Merge pull request #13 from project-arlo/brcm_poc

REST Server startup script is enhanced to read the settings from DB
project-arlo · Jul 10, 2019 · 12e8ed2 · 12e8ed2
2 parents f17c27f + ef7d06b
commit 12e8ed2
Showing 1 changed file with 44 additions and 1 deletion.
diff --git a/dockers/docker-sonic-mgmt-framework/rest-server.sh b/dockers/docker-sonic-mgmt-framework/rest-server.sh
@@ -1,6 +1,49 @@
 #!/usr/bin/env bash
 
-REST_SERVER_ARGS=" -ui /rest_ui -port=80 -logtostderr"
+# Startup script for SONiC Management REST Server
+
+SERVER_PORT=
+LOG_LEVEL=
+CLIENT_AUTH=
+SERVER_CRT=
+SERVER_KEY=
+CA_CERT=
+
+# Read basic server settings from REST_SERVER|default entry
+HAS_REST_CONFIG=$(sonic-cfggen -d -v "1 if REST_SERVER and REST_SERVER['default']")
+if [ "$HAS_REST_CONFIG" == "1" ]; then
+ SERVER_PORT=$(sonic-cfggen -d -v "REST_SERVER['default']['port']")
+ CLIENT_AUTH=$(sonic-cfggen -d -v "REST_SERVER['default']['client_auth']")
+ LOG_LEVEL=$(sonic-cfggen -d -v "REST_SERVER['default']['log_level']")
+fi
+
+# Read certificate file paths from DEVICE_METADATA|x509 entry.
+HAS_X509_CONFIG=$(sonic-cfggen -d -v "1 if DEVICE_METADATA and DEVICE_METADATA['x509']")
+if [ "$HAS_X509_CONFIG" == "1" ]; then
+ SERVER_CRT=$(sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_crt']")
+ SERVER_KEY=$(sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_key']")
+ CA_CRT=$(sonic-cfggen -d -v "DEVICE_METADATA['x509']['ca_crt']")
+fi
+
+# Create temporary server certificate if they not configured in ConfigDB
+if [ -z $SERVER_CRT ] && [ -z $SERVER_KEY ]; then
+ echo "Generating temporary TLS server certificate ..."
+ (cd /tmp && /usr/sbin/generate_cert --host="localhost,127.0.0.1")
+ SERVER_CRT=/tmp/cert.pem
+ SERVER_KEY=/tmp/key.pem
+fi
+
+
+REST_SERVER_ARGS="-ui /rest_ui -logtostderr"
+[ ! -z $SERVER_PORT ] && REST_SERVER_ARGS+=" -port $SERVER_PORT"
+[ ! -z $LOG_LEVEL ] && REST_SERVER_ARGS+=" -v $LOG_LEVEL"
+[ ! -z $CLIENT_AUTH ] && REST_SERVER_ARGS+=" -client_auth $CLIENT_AUTH"
+[ ! -z $SERVER_CRT ] && REST_SERVER_ARGS+=" -cert $SERVER_CRT"
+[ ! -z $SERVER_KEY ] && REST_SERVER_ARGS+=" -key $SERVER_KEY"
+[ ! -z $CA_CRT ] && REST_SERVER_ARGS+=" -cacert $CA_CRT"
+
+echo "REST_SERVER_ARGS = $REST_SERVER_ARGS"
+
 
 #export LIBYANG_EXTENSIONS_PLUGINS_DIR 
 export CVL_SCHEMA_PATH=/usr/sbin/schema