Skip to content

Commit 6fce350

Browse files
mikelazarmikelazar
committed
Add details about D-Bus architecture (container to host).
Signed-off-by: Mike Lazar <mihai_lazar@dell.com>
1 parent 4ad6c54 commit 6fce350

File tree

2 files changed

+21
-3
lines changed

2 files changed

+21
-3
lines changed

doc/mgmt/Docker to Host communication.md

+21-3
Original file line numberDiff line numberDiff line change
@@ -94,9 +94,13 @@ All deployments
9494

9595
## 2.2 Functional Description
9696

97-
This feature enables applications such as image management, ZTP, etc. to issue
98-
requests to the host to perform actions such as image install, ZTP
99-
enable/disable, etc.
97+
This feature enables management applications to issue
98+
requests to the host to perform actions such as:
99+
* image install / upgrade
100+
* ZTP enable/disable
101+
* initiate reboot and warm reboot using existing scripts
102+
* create show-tech tar file using existing show-tech script
103+
* config save/reload using existing scripts
100104

101105
# 3 Design
102106
## 3.1 Overview
@@ -110,6 +114,20 @@ the host, and either wait for the response (if the request was synchronous), or
110114
receive a channel and wait for the request to return the response on the
111115
channel (asynchronous request).
112116

117+
The architecture of a D-Bus host service in a SONiC environment is illustrated in the diagram below:
118+
![](images/docker-to-host-services-architecture.jpg)
119+
120+
Note. The Linux D-Bus implementation uses Unix domain sockets for client to D-Bus service communications.
121+
All containers that use D-Bus services will bind mount
122+
(-v /var/run/dbus:/var/run/dbus:rw) the host directory where D-Bus service sockets are created.
123+
124+
D-Bus provides a reliable communication channel between client (SONiC management container) and service (native host OS) – all actions are acknowledged and can provide return values. It should be noted that acknowledgements are important for operations such as “image upgrade” or “config-save”. In addition, D-Bus methods can return values of many types – not just ACKs. For instance, they can return strings, useful to return the output of a command.
125+
126+
127+
### 3.1.1 Security of D-Bus Communications
128+
In addition to standard Linux security mechanisms for file/Unix socket access rights (read/write), D-Bus provides a separate security layer, using the D-Bus service configuration files.
129+
This allows finer grain access control to D-Bus objects and methods.
130+
113131
## 3.2 DB Changes
114132
### 3.2.1 CONFIG DB
115133
N/A

doc/mgmt/images/docker-to-host-services-architecture.jpg

97.5 KB
Loading

0 commit comments

Comments
 (0)