[multi-asic] sudo not required explicitly as /bin/ip netns identify present in sudoers #16115
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…D_ONLY_CMDS in sudoers file
|
To add more details Have tested this change with/without RW Jit, show commands are ok in multi-asic. Checking why the sudo was added earlier : it was part of Pull Request #6100 -- related to process_checker and monit. I see that currently we don't use the process checker, we use the supervisorctl proc_listener to find a critical process exit. |
arlakshm
approved these changes
Aug 16, 2023
abdosi
approved these changes
Aug 17, 2023
|
@judyjoseph , please add ado, thanks. |
|
In the interest of time, I created the MAFT ADO... |
|
@yxieca , @StormLiangMS please help cherry-pick to back port this fix to the corresponding releases. |
Thank you @gechiang |
|
@judyjoseph PR conflicts with 202205 branch |
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this pull request
Aug 23, 2023
…D_ONLY_CMDS in sudoers file (sonic-net#16115) Why I did it Few commands in multiasic platforms when run with the "sudo ip netns exec asic0 " option was taking like 15 mins to get the o/p. This behavior of sudo getting hung was seen by just doing this jujoseph@svcstr-server-2:~ sudo ip netns exec asic0 bash jujoseph@svcstr-server-2:~ sudo ls deally sudo is not needed as we have /bin/ip netns identify present in /etc/sudoers file. Hence removing it
|
Cherry-pick PR to 202211: #16255 |
|
@judyjoseph cherry pick PR didn't pass PR checker. Please check!!! Auto cherry pick PR will be closed in 24 days. |
|
@judyjoseph cherry pick PR didn't pass PR checker. Please check!!! Auto cherry pick PR will be closed in 24 days. |
1 similar comment
|
@judyjoseph cherry pick PR didn't pass PR checker. Please check!!! Auto cherry pick PR will be closed in 24 days. |
mssonicbld
pushed a commit
that referenced
this pull request
Aug 31, 2023
…D_ONLY_CMDS in sudoers file (#16115) Why I did it Few commands in multiasic platforms when run with the "sudo ip netns exec asic0 " option was taking like 15 mins to get the o/p. This behavior of sudo getting hung was seen by just doing this jujoseph@svcstr-server-2:~ sudo ip netns exec asic0 bash jujoseph@svcstr-server-2:~ sudo ls deally sudo is not needed as we have /bin/ip netns identify present in /etc/sudoers file. Hence removing it
mssonicbld
added
Included in 202211 Branch
and removed
Approved for 202211 Branch
Created PR to 202211 Branch
labels
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this pull request
Sep 3, 2023
…D_ONLY_CMDS in sudoers file (sonic-net#16115) Why I did it Few commands in multiasic platforms when run with the "sudo ip netns exec asic0 " option was taking like 15 mins to get the o/p. This behavior of sudo getting hung was seen by just doing this jujoseph@svcstr-server-2:~ sudo ip netns exec asic0 bash jujoseph@svcstr-server-2:~ sudo ls deally sudo is not needed as we have /bin/ip netns identify present in /etc/sudoers file. Hence removing it
|
Cherry-pick PR to 202305: #16409 |
11 tasks
mssonicbld
pushed a commit
that referenced
this pull request
Sep 3, 2023
…D_ONLY_CMDS in sudoers file (#16115) Why I did it Few commands in multiasic platforms when run with the "sudo ip netns exec asic0 " option was taking like 15 mins to get the o/p. This behavior of sudo getting hung was seen by just doing this jujoseph@svcstr-server-2:~ sudo ip netns exec asic0 bash jujoseph@svcstr-server-2:~ sudo ls deally sudo is not needed as we have /bin/ip netns identify present in /etc/sudoers file. Hence removing it
mssonicbld
added
Included in 202305 Branch
and removed
Created PR to 202305 Branch
labels
sonic-otn
pushed a commit
to sonic-otn/sonic-buildimage
that referenced
this pull request
Sep 20, 2023
…D_ONLY_CMDS in sudoers file (sonic-net#16115) Why I did it Few commands in multiasic platforms when run with the "sudo ip netns exec asic0 " option was taking like 15 mins to get the o/p. This behavior of sudo getting hung was seen by just doing this jujoseph@svcstr-server-2:~ sudo ip netns exec asic0 bash jujoseph@svcstr-server-2:~ sudo ls deally sudo is not needed as we have /bin/ip netns identify present in /etc/sudoers file. Hence removing it
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why I did it
Few commands in multiasic platforms when run with the "sudo ip netns exec asic0 " option was taking like 15 mins to get the o/p. This behavior of sudo getting hung was seen by just doing this
jujoseph@svcstr-server-2:~ sudo ip netns exec asic0 bash
jujoseph@svcstr-server-2:~ sudo ls
Work item tracking
How I did it
The reason was found that when a show command is issued, there is an API to get the current namespace
and we were doing it with sufo prefixed. This was ok with usually show commands which is issued in linux host, but when issued with "sudo ip netns exec asic0" prefix ( i.e the command is executed in a linux network namespace ) sudo gets hung adding to overall delay to command o/p
Ideally sudo is not needed as we have /bin/ip netns identify present in /etc/sudoers file. Hence removing it
How to verify it
Verified with both RO and RW user in a multi-asic platform, confirmed the show commands work, and "sudo ip netns exec asic0 " command returns result quicker.
Which release branch to backport (provide reason below if selected)
Tested branch (Please provide the tested image version)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)