matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[baseimage]: Updates for Ebtables and support for multi-asic (#6542)

Browse Source 
Following changes were done for ebtables:

- Support for Multi-asic platforms. Ebtable filters are installed in namespace for multi-asic and not host. On Single asic installed on  host.

- For Multi-asic platforms we don't want to install on host otherwise Namespace-to-Namespace communication does not happens since ARP Request are not forwarded.

- Updated to use text file to restore ebtables rules then the binary format. Rules are restore as part of Database docker init instead of rc.local

- Removed the ebtable service files for buster as not needed as filters are restored/installed as part of database docker init.
   All the binaries are pre-installed with ebtables* binary are same as ebatbles-legacy-*

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
This commit is contained in:
abdosi 2021-01-27 08:36:10 -08:00 committed by Abhishek Dosi
parent e9d3d96c69
commit 9779560b63
3 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
build_debian.sh
View File

@ -465,13 +465,8 @@ if [ "${enable_organization_extensions}" = "y" ]; then
fi fi
fi fi
## Setup ebtable rules (rule file is in binary format) ## Setup ebtable rules (rule file in text format)
sudo cp -f files/image_config/ebtables/ebtables.default $FILESYSTEM_ROOT/etc/default/ebtables
sudo cp -f files/image_config/ebtables/ebtables.init $FILESYSTEM_ROOT/etc/init.d/ebtables
sudo cp -f files/image_config/ebtables/ebtables.service $FILESYSTEM_ROOT/lib/systemd/system/ebtables.service
sudo cp files/image_config/ebtables/ebtables.filter.cfg ${FILESYSTEM_ROOT}/etc sudo cp files/image_config/ebtables/ebtables.filter.cfg ${FILESYSTEM_ROOT}/etc
sudo LANG=C chroot $FILESYSTEM_ROOT update-alternatives --set ebtables /usr/sbin/ebtables-legacy
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable ebtables.service
## Debug Image specific changes ## Debug Image specific changes
## Update motd for debug image ## Update motd for debug image

14
files/build_templates/docker_image_ctl.j2
View File

@ -42,6 +42,18 @@ function updateSyslogConf()
rm -rf $TMP_FILE rm -rf $TMP_FILE
fi fi
} }
function ebtables_config()
{
if [ "$DEV" ]; then
# Install ebtables filter in namespaces on multi-asic.
ip netns exec $NET_NS ebtables-restore < /etc/ebtables.filter.cfg
else
if [[ ! ($NUM_ASIC -gt 1) ]]; then
# Install ebtables filter in host for single asic.
ebtables-restore < /etc/ebtables.filter.cfg
fi
fi
}
function getMountPoint() function getMountPoint()
{ {
@ -98,6 +110,8 @@ function postStartAction()
docker exec -i database$DEV sysctl --system -e docker exec -i database$DEV sysctl --system -e
link_namespace $DEV link_namespace $DEV
fi fi
# Setup ebtables configuration
ebtables_config
# Wait until supervisord and redis starts. This change is needed # Wait until supervisord and redis starts. This change is needed
# because now database_config.json is jinja2 templated based # because now database_config.json is jinja2 templated based

9
files/image_config/platform/rc.local
View File

@ -186,12 +186,6 @@ program_console_speed()
systemctl daemon-reload systemctl daemon-reload
} }
ebtables_config()
{
# Generate atomic config file and save it persistent
/usr/sbin/ebtables-restore < /etc/ebtables.filter.cfg
/usr/sbin/ebtables -t filter --atomic-file /etc/ebtables.filter --atomic-save
}
#### Begin Main Body #### #### Begin Main Body ####
@ -362,9 +356,6 @@ if [ -f $FIRST_BOOT_FILE ]; then
# Create dir where following scripts put their output files # Create dir where following scripts put their output files
mkdir -p /var/platform mkdir -p /var/platform
# Firsttime ebtables configuration
ebtables_config
firsttime_exit firsttime_exit
fi fi