[Platform API] Make HTTP server deployment more robust#1749
[Platform API] Make HTTP server deployment more robust#1749jleveque merged 2 commits intosonic-net:masterfrom jleveque:fix_platform_api_server
Conversation
tests/platform_tests/api/conftest.py
Outdated
| duthost.command('docker cp {} pmon:{}'.format(dest_path, pmon_path)) | ||
|
|
||
| duthost.command('systemctl stop caclmgrd.service') | ||
| duthost.command('iptables -F') |
There was a problem hiding this comment.
is this flush? I think this might cause some issue since there are other iptable rules.
There was a problem hiding this comment.
Yes it is a flush. If no table name is specified (like here), it will flush all chains in the "filter" table; it will not affect other tables. caclmgrd also performs a flush whenever there is a rule change, so this would also be a problem in production. Are you referring to rules in the "mangle" table? This table is not affected, as this only flushes the "filter" table.
For the future, we could update this and caclmgrd to explicitly flush the "filter" table, e.g., iptables -t filter -F to make it more clear to the reader.
There was a problem hiding this comment.
Nevertheless, I do believe that flushing all rules is a bit of overkill. So I have refactored the code to instead prepend an iptables rule to allow traffic destined for the HTTP server's port.
jleveque
changed the title
jleveque
changed the title
…tically (#25244) #### Why I did it src/sonic-sairedis ``` * 2457bb8d - (HEAD -> 202511, origin/202511) [Mellanox] Add phcsync activation for mellanox platforms. (sonic-net#1752) (2 days ago) [mssonicbld] * bcbf7158 - [202511] Upgrade SAI to v1.17.4 (sonic-net#1749) (3 days ago) [Vivek] * 5eec8434 - [syncd] Remove syncd redis objects if using ZMQ notifications (sonic-net#1738) (6 days ago) [mssonicbld] * 7770f146 - [vslib] MACsec interface creation command fails on VM/VS with send_sci=false and SCI combination. (sonic-net#1737) (6 days ago) [mssonicbld] * 4a62e3d2 - [202511][ci] use correct slave container for each branch (sonic-net#1746) (6 days ago) [yijingyan2] * cff5ae14 - Fix sonic-vpp build issue in master (sonic-net#1745) (7 days ago) [mssonicbld] ``` #### How I did it #### How to verify it #### Description for the changelog
4 participants
localhost.wait_for()calls to ensure it works in the absence of DNS.