Skip to content

[202305] [docker-macsec] fix privileged and volumes settings#17130

Merged
StormLiangMS merged 2 commits intosonic-net:202305from
maipbui:cherrypick_16894
Nov 16, 2023
Merged

[202305] [docker-macsec] fix privileged and volumes settings#17130
StormLiangMS merged 2 commits intosonic-net:202305from
maipbui:cherrypick_16894

Conversation

@maipbui
Copy link
Contributor

@maipbui maipbui commented Nov 9, 2023

cherry pick #16894

Why I did it

Privileges and volumes were incorrectly set in macsec container. Privileged flag is set to false and volumes are not mounted properly.

admin@vlab-01:~$ docker inspect macsec0 | grep Privi
           "Privileged": false,
admin@vlab-01:~$ docker inspect macsec0 | grep -A 10 Binds
           "Binds": [
               "/var/run/redis0:/var/run/redis:rw",
               "/var/run/redis-chassis:/var/run/redis-chassis:ro",
               "/usr/share/sonic/device/x86_64-nokia_ixr7250e_36x400g-r0/Nokia-IXR7250E-36x100G/0:/usr/share/sonic/hwsku:ro",
               "/var/run/redis0/:/var/run/redis0/:rw",
               "/usr/share/sonic/device/x86_64-nokia_ixr7250e_36x400g-r0:/usr/share/sonic/platform:ro"
           ],
Work item tracking
  • Microsoft ADO (number only):

How I did it

How to verify it

Make sure privileged settings remain unchanged and make sure volumes are properly mounted

admin@vlab-01:~$ docker inspect macsec | grep Privi
            "Privileged": false,
admin@vlab-01:~$ docker inspect macsec | grep -A 10 Binds
            "Binds": [
                "/etc/timezone:/etc/timezone:ro",
                "/var/run/redis:/var/run/redis:rw",
                "/var/run/redis-chassis:/var/run/redis-chassis:ro",
                "/etc/fips/fips_enable:/etc/fips/fips_enable:ro",
                "/usr/share/sonic/templates/rsyslog-container.conf.j2:/usr/share/sonic/templates/rsyslog-container.conf.j2:ro",
                "/etc/sonic:/etc/sonic:ro",
                "/host/warmboot:/var/warmboot",
                "/usr/share/sonic/device/x86_64-kvm_x86_64-r0/Force10-S6000/:/usr/share/sonic/hwsku:ro",
                "/usr/share/sonic/device/x86_64-kvm_x86_64-r0:/usr/share/sonic/platform:ro"
            ],

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211
  • 202305

Tested branch (Please provide the tested image version)

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@maipbui
resolve conflict
583b4b4 
Signed-off-by: Mai Bui <[email protected]>
@maipbui maipbui requested a review from StormLiangMS November 9, 2023 15:07
@maipbui
remove timezone volume
2bde1f2 
Signed-off-by: Mai Bui <[email protected]>
@maipbui
Copy link
Contributor Author

maipbui commented Nov 13, 2023

@StormLiangMS could you help signoff/merge this PR?

StormLiangMS
StormLiangMS approved these changes Nov 16, 2023
View reviewed changes
Copy link
Contributor

@StormLiangMS StormLiangMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@StormLiangMS
Copy link
Contributor

StormLiangMS commented Nov 16, 2023

@maipbui could you update if test with 202305?

@StormLiangMS StormLiangMS merged commit 52bebb9 into sonic-net:202305 Nov 16, 2023
@maipbui maipbui deleted the cherrypick_16894 branch November 16, 2023 13:57
@maipbui maipbui mentioned this pull request Apr 11, 2024
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@StormLiangMS StormLiangMS StormLiangMS approved these changes

@qiluo-msft qiluo-msft Awaiting requested review from qiluo-msft qiluo-msft is a code owner

@xumia xumia Awaiting requested review from xumia xumia is a code owner

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maipbui @StormLiangMS