[baseimage]: Updates for Ebtables and support for multi-asic (#6542)

Following changes were done for ebtables: - Support for Multi-asic platforms. Ebtable filters are installed in namespace for multi-asic and not host. On Single asic installed on host. - For Multi-asic platforms we don't want to install on host otherwise Namespace-to-Namespace communication does not happens since ARP Request are not forwarded. - Updated to use text file to restore ebtables rules then the binary format. Rules are restore as part of Database docker init instead of rc.local - Removed the ebtable service files for buster as not needed as filters are restored/installed as part of database docker init. All the binaries are pre-installed with ebtables* binary are same as ebatbles-legacy-* Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
sonic-net · Jan 28, 2021 · 9779560 · 9779560
1 parent e9d3d96
commit 9779560
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 15 deletions.
diff --git a/build_debian.sh b/build_debian.sh
@@ -465,13 +465,8 @@ if [ "${enable_organization_extensions}" = "y" ]; then
    fi
 fi
 
-## Setup ebtable rules (rule file is in binary format)
-sudo cp -f files/image_config/ebtables/ebtables.default $FILESYSTEM_ROOT/etc/default/ebtables
-sudo cp -f files/image_config/ebtables/ebtables.init $FILESYSTEM_ROOT/etc/init.d/ebtables
-sudo cp -f files/image_config/ebtables/ebtables.service $FILESYSTEM_ROOT/lib/systemd/system/ebtables.service
+## Setup ebtable rules (rule file in text format)
 sudo cp files/image_config/ebtables/ebtables.filter.cfg ${FILESYSTEM_ROOT}/etc
-sudo LANG=C chroot $FILESYSTEM_ROOT update-alternatives --set ebtables /usr/sbin/ebtables-legacy
-sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable ebtables.service
 
 ## Debug Image specific changes
 ## Update motd for debug image

diff --git a/files/build_templates/docker_image_ctl.j2 b/files/build_templates/docker_image_ctl.j2
@@ -42,6 +42,18 @@ function updateSyslogConf()
         rm -rf $TMP_FILE
     fi
 }
+function ebtables_config()
+{
+    if [ "$DEV" ]; then
+        # Install ebtables filter in namespaces on multi-asic.
+        ip netns exec $NET_NS ebtables-restore < /etc/ebtables.filter.cfg
+    else
+        if [[ ! ($NUM_ASIC -gt 1) ]]; then
+            # Install ebtables filter in host for single asic.
+            ebtables-restore < /etc/ebtables.filter.cfg
+        fi
+    fi
+}
 
 function getMountPoint()
 {
@@ -98,6 +110,8 @@ function postStartAction()
         docker exec -i database$DEV sysctl --system -e
         link_namespace $DEV
     fi
+    # Setup ebtables configuration
+    ebtables_config
 
     # Wait until supervisord and redis starts. This change is needed
     # because now database_config.json is jinja2 templated based

diff --git a/files/image_config/platform/rc.local b/files/image_config/platform/rc.local
@@ -186,12 +186,6 @@ program_console_speed()
     systemctl daemon-reload
 }
 
-ebtables_config()
-{
-    # Generate atomic config file and save it persistent
-    /usr/sbin/ebtables-restore < /etc/ebtables.filter.cfg
-    /usr/sbin/ebtables -t filter --atomic-file /etc/ebtables.filter --atomic-save
-}
 
 #### Begin Main Body ####
 
@@ -362,9 +356,6 @@ if [ -f $FIRST_BOOT_FILE ]; then
     # Create dir where following scripts put their output files
     mkdir -p /var/platform
 
-    # Firsttime ebtables configuration
-    ebtables_config
-
     firsttime_exit
 fi