f30fb6ec58
Why I did it This PR addresses the issue mentioned above by loading the acl config as a service on a storage backend device How I did it The new acl service is a oneshot service which will start after swss and does some retries to ensure that the SWITCH_CAPABILITY info is present before attempting to load the acl rules. The service is also bound to sonic targets which ensures that it gets restarted during minigraph reload and config reload How to verify it Build an image with the following changes and did the following tests Verified that acl is loaded successfully on a storage backend device after a switch boot up Verified that acl is loaded successfully on a storage backend ToR after minigraph load and config reload Verified that acl is not loaded if the device is not a storage backend ToR or the device does not have a DATAACL table Signed-off-by: Neetha John <nejo@microsoft.com>
13 lines
212 B
Desktop File
13 lines
212 B
Desktop File
[Unit]
|
|
Description=Enable backend acl on storage backend ToRs
|
|
After=swss.service
|
|
BindsTo=sonic.target
|
|
After=sonic.target
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/usr/bin/backend_acl.py
|
|
|
|
[Install]
|
|
WantedBy=sonic.target
|