Build GNMI test container sonic-net#112

Why I did it
Build GNMI test container, and we can get latest test container from azure pipeline.

How I did it
Update makefile and dockerfile, generate cert for GNMI.

How to verify it
Get docker-gnmi-test.gz from pipeline.
Create container with docker-gnmi-test.gz.

.azure-pipelines/azure-pipelines-build.yml

@@ -129,6 +129,9 @@ jobs:
               make $BUILD_OPTIONS ENABLE_ASAN=y target/docker-sonic-vs.gz
               mv target/docker-sonic-vs.gz target/docker-sonic-vs-asan.gz
             fi
+            if [ $(gnmi_test_container) == yes ]; then
+              make $BUILD_OPTIONS target/docker-gnmi-test.gz
+            fi
             make $BUILD_OPTIONS target/docker-sonic-vs.gz target/sonic-vs.img.gz target/docker-ptf.gz
             if [ $(Build.Reason) != 'PullRequest' ];then
               gzip -kd target/sonic-vs.img.gz

Makefile.work

@@ -478,6 +478,7 @@ SONIC_BUILD_INSTRUCTION :=  $(MAKE) \
                            DOCKER_LOCKFILE_SAVE=$(DOCKER_LOCKFILE_SAVE) \
                            SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD=$(SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD) \
                            SONIC_INCLUDE_SYSTEM_TELEMETRY=$(INCLUDE_SYSTEM_TELEMETRY) \
+                           SONIC_INCLUDE_GNMI_TEST=$(INCLUDE_GNMI_TEST) \
                            INCLUDE_DHCP_RELAY=$(INCLUDE_DHCP_RELAY) \
                            INCLUDE_MACSEC=$(INCLUDE_MACSEC) \
                            SONIC_INCLUDE_RESTAPI=$(INCLUDE_RESTAPI) \

azure-pipelines-bluefield.yml

@@ -40,6 +40,17 @@ variables:
   value: y
 
 stages:
+- stage: BuildVS
+  pool: sonicbld
+  jobs:
+  - template: .azure-pipelines/azure-pipelines-build.yml
+    parameters:
+      buildOptions: 'USERNAME=admin SONIC_BUILD_JOBS=$(nproc) BUILD_MULTIASIC_KVM=y ${{ variables.VERSION_CONTROL_OPTIONS }}'
+      jobGroups:
+      - name: vs
+        variables:
+          gnmi_test_container: yes
+
 - stage: Build
   dependsOn: []
   jobs:

dockers/docker-gnmi-test/Dockerfile.j2

@@ -0,0 +1,70 @@
+{% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %}
+FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}}
+
+ARG docker_container_name
+ARG image_version
+RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf
+
+## Make apt-get non-interactive
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Pass the image_version to container
+ENV IMAGE_VERSION=$image_version
+
+RUN apt-get update \
+ && apt-get install -y \
+      redis-server
+
+{% if docker_gnmi_test_debs.strip() -%}
+# Copy locally-built Debian package dependencies
+{{ copy_files("debs/", docker_gnmi_test_debs.split(' '), "/debs/") }}
+
+# Install locally-built Debian packages and implicitly install their dependencies
+{{ install_debian_packages(docker_gnmi_test_debs.split(' ')) }}
+{%- endif %}
+
+RUN apt-get clean -y      && \
+    apt-get autoclean -   && \
+    apt-get autoremove -y && \
+    rm -rf /debs
+
+RUN mkdir -p /etc/sonic
+
+# Adjust redis configurations
+RUN sed -ri 's/^# unixsocket/unixsocket/' /etc/redis/redis.conf
+RUN sed -ri 's/^unixsocketperm .../unixsocketperm 777/' /etc/redis/redis.conf
+RUN sed -ri 's/redis-server.sock/redis.sock/' /etc/redis/redis.conf
+
+COPY gnmi_cmd.sh /root/
+COPY dash_example.sh /root/
+
+COPY supervisor.conf /etc/supervisor/conf.d/
+COPY gnmi.conf /etc/supervisor/conf.d/
+
+COPY start.sh /usr/bin
+RUN chmod +x /usr/bin/start.sh
+
+COPY dsmsroot.conf /root/
+COPY server.conf /root/
+COPY client.conf /root/
+
+# Create Root key and cert
+RUN openssl genrsa -out /root/dsmsroot.key 2048
+RUN openssl req -new -sha256 -out /root/dsmsroot.csr -key /root/dsmsroot.key -config /root/dsmsroot.conf -batch
+RUN openssl x509 -req -days 3650 -in /root/dsmsroot.csr -signkey /root/dsmsroot.key -out /root/dsmsroot.cer
+
+# Create server key and cert
+RUN openssl genrsa -out /root/gnmiserver.key 2048
+RUN openssl req -new -sha256 -out /root/gnmiserver.csr -key /root/gnmiserver.key -config /root/server.conf -batch
+RUN openssl x509 -req -days 3650 -CA /root/dsmsroot.cer -CAkey /root/dsmsroot.key -CAcreateserial -in /root/gnmiserver.csr -out /root/gnmiserver.cer -extensions req_ext -extfile /root/server.conf
+
+# Create client key and cert
+RUN openssl genrsa -out /root/gnmiclient.key 2048
+RUN openssl req -new -sha256 -out /root/gnmiclient.csr -key /root/gnmiclient.key -config /root/client.conf -batch
+RUN openssl x509 -req -days 3650 -CA /root/dsmsroot.cer -CAkey /root/dsmsroot.key -CAcreateserial -in /root/gnmiclient.csr -out /root/gnmiclient.cer -extensions req_ext -extfile /root/client.conf
+
+RUN cp /root/dsmsroot.cer /etc/sonic/
+RUN cp /root/gnmiserver.cer /etc/sonic/
+RUN cp /root/gnmiserver.key /etc/sonic/
+
+ENTRYPOINT ["/usr/local/bin/supervisord"]

dockers/docker-gnmi-test/client.conf

@@ -0,0 +1,21 @@
+[ req ]
+default_bits       = 2048
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+countryName                 = Country Name (2 letter code)
+countryName_default         = US
+stateOrProvinceName         = State or Province Name (full name)
+stateOrProvinceName_default = CA
+localityName                = Locality Name (eg, city)
+localityName_default        = CA
+organizationName            = Organization Name (eg, company)
+organizationName_default    = Microsoft
+commonName                  = CommonName (e.g. server FQDN or YOUR name)
+commonName_max              = 64
+commonName_default          = test.gnmi.sonic
+[ req_ext ]
+subjectAltName = @alt_names
+[alt_names]
+DNS.1   = hostname.com
+IP      = 127.0.0.1

dockers/docker-gnmi-test/dash_example.sh

@@ -0,0 +1,97 @@
+#!/bin/bash
+
+# GNMI set DASH_VNET
+echo "{\"Vnet1\": {\"vni\": \"45654\", \"guid\": \"559c6ce8-26ab-4193-b946-ccc6e8f930b2\"}}" > ./vnet.txt
+gnmi_set \
+  -update /sonic-db:APPL_DB/DASH_VNET:@./vnet.txt \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI get DASH_VNET
+gnmi_get \
+  -xpath /sonic-db:APPL_DB/_DASH_VNET \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI set DASH_ENI
+echo "{\"F4939FEFC47E\": {\"eni_id\": \"497f23d7-f0ac-4c99-a98f-59b470e8c7bd\", \"mac_address\": \"F4939FEFC47E\", \"underlay_ip\": \"25.1.1.1\", \"admin_state\": \"enabled\", \"vnet\": \"Vnet1\"}}" > ./eni.txt
+gnmi_set \
+  -update /sonic-db:APPL_DB/DASH_ENI:@./eni.txt \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI get DASH_ENI
+gnmi_get \
+  -xpath /sonic-db:APPL_DB/_DASH_ENI \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI set DASH_ROUTING_TYPE
+echo "{\"vnet\": {\"name\": \"action1\", \"action_type\": \"maprouting\"}, \"vnet_direct\": {\"name\": \"action1\", \"action_type\": \"maprouting\"}, \"vnet_encap\": {\"name\": \"action1\", \"action_type\": \"staticencap\", \"encap_type\": \"vxlan\"}}" > ./routing_type.txt
+gnmi_set \
+  -update /sonic-db:APPL_DB/DASH_ROUTING_TYPE:@./routing_type.txt \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI get DASH_ROUTING_TYPE
+gnmi_get \
+  -xpath /sonic-db:APPL_DB/_DASH_ROUTING_TYPE \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI set DASH_ROUTE_TABLE
+echo "{\"F4939FEFC47E:10.1.0.0/16\": {\"action_type\": \"vnet\", \"vnet\": \"Vnet1\"}, \"F4939FEFC47E:10.1.0.0/24\": {\"action_type\": \"vnet_direct\", \"vnet\": \"Vnet1\", \"overlay_ip\": \"10.0.0.6\"}, \"F4939FEFC47E:10.2.5.0/24\": {\"action_type\": \"drop\"}}" > ./routing_type.txt
+gnmi_set \
+  -update /sonic-db:APPL_DB/DASH_ROUTE_TABLE:@./routing_type.txt \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI get DASH_ROUTE_TABLE
+gnmi_get \
+  -xpath /sonic-db:APPL_DB/_DASH_ROUTE_TABLE \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI set DASH_VNET_MAPPING_TABLE
+echo "{\"Vnet1:10.0.0.6\": {\"routing_type\": \"vnet_encap\", \"underlay_ip\": \"2601:12:7a:1::1234\", \"mac_address\": \"F922839922A2\"}, \"Vnet1:10.0.0.5\": {\"routing_type\": \"vnet_encap\", \"underlay_ip\": \"100.1.2.3\", \"mac_address\": \"F922839922A2\"}, \"Vnet1:10.1.1.1\": {\"routing_type\": \"vnet_encap\", \"underlay_ip\": \"101.1.2.3\", \"mac_address\": \"F922839922A2\"}}" > ./vnet_mapping_table.txt
+gnmi_set \
+  -update /sonic-db:APPL_DB/DASH_VNET_MAPPING_TABLE:@./vnet_mapping_table.txt \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI get DASH_VNET_MAPPING_TABLE
+gnmi_get \
+  -xpath /sonic-db:APPL_DB/_DASH_VNET_MAPPING_TABLE \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+

dockers/docker-gnmi-test/dsmsroot.conf

@@ -0,0 +1,16 @@
+[ req ]
+default_bits       = 2048
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+countryName                 = Country Name (2 letter code)
+countryName_default         = US
+stateOrProvinceName         = State or Province Name (full name)
+stateOrProvinceName_default = CA
+localityName                = Locality Name (eg, city)
+localityName_default        = CA
+organizationName            = Organization Name (eg, company)
+organizationName_default    = Microsoft
+commonName                  = CommonName (e.g. server FQDN or YOUR name)
+commonName_max              = 64
+commonName_default          = test.gnmi.sonic

dockers/docker-gnmi-test/gnmi.conf

@@ -0,0 +1,15 @@
+[program:gnmi]
+command=/usr/sbin/telemetry -logtostderr --server_crt /etc/sonic/gnmiserver.cer --server_key /etc/sonic/gnmiserver.key --ca_crt /etc/sonic/dsmsroot.cer --port 8080 -gnmi_native_write=1 -v=10
+priority=1
+autostart=false
+autorestart=false
+stdout_logfile=/tmp/gnmi.out.log
+stderr_logfile=/tmp/gnmi.err.log
+
+[program:start.sh]
+command=/usr/bin/start.sh
+priority=1
+autostart=true
+autorestart=false
+stdout_logfile=/tmp/start.out.log
+stderr_logfile=/tmp/start.err.log

dockers/docker-gnmi-test/gnmi_cmd.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# GNMI capabilities
+gnmi_cli -client_types=gnmi -a 127.0.0.1:8080 -logtostderr -capabilities -client_crt /root/gnmiclient.cer -client_key /root/gnmiclient.key -ca_crt /root/dsmsroot.cer
+
+# GNMI set update
+echo "{\"qos_01\": {\"bw\": \"54321\", \"cps\": \"1000\", \"flows\": \"300\"}}" > ./update.txt
+gnmi_set \
+  -update /sonic-db:APPL_DB/DASH_QOS:@./update.txt \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI get
+gnmi_get \
+  -xpath /sonic-db:APPL_DB/_DASH_QOS \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI set delete
+gnmi_set \
+  -delete /sonic-db:APPL_DB/DASH_QOS/qos_01 \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED
+
+# GNMI get
+gnmi_get \
+  -xpath /sonic-db:APPL_DB/_DASH_QOS \
+  -cert /root/gnmiclient.cer -key /root/gnmiclient.key -ca /root/dsmsroot.cer \
+  -username admin -password sonicadmin \
+  -target_addr 127.0.0.1:8080 \
+  -alsologtostderr \
+  -xpath_target MIXED

dockers/docker-gnmi-test/server.conf

@@ -0,0 +1,21 @@
+[ req ]
+default_bits       = 2048
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+countryName                 = Country Name (2 letter code)
+countryName_default         = US
+stateOrProvinceName         = State or Province Name (full name)
+stateOrProvinceName_default = CA
+localityName                = Locality Name (eg, city)
+localityName_default        = CA
+organizationName            = Organization Name (eg, company)
+organizationName_default    = Microsoft
+commonName                  = CommonName (e.g. server FQDN or YOUR name)
+commonName_max              = 64
+commonName_default          = test.gnmi.sonic
+[ req_ext ]
+subjectAltName = @alt_names
+[alt_names]
+DNS.1   = hostname.com
+IP      = 127.0.0.1

dockers/docker-gnmi-test/start.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+service redis-server start
+supervisorctl start gnmi

dockers/docker-gnmi-test/supervisor.conf

@@ -0,0 +1,4 @@
+[supervisord]
+logfile_maxbytes=1MB
+logfile_backups=2
+nodaemon=true

rules/config

@@ -125,6 +125,9 @@ DEFAULT_VS_PREPARE_MEM = yes
 # INCLUDE_SYSTEM_TELEMETRY - build docker-sonic-telemetry for system telemetry support
 INCLUDE_SYSTEM_TELEMETRY = y
 
+# INCLUDE_GNMI_TEST - build docker-gnmi-test for gnmi test container
+INCLUDE_GNMI_TEST = y
+
 # INCLUDE_ICCPD - build docker-iccpd for mclag support
 INCLUDE_ICCPD = n
 

rules/docker-gnmi-test.dep

@@ -0,0 +1,11 @@
+
+DPATH       := $($(DOCKER_GNMI_TEST)_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/docker-gnmi-test.mk rules/docker-gnmi-test.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(DPATH))
+
+$(DOCKER_GNMI_TEST)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(DOCKER_GNMI_TEST)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(DOCKER_GNMI_TEST)_DEP_FILES   := $(DEP_FILES)
+
+$(eval $(call add_dbg_docker,$(DOCKER_GNMI_TEST),$(DOCKER_GNMI_TEST_DBG)))

rules/docker-gnmi-test.mk

@@ -0,0 +1,32 @@
+# docker image for gnmi test container
+
+DOCKER_GNMI_TEST_STEM = docker-gnmi-test
+DOCKER_GNMI_TEST = $(DOCKER_GNMI_TEST_STEM).gz
+DOCKER_GNMI_TEST_DBG = $(DOCKER_GNMI_TEST_STEM)-$(DBG_IMAGE_MARK).gz
+
+$(DOCKER_GNMI_TEST)_PATH = $(DOCKERS_PATH)/$(DOCKER_GNMI_TEST_STEM)
+
+$(DOCKER_GNMI_TEST)_DEPENDS += $(SONIC_MGMT_COMMON)
+$(DOCKER_GNMI_TEST)_DEPENDS += $(SONIC_TELEMETRY)
+$(DOCKER_GNMI_TEST)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_DEPENDS)
+
+$(DOCKER_GNMI_TEST)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE_BULLSEYE)
+
+$(DOCKER_GNMI_TEST)_VERSION = 1.0.0
+$(DOCKER_GNMI_TEST)_PACKAGE_NAME = gnmi-test
+
+$(DOCKER_GNMI_TEST)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_IMAGE_PACKAGES)
+
+ifeq ($(INCLUDE_GNMI_TEST), y)
+SONIC_DOCKER_IMAGES += $(DOCKER_GNMI_TEST)
+SONIC_DOCKER_DBG_IMAGES += $(DOCKER_GNMI_TEST_DBG)
+endif
+
+
+$(DOCKER_GNMI_TEST)_CONTAINER_NAME = gnmi-test
+$(DOCKER_GNMI_TEST)_RUN_OPT += --privileged -t
+$(DOCKER_GNMI_TEST)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
+$(DOCKER_GNMI_TEST)_RUN_OPT += -v /usr/share/sonic/scripts:/usr/share/sonic/scripts:ro
+$(DOCKER_GNMI_TEST)_RUN_OPT += -v /var/run/dbus:/var/run/dbus:rw
+
+$(DOCKER_GNMI_TEST)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)