Skip to content

Separate T6 and (optional) K.2 NIC setup for compliance images. #203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

luqmana
Copy link
Contributor

@luqmana luqmana commented May 27, 2025

This adds a new service site/compliance/net-setup which ensures we have an IPv6 link-local address for the NICs corresponding to each instance of the service. Each instance is named after the corresponding NIC driver (e.g., e1000g, igb, cxgbe).

@luqmana luqmana requested review from jclulow and citrus-it May 27, 2025 21:27
Copy link
Contributor

@citrus-it citrus-it left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a much better direction, thanks for this.
Just one minor comment from me, I don't know enough about how the compliance/mfg bits get used to approve but those parts look reasonable.

@luqmana luqmana force-pushed the compliance-net-setup branch from be85579 to 75396a4 Compare May 28, 2025 18:33
Copy link
Collaborator

@jclulow jclulow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general I think anything that isn't specifically related to compliance should have any mention of compliance scrubbed out. We ship the NIC configuration stuff in essentially every image, so I think making it an oxide/ prefix on the FMRI, and removing any mention of compliance, would make it easier to understand the scope.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should just call this net-setup.sh, removing the compliance prefix.

. /lib/svc/share/smf_include.sh

if (( $# != 1 )); then
echo "usage: compliance-net-setup.sh <NIC dev>" >&2
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
echo "usage: compliance-net-setup.sh <NIC dev>" >&2
echo "usage: $0 LINK" >&2

fi
nicdev=$1

fail_not_found=$(svcprop -p 'config/fail_not_found' $SMF_FMRI)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
fail_not_found=$(svcprop -p 'config/fail_not_found' $SMF_FMRI)
if [[ -z $SMF_FMRI ]]; then
printf 'ERROR: must run under SMF\n' >&2
exit 1
fi
fail_not_found=$(svcprop -p 'config/fail_not_found' "$SMF_FMRI")

nics+=( $try )
fi
done

if (( ${#nics[@]} == 0 )); then
exit 1
if [[ "$fail_not_found" = "true" ]]; then
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if [[ "$fail_not_found" = "true" ]]; then
if [[ $fail_not_found == true ]]; then

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just net-setup.xml ?

"src": "compliance-net-setup.sh",
"owner": "root", "group": "bin", "mode": "0755" },
{ "t": "ensure_file",
"file": "/lib/svc/manifest/site/compliance-net-setup.xml",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"file": "/lib/svc/manifest/site/compliance-net-setup.xml",
"file": "/lib/svc/manifest/oxide/net-setup.xml",

<dependency name='net' grouping='require_any' restart_on='none'
type='service'>
<service_fmri value='svc:/site/compliance/net-setup:igb' />
<service_fmri value='svc:/site/compliance/net-setup:e1000' />
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<service_fmri value='svc:/site/compliance/net-setup:e1000' />
<service_fmri value='svc:/site/compliance/net-setup:e1000g' />


<template>
<common_name>
<loctext xml:lang='C'>compliance network setup</loctext>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<loctext xml:lang='C'>compliance network setup</loctext>
<loctext xml:lang='C'>sled network setup</loctext>

<loctext xml:lang='C'>compliance network setup</loctext>
</common_name>
<description>
<loctext xml:lang='C'>brings network up for compliance testing
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<loctext xml:lang='C'>brings network up for compliance testing
<loctext xml:lang='C'>brings up basic sled networking

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we're removing the method here, I don't think we need to keep the service around?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants