bfce20c760
* Builds and installs a new restconf library: libclixon_restconf.so and clixon_restconf.h * The restconf library can be included by a restconf plugin. * Example code in example/Makefile.in and example/restconf_lib.c * Authorization * Example extended with authorization * Test added with http basic authorization (test/test_auth.sh) * Documentation in FAQ.md * README.md extended with new yang, netconf, restconf, datastore, and auth sections. |
||
|---|---|---|
| apps | ||
| build-root/scripts | ||
| datastore | ||
| doc | ||
| docker | ||
| etc | ||
| example | ||
| extras | ||
| include | ||
| lib | ||
| test | ||
| yang | ||
| .gitignore | ||
| CHANGELOG.md | ||
| clixon.conf.cpp.cpp | ||
| clixon.mk.cpp | ||
| config.guess | ||
| config.sub | ||
| configure | ||
| configure.ac | ||
| develop.md | ||
| install-sh | ||
| LICENSE.md | ||
| Makefile.in | ||
| README.md | ||
Clixon
Clixon is an automatic configuration manager where you generate interactive CLI, NETCONF, RESTCONF and embedded databases with transaction support from a YANG specification.
Topics
- Background
- Frequently asked questions
- Installation
- Licenses
- Support
- Dependencies
- Extending
- Yang
- Netconf
- Restconf
- Datastore
- Authentication and Authorization
- Example
- Changelog recent changes.
- Clixon SDK
- Clicon and Clixon project page
- Tests
- Reference manual (Note: the link may not be up-to-date. It is better to build your own:
cd doc; make doc)
Background
Clixon was implemented to provide an open-source generic configuration tool. The existing CLIgen tool was extended to a framework. Most of the user projects are for embedded network and measuring devices, but can be deployed for more general use.
Users of clixon currently include:
- Netgate
- CloudMon360
- Grideye
- Netclean (only CLIgen)
- [Prosilient's PTAnalyzer] (only CLIgen)
Installation
A typical installation is as follows:
configure # Configure clixon to platform
make # Compile
sudo make install # Install libs, binaries, and config-files
sudo make install-include # Install include files (for compiling)
One example application is provided, a IETF IP YANG datamodel with generated CLI and configuration interface.
Licenses
Clixon is open-source and dual licensed. Either Apache License, Version 2.0 or GNU General Public License Version 2; you choose.
See LICENSE.md for the license.
Dependencies
Clixon depends on the following software packages, which need to exist on the target machine.
- CLIgen is required for building Clixon. If you need to build and install CLIgen:
git clone https://github.com/olofhagsand/cligen.git
cd cligen; configure; make; make install
- Yacc/bison
- Lex/Flex
- Fcgi (if restconf is enabled)
There is no yum/apt/ostree package for Clixon (please help?)
Support
Clixon interaction is best done posting issues, pull requests, or joining the slack channel.
Extending
Clixon provides a core system and can be used as-is using available Yang specifications. However, an application very quickly needs to specialize funxtions. Clixon is extended by (most commonly) writing plugins for cli and backend. Extensions for netconf and restconf are also available.
Plugins are written in C and easiest is to look at example or consulting the FAQ.
Yang
YANG and XML is at the heart of Clixon. Yang modules are used as a specification for handling XML configuration data. The YANG spec is used to generate an interactive CLI, netconf and restconf clients. It also manages an XML datastore.
Clixon mainly follows YANG 1.0 RFC 6020 with some exceptions:
- conformance: feature, if-feature, deviation
- identity, base, identityref
- list features: min/max-elements, unique
The aim is also to cover new featires in YANG 1.1 YANG RFC 7950
Clixon has its own XML library designed for performance.
Netconf
Clixon implements the following NETCONF proposals or standards:
- NETCONF Configuration Protocol
- Using the NETCONF Configuration Protocol over Secure SHell (SSH)
- NETCONF Event Notifications
Some updates are being made to RFC 6241 and RFC 6242.
Clixon does not support the following features:
- :url capability
- copy-config source config
- edit-config testopts
- edit-config erropts
- edit-config config-text
Restconf
Clixon restconf is a daemon based on FASTCGI. Instructions are available to run with NGINX. The implementatation is based on RFC 8040: RESTCONF Protocol. The following features are supported:
- OPTIONS, HEAD, GET, POST, PUT, DELETE The following are not implemented
- PATCH
- query parameters (section 4.9)
- notifications (sec 6)
- schema resource
See more detailed restconf instructions.
Datastore
The Clixon datastore is a stand-alone XML based datastore. The idea is to be able to use different datastores backends with the same API.
Update: There used to be a key-value plugin based on qdbm but isnow obsoleted. Only a text datastore is implemented.
The datastore is primarily designed to be used by Clixon but can be used separately.
See more detailed restconf instructions.
Auth
Authentication is not in-scope for Clixon, however, there is ongoing work to implement NACM.
There are hooks (plugin callbacks) to identify which user is accessing a client. That identity can then be used for authorization.
In short, authentication needs to be coupled to clixon clients:
- CLI - Login has already been made via SSH
- Netconf - SSH netconf subsystem
- Restconf needs credentials. See FAQ. The Example has an example how to do this with HTTP basic auth. It is possible for do this for more advanced mechanisms such as Oauth2 or [https://github.com/CESNET/Netopeer2/tree/master/server/configuration]
SDK
The figure shows the SDK runtime of Clixon.