Skip to content

Commit

Permalink
Merge pull request #51 from mikelazar/dbus-container--to-host-doc
Browse files Browse the repository at this point in the history 
Add details about D-Bus architecture (container to host).
  • Loading branch information
@mikelazar
mikelazar authored Dec 7, 2019
2 parents 4ad6c54 + 6fce350 commit 3450fdb
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 3 deletions.
24 changes: 21 additions & 3 deletions doc/mgmt/Docker to Host communication.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,9 +94,13 @@ All deployments

## 2.2 Functional Description

This feature enables applications such as image management, ZTP, etc. to issue
requests to the host to perform actions such as image install, ZTP
enable/disable, etc.
This feature enables management applications to issue
requests to the host to perform actions such as:
* image install / upgrade
* ZTP enable/disable
* initiate reboot and warm reboot using existing scripts
* create show-tech tar file using existing show-tech script
* config save/reload using existing scripts

# 3 Design
## 3.1 Overview
Expand All @@ -110,6 +114,20 @@ the host, and either wait for the response (if the request was synchronous), or
receive a channel and wait for the request to return the response on the
channel (asynchronous request).

The architecture of a D-Bus host service in a SONiC environment is illustrated in the diagram below:
![](images/docker-to-host-services-architecture.jpg)

Note. The Linux D-Bus implementation uses Unix domain sockets for client to D-Bus service communications.
All containers that use D-Bus services will bind mount
(-v /var/run/dbus:/var/run/dbus:rw) the host directory where D-Bus service sockets are created.

D-Bus provides a reliable communication channel between client (SONiC management container) and service (native host OS) – all actions are acknowledged and can provide return values. It should be noted that acknowledgements are important for operations such as “image upgrade” or “config-save”. In addition, D-Bus methods can return values of many types – not just ACKs. For instance, they can return strings, useful to return the output of a command.


### 3.1.1 Security of D-Bus Communications
In addition to standard Linux security mechanisms for file/Unix socket access rights (read/write), D-Bus provides a separate security layer, using the D-Bus service configuration files.
This allows finer grain access control to D-Bus objects and methods.

## 3.2 DB Changes
### 3.2.1 CONFIG DB
N/A
Expand Down
Binary file added doc/mgmt/images/docker-to-host-services-architecture.jpg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 3450fdb

Please sign in to comment.