matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
516ff8bfff
sonic-buildimage/dockers
History
Ze Gan 4068944202
[MACsec]: Set MACsec feature to be auto-start (#6678) 
1. Add supervisord as the entrypoint of docker-macsec
2. Add wpa_supplicant conf into docker-macsec
3. Set the macsecmgrd as the critical_process
4. Configure supervisor to monitor macsecmgrd
5. Set macsec in the features list
6. Add config variable `INCLUDE_MACSEC`
7. Add macsec.service

**- How to verify it**

Change the `/etc/sonic/config_db.json` as follow
```
{
    "PORT": {
        "Ethernet0": {
            ...
            "macsec": "test"
         }
    }
    ...
    "MACSEC_PROFILE": {
        "test": {
            "priority": 64,
            "cipher_suite": "GCM-AES-128",
            "primary_cak": "0123456789ABCDEF0123456789ABCDEF",
            "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
            "policy": "security"
        }
    }
}
```
To execute `sudo config reload -y`, We should find the following new items were inserted in app_db of redis
```
127.0.0.1:6379> keys *MAC*
1) "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538"
2) "MACSEC_PORT_TABLE:Ethernet0"
127.0.0.1:6379> hgetall "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538"
1) "ssci"
2) ""
3) "encoding_an"
4) "0"
127.0.0.1:6379> hgetall "MACSEC_PORT_TABLE:Ethernet0"
 1) "enable"
 2) "false"
 3) "cipher_suite"
 4) "GCM-AES-128"
 5) "enable_protect"
 6) "true"
 7) "enable_encrypt"
 8) "true"
 9) "enable_replay_protect"
10) "false"
11) "replay_window"
12) "0"
```

Signed-off-by: Ze Gan <ganze718@gmail.com>
2021-02-23 13:22:45 -08:00
..
docker-base [rsyslog]: Explicitly set the notify mode for rsyslog imfile module (#6351) 2021-01-06 00:00:18 -08:00
docker-base-buster Updated imfile configuration for supervisord logs (#6368) 2021-01-06 18:47:36 -08:00
docker-base-stretch Updated imfile configuration for supervisord logs (#6368) 2021-01-06 18:47:36 -08:00
docker-basic_router [supervisord]: use abspath as supervisord entrypoint (#5995) 2020-11-22 21:18:44 -08:00
docker-config-engine [docker-base-buster][docker-config-engine-buster] No longer install Python 2 (#6162) 2020-12-25 21:29:25 -08:00
docker-config-engine-buster [docker-base-buster][docker-config-engine-buster] No longer install Python 2 (#6162) 2020-12-25 21:29:25 -08:00
docker-config-engine-stretch [docker-base-buster][docker-config-engine-buster] No longer install Python 2 (#6162) 2020-12-25 21:29:25 -08:00
docker-database [supervisord] Monitoring the critical processes with supervisord. (#6242) 2021-01-21 12:57:49 -08:00
docker-dhcp-relay [dhcp-relay]: Launch DHCP Relay On L3 Vlan (#6527) 2021-01-25 10:48:48 -08:00
docker-fpm-frr [docker-fpm-frr]: TSA/B/C changes for multi-asic (#6510) 2021-02-12 10:56:44 -08:00
docker-fpm-gobgp [supervisord] Monitoring the critical processes with supervisord. (#6242) 2021-01-21 12:57:49 -08:00
docker-fpm-quagga [supervisord] Monitoring the critical processes with supervisord. (#6242) 2021-01-21 12:57:49 -08:00
docker-iccpd [supervisord]: use abspath as supervisord entrypoint (#5995) 2020-11-22 21:18:44 -08:00
docker-lldp [supervisord] Monitoring the critical processes with supervisord. (#6242) 2021-01-21 12:57:49 -08:00
docker-macsec [MACsec]: Set MACsec feature to be auto-start (#6678) 2021-02-23 13:22:45 -08:00
docker-nat [supervisord] Monitoring the critical processes with supervisord. (#6242) 2021-01-21 12:57:49 -08:00
docker-orchagent Enable SAI_INGRESS_PRIORITY_GROUP_STAT_DROPPED_PACKETS counter by default (#6444) 2021-02-17 10:04:48 -08:00
docker-platform-monitor [pmon]: Run ledd using python3 unless excluded (#6528) 2021-01-22 07:12:01 -08:00
docker-ptf [docker-ptf]: build docker ptf 2021-01-27 08:28:21 -08:00
docker-router-advertiser [radv] Disable radv for specific deployment_id (#6830) 2021-02-20 11:01:12 -08:00
docker-sflow [supervisord] Monitoring the critical processes with supervisord. (#6242) 2021-01-21 12:57:49 -08:00
docker-snmp [supervisord] Monitoring the critical processes with supervisord. (#6242) 2021-01-21 12:57:49 -08:00
docker-sonic-mgmt [docker-sonic-mgmt]: Upgrade Tgen API from 0.0.42 to 0.0.70 (#6275) 2020-12-24 01:53:31 -08:00
docker-sonic-mgmt-framework [docker-base-buster][docker-config-engine-buster] No longer install Python 2 (#6162) 2020-12-25 21:29:25 -08:00
docker-sonic-restapi [supervisord] Monitoring the critical processes with supervisord. (#6242) 2021-01-21 12:57:49 -08:00
docker-sonic-telemetry [StreamingTelemetry] add noTLS support for debug purpose (#6704) 2021-02-17 17:23:00 -08:00
docker-teamd [supervisord] Monitoring the critical processes with supervisord. (#6242) 2021-01-21 12:57:49 -08:00
dockerfile-macros.j2 [sonic-config-engine] Clean up dependencies, pin versions; install Python 3 package in Buster container (#5656) 2020-10-26 13:48:50 -07:00