From fe60122996c29a2d91e1c42452d77df399b0e50a Mon Sep 17 00:00:00 2001 From: nikos Date: Tue, 20 Nov 2018 16:25:10 -0800 Subject: [PATCH 1/2] Routing application split config support Signed-off-by: nikos --- build_debian.sh | 7 +++++++ dockers/docker-fpm-frr/Dockerfile.j2 | 9 +++++++++ dockers/docker-fpm-frr/config.sh | 7 ++++++- files/build_templates/sonic_debian_extension.j2 | 11 +++++++++++ rules/config | 5 +++++ rules/docker-fpm-frr.mk | 1 + slave.mk | 17 +++++++++++++++++ src/sonic-config-engine/minigraph.py | 5 +++++ 8 files changed, 61 insertions(+), 1 deletion(-) diff --git a/build_debian.sh b/build_debian.sh index 24552cfe4441..a23874ad7c81 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -177,6 +177,13 @@ sudo LANG=C chroot $FILESYSTEM_ROOT useradd -G sudo,docker $USERNAME -c "$DEFAUL ## Create password for the default user echo "$USERNAME:$PASSWORD" | sudo LANG=C chroot $FILESYSTEM_ROOT chpasswd +if [ "$SONIC_ROUTING_STACK" == "frr" ]; then + sudo LANG=C chroot $FILESYSTEM_ROOT groupadd -g $FRR_USER_GID frr + sudo LANG=C chroot $FILESYSTEM_ROOT groupadd -g $FRR_VTY_GID frrvty + sudo LANG=C chroot $FILESYSTEM_ROOT useradd -u $FRR_USER_UID -g $FRR_USER_GID -M -s /bin/false frr + sudo LANG=C chroot $FILESYSTEM_ROOT usermod -a -G frr,frrvty frr +fi + ## Pre-install hardware drivers sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install \ firmware-linux-nonfree diff --git a/dockers/docker-fpm-frr/Dockerfile.j2 b/dockers/docker-fpm-frr/Dockerfile.j2 index d0fd6f53d6b5..b076c0b48d9f 100644 --- a/dockers/docker-fpm-frr/Dockerfile.j2 +++ b/dockers/docker-fpm-frr/Dockerfile.j2 @@ -1,6 +1,10 @@ FROM docker-config-engine ARG docker_container_name +ARG frr_user_uid +ARG frr_user_gid +ARG frr_vty_gid + RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf # Make apt-get non-interactive @@ -18,6 +22,11 @@ RUN apt-get install -y libdbus-1-3 libdaemon0 libjansson4 libc-ares2 iproute lib COPY debs/{{ deb }} /debs/ {%- endfor %} +RUN groupadd -g ${frr_user_gid} frr +RUN groupadd -g ${frr_vty_gid} frrvty +RUN useradd -u ${frr_user_uid} -g ${frr_user_gid} -M -s /bin/false frr +RUN usermod -a -G frr,frrvty frr + # Install locally-built Debian packages and implicitly install their dependencies {%- for deb in docker_fpm_frr_debs.split(' ') %} RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /debs/{{ deb }} diff --git a/dockers/docker-fpm-frr/config.sh b/dockers/docker-fpm-frr/config.sh index a0039abf5e73..5e481d0c8516 100755 --- a/dockers/docker-fpm-frr/config.sh +++ b/dockers/docker-fpm-frr/config.sh @@ -1,7 +1,12 @@ #!/bin/bash mkdir -p /etc/frr -sonic-cfggen -d -t /usr/share/sonic/templates/frr.conf.j2 >/etc/frr/frr.conf + +CONFIG_TYPE=`sonic-cfggen -d -v 'DEVICE_METADATA["localhost"]["docker_routing_config_mode"]'` + +if [ -z "$CONFIG_TYPE" ] || [ "$CONFIG_TYPE" == "unified" ]; then + sonic-cfggen -d -t /usr/share/sonic/templates/frr.conf.j2 >/etc/frr/frr.conf +fi sonic-cfggen -d -t /usr/share/sonic/templates/isolate.j2 >/usr/sbin/bgp-isolate chown root:root /usr/sbin/bgp-isolate diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 387ab563cfae..037d2bd918a4 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -310,3 +310,14 @@ sudo cp target/files/$MLNX_FW_FILE $FILESYSTEM_ROOT/etc/mlnx/fw-SPC.mfa j2 platform/mellanox/mlnx-fw-upgrade.j2 | sudo tee $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh {% endif %} + +{%- if SONIC_ROUTING_STACK == "frr" %} +sudo mkdir $FILESYSTEM_ROOT/etc/sonic/frr +sudo touch $FILESYSTEM_ROOT/etc/sonic/frr/frr.conf +sudo touch $FILESYSTEM_ROOT/etc/sonic/frr/vtysh.conf +sudo cp dockers/docker-fpm-frr/daemons.conf $FILESYSTEM_ROOT/etc/sonic/frr/ +sudo cp dockers/docker-fpm-frr/daemons $FILESYSTEM_ROOT/etc/sonic/frr/ +sudo chown -R $FRR_USER_UID:$FRR_USER_GID $FILESYSTEM_ROOT/etc/sonic/frr +sudo chmod 750 $FILESYSTEM_ROOT/etc/sonic/frr +sudo chmod -R 640 $FILESYSTEM_ROOT/etc/sonic/frr/ +{%- endif %} diff --git a/rules/config b/rules/config index 3e7608d85a73..0dabf2c3cb6a 100644 --- a/rules/config +++ b/rules/config @@ -75,3 +75,8 @@ ENABLE_ORGANIZATION_EXTENSIONS = y # build: build kernel from source # download: download pre-built kernel from Azure storage. DEFAULT_KERNEL_PROCURE_METHOD = build + +# FRR user and group id values. These only take effect when SONIC_ROUTING_STACK is frr. +FRR_USER_UID = 300 +FRR_USER_GID = 300 +FRR_VTY_GID = 301 \ No newline at end of file diff --git a/rules/docker-fpm-frr.mk b/rules/docker-fpm-frr.mk index eedbc13c4e6c..f9a858611fa1 100644 --- a/rules/docker-fpm-frr.mk +++ b/rules/docker-fpm-frr.mk @@ -9,5 +9,6 @@ SONIC_DOCKER_IMAGES += $(DOCKER_FPM_FRR) $(DOCKER_FPM_FRR)_CONTAINER_NAME = bgp $(DOCKER_FPM_FRR)_RUN_OPT += --net=host --privileged -t $(DOCKER_FPM_FRR)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro +$(DOCKER_FPM_FRR)_RUN_OPT += -v /etc/sonic/frr:/etc/frr:rw $(DOCKER_FPM_FRR)_BASE_IMAGE_FILES += vtysh:/usr/bin/vtysh diff --git a/slave.mk b/slave.mk index e6306d166156..73e5635f3487 100644 --- a/slave.mk +++ b/slave.mk @@ -116,6 +116,15 @@ endif MAKEFLAGS += -j $(SONIC_BUILD_JOBS) export SONIC_CONFIG_MAKE_JOBS +############################################################################### +## Routing stack related exports +############################################################################### + +export SONIC_ROUTING_STACK +export FRR_USER_UID +export FRR_USER_GID +export FRR_VTY_GID + ############################################################################### ## Dumping key config attributes associated to current building exercise ############################################################################### @@ -134,6 +143,11 @@ $(info "SHUTDOWN_BGP_ON_START" : "$(SHUTDOWN_BGP_ON_START)") $(info "ENABLE_PFCWD_ON_START" : "$(ENABLE_PFCWD_ON_START)") $(info "INSTALL_DEBUG_TOOLS" : "$(INSTALL_DEBUG_TOOLS)") $(info "ROUTING_STACK" : "$(SONIC_ROUTING_STACK)") +ifeq ($(SONIC_ROUTING_STACK),frr) +$(info "FRR_USER_UID" : "$(FRR_USER_UID)") +$(info "FRR_USER_GID" : "$(FRR_USER_GID)") +$(info "FRR_VTY_GID" : "$(FRR_VTY_GID)") +endif $(info "ENABLE_SYNCD_RPC" : "$(ENABLE_SYNCD_RPC)") $(info "ENABLE_ORGANIZATION_EXTENSIONS" : "$(ENABLE_ORGANIZATION_EXTENSIONS)") $(info "HTTP_PROXY" : "$(HTTP_PROXY)") @@ -437,6 +451,9 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_DOCKER_IMAGES)) : $(TARGET_PATH)/%.gz : .pl --build-arg uid=$(UID) \ --build-arg guid=$(GUID) \ --build-arg docker_container_name=$($*.gz_CONTAINER_NAME) \ + --build-arg frr_user_uid=$(FRR_USER_UID) \ + --build-arg frr_user_gid=$(FRR_USER_GID) \ + --build-arg frr_vty_gid=$(FRR_VTY_GID) \ --label Tag=$(SONIC_GET_VERSION) \ -t $* $($*.gz_PATH) $(LOG) docker save $* | gzip -c > $@ diff --git a/src/sonic-config-engine/minigraph.py b/src/sonic-config-engine/minigraph.py index 2352229decf1..879be0f95d7a 100644 --- a/src/sonic-config-engine/minigraph.py +++ b/src/sonic-config-engine/minigraph.py @@ -422,6 +422,7 @@ def parse_xml(filename, platform=None, port_config_file=None): neighbors = None devices = None hostname = None + docker_routing_config_mode = "unified" port_speeds_default = {} port_speed_png = {} port_descriptions = {} @@ -437,11 +438,14 @@ def parse_xml(filename, platform=None, port_config_file=None): hwsku_qn = QName(ns, "HwSku") hostname_qn = QName(ns, "Hostname") + docker_routing_config_mode_qn = QName(ns, "DockerRoutingConfigMode") for child in root: if child.tag == str(hwsku_qn): hwsku = child.text if child.tag == str(hostname_qn): hostname = child.text + if child.tag == str(docker_routing_config_mode_qn): + docker_routing_config_mode = child.text (ports, alias_map) = get_port_config(hwsku, platform, port_config_file) port_alias_map.update(alias_map) @@ -464,6 +468,7 @@ def parse_xml(filename, platform=None, port_config_file=None): results['DEVICE_METADATA'] = {'localhost': { 'bgp_asn': bgp_asn, 'deployment_id': deployment_id, + 'docker_routing_config_mode': docker_routing_config_mode, 'hostname': hostname, 'hwsku': hwsku, 'type': current_device['type'] From 67e9ee568685aa223289a0f1a2bb4c64afc99ac9 Mon Sep 17 00:00:00 2001 From: nikos Date: Tue, 20 Nov 2018 16:25:10 -0800 Subject: [PATCH 2/2] Routing application split config support Routing application split config support Signed-off-by: nikos --- build_debian.sh | 7 +++++++ dockers/docker-fpm-frr/Dockerfile.j2 | 9 +++++++++ dockers/docker-fpm-frr/config.sh | 7 ++++++- files/build_templates/sonic_debian_extension.j2 | 11 +++++++++++ rules/config | 5 +++++ rules/docker-fpm-frr.mk | 1 + slave.mk | 17 +++++++++++++++++ src/sonic-config-engine/minigraph.py | 5 +++++ 8 files changed, 61 insertions(+), 1 deletion(-) diff --git a/build_debian.sh b/build_debian.sh index 24552cfe4441..a23874ad7c81 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -177,6 +177,13 @@ sudo LANG=C chroot $FILESYSTEM_ROOT useradd -G sudo,docker $USERNAME -c "$DEFAUL ## Create password for the default user echo "$USERNAME:$PASSWORD" | sudo LANG=C chroot $FILESYSTEM_ROOT chpasswd +if [ "$SONIC_ROUTING_STACK" == "frr" ]; then + sudo LANG=C chroot $FILESYSTEM_ROOT groupadd -g $FRR_USER_GID frr + sudo LANG=C chroot $FILESYSTEM_ROOT groupadd -g $FRR_VTY_GID frrvty + sudo LANG=C chroot $FILESYSTEM_ROOT useradd -u $FRR_USER_UID -g $FRR_USER_GID -M -s /bin/false frr + sudo LANG=C chroot $FILESYSTEM_ROOT usermod -a -G frr,frrvty frr +fi + ## Pre-install hardware drivers sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install \ firmware-linux-nonfree diff --git a/dockers/docker-fpm-frr/Dockerfile.j2 b/dockers/docker-fpm-frr/Dockerfile.j2 index d0fd6f53d6b5..b076c0b48d9f 100644 --- a/dockers/docker-fpm-frr/Dockerfile.j2 +++ b/dockers/docker-fpm-frr/Dockerfile.j2 @@ -1,6 +1,10 @@ FROM docker-config-engine ARG docker_container_name +ARG frr_user_uid +ARG frr_user_gid +ARG frr_vty_gid + RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf # Make apt-get non-interactive @@ -18,6 +22,11 @@ RUN apt-get install -y libdbus-1-3 libdaemon0 libjansson4 libc-ares2 iproute lib COPY debs/{{ deb }} /debs/ {%- endfor %} +RUN groupadd -g ${frr_user_gid} frr +RUN groupadd -g ${frr_vty_gid} frrvty +RUN useradd -u ${frr_user_uid} -g ${frr_user_gid} -M -s /bin/false frr +RUN usermod -a -G frr,frrvty frr + # Install locally-built Debian packages and implicitly install their dependencies {%- for deb in docker_fpm_frr_debs.split(' ') %} RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /debs/{{ deb }} diff --git a/dockers/docker-fpm-frr/config.sh b/dockers/docker-fpm-frr/config.sh index a0039abf5e73..5e481d0c8516 100755 --- a/dockers/docker-fpm-frr/config.sh +++ b/dockers/docker-fpm-frr/config.sh @@ -1,7 +1,12 @@ #!/bin/bash mkdir -p /etc/frr -sonic-cfggen -d -t /usr/share/sonic/templates/frr.conf.j2 >/etc/frr/frr.conf + +CONFIG_TYPE=`sonic-cfggen -d -v 'DEVICE_METADATA["localhost"]["docker_routing_config_mode"]'` + +if [ -z "$CONFIG_TYPE" ] || [ "$CONFIG_TYPE" == "unified" ]; then + sonic-cfggen -d -t /usr/share/sonic/templates/frr.conf.j2 >/etc/frr/frr.conf +fi sonic-cfggen -d -t /usr/share/sonic/templates/isolate.j2 >/usr/sbin/bgp-isolate chown root:root /usr/sbin/bgp-isolate diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 387ab563cfae..037d2bd918a4 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -310,3 +310,14 @@ sudo cp target/files/$MLNX_FW_FILE $FILESYSTEM_ROOT/etc/mlnx/fw-SPC.mfa j2 platform/mellanox/mlnx-fw-upgrade.j2 | sudo tee $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh {% endif %} + +{%- if SONIC_ROUTING_STACK == "frr" %} +sudo mkdir $FILESYSTEM_ROOT/etc/sonic/frr +sudo touch $FILESYSTEM_ROOT/etc/sonic/frr/frr.conf +sudo touch $FILESYSTEM_ROOT/etc/sonic/frr/vtysh.conf +sudo cp dockers/docker-fpm-frr/daemons.conf $FILESYSTEM_ROOT/etc/sonic/frr/ +sudo cp dockers/docker-fpm-frr/daemons $FILESYSTEM_ROOT/etc/sonic/frr/ +sudo chown -R $FRR_USER_UID:$FRR_USER_GID $FILESYSTEM_ROOT/etc/sonic/frr +sudo chmod 750 $FILESYSTEM_ROOT/etc/sonic/frr +sudo chmod -R 640 $FILESYSTEM_ROOT/etc/sonic/frr/ +{%- endif %} diff --git a/rules/config b/rules/config index 3e7608d85a73..f1fc047ec023 100644 --- a/rules/config +++ b/rules/config @@ -75,3 +75,8 @@ ENABLE_ORGANIZATION_EXTENSIONS = y # build: build kernel from source # download: download pre-built kernel from Azure storage. DEFAULT_KERNEL_PROCURE_METHOD = build + +# FRR user and group id values. These only take effect when SONIC_ROUTING_STACK is frr. +FRR_USER_UID = 300 +FRR_USER_GID = 300 +FRR_VTY_GID = 301 diff --git a/rules/docker-fpm-frr.mk b/rules/docker-fpm-frr.mk index eedbc13c4e6c..f9a858611fa1 100644 --- a/rules/docker-fpm-frr.mk +++ b/rules/docker-fpm-frr.mk @@ -9,5 +9,6 @@ SONIC_DOCKER_IMAGES += $(DOCKER_FPM_FRR) $(DOCKER_FPM_FRR)_CONTAINER_NAME = bgp $(DOCKER_FPM_FRR)_RUN_OPT += --net=host --privileged -t $(DOCKER_FPM_FRR)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro +$(DOCKER_FPM_FRR)_RUN_OPT += -v /etc/sonic/frr:/etc/frr:rw $(DOCKER_FPM_FRR)_BASE_IMAGE_FILES += vtysh:/usr/bin/vtysh diff --git a/slave.mk b/slave.mk index e6306d166156..73e5635f3487 100644 --- a/slave.mk +++ b/slave.mk @@ -116,6 +116,15 @@ endif MAKEFLAGS += -j $(SONIC_BUILD_JOBS) export SONIC_CONFIG_MAKE_JOBS +############################################################################### +## Routing stack related exports +############################################################################### + +export SONIC_ROUTING_STACK +export FRR_USER_UID +export FRR_USER_GID +export FRR_VTY_GID + ############################################################################### ## Dumping key config attributes associated to current building exercise ############################################################################### @@ -134,6 +143,11 @@ $(info "SHUTDOWN_BGP_ON_START" : "$(SHUTDOWN_BGP_ON_START)") $(info "ENABLE_PFCWD_ON_START" : "$(ENABLE_PFCWD_ON_START)") $(info "INSTALL_DEBUG_TOOLS" : "$(INSTALL_DEBUG_TOOLS)") $(info "ROUTING_STACK" : "$(SONIC_ROUTING_STACK)") +ifeq ($(SONIC_ROUTING_STACK),frr) +$(info "FRR_USER_UID" : "$(FRR_USER_UID)") +$(info "FRR_USER_GID" : "$(FRR_USER_GID)") +$(info "FRR_VTY_GID" : "$(FRR_VTY_GID)") +endif $(info "ENABLE_SYNCD_RPC" : "$(ENABLE_SYNCD_RPC)") $(info "ENABLE_ORGANIZATION_EXTENSIONS" : "$(ENABLE_ORGANIZATION_EXTENSIONS)") $(info "HTTP_PROXY" : "$(HTTP_PROXY)") @@ -437,6 +451,9 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_DOCKER_IMAGES)) : $(TARGET_PATH)/%.gz : .pl --build-arg uid=$(UID) \ --build-arg guid=$(GUID) \ --build-arg docker_container_name=$($*.gz_CONTAINER_NAME) \ + --build-arg frr_user_uid=$(FRR_USER_UID) \ + --build-arg frr_user_gid=$(FRR_USER_GID) \ + --build-arg frr_vty_gid=$(FRR_VTY_GID) \ --label Tag=$(SONIC_GET_VERSION) \ -t $* $($*.gz_PATH) $(LOG) docker save $* | gzip -c > $@ diff --git a/src/sonic-config-engine/minigraph.py b/src/sonic-config-engine/minigraph.py index 2352229decf1..879be0f95d7a 100644 --- a/src/sonic-config-engine/minigraph.py +++ b/src/sonic-config-engine/minigraph.py @@ -422,6 +422,7 @@ def parse_xml(filename, platform=None, port_config_file=None): neighbors = None devices = None hostname = None + docker_routing_config_mode = "unified" port_speeds_default = {} port_speed_png = {} port_descriptions = {} @@ -437,11 +438,14 @@ def parse_xml(filename, platform=None, port_config_file=None): hwsku_qn = QName(ns, "HwSku") hostname_qn = QName(ns, "Hostname") + docker_routing_config_mode_qn = QName(ns, "DockerRoutingConfigMode") for child in root: if child.tag == str(hwsku_qn): hwsku = child.text if child.tag == str(hostname_qn): hostname = child.text + if child.tag == str(docker_routing_config_mode_qn): + docker_routing_config_mode = child.text (ports, alias_map) = get_port_config(hwsku, platform, port_config_file) port_alias_map.update(alias_map) @@ -464,6 +468,7 @@ def parse_xml(filename, platform=None, port_config_file=None): results['DEVICE_METADATA'] = {'localhost': { 'bgp_asn': bgp_asn, 'deployment_id': deployment_id, + 'docker_routing_config_mode': docker_routing_config_mode, 'hostname': hostname, 'hwsku': hwsku, 'type': current_device['type']