* [security kernel] Upgrade kernel from 4.9.110-3+deb9u2 to 4.9.110-3+deb9u6
short version: 4.9.0-7 to 4.9.0-8
See changelogs for security fixes:
https://tracker.debian.org/media/packages/l/linux/changelog-4.9.110-3deb9u6
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* Update sonic-linux-kernel submodule after it was merged
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* [warmboot] Load database from `redis-cli save`
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Add trivial statement to make bash function valid
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Update submodule sonic-utilities: Use 'redis-cli save' to dump database to file
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Move configdb-load.sh outside docker, and only run in cold
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Fix for more strict warm check
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Restore neighbor table to kernel during system warm-reboot
Added a service: "restore_neighbors" to restore neighbor table into
kernel during system warm reboot. The service is started by supervisord
in swss docker when the docker is started.
In case system warm reboot is enabled, it will try to restore the neighbor
table from appDB into kernel through netlink API calls and update the neighbor
table by sending arp/ns requests to all neighbor entries, then it sets the
stateDB flag for neighsyncd to continue the reconciliation process.
-- Added tcpdump python-scapy debian package into orchagent and vs dockers.
-- Added python module: pyroute2 netifaces into orchagent and vc dockers.
-- Workarounded tcpdump issue in the vs docker
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* Move the restore_neighbors.py to sonic-swss submodule
Made changes to makefiles accordingly
Make dockerfile.j2 changes and supervisord config changes
Add python monotonic lib for time access
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* Added PYTHON_SWSSCOMMON as swss runtime dependency
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* FRR 4.0 integration with SONiC
-- Uses SONiC FRR repo frr/4.0 (which has SONiC support) to build image
-- Makefile changes to make frr4.0 builtable.
-- Updated/Added FRR configuration files
-- bgpd jinja template fixes
To build SONiC images with FRR4.0, simply edit rules/config file and change
routing stack to following:
SONIC_ROUTING_STACK = frr
and then build images as usual.
* Used integrated-vtysh-config in FRR
Changed to single template: frr.conf.j2 for configuration and added tests
Call add_extra_package instead add_derived_package. Because the 'extra'
package doesn't require 'base' package to be installed to be built.
This change enables make stretch with multiple threads.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [baseimage]: install picocom 3.1 in base image
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* add picocom to stretch build
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* fix slave.mk bug
Signed-off-by: Guohan Lu <gulv@microsoft.com>
The behavior could be that we are sending LLDP message but not using
lldpcli configured properties if netlink delete messages were lost.
It also could be that some interfaces do not sending messages at all.
"lldpcli show statistics" could see duplicated or missing interfaces.
Changes:
Upgrade lldpd to 0.9.6 (which introduced the adjustable netlink buffer size)
Change the netlink receive buffer size to 1MB
* [docker-platform-monitor] make file and supervisord conf change for new xcvrd deamon
* make file change for the new daemon
* supervisord conf change for the new daemon
signed-off-by Liu Kebo kebol@mellanox.com
* make xcvrd start sequence aligned with the supervisord conf
* update submodules to include xcvrd modification
* Fix for bash's memory-leak
Memory leak is observed during the execution of scripts that make use of bash-arrays. In scenarios where the offending script is executed on a regular basis (e.g. fancontrol), the leaking process may end up consuming most of the system resources.
In this PR i'm replacing bash in all the contexts where it executes (both host and dockers). The official patch for this issue is here: https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-040
* Fixing minor issue during code-merge
Signed-off-by: Rodny Molina <rmolina@linkedin.com>
* [make] introducing new build option KERNEL_BUILD_METHOD
- Kernel could be built from source files with method 'build'
- Kernel could be downloaded from Azure storage with method 'download'
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* Replace BUILD with PROCURE
* fix typo
* [docker-base] Instruct apt-get to NOT install 'recommended' or 'suggested' packages
* Modify docker-fpm-quagga, docker-snmp-sv2 and docker-sonic-vs Dockerfile templates in order to properly install .deb dependencies
* REDIS_SERVER depends on REDIS_TOOLS; ensure REDIS_TOOLS is always installed before REDIS_SERVER
* Fix tcpdmatch dependency
Issue: sonic_debian_extension.j2 uses tcpdmatch from src folder
which is result of libwrap build
Fix: added tcpd.deb to build results and extract required files
from build results
* Install libwrap0 and tcpd deb packages
* SONiC system telemetry Support
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Update package name from telemetry to sonic-telemetry
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Upgrade linux-image version
* Add missing dependency of igb
* Fix mft build rule
* Add missing dependency of ixgbe
* [Broadcom]: Update OpenNSL modules to be compatible with kernel 3.16.0-5 (#3)
* [Nephos] Update SDK version to support new kernel module 3.16.0-5 (#4)
* [mellanox]: Update URL for SDK (#5)
* Add patch to prevent 'supervisorctl start' command from hanging if system time has rolled backward
* Also add unit tests for clock rollback scenarios
* Fix build of libsaithrift for broadcom
* Restore libsaithrift-dev building
* Comment out libsaithrift library on cavium and marvell. Both of them have old SAI drivers
* Revert back unintentional acton changes
* Don't run the package checks when building sairedis package
* Add switch ASIC vendor and platforms for Nephos
- What I did
Add switch ASIC vendor: Nephos
Add Nephos platforms: Ingrasys S9130-32X, Ingrasys S9230-64X
- How I did it
Add platform/nephos files
Add platform/nephos/sonic-platform-modules-ingrasys submodule
Add device/ingrasys/x86_64-ingrasys_s9130_32x-r0 files
Add device/ingrasys/x86_64-ingrasys_s9230_64x-r0 files
Add SONiC to support Nephos platform
- How to verify it
To build SONiC installer image and docker images, run the following commands:
make configure PLATFORM=nephos
make target/sonic-nephos.bin
Check system and network feature is worked as well
- Description for the changelog
Add switch ASIC vendor and platforms for Nephos
- A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: Sam Yang <yang.kaiyu@gmail.com>
* Advance sonic-sairedis submodule to include #271 (Add Nephos ASIC)
* asyncsnmp depends on sonic-utilities so it is possible to import sonic_psu
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Ignore sonic_utilities test during build
* [TACACS+]: Add support for TACACS+ Authentication
* pam_tacplus - A TACACS+ protocol client library and PAM module to
supports core TACACS+ functions for AAA.
* nss_tacplus - A NSS plugin for TACACS+ to extend function getpwnam,
make the TACACS+ authenticated user which is not found in local
could login successfully.
* Add make rules for pam_tacplus and install script
* Add a patch for pam_tacplus to disable pam-auth-update pam-tacplus
by default
* Add a patch for pam_tacplus to inlucde and build nss_tacplus
Signed-off-by: chenchen.qcc@alibaba-inc.com
* [TACACS+]: Add nss-tacplus as a separate src repo
* Separate nss-tacplus from pam-tacplus, modify tacacs.mk and
makefile, add a patch to adapt to the new user map profile.
* Use the lastest stable version for pam-tacplus, add a dependent
package in sonic-salve, add two patches to fix build error.
* Add scripts to disable tacplus by default.
* Remove hostcfgd service file
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
* [TACACS+]: Fix nss-tacplus filter some valid TACACS+ username
* The NAME_REGEX for username check in plugin nss-tacplus is
the ANSI version "^[0-9a-zA-Z_-\ ]*$", but the regular expression
in /etc/adduser.conf is not defined as ANSI version. To avoid
nss-tacplus filter some valid TACACS+ username, remove username
check.
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
- Found a bug in v4.3.1-6 in which dhcrelay would not start if
passed an interface name with a length of 15 characters due
to truncated copy of interface name in common/lpf.c.
Bug was fixed in v4.3.2.
- v4.3.3-6 is the newest version we can build for Debian Jessie, as all
newer versions require newer versions of debhelper and
libbind-export-dev dependencies than are available for Jessie.
* [build]: sonic-utilities package now depends on swsssdk; add build dependency
* Now building sonic-utilities Python package in wheel format
* Update sonic-utilities submodule
* Change output wheel name to match proper format
* Framework to plugin Organization specific scripts
* Framework to plugin Organization specific scripts
* Framework to plugin Organization specific scripts
* add getopt option to organization script
* Bump sonic-platform-modules-arista submodule
* Allow image specific mount option for containers
* Add led plugin for DCS-7060CX-32S
* Add led plugin for DCS-7260CX3-64
* [cfggen] Support reading from and writing to configdb
* [bgp] Move bgp_admin_state to configdb, support dynamic admin state change
* [sonic-utilities] Adapt configDB for admin status, support config save and config load
Print current build configuration before run
Update screen with currently running targets (only available if TERM is
available)
Change format of printed targets
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* [config]: Add SONIC_CONFIG_MAKE_JOBS
This config option allows user to specify -j value that will be passed
to each package build.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Add docker-dhcp-relay/Dockerfile to .gitignore
* Add isc-dhcp-relay .deb package to image build process, along with my Option 82 patch
* Install custom isc-dhcp-relay in dhcp_relay docker
* Install isc-dhcp-relay build dependencies in sonic-slave Docker container
* Copy the built .deb package to the destination directory
* Add dependencies for isc-dhcp-relay
* Change Option 82 string to '<hostname>:<portname>'
* Install dependencies of .deb files implicitly in Dockerfile
* Remove unused line
* Remove unnecessary space
* [bgp] Save admin state and set default state to shutdown
* Set default behavior to no shutdown
* Add build option SHUTDOWN_BGP_ON_START
* Script change for default admin state to be on
* Address CR comments to bgp_neighbor script
* Fix script bug
Under rules/config now there's additional configuration option
ENABLE_SYNCD_RPC that allows building SONIC installer with
docker-syncd-*-rpc for evaluation purposes.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
- Extending SONiC building infrastructure to provide users
with greater flexibility, by allowing them to elect a
routing-stack different than the default one (quagga). The desired
routing-stack will be defined in rules/config file.
- As part of these changes I'm adding support for
Free-Range-Routing (FRR) stack. Quagga will continue to be
the default routing-stack.
Signed-off-by: Rodny Molina <rodny@linkedin.com>
* [build]: Include SONiC version into installer.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Append dirty if contains local changes
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Update config
* Use correct name for kernel version field
* Update sysDescription.j2
- Create /var/run/redis/ folder on the host
- Install Python client for Redis on the host
- Mount /var/run/redis/ as read/write from host for all dockers
- Enable accessing the database everywhere including on the host and from remote
Signed-off-by: Shuotian Cheng <shuche@microsoft.com>
add_derived_package setup dependency between the main deb and derived deb.
The derived deb depends on the main deb and need to install the main deb.
add_extra_package does not setup dependency between the main deb and peer deb,
does not require to install the main deb.
* rename add_peer_packages to add_extra_packages
( All device-specific files now reside under /device directory in a <vendor-name>/<platform-string>/<hardware-SKU> directory structure in repo.
* Device-specific files are now packaged into a Debian package (sonic-device-data) and are now installed to /usr/share/sonic/device/<platform-string>/<hardware-SKU>/ directory on switch.
- Add a functionality to get SNMP community from DHCP (option 224)
- Add a functionality to get minigraph from http service instead of using default minigraph
- The url for graph service is passed through DHCP option 225
- This feature is by default disabled. Modify rule/config to enable it on build time, or modify /etc/sonic/graph_service_url on run time.
- Fix a bug that getting hostname from DHCP is not working correctly
* [docker-config-engine]: introduce docker sonic config engine
sonic config engine provide the sonic configure engine for all sonic
dockers that rely on the engine to generate runtime configuration.
* Single image
* Fix review comments
* Update syncd service. Add HW mgmt to Mellanox single image.
* Add single image template for Broadcom platform.
SKU should be provided during configure:
make configure PLATFORM=broadcom SKU=Force10-S6000
* Add single image template for Cavium platform.
SKU should be provided during configure:
make configure PLATFORM=cavium SKU=AS7512
* Add description to sonic_debian_extension.j2 file.
Add a sonic-config-engine to help generate config file based on minigraph and other data on runtime. Modify fpm, teamd, lldp, snmp, and platform-monitor docker to use sonic-config-engine to generate config in docker upon load.
* Build improvements
Fix dependencies
Add configuration options
Automatically build sonic-slave
* Set default number of jobs to 1
* Auto generate target/debs directory
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Automatically remove sonic-slave container after exit
* Silence clean-logs
* Add SONIC_CLEAN_TARGETS to clean
* Use second expansion for clean dependencies
* Avoid creating empty log files
Remove log file on flush instead of writing empty string
* Put dpkg install inside lock
Use same lock as debian install targets do to avoid
race condition in dpkg installation
* Remove redirect to log from docker save
* Add .platform dependency to all and clean targets
* Remove header and footer from clean targets
* Disable messages for SONIC_CLEAN_TARGETS
* Exit with error if dpkg-buildpackage fails
* Set new location for debs in build_debian.sh
* Add recipe for docker-database
* Update redis version to 3.2.4
* Add support for p4 platform
* Add recipe for snmpd
* Add slave targets to phony and make all target default
* Remove build.sh from thrift
* Add versioning to team, nl, hiredis and initramfs
* Change sonic-slave to support snmpd build from sources
* Remove src/tenjin
* Add recipe for lldpd
* Add recipe for mpdecimal
* Remove hiredis directory on rebuild
* Add recipe for Mellanox hw management
* Remove generic image from all targets for Mellanox
* Add support for python wheels
* Add lldp and snmp dockers
* Sync docker-database to include libjemalloc
* Fix asyncsnmp variable name
* Change default build configuration
Redirect output to log files by default
Set number of jobs to nproc value
Do not print dependencies
Fix logging to print log of failed job into console
* Use docker inspect to check if sonic-slave image exists
* Use config in slave.mk directly
* Disable color output by default
* Remove sswsdk dependency from lldp and snmp dockers
* Fix comment in py wheels install targets
* Add dependency between two versions of sswsdk
* Add containers to mellanox platform
lldp, snmp and database containers
* Add recipe for team docker
* Add team docker to mellanox platform
* Encrypt password passed to build_debian.sh
* Update mellanox SAI version
Make version and revision setting only in main recipe
* Fix error handling in makefiles
As makefiles use .ONESHELL we should add -e
option to shell options in order to exit after any command fails
* Add recipe for platform monitor image
* Add platfotm monitor to mellanox targets
* Ignore submodules when building base image