Improve gnmi full config update #1840
Conversation
ganglyu
requested review from
qiluo-msft,
mm0930,
adyeung,
anand-kumar-subramanian,
venkatmahalingam and
madhupalu
| We will use single gnmi request to support full configuration update. | ||
| 1. The host service will perform YANG validation and return an error if it fails. | ||
| 2. The host service will mask the gNMI service, preventing it from restarting after a config reload. | ||
| 3. The host service will execute a config reload using the input configuration. |
There was a problem hiding this comment.
is there any chance that switch will not be in desired state after config reload, if so will it be handled here? like rollback?
There was a problem hiding this comment.
yes, we will use "config reload -f" to rollback
| The full configuration request will be overwritten by subsequent full configuration request or incremental configuration request. | ||
|
|
||
| <img src="images/mixed requests.svg" alt="overwritten-config" width="800px"/> | ||
| We will use single gnmi request to support full configuration update. |
There was a problem hiding this comment.
during the full configuration update, do we block any config update request from other interfaces like REST, CLI?
There was a problem hiding this comment.
We do not block other configuration update requests. All configuration updates made before the 'config reload' will be overwritten, but those made after the 'config reload' will still function.
|
|
||
| <img src="images/mixed requests.svg" alt="overwritten-config" width="800px"/> | ||
| We will use single gnmi request to support full configuration update. | ||
| 1. The host service will perform YANG validation and return an error if it fails. |
There was a problem hiding this comment.
not sure if the yang validation address the validation based on the state data, like TCAM ACL limit? If not then yang validation will succeed, but config reload may fail.
There was a problem hiding this comment.
Good point! Currently, SONiC yang does not check the ACL limit, but we can add this limitation.
| 3. The host service will execute a config reload using the input configuration. | ||
| 4. The host service will execute a config save if step 3 is successful. | ||
| 5. The host service will perform a config reload to recover if step 3 fails. | ||
| 6. The host service will unmask the gNMI service. |
There was a problem hiding this comment.
If I understand correctly, the gNMI service will not reload in this whole flow.. What if the new config includes changes to the management network or gNMI server settings (port, auth mode, certs etc)? AFAIK gNMI server requires a restart to apply these changes.
There was a problem hiding this comment.
I see this is listed as a limitation below.. Is there any gNOI interface for clients to force restart the server?
There was a problem hiding this comment.
We can use gnoi reboot interface to restart device and apply all the configurations.
There was a problem hiding this comment.
I think reboot will be not so practical. There will be a significant downtime due to config reload already. Reboot requires another downtime.
There was a problem hiding this comment.
I agree, we don't have a good solution at the moment. Let's keep this limitation, as gNMI can't be used to change the management network or gNMI server settings.
|
|
||
| <img src="images/mixed requests.svg" alt="overwritten-config" width="800px"/> | ||
| We will use single gnmi request to support full configuration update. | ||
| 1. The host service will perform YANG validation and return an error if it fails. |
There was a problem hiding this comment.
In cases where we need to enforce custom validation rules that go beyond the constraints of the Yang model, how does the current design plan to handle these? translib based infrastructure provides this mechanism.
There was a problem hiding this comment.
You can continue using the current translib infrastructure, and this change will not impact it. We are utilizing the origin field of the gnmi request, and only those requests with the 'sonic-db' origin field can use this gnmi full config update.
Signed-off-by: Gang Lv [email protected]
What is the motivation for this PR?
Use single GNMI request to support full config update.
Microsoft ADO: 27225139
PR: