Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SNMP][IPv6]: Fix SNMP IPv6 reachability issue in certain scenarios #15487

Merged
merged 12 commits into from
Jul 12, 2023
Merged

[SNMP][IPv6]: Fix SNMP IPv6 reachability issue in certain scenarios #15487

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
8e7aa23
[SNMP][IPv6]: Fix SNMP IPv6 reachability issue in certain scenario
SuvarnaMeenakshi Jun 15, 2023
cf2f69d
snmpd to listen on loopback0 ip only if interface exists.
SuvarnaMeenakshi Jun 15, 2023
8b1359f
Update minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG
SuvarnaMeenakshi Jun 21, 2023
6d0c64f
Add unit-test for minigraph change.
SuvarnaMeenakshi Jun 27, 2023
27ed71e
Update minigraph parser and add unit-test.
SuvarnaMeenakshi Jun 27, 2023
da40251
Moved logic to minigraph parser to add right IP addresses.
SuvarnaMeenakshi Jun 27, 2023
6859d0d
Remove logic to get docker0 ip.
SuvarnaMeenakshi Jun 27, 2023
e9cdf0a
Modify function name
SuvarnaMeenakshi Jun 27, 2023
40ba8f1
Modify to simpler change to easily backport to
SuvarnaMeenakshi Jun 29, 2023
15bf353
Merge remote-tracking branch 'origin/master' into HEAD
SuvarnaMeenakshi Jun 29, 2023
d1e4de4
Merge remote-tracking branch 'origin/master' into HEAD
SuvarnaMeenakshi Jul 10, 2023
817396c
Modify as per review comment
SuvarnaMeenakshi Jul 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions dockers/docker-snmp/snmpd.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,33 @@

# Listen for connections on all ip addresses, including eth0, ipv4 lo
#
{% set loip = [] %}
{% if LOOPBACK_INTERFACE is defined and (NAMESPACE_COUNT is defined and NAMESPACE_COUNT|int > 1) %}
{% for lo in LOOPBACK_INTERFACE %}
{% if lo | length == 2 and 'Loopback0' in lo[0] %}
{% if loip.append(lo[1].split('/')[0]) %}{% endif %}
{% endif %}
{% endfor %}
{% endif %}

{% if SNMP_AGENT_ADDRESS_CONFIG %}
{% set protocol = 'udp' %}
{% for (agentip, port, vrf) in SNMP_AGENT_ADDRESS_CONFIG %}
agentAddress {{ agentip }}{% if port %}:{{ port }}{% endif %}{% if vrf %}%{{ vrf }}{% endif %}{{ "" }}
{% if ':' in agentip %}
{% set protocol = 'udp6' %}
{% endif %}
{% if not agentip in loip %}
agentAddress {{ protocol }}:[{{ agentip }}]{% if port %}:{{ port }}{% endif %}{% if vrf %}%{{ vrf }}{% endif %}{{ "" }}
{% endif %}
{% endfor %}
{% if NAMESPACE_COUNT is defined and NAMESPACE_COUNT|int > 1 %}
agentAddress udp:[{{ docker0_v4 }}]:161
agentAddress udp6:[{{ docker0_v6 }}]:161
{% endif %}
{% else %}
agentAddress udp:161
agentAddress udp6:161
{% endif %}

###############################################################################
#
# ACCESS CONTROL
Expand Down
5 changes: 5 additions & 0 deletions dockers/docker-snmp/start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,16 @@ mkdir -p /etc/ssw /etc/snmp
# Parse snmp.yml and insert the data in Config DB
/usr/bin/snmp_yml_to_configdb.py

DOCKER0_V4=$(ip -4 addr show docker0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
Copy link
Collaborator

@qiluo-msft qiluo-msft Jun 23, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docker0

More secure container will bring better isolation between host and container. There is no access to docker0 insider container in future.

You may consider passing env var while docker create. #Closed

DOCKER0_V6=$(ip -6 addr show docker0 scope global | grep -oP '(?<=inet6\s)[0-9a-fA-F:]+')
ADD_PARAM=$(printf '%s {"docker0_v4":"%s","docker0_v6":"%s","NAMESPACE_COUNT":"%s"}' "-a" "$DOCKER0_V4" "$DOCKER0_V6" "$NAMESPACE_COUNT")

SONIC_CFGGEN_ARGS=" \
-d \
-y /etc/sonic/sonic_version.yml \
-t /usr/share/sonic/templates/sysDescription.j2,/etc/ssw/sysDescription \
-t /usr/share/sonic/templates/snmpd.conf.j2,/etc/snmp/snmpd.conf \
$ADD_PARAM \
"

sonic-cfggen $SONIC_CFGGEN_ARGS
Expand Down
11 changes: 11 additions & 0 deletions src/sonic-config-engine/minigraph.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1700,6 +1700,17 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw
results['LOOPBACK_INTERFACE'][host_lo_intf[0]] = {}

results['MGMT_VRF_CONFIG'] = mvrf

# Set SNMP_AGENT_ADDRESS_CONFIG to Management IP and Loopback0 IP
if asic_name is None:
results['SNMP_AGENT_ADDRESS_CONFIG'] = {}
for mgmt_if in results['MGMT_INTERFACE'].keys():
snmp_key = mgmt_if[1].split('/')[0] + '|161|'
Copy link
Collaborator

@qiluo-msft qiluo-msft Jun 27, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1

You could not assume that index 1 must be a special one. What is your criteria? Please check each mgmt_if. #Closed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The MGMT_INTERFACE keys contains interface name and ip address.
For example: ('eth0', '10.250.0.101/24')
So used index 1 to get the IP address.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, you mean 1 is the index of tuple. Could you prevent using magic number? how about tuple assignment or define a constant for 1.

results['SNMP_AGENT_ADDRESS_CONFIG'][snmp_key] = {}
for loip in results['LOOPBACK_INTERFACE']:
if len(loip) == 2 and loip[0] == 'Loopback0':
snmp_key = loip[1].split('/')[0] + '|161|'
Copy link
Collaborator

@qiluo-msft qiluo-msft Jun 27, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1

The same, do no assume the order. #Closed

results['SNMP_AGENT_ADDRESS_CONFIG'][snmp_key] = {}

phyport_intfs = {}
vlan_intfs = {}
Expand Down