From e631f426f4eaf67365ce84a0c34f652afdb8a43b Mon Sep 17 00:00:00 2001 From: Junchao-Mellanox <57339448+Junchao-Mellanox@users.noreply.github.com> Date: Tue, 31 Jan 2023 02:11:44 +0800 Subject: [PATCH] [infra] Support syslog rate limit configuration (#12490) (#13535) Backport of https://github.com/sonic-net/sonic-buildimage/pull/12490 into 202211 - Why I did it Support syslog rate limit configuration feature - How I did it Remove unused rsyslog.conf from containers Modify docker startup script to generate rsyslog.conf from template files Add metadata/init data for syslog rate limit configuration - How to verify it Manual test New sonic-mgmt regression cases --- dockers/docker-base-buster/etc/rsyslog.conf | 76 ------------------ dockers/docker-base-stretch/etc/rsyslog.conf | 76 ------------------ dockers/docker-base/etc/rsyslog.conf | 80 ------------------- dockers/docker-database/Dockerfile.j2 | 1 - dockers/docker-dhcp-relay/Dockerfile.j2 | 1 - dockers/docker-fpm-frr/Dockerfile.j2 | 1 - dockers/docker-iccpd/Dockerfile.j2 | 1 - dockers/docker-lldp/Dockerfile.j2 | 1 - dockers/docker-macsec/Dockerfile.j2 | 1 - dockers/docker-mux/Dockerfile.j2 | 1 - dockers/docker-nat/Dockerfile.j2 | 1 - dockers/docker-orchagent/Dockerfile.j2 | 1 - dockers/docker-pde/Dockerfile.j2 | 1 - dockers/docker-platform-monitor/Dockerfile.j2 | 1 - dockers/docker-sflow/Dockerfile.j2 | 1 - dockers/docker-snmp/Dockerfile.j2 | 1 - .../docker-sonic-mgmt-framework/Dockerfile.j2 | 1 - dockers/docker-sonic-restapi/Dockerfile.j2 | 1 - dockers/docker-sonic-telemetry/Dockerfile.j2 | 1 - dockers/docker-teamd/Dockerfile.j2 | 1 - files/build_templates/init_cfg.json.j2 | 15 ++++ files/build_templates/manifest.json.j2 | 3 + files/image_config/rsyslog/rsyslog.conf.j2 | 19 +++++ .../docker-saiserver-brcm/Dockerfile.j2 | 1 - .../docker-syncd-brcm-dnx/Dockerfile.j2 | 2 - .../broadcom/docker-syncd-brcm/Dockerfile.j2 | 2 - .../cavium/docker-syncd-cavm/Dockerfile.j2 | 2 - .../docker-saiserver-centec/Dockerfile.j2 | 1 - .../docker-syncd-centec/Dockerfile.j2 | 2 - .../docker-saiserver-centec/Dockerfile.j2 | 1 - .../centec/docker-syncd-centec/Dockerfile.j2 | 2 - .../docker-gbsyncd-broncos/Dockerfile.j2 | 1 - .../docker-gbsyncd-credo/Dockerfile.j2 | 1 - .../innovium/docker-syncd-invm/Dockerfile.j2 | 1 - .../docker-syncd-mrvl/Dockerfile.j2 | 2 - .../docker-syncd-mrvl/Dockerfile.j2 | 2 - .../marvell/docker-syncd-mrvl/Dockerfile.j2 | 2 - .../docker-saiserver-mlnx/Dockerfile.j2 | 1 - .../mellanox/docker-syncd-mlnx/Dockerfile.j2 | 2 - .../nephos/docker-syncd-nephos/Dockerfile.j2 | 2 - platform/p4/docker-sonic-p4/Dockerfile.j2 | 1 - platform/vs/docker-gbsyncd-vs/Dockerfile.j2 | 2 - platform/vs/docker-sonic-vs/Dockerfile.j2 | 1 + .../vs/docker-sonic-vs}/etc/rsyslog.conf | 2 +- platform/vs/docker-syncd-vs/Dockerfile.j2 | 2 - rules/functions | 1 + .../containercfgd/containercfgd.py | 2 +- 47 files changed, 41 insertions(+), 283 deletions(-) delete mode 100644 dockers/docker-base-buster/etc/rsyslog.conf delete mode 100644 dockers/docker-base-stretch/etc/rsyslog.conf delete mode 100644 dockers/docker-base/etc/rsyslog.conf rename {dockers/docker-base-bullseye => platform/vs/docker-sonic-vs}/etc/rsyslog.conf (99%) diff --git a/dockers/docker-base-buster/etc/rsyslog.conf b/dockers/docker-base-buster/etc/rsyslog.conf deleted file mode 100644 index ef249229ab..0000000000 --- a/dockers/docker-base-buster/etc/rsyslog.conf +++ /dev/null @@ -1,76 +0,0 @@ -# -# /etc/rsyslog.conf Configuration file for rsyslog. -# -# For more information see -# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html - - -################# -#### MODULES #### -################# - -$ModLoad imuxsock # provides support for local system logging - -# -# Set a rate limit on messages from the container -# -$SystemLogRateLimitInterval 300 -$SystemLogRateLimitBurst 20000 - -#$ModLoad imklog # provides kernel logging support -#$ModLoad immark # provides --MARK-- message capability - -# provides UDP syslog reception -#$ModLoad imudp -#$UDPServerRun 514 - -# provides TCP syslog reception -#$ModLoad imtcp -#$InputTCPServerRun 514 - - -########################### -#### GLOBAL DIRECTIVES #### -########################### - -# Set remote syslog server -template (name="ForwardFormatInContainer" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%") -*.* action(type="omfwd" target="127.0.0.1" port="514" protocol="udp" Template="ForwardFormatInContainer") - -# -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# -#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# Define a custom template -$template SONiCFileFormat,"%TIMESTAMP%.%timestamp:::date-subseconds% %HOSTNAME% %syslogseverity-text:::uppercase% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" -$ActionFileDefaultTemplate SONiCFileFormat - -# -# Set the default permissions for all log files. -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - -# -# Suppress duplicate messages and report "message repeated n times" -# -$RepeatedMsgReduction on - -############### -#### RULES #### -############### diff --git a/dockers/docker-base-stretch/etc/rsyslog.conf b/dockers/docker-base-stretch/etc/rsyslog.conf deleted file mode 100644 index ef249229ab..0000000000 --- a/dockers/docker-base-stretch/etc/rsyslog.conf +++ /dev/null @@ -1,76 +0,0 @@ -# -# /etc/rsyslog.conf Configuration file for rsyslog. -# -# For more information see -# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html - - -################# -#### MODULES #### -################# - -$ModLoad imuxsock # provides support for local system logging - -# -# Set a rate limit on messages from the container -# -$SystemLogRateLimitInterval 300 -$SystemLogRateLimitBurst 20000 - -#$ModLoad imklog # provides kernel logging support -#$ModLoad immark # provides --MARK-- message capability - -# provides UDP syslog reception -#$ModLoad imudp -#$UDPServerRun 514 - -# provides TCP syslog reception -#$ModLoad imtcp -#$InputTCPServerRun 514 - - -########################### -#### GLOBAL DIRECTIVES #### -########################### - -# Set remote syslog server -template (name="ForwardFormatInContainer" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%") -*.* action(type="omfwd" target="127.0.0.1" port="514" protocol="udp" Template="ForwardFormatInContainer") - -# -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# -#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# Define a custom template -$template SONiCFileFormat,"%TIMESTAMP%.%timestamp:::date-subseconds% %HOSTNAME% %syslogseverity-text:::uppercase% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" -$ActionFileDefaultTemplate SONiCFileFormat - -# -# Set the default permissions for all log files. -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - -# -# Suppress duplicate messages and report "message repeated n times" -# -$RepeatedMsgReduction on - -############### -#### RULES #### -############### diff --git a/dockers/docker-base/etc/rsyslog.conf b/dockers/docker-base/etc/rsyslog.conf deleted file mode 100644 index 4851ac7844..0000000000 --- a/dockers/docker-base/etc/rsyslog.conf +++ /dev/null @@ -1,80 +0,0 @@ -############################################################################### -# Managed by Ansible -# file: ansible/roles/acs/templates/rsyslog.conf.j2 -############################################################################### -# -# /etc/rsyslog.conf Configuration file for rsyslog. -# -# For more information see -# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html - - -################# -#### MODULES #### -################# - -$ModLoad imuxsock # provides support for local system logging - -# -# Set a rate limit on messages from the container -# -$SystemLogRateLimitInterval 300 -$SystemLogRateLimitBurst 20000 - -#$ModLoad imklog # provides kernel logging support -#$ModLoad immark # provides --MARK-- message capability - -# provides UDP syslog reception -#$ModLoad imudp -#$UDPServerRun 514 - -# provides TCP syslog reception -#$ModLoad imtcp -#$InputTCPServerRun 514 - - -########################### -#### GLOBAL DIRECTIVES #### -########################### - -# Set remote syslog server -template (name="ForwardFormatInContainer" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%") -*.* action(type="omfwd" target="127.0.0.1" port="514" protocol="udp" Template="ForwardFormatInContainer") - -# -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# -#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# Define a custom template -$template SONiCFileFormat,"%TIMESTAMP%.%timestamp:::date-subseconds% %HOSTNAME% %syslogseverity-text:::uppercase% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" -$ActionFileDefaultTemplate SONiCFileFormat - -# -# Set the default permissions for all log files. -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - -# -# Suppress duplicate messages and report "message repeated n times" -# -$RepeatedMsgReduction on - -############### -#### RULES #### -############### diff --git a/dockers/docker-database/Dockerfile.j2 b/dockers/docker-database/Dockerfile.j2 index 899c111da4..b9d3669c0f 100644 --- a/dockers/docker-database/Dockerfile.j2 +++ b/dockers/docker-database/Dockerfile.j2 @@ -2,7 +2,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf # Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-dhcp-relay/Dockerfile.j2 b/dockers/docker-dhcp-relay/Dockerfile.j2 index 1cddd11b61..b09da75705 100644 --- a/dockers/docker-dhcp-relay/Dockerfile.j2 +++ b/dockers/docker-dhcp-relay/Dockerfile.j2 @@ -3,7 +3,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name ARG image_version -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf # Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-fpm-frr/Dockerfile.j2 b/dockers/docker-fpm-frr/Dockerfile.j2 index c42f001b83..d15fc18462 100644 --- a/dockers/docker-fpm-frr/Dockerfile.j2 +++ b/dockers/docker-fpm-frr/Dockerfile.j2 @@ -5,7 +5,6 @@ ARG docker_container_name ARG frr_user_uid ARG frr_user_gid -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf # Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-iccpd/Dockerfile.j2 b/dockers/docker-iccpd/Dockerfile.j2 index bdb0a9fbf3..42a73b4cd3 100644 --- a/dockers/docker-iccpd/Dockerfile.j2 +++ b/dockers/docker-iccpd/Dockerfile.j2 @@ -2,7 +2,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-lldp/Dockerfile.j2 b/dockers/docker-lldp/Dockerfile.j2 index d7e38e663b..9bc6418524 100644 --- a/dockers/docker-lldp/Dockerfile.j2 +++ b/dockers/docker-lldp/Dockerfile.j2 @@ -3,7 +3,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name ARG image_version -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf # Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-macsec/Dockerfile.j2 b/dockers/docker-macsec/Dockerfile.j2 index 2e7a412466..3ec18b1372 100644 --- a/dockers/docker-macsec/Dockerfile.j2 +++ b/dockers/docker-macsec/Dockerfile.j2 @@ -2,7 +2,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-mux/Dockerfile.j2 b/dockers/docker-mux/Dockerfile.j2 index 06e89c3ecf..5908c432e6 100755 --- a/dockers/docker-mux/Dockerfile.j2 +++ b/dockers/docker-mux/Dockerfile.j2 @@ -2,7 +2,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-nat/Dockerfile.j2 b/dockers/docker-nat/Dockerfile.j2 index 04b2883551..0c0e6089a8 100644 --- a/dockers/docker-nat/Dockerfile.j2 +++ b/dockers/docker-nat/Dockerfile.j2 @@ -2,7 +2,6 @@ FROM docker-swss-layer-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf RUN echo diff --git a/dockers/docker-orchagent/Dockerfile.j2 b/dockers/docker-orchagent/Dockerfile.j2 index 22adec2b59..b8b95a9133 100755 --- a/dockers/docker-orchagent/Dockerfile.j2 +++ b/dockers/docker-orchagent/Dockerfile.j2 @@ -2,7 +2,6 @@ FROM docker-swss-layer-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf # Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-pde/Dockerfile.j2 b/dockers/docker-pde/Dockerfile.j2 index 0ddbfd59ce..6a0b21154d 100644 --- a/dockers/docker-pde/Dockerfile.j2 +++ b/dockers/docker-pde/Dockerfile.j2 @@ -3,7 +3,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name ENV PYTHONPATH=/usr/share/sonic/platform -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf # Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-platform-monitor/Dockerfile.j2 b/dockers/docker-platform-monitor/Dockerfile.j2 index 79265ec9cb..6dbb369320 100755 --- a/dockers/docker-platform-monitor/Dockerfile.j2 +++ b/dockers/docker-platform-monitor/Dockerfile.j2 @@ -3,7 +3,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name ARG image_version -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf # Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-sflow/Dockerfile.j2 b/dockers/docker-sflow/Dockerfile.j2 index eb97f5708b..162c4eee96 100644 --- a/dockers/docker-sflow/Dockerfile.j2 +++ b/dockers/docker-sflow/Dockerfile.j2 @@ -2,7 +2,6 @@ FROM docker-swss-layer-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-snmp/Dockerfile.j2 b/dockers/docker-snmp/Dockerfile.j2 index 1eb4ec4b7c..8465e4fb94 100644 --- a/dockers/docker-snmp/Dockerfile.j2 +++ b/dockers/docker-snmp/Dockerfile.j2 @@ -3,7 +3,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name ARG image_version -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf # Enable -O for all Python calls ENV PYTHONOPTIMIZE 1 diff --git a/dockers/docker-sonic-mgmt-framework/Dockerfile.j2 b/dockers/docker-sonic-mgmt-framework/Dockerfile.j2 index 823a2c7ff4..5c36da4328 100644 --- a/dockers/docker-sonic-mgmt-framework/Dockerfile.j2 +++ b/dockers/docker-sonic-mgmt-framework/Dockerfile.j2 @@ -1,7 +1,6 @@ FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-sonic-restapi/Dockerfile.j2 b/dockers/docker-sonic-restapi/Dockerfile.j2 index 029f5ec813..ca1a80580b 100644 --- a/dockers/docker-sonic-restapi/Dockerfile.j2 +++ b/dockers/docker-sonic-restapi/Dockerfile.j2 @@ -2,7 +2,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-sonic-telemetry/Dockerfile.j2 b/dockers/docker-sonic-telemetry/Dockerfile.j2 index e9b01f751b..64d679d40c 100644 --- a/dockers/docker-sonic-telemetry/Dockerfile.j2 +++ b/dockers/docker-sonic-telemetry/Dockerfile.j2 @@ -3,7 +3,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name ARG image_version -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/dockers/docker-teamd/Dockerfile.j2 b/dockers/docker-teamd/Dockerfile.j2 index be5e6984dd..33cb3af924 100644 --- a/dockers/docker-teamd/Dockerfile.j2 +++ b/dockers/docker-teamd/Dockerfile.j2 @@ -2,7 +2,6 @@ FROM docker-swss-layer-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/files/build_templates/init_cfg.json.j2 b/files/build_templates/init_cfg.json.j2 index c0fc08e86e..68da5f4f97 100644 --- a/files/build_templates/init_cfg.json.j2 +++ b/files/build_templates/init_cfg.json.j2 @@ -67,6 +67,7 @@ "has_per_asic_scope": {% if feature + '@.service' in installer_services.split(' ') %}"True"{% else %}"False"{% endif %}, {%- endif %} "auto_restart": "{{autorestart}}", + "support_syslog_rate_limit" : "true", {# Set check_up_status to true here when app readiness will be marked in state db #} {# For now, to support the infrastrucure, setting the check_up_status to false for bgp,swss,pmon #} {# Once apps like bgp,synd supports app readiness, then bgp,syncd can set check_up_status to true #} @@ -103,6 +104,20 @@ "rate_limit_interval" : "600", "available_mem_threshold": "10.0" }{%if not loop.last %},{% endif -%} +{% endfor %} + }, + "SYSLOG_CONFIG": { + "GLOBAL": { + "rate_limit_interval" : "0", + "rate_limit_burst" : "0" + } + }, + "SYSLOG_CONFIG_FEATURE": { +{%- for feature, _, _, _ in features %} + "{{feature}}": { + "rate_limit_interval" : "300", + "rate_limit_burst": "20000" + }{%if not loop.last %},{% endif -%} {% endfor %} }, "PASSW_HARDENING": { diff --git a/files/build_templates/manifest.json.j2 b/files/build_templates/manifest.json.j2 index dff92ac216..3deac2285e 100644 --- a/files/build_templates/manifest.json.j2 +++ b/files/build_templates/manifest.json.j2 @@ -28,6 +28,9 @@ "fast-shutdown": { "after": {{ fast_shutdown_after.split()|json if fast_shutdown_after is defined else [] }}, "before": {{ fast_shutdown_before.split()|json if fast_shutdown_before is defined else [] }} + }, + "syslog": { + "support-rate-limit": {{ support_rate_limit if support_rate_limit else 'true' }} } }, "container": { diff --git a/files/image_config/rsyslog/rsyslog.conf.j2 b/files/image_config/rsyslog/rsyslog.conf.j2 index 5db3ec86b7..d20fb5d00a 100644 --- a/files/image_config/rsyslog/rsyslog.conf.j2 +++ b/files/image_config/rsyslog/rsyslog.conf.j2 @@ -14,6 +14,25 @@ ################# $ModLoad imuxsock # provides support for local system logging + +{% if SYSLOG_CONFIG is defined %} +{% if 'GLOBAL' in SYSLOG_CONFIG %} +{% if 'rate_limit_interval' in SYSLOG_CONFIG['GLOBAL']%} +{% set rate_limit_interval = SYSLOG_CONFIG['GLOBAL']['rate_limit_interval'] %} +{% endif %} +{% if 'rate_limit_burst' in SYSLOG_CONFIG['GLOBAL']%} +{% set rate_limit_burst = SYSLOG_CONFIG['GLOBAL']['rate_limit_burst'] %} +{% endif %} +{% endif %} +{% endif %} + +{% if rate_limit_interval is defined %} +$SystemLogRateLimitInterval {{ rate_limit_interval }} +{% endif %} +{% if rate_limit_burst is defined %} +$SystemLogRateLimitBurst {{ rate_limit_burst }} +{% endif %} + $ModLoad imklog # provides kernel logging support #$ModLoad immark # provides --MARK-- message capability diff --git a/platform/broadcom/docker-saiserver-brcm/Dockerfile.j2 b/platform/broadcom/docker-saiserver-brcm/Dockerfile.j2 index afefd2a86d..2e83500b7e 100644 --- a/platform/broadcom/docker-saiserver-brcm/Dockerfile.j2 +++ b/platform/broadcom/docker-saiserver-brcm/Dockerfile.j2 @@ -2,7 +2,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/broadcom/docker-syncd-brcm-dnx/Dockerfile.j2 b/platform/broadcom/docker-syncd-brcm-dnx/Dockerfile.j2 index 230c2628f4..8bf6a4e502 100755 --- a/platform/broadcom/docker-syncd-brcm-dnx/Dockerfile.j2 +++ b/platform/broadcom/docker-syncd-brcm-dnx/Dockerfile.j2 @@ -3,8 +3,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/broadcom/docker-syncd-brcm/Dockerfile.j2 b/platform/broadcom/docker-syncd-brcm/Dockerfile.j2 index 6900e7c933..4037ddc6af 100755 --- a/platform/broadcom/docker-syncd-brcm/Dockerfile.j2 +++ b/platform/broadcom/docker-syncd-brcm/Dockerfile.j2 @@ -3,8 +3,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/cavium/docker-syncd-cavm/Dockerfile.j2 b/platform/cavium/docker-syncd-cavm/Dockerfile.j2 index f60fa0fe57..5932da2532 100755 --- a/platform/cavium/docker-syncd-cavm/Dockerfile.j2 +++ b/platform/cavium/docker-syncd-cavm/Dockerfile.j2 @@ -2,8 +2,6 @@ FROM docker-config-engine-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/centec-arm64/docker-saiserver-centec/Dockerfile.j2 b/platform/centec-arm64/docker-saiserver-centec/Dockerfile.j2 index 33941235bf..2e0e8ecca8 100644 --- a/platform/centec-arm64/docker-saiserver-centec/Dockerfile.j2 +++ b/platform/centec-arm64/docker-saiserver-centec/Dockerfile.j2 @@ -1,7 +1,6 @@ FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/centec-arm64/docker-syncd-centec/Dockerfile.j2 b/platform/centec-arm64/docker-syncd-centec/Dockerfile.j2 index 046de960cd..175d18505d 100755 --- a/platform/centec-arm64/docker-syncd-centec/Dockerfile.j2 +++ b/platform/centec-arm64/docker-syncd-centec/Dockerfile.j2 @@ -2,8 +2,6 @@ FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/centec/docker-saiserver-centec/Dockerfile.j2 b/platform/centec/docker-saiserver-centec/Dockerfile.j2 index 33941235bf..2e0e8ecca8 100644 --- a/platform/centec/docker-saiserver-centec/Dockerfile.j2 +++ b/platform/centec/docker-saiserver-centec/Dockerfile.j2 @@ -1,7 +1,6 @@ FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/centec/docker-syncd-centec/Dockerfile.j2 b/platform/centec/docker-syncd-centec/Dockerfile.j2 index c1d122eeb9..9993539887 100755 --- a/platform/centec/docker-syncd-centec/Dockerfile.j2 +++ b/platform/centec/docker-syncd-centec/Dockerfile.j2 @@ -2,8 +2,6 @@ FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/components/docker-gbsyncd-broncos/Dockerfile.j2 b/platform/components/docker-gbsyncd-broncos/Dockerfile.j2 index ca7670acb6..3bb3f40209 100644 --- a/platform/components/docker-gbsyncd-broncos/Dockerfile.j2 +++ b/platform/components/docker-gbsyncd-broncos/Dockerfile.j2 @@ -1,7 +1,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/components/docker-gbsyncd-credo/Dockerfile.j2 b/platform/components/docker-gbsyncd-credo/Dockerfile.j2 index 3010dc7fda..24fef740dc 100644 --- a/platform/components/docker-gbsyncd-credo/Dockerfile.j2 +++ b/platform/components/docker-gbsyncd-credo/Dockerfile.j2 @@ -1,7 +1,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/innovium/docker-syncd-invm/Dockerfile.j2 b/platform/innovium/docker-syncd-invm/Dockerfile.j2 index ef0c3d57e0..0811d044b0 100755 --- a/platform/innovium/docker-syncd-invm/Dockerfile.j2 +++ b/platform/innovium/docker-syncd-invm/Dockerfile.j2 @@ -1,7 +1,6 @@ FROM docker-config-engine-stretch-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/marvell-arm64/docker-syncd-mrvl/Dockerfile.j2 b/platform/marvell-arm64/docker-syncd-mrvl/Dockerfile.j2 index 7ec04c49fc..d07c252318 100755 --- a/platform/marvell-arm64/docker-syncd-mrvl/Dockerfile.j2 +++ b/platform/marvell-arm64/docker-syncd-mrvl/Dockerfile.j2 @@ -3,8 +3,6 @@ FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/marvell-armhf/docker-syncd-mrvl/Dockerfile.j2 b/platform/marvell-armhf/docker-syncd-mrvl/Dockerfile.j2 index b5e70888a5..84e3d5bde2 100755 --- a/platform/marvell-armhf/docker-syncd-mrvl/Dockerfile.j2 +++ b/platform/marvell-armhf/docker-syncd-mrvl/Dockerfile.j2 @@ -3,8 +3,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/marvell/docker-syncd-mrvl/Dockerfile.j2 b/platform/marvell/docker-syncd-mrvl/Dockerfile.j2 index cb2f7eadb9..4de6df3138 100755 --- a/platform/marvell/docker-syncd-mrvl/Dockerfile.j2 +++ b/platform/marvell/docker-syncd-mrvl/Dockerfile.j2 @@ -3,8 +3,6 @@ FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/mellanox/docker-saiserver-mlnx/Dockerfile.j2 b/platform/mellanox/docker-saiserver-mlnx/Dockerfile.j2 index 0f6745d580..40cf0634bb 100644 --- a/platform/mellanox/docker-saiserver-mlnx/Dockerfile.j2 +++ b/platform/mellanox/docker-saiserver-mlnx/Dockerfile.j2 @@ -18,7 +18,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/mellanox/docker-syncd-mlnx/Dockerfile.j2 b/platform/mellanox/docker-syncd-mlnx/Dockerfile.j2 index fd50f67495..a23baaec23 100755 --- a/platform/mellanox/docker-syncd-mlnx/Dockerfile.j2 +++ b/platform/mellanox/docker-syncd-mlnx/Dockerfile.j2 @@ -19,8 +19,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - RUN mkdir -p /var/run/sx_sdk ## Make apt-get non-interactive diff --git a/platform/nephos/docker-syncd-nephos/Dockerfile.j2 b/platform/nephos/docker-syncd-nephos/Dockerfile.j2 index 5077db7966..d26abf76a0 100755 --- a/platform/nephos/docker-syncd-nephos/Dockerfile.j2 +++ b/platform/nephos/docker-syncd-nephos/Dockerfile.j2 @@ -2,8 +2,6 @@ FROM docker-config-engine-stretch-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/p4/docker-sonic-p4/Dockerfile.j2 b/platform/p4/docker-sonic-p4/Dockerfile.j2 index e77781223d..80503b910e 100644 --- a/platform/p4/docker-sonic-p4/Dockerfile.j2 +++ b/platform/p4/docker-sonic-p4/Dockerfile.j2 @@ -1,7 +1,6 @@ FROM docker-config-engine-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/vs/docker-gbsyncd-vs/Dockerfile.j2 b/platform/vs/docker-gbsyncd-vs/Dockerfile.j2 index 4dd9abf49e..7e5219f551 100644 --- a/platform/vs/docker-gbsyncd-vs/Dockerfile.j2 +++ b/platform/vs/docker-gbsyncd-vs/Dockerfile.j2 @@ -2,8 +2,6 @@ FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/platform/vs/docker-sonic-vs/Dockerfile.j2 b/platform/vs/docker-sonic-vs/Dockerfile.j2 index 7585b7f6f6..56180b51b1 100644 --- a/platform/vs/docker-sonic-vs/Dockerfile.j2 +++ b/platform/vs/docker-sonic-vs/Dockerfile.j2 @@ -1,6 +1,7 @@ FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name +COPY ["etc/rsyslog.conf", "/etc/rsyslog.conf"] RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf ## Make apt-get non-interactive diff --git a/dockers/docker-base-bullseye/etc/rsyslog.conf b/platform/vs/docker-sonic-vs/etc/rsyslog.conf similarity index 99% rename from dockers/docker-base-bullseye/etc/rsyslog.conf rename to platform/vs/docker-sonic-vs/etc/rsyslog.conf index ef249229ab..aa638f77db 100644 --- a/dockers/docker-base-bullseye/etc/rsyslog.conf +++ b/platform/vs/docker-sonic-vs/etc/rsyslog.conf @@ -73,4 +73,4 @@ $RepeatedMsgReduction on ############### #### RULES #### -############### +############### \ No newline at end of file diff --git a/platform/vs/docker-syncd-vs/Dockerfile.j2 b/platform/vs/docker-syncd-vs/Dockerfile.j2 index dd6bc2d0f7..27506903b7 100644 --- a/platform/vs/docker-syncd-vs/Dockerfile.j2 +++ b/platform/vs/docker-syncd-vs/Dockerfile.j2 @@ -2,8 +2,6 @@ FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name -RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf - ## Make apt-get non-interactive ENV DEBIAN_FRONTEND=noninteractive diff --git a/rules/functions b/rules/functions index 62b3c8a983..ab0096d6ac 100644 --- a/rules/functions +++ b/rules/functions @@ -198,6 +198,7 @@ define generate_manifest $(eval export config_cli_plugin=$($(1).gz_CLI_CONFIG_PLUGIN)) $(eval export show_cli_plugin=$($(1).gz_CLI_SHOW_PLUGIN)) $(eval export clear_cli_plugin=$($(1).gz_CLI_CLEAR_PLUGIN)) + $(eval export support_rate_limit=$($(1).gz_SUPPORT_RATE_LIMIT)) j2 --customize scripts/j2cli/json_filter.py files/build_templates/manifest.json.j2 > $($(1).gz_PATH)/manifest.common.json if [ -f $($*.gz_PATH)/manifest.part.json.j2 ]; then j2 --customize scripts/j2cli/json_filter.py $($(1).gz_PATH)/manifest.part.json.j2 > $($(1).gz_PATH)/manifest.part.json diff --git a/src/sonic-containercfgd/containercfgd/containercfgd.py b/src/sonic-containercfgd/containercfgd/containercfgd.py index 14b47db3c0..4eda8a6d8b 100644 --- a/src/sonic-containercfgd/containercfgd/containercfgd.py +++ b/src/sonic-containercfgd/containercfgd/containercfgd.py @@ -149,7 +149,7 @@ class SyslogHandler: if os.path.exists(self.TMP_SYSLOG_CONF_PATH): os.remove(self.TMP_SYSLOG_CONF_PATH) with open(self.TMP_SYSLOG_CONF_PATH, 'w+') as f: - json_args = f'{{"target_ip": "127.0.0.1", "{self.target_ip}": "{container_name}" }}' + json_args = f'{{"target_ip": "{self.target_ip}", "container_name": "{container_name}" }}' output = run_command(['sonic-cfggen', '-d', '-t', '/usr/share/sonic/templates/rsyslog-container.conf.j2', '-a', json_args]) f.write(output) run_command(['cp', self.TMP_SYSLOG_CONF_PATH, self.SYSLOG_CONF_PATH])