-
Notifications
You must be signed in to change notification settings - Fork 543
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ACL] Write ACL table/rule creation status into STATE_DB #2662
[ACL] Write ACL table/rule creation status into STATE_DB #2662
Conversation
You may want to clear the STATE_DB tables during swss restart, otherwise it can show an old data |
it = consumer.m_toSync.erase(it); | ||
} | ||
else | ||
it++; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to handle here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I added a Pending removal
status for this case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also I added a Pending removal
status for the ACL rules that are pending to be removed.
But even if swss restart, the ACL table/rule is still programmed in ASIC, right? So I think we can keep the status in STATE_DB. |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
I added two functions at aclorch startup to clear the status from STATE_DB. This can address both config reload and swss restart scenarios. |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
* Add status for ACL_TABLE and ACL_RULE in STATE_DB
Update sonic-swss submodule pointer to include the following: * 98a16cf [ACL] Write ACL table/rule creation status into STATE_DB ([sonic-net#2662](sonic-net/sonic-swss#2662)) * a2c9a61 [EVPN]Handling error scenarios during route programming and IMR add ([sonic-net#2670](sonic-net/sonic-swss#2670)) * 115efe8 [bfdorch] add default TOS value for BFD session ([sonic-net#2689](sonic-net/sonic-swss#2689)) * a198289 [orchagent, SRv6]: create seglist support to set sid list type ([sonic-net#2406](sonic-net/sonic-swss#2406)) Signed-off-by: dgsudharsan <sudharsand@nvidia.com>
Update sonic-swss submodule pointer to include the following: * 98a16cf [ACL] Write ACL table/rule creation status into STATE_DB ([#2662](sonic-net/sonic-swss#2662)) * a2c9a61 [EVPN]Handling error scenarios during route programming and IMR add ([#2670](sonic-net/sonic-swss#2670)) * 115efe8 [bfdorch] add default TOS value for BFD session ([#2689](sonic-net/sonic-swss#2689)) * a198289 [orchagent, SRv6]: create seglist support to set sid list type ([#2406](sonic-net/sonic-swss#2406))
* Add status for ACL_TABLE and ACL_RULE in STATE_DB
…ic-net#2662)" This reverts commit 9d38fbc.
What I did
HLD sonic-net/SONiC#1261
This PR is to update
orchagent
to write ACL table/rule creation status intoSTATE_DB
.Currently,
show acl table
andshow acl rule
commands read ACL table/rule configuration fromCONFIG_DB
directly. We don't know whether the ACL table or rule is created successfully.We improved
orchagent
to write the status of ACL table/rule into aSTATE_DB
table.Why I did it
Add the status of ACL table and ACL rule into
STATE_DB
so that user can tell whether the table or rule is created successfully.How I verified it
Verified by copying the updated
orchagent
to a testbed and run.Details if related
HLD sonic-net/SONiC#1261