Add build option for two processes in single container

sonic-net · Jan 29, 2024 · b5520ab · b5520ab
1 parent 5516381
commit b5520ab
Show file tree

Hide file tree

Showing 10 changed files with 199 additions and 5 deletions.
diff --git a/Makefile.work b/Makefile.work
@@ -563,7 +563,8 @@ SONIC_BUILD_INSTRUCTION :=  $(MAKE) \
                            SONIC_INCLUDE_MUX=$(INCLUDE_MUX) \
                            ENABLE_TRANSLIB_WRITE=$(ENABLE_TRANSLIB_WRITE) \
                            ENABLE_NATIVE_WRITE=$(ENABLE_NATIVE_WRITE) \
-			   ENABLE_DIALOUT=$(ENABLE_DIALOUT) \
+                           ENABLE_GNMI_TWO_PROCESS=$(ENABLE_GNMI_TWO_PROCESS) \
+                           ENABLE_DIALOUT=$(ENABLE_DIALOUT) \
                            EXTRA_DOCKER_TARGETS=$(EXTRA_DOCKER_TARGETS) \
                            BUILD_LOG_TIMESTAMP=$(BUILD_LOG_TIMESTAMP) \
                            SONIC_ENABLE_IMAGE_SIGNATURE=$(ENABLE_IMAGE_SIGNATURE) \

diff --git a/dockers/docker-sonic-gnmi/Dockerfile.j2 b/dockers/docker-sonic-gnmi/Dockerfile.j2
@@ -26,9 +26,15 @@ RUN apt-get clean -y      && \
     rm -rf /debs
 
 COPY ["start.sh", "gnmi-native.sh", "dialout.sh", "/usr/bin/"]
-COPY ["telemetry_vars.j2", "/usr/share/sonic/templates/"]
+COPY ["gnmi_vars.j2", "/usr/share/sonic/templates/"]
 COPY ["supervisord.conf", "/etc/supervisor/conf.d/"]
 COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
 COPY ["critical_processes", "/etc/supervisor"]
+{% if ENABLE_GNMI_TWO_PROCESS == "y" %}
+COPY ["telemetry.sh", "/usr/bin/"]
+COPY ["telemetry_vars.j2", "/usr/share/sonic/templates/"]
+COPY ["supervisord.conf.2", "/etc/supervisor/conf.d/supervisord.conf"]
+COPY ["critical_processes.2", "/etc/supervisor/critical_processes"]
+{% endif %}
 
 ENTRYPOINT ["/usr/local/bin/supervisord"]
diff --git a/dockers/docker-sonic-gnmi/critical_processes.2 b/dockers/docker-sonic-gnmi/critical_processes.2
@@ -0,0 +1,2 @@
+program:gnmi-native
+program:telemetry
diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh
@@ -2,7 +2,7 @@
 
 EXIT_TELEMETRY_VARS_FILE_NOT_FOUND=1
 INCORRECT_TELEMETRY_VALUE=2
-TELEMETRY_VARS_FILE=/usr/share/sonic/templates/telemetry_vars.j2
+TELEMETRY_VARS_FILE=/usr/share/sonic/templates/gnmi_vars.j2
 
 if [ ! -f "$TELEMETRY_VARS_FILE" ]; then
     echo "Telemetry vars template file not found"

diff --git a/dockers/docker-sonic-gnmi/gnmi_vars.j2 b/dockers/docker-sonic-gnmi/gnmi_vars.j2
@@ -0,0 +1,5 @@
+{
+    "certs": {% if "certs" in GNMI.keys() %}{{ GNMI["certs"] }}{% else %}""{% endif %},
+    "gnmi" : {% if "gnmi" in GNMI.keys() %}{{ GNMI["gnmi"] }}{% else %}""{% endif %},
+    "x509" : {% if "x509" in DEVICE_METADATA.keys() %}{{ DEVICE_METADATA["x509"] }}{% else %}""{% endif %}
+}
diff --git a/dockers/docker-sonic-gnmi/supervisord.conf.2 b/dockers/docker-sonic-gnmi/supervisord.conf.2
@@ -0,0 +1,70 @@
+[supervisord]
+logfile_maxbytes=1MB
+logfile_backups=2
+nodaemon=true
+
+[eventlistener:dependent-startup]
+command=python3 -m supervisord_dependent_startup
+autostart=true
+autorestart=unexpected
+startretries=0
+exitcodes=0,3
+events=PROCESS_STATE
+buffer_size=1024
+
+[eventlistener:supervisor-proc-exit-listener]
+command=/usr/bin/supervisor-proc-exit-listener --container-name gnmi
+events=PROCESS_STATE_EXITED,PROCESS_STATE_RUNNING
+autostart=true
+autorestart=false
+buffer_size=1024
+
+[program:rsyslogd]
+command=/usr/sbin/rsyslogd -n -iNONE
+priority=1
+autostart=false
+autorestart=true
+stdout_logfile=syslog
+stderr_logfile=syslog
+dependent_startup=true
+
+[program:start]
+command=/usr/bin/start.sh
+priority=2
+autostart=false
+autorestart=false
+startsecs=0
+stdout_logfile=syslog
+stderr_logfile=syslog
+dependent_startup=true
+dependent_startup_wait_for=rsyslogd:running
+
+[program:gnmi-native]
+command=/usr/bin/gnmi-native.sh
+priority=3
+autostart=false
+autorestart=false
+stdout_logfile=syslog
+stderr_logfile=syslog
+dependent_startup=true
+dependent_startup_wait_for=start:exited
+
+[program:telemetry]
+command=/usr/bin/telemetry.sh
+priority=3
+autostart=false
+autorestart=false
+stdout_logfile=syslog
+stderr_logfile=syslog
+dependent_startup=true
+dependent_startup_wait_for=start:exited
+
+[program:dialout]
+command=/usr/bin/dialout.sh
+priority=4
+autostart=false
+autorestart=false
+stdout_logfile=syslog
+stderr_logfile=syslog
+dependent_startup=true
+dependent_startup_wait_for=gnmi-native:running
diff --git a/dockers/docker-sonic-gnmi/telemetry.sh b/dockers/docker-sonic-gnmi/telemetry.sh
@@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+
+EXIT_TELEMETRY_VARS_FILE_NOT_FOUND=1
+INCORRECT_TELEMETRY_VALUE=2
+TELEMETRY_VARS_FILE=/usr/share/sonic/templates/telemetry_vars.j2
+
+if [ ! -f "$TELEMETRY_VARS_FILE" ]; then
+    echo "Telemetry vars template file not found"
+    exit $EXIT_TELEMETRY_VARS_FILE_NOT_FOUND
+fi
+
+# Try to read telemetry and certs config from ConfigDB.
+# Use default value if no valid config exists
+TELEMETRY_VARS=$(sonic-cfggen -d -t $TELEMETRY_VARS_FILE)
+TELEMETRY_VARS=${TELEMETRY_VARS//[\']/\"}
+X509=$(echo $TELEMETRY_VARS | jq -r '.x509')
+GNMI=$(echo $TELEMETRY_VARS | jq -r '.gnmi')
+CERTS=$(echo $TELEMETRY_VARS | jq -r '.certs')
+
+TELEMETRY_ARGS=" -logtostderr"
+export CVL_SCHEMA_PATH=/usr/sbin/schema
+
+if [ -n "$CERTS" ]; then
+    SERVER_CRT=$(echo $CERTS | jq -r '.server_crt')
+    SERVER_KEY=$(echo $CERTS | jq -r '.server_key')
+    if [ -z $SERVER_CRT  ] || [ -z $SERVER_KEY  ]; then
+        TELEMETRY_ARGS+=" --insecure"
+    else
+        TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY "
+    fi
+
+    CA_CRT=$(echo $CERTS | jq -r '.ca_crt')
+    if [ ! -z $CA_CRT ]; then
+        TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
+    fi
+elif [ -n "$X509" ]; then
+    SERVER_CRT=$(echo $X509 | jq -r '.server_crt')
+    SERVER_KEY=$(echo $X509 | jq -r '.server_key')
+    if [ -z $SERVER_CRT  ] || [ -z $SERVER_KEY  ]; then
+        TELEMETRY_ARGS+=" --insecure"
+    else
+        TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY "
+    fi
+
+    CA_CRT=$(echo $X509 | jq -r '.ca_crt')
+    if [ ! -z $CA_CRT ]; then
+        TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
+    fi
+else
+    TELEMETRY_ARGS+=" --noTLS"
+fi
+
+# If no configuration entry exists for TELEMETRY, create one default port
+if [ -z "$GNMI" ]; then
+    PORT=8080
+else
+    PORT=$(echo $GNMI | jq -r '.port')
+fi
+TELEMETRY_ARGS+=" --port $PORT"
+
+CLIENT_AUTH=$(echo $GNMI | jq -r '.client_auth')
+if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then
+    TELEMETRY_ARGS+=" --allow_no_client_auth"
+fi
+
+LOG_LEVEL=$(echo $GNMI | jq -r '.log_level')
+if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then
+    TELEMETRY_ARGS+=" -v=$LOG_LEVEL"
+else
+    TELEMETRY_ARGS+=" -v=2"
+fi
+
+# Server will handle threshold connections consecutively
+THRESHOLD_CONNECTIONS=$(echo $GNMI | jq -r '.threshold')
+if [[ $THRESHOLD_CONNECTIONS =~ ^[0-9]+$ ]]; then
+    TELEMETRY_ARGS+=" --threshold $THRESHOLD_CONNECTIONS"
+else
+    if [ -z "$GNMI" ] || [[ $THRESHOLD_CONNECTIONS == "null" ]]; then
+        TELEMETRY_ARGS+=" --threshold 100"
+    else
+        echo "Incorrect threshold value, expecting positive integers" >&2
+        exit $INCORRECT_TELEMETRY_VALUE
+    fi
+fi
+
+# Close idle connections after certain duration (in seconds)
+IDLE_CONN_DURATION=$(echo $GNMI | jq -r '.idle_conn_duration')
+if [[ $IDLE_CONN_DURATION =~ ^[0-9]+$ ]]; then
+    TELEMETRY_ARGS+=" --idle_conn_duration $IDLE_CONN_DURATION"
+else
+    if [ -z "$GNMI" ] || [[ $IDLE_CONN_DURATION == "null" ]]; then
+        TELEMETRY_ARGS+=" --idle_conn_duration 5"
+    else
+        echo "Incorrect idle_conn_duration value, expecting positive integers" >&2
+        exit $INCORRECT_TELEMETRY_VALUE
+    fi
+fi
+TELEMETRY_ARGS+=" -gnmi_native_write=false"
+
+exec /usr/sbin/telemetry ${TELEMETRY_ARGS}
diff --git a/dockers/docker-sonic-gnmi/telemetry_vars.j2 b/dockers/docker-sonic-gnmi/telemetry_vars.j2
@@ -1,5 +1,5 @@
 {
-    "certs": {% if "certs" in GNMI.keys() %}{{ GNMI["certs"] }}{% else %}""{% endif %},
-    "gnmi" : {% if "gnmi" in GNMI.keys() %}{{ GNMI["gnmi"] }}{% else %}""{% endif %},
+    "certs": {% if "certs" in TELEMETRY.keys() %}{{ TELEMETRY["certs"] }}{% else %}""{% endif %},
+    "gnmi" : {% if "gnmi" in TELEMETRY.keys() %}{{ TELEMETRY["gnmi"] }}{% else %}""{% endif %},
     "x509" : {% if "x509" in DEVICE_METADATA.keys() %}{{ DEVICE_METADATA["x509"] }}{% else %}""{% endif %}
 }
diff --git a/rules/config b/rules/config
@@ -130,6 +130,9 @@ INCLUDE_SYSTEM_GNMI = y
 # INCLUDE_SYSTEM_TELEMETRY - build docker-sonic-telemetry for system telemetry support
 INCLUDE_SYSTEM_TELEMETRY = n
 
+# ENABLE_GNMI_TWO_PROCESS - Enable two processes in single GNMI container.
+ENABLE_GNMI_TWO_PROCESS = n
+
 # INCLUDE_ICCPD - build docker-iccpd for mclag support
 INCLUDE_ICCPD = n
 

diff --git a/slave.mk b/slave.mk
@@ -165,6 +165,12 @@ ifeq ($(SONIC_INCLUDE_SYSTEM_GNMI),y)
 INCLUDE_SYSTEM_GNMI = y
 endif
 
+# The configuration option ENABLE_GNMI_TWO_PROCESS is only compatible with the system gNMI feature,
+# which is enabled by setting SONIC_INCLUDE_SYSTEM_GNMI to y.
+ifeq ($(SONIC_INCLUDE_SYSTEM_GNMI),y)
+export ENABLE_GNMI_TWO_PROCESS
+endif
+
 ifeq ($(SONIC_INCLUDE_RESTAPI),y)
 INCLUDE_RESTAPI = y
 endif
@@ -441,6 +447,7 @@ $(info "ENABLE_BOOTCHART                 : "$(ENABLE_BOOTCHART)")
 $(info "INCLUDE_FIPS"             : "$(INCLUDE_FIPS)")
 $(info "ENABLE_TRANSLIB_WRITE"           : "$(ENABLE_TRANSLIB_WRITE)")
 $(info "ENABLE_NATIVE_WRITE"             : "$(ENABLE_NATIVE_WRITE)")
+$(info "ENABLE_GNMI_TWO_PROCESS"         : "$(ENABLE_GNMI_TWO_PROCESS)")
 $(info "ENABLE_DIALOUT"                  : "$(ENABLE_DIALOUT)")
 $(info "ENABLE_AUTO_TECH_SUPPORT"        : "$(ENABLE_AUTO_TECH_SUPPORT)")
 $(info "PDDF_SUPPORT"                    : "$(PDDF_SUPPORT)")