Why I did it
Change the path of sonic submodules that point to "Azure" to point to "sonic-net"
How I did it
Replace "Azure" with "sonic-net" on all relevant paths of sonic submodules
* [logrotate] Decrease frequency to every 10 minutes; kill any lingering logrotate processes
* [logrotate] Decrease usable space to 90%; Delete all *.1.gz files as firstaction
* Switch the nss look up order as "compat" followed by "tacplus".
This helps use the legacy passwd file for user info and go to tacacs only if not found.
This means, we never contact tacacs for local users like "admin".
This isolates local users from any issues with tacacs servers.
W/o this fix, the sudo commands by local users could take <count of servers> * <tacacs timeout> seconds, if the tacacs servers are unreachable.
* Skip tacacs server access for local non-tacacs users.
Revert the order of 'compat tacplus' to original 'tacplus compat' as tacplus
access is required for all tacacs users, who also get created locally.
* [201803][apt] Point to archive.debian.org for jessie-backports; remove jessie-updates
* Add no-check-valid-until for apt in base image
* Add no-check-valid-until for apt in docker-base
* [sonic-slave] Remove jessie-backports, as it is unused in the slave container
This driver should be loaded by sonic service. If kernel tries to load
it, the driver would be loaded with default parameters, which is not
right for sonic.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* Add process exit listeners to syncd containers so that containers stop upon unexpected critical process exit
* swss.service unit file now starts both swss and syncd containers as ExecStartPre steps, and for ExecStart, it indefinitely checks that the containers are running
* Add 'docker-wait-any' script, use it to wait for containers to exit
* [service] Restart SwSS Docker container if orchagent exits unexpectedly
* [dhcp_relay] Use STATE_DB to determine whether interfaces are ready
* Supervisor now autorestarts rsyslogd upon unexpected exit
* Add other critical processes to event listener
* Make supervisor-proc-exit-listener script global, have it read from 'critical_processes' file inside container
* Add SwSS to 'WantedBy=' option of services which should be started along with SwSS
Need to build NTP 4.2.6 locally due to a Bug in NTP 4.2.6.
Changes:
1.) Remove 'apt-get ntp' step from build_debian.sh.
2.) Add NTP package as part of base image in slave.mk.
3.) NTP Makefile for Sonic Build System rules/ntp.mk.
4.) NTP Source Makefile src/ntp/Makefile.
5.) Patch to fix the issure src/ntp/patch.
Signed-off-by: Praveen Chaudhary<pchaudhary@linkedin.com>
* [src/ntp/Makefile]: DSC file URL points to sonic storage.
Signed-off-by: Praveen Chaudhary<pchaudhary@linkedin.com>
* [src/ntp/Makefile]: Changes to build with sonic blob.
* Fix redis-py version
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Update submodule sonic-py-swsssdk: Fix redis-py version to 2.10.6
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
Auto negotiating console speed could cause sonic to lock on a wrong
speed under rare conditions. The only way to come out of the wrong
speed is to issue line break or restart console service with forced
speed, or reboot sonic.
Lock down the console speed to avoid these situations.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
Flashes used for the 7050QX-32 and 7050QX-32S have a fw issue.
The best option to solve the problem is to upgrade to a newer firmware.
However this can only be done while in memory and take 10 seconds.
Adding an upgrade mechanism is possible but would need more
consideration as flashing the firmware and reformating the flash will
exceed the fast-reboot requirements.
A quick mitigation is to align the ext4 partition that we create on
these vfat based system on a 4k boundary.
Here we chose 1M instead but it's the same.
Newer version of sfdisk do this automatically but the one in SONiC
today doesn't have this behavior.
This workaround will only reduce the pace of the flash health
degradation. The only long term fix is to flash the firmware.
* Use MAC from EEPROM for PortChannels
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
* Use MAC from EEPROM in DEVICE_METADATA
Will affect MAC for VLAN interfaces
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
* Get MAC via decode-syseeprom
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
* hw-management is now a service
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
* Add error handling for MAC fetch process
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
On overlay filesystem the name of the mountpoint will also match in the
mount command for overlayfs as upperdir=
To prevent detecting the wrong partition we now look for space before.
This ensure that we match mountpoint and not devices in df and mount
outputs.
* Fix for bash's memory-leak
Memory leak is observed during the execution of scripts that make use of bash-arrays. In scenarios where the offending script is executed on a regular basis (e.g. fancontrol), the leaking process may end up consuming most of the system resources.
In this PR i'm replacing bash in all the contexts where it executes (both host and dockers). The official patch for this issue is here: https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-040
* Fixing minor issue during code-merge
Signed-off-by: Rodny Molina <rmolina@linkedin.com>
* [caclmgrd] Heuristically determine whether ACL is IPv4 or IPv6, use iptables/ip6tables accordingly
* Check all rules in table until we find one with a SRC_IP
* Revert "[serial watchdog] remove serial watchdog service dependency to rc.local (#1752)"
* Revert "[service] introducing serial port watchdog service (#1743)"
* [serial watchdog] remove serial watchdog service dependency to rc.local
When restarting this service in rc.local, the dependency causes an error
in syslog. Removing the dependency to mute the error log entry.
* remove lines with empty inputs
* [rc.local] refactor platform identification code to separate function
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [rc.local] infrastructure to take action according to installer.conf
* [serial port watchdog] add service to watch serial port processes
Monitor serial port processes. Kill ones stuck for too long.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [rc.local] start watchdog on serial port specified by installer.conf
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [fast-reboot]: support encoded & gzipped minigraph in fast reboot
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* add acl.json and snmp.yml into fast-reboot
Signed-off-by: Guohan Lu <gulv@microsoft.com>
cfggen generates new eth0 configuration. Need to first
clean existing configuration on eth0 before bring up
new configuration on eth0. Thus, we need to first bring
down eth0 before putting new configuration into /etc/network/
interfaces
Signed-off-by: Guohan Lu <gulv@microsoft.com>
