From 561d4731e95660383dbefad1e0cf6eedd4738003 Mon Sep 17 00:00:00 2001 From: Chris Sommers Date: Fri, 19 Aug 2022 16:08:57 -0700 Subject: [PATCH 1/7] Incremental work on docker permissions fixes. --- dash-pipeline/Makefile | 61 ++++++++++++------- dash-pipeline/SAI/generate_dash_api.sh | 2 +- dash-pipeline/dockerfiles/Dockerfile.p4c-bmv2 | 13 ++++ 3 files changed, 54 insertions(+), 22 deletions(-) diff --git a/dash-pipeline/Makefile b/dash-pipeline/Makefile index e36de932f..58be7e385 100644 --- a/dash-pipeline/Makefile +++ b/dash-pipeline/Makefile @@ -9,7 +9,7 @@ run-saithrift-client-dev-tests: run-saithrift-dev-ptftests run-saithrift-dev-pyt .PHONY:clean clean: fix-perms kill-all p4-clean sai-clean test-clean network-clean saithrift-server-clean - rm -rf bmv2/dash_pipeline.bmv2 + rm -rf $(P4_OUTDIR) kill-all: kill-saithrift-server kill-switch undeploy-ixiac @@ -17,9 +17,14 @@ kill-all: kill-saithrift-server kill-switch undeploy-ixiac .PHONY: fix-perms fix-perms: @echo "### Applying Fix permissions workaround..." - sudo chmod -R o+rw SAI/ bmv2/ tests/ + #sudo chmod -R o+rw SAI/ bmv2/ tests/ PWD := $(shell pwd) +DASHUSER ?=dashuser +DASHGROUP ?=dashusers +DASHUID ?=4321 +DASHGUID?=4321 +DASHHOST?=dash # Default Docker images, override from env var @@ -27,7 +32,7 @@ PWD := $(shell pwd) DOCKER_GRPC_IMG ?=chrissommers/dash-grpc:1.43.2 # Slimmed-down version bmv2 backend only 632MB - works: -DOCKER_P4C_BMV2_IMG ?=chrissommers/dash-p4c-bmv2:220701 +DOCKER_P4C_BMV2_IMG ?=chrissommers/dash-p4c-bmv2:220819 # Builds sai-P4rt clients to run inside bmvs process DOCKER_BMV2_BLDR_IMG ?=chrissommers/dash-bmv2-bldr:220630 @@ -70,24 +75,26 @@ sai-submodule: # P4 Source code compile TARGETS ###################################### -P4_ARTIFACTS=bmv2/dash_pipeline.bmv2/dash_pipeline.json bmv2/dash_pipeline.bmv2/dash_pipeline_p4rt.txt +P4_SRC=$(wildcard bmv2/*.p4) +P4_MAIN=bmv2/dash_pipeline.p4 +P4_OUTDIR=bmv2/dash_pipeline.bmv2 -p4: fix-perms bmv2/dash_pipeline.bmv2/dash_pipeline.json +P4_ARTIFACTS=$(P4_OUTDIR)/dash_pipeline.json $(P4_OUTDIR)/dash_pipeline_p4rt.txt + +p4: fix-perms $(P4_OUTDIR)/dash_pipeline.json .PHONY:p4-clean p4-clean: - -rm -rf bmv2/dash_pipeline.bmv2 - -P4_SRC=$(wildcard bmv2/*.p4) -P4_MAIN=bmv2/dash_pipeline.p4 -P4_OUTDIR=bmv2/dash_pipeline.bmv2 + -rm -rf $(P4_OUTDIR) # Compile P4 into bmv2 .json fle and P4info for SAI header autogeneration $(P4_ARTIFACTS): $(P4_SRC) @echo "Compile P4 program $(P4_MAIN) ..." mkdir -p $(P4_OUTDIR) && \ + chmod o+w $(P4_OUTDIR) && \ docker run \ --rm \ --name dash-p4c-$(USER) \ + -u $(DASHUSER) \ $(DOCKER_FLAGS) \ -v $(PWD)/bmv2:/bmv2 \ -w / \ @@ -118,14 +125,14 @@ sai: fix-perms sai-clean sai-headers sai-meta libsai sai-headers: fix-perms p4 | SAI/SAI @echo "Generate SAI library headers and implementation..." - mkdir -p SAI/lib + mkdir -p SAI/lib && chmod -R o+w SAI && \ $(DOCKER_RUN) \ $(DOCKER_FLAGS) \ --name build_sai-$(USER) \ -w /SAI $(DOCKER_SAITHRIFT_BLDR_IMG) \ ./generate_dash_api.sh # Fixup perms from generate_dash_api using sudo to call python,so subsequent scripts can access - sudo chmod -R a+rw $(PWD)/SAI/SAI + #sudo chmod -R a+rw $(PWD)/SAI/SAI sai-meta: fix-perms @echo "Generate SAI metadata..." @@ -140,7 +147,7 @@ sai-meta: fix-perms -v $(PWD)/..:/dash -w /dash/dash-pipeline/SAI/SAI/meta \ $(DOCKER_SAITHRIFT_BLDR_IMG) \ make - sudo chmod -R o+rw SAI/ + #sudo chmod -R o+rw SAI/ # TODO - add SAI header dependencies libsai: fix-perms @@ -153,7 +160,7 @@ libsai: fix-perms make libsai-clean: fix-perms - -rm -rf SAI/lib/libsai.so + -rm -rf SAI/lib/* .PHONY:sai-clean sai-clean: fix-perms SAI/SAI libsai-clean @@ -176,8 +183,8 @@ run-switch: network $(DOCKER_RUN) \ --name simple_switch-$(USER) \ -u root \ - -v $(PWD)/bmv2/dash_pipeline.bmv2/dash_pipeline.json:/etc/dash/dash_pipeline.json \ - -v $(PWD)/bmv2/dash_pipeline.bmv2/dash_pipeline_p4rt.txt:/etc/dash/dash_pipeline_p4rt.txt \ + -v $(PWD)/$(P4_OUTDIR)/dash_pipeline.json:/etc/dash/dash_pipeline.json \ + -v $(PWD)/$(P4_OUTDIR)/dash_pipeline_p4rt.txt:/etc/dash/dash_pipeline_p4rt.txt \ $(DOCKER_BMV2_RUN_IMG) \ env LD_LIBRARY_PATH=/usr/local/lib \ simple_switch_grpc \ @@ -204,8 +211,8 @@ DOCKER_RUN_SAITHRIFT_SRVR =\ $(DOCKER_FLAGS) \ --net=host \ --name dash-saithrift-server-$(USER) \ - -v $(PWD)/bmv2/dash_pipeline.bmv2/dash_pipeline.json:/etc/dash/dash_pipeline.json \ - -v $(PWD)/bmv2/dash_pipeline.bmv2/dash_pipeline_p4rt.txt:/etc/dash/dash_pipeline_p4rt.txt \ + -v $(PWD)/$(P4_OUTDIR)/dash_pipeline.json:/etc/dash/dash_pipeline.json \ + -v $(PWD)/$(P4_OUTDIR)/dash_pipeline_p4rt.txt:/etc/dash/dash_pipeline_p4rt.txt \ -v $(PWD)/SAI:/SAI \ -v $(PWD)/SAI/SAI/meta:/meta \ -w /SAI/rpc/usr/sbin \ @@ -394,13 +401,25 @@ run-saithrift-client-bash: ############################### +# docker-dash-p4c: +# docker build \ +# -f dockerfiles/Dockerfile.p4c-bmv2 \ +# -t $(DOCKER_P4C_BMV2_IMG) \ +# --build-arg user=$(USER) \ +# --build-arg uid=$(shell id -u) \ +# --build-arg guid=$(shell id -g) \ +# --build-arg hostname=$(shell echo $$HOSTNAME) \ +# --build-arg available_processors=$(shell nproc) \ +# dockerfiles + docker-dash-p4c: docker build \ -f dockerfiles/Dockerfile.p4c-bmv2 \ -t $(DOCKER_P4C_BMV2_IMG) \ - --build-arg user=$(USER) \ - --build-arg uid=$(shell id -u) \ - --build-arg guid=$(shell id -g) \ + --build-arg user=$(DASHUSER) \ + --build-arg group=$(DASHGROUP) \ + --build-arg uid=$(DASHUID) \ + --build-arg guid=$(DASHGUID) \ --build-arg hostname=$(shell echo $$HOSTNAME) \ --build-arg available_processors=$(shell nproc) \ dockerfiles diff --git a/dash-pipeline/SAI/generate_dash_api.sh b/dash-pipeline/SAI/generate_dash_api.sh index 60b6c3566..e5e946e7e 100755 --- a/dash-pipeline/SAI/generate_dash_api.sh +++ b/dash-pipeline/SAI/generate_dash_api.sh @@ -1,5 +1,5 @@ #!/bin/bash -sudo ./sai_api_gen.py \ +./sai_api_gen.py \ /bmv2/dash_pipeline.bmv2/dash_pipeline_p4rt.json \ --ignore-tables=appliance,eni_meter,slb_decap \ dash \ No newline at end of file diff --git a/dash-pipeline/dockerfiles/Dockerfile.p4c-bmv2 b/dash-pipeline/dockerfiles/Dockerfile.p4c-bmv2 index 729d34ff6..ebfe5970a 100644 --- a/dash-pipeline/dockerfiles/Dockerfile.p4c-bmv2 +++ b/dash-pipeline/dockerfiles/Dockerfile.p4c-bmv2 @@ -45,6 +45,19 @@ COPY --from=p4lang-p4c \ /usr/local/bin/p4c-bm2-ss \ /usr/local/bin/ + +ARG user +ARG uid +ARG group +ARG guid +ARG hostname + +ENV BUILD_HOSTNAME $hostname +ENV USER $user + +RUN groupadd -f -r -g $guid $group + +RUN useradd $user -l -u $uid -g $guid -d /var/$user -m -s /bin/bash CMD bash # # Alternate approach - selective remove backends etc. From 64b18e4d826da3bc5fd93eeac000cea7ec70922d Mon Sep 17 00:00:00 2001 From: Chris Sommers Date: Fri, 19 Aug 2022 18:32:30 -0700 Subject: [PATCH 2/7] More progress on docker and make permissions issues. --- dash-pipeline/Makefile | 71 ++++++++++--------- dash-pipeline/SAI/saithrift/Makefile | 2 + .../dockerfiles/Dockerfile.bmv2-bldr | 3 +- .../dockerfiles/Dockerfile.saithrift-bldr | 5 +- .../Dockerfile.saithrift-client-bldr | 3 +- 5 files changed, 47 insertions(+), 37 deletions(-) diff --git a/dash-pipeline/Makefile b/dash-pipeline/Makefile index 58be7e385..2f64e603c 100644 --- a/dash-pipeline/Makefile +++ b/dash-pipeline/Makefile @@ -20,11 +20,11 @@ fix-perms: #sudo chmod -R o+rw SAI/ bmv2/ tests/ PWD := $(shell pwd) -DASHUSER ?=dashuser -DASHGROUP ?=dashusers -DASHUID ?=4321 -DASHGUID?=4321 -DASHHOST?=dash +DASH_USER ?=dashuser +DASH_GROUP ?=dashusers +DASH_UID ?=4321 +DASH_GUID?=4321 +DASH_HOST?=dash # Default Docker images, override from env var @@ -32,19 +32,19 @@ DASHHOST?=dash DOCKER_GRPC_IMG ?=chrissommers/dash-grpc:1.43.2 # Slimmed-down version bmv2 backend only 632MB - works: -DOCKER_P4C_BMV2_IMG ?=chrissommers/dash-p4c-bmv2:220819 +DOCKER_P4C_BMV2_IMG ?=chrissommers/dash-p4c-bmv2:220819a -# Builds sai-P4rt clients to run inside bmvs process -DOCKER_BMV2_BLDR_IMG ?=chrissommers/dash-bmv2-bldr:220630 +# Builds SAI-P4RT clients to run inside bmv2 process +DOCKER_BMV2_BLDR_IMG ?=chrissommers/dash-bmv2-bldr:220819 # Runs bmv2 process - consider slimmer if don't need sai/p4rt clients inside DOCKER_BMV2_RUN_IMG ?=$(DOCKER_BMV2_BLDR_IMG) # Compiles sai headers, libsai, saithrift server & client/server libs -DOCKER_SAITHRIFT_BLDR_IMG ?=chrissommers/dash-saithrift-bldr:220719 +DOCKER_SAITHRIFT_BLDR_IMG ?=chrissommers/dash-saithrift-bldr:220819 # Base image with test frameworks, DASH client libs not installed -DOCKER_SAITHRIFT_CLIENT_BLDR_IMG ?=chrissommers/dash-saithrift-client-bldr:220723 +DOCKER_SAITHRIFT_CLIENT_BLDR_IMG ?=chrissommers/dash-saithrift-client-bldr:220819 # Client image built locally with saithrift client libs + PTF & Pytest frameworks # TODO: consider some other tagging scheme @@ -94,7 +94,7 @@ $(P4_ARTIFACTS): $(P4_SRC) docker run \ --rm \ --name dash-p4c-$(USER) \ - -u $(DASHUSER) \ + -u $(DASH_USER) \ $(DOCKER_FLAGS) \ -v $(PWD)/bmv2:/bmv2 \ -w / \ @@ -163,7 +163,7 @@ libsai-clean: fix-perms -rm -rf SAI/lib/* .PHONY:sai-clean -sai-clean: fix-perms SAI/SAI libsai-clean +sai-clean: fix-perms SAI/SAI libsai-clean saithrift-server-clean @echo "Restoring SAI subdirectories to baseline..." rm -rf SAI/SAI/inc SAI/SAI/experimental SAI/SAI/meta cd SAI/SAI && git checkout -- inc experimental meta @@ -233,6 +233,7 @@ run-saithrift-server-bash: saithrift-server-clean: $(DOCKER_RUN_SAITHRIFT_BLDR) \ make $@ + rm -rf SAI/rpc ############################### # SAI TEST TARGETS @@ -293,10 +294,11 @@ docker-bmv2-bldr: docker build \ -f dockerfiles/Dockerfile.bmv2-bldr \ -t $(DOCKER_BMV2_BLDR_IMG) \ - --build-arg user=$(USER) \ - --build-arg uid=$(shell id -u) \ - --build-arg guid=$(shell id -g) \ - --build-arg hostname=$(shell echo $$HOSTNAME) \ + --build-arg user=$(DASH_USER) \ + --build-arg group=$(DASH_GROUP) \ + --build-arg uid=$(DASH_UID) \ + --build-arg guid=$(DASH_GUID) \ + --build-arg hostname=$(DASH_HOST) \ --build-arg available_processors=$(shell nproc) \ dockerfiles @@ -310,10 +312,11 @@ docker-saithrift-bldr: docker build \ -f dockerfiles/Dockerfile.saithrift-bldr \ -t $(DOCKER_SAITHRIFT_BLDR_IMG) \ - --build-arg user=$(USER) \ - --build-arg uid=$(shell id -u) \ - --build-arg guid=$(shell id -g) \ - --build-arg hostname=$(shell echo $$HOSTNAME) \ + --build-arg user=$(DASH_USER) \ + --build-arg group=$(DASH_GROUP) \ + --build-arg uid=$(DASH_UID) \ + --build-arg guid=$(DASH_GUID) \ + --build-arg hostname=$(DASH_HOST) \ --build-arg available_processors=$(shell nproc) \ dockerfiles @@ -329,10 +332,11 @@ docker-saithrift-client-bldr: docker build \ -f dockerfiles/Dockerfile.saithrift-client-bldr \ -t $(DOCKER_SAITHRIFT_CLIENT_BLDR_IMG) \ - --build-arg user=$(USER) \ - --build-arg uid=$(shell id -u) \ - --build-arg guid=$(shell id -g) \ - --build-arg hostname=$(shell echo $$HOSTNAME) \ + --build-arg user=$(DASH_USER) \ + --build-arg group=$(DASH_GROUP) \ + --build-arg uid=$(DASH_UID) \ + --build-arg guid=$(DASH_GUID) \ + --build-arg hostname=$(DASH_HOST) \ --build-arg available_processors=$(shell nproc) \ ./tests @@ -416,11 +420,11 @@ docker-dash-p4c: docker build \ -f dockerfiles/Dockerfile.p4c-bmv2 \ -t $(DOCKER_P4C_BMV2_IMG) \ - --build-arg user=$(DASHUSER) \ - --build-arg group=$(DASHGROUP) \ - --build-arg uid=$(DASHUID) \ - --build-arg guid=$(DASHGUID) \ - --build-arg hostname=$(shell echo $$HOSTNAME) \ + --build-arg user=$(DASH_USER) \ + --build-arg group=$(DASH_GROUP) \ + --build-arg uid=$(DASH_UID) \ + --build-arg guid=$(DASH_GUID) \ + --build-arg hostname=$(DASH_HOST) \ --build-arg available_processors=$(shell nproc) \ dockerfiles @@ -435,10 +439,11 @@ docker-dash-grpc: docker build \ -f dockerfiles/Dockerfile.grpc1.43.2 \ -t $(DOCKER_GRPC_IMG) \ - --build-arg user=$(USER) \ - --build-arg uid=$(shell id -u) \ - --build-arg guid=$(shell id -g) \ - --build-arg hostname=$(shell echo $$HOSTNAME) \ + --build-arg user=$(DASH_USER) \ + --build-arg group=$(DASH_GROUP) \ + --build-arg uid=$(DASH_UID) \ + --build-arg guid=$(DASH_GUID) \ + --build-arg hostname=$(DASH_HOST) \ --build-arg available_processors=$(shell nproc) \ dockerfiles diff --git a/dash-pipeline/SAI/saithrift/Makefile b/dash-pipeline/SAI/saithrift/Makefile index 936d380fc..aa26e59dd 100644 --- a/dash-pipeline/SAI/saithrift/Makefile +++ b/dash-pipeline/SAI/saithrift/Makefile @@ -41,6 +41,7 @@ saithrift-server: sudo cp $(LIB)/libsai.so /usr/lib @echo "Build SAI thrift server and libraries..." + mkdir -p $(RPC_INST_DIR) && chmod a+w $(RPC_INST_DIR) cd $(SAI) && export SAITHRIFTV2=y && \ export GEN_SAIRPC_OPTS="-ve" && \ @@ -57,6 +58,7 @@ saithrift-server: # Copy thrift libs from builder image onto host cp /usr/lib/libthrift*so* /usr/lib/thrift-0.11.0.tar.gz $(RPC_INST_DIR) + chmod -R a+w $(META)/generated $(META)/html $(META)/xml $(RPC_INST_DIR) saithrift-server-clean: cd $(SAI) && export SAITHRIFTV2=y && make clean diff --git a/dash-pipeline/dockerfiles/Dockerfile.bmv2-bldr b/dash-pipeline/dockerfiles/Dockerfile.bmv2-bldr index 93c8b1c1e..7dc0e64d1 100644 --- a/dash-pipeline/dockerfiles/Dockerfile.bmv2-bldr +++ b/dash-pipeline/dockerfiles/Dockerfile.bmv2-bldr @@ -63,13 +63,14 @@ COPY --from=grpc /usr/local/lib/lib*grpc*.so* \ ARG user ARG uid +ARG group ARG guid ARG hostname ENV BUILD_HOSTNAME $hostname ENV USER $user -RUN groupadd -f -r -g $guid g$user +RUN groupadd -f -r -g $guid $group RUN useradd $user -l -u $uid -g $guid -d /var/$user -m -s /bin/bash diff --git a/dash-pipeline/dockerfiles/Dockerfile.saithrift-bldr b/dash-pipeline/dockerfiles/Dockerfile.saithrift-bldr index 3bee87e89..3596f2521 100644 --- a/dash-pipeline/dockerfiles/Dockerfile.saithrift-bldr +++ b/dash-pipeline/dockerfiles/Dockerfile.saithrift-bldr @@ -1,6 +1,6 @@ FROM chrissommers/dash-grpc:1.43.2 as grpc -FROM chrissommers/dash-bmv2-bldr:220630 as bmv2 +FROM chrissommers/dash-bmv2-bldr:220819 as bmv2 # amd64/ubuntu:20.04 on 2022-07-03 FROM amd64/ubuntu@sha256:b2339eee806d44d6a8adc0a790f824fb71f03366dd754d400316ae5a7e3ece3e as builder LABEL maintainer="SONiC-DASH Community " @@ -77,13 +77,14 @@ WORKDIR / ARG user ARG uid +ARG group ARG guid ARG hostname ENV BUILD_HOSTNAME $hostname ENV USER $user -RUN groupadd -f -r -g $guid g$user +RUN groupadd -f -r -g $guid $group RUN useradd $user -l -u $uid -g $guid -d /var/$user -m -s /bin/bash diff --git a/dash-pipeline/dockerfiles/Dockerfile.saithrift-client-bldr b/dash-pipeline/dockerfiles/Dockerfile.saithrift-client-bldr index c639f9352..b192a88a1 100644 --- a/dash-pipeline/dockerfiles/Dockerfile.saithrift-client-bldr +++ b/dash-pipeline/dockerfiles/Dockerfile.saithrift-client-bldr @@ -20,13 +20,14 @@ WORKDIR / ARG user ARG uid +ARG group ARG guid ARG hostname ENV BUILD_HOSTNAME $hostname ENV USER $user -RUN groupadd -f -r -g $guid g$user +RUN groupadd -f -r -g $guid $group RUN useradd $user -l -u $uid -g $guid -d /var/$user -m -s /bin/bash From 80308140979e71f56ad794b56b3f189d54cc766c Mon Sep 17 00:00:00 2001 From: Chris Sommers Date: Fri, 19 Aug 2022 18:56:13 -0700 Subject: [PATCH 3/7] Trial remove -u root from CI file. --- .github/workflows/dash-bmv2-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dash-bmv2-ci.yml b/.github/workflows/dash-bmv2-ci.yml index d951ab851..b9b244de6 100644 --- a/.github/workflows/dash-bmv2-ci.yml +++ b/.github/workflows/dash-bmv2-ci.yml @@ -40,8 +40,8 @@ jobs: name: Build and Test DASH Pipeline runs-on: ubuntu-20.04 env: - docker_fg_flags: -u root --privileged - docker_bg_flags: -d -u root --privileged + docker_fg_flags: --privileged + docker_bg_flags: -d --privileged defaults: run: working-directory: ./dash-pipeline From 3b0a6ccb625682c9716820a31aeb082cdc2ff814 Mon Sep 17 00:00:00 2001 From: Chris Sommers Date: Fri, 19 Aug 2022 20:44:26 -0700 Subject: [PATCH 4/7] Makefile and CI file perms --- .github/workflows/dash-bmv2-ci.yml | 4 ++-- dash-pipeline/Makefile | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dash-bmv2-ci.yml b/.github/workflows/dash-bmv2-ci.yml index b9b244de6..292b73bb5 100644 --- a/.github/workflows/dash-bmv2-ci.yml +++ b/.github/workflows/dash-bmv2-ci.yml @@ -76,9 +76,9 @@ jobs: - name: Run saithrift server run: DOCKER_FLAGS=$docker_bg_flags make run-saithrift-server - name: Run PTF Tests - run: DOCKER_FLAGS=$docker_fg_flags make run-saithrift-ptftests + run: DOCKER_FLAGS=$docker_fg_flags -u root make run-saithrift-ptftests - name: Deploy ixia-c Traffic Generator run: DOCKER_FLAGS=$docker_fg_flags make deploy-ixiac - name: Run Pytests - run: DOCKER_FLAGS=$docker_fg_flags make run-saithrift-pytests + run: DOCKER_FLAGS=$docker_fg_flags -u root make run-saithrift-pytests diff --git a/dash-pipeline/Makefile b/dash-pipeline/Makefile index 2f64e603c..021ee9628 100644 --- a/dash-pipeline/Makefile +++ b/dash-pipeline/Makefile @@ -248,6 +248,7 @@ test-clean: .PHONY:libsai-test libsai-test:SAI/SAI SAI/lib/libsai.so + chmod -R a+w tests/libsai $(DOCKER_RUN) \ --name dash-build-test-$(USER) \ -w /tests/libsai $(DOCKER_BMV2_BLDR_IMG) \ From c78b95a8a3efd3f2108414e3ea0c932920fc866b Mon Sep 17 00:00:00 2001 From: Chris Sommers Date: Fri, 19 Aug 2022 20:53:13 -0700 Subject: [PATCH 5/7] Fix CI docker flags --- .github/workflows/dash-bmv2-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dash-bmv2-ci.yml b/.github/workflows/dash-bmv2-ci.yml index 292b73bb5..4b9c6c729 100644 --- a/.github/workflows/dash-bmv2-ci.yml +++ b/.github/workflows/dash-bmv2-ci.yml @@ -41,6 +41,7 @@ jobs: runs-on: ubuntu-20.04 env: docker_fg_flags: --privileged + docker_fg_root_flags: --privileged -u root docker_bg_flags: -d --privileged defaults: run: @@ -76,9 +77,9 @@ jobs: - name: Run saithrift server run: DOCKER_FLAGS=$docker_bg_flags make run-saithrift-server - name: Run PTF Tests - run: DOCKER_FLAGS=$docker_fg_flags -u root make run-saithrift-ptftests + run: DOCKER_FLAGS=$docker_fg_root_flags make run-saithrift-ptftests - name: Deploy ixia-c Traffic Generator run: DOCKER_FLAGS=$docker_fg_flags make deploy-ixiac - name: Run Pytests - run: DOCKER_FLAGS=$docker_fg_flags -u root make run-saithrift-pytests + run: DOCKER_FLAGS=$docker_fg_root_flags make run-saithrift-pytests From edc735033467868dd233b1b9a0c5788cc5173b3e Mon Sep 17 00:00:00 2001 From: Chris Sommers Date: Fri, 19 Aug 2022 21:09:41 -0700 Subject: [PATCH 6/7] Final purge of obs sudo commands to fix perms. --- dash-pipeline/Makefile | 29 ++++++++++------------------ dash-pipeline/SAI/saithrift/Makefile | 2 +- 2 files changed, 11 insertions(+), 20 deletions(-) diff --git a/dash-pipeline/Makefile b/dash-pipeline/Makefile index 021ee9628..e710676c5 100644 --- a/dash-pipeline/Makefile +++ b/dash-pipeline/Makefile @@ -1,24 +1,18 @@ SHELL = /bin/bash # "All" type targets for convenience -all:fix-perms p4 sai saithrift-server docker-saithrift-client test +all:p4 sai saithrift-server docker-saithrift-client test run-all-tests:run-libsai-test deploy-ixiac run-saithrift-client-tests run-saithrift-client-tests: run-saithrift-ptftests run-saithrift-pytests run-saithrift-client-dev-tests: run-saithrift-dev-ptftests run-saithrift-dev-pytests .PHONY:clean -clean: fix-perms kill-all p4-clean sai-clean test-clean network-clean saithrift-server-clean +clean: kill-all p4-clean sai-clean test-clean network-clean saithrift-server-clean rm -rf $(P4_OUTDIR) kill-all: kill-saithrift-server kill-switch undeploy-ixiac - -.PHONY: fix-perms -fix-perms: - @echo "### Applying Fix permissions workaround..." - #sudo chmod -R o+rw SAI/ bmv2/ tests/ - PWD := $(shell pwd) DASH_USER ?=dashuser DASH_GROUP ?=dashusers @@ -81,7 +75,7 @@ P4_OUTDIR=bmv2/dash_pipeline.bmv2 P4_ARTIFACTS=$(P4_OUTDIR)/dash_pipeline.json $(P4_OUTDIR)/dash_pipeline_p4rt.txt -p4: fix-perms $(P4_OUTDIR)/dash_pipeline.json +p4: $(P4_OUTDIR)/dash_pipeline.json .PHONY:p4-clean p4-clean: @@ -121,9 +115,9 @@ DOCKER_RUN_SAITHRIFT_BLDR =\ # TODO - create separate rules for headers, libsai.so .PHONY:sai -sai: fix-perms sai-clean sai-headers sai-meta libsai +sai: sai-clean sai-headers sai-meta libsai -sai-headers: fix-perms p4 | SAI/SAI +sai-headers: p4 | SAI/SAI @echo "Generate SAI library headers and implementation..." mkdir -p SAI/lib && chmod -R o+w SAI && \ $(DOCKER_RUN) \ @@ -131,10 +125,8 @@ sai-headers: fix-perms p4 | SAI/SAI --name build_sai-$(USER) \ -w /SAI $(DOCKER_SAITHRIFT_BLDR_IMG) \ ./generate_dash_api.sh - # Fixup perms from generate_dash_api using sudo to call python,so subsequent scripts can access - #sudo chmod -R a+rw $(PWD)/SAI/SAI -sai-meta: fix-perms +sai-meta: @echo "Generate SAI metadata..." # hack - remove scripts which cause Git ownership failures in CI pipelines # We don't need them, they're to check that SAI headers didn't experience enum changes etc. @@ -147,10 +139,9 @@ sai-meta: fix-perms -v $(PWD)/..:/dash -w /dash/dash-pipeline/SAI/SAI/meta \ $(DOCKER_SAITHRIFT_BLDR_IMG) \ make - #sudo chmod -R o+rw SAI/ # TODO - add SAI header dependencies -libsai: fix-perms +libsai: @echo "build libsai.so..." $(DOCKER_RUN) \ $(DOCKER_FLAGS) \ @@ -159,11 +150,11 @@ libsai: fix-perms $(DOCKER_BMV2_BLDR_IMG) \ make -libsai-clean: fix-perms +libsai-clean: -rm -rf SAI/lib/* .PHONY:sai-clean -sai-clean: fix-perms SAI/SAI libsai-clean saithrift-server-clean +sai-clean: SAI/SAI libsai-clean saithrift-server-clean @echo "Restoring SAI subdirectories to baseline..." rm -rf SAI/SAI/inc SAI/SAI/experimental SAI/SAI/meta cd SAI/SAI && git checkout -- inc experimental meta @@ -201,7 +192,7 @@ kill-switch: # SAI-THRIFT SERVER TARGETS ############################### -saithrift-server:fix-perms +saithrift-server: $(DOCKER_RUN_SAITHRIFT_BLDR) \ make $@ diff --git a/dash-pipeline/SAI/saithrift/Makefile b/dash-pipeline/SAI/saithrift/Makefile index aa26e59dd..0cf0c36d6 100644 --- a/dash-pipeline/SAI/saithrift/Makefile +++ b/dash-pipeline/SAI/saithrift/Makefile @@ -27,7 +27,7 @@ SAIRPC_EXTRA_LIBS="\ -lssl \ -laddress_sorting" -# Below based on: https://github.com/opencomputeproject/SAI/blob/088627dd90c3420daf96d294c661b4a152afb01e/ptf/SAI_PTF_user-guide.md +# Below based on: https://github.com/opencomputeproject/SAI/blob/master/ptf/SAI_PTF_user-guide.md # Dependencies are assumed to be installed, e.g. in the docker container saithrift-server: # Copy headers to /usr/include/sai From d74fa35e358bc6db92126a1d321316b1f491d6db Mon Sep 17 00:00:00 2001 From: Chris Sommers Date: Fri, 26 Aug 2022 09:31:37 -0700 Subject: [PATCH 7/7] Test for veth's before deleting. --- dash-pipeline/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dash-pipeline/Makefile b/dash-pipeline/Makefile index 232555f46..237fbaed4 100644 --- a/dash-pipeline/Makefile +++ b/dash-pipeline/Makefile @@ -489,10 +489,10 @@ veth2: /sys/class/net/veth2 sudo sysctl net.ipv6.conf.veth3.accept_ra_pinfo=0 sudo sysctl net.ipv6.conf.veth3.router_solicitations=0 +# Delete veth's, test existence to avoid needless use of sudo network-clean: - # Note, deleting one member (e.g. veth0) deletes its peer (e.g. veth1) - -sudo ip link delete dev veth0 - -sudo ip link delete dev veth2 + @-([ -e /sys/class/net/veth0 ] && sudo ip link delete dev veth0 && echo "Deleted veth0/1") || echo "No veth0, not deleting" + @-([ -e /sys/class/net/veth2 ] && sudo ip link delete dev veth2 && echo "Deleted veth2/3") || echo "No veth2, not deleting" ############################### # IXIA-C TARGETS