Commit Graph

2182 Commits

Author SHA1 Message Date
Renuka Manavalan
238db1e06a [tacacs]: skip accessing tacacs servers for local non-tacacs users (#2843)
* Switch the nss look up order as "compat" followed by "tacplus".
This helps use the legacy passwd file for user info and go to tacacs only if not found.
This means, we never contact tacacs for local users like "admin".
This isolates local users from any issues with tacacs servers.
W/o this fix, the sudo commands by local users could take <count of servers> * <tacacs timeout> seconds, if the tacacs servers are unreachable.

* Skip tacacs server access for local non-tacacs users.
Revert the order of 'compat tacplus' to original 'tacplus compat' as tacplus
access is required for all tacacs users, who also get created locally.
2019-05-20 18:59:26 +00:00
paavaanan
643d16a4d7 LED Supprot For DellEMC Z9100 (#2799) 2019-05-20 18:58:55 +00:00
Joe LeVeque
bd7b96fea3 [201811][dhcp_relay] Add support for DHCP client(s) on one VLAN and DHCP server(s) on another (#2919)
* Change URL for isc-dhcp source repository

* Modify supervisor conf to generate dhcrelay commands with '-id' and '-iu' options

* Comments; Also clean up jinja2 syntax

* Patch relay to open one socket per interface and send to all servers on all upstream interfaces

* Patch relay agent to properly forward BOOTREQUEST only on appropriate interface if it is a directed broadcast

* Port upstream patches to isc-dhcp-relay to support upstream/downstream interfaces

* Update patch to properly support interfaces with multiple IP addresses assigned

* Pass --enable-use-sockets to configure instead of uncommenting USE_SOCKETS directly
2019-05-18 10:33:26 -07:00
Ying Xie
116246de1b
[201811][utilities] update sub module head (#2897)
Submodule src/sonic-utilities 6130695..a1f961c:
  > update scheme variable name (#531)
  > [teamshow]: Add * to indicate if the state has been synced into database (#395)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-05-14 15:39:16 -07:00
Sumukha Tumkur Vani
c1836146a3 Fix for LLDP portname issue (#2886)
* Fix for LLDP portname issue
First check for operstate and if its not present then check for ifindex

* Addressing review comments
2019-05-14 18:03:29 +00:00
pavel-shirshov
99de97c5cc [sonic-quagga]: Fix missing fpm messages (#2884) 2019-05-14 18:03:06 +00:00
Ying Xie
21f31e97e1
[201811][swss][utilities] advance sub-module head (#2878)
Submodule src/sonic-swss e26e1d8..8246bd9:
  > [watermarkorch] only perform periodic clear if the polling is on (#781)

Submodule src/sonic-utilities e3bb8b9..6130695:
  > [reboot] log reboot progress and add a sanity check before reboot (#526)
  > Fix TODO to get/set active ports only (#494)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-05-09 17:34:21 -07:00
paavaanan
b54d7874c6 [devices]: DellEMC S6100/Z9100 sensor.conf update (#2861) 2019-05-09 16:55:37 +00:00
Ying Xie
dc2fb747a5 [ebtables] install ebtables in base image and install filter rules
- Add ebtables package, and install some filter rules:
  1. ebtables -A FORWARD -d BGA -j DROP
  2. ebtables -A FORWARD -p ARP -j DROP

Basically, we let the ARP packets in the VLAN being forwarded by the ASIC,
kernel gets a copy of these ARP packets and the forwarding from Kenerl gets
dropped. So there is always only one copy of ARP/response in the VLAN.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-05-06 22:13:03 +00:00
Ying Xie
d12782cc48
[201811][swss] advance sub-module head (#2868)
Submodule src/sonic-swss 6e8f991..e26e1d8:
  > [arp] copy arp IO to cpu instead of trap and drop (#812)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-05-06 15:09:31 -07:00
sridhar-ravindran
4e99b603ea Enable Debugs in BCM Kernel-bde and Knet Modules (#2786)
* Enable Debugs in BCM Kernel-bde and Knet Modules

* Added Explanation for debugs enabled
2019-05-06 17:21:04 +00:00
Andriy Moroz
cf6f22f775 [mellanox]: Update SAI (#2841)
Add support to trap copy action

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
2019-05-01 11:57:08 -07:00
Ying Xie
65cd722223
[201811][utilities] advance sub-module head (#2849)
Submodule src/sonic-utilities 584e706..e3bb8b9:
  > [show] Call teamshow using sudo in 'show interfaces portchannel' (#524)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-05-01 08:51:56 -07:00
Joe LeVeque
cc90d7f5ee [sudoers] Add /usr/bin/teamshow to READ_ONLY_CMDS (#2846) 2019-05-01 15:51:13 +00:00
Ying Xie
3b02eec933 [db migrator] migrate the DB to latest schema when needed (#2808)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-30 23:43:52 +00:00
Ying Xie
f22666ce58
[201811][utilities] advance sub-module head (#2844)
Submodule src/sonic-utilities 9005508..584e706:
  > [db migrator] Introduce the DB migration infrastructure (#519)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-30 16:41:38 -07:00
paavaanan
af380e9c79 [devices]: DellEMC S6000 xcvrd support (#2560)
* DellEMC S6000, xcvrd support

* sleep 1 second to avoid busy looping

* removal of dead code

* Correct typo error to 1 second

* Introduced 1 second sleep

* Revamped script with blocking call support

* get_transceiver_change_event api definition update

* adding timeout support for get_transceiver_change_event
2019-04-30 19:16:19 +00:00
Qi Luo
dd31c2d84a Remove unused packages in docker images and host (#2807)
* Remove unneeded packages in docker images and host
* Remove libpython3.6 from snmp docker image
2019-04-30 19:12:00 +00:00
Ying Xie
e4a663a606 [teamd] do not process lacpdu before the port ifinfo is set (#2815)
Port libteam patch which fixes the race condition we observed during
warm reboot.

Remove early patches: 0006, 0008, 0009.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-30 19:07:39 +00:00
Stepan Blyshchak
675a89959a [mellanox] Update Mellanox FW version (#2827)
Fixes random failures during ISSU start (warm pre-shutdown)

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2019-04-28 23:13:10 -07:00
Shuotian Cheng
34734e4c55 [minigraph]: Fix bug in copying list in Python (#2831)
'=' cannot be used for copying the list

Signed-off-by: Shu0T1an ChenG <shuche@microsoft.com>
2019-04-26 22:29:03 +00:00
Ying Xie
edc8685e1e [teamd service] start teamd service after swss (#2829)
SWSS clears DB tables, if teamd is not started after swss, there is a
race condition that swss might clear vital teamd information.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-26 22:14:14 +00:00
Ying Xie
042d6145a5 [201811][sairedis][utilities] advance sub module heads (#2830)
Submodule src/sonic-sairedis 74f0f44..d027eae:
  > [SAI header] upgrade SAI header to version v1.3.7 (#445)

Submodule src/sonic-utilities 0f7e75c..9005508:
  > Bring queue storm status to 'pfcwd show stats' (#500)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-26 12:00:14 -07:00
pavel-shirshov
525ee59165 Downport the netlink patch to libteam1.26. Increase netlink buffers (#2822) 2019-04-26 15:27:22 +00:00
Andriy Moroz
5004d2b4fe Increase syncd start timeout (#2776)
* Increase syncd start timeout

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>

* Replace TimeoutSec to TimeoutStartSec

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
2019-04-26 15:27:11 +00:00
Ying Xie
5663c812e1 Revert "[devices]: Watchdog enable/disable in DellEMC S6100 (#2730)" (#2817)
This reverts commit 22d17da09c.
2019-04-26 15:25:50 +00:00
Ying Xie
15a5264b85
[201811][swss][utilities] advance swss/utilities sub modules (#2809)
Submodule src/sonic-swss ae74a27..6e8f991:
  > Create ingress table group during the PFCWD stats list installment (#815)

Submodule src/sonic-utilities 6ba6d27..0f7e75c:
  > If fast-reboot-dump gives an error, don't continue with fast-reboot (#515)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-21 18:22:40 -07:00
pavel-shirshov
08eea92cf0 Update sonic-quagga submodulde. Quagga crash fix (#2802) 2019-04-22 01:18:49 +00:00
padmanarayana
5628de537a [devices]: Make the get_transceiver_change_event's epoll blocking S6100/Z9100 (#2459) 2019-04-22 01:18:03 +00:00
Ying Xie
03dfd3dea3
[201811][utilities] advance sonic-utilities sub module head (#2801)
Submodule src/sonic-utilities 79a0185..6ba6d27:
  > load_minigraph: restart hostcfgd (#511)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-18 15:10:43 -07:00
pavel-shirshov
f082cff528 teamd: lacp: update port state according to partner's sync bit (#2793)
Backport of
54f137c105

According to 6.4.15 of IEEE 802.1AX-2014, Figure 6-22, the state that the
port is selected moves MUX state from DETACHED to ATTACHED.

But ATTACHED state does not mean that the port can send and receive user
frames. COLLECTING_DISTRIBUTION state is the state that the port can send
and receive user frames. To move MUX state from ATTACHED to
COLLECTING_DISTRIBUTION, the partner state should be sync as well as the
port selected.

In function lacp_port_actor_update(), only INFO_STATE_SYNCHRONIZATION
should be set to the actor.state when the port is selected.
INFO_STATE_COLLECTING and INFO_STATE_DISTRIBUTING should be set to false
with ATTACHED mode and set to true when INFO_STATE_SYNCHRONIZATION of
partner.state is set.

In function lacp_port_should_be_{enabled, disabled}(), we also need to
check the INFO_STATE_SYNCHRONIZATION bit of partner.state.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
2019-04-18 16:56:20 +00:00
Stepan Blyshchak
08fed3c125 [snmp.service] Make swss.service a requisite (#2790) 2019-04-18 16:55:55 +00:00
paavaanan
034ac41e57 [devices]: Watchdog enable/disable in DellEMC S6100 (#2730) 2019-04-18 16:55:26 +00:00
michealylj1
397b552a76 [Devices] Add new device CIG CS6436-56P (#2587)
* Add new device CIG CS6436-56P

* Delete minigraph.xml

It isn't necessary in the current system, just delete it

* Update qos.json.j2

* Update port_config.ini

Add the speed column. The cmd to show interface status as:

root@switch1:~# show interface status             
  Interface            Lanes    Speed    MTU         Alias    Oper    Admin    Type    Asym PFC
-----------  ---------------  -------  -----  ------------  ------  -------  ------  ----------
  Ethernet0                8      25G   9100   Ethernet1/1      up       up     SFP         N/A
  Ethernet1                9      25G   9100   Ethernet2/1      up       up     SFP         N/A
  Ethernet2               10      25G   9100   Ethernet3/1    down     down     N/A         N/A
  Ethernet3               11      25G   9100   Ethernet4/1    down     down     N/A         N/A
  Ethernet4               12      25G   9100   Ethernet5/1    down     down     N/A         N/A
  Ethernet5               13      25G   9100   Ethernet6/1    down     down     N/A         N/A
  Ethernet6               14      25G   9100   Ethernet7/1    down     down     N/A         N/A
  Ethernet7               15      25G   9100   Ethernet8/1    down     down     N/A         N/A
  Ethernet8               16      25G   9100   Ethernet9/1    down     down     N/A         N/A
  Ethernet9               17      25G   9100  Ethernet10/1    down     down     N/A         N/A
 Ethernet10               18      25G   9100  Ethernet11/1    down     down     N/A         N/A
 Ethernet11               19      25G   9100  Ethernet12/1    down     down     N/A         N/A
 Ethernet12               20      25G   9100  Ethernet13/1    down     down     N/A         N/A
 Ethernet13               21      25G   9100  Ethernet14/1    down     down     N/A         N/A
 Ethernet14               22      25G   9100  Ethernet15/1    down     down     N/A         N/A
 Ethernet15               23      25G   9100  Ethernet16/1    down     down     N/A         N/A
 Ethernet16               32      25G   9100  Ethernet17/1    down     down     N/A         N/A
 Ethernet17               33      25G   9100  Ethernet18/1    down     down     N/A         N/A
 Ethernet18               34      25G   9100  Ethernet19/1    down     down     N/A         N/A
 Ethernet19               35      25G   9100  Ethernet20/1    down     down     N/A         N/A
 Ethernet20               40      25G   9100  Ethernet21/1    down     down     N/A         N/A
 Ethernet21               41      25G   9100  Ethernet22/1    down     down     N/A         N/A
 Ethernet22               42      25G   9100  Ethernet23/1    down     down     N/A         N/A
 Ethernet23               43      25G   9100  Ethernet24/1    down     down     N/A         N/A
 Ethernet24               48      25G   9100  Ethernet25/1    down     down     N/A         N/A
 Ethernet25               49      25G   9100  Ethernet26/1    down     down     N/A         N/A
 Ethernet26               50      25G   9100  Ethernet27/1    down     down     N/A         N/A
 Ethernet27               51      25G   9100  Ethernet28/1    down     down     N/A         N/A
 Ethernet28               56      25G   9100  Ethernet29/1    down     down     N/A         N/A
 Ethernet29               57      25G   9100  Ethernet30/1    down     down     N/A         N/A
 Ethernet30               58      25G   9100  Ethernet31/1    down     down     N/A         N/A
 Ethernet31               59      25G   9100  Ethernet32/1    down     down     N/A         N/A
 Ethernet32               64      25G   9100  Ethernet33/1    down     down     N/A         N/A
 Ethernet33               65      25G   9100  Ethernet34/1    down     down     N/A         N/A
 Ethernet34               66      25G   9100  Ethernet35/1    down     down     N/A         N/A
 Ethernet35               67      25G   9100  Ethernet36/1    down     down     N/A         N/A
 Ethernet36               68      25G   9100  Ethernet37/1    down     down     N/A         N/A
 Ethernet37               69      25G   9100  Ethernet38/1    down     down     N/A         N/A
 Ethernet38               70      25G   9100  Ethernet39/1    down     down     N/A         N/A
 Ethernet39               71      25G   9100  Ethernet40/1    down     down     N/A         N/A
 Ethernet40               72      25G   9100  Ethernet41/1    down     down     N/A         N/A
 Ethernet41               73      25G   9100  Ethernet42/1    down     down     N/A         N/A
 Ethernet42               74      25G   9100  Ethernet43/1    down     down     N/A         N/A
 Ethernet43               75      25G   9100  Ethernet44/1    down     down     N/A         N/A
 Ethernet44               76      25G   9100  Ethernet45/1    down     down     N/A         N/A
 Ethernet45               77      25G   9100  Ethernet46/1    down     down     N/A         N/A
 Ethernet46               78      25G   9100  Ethernet47/1    down     down     N/A         N/A
 Ethernet47               79      25G   9100  Ethernet48/1    down     down     N/A         N/A
 Ethernet48      84,85,86,87     100G   9100  Ethernet49/1      up       up  QSFP28         N/A
 Ethernet49      80,81,82,83     100G   9100  Ethernet50/1      up       up  QSFP28         N/A
 Ethernet50      92,93,94,95     100G   9100  Ethernet51/1    down     down     N/A         N/A
 Ethernet51      88,89,90,91     100G   9100  Ethernet52/1    down     down     N/A         N/A
 Ethernet52  108,109,110,111     100G   9100  Ethernet53/1    down     down     N/A         N/A
 Ethernet53  104,105,106,107     100G   9100  Ethernet54/1    down     down     N/A         N/A
 Ethernet54  116,117,118,119     100G   9100  Ethernet55/1    down     down     N/A         N/A
 Ethernet55  112,113,114,115     100G   9100  Ethernet56/1    down     down     N/A         N/A
root@switch1:~#
2019-04-18 16:54:31 +00:00
Joe LeVeque
d210f86b24
[201811] [radvd] Build radvd from source; Patch so as not to treat out-of-range MTU as an error (#2796) 2019-04-17 16:40:40 -07:00
Ying Xie
543aec6a18
[201811][utilities] advance sonic-utilities submodule (#2792)
Submodule src/sonic-utilities 6aee909..79a0185:
  > [fast/warm reboot] add some sanity check before warm reboot (#510)
  > In sync with our latest change, where we default failthrough to be False. (#507)
  > [generate_dump] system dump improvements (#503)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-16 11:51:04 -07:00
Qi Luo
5578e3d1bd [mgmt] Install passlib in sonic-mgmt docker to support ansible no_log option (#2782) 2019-04-16 15:38:01 +00:00
Samuel Angebault
227bc32594 Install python3.6 smbus module in snmp (#2772) 2019-04-16 15:36:57 +00:00
pavel-shirshov
fde3a4f035 [sonic-cfggen]: Output differences for bgp configurations (#2768) 2019-04-16 15:36:21 +00:00
pavel-shirshov
144fe975e5 [docker-fpm-quagga]: Add support for PeerAsn and UpdateAddress (#2766) 2019-04-16 15:35:51 +00:00
Ying Xie
19813c2924 [bgp quagga] increase BGP graceful restart timeout to 240 seconds (#2754)
There are some platforms with less powerful CPU/hard-drive could take
longer to get ready for BGP. For these platforms, 240 seconds would be
a safer threshold.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-16 15:35:09 +00:00
pavel-shirshov
f62d2b0df2 [vstest]: Test for quagga livelock fix (#2751)
* Test for quagga livelock fix

* Create /usr/local/etc for the test

* Add more debug info

* Install specific version of exabgp

* Update sonic-quagga
2019-04-16 15:34:38 +00:00
Mykola F
bed716edfe [Mellanox] Update SAI (#2778)
New SAI version is not going to flood our log with unnecessary log messages.

Signed-off-by: Mykola Faryma <mykolaf@mellanox.com>
2019-04-14 10:59:26 -07:00
Ying Xie
97e996f87e [bcm SAI] upgrade Broadcom SAI to version 3.3.5.4-1 (#2764)
- Broadcom SAI GA drop 20190402

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-10 19:12:29 -07:00
Ying Xie
9ae11035d7
[20181][sub-modules] advance sairedis, swss, swss-common and utilities (#2759)
Submodule src/sonic-sairedis 483c89e..97dd2a8:
  > Fix compilation issues in stretch docker with gcc-6.3 (#426)
  >  Make object list deterministic when iterating (#438)
  > Ignore ACL_COUNTER bytes and packets during comparison logic (#443)

Submodule src/sonic-swss d22b2de..ae74a27:
  > Survive pfc watchdog storm action across warm-reboot (#794)

Submodule src/sonic-swss-common 36fd5e9..24c0ff7:
  > Update PFC_WD table name in CONFIG_DB (#266)

Submodule src/sonic-utilities bae21e7..6aee909:
  > [neighbor advertiser] convert int to string before concatenating (#505)
  > [config]: Change the order of interface commands (#504)
  > Change PFC watchdog CONFIG_DB table name from PFC_WD_TABLE to PFC_WD (#475)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-09 14:20:35 -07:00
Renuka Manavalan
6c1a0ce58c [hostcfgd] -- Fix the default for failthrough as false.
This implies that by default, if TACACS is configured properly and it reported auth_err, then don't try fail through to traditional unix authentication through /etc/passwd.

If this failthrough is intended, make it explicit through "sudo config aaa authentication failthrough enable"

Removed an unused variable "aaa.fallback"

Tested manually. Note the presence of 'auth_err=die' in all cases except when failthrough is explicitly enabled.

admin@str-s6000-acs-13:~$ sudo config aaa authentication failthrough default; date
Wed Apr  3 23:05:18 UTC 2019
admin@str-s6000-acs-13:~$ ls -lrt /etc/pam.d/common-auth-sonic ; grep 123 /etc/pam.d/common-auth-sonic
-rw-r--r-- 1 root root 1316 Apr  3 23:05 /etc/pam.d/common-auth-sonic
auth    [success=done new_authtok_reqd=done default=ignore auth_err=die]        pam_tacplus.so server=100.127.20.22:49 secret=testing123 login=login timeout=5 try_first_pass
auth    [success=done new_authtok_reqd=done default=ignore auth_err=die]        pam_tacplus.so server=100.127.20.21:49 secret=testing123 login=login timeout=5 try_first_pass

admin@str-s6000-acs-13:~$ sudo config aaa authentication failthrough enable; date ; h4 "AAA|authentication"
Wed Apr  3 23:06:37 UTC 2019
admin@str-s6000-acs-13:~$ ls -lrt /etc/pam.d/common-auth-sonic ; grep 123 /etc/pam.d/common-auth-sonic
-rw-r--r-- 1 root root 1294 Apr  3 23:06 /etc/pam.d/common-auth-sonic
auth    [success=done new_authtok_reqd=done default=ignore]     pam_tacplus.so server=100.127.20.22:49 secret=testing123 login=login timeout=5 try_first_pass
auth    [success=done new_authtok_reqd=done default=ignore]     pam_tacplus.so server=100.127.20.21:49 secret=testing123 login=login timeout=5 try_first_pass

admin@str-s6000-acs-13:~$ sudo config aaa authentication failthrough disable; date ; h4 "AAA|authentication"
Wed Apr  3 23:07:09 UTC 2019
admin@str-s6000-acs-13:~$ ls -lrt /etc/pam.d/common-auth-sonic ; grep 123 /etc/pam.d/common-auth-sonic
-rw-r--r-- 1 root root 1321 Apr  3 23:07 /etc/pam.d/common-auth-sonic
auth    [success=done new_authtok_reqd=done default=ignore auth_err=die]        pam_tacplus.so server=100.127.20.22:49 secret=testing123 login=login timeout=5 try_first_pass
auth    [success=done new_authtok_reqd=done default=ignore auth_err=die]        pam_tacplus.so server=100.127.20.21:49 secret=testing123 login=login timeout=5 try_first_pass
2019-04-08 23:41:51 +00:00
Ying Xie
5c663ca7bb
[201811][utilities] advance submodule head (#2748)
Submodule src/sonic-utilities d1070b2..bae21e7:
  > Update neighbor advertiser (#498)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-04 08:34:44 -07:00
Ying Xie
4eaa4dabff Revert "[teamd service] teamd service should start after syncd (#2724)" (#2733)
This reverts commit 0d1efb131c.
2019-04-04 15:22:44 +00:00
paavaanan
27f1aa7e09 removing dhcp- turn- off option from initrd (#2555)
* removing dhcp changes from initrd

* removing mgmt-intf-dhcp file
2019-04-04 15:22:14 +00:00
Ying Xie
1a4bac7e27
[201811][platform-common] add platform-common 201811 branch (#2743)
- Cherry-picked one change:

Submodule src/sonic-platform-common d4bf78c..42119e1:
  > remove gang port parsing (#24)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-04 08:12:54 -07:00