[docker-restapi]: Fix authentication in restapi (#4383)

- enabling http/https endpoint and mounting the certificates directory
- updating the sonic-restapi submodule
This commit is contained in:
Sumukha Tumkur Vani 2020-04-15 02:08:45 -07:00 committed by Abhishek Dosi
parent 2f66b4c545
commit 23aed5ae6a
8 changed files with 82 additions and 6 deletions

View File

@ -20,6 +20,9 @@ RUN apt-get update
## Clean up
RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y
COPY ["start.sh", "restapi.sh", "/usr/bin/"]
COPY ["supervisord.conf", "/etc/supervisor/conf.d/"]
COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
COPY ["critical_processes", "/etc/supervisor"]
ENTRYPOINT ["/usr/bin/supervisord"]

View File

@ -0,0 +1,7 @@
###############################################################################
## Monit configuration for restapi container
## process list:
## restapi
###############################################################################
check process restapi matching "/usr/sbin/go-server-server"
if does not exist for 5 times within 5 cycles then alert

View File

@ -0,0 +1 @@
restapi

View File

@ -0,0 +1,38 @@
#!/usr/bin/env bash
RESTAPI_ARGS=""
while true
do
client_auth=`sonic-cfggen -d -v "RESTAPI['config']['client_auth']"`
if [[ $client_auth == 'true' ]]; then
certs=`sonic-cfggen -d -v "RESTAPI['certs']"`
allow_insecure=`sonic-cfggen -d -v "RESTAPI['config']['allow_insecure']"`
if [[ $allow_insecure == 'true' ]]; then
RESTAPI_ARGS=" -enablehttp=true"
else
RESTAPI_ARGS=" -enablehttp=false"
fi
if [[ -n "$certs" ]]; then
SERVER_CRT=`sonic-cfggen -d -v "RESTAPI['certs']['server_crt']"`
SERVER_KEY=`sonic-cfggen -d -v "RESTAPI['certs']['server_key']"`
CLIENT_CA_CRT=`sonic-cfggen -d -v "RESTAPI['certs']['client_ca_crt']"`
CLIENT_CRT_CNAME=`sonic-cfggen -d -v "RESTAPI['certs']['client_crt_cname']"`
if [[ -f $SERVER_CRT && -f $SERVER_KEY && -f $CLIENT_CA_CRT ]]; then
RESTAPI_ARGS+=" -enablehttps=true -servercert=$SERVER_CRT -serverkey=$SERVER_KEY -clientcert=$CLIENT_CA_CRT -clientcertcommonname=$CLIENT_CRT_CNAME"
break
fi
fi
fi
logger "Waiting for certificates..."
sleep 60
done
LOG_LEVEL=`sonic-cfggen -d -v "RESTAPI['config']['log_level']"`
if [ ! -z $LOG_LEVEL ]; then
RESTAPI_ARGS+=" -loglevel=$LOG_LEVEL"
else
RESTAPI_ARGS+=" -loglevel=trace"
fi
logger "RESTAPI_ARGS: $RESTAPI_ARGS"
exec /usr/sbin/go-server-server ${RESTAPI_ARGS}

View File

@ -6,5 +6,4 @@ echo "# Config files managed by sonic-config-engine" > /var/sonic/config_status
rm -f /var/run/rsyslogd.pid
supervisorctl start rsyslogd
supervisorctl start restapi

View File

@ -3,10 +3,32 @@ logfile_maxbytes=1MB
logfile_backups=2
nodaemon=true
[program:restapi]
command=/usr/sbin/go-server-server -loglevel trace
[eventlistener:supervisor-proc-exit-listener]
command=/usr/bin/supervisor-proc-exit-listener --container-name restapi
events=PROCESS_STATE_EXITED
autostart=true
autorestart=false
[program:start.sh]
command=/usr/bin/start.sh
priority=1
autostart=true
autorestart=false
stdout_logfile=/tmp/rest-api.out.log
stderr_logfile=/tmp/rest-api.err.log
stdout_logfile=syslog
stderr_logfile=syslog
[program:restapi]
command=/usr/bin/restapi.sh
priority=1
autostart=false
autorestart=true
stdout_logfile=syslog
stderr_logfile=syslog
[program:rsyslogd]
command=/usr/sbin/rsyslogd -n
priority=2
autostart=false
autorestart=true
stdout_logfile=syslog
stderr_logfile=syslog

View File

@ -18,5 +18,11 @@ endif
$(DOCKER_RESTAPI)_CONTAINER_NAME = restapi
$(DOCKER_RESTAPI)_RUN_OPT += --cap-add NET_ADMIN --privileged -t
$(DOCKER_RESTAPI)_RUN_OPT += --network="host"
$(DOCKER_RESTAPI)_RUN_OPT += -v /var/run/redis/redis.sock:/var/run/redis/redis.sock
$(DOCKER_RESTAPI)_RUN_OPT += -v /etc/sonic/certificates:/etc/sonic/certificates:ro
$(DOCKER_RESTAPI)_RUN_OPT += -p=8081:8081/tcp
$(DOCKER_RESTAPI)_RUN_OPT += -p=8090:8090/tcp
$(DOCKER_RESTAPI)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
$(DOCKER_RESTAPI)_BASE_IMAGE_FILES += monit_restapi:/etc/monit/conf.d

@ -1 +1 @@
Subproject commit 163ee272ae992f5885990dcca6552cd86b74391a
Subproject commit c219e3da28fb20b63b065ceb1828125593d73f14