From 0a54c46a0d90e0a26cf7e55697c7f863888740a6 Mon Sep 17 00:00:00 2001 From: Ze Gan Date: Thu, 8 Sep 2022 23:45:06 +0800 Subject: [PATCH] [docker-macsec]: Add dependencies of MACsec (#11770) Why I did it If the SWSS services was restarted, the MACsec service should also be restarted. Otherwise the data in wpa_supplicant and orchagent will not be consistent. How I did it Add dependency in docker-macsec.mk. How to verify it Manually check by 'sudo service swss restart'. The MACsec container should be started after swss, the syslog will look like Sep 8 14:36:29.562953 sonic INFO swss.sh[9661]: Starting existing swss container with HWSKU Force10-S6000 Sep 8 14:36:30.024399 sonic DEBUG container: container_start: BEGIN ... Sep 8 14:36:33.391706 sonic INFO systemd[1]: Starting macsec container... Sep 8 14:36:33.392925 sonic INFO systemd[1]: Starting Management Framework container... Signed-off-by: Ze Gan --- files/scripts/swss.sh | 16 +++++++++++++++- rules/docker-macsec.mk | 3 +++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/files/scripts/swss.sh b/files/scripts/swss.sh index 93b1a3811c..e0c9d2d3f9 100755 --- a/files/scripts/swss.sh +++ b/files/scripts/swss.sh @@ -30,7 +30,7 @@ function read_dependent_services() fi if [[ -f ${ETC_SONIC_PATH}/${SERVICE}_multi_inst_dependent ]]; then - MULTI_INST_DEPENDENT="${MULTI_INST_DEPENDENT} cat ${ETC_SONIC_PATH}/${SERVICE}_multi_inst_dependent" + MULTI_INST_DEPENDENT="${MULTI_INST_DEPENDENT} $(cat ${ETC_SONIC_PATH}/${SERVICE}_multi_inst_dependent)" fi } @@ -308,6 +308,19 @@ function check_peer_gbsyncd() fi } +function check_macsec() +{ + MACSEC_STATE=`show feature status | grep macsec | awk '{print $2}'` + + if [[ ${MACSEC_STATE} == 'enabled' ]]; then + if [ "$DEV" ]; then + DEPENDENT="${DEPENDENT} macsec@${DEV}" + else + DEPENDENT="${DEPENDENT} macsec" + fi + fi +} + if [ "$DEV" ]; then NET_NS="$NAMESPACE_PREFIX$DEV" #name of the network namespace SONIC_DB_CLI="sonic-db-cli -n $NET_NS" @@ -319,6 +332,7 @@ else fi check_peer_gbsyncd +check_macsec read_dependent_services case "$1" in diff --git a/rules/docker-macsec.mk b/rules/docker-macsec.mk index 5db5ea5a41..d4cce3ecfc 100644 --- a/rules/docker-macsec.mk +++ b/rules/docker-macsec.mk @@ -42,6 +42,9 @@ $(DOCKER_MACSEC)_RUN_OPT += --privileged -t $(DOCKER_MACSEC)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro $(DOCKER_MACSEC)_RUN_OPT += -v /host/warmboot:/var/warmboot +$(DOCKER_MACSEC)_SERVICE_REQUIRES = updategraph +$(DOCKER_MACSEC)_SERVICE_AFTER = swss syncd + $(DOCKER_MACSEC)_CLI_CONFIG_PLUGIN = /cli/config/plugins/macsec.py $(DOCKER_MACSEC)_CLI_SHOW_PLUGIN = /cli/show/plugins/show_macsec.py $(DOCKER_MACSEC)_CLI_CLEAR_PLUGIN = /cli/clear/plugins/clear_macsec_counter.py