-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve gnmi full config update #1840
base: master
Are you sure you want to change the base?
Conversation
We will use single gnmi request to support full configuration update. | ||
1. The host service will perform YANG validation and return an error if it fails. | ||
2. The host service will mask the gNMI service, preventing it from restarting after a config reload. | ||
3. The host service will execute a config reload using the input configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there any chance that switch will not be in desired state after config reload, if so will it be handled here? like rollback?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, we will use "config reload -f" to rollback
The full configuration request will be overwritten by subsequent full configuration request or incremental configuration request. | ||
|
||
<img src="images/mixed requests.svg" alt="overwritten-config" width="800px"/> | ||
We will use single gnmi request to support full configuration update. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
during the full configuration update, do we block any config update request from other interfaces like REST, CLI?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We do not block other configuration update requests. All configuration updates made before the 'config reload' will be overwritten, but those made after the 'config reload' will still function.
|
||
<img src="images/mixed requests.svg" alt="overwritten-config" width="800px"/> | ||
We will use single gnmi request to support full configuration update. | ||
1. The host service will perform YANG validation and return an error if it fails. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure if the yang validation address the validation based on the state data, like TCAM ACL limit? If not then yang validation will succeed, but config reload may fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point! Currently, SONiC yang does not check the ACL limit, but we can add this limitation.
3. The host service will execute a config reload using the input configuration. | ||
4. The host service will execute a config save if step 3 is successful. | ||
5. The host service will perform a config reload to recover if step 3 fails. | ||
6. The host service will unmask the gNMI service. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I understand correctly, the gNMI service will not reload in this whole flow.. What if the new config includes changes to the management network or gNMI server settings (port, auth mode, certs etc)? AFAIK gNMI server requires a restart to apply these changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see this is listed as a limitation below.. Is there any gNOI interface for clients to force restart the server?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can use gnoi reboot interface to restart device and apply all the configurations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think reboot will be not so practical. There will be a significant downtime due to config reload already. Reboot requires another downtime.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, we don't have a good solution at the moment. Let's keep this limitation, as gNMI can't be used to change the management network or gNMI server settings.
|
||
<img src="images/mixed requests.svg" alt="overwritten-config" width="800px"/> | ||
We will use single gnmi request to support full configuration update. | ||
1. The host service will perform YANG validation and return an error if it fails. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In cases where we need to enforce custom validation rules that go beyond the constraints of the Yang model, how does the current design plan to handle these? translib based infrastructure provides this mechanism.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can continue using the current translib infrastructure, and this change will not impact it. We are utilizing the origin field of the gnmi request, and only those requests with the 'sonic-db' origin field can use this gnmi full config update.
Signed-off-by: Gang Lv [email protected]
What is the motivation for this PR?
Use single GNMI request to support full config update.
Microsoft ADO: 27225139
PR: