Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use bookworm macsec container for 2205. #443

Merged
merged 4 commits into from
Sep 10, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions dockers/docker-macsec/Dockerfile.j2
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
{% set use_bookworm_macsec_container = true %}

{% if use_bookworm_macsec_container -%}
FROM publicmirror.azurecr.io/docker-macsec:202405
RUN mkdir /etc/fips && echo 1 > /etc/fips/fips_enable
COPY ["cli", "/cli/"]
ENTRYPOINT ["/usr/local/bin/supervisord"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wumiaont I see you have put an if else with the "use_bookworm_macsec_container" set to true. shouldn't we copy the other files like start.sh,, critical_processes, wpa_supplicant.conf etc - this is done today with bullseye ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The docker-macsec container (bookworm) already contains those files. There's no difference between 202205 and 202405 for those files so I did not try to copy and overwrite them. For example: in critical_processes file, it has these "program:macsecmgrd". Same between 2205 and 2405.

Copy link
Author

@wumiaont wumiaont Sep 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wpa_supplicant.conf is same between 2205 and 2405 also. Other files such as start.sh has a very slight change. In 2205 it's only " #!/usr/bin/env bash" in 2405 it adds "
TZ=$(cat /etc/timezone)
rm -rf /etc/localtime
ln -sf /usr/share/zoneinfo/$TZ /etc/localtime". This is trying to resolve timezone issue with container found and resolved in 2405. Better to have this fix as fix is harmless.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only files need to modify inside bookworm container is/cli/clear/plugins/clear_macsec_counter.py. Only one line change in this file between 2205 and 2405. This line in 2405 is "clicommon.run_command(['show', 'macsec', '--dump-file'])" and in 2205 is clicommon.run_command("show macsec --dump-file"). API format changed. CLI plugins are taken out of container and put into host. This makes original plugin inside bookworm CLI plugin(2405) not work in 2205 host environment because of above API format change. That's why I decide to copy all cli plugins (2205, 3 files) into bookworm container to replace 2405 cli plugins. CLI has been verified during testing. Also changes are very little for macsec CLI (very slight code change for bugs found)

{% else %}
{% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files, cleanup_apt_and_python_cache %}
FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}}

Expand Down Expand Up @@ -27,3 +35,5 @@ COPY ["etc/wpa_supplicant.conf", "/etc/wpa_supplicant.conf"]
COPY ["cli", "/cli/"]

ENTRYPOINT ["/usr/local/bin/supervisord"]

{%- endif %}
Loading