* Add switch ASIC vendor and platforms for Nephos
- What I did
Add switch ASIC vendor: Nephos
Add Nephos platforms: Ingrasys S9130-32X, Ingrasys S9230-64X
- How I did it
Add platform/nephos files
Add platform/nephos/sonic-platform-modules-ingrasys submodule
Add device/ingrasys/x86_64-ingrasys_s9130_32x-r0 files
Add device/ingrasys/x86_64-ingrasys_s9230_64x-r0 files
Add SONiC to support Nephos platform
- How to verify it
To build SONiC installer image and docker images, run the following commands:
make configure PLATFORM=nephos
make target/sonic-nephos.bin
Check system and network feature is worked as well
- Description for the changelog
Add switch ASIC vendor and platforms for Nephos
- A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: Sam Yang <yang.kaiyu@gmail.com>
* Advance sonic-sairedis submodule to include #271 (Add Nephos ASIC)
snmp.service needs to read chassis serial number for one of its mibs.
We save this value in state DB so that it is accessible from container.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* [TACACS+]: Add configDB enforcer for TACACS+
* hostcfgd - configDB enforcer for TACACS+, listen configDB to
modify the pam configuration for Authentication in host
* Add a service script for hostcfgd
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
* [TACACS+]: Generate conf file by template file
* Generate common-auth-sonic and tacplus_nss.conf by jinja2 template
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
* [TACACS+]: Add support for TACACS+ Authentication
* pam_tacplus - A TACACS+ protocol client library and PAM module to
supports core TACACS+ functions for AAA.
* nss_tacplus - A NSS plugin for TACACS+ to extend function getpwnam,
make the TACACS+ authenticated user which is not found in local
could login successfully.
* Add make rules for pam_tacplus and install script
* Add a patch for pam_tacplus to disable pam-auth-update pam-tacplus
by default
* Add a patch for pam_tacplus to inlucde and build nss_tacplus
Signed-off-by: chenchen.qcc@alibaba-inc.com
* [TACACS+]: Add nss-tacplus as a separate src repo
* Separate nss-tacplus from pam-tacplus, modify tacacs.mk and
makefile, add a patch to adapt to the new user map profile.
* Use the lastest stable version for pam-tacplus, add a dependent
package in sonic-salve, add two patches to fix build error.
* Add scripts to disable tacplus by default.
* Remove hostcfgd service file
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
* [TACACS+]: Fix nss-tacplus filter some valid TACACS+ username
* The NAME_REGEX for username check in plugin nss-tacplus is
the ANSI version "^[0-9a-zA-Z_-\ ]*$", but the regular expression
in /etc/adduser.conf is not defined as ANSI version. To avoid
nss-tacplus filter some valid TACACS+ username, remove username
check.
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
If device MAC is added to init_cfg.json, it has to be done using
intermediate file. We cannot redirect to same file while trying to read
from it because it will be truncated first.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* [init]: save the initial switch mac to config db
Save the initial switch mac to config db DEVICE_METADATA|localhost entry.
* update sonic-swss submodule
* Add support for vlanconfd and intfconfd
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Change name to vlanmgrd and intfmgrd
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Add missing vlan_members for parse_dpg result
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Remove cfgmgr debug CLI from image
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Update swss and swss-common submodules for VLAN trunk support
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Bump sonic-platform-modules-arista
Improves i2c performance for xcvrs
Fix the led_plugin by ignoring unknown ports
Miscellaneous improvements
* Fix index column for Arista-7260CX3-D108C8
* Fix flash permissions for Arista platforms
The ext4 flash uses acl to properly handle permissions in EOS.
Aboot isn't built with this support and therefore can't be used
to set the flash permissions. It has to be deferred in sonic initrd.
* [Arista]: Fix the udev waiting in networking start
This change is to fix the issue in https://github.com/aristanetworks/sonic/issues/16
For the checking condition used, it is only applied to Arista switches
Signed-off-by: Boyang Yu <byu@arista.com>
* [Arista]: Correct for PR comments
Signed-off-by: Boyang Yu <byu@arista.com>
When updategraph service is enabled, a special value 'default'
from DHCP response will now initialize the system with an empty
configuration instead of existing minigraph.
A DHCP response without option 224 will remain the current behavior
of skipping graph update and use existing default minigraph.
* [build]: sonic-utilities package now depends on swsssdk; add build dependency
* Now building sonic-utilities Python package in wheel format
* Update sonic-utilities submodule
* Change output wheel name to match proper format
* Framework to plugin Organization specific scripts
* Framework to plugin Organization specific scripts
* Framework to plugin Organization specific scripts
* add getopt option to organization script
Existing dockers has paths mounted according to the HWSKU. When HWSKU
changes, these dockers need to be destroyed and recreated with the
correct paths mounted.
Modify minigraph parser output format so it fit DB schema
Modify configuration templates to fit new schema
Systemd services dependencies are modified so database starts before any configuration consumer
* [rsyslog]: Use timegenerated instead of timestamp
This is useful when rsyslog is used to put markers generated on other machines.
This way all messages will have a timestamp from a single system.
* [rsyslog] Use subseconds from local machine
moving to initramfs unifies disk allocate on different platforms.
use fallocate instead of dd to speed up the disk allocation.
By default, mkfs.ext4 has -E discard option which discards the blocks
at the mkfs time, also speed up the initialization time.
1. "make target/sonic-broadcom.raw" will create the compressed dd'able image.
2. This will also update the grub config files (device/dell/*/nos_to_sonic_grub.cfg) with the image versions.
- Force log rotation at size thresholds only (no longer also rotating logs daily), allowing for more consistent archived log size
- Eliminate remaining duplicate log messages
- Cron facility now only logs to cron.log (was also logging to syslog)
- Debug, mail, news and user log facilities only log to syslog; no longer creating separate log files for these facilities
- Cron job that calls logrotate every minute now uses the main /etc/logrotate.conf file so as to check/rotate all logs every minute, not just the logs specified in the rsyslog file. Also redirecting output of this command to /dev/null to prevent "(CRON) info (No MTA installed, discarding output)" messages in cron.log due to lack of a mail service
- Delete archive files based on remaining /var/log partition space. Note that this solution currently requires a minimum /var/log partition size of 32MB to function correctly
- Update sonic-sairedis and sonic-swss submodules to incorporate recording file name changes
- Add .screen file to .gitignore (unrelated)
* [cfggen] Support reading from and writing to configdb
* [bgp] Move bgp_admin_state to configdb, support dynamic admin state change
* [sonic-utilities] Adapt configDB for admin status, support config save and config load
* [bgp] Save admin state and set default state to shutdown
* Set default behavior to no shutdown
* Add build option SHUTDOWN_BGP_ON_START
* Script change for default admin state to be on
* Address CR comments to bgp_neighbor script
* Fix script bug
* Bump sonic-platform-modules-arista submodule
* Use sonic_sfputil plugin from the arista library
* Fix undefined variable varlog_size
* Prevent minigraph.xml to be removed from the flash
* Update DCS-7050QX-32 sensors config
If routes are inserted in main table, they wont' be overwritten
by the routes learned via BGP. Then the routes will be missing
from the ASIC.
Thus a default table is used so that control plane and data plane
routes are isolated and could be configured independently.
- Now that logrotate is a cron job that runs every minute, it was polluting syslog
- Also shrink max size of less-important logs to 50MB and rotate them daily by default
* [rc.local]: Copy saved minigraph if available.
In case of sonic-to-sonic update old image stores minigraph under /host
directory. Upon first boot this minigraph will be used by new image to
save configuration.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
- rsyslog logs were being rotated regardless of whether they exceeded their maixmum size. This was due to "-f" flag passed to logrotate in cron job.
- After rotation, /var/log/syslog was never written to again. Instead, logs were written to /var/log/syslog.1. This was due to rsyslog not properly closing the file descriptor to the pre-rotated log.
- Also brought back time-related rotation via the new(er) maxsize option, which performs a boolean OR operation. If the log exceeds the maxsize OR the log hasn't been rotated in the specified, it will be rotated. Using the older size option, the time-based rotation was ignored.
- Also addresses issue #528
* Rename 'ACSFileFormat' -> 'SONiCFileFormat'
* Rename '00-acs.conf' -> '00-sonic.conf'
* Add logrotate.d and systemd-journald config files to image
* Log all SONiC process messages to /var/log/syslog; prevent duplicate logging to /var/log/messages
* Do not redirect cron and daemon logs to their own files, let them log to /var/log/syslog
* Log all teamd messages to /var/log/teamd.log; Add more SONiC program names to SONiC rules clause
* Remove duplicate code by condensing quagga programs into a list; Fix teamd log rule
* Kernel and LPR messages no longer getting duplicated to their own log files
* Now calling logrotate every minute via cron job
* Need full path to logrotate in cron job
* Add '.log' suffix to wildcards, otherwise logrotate will rotate already-rotated logs (e.g., bgpd.log.1.1.1.1.1...)
* Add microsecond granularity to syslog messages
* Don't overwrite system crontab, instead, install additional logrotate crontab file into /etc/cron.d
* Removed incomplete concept of per-process SONiC logs. We can revisit again later
* [device]: Add support for Mellanox MSN2410
MSN2410 runs on Spectrum silicon and has 56 ports:
48 25GbE and 8 100GbE
* Avoid full path within bash -c
Signed-off-by: marian-pritsak <marianp@mellanox.com>
- Do not bring up LAG member ports when LAG is not created.
This is because LAG member ports must be DOWN when joining
the teamd instances due to teamd design. Therefore, we cannot
bring up a LAG member port first and then join the port to a LAG.
Signed-off-by: Shuotian Cheng <shuche@microsoft.com>
* [build]: Include SONiC version into installer.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Append dirty if contains local changes
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Update config
* Use correct name for kernel version field
* Update sysDescription.j2
- This change is added so that when doing ifdown/ifup to flap the
interface, it will success even when the interface is already
enslaved as a member of VLAN.
- LAG members do not have IP addresses. Thus ifconfig command is
needed.
- Do not display comments when not necessary.
Signed-off-by: Shuotian Cheng <shuche@microsoft.com>
* [base image]: Install SwSS SDK Python packages (Python 2 & 3) into base image
* Fix typo in existing variable name
* Only install Python 2 version, as Python 3 is not installed in base image
