Merge pull request #392 from nokia/proxy-cmd

Add proxy command

docs/cmd/proxy.md

@@ -0,0 +1,187 @@
+### Description
+
+The `[proxy]` command start a gNMI proxy server. That relays gNMI messages to know targets (either configured or discovered).
+
+`gNMIc` proxy relays `Get`, `Set` and `Subscribe` RPCs but not `Capabilities`.
+
+To designate the target of an RPC, the `Prefix.Target` field within the RPC request message should be utilized. This field is versatile, accepting a single target, a comma-separated list of targets, or the wildcard character `*` for broader targeting.
+
+Here are the key points regarding target specification:
+
+- The target can be set to a target name or a comma-separated list of targets.
+- Setting the target to `*` implies the selection of all known targets.
+- If the Prefix.Target field is not explicitly set, gNMIc defaults to treating it as if `*` were specified, thus applying the action to all known targets.
+
+gNMIc optimizes resource usage by reusing existing gNMI client instances whenever possible. If an appropriate gNMI client does not already exist, gNMIc will create a new instance as required.
+
+### Usage
+
+`gnmic [global-flags] proxy`
+
+### Configuration
+
+The Proxy behavior is controlled using the `gnmi-server` section of the main config file:
+
+```yaml
+gnmi-server:
+  # the address the gNMI server will listen to
+  address: :57400
+  # tls config
+  tls:
+    # string, path to the CA certificate file,
+    # this certificate is used to verify the clients certificates.
+    ca-file:
+    # string, server certificate file.
+    cert-file:
+    # string, server key file.
+    key-file:
+    # string, one of `"", "request", "require", "verify-if-given", or "require-verify" 
+    #  - request:         The server requests a certificate from the client but does not 
+    #                     require the client to send a certificate. 
+    #                     If the client sends a certificate, it is not required to be valid.
+    #  - require:         The server requires the client to send a certificate and does not 
+    #                     fail if the client certificate is not valid.
+    #  - verify-if-given: The server requests a certificate, 
+    #                     does not fail if no certificate is sent. 
+    #                     If a certificate is sent it is required to be valid.
+    #  - require-verify:  The server requires the client to send a valid certificate.
+    #
+    # if no ca-file is present, `client-auth` defaults to ""`
+    # if a ca-file is set, `client-auth` defaults to "require-verify"`
+    client-auth: ""
+  max-subscriptions: 64
+  # maximum number of active Get/Set RPCs
+  max-unary-rpc: 64
+  # defines the maximum msg size (in bytes) the server can receive, 
+  # defaults to 4MB
+  max-recv-msg-size:
+  # defines the maximum msg size (in bytes) the server can send,
+  # default to MaxInt32 (2147483647 bytes or 2.147483647 Gb)
+  max-send-msg-size:
+  # defines the maximum number of streams per streaming RPC.
+  max-concurrent-streams:
+  # defines the TCP keepalive tiem and interval for client connections, 
+  # if unset it is enabled based on the OS. If negative it is disabled.
+  tcp-keepalive: 
+  # set keepalive and max-age parameters on the server-side.
+  keepalive:
+    # MaxConnectionIdle is a duration for the amount of time after which an
+    # idle connection would be closed by sending a GoAway. Idleness duration is
+    # defined since the most recent time the number of outstanding RPCs became
+    # zero or the connection establishment.
+    # The current default value is infinity.
+    max-connection-idle:
+    # MaxConnectionAge is a duration for the maximum amount of time a
+    # connection may exist before it will be closed by sending a GoAway. A
+    # random jitter of +/-10% will be added to MaxConnectionAge to spread out
+    # connection storms.
+    # The current default value is infinity.
+    max-connection-age:
+    # MaxConnectionAgeGrace is an additive period after MaxConnectionAge after
+    # which the connection will be forcibly closed.
+    # The current default value is infinity.
+    max-connection-age-grace:
+    # After a duration of this time if the server doesn't see any activity it
+    # pings the client to see if the transport is still alive.
+    # If set below 1s, a minimum value of 1s will be used instead.
+    # The current default value is 2 hours.
+    time: 120m
+    # After having pinged for keepalive check, the server waits for a duration
+    # of Timeout and if no activity is seen even after that the connection is
+    # closed.
+    # The current default value is 20 seconds.
+    timeout: 20s
+  # defines the minimum allowed sample interval, this value is used when the received sample-interval 
+  # is greater than zero but lower than this minimum value.
+  min-sample-interval: 1ms
+  # defines the default sample interval, 
+  # this value is used when the received sample-interval is zero within a stream/sample subscription.
+  default-sample-interval: 1s
+  # defines the minimum heartbeat-interval
+  # this value is used when the received heartbeat-interval is greater than zero but
+  # lower than this minimum value
+  min-heartbeat-interval: 1s
+  # enables the collection of Prometheus gRPC server metrics
+  enable-metrics: false
+  # enable additional debug logs
+  debug: false
+  # Enables Consul service registration
+  service-registration:
+    # Consul server address, default to localhost:8500
+    address:
+    # Consul Data center, defaults to dc1
+    datacenter: 
+    # Consul username, to be used as part of HTTP basicAuth
+    username:
+    # Consul password, to be used as part of HTTP basicAuth
+    password:
+    # Consul Token, is used to provide a per-request ACL token 
+    # which overrides the agent's default token
+    token:
+    # gnmi server service check interval, only TTL Consul check is enabled
+    # defaults to 5s
+    check-interval:
+    # Maximum number of failed checks before the service is deleted by Consul
+    # defaults to 3
+    max-fail:
+    # Consul service name
+    name:
+    # List of tags to be added to the service registration, 
+    # if available, the instance-name and cluster-name will be added as tags,
+    # in the format: gnmic-instance=$instance-name and gnmic-cluster=$cluster-name
+    tags:
+```
+
+### Example
+
+#### simple proxy
+
+This config start gNMIc as a gNMI proxy serving 2 targets `router1` and `router2`
+
+```yaml
+gnmi-server:
+  address: :57401
+
+targets:
+  router1:
+    skip-verify: true
+  router2:
+    skip-verify: true
+```
+
+```shell
+gnmic --config gnmic.yaml proxy
+```
+
+#### proxy with target discovery
+
+```yaml
+gnmi-server:
+  address: :57401
+
+loader:
+  type: file
+  path: targets.yaml
+```
+
+```shell
+gnmic --config gnmic.yaml proxy
+```
+
+#### proxy with service registration
+
+```yaml
+gnmi-server:
+  address: gnmi-proxy-address:57401
+  service-registration:
+    name: proxy
+    address: consul-server:8500
+
+loader:
+  type: file
+  path: targets.yaml
+```
+
+```shell
+gnmic --config gnmic.yaml proxy
+```

docs/user_guide/gnmi_server.md

@@ -181,6 +181,45 @@ gnmi-server:
   max-subscriptions: 64
   # maximum number of active Get/Set RPCs
   max-unary-rpc: 64
+  # defines the maximum msg size (in bytes) the server can receive, 
+  # defaults to 4MB
+  max-recv-msg-size:
+  # defines the maximum msg size (in bytes) the server can send,
+  # default to MaxInt32 (2147483647 bytes or 2.147483647 Gb)
+  max-send-msg-size:
+  # defines the maximum number of streams per streaming RPC.
+  max-concurrent-streams:
+  # defines the TCP keepalive tiem and interval for client connections, 
+  # if unset it is enabled based on the OS. If negative it is disabled.
+  tcp-keepalive: 
+  # set keepalive and max-age parameters on the server-side.
+  keepalive:
+    # MaxConnectionIdle is a duration for the amount of time after which an
+    # idle connection would be closed by sending a GoAway. Idleness duration is
+    # defined since the most recent time the number of outstanding RPCs became
+    # zero or the connection establishment.
+    # The current default value is infinity.
+    max-connection-idle:
+    # MaxConnectionAge is a duration for the maximum amount of time a
+    # connection may exist before it will be closed by sending a GoAway. A
+    # random jitter of +/-10% will be added to MaxConnectionAge to spread out
+    # connection storms.
+    # The current default value is infinity.
+    max-connection-age:
+    # MaxConnectionAgeGrace is an additive period after MaxConnectionAge after
+    # which the connection will be forcibly closed.
+    # The current default value is infinity.
+    max-connection-age-grace:
+    # After a duration of this time if the server doesn't see any activity it
+    # pings the client to see if the transport is still alive.
+    # If set below 1s, a minimum value of 1s will be used instead.
+    # The current default value is 2 hours.
+    time: 120m
+    # After having pinged for keepalive check, the server waits for a duration
+    # of Timeout and if no activity is seen even after that the connection is
+    # closed.
+    # The current default value is 20 seconds.
+    timeout: 20s
   # defines the minimum allowed sample interval, this value is used when the received sample-interval 
   # is greater than zero but lower than this minimum value.
   min-sample-interval: 1ms

go.mod

@@ -2,6 +2,8 @@ module github.com/openconfig/gnmic
 
 go 1.21.1
 
+replace github.com/openconfig/gnmic/pkg/api v0.1.5 => ./pkg/api
+
 require (
 	github.com/Shopify/sarama v1.38.1
 	github.com/adrg/xdg v0.4.0
@@ -44,8 +46,8 @@ require (
 	github.com/openconfig/goyang v1.4.5
 	github.com/openconfig/ygot v0.29.2
 	github.com/pkg/sftp v1.13.6
-	github.com/prometheus/client_golang v1.16.0
-	github.com/prometheus/client_model v0.4.0
+	github.com/prometheus/client_golang v1.19.0
+	github.com/prometheus/client_model v0.5.0
 	github.com/prometheus/prometheus v0.45.0
 	github.com/redis/go-redis/v9 v9.4.0
 	github.com/spf13/cobra v1.7.0
@@ -102,6 +104,7 @@ require (
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
 	github.com/hairyhenderson/go-fsimpl v0.0.0-20220529183339-9deae3e35047 // indirect
 	github.com/hairyhenderson/yaml v0.0.0-20220618171115-2d35fca545ce // indirect
 	github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect
@@ -115,6 +118,7 @@ require (
 	github.com/jcmturner/rpc/v2 v2.0.3 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/juju/ratelimit v1.0.2 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/minio/highwayhash v1.0.2 // indirect
@@ -235,7 +239,6 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/mattn/go-tty v0.0.4 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/nats-io/nats-server/v2 v2.10.4 // indirect
 	github.com/nats-io/nats-streaming-server v0.24.3 // indirect
 	github.com/nats-io/nkeys v0.4.7 // indirect
@@ -246,8 +249,8 @@ require (
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pkg/term v1.2.0-beta.2 // indirect
-	github.com/prometheus/common v0.44.0 // indirect
-	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/prometheus/common v0.48.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/rs/zerolog v1.29.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect