Conversation
|
|
|
Do we need an explicit file for this ? Can you infer the same through r/w mode of one/more paths mapped into container ? For example, which path should be mounted as rw for non-read-onlly mode? |
|
I suppose we could put the file in the telemetry container instead of on the host, would this be better?. I am not sure about mounting a volume ro vs rw, I don't know which volume we would use for this or why. |
|
Curious, what is the difference between read-only & read-write mode for telemetry docker? |
|
There was a request to have a read-only mode for telemetry since some do not want to use telemetry for configuration. The read-only mode will disable the Set() rpc so there is only Get, Subscribe and Capabilities rpc's available. |
|
Just one more question: If not, why can't we use a compile time flag to build it as read-only / read-write? |
|
Using the current method of looking for a file, you could disable read-only mode by removing the file. As for the compile time flag, that is an option as well which I considered. Would it be preferable this way? |
|
When looking at build flags, I thought I would need to make duplicate source files like server.go and server_ro.go for example. However looking at more examples, I could rather have a file like constants_rw.go and constants_ro.go and define a single "const TELEMETRY_RO" in each file which would be set by the build flag. So this is a good option as well. If this is preferred, I can redo this PR to use this method. |
|
Please check with relevant folks, who were requesting for read-only mode, if this suits. "An image is built for RO/RW mode as immutable" |
|
I checked. The mode is burnt into the image. So we can use a build time flag to decide |
|
@renukamanavalan Please see the latest commit. I switched to using a go build flag instead of the file method. Now the readonly mode is set at build time in a constant inside the telemetry binary, so is immutable. |
renukamanavalan
left a comment
There was a problem hiding this comment.
Can you please help understand how does this BLDFLAG '-tag helps include the correct constant file ?
Makefile
Outdated
| TEST_FILES=$(wildcard *_test.go) | ||
| TELEMETRY_TEST_DIR = $(GO_MGMT_PATH)/build/tests/gnmi_server | ||
| TELEMETRY_TEST_BIN = $(TELEMETRY_TEST_DIR)/server.test | ||
| ifeq ($(TELEMETRY_READONLY),y) |
There was a problem hiding this comment.
Can we make read-only as default ?
ifeq ($(TELEMETRY_READWITE y') BLD_FLAGS := -tags readwrite
Absence of a flag implies read-only.
gnmi_server/constants.go
Outdated
|
|
||
| package gnmi | ||
|
|
||
| const READ_ONLY_MODE = false |
It is a build constraint: https://golang.org/pkg/go/build/#hdr-Build_Constraints
Sure I will make this change. |
…and const to reflect this
|
Okay, I have changed the default to read-only. |
|
suggest to the read-only default. |
This is already the case. renukamanavalan already requested this in a previous comment and I made the changes to have it readonly by default. |
Check for file /etc/sonic/telemetry_readonly and if it exists, gNMI set will be disabled.