diff --git a/build_debian.sh b/build_debian.sh index a8149ca72289..e283e5965ead 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -32,6 +32,9 @@ PASSWORD_ENCRYPTED=$2 ## Enable debug output for script set -x -e +## docker engine version (with platform) +DOCKER_VERSION=1.11.1-0~jessie_amd64 + ## Working directory to prepare the file system FILESYSTEM_ROOT=./fsroot ## Hostname for the linux image @@ -127,13 +130,21 @@ sudo chroot $FILESYSTEM_ROOT update-initramfs -u ## Install docker echo '[INFO] Install docker' -curl -sSL https://get.docker.com/ | sudo LANG=C chroot $FILESYSTEM_ROOT sh -## Remove garbage left by docker installation script -sudo rm $FILESYSTEM_ROOT/etc/apt/sources.list.d/docker.list +## Install apparmor utils since they're missing and apparmor is enabled in the kernel +## Otherwise Docker will fail to start +sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install apparmor +docker_deb_url=https://apt.dockerproject.org/repo/pool/main/d/docker-engine/docker-engine_${DOCKER_VERSION}.deb +docker_deb_temp=`mktemp` +trap_push "rm -f $docker_deb_temp" +wget $docker_deb_url -qO $docker_deb_temp && { \ + sudo dpkg --root=$FILESYSTEM_ROOT -i $docker_deb_temp || \ + sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f; \ +} +sudo chroot $FILESYSTEM_ROOT docker version sudo chroot $FILESYSTEM_ROOT service docker stop ## Add docker config drop-in to select aufs, otherwise it may other storage driver -## Note: $_ means last argument of last command sudo mkdir -p $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/ +## Note: $_ means last argument of last command sudo cp files/docker/docker.service.conf $_ ## Create default user @@ -149,6 +160,7 @@ sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install \ ## Pre-install the fundamental packages ## Note: gdisk is needed for sgdisk in install.sh ## Note: parted is needed for partprobe in install.sh +## Note: ca-certificates is needed for easy_install sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install \ file \ ifupdown \ @@ -167,8 +179,34 @@ sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install \ traceroute \ iputils-ping \ net-tools \ + bsdmainutils \ + ca-certificates \ + i2c-tools \ efibootmgr +## Remove sshd host keys, and will regenerate on first sshd start +sudo rm -f $FILESYSTEM_ROOT/etc/ssh/ssh_host_*_key* +sudo cp files/sshd/host-ssh-keygen.sh $FILESYSTEM_ROOT/usr/local/bin/ +sudo cp -f files/sshd/sshd.service $FILESYSTEM_ROOT/lib/systemd/system/ssh.service +## Config sshd +sudo augtool --autosave "set /files/etc/ssh/sshd_config/UseDNS no" -r $FILESYSTEM_ROOT + +## Config sysctl +sudo mkdir -p $FILESYSTEM_ROOT/var/core +sudo augtool --autosave " +set /files/etc/sysctl.conf/kernel.core_pattern '|/usr/bin/coredump-compress %e %p' +set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_accept 0 +set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_announce 0 +set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_filter 0 +set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_notify 0 +set /files/etc/sysctl.conf/net.ipv4.conf.default.arp_ignore 0 +set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_accept 0 +set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_announce 1 +set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_filter 0 +set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_notify 1 +set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_ignore 2 +" -r $FILESYSTEM_ROOT + ## docker-py is needed by Ansible docker module sudo LANG=C chroot $FILESYSTEM_ROOT easy_install pip sudo LANG=C chroot $FILESYSTEM_ROOT pip install 'docker-py==1.6.0' diff --git a/build_docker.sh b/build_docker.sh index 177c1e6a64b8..14a545bfc73b 100755 --- a/build_docker.sh +++ b/build_docker.sh @@ -1,10 +1,45 @@ #!/bin/bash ## This script is to automate the preparation for docker images for ACS. ## If registry server and port provided, the images will be pushed there. -## Usage: -## sudo ./build_docker.sh DOCKER_BUILD_DIR [REGISTRY_SERVER REGISTRY_PORT] -set -x -e +set -e + +. ./functions.sh + +usage() { + cat >&2 <&2 + usage + exit 1 + ;; + esac +done +shift "$((OPTIND - 1))" ## Dockerfile directory DOCKER_BUILD_DIR=$1 @@ -18,36 +53,39 @@ REGISTRY_PASSWD=$5 exit 1 } -## Docker image label, so no need to remember its hash -docker_image_name=$DOCKER_BUILD_DIR -remote_image_name=$REGISTRY_SERVER:$REGISTRY_PORT/$docker_image_name - -## File name for docker image -docker_image_gz=$docker_image_name.gz - -[ -n "$docker_image_gz" ] || { - echo "Error: Output docker image filename is empty" - exit 1 +[ -n "$docker_image_name" ] || { + docker_image_name=$DOCKER_BUILD_DIR } -function cleanup { - rm -rf $DOCKER_BUILD_DIR/files - rm -rf $DOCKER_BUILD_DIR/deps - docker rmi $remote_image_name || true +[ ${BUILD_NUMBER} ] || { + echo "No BUILD_NUMBER found, setting to 0." + BUILD_NUMBER="0" } -trap cleanup exit + +remote_image_name=$REGISTRY_SERVER:$REGISTRY_PORT/$docker_image_name:latest +timestamp="$(date -u +%Y%m%d)" +build_version="${timestamp}.${BUILD_NUMBER}" +build_remote_image_name=$REGISTRY_SERVER:$REGISTRY_PORT/$docker_image_name:$build_version ## Copy dependencies ## Note: Dockerfile ADD doesn't support reference files outside the folder, so copy it locally if ls deps/* 1>/dev/null 2>&1; then + trap_push "rm -rf $DOCKER_BUILD_DIR/deps" mkdir -p $DOCKER_BUILD_DIR/deps cp -r deps/* $DOCKER_BUILD_DIR/deps fi ## Copy the suggested Debian sources ## ref: https://wiki.debian.org/SourcesList +trap_push "rm -rf $DOCKER_BUILD_DIR/deps" cp -r files $DOCKER_BUILD_DIR/files +docker_try_rmi $docker_image_name + +## Build the docker image docker build --no-cache -t $docker_image_name $DOCKER_BUILD_DIR +## Get the ID of the built image +## Note: inspect output has quotation characters, so sed to remove it as an argument +image_id=$(docker inspect --format="{{json .Id}}" $docker_image_name | sed -e 's/^"//' -e 's/"$//') ## Flatten the image by importing an exported container on this image ## Note: it will squash the image with only one layer and lost all metadata such as ENTRYPOINT, @@ -57,18 +95,30 @@ docker build --no-cache -t $docker_image_name $DOCKER_BUILD_DIR if [ "$docker_image_name" = "docker-base" ]; then tmp_container=$(docker run -d ${docker_image_name} /bin/bash) docker export $tmp_container | docker import - ${docker_image_name} - docker rm -f $tmp_container || true + trap_push "docker rmi $image_id" + trap_push "docker rm -f $tmp_container || true" fi +image_sha='' if [ -n "$REGISTRY_SERVER" ] && [ -n "$REGISTRY_PORT" ]; then ## Add registry information as tag, so will push as latest + ## Add additional tag with build information ## Temporarily add -f option to prevent error message of Docker engine version < 1.10.0 - docker tag -f $docker_image_name $remote_image_name + docker tag $docker_image_name $remote_image_name + docker tag $docker_image_name $build_remote_image_name ## Login the docker image registry server - ## Note: user name and password are passed from command line, use fake email address to bypass login check - docker login -u $REGISTRY_USERNAME -p "$REGISTRY_PASSWD" -e "@" $REGISTRY_SERVER:$REGISTRY_PORT - docker push $remote_image_name + ## Note: user name and password are passed from command line + docker login -u $REGISTRY_USERNAME -p "$REGISTRY_PASSWD" $REGISTRY_SERVER:$REGISTRY_PORT + + ## Push image to registry server + ## And get the image digest SHA256 + trap_push "docker rmi $remote_image_name" + trap_push "docker rmi $build_remote_image_name" + image_sha=$(docker push $remote_image_name | sed -n "s/.*: digest: sha256:\([0-9a-f]*\).*/\\1/p") + docker push $build_remote_image_name fi -docker save $docker_image_name | gzip -c > $docker_image_gz +mkdir -p target +rm -f target/$docker_image_name.*.gz +docker save $docker_image_name | gzip -c > target/$docker_image_name.$image_sha.gz diff --git a/build_image.sh b/build_image.sh index 75a3bce521af..e4a93d8dfbf8 100755 --- a/build_image.sh +++ b/build_image.sh @@ -23,10 +23,6 @@ sudo rm -f $OUTPUT_ONIE_IMAGE if [ "$TARGET_MACHINE" = "generic" ]; then ## Generate an ONIE installer image ## Note: Don't leave blank between lines. It is single line command. - CONSOLE_SPEED=9600 \ - CONSOLE_DEV=0 \ - CONSOLE_FLAG=0 \ - CONSOLE_PORT=0x3f8 \ ./onie-mk-demo.sh $TARGET_PLATFORM $TARGET_MACHINE $TARGET_PLATFORM-$TARGET_MACHINE-$ONIEIMAGE_VERSION \ installer $TARGET_MACHINE/platform.conf $OUTPUT_ONIE_IMAGE OS $GIT_REVISION $ONIE_IMAGE_PART_SIZE \ $ONIE_INSTALLER_PAYLOAD diff --git a/docker-base b/docker-base index 915f0fc71276..dfb5c2f46bf9 160000 --- a/docker-base +++ b/docker-base @@ -1 +1 @@ -Subproject commit 915f0fc71276e8819107edf605ab891764a01870 +Subproject commit dfb5c2f46bf982207c8dbc2c5af589a0ba1b3ddc diff --git a/docker-bgp/Dockerfile b/docker-bgp/Dockerfile index bf286a14ab86..b01698e31118 100755 --- a/docker-bgp/Dockerfile +++ b/docker-bgp/Dockerfile @@ -1,11 +1,12 @@ FROM docker-base -COPY deps /deps -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/quagga_*.deb +COPY deps/quagga_*.deb /deps/ +RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; } && \ + dpkg_apt /deps/quagga_*.deb && \ + apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y && \ + rm -rf /deps -## Clean up -RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y -RUN rm -rf /deps +COPY daemons /etc/quagga/ ENTRYPOINT service rsyslog start \ && service quagga start \ diff --git a/docker-bgp/daemons b/docker-bgp/daemons new file mode 100644 index 000000000000..cb7c2322c9fb --- /dev/null +++ b/docker-bgp/daemons @@ -0,0 +1,31 @@ +# This file tells the quagga package which daemons to start. +# +# Entries are in the format: =(yes|no|priority) +# 0, "no" = disabled +# 1, "yes" = highest priority +# 2 .. 10 = lower priorities +# Read /usr/share/doc/quagga/README.Debian for details. +# +# Sample configurations for these daemons can be found in +# /usr/share/doc/quagga/examples/. +# +# ATTENTION: +# +# When activation a daemon at the first time, a config file, even if it is +# empty, has to be present *and* be owned by the user and group "quagga", else +# the daemon will not be started by /etc/init.d/quagga. The permissions should +# be u=rw,g=r,o=. +# When using "vtysh" such a config file is also needed. It should be owned by +# group "quaggavty" and set to ug=rw,o= though. Check /etc/pam.d/quagga, too. +# +# The watchquagga daemon is always started. Per default in monitoring-only but +# that can be changed via /etc/quagga/debian.conf. +# +zebra=yes +bgpd=yes +ospfd=no +ospf6d=no +ripd=no +ripngd=no +isisd=no +babeld=no diff --git a/docker-database/Dockerfile b/docker-database/Dockerfile index 2282f7cadca9..4499f4a8f8fa 100755 --- a/docker-database/Dockerfile +++ b/docker-database/Dockerfile @@ -1,14 +1,14 @@ FROM docker-base ## Pre-install the fundamental packages -RUN apt-get update && apt-get -y install \ - redis-server +## Clean up +RUN apt-get -y install \ + redis-server \ + && \ + apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y RUN sed -ri 's/^daemonize yes$/daemonize no/' /etc/redis/redis.conf \ && sed -ri 's/^logfile .*$/logfile ""/' /etc/redis/redis.conf \ && sed -ri 's/^# syslog-enabled no$/syslog-enabled no/' /etc/redis/redis.conf -## Clean up -RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y - ENTRYPOINT service redis-server start diff --git a/docker-fpm/Dockerfile b/docker-fpm/Dockerfile index c223a746fffe..d877c408baab 100755 --- a/docker-fpm/Dockerfile +++ b/docker-fpm/Dockerfile @@ -2,20 +2,21 @@ FROM docker-base RUN apt-get update -COPY deps /deps +COPY ["deps/libhiredis0.13*.deb", "deps/libswsscommon_*.deb", "deps/quagga_*", "/deps/"] + ## Get fpmsyncd RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libhiredis0.13*.deb RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libswsscommon_*.deb -COPY /deps/fpmsyncd /usr/local/bin/fpmsyncd +COPY deps/fpmsyncd /usr/local/bin/ ## Get Quagga RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/quagga_*.deb +COPY start.sh /usr/bin/start.sh + ## Clean up RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y RUN rm -rf /deps -ENTRYPOINT service rsyslog start \ - && service quagga start \ - && (fpmsyncd &) \ - && /bin/bash +ENTRYPOINT /usr/bin/start.sh \ + && /bin/bash diff --git a/docker-fpm/start.sh b/docker-fpm/start.sh new file mode 100755 index 000000000000..90a1d515fa3a --- /dev/null +++ b/docker-fpm/start.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +service rsyslog start +service quagga start +fpmsyncd & diff --git a/docker-lldp/Dockerfile b/docker-lldp/Dockerfile old mode 100755 new mode 100644 index 176270c3ec81..bcfd378a73da --- a/docker-lldp/Dockerfile +++ b/docker-lldp/Dockerfile @@ -1,21 +1,18 @@ FROM docker-base -## Pre-install the fundamental packages -RUN apt-get update && apt-get -y install \ - lldpd - -COPY deps /deps +COPY deps/*py2*.whl deps/python-sswsdk_*.deb deps/lldpsyncd_*.deb deps/lldpd_*.deb /deps/ +## Pre-install the fundamental packages ## Install Python SSWSDK (lldpsyncd dependancy) -## Note: dpkg_apt function has the benefit to detect missing .deb file -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/python-sswsdk_*.deb ## Install LLDP Sync Daemon ## Note: dpkg_apt function has the benefit to detect missing .deb file -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/lldpsyncd_*.deb - ## Clean up -RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y -RUN rm -rf /deps +RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; } && \ + dpkg_apt /deps/lldpd_*.deb && \ + dpkg_apt /deps/lldpsyncd_*.deb && \ + apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y && \ + pip install --no-cache-dir /deps/*.whl && \ + rm -rf /deps ## There is a known bug: agetty processes at 100% cpu ## When: diff --git a/docker-orchagent/Dockerfile b/docker-orchagent/Dockerfile index 3c674c9bb4c5..17fbfe9e7274 100755 --- a/docker-orchagent/Dockerfile +++ b/docker-orchagent/Dockerfile @@ -2,21 +2,22 @@ FROM docker-base RUN apt-get update -COPY deps /deps +COPY ["deps/libhiredis0.13*.deb", "deps/libswsscommon_*.deb", "deps/libsairedis_*.deb", "/deps/"] RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libhiredis0.13*.deb RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libswsscommon_*.deb RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libsairedis_*.deb -## TODO: add ifupdown into Depends -RUN apt-get install -f -y ifupdown +RUN apt-get install -f -y ifupdown bridge-utils ## Copy executable binaries -COPY ["/deps/orchagent","/deps/swssconfig","/deps/portsyncd","/deps/intfsyncd","/deps/neighsyncd","/usr/local/bin/"] +COPY ["deps/orchagent","deps/swssconfig","deps/portsyncd","deps/intfsyncd","deps/neighsyncd","/usr/local/bin/"] + +COPY start.sh /usr/bin/start.sh ## Clean up RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y RUN rm -rf /deps -ENTRYPOINT service rsyslog start \ - && /bin/bash +ENTRYPOINT /usr/bin/start.sh \ + && /bin/bash diff --git a/docker-orchagent/start.sh b/docker-orchagent/start.sh new file mode 100755 index 000000000000..a5155e0513ad --- /dev/null +++ b/docker-orchagent/start.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +. /host/machine.conf + +MAC_ADDRESS=`ip link show eth0 | grep ether | awk '{print $2}'` + +ORCHAGENT_ARGS="" + +PORTSYNCD_ARGS="" + +if [ "$onie_platform" == "x86_64-dell_s6000_s1220-r0" ]; then + ORCHAGENT_ARGS+="-m $MAC_ADDRESS" + PORTSYNCD_ARGS+="-p /etc/ssw/ACS-S6000/port_config.ini" +elif [ "$onie_platform" == "x86_64-mlnx_x86-r5.0.1400" ]; then + ORCHAGENT_ARGS+="-p /etc/ssw/ACS-MSN2700/port_config.ini" +fi + +service rsyslog start +orchagent $ORCHAGENT_ARGS & +sleep 5 +portsyncd $PORTSYNCD_ARGS & +sleep 5 +intfsyncd & +sleep 5 +neighsyncd & diff --git a/docker-platform-monitor/Dockerfile b/docker-platform-monitor/Dockerfile index 7cda4d4f4d91..041f03f69927 100755 --- a/docker-platform-monitor/Dockerfile +++ b/docker-platform-monitor/Dockerfile @@ -1,13 +1,12 @@ FROM docker-base ## Pre-install the fundamental packages -RUN apt-get update && apt-get -y install \ - smartmontools \ - sensord - ## Clean up -RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y -RUN rm -rf /deps +RUN apt-get -y install \ + smartmontools \ + sensord \ + && \ + apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y ENTRYPOINT service rsyslog start \ && service lm-sensors start \ diff --git a/docker-snmp/Dockerfile b/docker-snmp/Dockerfile old mode 100755 new mode 100644 index 1f64fe7d0b9d..7286b7fe570d --- a/docker-snmp/Dockerfile +++ b/docker-snmp/Dockerfile @@ -1,21 +1,47 @@ FROM docker-base -## Pre-install the fundamental packages -RUN apt-get update && apt-get -y install \ - snmp \ - snmpd +COPY deps/snmp_*.deb deps/snmpd_*.deb deps/libsnmp-base_*.deb deps/libsnmp30_*.deb /deps/ +COPY deps/python3/*.whl /python3/ -COPY deps /deps +# enable -O for all Python calls +ENV PYTHONOPTIMIZE 1 +## Pre-install the fundamental packages ## Install Python SSWSDK (SNMP subagent dependancy) -## Note: dpkg_apt function has the benefit to detect missing .deb file -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/python-sswsdk_*.deb ## Install SNMP subagent -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/acs-snmp-subagent_*.deb - +## Note: dpkg_apt function has the benefit to detect missing .deb file ## Clean up -RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y -RUN rm -rf /deps +RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; } && \ + dpkg_apt /deps/libsnmp-base_*.deb && \ + dpkg_apt /deps/libsnmp30_*.deb && \ + dpkg_apt /deps/snmp_*.deb && \ + dpkg_apt /deps/snmpd_*.deb && \ + rm -rf /deps + +# install subagent +RUN apt-get -y install build-essential wget libssl-dev openssl && \ + rm -rf /var/lib/apt/lists/* && \ + wget https://www.python.org/ftp/python/3.5.2/Python-3.5.2.tgz && \ + tar xvf Python-3.5.2.tgz && cd Python-3.5.2 && \ + ./configure --without-doc-strings --prefix=/usr --without-pymalloc --enable-shared && \ + make && make install && \ + ldconfig && \ + cd .. && rm -rf Python-3.5.2 && rm Python-3.5.2.tgz && \ + pip3 install --no-cache-dir /python3/*py3*.whl hiredis && \ + rm -rf /python3 && \ + python3 -m pip uninstall -y pip setuptools && \ + rm -rf /usr/lib/python3.5/unittest && \ + rm -rf /usr/lib/python3.5/lib2to3 && \ + rm -rf /usr/lib/python3.5/tkinter && \ + rm -rf /usr/lib/python3.5/idlelib && \ + rm -rf /usr/lib/python3.5/email && \ + rm -rf /usr/lib/python3.5/test && \ + apt-get -y remove build-essential wget libssl-dev openssl && \ + apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y && \ + python3 -m acs_ax_impl install && \ + find / | grep -E "__pycache__" | xargs rm -rf && \ + rm -rf ~/.cache && \ + systemctl enable acs-snmp-subagent.service ## There is a known bug: agetty processes at 100% cpu ## When: @@ -29,8 +55,7 @@ RUN systemctl --no-pager list-unit-files --type=service | grep getty | awk '{pri RUN systemctl mask getty@tty1.service ## Although exposing ports is not need for host net mode, keep it for possible bridge mode -EXPOSE 161/udp -EXPOSE 162/udp +EXPOSE 161/udp 162/udp ## Specify init as CMD to enable systemd ## Note: don't provide ENTRYPOINT at the same time diff --git a/docker-sswsyncd/Dockerfile b/docker-sswsyncd/Dockerfile index 9af14c2a561e..7d83c67a259b 100755 --- a/docker-sswsyncd/Dockerfile +++ b/docker-sswsyncd/Dockerfile @@ -1,17 +1,23 @@ FROM docker-base -RUN apt-get update - -COPY deps /deps -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/python-tabulate_*.deb -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libopennsl_*.deb -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libsaibcm_*.deb -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libsswsdk_*.deb -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/sswsyncd_*.deb +COPY \ + deps/python-tabulate_*.deb \ + deps/libopennsl_*.deb \ + deps/libsaibcm_*.deb \ + deps/libsswsdk_*.deb \ + deps/sswsyncd_*.deb \ + /deps/ +## Install packages ## Clean up -RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y -RUN rm -rf /deps +RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; } && \ + dpkg_apt /deps/python-tabulate_*.deb && \ + dpkg_apt /deps/libopennsl_*.deb && \ + dpkg_apt /deps/libsaibcm_*.deb && \ + dpkg_apt /deps/libsswsdk_*.deb && \ + dpkg_apt /deps/sswsyncd_*.deb && \ + apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y && \ + rm -rf /deps ENTRYPOINT service rsyslog start \ && service sswsyncd start \ diff --git a/docker-syncd-mlnx-rpc/Dockerfile b/docker-syncd-mlnx-rpc/Dockerfile new file mode 100644 index 000000000000..3aed6f080506 --- /dev/null +++ b/docker-syncd-mlnx-rpc/Dockerfile @@ -0,0 +1,46 @@ +FROM docker-syncd-mlnx + +## Make apt-get non-interactive +ENV DEBIAN_FRONTEND=noninteractive + +## Pre-install the fundamental packages +RUN apt-get update \ + && apt-get -y install \ + net-tools \ + python-pip \ + build-essential \ + libssl-dev \ + libffi-dev \ + python-dev \ + wget \ + cmake \ + && wget https://github.com/nanomsg/nanomsg/archive/1.0.0.tar.gz \ + && tar xvfz 1.0.0.tar.gz \ + && cd nanomsg-1.0.0 \ + && mkdir -p build \ + && cmake . \ + && make install \ + && ldconfig \ + && cd .. \ + && rm -fr nanomsg-1.0.0 \ + && pip install cffi \ + && pip install --upgrade cffi \ + && pip install nnpy \ + && mkdir -p /opt \ + && cd /opt \ + && wget https://raw.githubusercontent.com/p4lang/ptf/master/ptf_nn/ptf_nn_agent.py + +COPY deps /deps + +RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; } \ + && dpkg -r syncd \ + && dpkg_apt /deps/syncd_*.deb \ + && dpkg_apt /deps/libthrift-0.9.2_*.deb + +## Clean up +RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y +RUN rm -rf /deps + +ENTRYPOINT service rsyslog start \ + && service syncd start \ + && /bin/bash diff --git a/docker-syncd/Dockerfile b/docker-syncd/Dockerfile index f720b6c19bbd..a3d45eb71fe7 100755 --- a/docker-syncd/Dockerfile +++ b/docker-syncd/Dockerfile @@ -2,23 +2,24 @@ FROM docker-base RUN apt-get update -COPY deps /deps +COPY ["deps/libhiredis0.13*.deb", "deps/libswsscommon_*.deb", "deps/libopennsl_*.deb", "deps/libsaibcm_*.deb", "deps/libsairedis_*.deb", "deps/syncd_*.deb", "/deps/"] -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libhiredis0.13*.deb -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libswsscommon_*.deb -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libopennsl_*.deb -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libsaibcm_*.deb -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/libsairedis_*.deb - -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /deps/syncd_*.deb +RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; \ + dpkg_apt /deps/libhiredis0.13*.deb \ + && dpkg_apt /deps/libswsscommon_*.deb \ + && dpkg_apt /deps/libopennsl_*.deb \ + && dpkg_apt /deps/libsaibcm_*.deb \ + && dpkg_apt /deps/libsairedis_*.deb \ + && dpkg_apt /deps/syncd_*.deb ## TODO: add kmod into Depends RUN apt-get install -f kmod +COPY ["deps/dsserve", "deps/bcmcmd", "start.sh", "/usr/local/bin/"] + ## Clean up RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y RUN rm -rf /deps -ENTRYPOINT service rsyslog start \ - && service syncd start \ - && /bin/bash +ENTRYPOINT /usr/local/bin/start.sh \ + && /bin/bash diff --git a/docker-syncd/start.sh b/docker-syncd/start.sh new file mode 100755 index 000000000000..346936ff2f59 --- /dev/null +++ b/docker-syncd/start.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +service rsyslog start +service syncd start diff --git a/docker-vas/Dockerfile b/docker-vas/Dockerfile index cd9378523ea2..1b51bb968cff 100755 --- a/docker-vas/Dockerfile +++ b/docker-vas/Dockerfile @@ -1,17 +1,18 @@ FROM docker-base -## Pre-install the fundamental packages -RUN apt-get update && apt-get -y install \ - sudo - -COPY deps /deps -RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; \ - dpkg_apt /deps/vasclnt_*.deb && \ - dpkg_apt /deps/vasgp_*.deb +COPY deps/vasclnt_*.deb deps/vasgp_*.deb /deps/ +COPY user-override /etc/opt/quest/vas/user-override +## Pre-install the fundamental packages ## Clean up -RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y -RUN rm -rf /deps +RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; } && \ + apt-get -y install \ + sudo \ + && \ + dpkg_apt /deps/vasclnt_*.deb && \ + dpkg_apt /deps/vasgp_*.deb && \ + apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y && \ + rm -rf /deps ## Expose to host, ie. image content will copy to host when container started ## For .so diff --git a/docker-vas/user-override b/docker-vas/user-override new file mode 100644 index 000000000000..cb16ea6ded0f --- /dev/null +++ b/docker-vas/user-override @@ -0,0 +1,2 @@ +# Overrides every member to have the bash shell +::::::/bin/bash diff --git a/files/Aboot/boot0 b/files/Aboot/boot0 index 98522bdfe647..8a0d0b77cf11 100644 --- a/files/Aboot/boot0 +++ b/files/Aboot/boot0 @@ -1,3 +1,4 @@ +#!/bin/sh # Copyright (C) 2016 Arista Networks, Inc. # # This program is free software: you can redistribute it and/or modify @@ -37,11 +38,33 @@ if [ -d "${swipath}" ]; then exit 1 fi -## Determine whether installing by hash file in the image +## Check the hash file in the image, and determine to install or just skip GIT_REVISION=$(unzip -p ${swipath} .imagehash) LOCAL_IMAGEHASH=$(cat $TARGET_PATH/.imagehash 2>/dev/null || true) if [ "$GIT_REVISION" != "$LOCAL_IMAGEHASH" ]; then + ## Clean old directory for read-write layer + rm -rf ${TARGET_PATH}/rw + + ## Unzip the image unzip -oq ${swipath} -x boot0 -d ${TARGET_PATH} + + ## Detect SKU and create a hardware description file + aboot_version=`grep ^Aboot /etc/cmdline | sed 's/^.*norcal.-//'` + aboot_build_date=`stat -c %y /bin/sysinit | sed 's/ /T/'` + if `grep -q platform=raven /etc/cmdline`; then + aboot_machine=arista_7050_qx32 + else + aboot_machine=arista_7050_qx32s + fi + cat < ${TARGET_PATH}/machine.conf +aboot_version=$aboot_version +aboot_vendor=arista +aboot_platform=x86_64-$aboot_machine +aboot_machine=$aboot_machine +aboot_arch=x86_64 +aboot_build_date=$aboot_build_date +EOF + fi echo "${append}" >/tmp/append diff --git a/files/docker/docker.service.conf b/files/docker/docker.service.conf index 2d6d3cfaa6fb..bfc44fb48f99 100644 --- a/files/docker/docker.service.conf +++ b/files/docker/docker.service.conf @@ -1,3 +1,3 @@ [Service] ExecStart= -ExecStart=/usr/bin/docker daemon -H fd:// --storage-driver=aufs +ExecStart=/usr/bin/docker daemon -H fd:// --storage-driver=aufs --bip=240.127.1.1/24 diff --git a/files/initramfs-tools/union-mount b/files/initramfs-tools/union-mount index 85fba9df3a0a..b343d56c6e22 100644 --- a/files/initramfs-tools/union-mount +++ b/files/initramfs-tools/union-mount @@ -4,10 +4,15 @@ case $1 in exit 0 ;; esac + +## Mount the aufs file system: rw layer over squashfs mkdir -p ${rootmnt}/host/rw mount -n -o dirs=${rootmnt}/host/rw:${rootmnt}=ro -t aufs root-aufs ${rootmnt} +## Mount the raw partition again mount ${ROOT} ${rootmnt}/host -mkdir -p /root/var/lib/docker -mount --bind /root/host/var/lib/docker /root/var/lib/docker -mkdir -p /root/boot -mount --bind /root/host/boot /root/boot +## Mount the working directory of docker engine in the raw partition, bypass the aufs +mkdir -p ${rootmnt}/var/lib/docker +mount --bind ${rootmnt}/host/var/lib/docker ${rootmnt}/var/lib/docker +## Mount the boot directory in the raw partition, bypass the aufs +mkdir -p ${rootmnt}/boot +mount --bind ${rootmnt}/host/boot ${rootmnt}/boot diff --git a/files/sshd/host-ssh-keygen.sh b/files/sshd/host-ssh-keygen.sh new file mode 100755 index 000000000000..476dd00a2800 --- /dev/null +++ b/files/sshd/host-ssh-keygen.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +[ -r /etc/ssh/ssh_host_key ] || { + rm -f /etc/ssh/ssh_host_*_key* + /usr/bin/ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key + /usr/bin/ssh-keygen -t dsa -N '' -f /etc/ssh/ssh_host_dsa_key + /usr/bin/ssh-keygen -t rsa1 -N '' -f /etc/ssh/ssh_host_key + /usr/bin/ssh-keygen -t ecdsa -N '' -f /etc/ssh/ssh_host_ecdsa_key + /usr/bin/ssh-keygen -t ed25519 -N '' -f /etc/ssh/ssh_host_ed25519_key +} diff --git a/files/sshd/sshd.service b/files/sshd/sshd.service new file mode 100644 index 000000000000..d79c574da516 --- /dev/null +++ b/files/sshd/sshd.service @@ -0,0 +1,16 @@ +[Unit] +Description=OpenBSD Secure Shell server +After=network.target auditd.service +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run + +[Service] +EnvironmentFile=-/etc/default/ssh +ExecStartPre=-/usr/local/bin/host-ssh-keygen.sh +ExecStart=/usr/sbin/sshd -D $SSHD_OPTS +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Alias=sshd.service diff --git a/functions.sh b/functions.sh index b9e7ee0b55e6..99dfcb9db3f1 100644 --- a/functions.sh +++ b/functions.sh @@ -36,3 +36,10 @@ die() { warn "$message" exit 1 } + +docker_try_rmi() { + local image_name="$1" + ## Note: inspect output has quotation characters, so sed to remove it as an argument + local image_id=$(docker inspect --format="{{json .Id}}" $image_name | sed -e 's/^"//' -e 's/"$//') + [ -z "$image_id" ] || docker rmi $image_name +} diff --git a/installer/x86_64/dell-s6000-replace-reboot.sh b/installer/x86_64/dell-s6000-replace-reboot.sh new file mode 100755 index 000000000000..48ac8a62f548 --- /dev/null +++ b/installer/x86_64/dell-s6000-replace-reboot.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +echo "Replace ONIE reboot with Dell reset commands" + +# set I2C GPIO mux +echo 1 > /sys/class/gpio/export +echo 2 > /sys/class/gpio/export +echo out > /sys/class/gpio/gpio1/direction +echo out > /sys/class/gpio/gpio2/direction +echo 0 > /sys/class/gpio/gpio1/value +echo 0 > /sys/class/gpio/gpio2/value + +# replace the original reboot binary with the following command +rm /sbin/reboot +echo 'i2cset -y 0 0x31 1 0xfd' > /sbin/reboot +chmod a+x /sbin/reboot diff --git a/installer/x86_64/install.sh b/installer/x86_64/install.sh index 528c14727280..58243be24283 100755 --- a/installer/x86_64/install.sh +++ b/installer/x86_64/install.sh @@ -39,6 +39,28 @@ if [ $(id -u) -ne 0 ] exit 1 fi +# get running machine from conf file +[ -r /etc/machine.conf ] && . /etc/machine.conf + +echo "onie_platform: $onie_platform" + +# default console settings +CONSOLE_PORT=0x3f8 +CONSOLE_DEV=0 +CONSOLE_SPEED=9600 + +# Get platform specific linux kernel command line arguments +ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="" +# platform specific configurations +if [ "$onie_platform" == "x86_64-dell_s6000_s1220-r0" ]; then + `pwd`/dell-s6000-replace-reboot.sh +elif [ "$onie_platform" == "x86_64-mlnx_x86-r5.0.1400" ]; then + ONIE_PLATFORM_EXTRA_CMDLINE_LINUX="acpi_enforce_resources=lax acpi=noirq" +elif [ "$onie_platform" == "x86_64-dell_s6100_c2538-r0" ]; then + CONSOLE_PORT=0x2f8 + CONSOLE_DEV=1 +fi + # Install demo on same block device as ONIE onie_dev=$(blkid | grep ONIE-BOOT | head -n 1 | awk '{print $1}' | sed -e 's/:.*$//') blk_dev=$(echo $onie_dev | sed -e 's/[1-9][0-9]*$//' | sed -e 's/\([0-9]\)\(p\)/\1/') @@ -180,6 +202,7 @@ create_demo_gpt_partition() --attributes=${demo_part}:=:$attr_bitmask \ --change-name=${demo_part}:$demo_volume_revision_label $blk_dev \ || { + echo "Warning: The first trial of creating partition failed, trying the largest aligned available block of sectors on the disk" begin=$(sgdisk -F $blk_dev) end=$(sgdisk -E $blk_dev) sgdisk --new=${demo_part}:$begin:$end \ @@ -379,7 +402,10 @@ ${onie_bin} mount -t ext4 -o defaults,rw $demo_dev $demo_mnt || { # Decompress the file for the file system directly to the partition unzip $ONIE_INSTALLER_PAYLOAD -d $demo_mnt -# store installation log in demo file system +# Store machine description in target file system +cp /etc/machine.conf $demo_mnt + +# Store installation log in target file system rm -f $onie_initrd_tmp/tmp/onie-support.tar.bz2 ${onie_bin} onie-support /tmp mv $onie_initrd_tmp/tmp/onie-support.tar.bz2 $demo_mnt @@ -408,8 +434,8 @@ trap_push "rm $grub_cfg || true" [ -r ./platform.conf ] && . ./platform.conf -DEFAULT_GRUB_SERIAL_COMMAND="serial --port=%%CONSOLE_PORT%% --speed=%%CONSOLE_SPEED%% --word=8 --parity=no --stop=1" -DEFAULT_GRUB_CMDLINE_LINUX="console=tty0 console=ttyS%%CONSOLE_DEV%%,%%CONSOLE_SPEED%%n8 quiet" +DEFAULT_GRUB_SERIAL_COMMAND="serial --port=${CONSOLE_PORT} --speed=${CONSOLE_SPEED} --word=8 --parity=no --stop=1" +DEFAULT_GRUB_CMDLINE_LINUX="console=tty0 console=ttyS${CONSOLE_DEV},${CONSOLE_SPEED}n8 quiet" GRUB_SERIAL_COMMAND=${GRUB_SERIAL_COMMAND:-"$DEFAULT_GRUB_SERIAL_COMMAND"} GRUB_CMDLINE_LINUX=${GRUB_CMDLINE_LINUX:-"$DEFAULT_GRUB_CMDLINE_LINUX"} export GRUB_SERIAL_COMMAND @@ -460,7 +486,7 @@ menuentry '$demo_grub_entry' { insmod ext2 linux /boot/vmlinuz-3.16.0-4-amd64 root=$demo_dev rw $GRUB_CMDLINE_LINUX \ loop=$FILESYSTEM_SQUASHFS loopfstype=squashfs \ - apparmor=1 security=apparmor + apparmor=1 security=apparmor $ONIE_PLATFORM_EXTRA_CMDLINE_LINUX echo 'Loading $demo_volume_revision_label $demo_type initial ramdisk ...' initrd /boot/initrd.img-3.16.0-4-amd64 } @@ -474,3 +500,5 @@ mkdir -p $onie_initrd_tmp/$demo_mnt/grub cp $grub_cfg $onie_initrd_tmp/$demo_mnt/grub/grub.cfg cd / + +echo "Installed SONiC base image $demo_volume_revision_label successfully" diff --git a/onie-mk-demo.sh b/onie-mk-demo.sh index 3dd81b876fd6..992558e23f3a 100755 --- a/onie-mk-demo.sh +++ b/onie-mk-demo.sh @@ -39,11 +39,6 @@ fi exit 1 } -[ -n "$CONSOLE_SPEED" ] || { - echo "Error: Invalid CONSOLE_SPEED" - exit 1 -} - [ -r "$platform_conf" ] || { echo "Error: Unable to read installer platform configuration file: $platform_conf" exit 1 @@ -81,7 +76,7 @@ tmp_dir=$(mktemp --directory) tmp_installdir="$tmp_dir/installer" mkdir $tmp_installdir || clean_up 1 -cp $installer_dir/$arch/install.sh $tmp_installdir || clean_up 1 +cp $installer_dir/$arch/* $tmp_installdir || clean_up 1 cp onie-image.conf $tmp_installdir # Escape special chars in the user provide kernel cmdline string for use in @@ -92,10 +87,6 @@ EXTRA_CMDLINE_LINUX=`echo $EXTRA_CMDLINE_LINUX | sed -e 's/[\/&]/\\\&/g'` sed -i -e "s/%%DEMO_TYPE%%/$demo_type/g" \ -e "s/%%GIT_REVISION%%/$git_revision/g" \ -e "s/%%ONIE_IMAGE_PART_SIZE%%/$onie_image_part_size/" \ - -e "s/%%CONSOLE_SPEED%%/$CONSOLE_SPEED/g" \ - -e "s/%%CONSOLE_DEV%%/$CONSOLE_DEV/g" \ - -e "s/%%CONSOLE_FLAG%%/$CONSOLE_FLAG/g" \ - -e "s/%%CONSOLE_PORT%%/$CONSOLE_PORT/g" \ -e "s/%%EXTRA_CMDLINE_LINUX%%/$EXTRA_CMDLINE_LINUX/" \ $tmp_installdir/install.sh || clean_up 1 echo -n "."