Commit Graph

49 Commits

Author SHA1 Message Date
xumia
7aa8a021ea
Support readonly vtysh for sudoers (#7383) (#7572)
* Support readonly vtysh for sudoers (#7383)

Why I did it
Support readonly version of the command vtysh

How I did it
Check if the command starting with "show", and verify only contains single command in script.

* Fix the type issue in rvtysh
2021-05-19 09:02:16 +08:00
Joe LeVeque
72b32a96fc
[201911][dockers][supervisor] Increase event buffer size for process exit listener (#7106)
Backport of https://github.com/Azure/sonic-buildimage/pull/7083 to the 201911 branch.

#### Why I did it

To prevent error [messages](https://dev.azure.com/mssonic/build/_build/results?buildId=2254&view=logs&j=9a13fbcd-e92d-583c-2f89-d81f90cac1fd&t=739db6ba-1b35-5485-5697-de102068d650&l=802) like the following from being logged:

```
Mar 17 02:33:48.523153 vlab-01 INFO swss#supervisord 2021-03-17 02:33:48,518 ERRO pool supervisor-proc-exit-listener event buffer overflowed, discarding event 46
```

This is basically an addendum to https://github.com/Azure/sonic-buildimage/pull/5247, which increased the event buffer size for dependent-startup. While supervisor-proc-exit-listener doesn't subscribe to as many events as dependent-startup, there is still a chance some containers (like swss, as in the example above) have enough processes running to cause an overflow of the default buffer size of 10.

This is especially important for preventing erroneous log_analyzer failures in the sonic-mgmt repo regression tests, which have started occasionally causing PR check builds to fail. Example [here](https://dev.azure.com/mssonic/build/_build/results?buildId=2254&view=logs&j=9a13fbcd-e92d-583c-2f89-d81f90cac1fd&t=739db6ba-1b35-5485-5697-de102068d650&l=802).

I set all supervisor-proc-exit-listener event buffer sizes to 1024, and also updated all dependent-startup event buffer sizes to 1024, as well, to keep things simple, unified, and allow headroom so that we will not need to adjust these values frequently, if at all.
2021-03-29 10:07:43 -07:00
Tamer Ahmed
fd3e0b4c58 [frr] Reduce Calls to SONiC Cfggen (#5176)
Calls to sonic-cfggen is CPU expensive. This PR reduces calls to
sonic-cfggen to two calls during startup when starting frr service.

singed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
yozhao101
c2364cf03e
[201911][dockers] Update critical_processes file syntax (#4854)
Backport of https://github.com/Azure/sonic-buildimage/pull/4831 to the 201911 branch
2020-06-26 11:37:05 -07:00
yozhao101
5c8c4b2a50 [Services] Restart BGP service upon unexpected critical process exit. (#4207) 2020-03-03 19:19:44 -08:00
pavel-shirshov
d5af096f41
[TSA]: Add community to the loopback prefix, when isolated (#3708)
* Rename asn/deployment_id_asn_map.yaml to constants/constants.yaml

* Fix bgp templates

* Add community for loopback when bgpd is isolated

* Use correct community value
2019-11-06 16:07:28 -08:00
pavel-shirshov
7af546908f
[bgp]: Fix isolate/unisolate command for ipv6 peers (#3183)
* Fix isolate/unisolate command for ipv6 peers
2019-07-18 16:34:26 -07:00
Prince Sunny
231d309b69
Generate interface table to have an entry designated to default VRF. (#2848)
* Generate default VRF table for router interfaces

* Updated jinja2 template to have prefix filter
2019-06-10 14:02:55 -07:00
pavel-shirshov
602369126c [docker-fpm-quagga]: Add support for PeerAsn and UpdateAddress (#2766) 2019-04-10 21:50:36 -07:00
Ying Xie
af64fd66d2 [bgp quagga] increase BGP graceful restart timeout to 240 seconds (#2754)
There are some platforms with less powerful CPU/hard-drive could take
longer to get ready for BGP. For these platforms, 240 seconds would be
a safer threshold.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-10 19:13:03 -07:00
Ying Xie
d9c076dada [quagga bgp] set quagga graceful restart timeout to 180 seconds (#2362)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2018-12-08 11:38:31 -08:00
Rodny Molina
196d9f5f8a [quagga]: Adjusting bgp jinja template and quagga's supervisord (#2291)
There are two minor changes in this PR:

* Adjust quagga's jinja template to enable bgp-gr functionality by default. Currently is only applicable to those devices tagged as TOR/T0.

* Ensure that no bgp-notification is sent out to remote-peers during bgpd shutdown events. The goal here is to make sure that remote-peers kick off bgp-gr-helper logic (i.e. retain restarting-router state), which can be only achieved if an ungraceful-shutdown (tcp pipe/socket down) is perceived. There are other approaches to accomplish this goal, such as draft-ietf-idr-bgp-gr-notification, but this one hasn't been implemented yet by Quagga/FRR.

Signed-off-by: Rodny Molina <rmolina@linkedin.com>
2018-11-27 00:39:38 -08:00
zhenggen-xu
51a76614a3 Restore neighbor table to kernel during system warm-reboot (#2213)
* Restore neighbor table to kernel during system warm-reboot

Added a service: "restore_neighbors" to restore neighbor table into
kernel during system warm reboot. The service is started by supervisord
in swss docker when the docker is started.

In case system warm reboot is enabled, it will try to restore the neighbor
table from appDB into kernel through netlink API calls and update the neighbor
table by sending arp/ns requests to all neighbor entries, then it sets the
stateDB flag for neighsyncd to continue the reconciliation process.

-- Added tcpdump python-scapy debian package into orchagent and vs dockers.
-- Added python module: pyroute2 netifaces into orchagent and vc dockers.
-- Workarounded tcpdump issue in the vs docker

Signed-off-by: Zhenggen Xu <zxu@linkedin.com>

* Move the restore_neighbors.py to sonic-swss submodule
Made changes to makefiles accordingly

Make dockerfile.j2 changes and supervisord config changes

Add python monotonic lib for time access

Signed-off-by: Zhenggen Xu <zxu@linkedin.com>

* Added PYTHON_SWSSCOMMON as swss runtime dependency

Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
2018-11-09 17:06:09 -08:00
Taoyu Li
6a37365d93 [zebra.conf] Avoid zebra crash upon empty configuration (#2203) 2018-10-28 22:32:31 -07:00
lguohan
f3ca7c422f
[rsyslog]: use # to separate container name and program name in syslog message (#1918)
Previously use / to separate container name and program name.

However, in rsyslogd:

Precisely, the programname is terminated by either (whichever occurs first):

end of tag
nonprintable character
‘:’
‘[‘
‘/’
The above definition has been taken from the FreeBSD syslogd sources.

Signed-off-by: Guohan Lu <gulv@microsoft.com>
2018-08-12 22:23:58 -07:00
Qi Luo
7ba08e5bf6
Prefix docker container name to syslog syslogtag (program name) (#1810) 2018-06-25 10:48:42 -07:00
pavel-shirshov
a2a6aead4c [bgp]: Enable bgp soft-reconfiguration inbound for quagga templates (#1803)
* Enable bgp soft-reconfiguration inbound for quagga templates
2018-06-22 18:04:18 -07:00
pavel-shirshov
bbca58329b
Manually send SIGHUP to vtysh when the current session was disconnected (#1801)
* Manually send SIGHUP to vtysh when the current session was disconnected

* Address comments
2018-06-20 12:15:09 -07:00
Qi Luo
1c8bacb007
Fix comment typos (#1794)
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2018-06-14 21:53:31 -07:00
pavel-shirshov
fae346f586
Don't create a pty to run vtysh inside of the docker container (#1792) 2018-06-14 12:11:29 -07:00
Joe LeVeque
832be7b8f4
[dockers] Prevent apt-get from installing suggested and recommended packages by default (#1666)
* [docker-base] Instruct apt-get to NOT install 'recommended' or 'suggested' packages

* Modify docker-fpm-quagga, docker-snmp-sv2 and docker-sonic-vs Dockerfile templates in order to properly install .deb dependencies

* REDIS_SERVER depends on REDIS_TOOLS; ensure REDIS_TOOLS is always installed before REDIS_SERVER
2018-05-02 11:46:21 -07:00
Taoyu Li
bebb7a0fa2 [zebra.conf] Fix template issue with multiple lo addresses (#1662)
* [zebra.conf] Fix template issue with multiple lo addresses

* Add unitest for Loopback1
2018-05-01 20:53:47 -07:00
pavel-shirshov
1ae4db3af7
Quagga: Use bgp keepalive and holdtime timers from configdb (#1661) 2018-04-30 16:52:22 -07:00
pavel-shirshov
f43580492f
quagga container processes could be restarted within a second (#1541) 2018-03-28 12:34:46 -07:00
Joe LeVeque
e1cb2ace36 [base image files] All 'docker exec' wrapper scripts now dynamically adjust their flags depending on whether or not they are run on a terminal (#1507) 2018-03-17 00:43:29 -07:00
Taoyu Li
dd7e9240c8 [dockers] Remove dependency to minigraph (#1179)
* Remove dependency to minigraph

* Remove -m in swssconfig.sh
2017-11-23 16:31:37 -08:00
nikos-li
f18ed0d35c [bgp]: Auto-completion, help (?), cmd navigation (up arrow) not working in vtysh on host system. (#1124) 2017-11-13 09:39:10 -08:00
Taoyu Li
8bc6b55331 [bgpd.conf] Fix template issue with multiple lo addresses (#1060) 2017-10-20 07:15:11 -07:00
Taoyu Li
7a0a2ea5d0 [bgpd.conf] Advertise /64 prefix for ipv6 lo addresses (#1050) 2017-10-17 18:28:27 -07:00
pavel-shirshov
9139c7fe64 Always start with Forwarding State flag set for bgpd (#963) 2017-09-19 12:27:18 -07:00
Shuotian Cheng
aa549f208c [bgp]: Fix the deployment_id with DEVICE_METADATA (#962) 2017-09-18 13:04:29 -07:00
Taoyu Li
2e3975d6ed [config] Fix an issue that bgp asn data type is not consistent (#953)
* Fix an issue that bgp asn data type is not consistent from minigraph parser and DB

* Fix test typo
2017-09-13 21:23:06 -07:00
Taoyu Li
c9cc7aea41 [configdb] Migrate minigraph configurations to DB (#942)
Modify minigraph parser output format so it fit DB schema
Modify configuration templates to fit new schema
Systemd services dependencies are modified so database starts before any configuration consumer
2017-09-12 14:13:27 -07:00
sihuihan88
127a73aac3 [quagga]: Disable ipv4 over ipv6 and enable ipv6 over ipv4 peer group (#922)
* [bgpd]:disable ipv4 over ipv6 and enable ipv6 over ipv4 peer group

* update as comments
2017-08-30 13:06:02 -07:00
Taoyu Li
e4502527d0 Revert "Migrate DEVICE_METADATA to db (#919)" (#928)
This reverts commit 44502b217b.
2017-08-29 17:03:31 -07:00
Taoyu Li
44502b217b Migrate DEVICE_METADATA to db (#919) 2017-08-29 10:47:25 -07:00
Joe LeVeque
ed66588473 [docker-fpm-quagga]: Manage Quagga processes (zebra, bgpd) using supervisor instead of watchquagga (#900) 2017-08-21 13:55:59 -07:00
zhenggen-xu
c52e876697 Fix the network command for ipv6 vlan interfaces (#894) 2017-08-16 21:12:32 -07:00
Taoyu Li
a2fe0212be [ConfigDB] Move all BGP configuration into DB (#861)
- BGP data read from minigraph.py now match DB schema
- BGP templates are updated
- bgpcfgd can now deal with runtime neighbor create/delete
2017-08-08 16:23:58 -07:00
Taoyu Li
b6efe438b5 Introduce ConfigDB (#808)
* [cfggen] Support reading from and writing to configdb
* [bgp] Move bgp_admin_state to configdb, support dynamic admin state change
* [sonic-utilities] Adapt configDB for admin status, support config save and config load
2017-08-01 19:02:00 -07:00
sihuihan88
1176508858 [bgpd]: support multiple peer range in single peer group (#807) 2017-07-13 15:03:10 -07:00
Joe LeVeque
f49cac086f Remove extra trailing newlines at EOF (#804)
Files now end with a single newline
2017-07-12 20:54:37 -07:00
lguohan
4bdcac8e4f [bgp]: move allowas-in into ipv6 section to enable allowas-in for ipv6 (#741) 2017-06-22 19:50:24 -07:00
sihuihan88
3268946de5 [BGPD]: add bgp dynamic neighbor configuration (#708)
* add bgp dynamic neighbor configuration

* [bgpd]: update as comments

* update as comment

* update to deployment_id_asn_map

* minor change
2017-06-21 18:52:50 -07:00
Taoyu Li
95906a6490 [installer] Copy old config files rather than only minigraph (#730) 2017-06-21 11:02:25 -07:00
Taoyu Li
5e6620e19e [bgp] Save bgp admin state (#690)
* [bgp] Save admin state and set default state to shutdown

* Set default behavior to no shutdown

* Add build option SHUTDOWN_BGP_ON_START

* Script change for default admin state to be on

* Address CR comments to bgp_neighbor script

* Fix script bug
2017-06-12 11:05:22 -07:00
Joe LeVeque
d5c13c0a83 [dockers]: Disable autorestart on all supervisor processes inside containers (#580) 2017-05-09 17:37:08 -07:00
Joe LeVeque
8f348399f5 [Dockers]: Manage all Docker containers with Supervisord (#573)
- Consolidate config.sh and start.sh scripts into one script (start.sh)
 - Solve issue #435 - All dockers now run supervisord as their ENTRYPOINT
 - All stdout/stderr output from processes managed by supervisord is now sent to syslog instead of their own files
 - Supervisord log messages are now also sent to syslog
 - Removed unused smartmontools package from docker-platform-monitor
2017-05-08 15:43:31 -07:00
Rodny Molina
d30fbf1d72 [build]: Adding support for Free-Range-Routing stack. (#510)
- Extending SONiC building infrastructure to provide users
           with greater flexibility, by allowing them to elect a
           routing-stack different than the default one (quagga). The desired
           routing-stack will be defined in rules/config file.

         - As part of these changes I'm adding support for
           Free-Range-Routing (FRR) stack. Quagga will continue to be
           the default routing-stack.

Signed-off-by: Rodny Molina <rodny@linkedin.com>
2017-04-20 09:12:27 -07:00