Commit Graph

14 Commits

Author SHA1 Message Date
Mai Bui
6ea03f9f78
[docker-restapi] limit privileged flag for restapi container (#17138)
Why I did it
HLD implementation: Container Hardening (sonic-net/SONiC#1364)

Work item tracking
Microsoft ADO (number only): 14807420
How I did it
Reduce linux capabilities in privileged flag

How to verify it
Run restapi sonic-mgmt tests on sn4600c
Check container's settings: Privileged is false and container only has default Linux caps, does not have extended caps.
2023-11-21 14:50:31 +08:00
Saikrishna Arcot
24ae0a9606
Don't build libhiredis anymore (#15633)
### Why I did it

We're not adding any patch on top of hiredis, and there's no apparent reason to build this. Remove the build step here, and just install the package from the Debian repos.

##### Work item tracking
- Microsoft ADO **(number only)**: 24381590

#### How to verify it

Build the SONiC image, and load it. Verify that services come up.
2023-09-06 16:23:34 -07:00
xumia
7a226ffd0d
Support bullseye for docker-sonic-restapi docker-sonic-telemetry (#9791)
Support bullseye for docker-sonic-restapi docker-sonic-telemetry
Upgrade to bullseye and Golang-1.15 to support FIPS.
2022-01-21 08:41:39 +08:00
Saikrishna Arcot
6105684b9e Add infra to support building Bullseye base image with Buster containers
All docker containers will be built as Buster containers, from a Buster
slave. The base image and remaining packages that are installed onto the
host system will be built for Bullseye, from a Bullseye slave.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2021-11-10 15:27:22 -08:00
yozhao101
1a3cab43ac
[Monit] Deprecate the feature of monitoring the critical processes by Monit (#7676)
Signed-off-by: Yong Zhao yozhao@microsoft.com

Why I did it
Currently we leveraged the Supervisor to monitor the running status of critical processes in each container and it is more reliable and flexible than doing the monitoring by Monit. So we removed the functionality of monitoring the critical processes by Monit.

How I did it
I removed the script process_checker and corresponding Monit configuration entries of critical processes.

How to verify it
I verified this on the device str-7260cx3-acs-1.
2021-06-04 10:16:53 -07:00
Stepan Blyshchak
cd2c86eab6
[dockers] label SONiC Docker with manifest (#5939)
Signed-off-by: Stepan Blyschak stepanb@nvidia.com

This PR is part of SONiC Application Extension

Depends on #5938

- Why I did it
To provide an infrastructure change in order to support SONiC Application Extension feature.

- How I did it
Label every installable SONiC Docker with a minimal required manifest and auto-generate packages.json file based on
installed SONiC images.

- How to verify it
Build an image, execute the following command:

admin@sonic:~$ docker inspect docker-snmp:1.0.0 | jq '.[0].Config.Labels["com.azure.sonic.manifest"]' -r | jq
Cat /var/lib/sonic-package-manager/packages.json file to verify all dockers are listed there.
2021-04-26 13:51:50 -07:00
Sumukha Tumkur Vani
c427e72b49
Disable port 8090 (#6764) 2021-02-10 22:10:19 -08:00
lguohan
082c26a27d
[build]: combine feature and container feature table (#5081)
1. remove container feature table
2. do not generate feature entry if the feature is not included
   in the image
3. rename ENABLE_* to INCLUDE_* for better clarity
4. rename feature status to feature state
5. [submodule]: update sonic-utilities

* 9700e45 2020-08-03 | [show/config]: combine feature and container feature cli (#1015) (HEAD, origin/master, origin/HEAD) [lguohan]
* c9d3550 2020-08-03 | [tests]: fix drops_group_test failure on second run (#1023) [lguohan]
* dfaae69 2020-08-03 | [lldpshow]: Fix input device is not a TTY error (#1016) [Arun Saravanan Balachandran]
* 216688e 2020-08-02 | [tests]: rename sonic-utilitie-tests to tests (#1022) [lguohan]

Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-08-05 13:23:12 -07:00
Sumukha Tumkur Vani
e1ba5b0f5f
[docker-restapi]: add restapi config to config Db (#4495) 2020-04-30 00:25:49 -07:00
Prince Sunny
4adf243260
Fix docker restapi start issue, undefined error (#4475) 2020-04-24 12:43:56 -07:00
Sumukha Tumkur Vani
12400a447c
[docker-restapi]: Fix authentication in restapi (#4383)
- enabling http/https endpoint and mounting the certificates directory
- updating the sonic-restapi submodule
2020-04-15 02:08:45 -07:00
Prince Sunny
31fb631cd3
Fix service and container name to be same (#4151) 2020-02-14 11:08:57 -08:00
Sumukha Tumkur Vani
ebb07d9942 [docker-restapi]: Avoid building RestAPI docker by default (#4018)
Provide build option for RESTAPI docker
2020-01-14 17:13:45 -08:00
Sumukha Tumkur Vani
3b1ee5dc2b
Changes to build restapi docker (#3993) 2020-01-10 13:46:32 -08:00