#### Why I did it
When too many user login concurrently and run commands, SONiC may kernel panic on some device which has very limited memory.
#### How I did it
Add j2 template for setup pam_limit plugin for limit SSH session per-user.
#### How to verify it
Manually validate the j2 template can generate correct config file.
#### Which release branch to backport (provide reason below if selected)
- [x] 201811
- [ ] 201911
- [ ] 202006
- [x] 202012
- [x] 202106
- [x] 202111
#### Description for the changelog
Add j2 template for setup pam_limit plugin for limit SSH session per-user.
#### A picture of a cute animal (not mandatory but encouraged)
Why I did it
This was an ask by Microsoft to provide:
7260 config.bcm file for hardware sku Arista-7260CX3-D92C16 (Named Arista-7260CX3-D96C16).
There are 16 100G uplinks:
Ethernet13-20/1
Ethernet45-52/1
All other ports are breakout to 2 50G ports.
How I did it
Copied existing Arista-7260CX3-D108C8 HWSKU and altered the bcm.config and port_config.ini files.
How to verify it
The new 100G ports do come up with a 201811 image using this HWSKU.
Co-authored-by: Zhi Yuan (Carl) Zhao <zyzhao@arista.com>
Why I did it
sshd overrides user password with a bad one, when pre-auth fails.
Refer PR #9123 for more details
How I did it
Manual cherry pick of PR #9123
How to verify it
Pick a user alias that has not logged into the switch yet
Add this alias to /etc/tacplus_user
Attempt to login as that user
Look for the error message in /var/log/syslog
e.g. "Feb 18 19:16:41.592191 sonic ERR sshd[5233]: auth fail: Password incorrect. user: user_xyz"
Why I did it
There is a small window between load & listen to config-DB. If TACACS config got updated during that gap, the listen will not show it, hence hostcfgd would miss it, until another update.
How I did it
porting PR #8223, which uses one shot timer to reload tacacs config.
Why I did it
Fix some unreliability seen on emmc device with some AMD CPUs
How I did it
Added a kernel parameter to add quirks to
It depends on a sonic-linux-kernel change to work properly but will be a no-op without it.
Description for the changelog
Add emmc quirks for Upperlake
* dhcp6relay: Save the dbgsym package into the target folder (#9013)
This makes it possible to install the debug symbols if needed. Also install
the package into the debug version of sonic-dhcp-relay container.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* Package debugging and hardening for dhcpmon and dhcp6relay (#9862)
Enable dbgsym package for dhcpmon.
Allow CFLAGS and LDFLAGS from environment variables to be used
in the dhcp6relay build. This makes sure that the -O2 flag from
dpkg-buildflags gets used.
Finally, enable all hardening flags in dpkg-buildflags for
dhcp6relay and dhcpmon. The change from the default set of flags is that
during linking, immediate binding of symbols is done instead of lazy
binding.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* [201811][dhcp] update debian build rules
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
Co-authored-by: Saikrishna Arcot <sarcot@microsoft.com>
[201811] Check platform reboot cause to see if any reset happened during fast/warm-reboot
Why I did it
To recover syncd and swss from any cold reset during fast/warm-reboot
How I did it
Check platform reboot-cause to see if any cold reset happens for fast-reboot power up
How to verify it
Manual test
Why I did it
DHCPv6 Relay information will be stored in DHCP_RELAY table instead of VLAN table in the future.
How I did it
Change dhcp_relay docker files to parse through DHCP_RELAY to check for dhcpv6 status
How to verify it
Build dhcp_relay docker and check all dhcp_relay and dhcpmon are running properly
Which release branch to backport (provide reason below if selected)
* Add DHCPv6 minigraph parsing support
Co-authored-by: shlomibitton <60430976+shlomibitton@users.noreply.github.com>
Logrotate for wtmp and btmp files to fix size getting too large. (#8744)
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
[201811][utilities][swss][snmpagent] advance sub module head
snmpagent
* 187aa10 2021-09-16 | [201811][RFC1213]: Initialize lag oid map in reinit_data (#233) (github/201811) [SuvarnaMeenakshi]
swss:
* 3503705 2021-09-05 | [201811][Cherry-pick] [acl mirror action] Mirror session ref count fix at acl rule attachment (#1898) (HEAD -> 201811, github/201811) [bingwang-ms]
utilities:
* f3f8667 2021-10-15 | [201811] disk_check.py: Allow remote user access when disk is read-only (#1873) (HEAD -> 201811, github/201811) [Renuka Manavalan]
* 6b351c9 2021-10-14 | [201811] Remove exec from platform_reboot_plugin call to handle any hang issue. (#1880) [Sujin Kang]
* d8d0461 2021-07-29 | [minigraph][port_config] Consume port_config.json while reloading minigraph (#1726) [Blueve]
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
[201811] Invoke disk check periodically (#8951)
* Invoke disk check periodically. (#7374)
Why I did it
Helps with periodic scan of disk for RO state.
If found, this script makes transient fix and raise error message.
Save DB dump after warm/fast reboot (#8913)
Back porting the master branch change - #8803
Save the redis DB dump after warm reboot.
[201811][swss] advance swss submodule head (#9049)
* e0b115a 2021-10-22 | [copp] add dhcpv6 copp rules (#1979) (HEAD -> 201811, github/201811) [Ying Xie]
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
[swssconfig] load dhcpv6 copp rules by default (#9047)
Why I did it
Need to enable DHCPv6 copp rule
How I did it
Add a separate DHCPv6 copp rule config file and load it during cold reboot.
How to verify it
cold reboot, and verify config being loaded and dhcpv6 rules got installed.
Signed-off-by: Ying Xie ying.xie@microsoft.com
[warmboot finalizer] load dhcpv6 copp rules when missing (#9048)
Why I did it
Need to enable DHCPv6 COPP rules.
How I did it
Load the separate DHCPv6 COPP rules after warm reboot if the rules are missing.
How to verify it
Warm reboot from an image doesn't have DHCPv6 COPP rules installed.
Warm reboot from an image have DHCPv6 COPP rules already installed.
In either case, the script did the right thing and only install the COPP rules if it is missing.
Signed-off-by: Ying Xie ying.xie@microsoft.com
Why I did it
Need to enable DHCPv6 COPP rules.
How I did it
Load the separate DHCPv6 COPP rules after warm reboot if the rules are missing.
How to verify it
Warm reboot from an image doesn't have DHCPv6 COPP rules installed.
Warm reboot from an image have DHCPv6 COPP rules already installed.
In either case, the script did the right thing and only install the COPP rules if it is missing.
Signed-off-by: Ying Xie ying.xie@microsoft.com
Why I did it
Need to enable DHCPv6 copp rule
How I did it
Add a separate DHCPv6 copp rule config file and load it during cold reboot.
How to verify it
cold reboot, and verify config being loaded and dhcpv6 rules got installed.
Signed-off-by: Ying Xie ying.xie@microsoft.com
* Invoke disk check periodically. (#7374)
Why I did it
Helps with periodic scan of disk for RO state.
If found, this script makes transient fix and raise error message.