Commit Graph

25 Commits

Author SHA1 Message Date
Tejaswini Chadaga
8058550c09
[bgp]: Add sudo check for TSA/B/C command execution (#15288)
TSA/B/C scripts invoke commands that require root permissions. If the user does not have sudo permissions, the scripts today execute until the command and throw a backtrace with error at the specific command. Added a check to ensure the operations check for root permissions upfront.
2023-06-03 23:47:26 +02:00
Tejaswini Chadaga
ca224863cb
Changes to support TSA from supervisor (#14691)
Why I did it
Support for SONIC chassis isolation using TSA and un-isolation using TSB from supervisor module

Work item tracking
Microsoft ADO (number only): 17826134
How I did it
When TSA is run on the supervisor, it triggers TSA on each of the linecards using the secure rexec infrastructure introduced in sonic-net/sonic-utilities#2701. User password is requested to allow secure login to linecards through ssh, before execution of TSA/TSB on the linecards

TSA of the chassis withdraws routes from all the external BGP neighbors on each linecard, in order to isolate the entire chassis. No route withdrawal is done from the internal BGP sessions between the linecards to prevent transient drops during internal route deletion. With these changes, complete isolation of a single linecard using TSA will not be possible (a separate CLI/script option will be introduced at a later time to achieve this)

Changes also include no-stats option with TSC for quick retrieval of the current system isolation state

This PR also reverts changes in #11403

How to verify it
These changes have a dependency on sonic-net/sonic-utilities#2701 for testing

Run TSA from supervisor module and ensure transition to Maintenance mode on each linecard
Verify that all routes are withdrawn from eBGP neighbors on all linecards
Run TSB from supervisor module and ensure transition to Normal mode on each linecard
Verify that all routes are re-advertised from eBGP neighbors on all linecards
Run TSC no-stats from supervisor and verify that just the system maintenance state is returned from all linecards
2023-04-28 16:28:06 +08:00
tjchadaga
cdd2786117
Fix for TSA error logging on multi-asic (#11519) 2022-07-30 22:16:58 -07:00
tjchadaga
077a537b14
Log message fix for TSB (#11441) 2022-07-14 12:26:58 -07:00
tjchadaga
849eb4bf32
Changes to persist TSA/B state across reloads (#11257) 2022-07-12 00:22:48 -07:00
Longxiang Lyu
49a036e90c
Add dualtor TSA/B/C support (#9726)
Why I did it
Add TSA/B/C dualtor support

Signed-off-by: Longxiang Lyu lolv@microsoft.com

How I did it
For TSA, toggle all the mux to standby if the device type is dualtor and there are active mux ports.
For TSC, add mux status output.

How to verify it
Run TSA/B/C on a dualtor setup
2022-01-25 10:50:29 +08:00
yozhao101
1a3cab43ac
[Monit] Deprecate the feature of monitoring the critical processes by Monit (#7676)
Signed-off-by: Yong Zhao yozhao@microsoft.com

Why I did it
Currently we leveraged the Supervisor to monitor the running status of critical processes in each container and it is more reliable and flexible than doing the monitoring by Monit. So we removed the functionality of monitoring the critical processes by Monit.

How I did it
I removed the script process_checker and corresponding Monit configuration entries of critical processes.

How to verify it
I verified this on the device str-7260cx3-acs-1.
2021-06-04 10:16:53 -07:00
xumia
9387350e19
Fix the type issue in rvtysh (#7648)
Why I did it
Change the type issue in the command rvtysh
change PARA/para to PARAM/param
2021-05-20 21:35:23 +08:00
xumia
56bdd750ab
Support readonly vtysh for sudoers (#7383)
Why I did it
Support readonly version of the command vtysh

How I did it
Check if the command starting with "show", and verify only contains single command in script.
2021-04-25 16:32:02 +08:00
judyjoseph
ad88700912
[docker-fpm-frr]: TSA/B/C changes for multi-asic (#6510)
- Introduced TS common file in docker as well and moved common functions.
- TSA/B/C scripts run only in BGP instances for front end ASICs.
       In addition skip enforcing it on route maps used between internal BGP sessions.

admin@str--acs-1:~$ sudo /usr/bin/TSA
System Mode: Normal -> Maintenance

and in case of Multi-ASIC
admin@str--acs-1:~$ sudo /usr/bin/TSA
BGP0 : System Mode: Normal -> Maintenance
BGP1 : System Mode: Normal -> Maintenance
BGP2 : System Mode: Normal -> Maintenance
2021-02-12 10:56:44 -08:00
Longxiang Lyu
385dfc4921
[monit] Fix status error due to shebang change (#5865)
lldpmgrd, bgpcfgd, and bgpmon are reported error status not running due
to recent change of shebang to use `Python3`. Modifying the argument of
`process_checker` to follow this change.

Signed-off-by: Longxiang Lyu <lolv@microsoft.com>
2020-11-09 01:52:22 -08:00
abdosi
dddf96933c
[monit] Adding patch to enhance syslog error message generation for monit alert action when status is failed. (#5720)
Why/How I did:

Make sure first error syslog is triggered based on FAULT TOLERANCE condition.

Added support of repeat clause with alert action. This is used as trigger
for generation of periodic syslog error messages if error is persistent

Updated the monit conf files with repeat every x cycles for the alert action
2020-10-31 17:29:49 -07:00
Nazarii Hnydyn
79bda7d0d6
[monit]: Fix process checker. (#5480)
Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
2020-09-29 17:23:09 -07:00
arlakshm
e3a0feaa47
Vtysh support for multi asic (#5479)
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2020-09-29 12:39:53 -07:00
yozhao101
13cec4c486
[Monit] Unmonitor the processes in containers which are disabled. (#5153)
We want to let Monit to unmonitor the processes in containers which are disabled in `FEATURE` table such that
Monit will not generate false alerting messages into the syslog.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>
2020-09-25 00:28:28 -07:00
Joe LeVeque
3987cbd80a
[sonic-utilities] Build and install as a Python wheel package (#5409)
We are moving toward building all Python packages for SONiC as wheel packages rather than Debian packages. This will also allow us to more easily transition to Python 3.

Python files are now packaged in "sonic-utilities" Pyhton wheel. Data files are now packaged in "sonic-utilities-data" Debian package.

**- How I did it**
- Build and install sonic-utilities as a Python package
- Remove explicit installation of wheel dependencies, as these will now get installed implicitly by pip when installing sonic-utilities as a wheel
- Build and install new sonic-utilities-data package to install data files required by sonic-utilities applications
- Update all references to sonic-utilities scripts/entrypoints to either reference the new /usr/local/bin/ location or remove absolute path entirely where applicable

Submodule updates:

* src/sonic-utilities aa27dd9...2244d7b (5):
  > Support building sonic-utilities as a Python wheel package instead of a Debian package (#1122)
  > [consutil] Display remote device name in show command (#1120)
  > [vrf] fix check state_db error when vrf moving (#1119)
  > [consutil] Fix issue where the ConfigDBConnector's reference is missing (#1117)
  > Update to make config load/reload backward compatible. (#1115)

* src/sonic-ztp dd025bc...911d622 (1):
  > Update paths to reflect new sonic-utilities install location, /usr/local/bin/ (#19)
2020-09-20 20:16:42 -07:00
gechiang
128def6969
Add bgpmon to be started as a new daemon under BGP docker (#5329)
* Add bgpmon under sonic-bgpcfgd to be started as a new daemon under BGP docker

* Added bgpmon to be monitored by Monit so that if it crashed, it gets alerted

* use console_scripts entry point to package bgpmon
2020-09-20 14:32:09 -07:00
pavel-shirshov
0d863c39ac
[bgpcfgd]: make a package for bgpcfgd (#4813) 2020-06-20 21:01:24 -07:00
yozhao101
b7e48b422f [Services] Allow monit system tool to monitor the critical processes status running in various SONiC containers. (#3940)
* Add a monit config file for teamd container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* Add a copy mechanism to put the monit config file in teamd container
into base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* Add a monit config file for snmp container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* Add a copy mechanism to put the monit config file of snmp container into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* Add a monit config file for dhcp_relay container in the dir
base_image_files.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* Add a copy mechanism to put the monit config file of dhcp_relay
container into base image under /etc/monit/conf.d.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* Add a monit config file for router advertiser container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* Add a copy mechanism to put the monit config file of router advertiser
contianer into base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-Pmon] Add a monit config file for pmon container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-Pmon] Add a copy mechanism to put the monit config file into the
base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-lldp] Add a monit config file for lldp container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-lldp] Add a copy mechanism to put the monit config file into the
base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-bgp] Add a monit config file for BGP container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-bgp] Add a copy mechanism to put monit config file into the base
image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-swss] Add a monit config file for the swss container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-swss] Add a copy mechanism to put monit config file into the
base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a monit config file for syncd container on barefoot
platform.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image on barefoot.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a monit config file for syncd container on broadcom.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image on broadcom.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a monit config file for syncd container on cavium.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-centec] Add a monit config file for syncd container on centen
platform.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a monit config file for syncd container on centen
platform.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a monit config file for syncd container on marvell.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a copy mechanism to put the monit conifg file into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a monit config file for syncd container on
marvell-arm64.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image on marvell-arm64.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a monit config file for syncd container on
marvell-armhf.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a monit config file for syncd container on mellanox.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a monit config file for syncd container on nephos.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-sflow] Add a monit config file for sflow container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-sflow] Add a copy mechanism to put the monit conifg file into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-telemetry] Add a monit config file for telemetry container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-telemetry] Add a copy mechanism to put the monit config file
into the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-database] Add a monit config file for database container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-database] Add a copy mechanism to put the monit config file into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-Dhcprelay] Change a typo.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-Dhcprelay] Change the process name in monit config file to
dhcrelay.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] There is no desserve process in syncd container on
barefoot.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] There is no process desserve in syncd container on
cavium.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] There is no process named desserve in syncd on centec.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] There is no process named desserve in syncd on marvell.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Should not delete the process desserve in syncd container
on marvell.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Delete the process dsserve in syncd on marvell.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Delete the process dsserve in syncd container on
marvell-arm64.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Delete the process dsserve in syncd container on
marvell-armhf.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Delete the process dsserve in syncd container on
mellanox.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-Radv] Change the process name to radvd.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-telemetry] Correct a typo in monit_telemetry.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-teamd] Delete the monit config file for teamd.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-teamd] Delete the mechanism to copy the monit config file into
base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-dhcprelay] Delete the monit config file for dhcp_relay
container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-dhcprelay] Delete the mechanism to copy the monit config file
into the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-radv] Delete the monit config file foe radv container.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-radv] Delete the mechanism to copy the monit config file into
the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-bgp] change the monit config file for BGP container such that
monit only generates alert if the process is not running for 5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-snmp] Change the monit config file for snmp container such that
monit only generates alret if the process is not running for 5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-pmon] Change the monit config file for pmon container such that
monit only generates alert if the processes are not running for 5
minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-lldp] Change the monit config file for lldp container such that
monit only generates alerts if some processes are not running for 5
minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-pmon] Delete the monit config file for pmon container since some
of processes are not running depended on the type of box.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-pmon] Delete the copy mechanism to copy the monit config file
into the base image.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-lldp] Change the matching name for the process lldpd.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-swss] Change the monit config file for swss container such that
monit only generates alerts if the processes are not running for 5
minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Change the monit config file for syncd container on
barefoot such that monit only generates alerts if the process is not
running for 5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Correct a typo in monit config file.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Change the monit config file for syncd container on
broadcom such that monit only generates alerts if the processes are not
running for 5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Change the monit config file for syncd container on
cavium such that monit only generates alerts if the process is not
running for 5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Change the monit config file for syncd container such
that monit only generates alerts if the process is not running for 5
minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Change the monit config file for syncd container on
marvell such that monit only generates alerts if the process is not
running for 5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Change the monit config file for syncd container on
marvell-arm64 such that monit only generates alerts if the process is
not running for 5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Change the monit config file for syncd container on
marvell-armhf such that monit will generate alert if the process is not
running for 5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Change the monit config file for syncd container on
mellanox such that monit only generates alerts if the process is not
running for 5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-sycnd] Change the monit config file for syncd container such
that monit only generates alerts if the processes are not running for 5
minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-sflow] Change the monit config file for sflow container such
that monit only generates alerts if the process is not running for 5
minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-telemetry] Change the monit config file for telemetry container
such that monit only generates alerts if the processes are not running
for 5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-database] Change the monit config file for database container
such that monit only generates alerts if the process is not running for
5 minutes.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-database] Use 4 spaces to replace 2 spaces in monit config file.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-bgp] Use 4 spcess to replace 2 spaces in monit config file.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-lldp] Use 4 spaces to replace 2 spaces in monit config file.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-swss] Use 4 spaces to replace 2 space in monit config file.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-sflow] Use 4 spaces to replace 2 spaces in monit config file.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-snmp] Use 4 spaces to replace 2 spaces in monit config file.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-telemetry] Use 4 spaces to replace 2 spaces in monit config
file.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on barefoot.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on broadcom.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on cavium.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on centec.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on marvell.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on mellanox.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-syncd] Use 4 spaces to repalce 2 spaces in the monit config file
on nephos.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>

* [Docker-bgp] Remove the trailing extra spaces in monit config file.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>
2020-01-10 16:21:02 -08:00
pavel-shirshov
b4517b9591
[bgp]: Implement Universal Traffic Shift for SONiC (#3209)
* [bgp]: Implement Universal Traffic Shift for SONiC

* Fix issue with ipv6 loopback match

* Add tests
2019-07-26 14:31:56 -07:00
pavel-shirshov
bbca58329b
Manually send SIGHUP to vtysh when the current session was disconnected (#1801)
* Manually send SIGHUP to vtysh when the current session was disconnected

* Address comments
2018-06-20 12:15:09 -07:00
pavel-shirshov
fae346f586
Don't create a pty to run vtysh inside of the docker container (#1792) 2018-06-14 12:11:29 -07:00
Joe LeVeque
e1cb2ace36 [base image files] All 'docker exec' wrapper scripts now dynamically adjust their flags depending on whether or not they are run on a terminal (#1507) 2018-03-17 00:43:29 -07:00
nikos-li
f18ed0d35c [bgp]: Auto-completion, help (?), cmd navigation (up arrow) not working in vtysh on host system. (#1124) 2017-11-13 09:39:10 -08:00
Rodny Molina
d30fbf1d72 [build]: Adding support for Free-Range-Routing stack. (#510)
- Extending SONiC building infrastructure to provide users
           with greater flexibility, by allowing them to elect a
           routing-stack different than the default one (quagga). The desired
           routing-stack will be defined in rules/config file.

         - As part of these changes I'm adding support for
           Free-Range-Routing (FRR) stack. Quagga will continue to be
           the default routing-stack.

Signed-off-by: Rodny Molina <rodny@linkedin.com>
2017-04-20 09:12:27 -07:00