[macsec] Support multi-asic on macsec container #9921
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Can you add the UT cases & logs related to changes made (i.e. enabling macsec docker container in multi-Namepsace environment)? |
judyjoseph
approved these changes
Feb 11, 2022
|
|
||
| [Service] | ||
| User={{ sonicadmin_user }} | ||
| ExecStartPre=/usr/bin/{{docker_container_name}}.sh start{% if multi_instance == 'true' %} %i{% endif %} |
There was a problem hiding this comment.
I see macsec docker containers started up in SUP, per fabric card asics. We can find a way to skip starting up these dockers in SUP.
|
@byu343 could you add logs for macsec dockers, before we could merge it in. |
judyjoseph
added
the
Request for 202111 Branch
|
judyjoseph
pushed a commit
that referenced
this pull request
Feb 14, 2022
This change enables the support of running multiple macsec containers, each for one ASIC.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why I did it
This change enables the support of running multiple macsec containers, each for one ASIC.
How I did it
How to verify it
On single ASIC dut (arista 7280cr3mk):
root@smm211:/home/admin# docker ps | grep macsec
6614507cb9e2 docker-macsec:latest "/usr/local/bin/supe…" 9 seconds ago Up 8 seconds macsec
docker exec -it macsec ip addr | grep Ethernet
On multi-asic linecard(arista 7800r3ak_36dm2_lc)
root@cmp234-4:/home/admin# docker ps | grep macsec
f0aa8482c821 docker-macsec:latest "/usr/local/bin/supe…" 4 seconds ago Up 3 seconds macsec1
363484e63700 docker-macsec:latest "/usr/local/bin/supe…" 7 seconds ago Up 5 seconds macsec0
docker exec -it macsec0 ip addr | grep Ethernet
docker exec -it macsec1 ip addr | grep Ethernet
The macsec-related syslog after running 'config feature state macsec enabled' is:
Jul 20 13:39:06.204140 cmp234-4 INFO hostcfgd: Running cmd: 'sudo systemctl unmask macsec@0.service'
Jul 20 13:39:06.220300 cmp234-4 INFO hostcfgd[31968]: Removed /etc/systemd/system/macsec@0.service.
Jul 20 13:39:06.445449 cmp234-4 INFO hostcfgd: Running cmd: 'sudo systemctl enable macsec@0.service'
Jul 20 13:39:06.459076 cmp234-4 INFO hostcfgd[31985]: Created symlink /etc/systemd/system/sonic.target.wants/macsec@0.service → /lib/systemd/system/macsec@.service.
Jul 20 13:39:06.696659 cmp234-4 INFO hostcfgd: Running cmd: 'sudo systemctl start macsec@0.service'
Jul 20 13:39:06.800282 cmp234-4 INFO macsec.sh[32003]: Removing obsolete macsec0 container with HWSKU 0
Jul 20 13:39:06.843349 cmp234-4 INFO macsec.sh[32021]: macsec0
Jul 20 13:39:06.845978 cmp234-4 INFO macsec.sh[32003]: Creating new macsec0 container with HWSKU Arista-7800R3AK-36DM2-C72
Jul 20 13:39:06.965327 cmp234-4 INFO macsec.sh[32036]: 363484e63700dc529109939c9d5536a149cee447bb3002213d3ef176c148d147
Jul 20 13:39:07.585089 cmp234-4 DEBUG container: read_data: config:True feature:macsec0 fields:[('set_owner', 'local'), ('no_fallback_to_local', False)] val:['local', False]
Jul 20 13:39:07.585497 cmp234-4 DEBUG container: read_data: config:False feature:macsec0 fields:[('current_owner', 'none'), ('remote_state', 'none'), ('container_id', '')] val:['none', 'none', '']
Jul 20 13:39:07.585693 cmp234-4 DEBUG container: container_start: macsec0: set_owner:local fallback:True remote_state:none
Jul 20 13:39:07.745941 cmp234-4 INFO container: docker cmd: start for macsec0
Jul 20 13:39:07.791947 cmp234-4 INFO hostcfgd: Running cmd: 'sudo systemctl unmask macsec@0.service'
Jul 20 13:39:08.004706 cmp234-4 DEBUG container: read_data: config:True feature:macsec0 fields:[('set_owner', 'local'), ('no_fallback_to_local', False)] val:['local', False]
Jul 20 13:39:08.005180 cmp234-4 DEBUG container: read_data: config:False feature:macsec0 fields:[('current_owner', 'none'), ('remote_state', 'none'), ('container_id', '')] val:['none', 'none', '']
Jul 20 13:39:08.005687 cmp234-4 DEBUG container: container_wait: macsec0: set_owner:local ct_owner:none state:none id:macsec0 pend=0
Jul 20 13:39:08.064439 cmp234-4 INFO hostcfgd: Running cmd: 'sudo systemctl enable macsec@0.service'
Jul 20 13:39:08.315313 cmp234-4 INFO hostcfgd: Running cmd: 'sudo systemctl start macsec@0.service'
Jul 20 13:39:08.333653 cmp234-4 INFO hostcfgd: Running cmd: 'sudo systemctl unmask macsec@1.service'
Jul 20 13:39:08.349392 cmp234-4 INFO hostcfgd[32188]: Removed /etc/systemd/system/macsec@1.service.
Jul 20 13:39:08.593947 cmp234-4 INFO hostcfgd: Running cmd: 'sudo systemctl enable macsec@1.service'
Jul 20 13:39:08.607020 cmp234-4 INFO hostcfgd[32205]: Created symlink /etc/systemd/system/sonic.target.wants/macsec@1.service → /lib/systemd/system/macsec@.service.
Jul 20 13:39:08.858113 cmp234-4 INFO hostcfgd: Running cmd: 'sudo systemctl start macsec@1.service'
Jul 20 13:39:08.962797 cmp234-4 INFO macsec.sh[32223]: Removing obsolete macsec1 container with HWSKU 1
Jul 20 13:39:09.042001 cmp234-4 INFO macsec.sh[32242]: macsec1
Jul 20 13:39:09.045299 cmp234-4 INFO macsec.sh[32223]: Creating new macsec1 container with HWSKU Arista-7800R3AK-36DM2-C72
Jul 20 13:39:09.353036 cmp234-4 INFO macsec.sh[32256]: f0aa8482c82124daa0a4b5406c0665eb2e0dacc2986cb3342d1cb59c8dae29b8
Jul 20 13:39:10.076731 cmp234-4 DEBUG container: read_data: config:True feature:macsec1 fields:[('set_owner', 'local'), ('no_fallback_to_local', False)] val:['local', False]
Jul 20 13:39:10.077188 cmp234-4 DEBUG container: read_data: config:False feature:macsec1 fields:[('current_owner', 'none'), ('remote_state', 'none'), ('container_id', '')] val:['none', 'none', '']
Jul 20 13:39:10.077426 cmp234-4 DEBUG container: container_start: macsec1: set_owner:local fallback:True remote_state:none
Jul 20 13:39:10.352075 cmp234-4 INFO container: docker cmd: start for macsec1
Jul 20 13:39:10.378403 cmp234-4 INFO hostcfgd: Feature macsec is enabled and started
Jul 20 13:39:10.592469 cmp234-4 DEBUG container: read_data: config:True feature:macsec1 fields:[('set_owner', 'local'), ('no_fallback_to_local', False)] val:['local', False]
Jul 20 13:39:10.593026 cmp234-4 DEBUG container: read_data: config:False feature:macsec1 fields:[('current_owner', 'none'), ('remote_state', 'none'), ('container_id', '')] val:['none', 'none', '']
Jul 20 13:39:10.593664 cmp234-4 DEBUG container: container_wait: macsec1: set_owner:local ct_owner:none state:none id:macsec1 pend=0
Jul 20 13:39:30.203446 cmp234-4 INFO macsec0#rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="13" x-info="https://www.rsyslog.com"] start
Jul 20 13:39:30.206364 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:07,944 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
Jul 20 13:39:30.206364 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:07,944 INFO Set uid to user 0 succeeded
Jul 20 13:39:30.206364 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:07,950 INFO RPC interface 'supervisor' initialized
Jul 20 13:39:30.206377 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:07,950 CRIT Server 'unix_http_server' running without any HTTP authentication checking
Jul 20 13:39:30.206377 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:07,950 INFO supervisord started with pid 1
Jul 20 13:39:30.206384 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:08,952 INFO spawned: 'dependent-startup' with pid 9
Jul 20 13:39:30.206394 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:08,953 INFO spawned: 'supervisor-proc-exit-listener' with pid 10
Jul 20 13:39:30.206394 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:10,169 INFO success: dependent-startup entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Jul 20 13:39:30.206394 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:10,170 INFO success: supervisor-proc-exit-listener entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Jul 20 13:39:30.206404 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:10,177 INFO spawned: 'rsyslogd' with pid 13
Jul 20 13:39:30.206404 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:11,209 INFO success: rsyslogd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Jul 20 13:39:30.206426 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:12,222 INFO spawned: 'macsecmgrd' with pid 14
Jul 20 13:39:30.206455 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:13,234 INFO success: macsecmgrd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Jul 20 13:39:30.206475 cmp234-4 INFO macsec0#supervisord 2021-07-20 13:39:14,278 INFO exited: dependent-startup (exit status 0; expected)
Jul 20 13:39:32.729465 cmp234-4 INFO macsec1#rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="13" x-info="https://www.rsyslog.com"] start
Jul 20 13:39:32.732165 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:10,490 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
Jul 20 13:39:32.732165 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:10,491 INFO Set uid to user 0 succeeded
Jul 20 13:39:32.732165 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:10,496 INFO RPC interface 'supervisor' initialized
Jul 20 13:39:32.732165 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:10,496 CRIT Server 'unix_http_server' running without any HTTP authentication checking
Jul 20 13:39:32.732181 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:10,496 INFO supervisord started with pid 1
Jul 20 13:39:32.732181 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:11,498 INFO spawned: 'dependent-startup' with pid 9
Jul 20 13:39:32.732196 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:11,500 INFO spawned: 'supervisor-proc-exit-listener' with pid 10
Jul 20 13:39:32.732196 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:12,700 INFO success: dependent-startup entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Jul 20 13:39:32.732196 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:12,700 INFO success: supervisor-proc-exit-listener entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Jul 20 13:39:32.732207 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:12,706 INFO spawned: 'rsyslogd' with pid 13
Jul 20 13:39:32.732207 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:13,729 INFO success: rsyslogd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Jul 20 13:39:32.732213 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:14,742 INFO spawned: 'macsecmgrd' with pid 14
Jul 20 13:39:32.732231 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:15,749 INFO success: macsecmgrd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Jul 20 13:39:32.732231 cmp234-4 INFO macsec1#supervisord 2021-07-20 13:39:16,790 INFO exited: dependent-startup (exit status 0; expected)
Which release branch to backport (provide reason below if selected)
Description for the changelog
A picture of a cute animal (not mandatory but encouraged)