Commit Graph

2112 Commits

Author SHA1 Message Date
Renuka Manavalan
6d7ecc426c [hostcfgd] -- Fix the default for failthrough as false.
This implies that by default, if TACACS is configured properly and it reported auth_err, then don't try fail through to traditional unix authentication through /etc/passwd.

If this failthrough is intended, make it explicit through "sudo config aaa authentication failthrough enable"

Removed an unused variable "aaa.fallback"

Tested manually. Note the presence of 'auth_err=die' in all cases except when failthrough is explicitly enabled.

admin@str-s6000-acs-13:~$ sudo config aaa authentication failthrough default; date
Wed Apr  3 23:05:18 UTC 2019
admin@str-s6000-acs-13:~$ ls -lrt /etc/pam.d/common-auth-sonic ; grep 123 /etc/pam.d/common-auth-sonic
-rw-r--r-- 1 root root 1316 Apr  3 23:05 /etc/pam.d/common-auth-sonic
auth    [success=done new_authtok_reqd=done default=ignore auth_err=die]        pam_tacplus.so server=100.127.20.22:49 secret=testing123 login=login timeout=5 try_first_pass
auth    [success=done new_authtok_reqd=done default=ignore auth_err=die]        pam_tacplus.so server=100.127.20.21:49 secret=testing123 login=login timeout=5 try_first_pass

admin@str-s6000-acs-13:~$ sudo config aaa authentication failthrough enable; date ; h4 "AAA|authentication"
Wed Apr  3 23:06:37 UTC 2019
admin@str-s6000-acs-13:~$ ls -lrt /etc/pam.d/common-auth-sonic ; grep 123 /etc/pam.d/common-auth-sonic
-rw-r--r-- 1 root root 1294 Apr  3 23:06 /etc/pam.d/common-auth-sonic
auth    [success=done new_authtok_reqd=done default=ignore]     pam_tacplus.so server=100.127.20.22:49 secret=testing123 login=login timeout=5 try_first_pass
auth    [success=done new_authtok_reqd=done default=ignore]     pam_tacplus.so server=100.127.20.21:49 secret=testing123 login=login timeout=5 try_first_pass

admin@str-s6000-acs-13:~$ sudo config aaa authentication failthrough disable; date ; h4 "AAA|authentication"
Wed Apr  3 23:07:09 UTC 2019
admin@str-s6000-acs-13:~$ ls -lrt /etc/pam.d/common-auth-sonic ; grep 123 /etc/pam.d/common-auth-sonic
-rw-r--r-- 1 root root 1321 Apr  3 23:07 /etc/pam.d/common-auth-sonic
auth    [success=done new_authtok_reqd=done default=ignore auth_err=die]        pam_tacplus.so server=100.127.20.22:49 secret=testing123 login=login timeout=5 try_first_pass
auth    [success=done new_authtok_reqd=done default=ignore auth_err=die]        pam_tacplus.so server=100.127.20.21:49 secret=testing123 login=login timeout=5 try_first_pass
2019-04-03 23:16:56 +00:00
Renuka Manavalan
e65d9c5c88 Merge remote-tracking branch 'upstream/master'
Sync with upstream
2019-04-03 23:02:08 +00:00
Ying Xie
00a0f22f38
Revert "[teamd service] teamd service should start after syncd (#2724)" (#2733)
This reverts commit 0d1efb131c.
2019-04-03 08:20:44 -07:00
Shuotian Cheng
4791701752 [minigraph]: Mark both ERSPAN and ERSPANv6 as mirror ACL tables (#2732)
- Support ERSPAN and ERSPANv6 two types of ACL tables.
- Update the unit test to cover this case.

Signed-off-by: Shu0T1an ChenG <shuche@microsoft.com>
2019-04-02 16:59:00 -07:00
paavaanan
b56124bf48 removing dhcp- turn- off option from initrd (#2555)
* removing dhcp changes from initrd

* removing mgmt-intf-dhcp file
2019-04-02 15:48:04 -07:00
Ying Xie
fd3f61167d
[teamd] prevent re-entrance of port priv change handler (#2723)
When adding a lag member dynamically after system boots up, teamd
port priv change handler could re-entrant itself and causing adding
operation to fail.

While handling PORT_CHANGE event, teamd_per_port.c port priv change
handler was called, it will then call runner_lacp to add port to lag,
the later causes IFINFO_CHANGE to be notified and calls the priv change
handler again, this re-entrance would cause runner_lacp port_added to
be called again and messes up with the previous adding sequence. Then
fails the lag member adding operation.

Prevent per port priv change handler re-entrance solves the problem.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-01 16:51:30 -07:00
Ying Xie
0d1efb131c
[teamd service] teamd service should start after syncd (#2724)
* [teamd service] teamd service should start after syncd

Signed-off-by: Ying Xie <ying.xie@microsoft.com>

* combine after lines
2019-04-01 15:40:22 -07:00
Renuka Manavalan
e73f86dbd6 Merge remote-tracking branch 'upstream/master' 2019-04-01 20:34:26 +00:00
lguohan
b73f9a5b1d
[swss]: update swss docker to stretch (#2714)
* [swss]: update swss docker to stretch

sonic-swss update:

* aa92326 2019-03-29 | fix c++ 11 build complaint for destructors default to noexcept (#822) (HEAD, origin/master, origin/HEAD) [lguohan]
* a304007 2019-03-28 | Allow ACL entry creation without ACL counter (#818) [Wenda Ni]
* 60a8a0d 2019-03-28 | [orchagent]: Cast enum class variable to int (#819) (HEAD, origin/master, origin/HEAD) [Shuotian Cheng]
* 3dd37a4 2019-03-26 | [vnetorch]: Add VNET/tunnel/route removal flows for Bitmap VNET implementation (#816) [Volodymyr Samotiy]
* a937f92 2019-03-22 | [VS]: fix occasional test_fdb_notifications vs test failure (#813) [Jipan Yang]
* ea54825 2019-03-21 | [portsorch] Fix inconsistent return value in bindAclTable (#791) [yorke]
* 5984e3a 2019-03-07 | Fix orchagent SEGV when PortConfigDone not set (#803) [Ramesh Santhanakrishnan]

Signed-off-by: Guohan Lu <gulv@microsoft.com>
2019-03-30 11:57:25 -07:00
Qi Luo
9c83b5480d
[security] Do not generate ssh server keys for non RSA protocols (#2718) 2019-03-29 15:27:33 -07:00
Ying Xie
9d6bac567b [build] force Linux to drop cache before calling kvm (#2717)
* [vm build] force Linux to drop cache before calling kvm

KVM need to allocate 2G memory for this build. The system memory might
be occupied by cache at the moment and doesn't have 2G chunk to give
out. Forcing Kernel to drop cache to boost the chance of getting 2G
memory.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>

* [make] add option to enable/disable VS build memory preparation

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-03-29 15:25:17 -07:00
Qi Luo
6a9491b55c [submodule]: Update submodule sonic-snmpagent: Remove verbose feature missing logs (#2719)
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2019-03-29 02:58:35 -07:00
Ying Xie
80d65943eb
[teamd] retry creating team_port after interface info changed (#2699)
Race condition has been noticed after warm reboot: sometimes when
port_changed notification was received, the link message didn't
have the device name. Without device name, creating team port
would fail.

Registering to the interface information change notification, so
later when device name becomes available, retry creating team port.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-03-28 09:57:06 -07:00
Stepan Blyshchak
8ebfc3a115 [mellanox] Make mellanox SAI-Implementation as submodule (#2711)
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2019-03-28 09:44:15 -07:00
Sudharsan D.G
357923d6ea [devices]: Fixing get_transceiver_change_event for z9100 (#2712) 2019-03-27 18:38:01 -07:00
Andriy Moroz
3a3a221a95 [devices]: Add support of HwSKU Mellanox-SN2700-C28D8 (#2700)
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
2019-03-27 18:36:52 -07:00
Pradchaya Phucharoen
957d8f541b [device/celestica] haliburton add gpio_ich driver module blacklist (#2704) 2019-03-27 18:35:35 -07:00
Stepan Blyshchak
0e01ff557b [mellanox] add makefiles to build Mellanox SDK from sources (#2701)
* [.gitignore] add missing directories to .gitignore

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>

* [buildsystem] add ability to override make variables from root Makefile

To override any make variable during build use SONIC_OVERRIDE_BUILD_VARS, e.g:
"make SONIC_OVERRIDE_BUILD_VARS="PARAM1=A PARAM2=B" all"

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>

* [mellanox] add SDK build from sources

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>

* [mellanox] pass -j$(SONIC_CONFIG_MAKE_JOBS) when building SDK

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>

* [mellanox] Add MLNX_SAI_REPO, MLNX_FW_BASE_URL variables

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>

* [mellanox] if MLNX_SDK_BASE_SOURCE_URL is not empty then build SDK from sources

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2019-03-27 18:32:25 -07:00
Ying Xie
9af7d21e2e
[jessie based docker] remove dependency on some retired jessie repos (#2707)
* [jessie repo] remove one dependency on jessie-backport repo

Signed-off-by: Ying Xie <ying.xie@microsoft.com>

* [build] remove dependency on retried jessie-backports repo

The downloaded Jessie docker image still reference jessie-updates.
Removing it from the list.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>

* fix typo

* move chunk

* [docker-ptf] avoid using retired Jessie repos

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-03-26 23:46:39 -07:00
Pradchaya P
6cec850c0a [device/celestica] seastone add gpio_ich driver module blacklist (#2691) 2019-03-25 15:49:35 -07:00
Pradchaya P
42d79a1cf5 Revert "[device/celestica] haliburton add gpio_ich driver module blacklist (#2692)" (#2697)
This reverts commit e06e7dc007.
2019-03-25 15:48:56 -07:00
Polly Hsu
b36b84fc5a [device/accton]: Update Accton-AS7326-54X (#2482) 2019-03-23 12:28:24 -07:00
Polly Hsu
af111aa836 [device/accton]: Add Accton-AS7726-32X (#2483) 2019-03-23 12:22:08 -07:00
Jipan Yang
4e3bb4d47a [libteam]: Skip setting the same hwaddr to lag port to avoid disrupting neighbor… (#2602)
* Skip setting the same hwaddr to lag port to avoid disrupting neighbor entries

Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
2019-03-23 12:20:22 -07:00
lguohan
800d20bf1a
[sonic-utilities]: fix sonic-utilities build error (#2693)
* [sonic-utilities]: fix sonic-utilities build error

* 1b734f1 2019-03-22 | use pytest in setuptools (#490) [lguohan]
* 7030c97 2019-03-21 | [show] show interface status added vlan and portchannels to command (#483) [Travis Van Duyn]
* a30d1a8 2019-03-21 | [warm/fast reboot] setup control plane assistant when available (#487) [Ying Xie]
* 8182dfa 2019-03-21 | [reboot script] add -h, -? options (#484) [Ying Xie]

Signed-off-by: Guohan Lu <gulv@microsoft.com>
2019-03-22 21:02:10 -07:00
Volodymyr Samotiy
4fdfb08b0a [submodule]: Update sonic-swss pointer (#2647)
* 3f14956 2019-03-06 [portsorch] fix bug in speed set (#806) [Stepan Blyshchak]
* c903b5d 2019-03-05 [vnetorch]: Add support of nexthop routes for Bitmap VNET implementation (#805) [Volodymyr Samotiy]
* 3b34b21 2019-02-26 [vnetorch]: Add support of local routes for Bitmap VNET implementation (#801) [Volodymyr Samotiy]
* 62b7ca4 2019-02-22 Fix incorrect ACL CRM increment, resulting orchagent crash (#800) [Prince Sunny]
* dd6bdd9 2019-02-21 [vnetorch]: Bitmap VNet implementation (#773) [Marian Pritsak]

Signed-off-by: Volodymyr Samotiy <volodymyrs@mellanox.com>
2019-03-22 17:48:45 -07:00
Wenda Ni
3bc29d8c80 [counters]: Enable watermark stats polling by default (#2603)
Signed-off-by: Wenda Ni <wenni@microsoft.com>
2019-03-22 16:56:46 -07:00
Mykola F
3826ffd30f [pmon] move platform monitor docker to stretch (#2680)
Signed-off-by: Mykola Faryma <mykolaf@mellanox.com>
2019-03-22 16:42:56 -07:00
Pradchaya P
e06e7dc007 [device/celestica] haliburton add gpio_ich driver module blacklist (#2692) 2019-03-22 16:39:24 -07:00
Kebo Liu
84b46bb0e0 [Pmon] dynamically load pmon daemons (#2654)
* dynamically load pmon daemons
2019-03-22 02:49:35 -07:00
Ying Xie
60968cf95b
[make file] managing teamd patches with stg (#2689)
Just so that the folder will be clean and make working on new patches
much easier.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-03-21 18:11:57 -07:00
Andriy Moroz
5cfd97a65f [Mellanox] Update SAI (#2685)
New SAI fixes getting of queue buffer profile

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
2019-03-21 10:47:08 -07:00
Renuka Manavalan
c3f5756934 [sonic-buildimage]Install python ipaddress (#2681)
* Install ipaddress python package that has deprecated current ipaddr. ipaddress has backport to python2.7

* Install python ipaddress module as required by route_check.py sonic utility. BTW, ipaddress deprecates ipaddr and ipaddress has python2 backport

Signed-off-by: Renuka Manavalan <remanava@microsoft.com>
2019-03-21 00:07:02 -07:00
Stepan Blyshchak
0a0f5b81bf [thrift] add a patch to revert THRIFT-3650 (#2688)
Revert breaking change in thrift 0.11.0;
saithrift implementation relies on the bug in union serialization
(details: https://jira.apache.org/jira/browse/THRIFT-3650)

Add this revert patch untill saithrift is fixed according to
correct thrift behaviour

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2019-03-20 17:40:22 -07:00
Ying Xie
698b248a13
[docker script] skip docker mount point checking for database container (#2683)
database container doesn't mount hwsku folder.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-03-19 20:14:07 -07:00
Renuka Manavalan
2ee36c74d1 [sonic-py-swsssdk] Update submodule (#2660) 2019-03-19 11:58:20 -07:00
Renuka Manavalan
0d8b92ea90 [sonic-utilities] update submodule (#2667) 2019-03-19 11:57:52 -07:00
Kebo Liu
80af5e179c [Mellanox] fix sfp lpmode set failure caused by extra nv port (#2671)
* fix lpmode set failure issue by skipping nvport
2019-03-19 11:43:25 -07:00
Stepan Blyshchak
c0caf0c372 [dockers] Build stretch dockers only once and only in stretch slave docker (#2678)
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2019-03-19 09:16:33 -07:00
Qi Luo
145c1348b3
[docker] Update docker package version for CVE-2019-5736 fix (#2663) 2019-03-18 18:50:05 -07:00
Renuka Manavalan
ae05579c67 [baseos]: Install ipaddress python package that has deprecated current ipaddr. … (#2674)
* Install ipaddress python package that has deprecated current ipaddr. ipaddress has backport to python2.7

* Install python ipaddress module as required by route_check.py sonic utility. BTW, ipaddress deprecates ipaddr and ipaddress has python2 backport

* Revert the old chaneg per review comments.

Signed-off-by: Renuka Manavalan <remanava@microsoft.com>
2019-03-18 11:12:47 -07:00
Stepan Blyshchak
a45f41ec1b [mellanox] Fix in mlnx-ffb.sh (#2676)
Fixes "No ISSU version file found /etc/mlnx/issu-version"
when rebooting to different image;
Add aditional check condition.

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2019-03-18 08:53:35 -07:00
Kebo Liu
cfbc817ea6 fix load board class of eeprom module issue (#2666) 2019-03-18 12:12:23 +02:00
Renuka Manavalan
3906da0190 Revert the old chaneg per review comments.
Signed-off-by: Renuka Manavalan <remanava@microsoft.com>
2019-03-15 22:00:22 +00:00
Renuka Manavalan
c701194355 Install python ipaddress module as required by route_check.py sonic utility. BTW, ipaddress deprecates ipaddr and ipaddress has python2 backport 2019-03-15 18:27:09 +00:00
Michel Moriniaux
62e994d8ec [HWSKU] add Arista-7060CX-32S-T96C8 and Arista-7060CX-32S-Q24C8 (#2617)
* [HWSKU] Added Arista-7060CX-32S-Q24C8 HWSKU

Added an Arista HWSKU with 24x40G + 8x100G ports
The ports are distributed along core lines

Signed-off-by: Michel Moriniaux <m.moriniaux@criteo.com>

* [HWSKU] Added Arista-7060CX-32S-T96C8 HWSKU

Added the bcm config files for a 96x25G+8x100G ToR

Signed-off-by: Michel Moriniaux <m.moriniaux@criteo.com>

* [HWSKU] Added Arista-7060CX-32S-Q24C8 HWSKU

Added an Arista HWSKU with 24x40G + 8x100G ports
The ports are distributed along core lines

Signed-off-by: Michel Moriniaux <m.moriniaux@criteo.com>
2019-03-15 09:45:17 -07:00
Roy Lee
802d5ef55a [devices] add new accton platform minipack (#2670)
[devices] add new accton platform minipack.

Add support for new platform, minipack.
It has
CPU: Broadwell DE – D1527
MAC: Tomahawk3(BCM56980).
PHY:Broadcom BCM81724, 4 pcs, Gearbox for PIM-16Q
BMC:AST2520
8 hot-swappable Port-Interface-Modules, each of them has 16*100G QSFP.

- What I did
Add device and platform files for minipack.
- How I did it
Add as SONiC Porting Guide.
- How to verify it
decode-syseeprom
sensors
psuutil
sfputil
thermal monitor
bcmsh on port status
(port LEDs may not working)
2019-03-15 09:40:38 -07:00
Renuka Manavalan
a1c3c06567 Install ipaddress python package that has deprecated current ipaddr. ipaddress has backport to python2.7 2019-03-15 15:50:34 +00:00
Andriy Moroz
383d52956e [mellanox]: Update SDK, FW and SAI (#2669)
MLNX_SDK_VERSION = 4.3.0136
SPC_FW_VERSION = 13.1910.0920
MLNX_SAI_VERSION = SAIRel1.13.7-master

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
2019-03-15 00:25:19 -07:00
Stepan Blyshchak
8b7fc8db65 [dockers] Upgrade Mellanox syncd docker to stretch (#2640)
* [dockers] Upgrade Mellanox syncd docker to stretch

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2019-03-12 21:38:25 -07:00