#!/usr/bin/env bash # Startup script for SONiC Management REST Server EXIT_MGMT_VARS_FILE_NOT_FOUND=1 MGMT_VARS_FILE=/usr/share/sonic/templates/mgmt_vars.j2 if [ ! -f "$MGMT_VARS_FILE" ]; then echo "Mgmt vars template file not found" exit $EXIT_MGMT_VARS_FILE_NOT_FOUND fi # Read basic server settings from mgmt vars entries MGMT_VARS=$(sonic-cfggen -d -t $MGMT_VARS_FILE) MGMT_VARS=${MGMT_VARS//[\']/\"} REST_SERVER=$(echo $MGMT_VARS | jq -r '.rest_server') if [ -n "$REST_SERVER" ]; then SERVER_PORT=$(echo $REST_SERVER | jq -r '.port') CLIENT_AUTH=$(echo $REST_SERVER | jq -r '.client_auth') LOG_LEVEL=$(echo $REST_SERVER | jq -r '.log_level') SERVER_CRT=$(echo $REST_SERVER | jq -r '.server_crt') SERVER_KEY=$(echo $REST_SERVER | jq -r '.server_key') CA_CRT=$(echo $REST_SERVER | jq -r '.ca_crt') fi if [[ -z $SERVER_CRT ]] && [[ -z $SERVER_KEY ]] && [[ -z $CA_CRT ]]; then X509=$(echo $MGMT_VARS | jq -r '.x509') fi # Read certificate file paths from DEVICE_METADATA|x509 entry. if [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') CA_CRT=$(echo $X509 | jq -r '.ca_crt') fi # Create temporary server certificate if they not configured in ConfigDB if [ -z $SERVER_CRT ] && [ -z $SERVER_KEY ]; then echo "Generating temporary TLS server certificate ..." (cd /tmp && /usr/sbin/generate_cert --host="localhost,127.0.0.1") SERVER_CRT=/tmp/cert.pem SERVER_KEY=/tmp/key.pem fi REST_SERVER_ARGS="-ui /rest_ui -logtostderr" [ ! -z $SERVER_PORT ] && REST_SERVER_ARGS+=" -port $SERVER_PORT" [ ! -z $LOG_LEVEL ] && REST_SERVER_ARGS+=" -v $LOG_LEVEL" [ ! -z $CLIENT_AUTH ] && REST_SERVER_ARGS+=" -client_auth $CLIENT_AUTH" [ ! -z $SERVER_CRT ] && REST_SERVER_ARGS+=" -cert $SERVER_CRT" [ ! -z $SERVER_KEY ] && REST_SERVER_ARGS+=" -key $SERVER_KEY" [ ! -z $CA_CRT ] && REST_SERVER_ARGS+=" -cacert $CA_CRT" echo "REST_SERVER_ARGS = $REST_SERVER_ARGS" export CVL_SCHEMA_PATH=/usr/sbin/schema exec /usr/sbin/rest_server ${REST_SERVER_ARGS}