[sonic-buildimage] Changes to make network specific sysctl common for both host and docker namespace (#4838)
* [sonic-buildimage] Changes to make network specific sysctl common for both host and docker namespace (in multi-npu). This change is triggered with issue found in multi-npu platforms where in docker namespace net.ipv6.conf.all.forwarding was 0 (should be 1) because of which RS/RA message were triggered and link-local router were learnt. Beside this there were some other sysctl.net.ipv6* params whose value in docker namespace is not same as host namespace. So to make we are always in sync in host and docker namespace created common file that list all sysctl.net.* params and used both by host and docker namespace. Any change will get applied to both namespace. Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Address Review Comments and made sure to invoke augtool only one and do string concatenation of all set commands * Address Review Comments.
This commit is contained in:
parent
5eabae1ede
commit
fc6bcff52b
@ -389,62 +389,27 @@ rm /files/lib/systemd/system/rsyslog.service/Service/ExecStart/arguments
|
||||
set /files/lib/systemd/system/rsyslog.service/Service/ExecStart/arguments/1 -n
|
||||
"
|
||||
|
||||
## Config sysctl
|
||||
sudo mkdir -p $FILESYSTEM_ROOT/var/core
|
||||
|
||||
# Config sysctl
|
||||
sudo augtool --autosave "
|
||||
set /files/etc/sysctl.conf/kernel.core_pattern '|/usr/bin/coredump-compress %e %t %p'
|
||||
|
||||
set /files/etc/sysctl.conf/kernel.softlockup_panic 1
|
||||
set /files/etc/sysctl.conf/kernel.panic 10
|
||||
set /files/etc/sysctl.conf/vm.panic_on_oom 2
|
||||
set /files/etc/sysctl.conf/fs.suid_dumpable 2
|
||||
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.default.forwarding 1
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.forwarding 1
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.eth0.forwarding 0
|
||||
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_accept 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_announce 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_filter 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_notify 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_ignore 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_accept 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_announce 1
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_filter 0
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_notify 1
|
||||
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_ignore 2
|
||||
|
||||
set /files/etc/sysctl.conf/net.ipv4.neigh.default.base_reachable_time_ms 1800000
|
||||
set /files/etc/sysctl.conf/net.ipv6.neigh.default.base_reachable_time_ms 1800000
|
||||
set /files/etc/sysctl.conf/net.ipv4.neigh.default.gc_thresh1 1024
|
||||
set /files/etc/sysctl.conf/net.ipv6.neigh.default.gc_thresh1 1024
|
||||
set /files/etc/sysctl.conf/net.ipv4.neigh.default.gc_thresh2 2048
|
||||
set /files/etc/sysctl.conf/net.ipv6.neigh.default.gc_thresh2 2048
|
||||
set /files/etc/sysctl.conf/net.ipv4.neigh.default.gc_thresh3 4096
|
||||
set /files/etc/sysctl.conf/net.ipv6.neigh.default.gc_thresh3 4096
|
||||
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.default.forwarding 1
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.all.forwarding 1
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.eth0.forwarding 0
|
||||
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.default.accept_dad 0
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.all.accept_dad 0
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.eth0.accept_dad 0
|
||||
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.default.keep_addr_on_down 1
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.all.keep_addr_on_down 1
|
||||
set /files/etc/sysctl.conf/net.ipv6.conf.eth0.keep_addr_on_down 1
|
||||
|
||||
set /files/etc/sysctl.conf/net.ipv4.tcp_l3mdev_accept 1
|
||||
set /files/etc/sysctl.conf/net.ipv4.udp_l3mdev_accept 1
|
||||
|
||||
set /files/etc/sysctl.conf/net.core.rmem_max 2097152
|
||||
set /files/etc/sysctl.conf/net.core.wmem_max 2097152
|
||||
|
||||
set /files/etc/sysctl.conf/net.core.somaxconn 512
|
||||
|
||||
" -r $FILESYSTEM_ROOT
|
||||
|
||||
sysctl_net_cmd_string=""
|
||||
while read line; do
|
||||
[[ "$line" =~ ^#.*$ ]] && continue
|
||||
sysctl_net_conf_key=`echo $line | awk -F '=' '{print $1}'`
|
||||
sysctl_net_conf_value=`echo $line | awk -F '=' '{print $2}'`
|
||||
sysctl_net_cmd_string=$sysctl_net_cmd_string"set /files/etc/sysctl.conf/$sysctl_net_conf_key $sysctl_net_conf_value"$'\n'
|
||||
done < files/image_config/sysctl/sysctl-net.conf
|
||||
|
||||
sudo augtool --autosave "$sysctl_net_cmd_string" -r $FILESYSTEM_ROOT
|
||||
|
||||
## docker Python API package is needed by Ansible docker module
|
||||
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip install 'docker==4.1.0'
|
||||
## Note: keep pip installed for maintainance purpose
|
||||
|
@ -40,6 +40,7 @@ COPY ["docker-database-init.sh", "/usr/local/bin/"]
|
||||
COPY ["database_config.json.j2", "/usr/share/sonic/templates/"]
|
||||
COPY ["database_global.json.j2", "/usr/share/sonic/templates/"]
|
||||
COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
|
||||
COPY ["files/sysctl-net.conf", "/etc/sysctl.d/"]
|
||||
COPY ["critical_processes", "/etc/supervisor"]
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/docker-database-init.sh"]
|
||||
|
@ -91,7 +91,7 @@ function postStartAction()
|
||||
{
|
||||
{%- if docker_container_name == "database" %}
|
||||
if [ "$DEV" ]; then
|
||||
docker exec -i database$DEV sysctl -w net.ipv6.conf.all.disable_ipv6=0
|
||||
docker exec -i database$DEV sysctl --system -e
|
||||
link_namespace $DEV
|
||||
fi
|
||||
|
||||
|
39
files/image_config/sysctl/sysctl-net.conf
Normal file
39
files/image_config/sysctl/sysctl-net.conf
Normal file
@ -0,0 +1,39 @@
|
||||
# All the sysctl for ipv4/ipv6 network.
|
||||
# Same will be used in host or docker namespace
|
||||
# It should be provided as key=value format for parsing
|
||||
net.ipv6.conf.all.disable_ipv6=0
|
||||
net.ipv4.conf.default.forwarding=1
|
||||
net.ipv4.conf.all.forwarding=1
|
||||
net.ipv4.conf.eth0.forwarding=0
|
||||
net.ipv4.conf.default.arp_accept=0
|
||||
net.ipv4.conf.default.arp_announce=0
|
||||
net.ipv4.conf.default.arp_filter=0
|
||||
net.ipv4.conf.default.arp_notify=0
|
||||
net.ipv4.conf.default.arp_ignore=0
|
||||
net.ipv4.conf.all.arp_accept=0
|
||||
net.ipv4.conf.all.arp_announce=1
|
||||
net.ipv4.conf.all.arp_filter=0
|
||||
net.ipv4.conf.all.arp_notify=1
|
||||
net.ipv4.conf.all.arp_ignore=2
|
||||
net.ipv4.neigh.default.base_reachable_time_ms=1800000
|
||||
net.ipv6.neigh.default.base_reachable_time_ms=1800000
|
||||
net.ipv4.neigh.default.gc_thresh1=1024
|
||||
net.ipv6.neigh.default.gc_thresh1=1024
|
||||
net.ipv4.neigh.default.gc_thresh2=2048
|
||||
net.ipv6.neigh.default.gc_thresh2=2048
|
||||
net.ipv4.neigh.default.gc_thresh3=4096
|
||||
net.ipv6.neigh.default.gc_thresh3=4096
|
||||
net.ipv6.conf.default.forwarding=1
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
net.ipv6.conf.eth0.forwarding=0
|
||||
net.ipv6.conf.default.accept_dad=0
|
||||
net.ipv6.conf.all.accept_dad=0
|
||||
net.ipv6.conf.eth0.accept_dad=0
|
||||
net.ipv6.conf.default.keep_addr_on_down=1
|
||||
net.ipv6.conf.all.keep_addr_on_down=1
|
||||
net.ipv6.conf.eth0.keep_addr_on_down=1
|
||||
net.ipv4.tcp_l3mdev_accept=1
|
||||
net.ipv4.udp_l3mdev_accept=1
|
||||
net.core.rmem_max=2097152
|
||||
net.core.wmem_max=2097152
|
||||
net.core.somaxconn=512
|
@ -24,4 +24,4 @@ $(DOCKER_DATABASE)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
|
||||
|
||||
$(DOCKER_DATABASE)_BASE_IMAGE_FILES += redis-cli:/usr/bin/redis-cli
|
||||
$(DOCKER_DATABASE)_BASE_IMAGE_FILES += monit_database:/etc/monit/conf.d
|
||||
$(DOCKER_DATABASE)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
|
||||
$(DOCKER_DATABASE)_FILES += $(SYSCTL_NET_CONFIG) $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
|
||||
|
@ -14,10 +14,12 @@ $(QOS_CONFIG_TEMPLATE)_PATH = files/build_templates
|
||||
SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT = supervisor-proc-exit-listener
|
||||
$(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)_PATH = files/scripts
|
||||
|
||||
SYSCTL_NET_CONFIG = sysctl-net.conf
|
||||
$(SYSCTL_NET_CONFIG)_PATH = files/image_config/sysctl
|
||||
|
||||
SONIC_COPY_FILES += $(CONFIGDB_LOAD_SCRIPT) \
|
||||
$(ARP_UPDATE_SCRIPT) \
|
||||
$(BUFFERS_CONFIG_TEMPLATE) \
|
||||
$(QOS_CONFIG_TEMPLATE) \
|
||||
$(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
|
||||
|
||||
|
||||
$(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT) \
|
||||
$(SYSCTL_NET_CONFIG)
|
||||
|
Loading…
Reference in New Issue
Block a user