Skip to content

Commit

Permalink
[hostcfgd] Fix issue: FeatureHandler might override user configuration (
Browse files Browse the repository at this point in the history
#16766)

Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
  • Loading branch information
nazariig authored Oct 11, 2023
1 parent 6f93832 commit 7b06d9b
Show file tree
Hide file tree
Showing 2 changed files with 90 additions and 6 deletions.
35 changes: 29 additions & 6 deletions src/sonic-host-services/scripts/hostcfgd
Original file line number Diff line number Diff line change
Expand Up @@ -352,7 +352,7 @@ class FeatureHandler(object):
# sync has_per_asic_scope to CONFIG_DB in namespaces in multi-asic platform
for ns, db in self.ns_cfg_db.items():
db.mod_entry('FEATURE', feature_config.name, {'has_per_asic_scope': str(feature_config.has_per_asic_scope)})

def update_systemd_config(self, feature_config):
"""Updates `Restart=` field in feature's systemd configuration file
according to the value of `auto_restart` field in `FEATURE` table of `CONFIG_DB`.
Expand Down Expand Up @@ -427,7 +427,7 @@ class FeatureHandler(object):
unit_file_state = self.get_systemd_unit_state("{}.{}".format(feature_name, feature_suffixes[-1]))
if unit_file_state == "enabled" or not unit_file_state:
continue
cmds = []
cmds = []
for suffix in feature_suffixes:
cmds.append("sudo systemctl unmask {}.{}".format(feature_name, suffix))

Expand Down Expand Up @@ -474,11 +474,28 @@ class FeatureHandler(object):
self.set_feature_state(feature, self.FEATURE_STATE_DISABLED)

def resync_feature_state(self, feature):
self._config_db.mod_entry('FEATURE', feature.name, {'state': feature.state})
current_entry = self._config_db.get_entry('FEATURE', feature.name)
current_feature_state = current_entry.get('state') if current_entry else None

# resync the feature state to CONFIG_DB in namespaces in multi-asic platform
for ns, db in self.ns_cfg_db.items():
db.mod_entry('FEATURE', feature.name, {'state': feature.state})
if feature.state == current_feature_state:
return

# feature.state might be rendered from a template, so that it should resync CONFIG DB
# FEATURE table to override the template value to valid state value
# ('always_enabled', 'always_disabled', 'disabled', 'enabled'). However, we should only
# resync feature state in two cases:
# 1. the rendered feature state is always_enabled or always_disabled, it means that the
# feature state is immutable and potential state change during HostConfigDaemon.load
# in redis should be skipped;
# 2. the current feature state in DB is a template which should be replaced by rendered feature
# state
# For other cases, we should not resync feature.state to CONFIG DB to avoid overriding user configuration.
if self._feature_state_is_immutable(feature.state) or self._feature_state_is_template(current_feature_state):
self._config_db.mod_entry('FEATURE', feature.name, {'state': feature.state})

# resync the feature state to CONFIG_DB in namespaces in multi-asic platform
for ns, db in self.ns_cfg_db.items():
db.mod_entry('FEATURE', feature.name, {'state': feature.state})

def set_feature_state(self, feature, state):
self._feature_state_table.set(feature.name, [('state', state)])
Expand All @@ -487,6 +504,12 @@ class FeatureHandler(object):
for ns, tbl in self.ns_feature_state_tbl.items():
tbl.set(feature.name, [('state', state)])

def _feature_state_is_template(self, feature_state):
return feature_state not in ('always_enabled', 'always_disabled', 'disabled', 'enabled')

def _feature_state_is_immutable(self, feature_state):
return feature_state in ('always_enabled', 'always_disabled')

class Iptables(object):
def __init__(self):
'''
Expand Down
61 changes: 61 additions & 0 deletions src/sonic-host-services/tests/hostcfgd/hostcfgd_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,67 @@ def test_feature_config_parsing_defaults(self):
assert swss_feature.has_global_scope
assert not swss_feature.has_per_asic_scope

@mock.patch('hostcfgd.FeatureHandler.update_systemd_config', mock.MagicMock())
@mock.patch('hostcfgd.FeatureHandler.update_feature_state', mock.MagicMock())
@mock.patch('hostcfgd.FeatureHandler.sync_feature_asic_scope', mock.MagicMock())
def test_feature_resync(self):
mock_db = mock.MagicMock()
mock_db.get_entry = mock.MagicMock()
mock_db.mod_entry = mock.MagicMock()
mock_feature_state_table = mock.MagicMock()

feature_handler = hostcfgd.FeatureHandler(mock_db, mock_feature_state_table, {})
feature_table = {
'sflow': {
'state': 'enabled',
'auto_restart': 'enabled',
'delayed': 'True',
'has_global_scope': 'False',
'has_per_asic_scope': 'True',
}
}
mock_db.get_entry.return_value = None
feature_handler.sync_state_field(feature_table)
mock_db.mod_entry.assert_called_with('FEATURE', 'sflow', {'state': 'enabled'})
mock_db.mod_entry.reset_mock()

feature_handler = hostcfgd.FeatureHandler(mock_db, mock_feature_state_table, {})
mock_db.get_entry.return_value = {
'state': 'disabled',
}
feature_handler.sync_state_field(feature_table)
mock_db.mod_entry.assert_not_called()

feature_handler = hostcfgd.FeatureHandler(mock_db, mock_feature_state_table, {})
feature_table = {
'sflow': {
'state': 'always_enabled',
'auto_restart': 'enabled',
'delayed': 'True',
'has_global_scope': 'False',
'has_per_asic_scope': 'True',
}
}
feature_handler.sync_state_field(feature_table)
mock_db.mod_entry.assert_called_with('FEATURE', 'sflow', {'state': 'always_enabled'})
mock_db.mod_entry.reset_mock()

feature_handler = hostcfgd.FeatureHandler(mock_db, mock_feature_state_table, {})
mock_db.get_entry.return_value = {
'state': 'some template',
}
feature_table = {
'sflow': {
'state': 'enabled',
'auto_restart': 'enabled',
'delayed': 'True',
'has_global_scope': 'False',
'has_per_asic_scope': 'True',
}
}
feature_handler.sync_state_field(feature_table)
mock_db.mod_entry.assert_called_with('FEATURE', 'sflow', {'state': 'enabled'})


class TesNtpCfgd(TestCase):
"""
Expand Down

0 comments on commit 7b06d9b

Please sign in to comment.