatively one can manage a daemon via systemd, containerd, kubernetes, etc.";
input {
leaf name {
description "Name of process";
type string;
mandatory true;
}
leaf operation {
type service-operation;
mandatory true;
description
"One of the strings 'start', 'stop', 'restart', or 'status'.";
}
}
output {
leaf pid {
description "Process-id of running process if operation is start,
restart or status. 0 if not running.
This is for two reasons:
- to check process running for status
- get the actual pid for targeting the actual process";
type uint32;
}
}
}
}

9
yang/clixon/clixon-restconf@2020-10-30.yang
View file

@ -1,6 +1,6 @@
module clixon-restconf {
yang-version 1.1;
namespace "https://clicon.org/restconf";
namespace "http://clicon.org/restconf";
prefix "clrc";
import ietf-inet-types {
@ -124,6 +124,13 @@ module clixon-restconf {
}
}
container restconf {
description
"This presence is strictly not necessary since the enable flag
in clixon-restconf is the flag bearing the actual semantics.
However, removing the presence leads to default config in all
clixon installations, even those which do not use backend-started restconf.
One could see this as mostly cosmetically annoying.
Alternative would be to make the inclusion of this yang conditional.";
presence "Enables RESTCONF";
uses clixon-restconf;
}