[Services] Restart NAT service upon unexpected critical process exit. #4208
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if one of its critical processes crashed or exited unexpectedly. Signed-off-by: Yong Zhao <yozhao@microsoft.com>
supervisord.conf file. Signed-off-by: Yong Zhao <yozhao@microsoft.com>
jleveque
suggested changes
Mar 2, 2020
…d be added into container image. Signed-off-by: Yong Zhao <yozhao@microsoft.com>
|
Retest vsimage please |
jleveque
approved these changes
Mar 5, 2020
|
@yozhao101, @kirankella, @AkhileshSamineni, wondering what'd be the impact to existing NAT entries/connections when the NAT service is restarted? Thanks. |
|
@rlhui , Whenever NAT service/docker is restarted, the iptables and conntrack entries are cleared and also sends a cleanup notification to OA to delete all the NAT entries from appl-db and asic-db. |
rlhui
pushed a commit
that referenced
this pull request
Mar 15, 2020
tiantianlv
pushed a commit
to SONIC-DEV/sonic-buildimage
that referenced
this pull request
Apr 24, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What I did
Restart NAT service if one of critical processes running in NAT container exited or crashed abnormally.
How I did it
Generally I follow the framework created by Joe to implement this feature in NAT container.
First, add supervisor-proc-exit-listener event listener option in Supervisord configuration file in NAT docker container. Supervisord will read a list of critical processes for which to monitor the unexpected crashed and exited.
Second, configure nat.service to always auto-restart the service if it stops, with a delay of 30 seconds. Also set a rate limit of 3 restarts within 20 minutes (1200 seconds).
How to verify it
On your switch device, please use
docker pscommand to list all running docker containers.Then use
docker exec -it container_id bashto login target container. Typingtopcommandon the shell will display all the processes dynamically and you will spot the process id of one
of the critical processes. Finally type the command
kill -9 process_idto terminate one process.After exiting the container, you can use
watch -n 1 docker psto dynamically see the restartof database container.