Why I did it
Change the path of sonic submodules that point to "Azure" to point to "sonic-net"
How I did it
Replace "Azure" with "sonic-net" on all relevant paths of sonic submodules
Debain maintainers took down the 3.16.68-2 kernel source, which broke the 201803 build. This patch downloads the files from Azure storage instead.
src/sonic-linux-kernel 9ccb78e...5ec0c26 (2):
[201803] Revert kernel upgrade; Download 3.16.68-2 kernel from Azure Storage
[201803] Upgrade kernel from 3.16.68-2 to 3.16.74-1
Note: Check builds failing due to saithrift issue, which is fixed here: #3576.
sonic-swss:
* 67f7191 2019-06-20 | Set timer only when interval changes. Not in each firing of the timer. (#945) (HEAD -> 201803, origin/201803) [Renuka Manavalan]
* 2cae61b 2019-07-07 | Fix: crash while destructing crmorch (#731) (#949) [Renuka Manavalan]
sonic-swss-common:
* 58b1930 2019-07-07 | Add an assert to logger, which will log a message and abort. (#286) (#287) (HEAD -> 201803, origin/201803) [Renuka Manavalan]
- What I did
Currently when the system is under memory pressure, the OOM killer kicks in and kills a rogue process. Killing a rogue process can cause the device to be un-healthy leading to blackholing of the traffic.
To avoid this, configure the OOM to do a kernel panic which will cause the device to reboot and come back up healthy.
- How I did it
Added the sysctl variable panic_on_oom and set the value to 2.
Setting it to 2 will ensure OOM killer to always do a kernel panic.
* [logrotate] Decrease frequency to every 10 minutes; kill any lingering logrotate processes
* [logrotate] Decrease usable space to 90%; Delete all *.1.gz files as firstaction
* Change URL for isc-dhcp source repository
* Port upstream patches to isc-dhcp-relay to support upstream/downstream interfaces
* Modify supervisor conf to generate dhcrelay commands with '-id' and '-iu' options
* Comments; Also clean up jinja2 syntax
* Patch relay to open one socket per interface and send to all servers on all upstream interfaces
* Patch relay agent to properly forward BOOTREQUEST only on appropriate interfaace if it is a directed broadcast
* Update patch to properly support interfaces with multiple IP addresses assigned
* Pass --enable-use-sockets to configure instead of uncommenting USE_SOCKETS directly
* Switch the nss look up order as "compat" followed by "tacplus".
This helps use the legacy passwd file for user info and go to tacacs only if not found.
This means, we never contact tacacs for local users like "admin".
This isolates local users from any issues with tacacs servers.
W/o this fix, the sudo commands by local users could take <count of servers> * <tacacs timeout> seconds, if the tacacs servers are unreachable.
* Skip tacacs server access for local non-tacacs users.
Revert the order of 'compat tacplus' to original 'tacplus compat' as tacplus
access is required for all tacacs users, who also get created locally.
Downport of
54f137c105
According to 6.4.15 of IEEE 802.1AX-2014, Figure 6-22, the state that the
port is selected moves MUX state from DETACHED to ATTACHED.
But ATTACHED state does not mean that the port can send and receive user
frames. COLLECTING_DISTRIBUTION state is the state that the port can send
and receive user frames. To move MUX state from ATTACHED to
COLLECTING_DISTRIBUTION, the partner state should be sync as well as the
port selected.
In function lacp_port_actor_update(), only INFO_STATE_SYNCHRONIZATION
should be set to the actor.state when the port is selected.
INFO_STATE_COLLECTING and INFO_STATE_DISTRIBUTING should be set to false
with ATTACHED mode and set to true when INFO_STATE_SYNCHRONIZATION of
partner.state is set.
In function lacp_port_should_be_{enabled, disabled}(), we also need to
check the INFO_STATE_SYNCHRONIZATION bit of partner.state.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
* [201803][apt] Point to archive.debian.org for jessie-backports; remove jessie-updates
* Add no-check-valid-until for apt in base image
* Add no-check-valid-until for apt in docker-base
* [sonic-slave] Remove jessie-backports, as it is unused in the slave container
This driver should be loaded by sonic service. If kernel tries to load
it, the driver would be loaded with default parameters, which is not
right for sonic.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* Add process exit listeners to syncd containers so that containers stop upon unexpected critical process exit
* swss.service unit file now starts both swss and syncd containers as ExecStartPre steps, and for ExecStart, it indefinitely checks that the containers are running
* Add 'docker-wait-any' script, use it to wait for containers to exit
