sonic-buildimage

matthew/sonic-buildimage

Fork 0

Commit Graph

Author	SHA1	Message	Date
Joe LeVeque	c651a9ade4	[dockers][supervisor] Increase event buffer size for process exit listener; Set all event buffer sizes to 1024 (#7083 ) To prevent error [messages](https://dev.azure.com/mssonic/build/_build/results?buildId=2254&view=logs&j=9a13fbcd-e92d-583c-2f89-d81f90cac1fd&t=739db6ba-1b35-5485-5697-de102068d650&l=802) like the following from being logged: ``` Mar 17 02:33:48.523153 vlab-01 INFO swss#supervisord 2021-03-17 02:33:48,518 ERRO pool supervisor-proc-exit-listener event buffer overflowed, discarding event 46 ``` This is basically an addendum to https://github.com/Azure/sonic-buildimage/pull/5247, which increased the event buffer size for dependent-startup. While supervisor-proc-exit-listener doesn't subscribe to as many events as dependent-startup, there is still a chance some containers (like swss, as in the example above) have enough processes running to cause an overflow of the default buffer size of 10. This is especially important for preventing erroneous log_analyzer failures in the sonic-mgmt repo regression tests, which have started occasionally causing PR check builds to fail. Example [here](https://dev.azure.com/mssonic/build/_build/results?buildId=2254&view=logs&j=9a13fbcd-e92d-583c-2f89-d81f90cac1fd&t=739db6ba-1b35-5485-5697-de102068d650&l=802). I set all supervisor-proc-exit-listener event buffer sizes to 1024, and also updated all dependent-startup event buffer sizes to 1024, as well, to keep things simple, unified, and allow headroom so that we will not need to adjust these values frequently, if at all.	2021-03-27 21:14:24 -07:00
Ze Gan	4068944202	[MACsec]: Set MACsec feature to be auto-start (#6678 ) 1. Add supervisord as the entrypoint of docker-macsec 2. Add wpa_supplicant conf into docker-macsec 3. Set the macsecmgrd as the critical_process 4. Configure supervisor to monitor macsecmgrd 5. Set macsec in the features list 6. Add config variable `INCLUDE_MACSEC` 7. Add macsec.service - How to verify it Change the `/etc/sonic/config_db.json` as follow ``` { "PORT": { "Ethernet0": { ... "macsec": "test" } } ... "MACSEC_PROFILE": { "test": { "priority": 64, "cipher_suite": "GCM-AES-128", "primary_cak": "0123456789ABCDEF0123456789ABCDEF", "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435", "policy": "security" } } } ``` To execute `sudo config reload -y`, We should find the following new items were inserted in app_db of redis ``` 127.0.0.1:6379> keys MAC 1) "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538" 2) "MACSEC_PORT_TABLE:Ethernet0" 127.0.0.1:6379> hgetall "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538" 1) "ssci" 2) "" 3) "encoding_an" 4) "0" 127.0.0.1:6379> hgetall "MACSEC_PORT_TABLE:Ethernet0" 1) "enable" 2) "false" 3) "cipher_suite" 4) "GCM-AES-128" 5) "enable_protect" 6) "true" 7) "enable_encrypt" 8) "true" 9) "enable_replay_protect" 10) "false" 11) "replay_window" 12) "0" ``` Signed-off-by: Ze Gan <ganze718@gmail.com>	2021-02-23 13:22:45 -08:00
Ze Gan	c22575218a	[docker-macsec]: MACsec container and wpa_supplicant component (#5700 ) The HLD about MACsec feature is at : https://github.com/Azure/SONiC/blob/master/doc/macsec/MACsec_hld.md - How to verify it This PR doesn't set MACsec container automatically start, You should manually start the container by docker run docker-macsec wpa_supplicant binary can be found at MACsec container. This PR depends on the PR, WPA_SUPPLICANT, and The MACsec container will be set as automatically start by later PR. Signed-off-by: zegan <zegan@microsoft.com>	2021-01-10 10:39:59 -08:00

Author

SHA1

Message

Date

Joe LeVeque

c651a9ade4

[dockers][supervisor] Increase event buffer size for process exit listener; Set all event buffer sizes to 1024 (#7083 )

To prevent error [messages](https://dev.azure.com/mssonic/build/_build/results?buildId=2254&view=logs&j=9a13fbcd-e92d-583c-2f89-d81f90cac1fd&t=739db6ba-1b35-5485-5697-de102068d650&l=802) like the following from being logged:

```
Mar 17 02:33:48.523153 vlab-01 INFO swss#supervisord 2021-03-17 02:33:48,518 ERRO pool supervisor-proc-exit-listener event buffer overflowed, discarding event 46
```

This is basically an addendum to https://github.com/Azure/sonic-buildimage/pull/5247, which increased the event buffer size for dependent-startup. While supervisor-proc-exit-listener doesn't subscribe to as many events as dependent-startup, there is still a chance some containers (like swss, as in the example above) have enough processes running to cause an overflow of the default buffer size of 10.

This is especially important for preventing erroneous log_analyzer failures in the sonic-mgmt repo regression tests, which have started occasionally causing PR check builds to fail. Example [here](https://dev.azure.com/mssonic/build/_build/results?buildId=2254&view=logs&j=9a13fbcd-e92d-583c-2f89-d81f90cac1fd&t=739db6ba-1b35-5485-5697-de102068d650&l=802).

I set all supervisor-proc-exit-listener event buffer sizes to 1024, and also updated all dependent-startup event buffer sizes to 1024, as well, to keep things simple, unified, and allow headroom so that we will not need to adjust these values frequently, if at all.

2021-03-27 21:14:24 -07:00

Ze Gan

4068944202

[MACsec]: Set MACsec feature to be auto-start (#6678 )

1. Add supervisord as the entrypoint of docker-macsec
2. Add wpa_supplicant conf into docker-macsec
3. Set the macsecmgrd as the critical_process
4. Configure supervisor to monitor macsecmgrd
5. Set macsec in the features list
6. Add config variable `INCLUDE_MACSEC`
7. Add macsec.service

**- How to verify it**

Change the `/etc/sonic/config_db.json` as follow
```
{
    "PORT": {
        "Ethernet0": {
            ...
            "macsec": "test"
         }
    }
    ...
    "MACSEC_PROFILE": {
        "test": {
            "priority": 64,
            "cipher_suite": "GCM-AES-128",
            "primary_cak": "0123456789ABCDEF0123456789ABCDEF",
            "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
            "policy": "security"
        }
    }
}
```
To execute `sudo config reload -y`, We should find the following new items were inserted in app_db of redis
```
127.0.0.1:6379> keys *MAC*
1) "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538"
2) "MACSEC_PORT_TABLE:Ethernet0"
127.0.0.1:6379> hgetall "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538"
1) "ssci"
2) ""
3) "encoding_an"
4) "0"
127.0.0.1:6379> hgetall "MACSEC_PORT_TABLE:Ethernet0"
 1) "enable"
 2) "false"
 3) "cipher_suite"
 4) "GCM-AES-128"
 5) "enable_protect"
 6) "true"
 7) "enable_encrypt"
 8) "true"
 9) "enable_replay_protect"
10) "false"
11) "replay_window"
12) "0"
```

Signed-off-by: Ze Gan <ganze718@gmail.com>

2021-02-23 13:22:45 -08:00

Ze Gan

c22575218a

[docker-macsec]: MACsec container and wpa_supplicant component (#5700 )

The HLD about MACsec feature is at :

https://github.com/Azure/SONiC/blob/master/doc/macsec/MACsec_hld.md

- How to verify it
This PR doesn't set MACsec container automatically start, You should manually start the container by docker run docker-macsec
wpa_supplicant binary can be found at MACsec container.
This PR depends on the PR, WPA_SUPPLICANT, and The MACsec container will be set as automatically start by later PR.

Signed-off-by: zegan <zegan@microsoft.com>

2021-01-10 10:39:59 -08:00

3 Commits