Commit Graph

2077 Commits

Author SHA1 Message Date
Joe LeVeque
30a8d1d8f0 [sshd] Close all SSH connetions after 15 minutes of inactivity (#3031)
- What I did

Configure sshd to close all SSH connetions after 15 minutes of inactivity.

- How I did it

Set ClientAliveInterval to 900 (900 seconds = 15 minutes) and ClientAliveCountMax to 0
in /etc/ssh/sshd_config using augtool in build_debian.sh. In the process, I refactored the existing augtool command for sshd_config so as to add comments and empty lines to file for readability.

- How to verify it

Log into device via management port. Wait 15 minutes without sending a keystroke -- you should be automatically logged out.
2019-07-10 17:51:59 +00:00
Renuka Manavalan
0bca6b8468
1) Build debug docker image for each docker (#3104)
2) Install debug tools in every debug docker image
3) Install available debug symbols in debug docker image
4) Provide additional host/docker mapping for host dirs /src & /debug
    4.1) The one-image will have source code under /src
    4.2) /debug is mapped as rw. User can put his core file there and use this dir to
         collect debug session logs too.
5) Build debug image using debug dockers
6) Source code is archived into /src of debug image
7) The welcome banner is extended to display these additional facilities in debug image.
2019-07-09 08:55:03 -07:00
Joe LeVeque
9e02684b2d [201811][dockers] Upgrade rsyslog to latest version available from jessie-backports repo (#3127)
Upgrade the version of rsyslog installed in Docker containers to the latest version available from jessie-backports repo (currently 8.23.0-2~bpo). Based off my change to the 201803 branch (#2709). This should eliminate some memory leaks and will prevent any regressions if moving from the 201803 branch to the 201811 branch.
2019-07-06 13:32:06 -07:00
Shuotian Cheng
b8bdeffd47
[submodules]: Backport ACL/MIRROR features to 201811 branch (#3112)
0ed90ba - [policerorch]: Fix return code comparison error (#968) (1 minutes ago) <Shuotian Cheng)
80fcada -  remove crm acl_counters when acl_table removed (#918) (3 hours ago) <JaredLius>
bd3651f - [aclorch]: Fix matching MIRROR_DSCP throws unnecessary errors (#966) (2 minutes ago) <Shuotian Cheng>
0af226a - [aclorch]: Add MIRROR_DSCP table type (#906) (4 weeks ago) <Shuotian Cheng>
9005962 - [vstest]: Update the mirror session state table name (#917) (5 weeks ago) <Shuotian Cheng>
c4e3e54 - [policerorch]: Add PolicerOrch to bundle with mirror session (#889) (6 weeks ago) <Shuotian Cheng>
ee49926 - [Makefile]: Remove header files from source files (#883) (8 weeks ago) <Shuotian Cheng>
f889f80 - [aclorch]: Add ICMP type/code match for v4/v6 (#868) (8 weeks ago) <Shuotian Cheng>
9931450 - [aclorch]: Add MIRRORv6 and MIRRORv4v6 support for ACL table (#825) (9 weeks ago) <Shuotian Cheng>
a1ab18c - [mirrororch]: Fix comments typo (#863) (9 weeks ago) <Shuotian Cheng>

sonic-swss-common
485db07 - [schema]: Add SWITCH_CAPABILITY_TABLE (#276) (6 weeks ago) <Shuotian Cheng>        
3f49b20 - [schema]: Add POLICER configuration table (#277) (6 weeks ago) <Shuotian Cheng>    
539b87d - [schema]: Add STATE_MIRROR_SESSION_TABLE_NAME (#278) (6 weeks ago) <Shuotian Cheng>

sonic-utilities
dc52015 - [Sonic-utilities]: Added commands to view acl and port running configs (#557) (6 days ago) <Prem Prakash>
635dc88 - [config]: Add config acl add/remove table command (#541) (4 weeks ago) <Shuotian Cheng>
dcdc922 - [show]: Add show policer command (#540) (4 weeks ago) <Shuotian Cheng>                                        
128462a - [config]: Add --policer option for mirror session (#537) (6 weeks ago) <Shuotian Cheng>                       
38da7f3 - [acl_loader]: Add policer attribute in show mirror_session command (#538) (6 weeks ago) <Shuotian Cheng>      
f95ff00 - [acl_loader]: Do not apply default DENY rule for MIRRORV6 table (#522) (6 weeks ago) <Shuotian Cheng>

Signed-off-by: Shu0T1an ChenG <shuche@microsoft.com>
2019-07-05 08:47:42 -07:00
Sumukha Tumkur Vani
24e5a62ccc [sonic-cfggen]: Fix for management port speed issue (#2945) 2019-07-03 23:19:26 +00:00
Andriy Moroz
ff7fe3f8df [submodule]: Update sonic-swss pointer (#3110)
Included fix for PFCWD due to counter units change in SAI

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
2019-07-02 15:16:56 -07:00
lguohan
7a6aca7a6d
Merge pull request #3088: upgrade SAI to v1.4 for 201811
upgrade SAI to v1.4 for 201811
2019-07-02 09:01:59 -07:00
Andriy Moroz
dc0f695b6b Update SAI to v1.4, SDK to v4.3.1420 (#46)
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
2019-07-02 07:17:15 +00:00
Guohan Lu
8f077b8097 [submodule]: update sonic-swss and sonic-sairedis submodule
sonic-swss

* 32d3297 2019-01-24 | use sai_stat_id_t for new SAI header file (#769)

sonic-sairedis

* fdfcefd 2019-04-24 | [SAI] Advance submodule to v1.4.1 (#450) (HEAD -> 201811, origin/201811) [Marian Pritsak]
* 006df41 2019-02-27 | [vslib]: Add support of bitmap VNET (bmtor) SAI API (#424) [Volodymyr Samotiy]
* ec5e187 2019-04-23 | [SAI]: Move SAI pointer to v1.4 (#447) [Shuotian Cheng]
* 6b9c32e 2019-03-04 | [SAI] Update SAI pointer (#431) [Stepan Blyshchak]
* f078998 2019-02-22 | Fix compilation issues in stretch docker with gcc-6.3 (#426) [Stepan Blyshchak]
* 0540e59 2019-01-31 | Update SAI pointer (#414) [Marian Pritsak]
* 9084920 2019-01-18 | Update SAI pointer to latest master (#408) [Marian Pritsak]
* fbfe48b 2019-06-24 | Revert "[SAI header] upgrade SAI header to version v1.3.7 (#445)" [Guohan Lu]

Signed-off-by: Guohan Lu <gulv@microsoft.com>
2019-07-02 07:16:55 +00:00
Guohan Lu
58171a857c [Broadcom SAI] upgrade Broadcom SAI to 3.5.2.3 2019-07-02 07:12:26 +00:00
Ying Xie
43853bfb69 change libsaithrift version to 0.9.4 2019-07-02 07:12:26 +00:00
Shu0T1an ChenG
aa8fcd9924 [broadcom]: update saibcm-modules to sdk 6.5.14 2019-07-02 07:12:26 +00:00
Qi Luo
f2b8d6d797 [submodule] update sairedis (#3099)
Fix a bug in parsing kernel argument of fast-reboot
2019-06-28 23:44:07 -07:00
Qi Luo
588c687a27
[fast-reboot] fix fast reboot compatibility (#3083) and advance sai-redis/201811 point (#3089)
* fix fast reboot compatibility (#3083) and advance sai-redis/201811 point
* Repoint the submodule
2019-06-26 22:02:21 -07:00
pavel-shirshov
a6fa4d1fcc [snmpd]: Restart snmpd to mitigate its crash (#3085) 2019-06-25 17:30:15 -07:00
Ying Xie
7db8c4a19a
[kernel upgrade] change init file name to match kernel version (#3064)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-06-21 14:20:11 -07:00
Qi Luo
0ea679e297
[submodule] update sonic-linux-kernel (#3038)
* [submodule] update sonic-linux-kernel (#2985)
* Fix many version strings
* Update minor version
* Update arista-drivers submodule (#9)
* Rebuild SDK on new kernel (#10)
2019-06-20 21:21:36 -07:00
Ying Xie
f6c1cef3c5
[201811][swss][utilities] advance sub module head (#3051)
Submodule src/sonic-swss 87f0a5e..869c78a:
  > Add retryCount option for orchagent_restart_check program. (#833)

Submodule src/sonic-utilities 5b73b83..a02c4ea:
  > [warm-reboot] Use retryCount option of orchagent_restart_check program (#555)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-06-19 12:10:25 -07:00
Joe LeVeque
02fc1306b0 [baseimage]: Increase TMOUT for serial port connections to 15 minutes (#3032)
Increase TMOUT value in order to close inactive serial console connections after 900 seconds (15 minutes) of inactivity
2019-06-19 19:07:36 +00:00
neethajohn
c9748dd85c [submodule]: Update submodule sonic-quagga (#3030)
Reduce the retry time for IPV6 connections to avoid reprogramming IPv6 routes after warm-reboot (#37)
2019-06-19 19:07:20 +00:00
Ying Xie
cf9adfef64
[201811][swss] advance sub module head (#3018)
Submodule src/sonic-swss 93497ec..87f0a5e:
  > Add vxlan remove operation (#938)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-06-16 10:36:22 -07:00
zhenggen-xu
34f3caf2e2 Set the default mac ageing time to 600 seconds (#2365)
* Set the default mac ageing time to 300 seconds

The current mac ageing was disabled, this could lead the mac address
table to increase over time and lead to resource and performance issues.

Signed-off-by: Zhenggen Xu <zxu@linkedin.com>

* Update the default HW ageing timer to be 600 seconds.

This is to be on the safer side where ARP update interval
is 300 seconds and SONiC does not flood when ARP is aged out.

Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
2019-06-16 05:50:27 +00:00
pavel-shirshov
f71c665705
[libteam]: Reimplement Warm-Reboot procedure (#2999)
* [libteam]: Reimplement Warm-Reboot procedure

* Address internal comments
2019-06-14 13:56:16 -07:00
Ying Xie
983a4b24eb [bcm SAI] upgrade Broadcom SAI to version 3.3.6.1-9 (#3009)
- Broadcom SAI GA version 20190513
- Broadcom fix for CS7999193, CS7913246, CS4529162, CS8180755, CS8242625

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-06-13 22:23:40 -07:00
Ying Xie
be799cbed3
[swss][utilities] advance sub module head (#3010)
Submodule src/sonic-utilities 46b5aa8..5b73b83:
  > [intfutil] Fix error when <interface name> specified in show interface related commands (#548)

Submodule src/sonic-swss a637562..93497ec:
  > [orchagent] PFC WD support for BFN platform (#916)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-06-13 12:24:45 -07:00
Joe LeVeque
13b066fc0e [201803][monit] Restart rsyslog service if rsyslogd consumes > 800 MB memory (#2963) 2019-06-13 19:10:14 +00:00
SuvarnaMeenakshi
0023fca739 [baseimage] kernel oom-killer to panic when the system is truly out of memory (#2988)
- What I did
Currently when the system is under memory pressure, the OOM killer kicks in and kills a rogue process. Killing a rogue process can cause the device to be un-healthy leading to blackholing of the traffic.

To avoid this, configure the OOM to do a kernel panic which will cause the device to reboot and come back up healthy.

- How I did it
Added the sysctl variable panic_on_oom and set the value to 2.
Setting it to 2 will ensure OOM killer to always do a kernel panic.
2019-06-13 18:59:51 +00:00
pavel-shirshov
2295dab965 [submodule]: Update sonic-quagga submodule (#2984) 2019-06-13 18:59:31 +00:00
Ying Xie
fbe9715f85
[201811][swss][utilities] advance sub module head (#2968)
Submodule src/sonic-utilities 6b4d1a0..46b5aa8:
  > [show ip interface] Add support for 'alias' interface naming mode (#486)

Submodule src/sonic-swss 9c4ae18..a637562:
  > Suppress storm detect counter increment for ongoing pfc storm case during a warm reboot (#869)
  > Remove *_LEFT fields to allow PFC watchdog to enter fresh into the (#897)
  > Set LAG mtu value based on kernel netlink msg (#922)
  > [warm restart assist] assume vector values could be reordered (#921)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-06-04 11:35:08 -07:00
Ying Xie
fbe55e9adf
[201811][utilities] advance utilties sub module head (#2960)
Submodule src/sonic-utilities 4488525..6b4d1a0:
  > [show vlan brief] Support 'alias' interface naming mode (#497)
  > [show interface neighbor expected] Support 'alias' interface naming mode (#495)
  > updated show ipv6 interface for alias mode (#493)
  > [show] Add serial numbers/uptime/hwinfo to 'show version' output (#488)
  > [show] show interface status added vlan and portchannels to command (#483)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-05-30 14:34:48 -07:00
pavel-shirshov
3954e0821c [libteam] Send updates as soon as we need to update the LACP partner about changes (#2955) 2019-05-30 21:15:12 +00:00
Phanindra TV
abc25df612 [teamd]: Administratively shutdown port channel has member ports in deselected state and traffic is not forwarded. #1771 (#2882) 2019-05-30 21:15:05 +00:00
Ying Xie
f791502237
[201811][utilities][swss] advance sub-module heads (#2953)
Submodule src/sonic-utilities 7a2348c..4488525:
  > use vlan members (#542)
  > [sonic_installer] If asked to install an image which is already installed, simply set as default (#534)

Submodule src/sonic-swss 8246bd9..9c4ae18:
  > Ignore neighbor entry with BCAST MAC, check SAI status exists (#914)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-05-28 17:58:30 -07:00
Kebo Liu
506081813a [mellanox]: fix wrong type of paramerter (#2950) 2019-05-29 00:53:36 +00:00
Joe LeVeque
8ae67c4c5d [logrotate] Enhance robustness (#2942)
* [logrotate] Decrease frequency to every 10 minutes; kill any lingering logrotate processes

* [logrotate] Delete all *.1.gz files as firstaction; Remove note about init-system-helpers < 1.47 workaround

However, continue to send SIGHUP directly to rsyslogd process
because 'service rsyslog rotate' still doesn't work properly with
init-system-helpers version 1.48
2019-05-29 00:53:13 +00:00
Qi Luo
0f4cb41efc [monit] Set memory usage alert at 50% (#2939)
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2019-05-29 00:52:43 +00:00
Sudharsan D.G
fb1f156eb2 [devices]: Optics fixes in Dell Z9100/Z9264f platforms (#2936) 2019-05-29 00:51:43 +00:00
Stepan Blyshchak
fae35536c3 [swss.sh] flush FDB table during cold start (#2933)
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2019-05-29 00:51:09 +00:00
paavaanan
5b52a24e25 [devices]: Export reboot_reason sysfs attribute for DellEMC S6100/Z9100 (#2922) 2019-05-29 00:50:40 +00:00
paavaanan
c49bac1457 [devices]: Dell Hwmon S6100/Z9100 SFM version export (#2521) 2019-05-29 00:50:13 +00:00
Ying Xie
f434b80758
[201811][utilities] update sub-module head (#2927)
Submodule src/sonic-utilities a1f961c..7a2348c:
  > [201811] enable DB migrator code (#536)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-05-20 12:09:28 -07:00
Ying Xie
5975a9c25b [updategraph] set DB version after minigraph reload (#2917)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-05-20 19:05:29 +00:00
Stepan Blyshchak
712d4b90fe [mlnx] fix incorrect attr assignment in mlnx-sfpd (#2913)
* [mlnx] fix incorrect attr assignment in mlnx-sfpd

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>

* [mlnx] on_pmpe returns bool and not SX_STATUS_SUCCESS

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>

* [mlnx] fix typo

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2019-05-20 19:04:52 +00:00
Stepan Blyshchak
82cd144fbd [mlnx] refactor and fix mlnx-sfpd shutdown (#2907)
* [mlnx] fix mlnx-sfpd shutdown

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>

* fix type and handle only EINTR and EAGAIN errors from select

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>

* handle select.error as well during init/run

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2019-05-20 19:03:44 +00:00
Sudharsan D.G
85c51bf5c9 [devices]: Added index for dell z9100 c32 (#2892) 2019-05-20 18:59:55 +00:00
Renuka Manavalan
238db1e06a [tacacs]: skip accessing tacacs servers for local non-tacacs users (#2843)
* Switch the nss look up order as "compat" followed by "tacplus".
This helps use the legacy passwd file for user info and go to tacacs only if not found.
This means, we never contact tacacs for local users like "admin".
This isolates local users from any issues with tacacs servers.
W/o this fix, the sudo commands by local users could take <count of servers> * <tacacs timeout> seconds, if the tacacs servers are unreachable.

* Skip tacacs server access for local non-tacacs users.
Revert the order of 'compat tacplus' to original 'tacplus compat' as tacplus
access is required for all tacacs users, who also get created locally.
2019-05-20 18:59:26 +00:00
paavaanan
643d16a4d7 LED Supprot For DellEMC Z9100 (#2799) 2019-05-20 18:58:55 +00:00
Joe LeVeque
bd7b96fea3 [201811][dhcp_relay] Add support for DHCP client(s) on one VLAN and DHCP server(s) on another (#2919)
* Change URL for isc-dhcp source repository

* Modify supervisor conf to generate dhcrelay commands with '-id' and '-iu' options

* Comments; Also clean up jinja2 syntax

* Patch relay to open one socket per interface and send to all servers on all upstream interfaces

* Patch relay agent to properly forward BOOTREQUEST only on appropriate interface if it is a directed broadcast

* Port upstream patches to isc-dhcp-relay to support upstream/downstream interfaces

* Update patch to properly support interfaces with multiple IP addresses assigned

* Pass --enable-use-sockets to configure instead of uncommenting USE_SOCKETS directly
2019-05-18 10:33:26 -07:00
Ying Xie
116246de1b
[201811][utilities] update sub module head (#2897)
Submodule src/sonic-utilities 6130695..a1f961c:
  > update scheme variable name (#531)
  > [teamshow]: Add * to indicate if the state has been synced into database (#395)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-05-14 15:39:16 -07:00
Sumukha Tumkur Vani
c1836146a3 Fix for LLDP portname issue (#2886)
* Fix for LLDP portname issue
First check for operstate and if its not present then check for ifindex

* Addressing review comments
2019-05-14 18:03:29 +00:00