[sonic-buildimage] Changes to make network specific sysctl common for both host and docker namespace (#4838)

* [sonic-buildimage] Changes to make network specific sysctl
common for both host and docker namespace (in multi-npu).

This change is triggered with issue found in multi-npu platforms
where in docker namespace
net.ipv6.conf.all.forwarding was 0 (should be 1) because of
which RS/RA message were triggered and link-local router were learnt.

Beside this there were some other sysctl.net.ipv6* params whose value
in docker namespace is not same as host namespace.

So to make we are always in sync in host and docker namespace
created common file that list all sysctl.net.* params and used
both by host and docker namespace. Any change will get applied
to both namespace.

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

* Address Review Comments and made sure to invoke augtool
only one and do string concatenation of all set commands

* Address Review Comments.
This commit is contained in:
abdosi 2020-07-01 15:58:53 -07:00 committed by Abhishek Dosi
parent a80683dcd1
commit 4869fa7173
6 changed files with 59 additions and 49 deletions

View File

@ -374,59 +374,27 @@ EOF
sudo sed -i 's/^ListenAddress ::/#ListenAddress ::/' $FILESYSTEM_ROOT/etc/ssh/sshd_config
sudo sed -i 's/^#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/' $FILESYSTEM_ROOT/etc/ssh/sshd_config
## Config sysctl
sudo mkdir -p $FILESYSTEM_ROOT/var/core
# Config sysctl
sudo augtool --autosave "
set /files/etc/sysctl.conf/kernel.core_pattern '|/usr/bin/coredump-compress %e %t %p'
set /files/etc/sysctl.conf/kernel.softlockup_panic 1
set /files/etc/sysctl.conf/kernel.panic 10
set /files/etc/sysctl.conf/vm.panic_on_oom 2
set /files/etc/sysctl.conf/fs.suid_dumpable 2
set /files/etc/sysctl.conf/net.ipv4.conf.default.forwarding 1
set /files/etc/sysctl.conf/net.ipv4.conf.all.forwarding 1
set /files/etc/sysctl.conf/net.ipv4.conf.eth0.forwarding 0
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_accept 0
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_announce 0
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_filter 0
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_notify 0
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_ignore 0
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_accept 0
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_announce 1
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_filter 0
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_notify 1
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_ignore 2
set /files/etc/sysctl.conf/net.ipv4.neigh.default.base_reachable_time_ms 1800000
set /files/etc/sysctl.conf/net.ipv6.neigh.default.base_reachable_time_ms 1800000
set /files/etc/sysctl.conf/net.ipv4.neigh.default.gc_thresh1 1024
set /files/etc/sysctl.conf/net.ipv6.neigh.default.gc_thresh1 1024
set /files/etc/sysctl.conf/net.ipv4.neigh.default.gc_thresh2 2048
set /files/etc/sysctl.conf/net.ipv6.neigh.default.gc_thresh2 2048
set /files/etc/sysctl.conf/net.ipv4.neigh.default.gc_thresh3 4096
set /files/etc/sysctl.conf/net.ipv6.neigh.default.gc_thresh3 4096
set /files/etc/sysctl.conf/net.ipv6.conf.default.forwarding 1
set /files/etc/sysctl.conf/net.ipv6.conf.all.forwarding 1
set /files/etc/sysctl.conf/net.ipv6.conf.eth0.forwarding 0
set /files/etc/sysctl.conf/net.ipv6.conf.default.accept_dad 0
set /files/etc/sysctl.conf/net.ipv6.conf.all.accept_dad 0
set /files/etc/sysctl.conf/net.ipv6.conf.eth0.accept_dad 0
set /files/etc/sysctl.conf/net.ipv6.conf.default.keep_addr_on_down 1
set /files/etc/sysctl.conf/net.ipv6.conf.all.keep_addr_on_down 1
set /files/etc/sysctl.conf/net.ipv6.conf.eth0.keep_addr_on_down 1
set /files/etc/sysctl.conf/net.ipv4.tcp_l3mdev_accept 1
set /files/etc/sysctl.conf/net.ipv4.udp_l3mdev_accept 1
set /files/etc/sysctl.conf/net.core.rmem_max 2097152
set /files/etc/sysctl.conf/net.core.wmem_max 2097152
" -r $FILESYSTEM_ROOT
sysctl_net_cmd_string=""
while read line; do
[[ "$line" =~ ^#.*$ ]] && continue
sysctl_net_conf_key=`echo $line | awk -F '=' '{print $1}'`
sysctl_net_conf_value=`echo $line | awk -F '=' '{print $2}'`
sysctl_net_cmd_string=$sysctl_net_cmd_string"set /files/etc/sysctl.conf/$sysctl_net_conf_key $sysctl_net_conf_value"$'\n'
done < files/image_config/sysctl/sysctl-net.conf
sudo augtool --autosave "$sysctl_net_cmd_string" -r $FILESYSTEM_ROOT
if [[ $CONFIGURED_ARCH == amd64 ]]; then
# Configure mcelog to log machine checks to syslog
sudo sed -i 's/^#syslog = yes/syslog = yes/' $FILESYSTEM_ROOT/etc/mcelog/mcelog.conf

View File

@ -37,6 +37,7 @@ COPY ["docker-database-init.sh", "/usr/local/bin/"]
COPY ["database_config.json.j2", "/usr/share/sonic/templates/"]
COPY ["database_global.json.j2", "/usr/share/sonic/templates/"]
COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
COPY ["files/sysctl-net.conf", "/etc/sysctl.d/"]
COPY ["critical_processes", "/etc/supervisor"]
ENTRYPOINT ["/usr/local/bin/docker-database-init.sh"]

View File

@ -91,7 +91,7 @@ function postStartAction()
{
{%- if docker_container_name == "database" %}
if [ "$DEV" ]; then
docker exec -i database$DEV sysctl -w net.ipv6.conf.all.disable_ipv6=0
docker exec -i database$DEV sysctl --system -e
link_namespace $DEV
fi

View File

@ -0,0 +1,39 @@
# All the sysctl for ipv4/ipv6 network.
# Same will be used in host or docker namespace
# It should be provided as key=value format for parsing
net.ipv6.conf.all.disable_ipv6=0
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.all.forwarding=1
net.ipv4.conf.eth0.forwarding=0
net.ipv4.conf.default.arp_accept=0
net.ipv4.conf.default.arp_announce=0
net.ipv4.conf.default.arp_filter=0
net.ipv4.conf.default.arp_notify=0
net.ipv4.conf.default.arp_ignore=0
net.ipv4.conf.all.arp_accept=0
net.ipv4.conf.all.arp_announce=1
net.ipv4.conf.all.arp_filter=0
net.ipv4.conf.all.arp_notify=1
net.ipv4.conf.all.arp_ignore=2
net.ipv4.neigh.default.base_reachable_time_ms=1800000
net.ipv6.neigh.default.base_reachable_time_ms=1800000
net.ipv4.neigh.default.gc_thresh1=1024
net.ipv6.neigh.default.gc_thresh1=1024
net.ipv4.neigh.default.gc_thresh2=2048
net.ipv6.neigh.default.gc_thresh2=2048
net.ipv4.neigh.default.gc_thresh3=4096
net.ipv6.neigh.default.gc_thresh3=4096
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.eth0.forwarding=0
net.ipv6.conf.default.accept_dad=0
net.ipv6.conf.all.accept_dad=0
net.ipv6.conf.eth0.accept_dad=0
net.ipv6.conf.default.keep_addr_on_down=1
net.ipv6.conf.all.keep_addr_on_down=1
net.ipv6.conf.eth0.keep_addr_on_down=1
net.ipv4.tcp_l3mdev_accept=1
net.ipv4.udp_l3mdev_accept=1
net.core.rmem_max=2097152
net.core.wmem_max=2097152
net.core.somaxconn=512

View File

@ -28,4 +28,4 @@ $(DOCKER_DATABASE)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
$(DOCKER_DATABASE)_BASE_IMAGE_FILES += redis-cli:/usr/bin/redis-cli
$(DOCKER_DATABASE)_BASE_IMAGE_FILES += monit_database:/etc/monit/conf.d
$(DOCKER_DATABASE)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
$(DOCKER_DATABASE)_FILES += $(SYSCTL_NET_CONFIG) $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)

View File

@ -14,10 +14,12 @@ $(QOS_CONFIG_TEMPLATE)_PATH = files/build_templates
SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT = supervisor-proc-exit-listener
$(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)_PATH = files/scripts
SYSCTL_NET_CONFIG = sysctl-net.conf
$(SYSCTL_NET_CONFIG)_PATH = files/image_config/sysctl
SONIC_COPY_FILES += $(CONFIGDB_LOAD_SCRIPT) \
$(ARP_UPDATE_SCRIPT) \
$(BUFFERS_CONFIG_TEMPLATE) \
$(QOS_CONFIG_TEMPLATE) \
$(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
$(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT) \
$(SYSCTL_NET_CONFIG)