cephadm/smb: Add NET_RAW capability to deploy ctdbd

CTDB heavily depends on raw sockets to send gratuitous ARPs[1](see the
second point from the list of reasons to use gratuitous ARPs). As per
the current design it is also inevitable while sending tickle ACKs[2]
in the event of an IP failover. man capabilities(7)[3] further mandates
CAP_NET_RAW to use raw sockets. Therefore append NET_RAW to the list of
capabilties while deploying ctdbd containers.

[1] https://wiki.wireshark.org/Gratuitous_ARP
[2] https://ctdb.samba.org/manpages/ctdb.1.html
[3] https://www.man7.org/linux/man-pages/man7/capabilities.7.html

Signed-off-by: Anoop C S <[email protected]>

Author: anoopcs9

src/cephadm/cephadmlib/daemons/smb.py

@@ -370,6 +370,8 @@ def container_args(self) -> List[str]:
         # make conditional?
         # CAP_NET_ADMIN is needed for event script to add public ips to iface
         cargs.append('--cap-add=NET_ADMIN')
+        # CAP_NET_RAW allows to send gratuitous ARPs/tickle ACKs via raw sockets
+        cargs.append('--cap-add=NET_RAW')
         return cargs