diff --git a/dockers/docker-orchagent/docker-init.j2 b/dockers/docker-orchagent/docker-init.j2 index 143c9bd5229f..dfd0dd7c8526 100755 --- a/dockers/docker-orchagent/docker-init.j2 +++ b/dockers/docker-orchagent/docker-init.j2 @@ -3,7 +3,7 @@ mkdir -p /etc/swss/config.d/ mkdir -p /etc/supervisor/ mkdir -p /etc/supervisor/conf.d/ - +mkdir -p /dev/shm/supervisor/ CFGGEN_PARAMS=" \ -d \ diff --git a/files/build_templates/docker_image_ctl.j2 b/files/build_templates/docker_image_ctl.j2 index 294dd46ce1e7..d8e562cdd3a7 100644 --- a/files/build_templates/docker_image_ctl.j2 +++ b/files/build_templates/docker_image_ctl.j2 @@ -631,6 +631,7 @@ start() { {%- endif %} -e RUNTIME_OWNER=local \ --uts=host \{# W/A: this should be set per-docker, for those dockers which really need host's UTS namespace #} + --tmpfs /var/log/supervisor:rw \ {%- if install_debug_image == "y" %} -v /src:/src:ro -v /debug:/debug:rw \ {%- endif %} diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index e0ede21e5490..e82f4df38710 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -104,6 +104,11 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-nettools_*.deb || \ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f sudo setcap 'cap_net_raw=+ep' $FILESYSTEM_ROOT/usr/bin/wol +# This is needed for moving monit logs, state and logrotate status to tmpfs +sudo bash -c "echo \"d /dev/shm/monit/ 0755 root root\" > $FILESYSTEM_ROOT/etc/tmpfiles.d/tmpfs-monit.conf" +sudo bash -c "echo \"d /dev/shm/logrotate/ 0755 root root\" > $FILESYSTEM_ROOT/etc/tmpfiles.d/tmpfs-logrotate.conf" + + # Install a patched version of ifupdown2 (and its dependencies via 'apt-get -y install -f') sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/ifupdown2_*.deb || \ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f diff --git a/files/image_config/logrotate/logrotateOverride.conf b/files/image_config/logrotate/logrotateOverride.conf index adc85ff306b5..64e181aa7c4a 100644 --- a/files/image_config/logrotate/logrotateOverride.conf +++ b/files/image_config/logrotate/logrotateOverride.conf @@ -1,2 +1,6 @@ [Unit] -Requires=logrotate-config.service \ No newline at end of file +Requires=logrotate-config.service + +[Service] +ExecStart= +ExecStart=/usr/sbin/logrotate --state /dev/shm/logrotate/status /etc/logrotate.conf diff --git a/files/image_config/monit/monitrc b/files/image_config/monit/monitrc index 74068f12d3f8..e3b252fcea75 100644 --- a/files/image_config/monit/monitrc +++ b/files/image_config/monit/monitrc @@ -38,7 +38,7 @@ ## default the file is placed in $HOME/.monit.id. # # set idfile /var/.monit.id - set idfile /var/lib/monit/id + set idfile /dev/shm/monit/id # ## Set the location of the Monit state file which saves monitoring states ## on each cycle. By default the file is placed in $HOME/.monit.state. If @@ -46,7 +46,7 @@ ## the monitoring state across reboots. If it is on temporary filesystem, the ## state will be lost on reboot which may be convenient in some situations. # - set statefile /var/lib/monit/state + set statefile /dev/shm/monit/state # # @@ -91,7 +91,7 @@ ## available in the back end filesystem). # set eventqueue - basedir /var/lib/monit/events # set the base directory where events will be stored + basedir /dev/shm/monit/events # set the base directory where events will be stored slots 100 # optionally limit the queue size # # diff --git a/files/initramfs-tools/union-mount.j2 b/files/initramfs-tools/union-mount.j2 index fccd21f415ef..8f8abb8f6af5 100644 --- a/files/initramfs-tools/union-mount.j2 +++ b/files/initramfs-tools/union-mount.j2 @@ -212,6 +212,9 @@ mkdir -p ${rootmnt}/boot mkdir -p ${rootmnt}/host/$image_dir/boot mount --bind ${rootmnt}/host/$image_dir/boot ${rootmnt}/boot +## Mount the /tmp directory as tmpfs +mount -t tmpfs -o rw,nosuid,nodev,size=25% tmpfs ${rootmnt}/tmp + ## Mount loop device or tmpfs for /var/log if $logs_inram; then # NOTE: some platforms, when reaching initramfs stage, have a small diff --git a/src/sonic-bgpcfgd/bgpcfgd/managers_bgp.py b/src/sonic-bgpcfgd/bgpcfgd/managers_bgp.py index 0b07f9cbcda7..19e478578c1d 100644 --- a/src/sonic-bgpcfgd/bgpcfgd/managers_bgp.py +++ b/src/sonic-bgpcfgd/bgpcfgd/managers_bgp.py @@ -387,7 +387,7 @@ def load_peers(): Load peers from FRR. :return: set of peers, which are already installed in FRR """ - command = ["vtysh", "-c", "show bgp vrfs json"] + command = ["vtysh", "-H", "/dev/null", "-c", "show bgp vrfs json"] ret_code, out, err = run_command(command) if ret_code == 0: js_vrf = json.loads(out) diff --git a/src/sonic-bgpcfgd/bgpmon/bgpmon.py b/src/sonic-bgpcfgd/bgpmon/bgpmon.py index 26a5b245413e..2623ec62482f 100755 --- a/src/sonic-bgpcfgd/bgpmon/bgpmon.py +++ b/src/sonic-bgpcfgd/bgpmon/bgpmon.py @@ -77,7 +77,7 @@ def update_new_peer_states(self, peer_dict): # Get a new snapshot of BGP neighbors and store them in the "new" location def get_all_neigh_states(self): - cmd = ["vtysh", "-c", 'show bgp summary json'] + cmd = ["vtysh", "-H", "/dev/null", "-c", 'show bgp summary json'] retry_attempt = 0 while retry_attempt < self.MAX_RETRY_ATTEMPTS: diff --git a/src/sonic-bgpcfgd/tests/test_bgp.py b/src/sonic-bgpcfgd/tests/test_bgp.py index 5b494af4d79a..b9240cccb8e0 100644 --- a/src/sonic-bgpcfgd/tests/test_bgp.py +++ b/src/sonic-bgpcfgd/tests/test_bgp.py @@ -32,7 +32,7 @@ def constructor(constants_path, bgp_router_id="", peer_type="general", with_lo0_ } return_value_map = { - "['vtysh', '-c', 'show bgp vrfs json']": (0, "{\"vrfs\": {\"default\": {}}}", ""), + "['vtysh', '-H', '/dev/null', '-c', 'show bgp vrfs json']": (0, "{\"vrfs\": {\"default\": {}}}", ""), "['vtysh', '-c', 'show bgp vrf default neighbors json']": (0, "{\"10.10.10.1\": {}, \"20.20.20.1\": {}, \"fc00:10::1\": {}}", "") }