From 781ecdd5f85abb0cf6e09a457e15aba4fee69446 Mon Sep 17 00:00:00 2001
From: ganglv <88995770+ganglyu@users.noreply.github.com>
Date: Tue, 25 Oct 2022 10:41:53 +0800
Subject: [PATCH] Add container for GNMI (#115)

Why I did it
We need two containers, one for telemetry, another one for gnmi native write.

How I did it
Add a new docker, docker-sonic-gnmi

How to verify it
Build image, and check containers with KVM environment.
---
 Makefile.work                                 |  1 +
 dockers/docker-sonic-gnmi/Dockerfile.j2       | 35 +++++++++
 .../base_image_files/monit_gnmi               |  5 ++
 dockers/docker-sonic-gnmi/critical_processes  |  1 +
 dockers/docker-sonic-gnmi/dialout.sh          |  6 ++
 dockers/docker-sonic-gnmi/gnmi-native.sh      | 74 +++++++++++++++++++
 dockers/docker-sonic-gnmi/start.sh            | 14 ++++
 dockers/docker-sonic-gnmi/supervisord.conf    | 51 +++++++++++++
 dockers/docker-sonic-gnmi/telemetry_vars.j2   |  5 ++
 dockers/docker-sonic-telemetry/telemetry.sh   |  2 +
 files/build_templates/gnmi.service.j2         | 16 ++++
 files/build_templates/gnmi.timer              | 11 +++
 files/build_templates/init_cfg.json.j2        |  3 +-
 .../build_templates/sonic_debian_extension.j2 |  6 ++
 files/image_config/logrotate/rsyslog.j2       |  1 +
 .../rsyslog/rsyslog.d/00-sonic.conf           |  6 ++
 files/scripts/gnmi.sh                         |  1 +
 rules/config                                  |  3 +
 rules/docker-gnmi.dep                         | 11 +++
 rules/docker-gnmi.mk                          | 37 ++++++++++
 slave.mk                                      |  6 ++
 src/sonic-config-engine/minigraph.py          | 17 +++++
 22 files changed, 311 insertions(+), 1 deletion(-)
 create mode 100644 dockers/docker-sonic-gnmi/Dockerfile.j2
 create mode 100644 dockers/docker-sonic-gnmi/base_image_files/monit_gnmi
 create mode 100644 dockers/docker-sonic-gnmi/critical_processes
 create mode 100755 dockers/docker-sonic-gnmi/dialout.sh
 create mode 100644 dockers/docker-sonic-gnmi/gnmi-native.sh
 create mode 100755 dockers/docker-sonic-gnmi/start.sh
 create mode 100644 dockers/docker-sonic-gnmi/supervisord.conf
 create mode 100644 dockers/docker-sonic-gnmi/telemetry_vars.j2
 create mode 100644 files/build_templates/gnmi.service.j2
 create mode 100644 files/build_templates/gnmi.timer
 create mode 120000 files/scripts/gnmi.sh
 create mode 100644 rules/docker-gnmi.dep
 create mode 100644 rules/docker-gnmi.mk

diff --git a/Makefile.work b/Makefile.work
index 16eadf463429..1d1b6c8226c3 100644
--- a/Makefile.work
+++ b/Makefile.work
@@ -478,6 +478,7 @@ SONIC_BUILD_INSTRUCTION :=  $(MAKE) \
                            DOCKER_LOCKFILE_SAVE=$(DOCKER_LOCKFILE_SAVE) \
                            SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD=$(SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD) \
                            SONIC_INCLUDE_SYSTEM_TELEMETRY=$(INCLUDE_SYSTEM_TELEMETRY) \
+                           SONIC_INCLUDE_SYSTEM_GNMI=$(INCLUDE_SYSTEM_GNMI) \
                            SONIC_INCLUDE_GNMI_TEST=$(INCLUDE_GNMI_TEST) \
                            INCLUDE_DHCP_RELAY=$(INCLUDE_DHCP_RELAY) \
                            INCLUDE_MACSEC=$(INCLUDE_MACSEC) \
diff --git a/dockers/docker-sonic-gnmi/Dockerfile.j2 b/dockers/docker-sonic-gnmi/Dockerfile.j2
new file mode 100644
index 000000000000..548f16cd89a3
--- /dev/null
+++ b/dockers/docker-sonic-gnmi/Dockerfile.j2
@@ -0,0 +1,35 @@
+{% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %}
+FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}}
+
+ARG docker_container_name
+ARG image_version
+RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf
+
+## Make apt-get non-interactive
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Pass the image_version to container
+ENV IMAGE_VERSION=$image_version
+
+RUN apt-get update
+
+{% if docker_sonic_gnmi_debs.strip() -%}
+# Copy locally-built Debian package dependencies
+{{ copy_files("debs/", docker_sonic_gnmi_debs.split(' '), "/debs/") }}
+
+# Install locally-built Debian packages and implicitly install their dependencies
+{{ install_debian_packages(docker_sonic_gnmi_debs.split(' ')) }}
+{%- endif %}
+
+RUN apt-get clean -y      && \
+    apt-get autoclean -   && \
+    apt-get autoremove -y && \
+    rm -rf /debs
+
+COPY ["start.sh", "gnmi-native.sh", "dialout.sh", "/usr/bin/"]
+COPY ["telemetry_vars.j2", "/usr/share/sonic/templates/"]
+COPY ["supervisord.conf", "/etc/supervisor/conf.d/"]
+COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
+COPY ["critical_processes", "/etc/supervisor"]
+
+ENTRYPOINT ["/usr/local/bin/supervisord"]
diff --git a/dockers/docker-sonic-gnmi/base_image_files/monit_gnmi b/dockers/docker-sonic-gnmi/base_image_files/monit_gnmi
new file mode 100644
index 000000000000..ff0ab4a328a0
--- /dev/null
+++ b/dockers/docker-sonic-gnmi/base_image_files/monit_gnmi
@@ -0,0 +1,5 @@
+###############################################################################
+## Monit configuration for gnmi container
+###############################################################################
+check program container_memory_telemetry with path "/usr/bin/memory_checker gnmi 419430400"
+    if status == 3 for 10 times within 20 cycles then exec "/usr/bin/restart_service gnmi" repeat every 2 cycles
diff --git a/dockers/docker-sonic-gnmi/critical_processes b/dockers/docker-sonic-gnmi/critical_processes
new file mode 100644
index 000000000000..fd693f80070d
--- /dev/null
+++ b/dockers/docker-sonic-gnmi/critical_processes
@@ -0,0 +1 @@
+program:gnmi-native
diff --git a/dockers/docker-sonic-gnmi/dialout.sh b/dockers/docker-sonic-gnmi/dialout.sh
new file mode 100755
index 000000000000..485c3292d0df
--- /dev/null
+++ b/dockers/docker-sonic-gnmi/dialout.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+# Start with default config
+export CVL_SCHEMA_PATH=/usr/sbin/schema
+exec /usr/sbin/dialout_client_cli -insecure -logtostderr  -v 2
+
diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh
new file mode 100644
index 000000000000..3598b97ccd04
--- /dev/null
+++ b/dockers/docker-sonic-gnmi/gnmi-native.sh
@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+
+EXIT_TELEMETRY_VARS_FILE_NOT_FOUND=1
+TELEMETRY_VARS_FILE=/usr/share/sonic/templates/telemetry_vars.j2
+
+if [ ! -f "$TELEMETRY_VARS_FILE" ]; then
+    echo "Telemetry vars template file not found"
+    exit $EXIT_TELEMETRY_VARS_FILE_NOT_FOUND
+fi
+
+# Try to read telemetry and certs config from ConfigDB.
+# Use default value if no valid config exists
+TELEMETRY_VARS=$(sonic-cfggen -d -t $TELEMETRY_VARS_FILE)
+TELEMETRY_VARS=${TELEMETRY_VARS//[\']/\"}
+X509=$(echo $TELEMETRY_VARS | jq -r '.x509')
+GNMI=$(echo $TELEMETRY_VARS | jq -r '.gnmi')
+CERTS=$(echo $TELEMETRY_VARS | jq -r '.certs')
+
+TELEMETRY_ARGS=" -logtostderr"
+export CVL_SCHEMA_PATH=/usr/sbin/schema
+
+if [ -n "$CERTS" ]; then
+    SERVER_CRT=$(echo $CERTS | jq -r '.server_crt')
+    SERVER_KEY=$(echo $CERTS | jq -r '.server_key')
+    if [ -z $SERVER_CRT  ] || [ -z $SERVER_KEY  ]; then
+        TELEMETRY_ARGS+=" --insecure"
+    else
+        TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY "
+    fi
+
+    CA_CRT=$(echo $CERTS | jq -r '.ca_crt')
+    if [ ! -z $CA_CRT ]; then
+        TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
+    fi
+elif [ -n "$X509" ]; then
+    SERVER_CRT=$(echo $X509 | jq -r '.server_crt')
+    SERVER_KEY=$(echo $X509 | jq -r '.server_key')
+    if [ -z $SERVER_CRT  ] || [ -z $SERVER_KEY  ]; then
+        TELEMETRY_ARGS+=" --insecure"
+    else
+        TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY "
+    fi
+
+    CA_CRT=$(echo $X509 | jq -r '.ca_crt')
+    if [ ! -z $CA_CRT ]; then
+        TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
+    fi
+else
+    TELEMETRY_ARGS+=" --noTLS"
+fi
+
+# If no configuration entry exists for TELEMETRY, create one default port
+if [ -z "$GNMI" ]; then
+    PORT=8080
+else
+    PORT=$(echo $GNMI | jq -r '.port')
+fi
+TELEMETRY_ARGS+=" --port $PORT"
+
+CLIENT_AUTH=$(echo $GNMI | jq -r '.client_auth')
+if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then
+    TELEMETRY_ARGS+=" --allow_no_client_auth"
+fi
+
+LOG_LEVEL=$(echo $GNMI | jq -r '.log_level')
+if [ ! -z $LOG_LEVEL ]; then
+    TELEMETRY_ARGS+=" -v=$LOG_LEVEL"
+else
+    TELEMETRY_ARGS+=" -v=2"
+fi
+
+TELEMETRY_ARGS+=" -gnmi_native_write=true"
+
+exec /usr/sbin/telemetry ${TELEMETRY_ARGS}
diff --git a/dockers/docker-sonic-gnmi/start.sh b/dockers/docker-sonic-gnmi/start.sh
new file mode 100755
index 000000000000..2401f3c3d7cd
--- /dev/null
+++ b/dockers/docker-sonic-gnmi/start.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+if [ "${RUNTIME_OWNER}" == "" ]; then
+    RUNTIME_OWNER="kube"
+fi
+
+CTR_SCRIPT="/usr/share/sonic/scripts/container_startup.py"
+if test -f ${CTR_SCRIPT}
+then
+    ${CTR_SCRIPT} -f gnmi -o ${RUNTIME_OWNER} -v ${IMAGE_VERSION}
+fi
+
+mkdir -p /var/sonic
+echo "# Config files managed by sonic-config-engine" > /var/sonic/config_status
diff --git a/dockers/docker-sonic-gnmi/supervisord.conf b/dockers/docker-sonic-gnmi/supervisord.conf
new file mode 100644
index 000000000000..75bb6736eb01
--- /dev/null
+++ b/dockers/docker-sonic-gnmi/supervisord.conf
@@ -0,0 +1,51 @@
+[supervisord]
+logfile_maxbytes=1MB
+logfile_backups=2
+nodaemon=true
+
+[eventlistener:dependent-startup]
+command=python3 -m supervisord_dependent_startup
+autostart=true
+autorestart=unexpected
+startretries=0
+exitcodes=0,3
+events=PROCESS_STATE
+buffer_size=1024
+
+[eventlistener:supervisor-proc-exit-listener]
+command=/usr/bin/supervisor-proc-exit-listener --container-name telemetry
+events=PROCESS_STATE_EXITED,PROCESS_STATE_RUNNING
+autostart=true
+autorestart=false
+buffer_size=1024
+
+[program:rsyslogd]
+command=/usr/sbin/rsyslogd -n -iNONE
+priority=1
+autostart=false
+autorestart=true
+stdout_logfile=syslog
+stderr_logfile=syslog
+dependent_startup=true
+
+[program:start]
+command=/usr/bin/start.sh
+priority=2
+autostart=false
+autorestart=false
+startsecs=0
+stdout_logfile=syslog
+stderr_logfile=syslog
+dependent_startup=true
+dependent_startup_wait_for=rsyslogd:running
+
+[program:gnmi-native]
+command=/usr/bin/gnmi-native.sh
+priority=3
+autostart=false
+autorestart=false
+stdout_logfile=syslog
+stderr_logfile=syslog
+dependent_startup=true
+dependent_startup_wait_for=start:exited
+
diff --git a/dockers/docker-sonic-gnmi/telemetry_vars.j2 b/dockers/docker-sonic-gnmi/telemetry_vars.j2
new file mode 100644
index 000000000000..4546ae5ab743
--- /dev/null
+++ b/dockers/docker-sonic-gnmi/telemetry_vars.j2
@@ -0,0 +1,5 @@
+{
+    "certs": {% if "certs" in GNMI.keys() %}{{ GNMI["certs"] }}{% else %}""{% endif %},
+    "gnmi" : {% if "gnmi" in GNMI.keys() %}{{ GNMI["gnmi"] }}{% else %}""{% endif %},
+    "x509" : {% if "x509" in DEVICE_METADATA.keys() %}{{ DEVICE_METADATA["x509"] }}{% else %}""{% endif %}
+}
diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh
index 1f92657e3b8f..2108afe6276f 100755
--- a/dockers/docker-sonic-telemetry/telemetry.sh
+++ b/dockers/docker-sonic-telemetry/telemetry.sh
@@ -69,4 +69,6 @@ else
     TELEMETRY_ARGS+=" -v=2"
 fi
 
+TELEMETRY_ARGS+=" -gnmi_native_write=false"
+
 exec /usr/sbin/telemetry ${TELEMETRY_ARGS}
diff --git a/files/build_templates/gnmi.service.j2 b/files/build_templates/gnmi.service.j2
new file mode 100644
index 000000000000..7710a8fd0d04
--- /dev/null
+++ b/files/build_templates/gnmi.service.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description=GNMI container
+Requires=database.service
+After=database.service swss.service syncd.service
+Before=ntp-config.service
+BindsTo=sonic.target
+After=sonic.target
+StartLimitIntervalSec=1200
+StartLimitBurst=3
+
+[Service]
+User={{ sonicadmin_user }}
+ExecStartPre=/usr/local/bin/{{docker_container_name}}.sh start
+ExecStart=/usr/local/bin/{{docker_container_name}}.sh wait
+ExecStop=/usr/local/bin/{{docker_container_name}}.sh stop
+RestartSec=30
diff --git a/files/build_templates/gnmi.timer b/files/build_templates/gnmi.timer
new file mode 100644
index 000000000000..57c7a7a57968
--- /dev/null
+++ b/files/build_templates/gnmi.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Delays gnmi container until SONiC has started
+PartOf=gnmi.service
+
+[Timer]
+OnUnitActiveSec=0 sec
+OnBootSec=3min 30 sec
+Unit=gnmi.service
+
+[Install]
+WantedBy=timers.target sonic.target sonic-delayed.target
diff --git a/files/build_templates/init_cfg.json.j2 b/files/build_templates/init_cfg.json.j2
index f48a221239bd..05597c6b7c71 100644
--- a/files/build_templates/init_cfg.json.j2
+++ b/files/build_templates/init_cfg.json.j2
@@ -54,6 +54,7 @@
 {%- if include_sflow == "y" %}{% do features.append(("sflow", "disabled", false, "enabled")) %}{% endif %}
 {%- if include_macsec == "y" %}{% do features.append(("macsec", "disabled", false, "enabled")) %}{% endif %}
 {%- if include_system_telemetry == "y" %}{% do features.append(("telemetry", "enabled", true, "enabled")) %}{% endif %}
+{%- if include_system_gnmi == "y" %}{% do features.append(("gnmi", "enabled", true, "enabled")) %}{% endif %}
     "FEATURE": {
 {# has_timer field if set, will start the feature systemd .timer unit instead of .service unit #}
 {%- for feature, state, has_timer, autorestart in features %}
@@ -70,7 +71,7 @@
             "check_up_status" : "false",
 {%- endif %}
 {%- if include_kubernetes == "y" %}
-{%- if feature in ["lldp", "pmon", "radv", "eventd", "snmp", "telemetry"] %}
+{%- if feature in ["lldp", "pmon", "radv", "eventd", "snmp", "telemetry", "gnmi"] %}
             "set_owner": "kube", {% else %}
             "set_owner": "local", {% endif %} {% endif %}
             "high_mem_alert": "disabled"
diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2
index b0ea6f733993..dc9180b71e9c 100644
--- a/files/build_templates/sonic_debian_extension.j2
+++ b/files/build_templates/sonic_debian_extension.j2
@@ -870,6 +870,7 @@ sudo LANG=C cp $SCRIPTS_DIR/radv.sh $FILESYSTEM_ROOT/usr/local/bin/radv.sh
 sudo LANG=C cp $SCRIPTS_DIR/database.sh $FILESYSTEM_ROOT/usr/local/bin/database.sh
 sudo LANG=C cp $SCRIPTS_DIR/snmp.sh $FILESYSTEM_ROOT/usr/local/bin/snmp.sh
 sudo LANG=C cp $SCRIPTS_DIR/telemetry.sh $FILESYSTEM_ROOT/usr/local/bin/telemetry.sh
+sudo LANG=C cp $SCRIPTS_DIR/gnmi.sh $FILESYSTEM_ROOT/usr/local/bin/gnmi.sh
 sudo LANG=C cp $SCRIPTS_DIR/mgmt-framework.sh $FILESYSTEM_ROOT/usr/local/bin/mgmt-framework.sh
 sudo LANG=C cp $SCRIPTS_DIR/asic_status.sh $FILESYSTEM_ROOT/usr/local/bin/asic_status.sh
 sudo LANG=C cp $SCRIPTS_DIR/asic_status.py $FILESYSTEM_ROOT/usr/local/bin/asic_status.py
@@ -893,6 +894,11 @@ sudo cp $BUILD_TEMPLATES/telemetry.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
 echo "telemetry.timer" | sudo tee -a $GENERATED_SERVICE_FILE
 {% endif %}
 
+{% if include_system_gnmi == 'y' %}
+sudo cp $BUILD_TEMPLATES/gnmi.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
+echo "gnmi.timer" | sudo tee -a $GENERATED_SERVICE_FILE
+{% endif %}
+
 {% if include_mgmt_framework == 'y' %}
 sudo cp $BUILD_TEMPLATES/mgmt-framework.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
 echo "mgmt-framework.timer" | sudo tee -a $GENERATED_SERVICE_FILE
diff --git a/files/image_config/logrotate/rsyslog.j2 b/files/image_config/logrotate/rsyslog.j2
index 28a7d9dd2ee0..79bcbea95c4e 100644
--- a/files/image_config/logrotate/rsyslog.j2
+++ b/files/image_config/logrotate/rsyslog.j2
@@ -28,6 +28,7 @@
 /var/log/syslog
 /var/log/teamd.log
 /var/log/telemetry.log
+/var/log/gnmi.log
 /var/log/frr/bgpd.log
 /var/log/frr/zebra.log
 /var/log/swss/sairedis*.rec
diff --git a/files/image_config/rsyslog/rsyslog.d/00-sonic.conf b/files/image_config/rsyslog/rsyslog.d/00-sonic.conf
index bc69af74b8b3..b1e3dad024f4 100644
--- a/files/image_config/rsyslog/rsyslog.d/00-sonic.conf
+++ b/files/image_config/rsyslog/rsyslog.d/00-sonic.conf
@@ -17,6 +17,12 @@ if $programname contains "teamd_" then {
     stop
 }
 
+## gnmi rules
+if $programname contains "gnmi#" then {
+    /var/log/gnmi.log
+    stop
+}
+
 ## telemetry rules
 if $msg startswith  " telemetry" or ($msg startswith  " dialout" )then {
     /var/log/telemetry.log
diff --git a/files/scripts/gnmi.sh b/files/scripts/gnmi.sh
new file mode 120000
index 000000000000..ce97295f0364
--- /dev/null
+++ b/files/scripts/gnmi.sh
@@ -0,0 +1 @@
+service_mgmt.sh
\ No newline at end of file
diff --git a/rules/config b/rules/config
index 065d848250f2..91d8e777bc22 100644
--- a/rules/config
+++ b/rules/config
@@ -125,6 +125,9 @@ DEFAULT_VS_PREPARE_MEM = yes
 # INCLUDE_SYSTEM_TELEMETRY - build docker-sonic-telemetry for system telemetry support
 INCLUDE_SYSTEM_TELEMETRY = y
 
+# INCLUDE_SYSTEM_GNMI - build docker-sonic-gnmi for system gnmi support
+INCLUDE_SYSTEM_GNMI = y
+
 # INCLUDE_GNMI_TEST - build docker-gnmi-test for gnmi test container
 INCLUDE_GNMI_TEST = y
 
diff --git a/rules/docker-gnmi.dep b/rules/docker-gnmi.dep
new file mode 100644
index 000000000000..b3ccae69998d
--- /dev/null
+++ b/rules/docker-gnmi.dep
@@ -0,0 +1,11 @@
+
+DPATH       := $($(DOCKER_GNMI)_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/docker-gnmi.mk rules/docker-gnmi.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(DPATH))
+
+$(DOCKER_GNMI)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(DOCKER_GNMI)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(DOCKER_GNMI)_DEP_FILES   := $(DEP_FILES)
+
+$(eval $(call add_dbg_docker,$(DOCKER_GNMI),$(DOCKER_GNMI_DBG)))
diff --git a/rules/docker-gnmi.mk b/rules/docker-gnmi.mk
new file mode 100644
index 000000000000..e5147669c9a9
--- /dev/null
+++ b/rules/docker-gnmi.mk
@@ -0,0 +1,37 @@
+# docker image for gnmi agent
+
+DOCKER_GNMI_STEM = docker-sonic-gnmi
+DOCKER_GNMI = $(DOCKER_GNMI_STEM).gz
+DOCKER_GNMI_DBG = $(DOCKER_GNMI_STEM)-$(DBG_IMAGE_MARK).gz
+
+$(DOCKER_GNMI)_PATH = $(DOCKERS_PATH)/$(DOCKER_GNMI_STEM)
+
+$(DOCKER_GNMI)_DEPENDS += $(SONIC_MGMT_COMMON)
+$(DOCKER_GNMI)_DEPENDS += $(SONIC_TELEMETRY)
+$(DOCKER_GNMI)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_DEPENDS)
+
+$(DOCKER_GNMI)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE_BULLSEYE)
+
+$(DOCKER_GNMI)_VERSION = 1.0.0
+$(DOCKER_GNMI)_PACKAGE_NAME = gnmi
+
+$(DOCKER_GNMI)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_IMAGE_PACKAGES)
+
+SONIC_DOCKER_IMAGES += $(DOCKER_GNMI)
+ifeq ($(INCLUDE_SYSTEM_GNMI), y)
+SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_GNMI)
+endif
+
+SONIC_DOCKER_DBG_IMAGES += $(DOCKER_GNMI_DBG)
+ifeq ($(INCLUDE_SYSTEM_GNMI), y)
+SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_GNMI_DBG)
+endif
+
+$(DOCKER_GNMI)_CONTAINER_NAME = gnmi
+$(DOCKER_GNMI)_RUN_OPT += --privileged -t
+$(DOCKER_GNMI)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
+$(DOCKER_GNMI)_RUN_OPT += -v /usr/share/sonic/scripts:/usr/share/sonic/scripts:ro
+$(DOCKER_GNMI)_RUN_OPT += -v /var/run/dbus:/var/run/dbus:rw
+
+$(DOCKER_GNMI)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
+$(DOCKER_GNMI)_BASE_IMAGE_FILES += monit_gnmi:/etc/monit/conf.d
diff --git a/slave.mk b/slave.mk
index 93cc0834c651..5d3650450979 100644
--- a/slave.mk
+++ b/slave.mk
@@ -146,6 +146,10 @@ ifeq ($(SONIC_INCLUDE_SYSTEM_TELEMETRY),y)
 INCLUDE_SYSTEM_TELEMETRY = y
 endif
 
+ifeq ($(SONIC_INCLUDE_SYSTEM_GNMI),y)
+INCLUDE_SYSTEM_GNMI = y
+endif
+
 ifeq ($(SONIC_INCLUDE_GNMI_TEST),y)
 INCLUDE_GNMI_TEST = y
 endif
@@ -383,6 +387,7 @@ $(info "VS_PREPARE_MEM"                  : "$(VS_PREPARE_MEM)")
 $(info "INCLUDE_MGMT_FRAMEWORK"          : "$(INCLUDE_MGMT_FRAMEWORK)")
 $(info "INCLUDE_ICCPD"                   : "$(INCLUDE_ICCPD)")
 $(info "INCLUDE_SYSTEM_TELEMETRY"        : "$(INCLUDE_SYSTEM_TELEMETRY)")
+$(info "INCLUDE_SYSTEM_GNMI"             : "$(INCLUDE_SYSTEM_GNMI)")
 $(info "INCLUDE_GNMI_TEST"               : "$(INCLUDE_GNMI_TEST)")
 $(info "ENABLE_HOST_SERVICE_ON_START"    : "$(ENABLE_HOST_SERVICE_ON_START)")
 $(info "INCLUDE_RESTAPI"                 : "$(INCLUDE_RESTAPI)")
@@ -1187,6 +1192,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
 	export enable_dhcp_graph_service="$(ENABLE_DHCP_GRAPH_SERVICE)"
 	export enable_ztp="$(ENABLE_ZTP)"
 	export include_system_telemetry="$(INCLUDE_SYSTEM_TELEMETRY)"
+	export include_system_gnmi="$(INCLUDE_SYSTEM_GNMI)"
 	export include_gnmi_test="$(INCLUDE_GNMI_TEST)"
 	export include_restapi="$(INCLUDE_RESTAPI)"
 	export include_nat="$(INCLUDE_NAT)"
diff --git a/src/sonic-config-engine/minigraph.py b/src/sonic-config-engine/minigraph.py
index e677981b5d63..b254967ef5c1 100644
--- a/src/sonic-config-engine/minigraph.py
+++ b/src/sonic-config-engine/minigraph.py
@@ -1846,6 +1846,23 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw
             'ca_crt': '/etc/sonic/telemetry/dsmsroot.cer'
         }
     }
+    results['FEATURE'] = {
+        'gnmi': {
+            'state': 'enabled'
+        }
+    }
+    results['GNMI'] = {
+        'gnmi': {
+            'client_auth': 'true',
+            'port': '50052',
+            'log_level': '2'
+        },
+        'certs': {
+            'server_crt': '/etc/sonic/telemetry/gnmiserver.cer',
+            'server_key': '/etc/sonic/telemetry/gnmiserver.key',
+            'ca_crt': '/etc/sonic/telemetry/dsmsroot.cer'
+        }
+    }
     results['RESTAPI'] = {
         'config': {
             'client_auth': 'true',