Commit Graph

2473 Commits

Author SHA1 Message Date
Ying Xie
4cd54ed58c [ntp] disable ntp long jump (#4748)
Found another syncd timing issue related to clock going backwards.
To be safe disable the ntp long jump.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2020-06-11 22:03:22 +00:00
Ying Xie
d433e529fd
[bcm SAI] upgrade Broadcom SAI to version 3.5.3.5-1 (#4739)
- Broadcom SAI 3.5 GA code drop on 20200608.

Changes:
- CS9533198
- CS10283709
- CS00009716645
- CS00010389861
- CS00010406122
- CS00010503275
- Addressed a few memory leak issues.
- Addressed an array memory allocation issue.
- Addressed assert during SER handling.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2020-06-10 01:29:39 -07:00
Joe LeVeque
7ae30d7898 [caclmgrd] Get first VLAN host IP address via next() (#4685)
I found that with IPv4Network types, calling list(ip_ntwrk.hosts()) is reliable. However, when doing the same with an IPv6Network, I found that the conversion to a list can hang indefinitely. This appears to me to be a bug in the ipaddress.IPv6Network implementation. However, I could not find any other reports on the web.

This patch changes the behavior to call next() on the ip_ntwrk.hosts() generator instead, which returns the IP address of the first host.
2020-06-09 16:30:45 +00:00
pavel-shirshov
c587f3c4d5 [sonic-slave]: Install pympler to find the memory leaks in python (#4652) 2020-06-09 16:27:53 +00:00
Joe LeVeque
494701a0ee [caclmgrd] Allow more ICMP types (#4625) 2020-06-09 16:07:51 +00:00
yozhao101
aa949cdc74 [docker-syncd] Add timeout to force stop syncd container (#4617)
**- Why I did it**
When I tested auto-restart feature of swss container by manually killing one of critical processes in it, swss will be stopped. Then syncd container as the peer container should also be
stopped as expected. However, I found sometimes syncd container can be stopped, sometimes
it can not be stopped. The reason why syncd container can not be stopped is the process
(/usr/local/bin/syncd.sh stop) to execute the stop() function will be stuck between the lines 164 –167. Systemd will wait for 90 seconds and then kill this process.

164 # wait until syncd quit gracefully
165 while docker top syncd$DEV | grep -q /usr/bin/syncd; do
166 sleep 0.1
167 done

The first thing I did is to profile how long this while loop will spin if syncd container can be
normally stopped after swss container is stopped. The result is 5 seconds or 6 seconds. If syncd
container can be normally stopped, two messages will be written into syslog:

str-a7050-acs-3 NOTICE syncd#dsserve: child /usr/bin/syncd exited status: 134
str-a7050-acs-3 INFO syncd#supervisord: syncd [5] child /usr/bin/syncd exited status: 134

The second thing I did was to add a timer in the condition of while loop to ensure this while loop will be forced to exit after 20 seconds:

After that, the testing result is that syncd container can be normally stopped if swss is stopped
first. One more thing I want to mention is that if syncd container is stopped during 5 seconds or 6 seconds, then the two log messages can be still seen in syslog. However, if the execution
time of while loop is longer than 20 seconds and is forced to exit, although syncd container can be stopped, I did not see these two messages in syslog. Further, although I observed the auto-restart feature of swss container can work correctly right now, I can not make sure the issue which syncd container can not stopped will occur in future.

**- How I did it**
I added a timer around the while loop in stop() function. This while loop will exit after spinning
20 seconds.

Signed-off-by: Yong Zhao <yozhao@microsoft.com>
2020-06-09 16:07:24 +00:00
Santhosh Kumar T
e6312e72f2 [DellEMC] S6000 Disable Low power mode by default (#4592) 2020-06-09 16:06:00 +00:00
Joe LeVeque
7da0c15af5 [caclmgrd] Ignore keys in interface-related tables if no IP prefix is present (#4581)
Since the introduction of VRF, interface-related tables in ConfigDB will have multiple entries, one of which only contains the interface name and no IP prefix. Thus, when iterating over the keys in the tables, we need to ignore the entries which do not contain IP prefixes.
2020-06-09 16:05:40 +00:00
Qi Luo
f71389bc34
[submodule] Update submodule: swss-common (#4729)
7c1cce5 2020-05-27 | Fix memory leak in pyext when Selectable is returned to Python (#343)  [pavel-shirshov]
1e8b5ca 2020-04-04 | [table] add hdel operation [Guohan Lu]
50bf741 2020-03-23 | [201811][schema] Add COUNTERS_LAG_NAME_MAP table in COUNTERS_DB (#334) [Joe LeVeque]
2020-06-09 09:02:37 -07:00
Joe LeVeque
3ee9c5d1e3 [caclmgrd] Add some default ACCEPT rules and lastly drop all incoming packets (#4412)
Modified caclmgrd behavior to enhance control plane security as follows:

Upon starting or receiving notification of ACL table/rule changes in Config DB:
1. Add iptables/ip6tables commands to allow all incoming packets from established TCP sessions or new TCP sessions which are related to established TCP sessions
2. Add iptables/ip6tables commands to allow bidirectional ICMPv4 ping and traceroute
3. Add iptables/ip6tables commands to allow bidirectional ICMPv6 ping and traceroute
4. Add iptables/ip6tables commands to allow all incoming Neighbor Discovery Protocol (NDP) NS/NA/RS/RA messages
5. Add iptables/ip6tables commands to allow all incoming IPv4 DHCP packets
6. Add iptables/ip6tables commands to allow all incoming IPv6 DHCP packets
7. Add iptables/ip6tables commands to allow all incoming BGP traffic
8. Add iptables/ip6tables commands for all ACL rules for recognized services (currently SSH, SNMP, NTP)
9. For all services which we did not find configured ACL rules, add iptables/ip6tables commands to allow all incoming packets for those services (allows the device to accept SSH connections before the device is configured)
10. Add iptables rules to drop all packets destined for loopback interface IP addresses
11. Add iptables rules to drop all packets destined for management interface IP addresses
12. Add iptables rules to drop all packets destined for point-to-point interface IP addresses
13. Add iptables rules to drop all packets destined for our VLAN interface gateway IP addresses
14. Add iptables/ip6tables commands to allow all incoming packets with TTL of 0 or 1 (This allows the device to respond to tools like tcptraceroute)
15. If we found control plane ACLs in the configuration and applied them, we lastly add iptables/ip6tables commands to drop all other incoming packets
2020-06-09 04:21:27 +00:00
Wirut Getbamrung
9f8d691d4e
[platform/cel]: Backport reboot cause API to 201811 branch (#4619)
Add reboot cause API to support process-reboot-cause.service
Implement chassis.get_reboot_cause platform API
2020-05-26 02:27:03 -07:00
Guohan Lu
236707ac64 [baseimage]: install same version for docker-ce and docker-ce-cli
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-05-20 01:08:44 +00:00
lguohan
8e014bb7e7 [baseimage]: pin down package version for azure-storage, watchdog and futures (#4575)
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-05-13 05:05:29 +00:00
Ying Xie
f52e59a032
[ntp] enable/disable NTP long jump according to reboot type (#4582)
- Enable NTP long jump after cold reboot.
- Disable NTP long jump after warrm/fast reboot.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2020-05-12 12:23:47 -07:00
Qi Luo
8d200300ca
[minigraph] Support FECDisabled in minigraph parser (#4556) (#4567)
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2020-05-09 15:54:39 -07:00
Neetha John
3d41c271a4 [qos]: Alpha and ECN settings change for Th (#4564)
Dynamic threshold setting changed to 0 and WRED profile green min threshold set to 250000 for Tomahawk devices

Changed the dynamic threshold settings in pg_profile_lookup.ini
Added a macro for WRED profiles in qos.json.j2 for Tomahawk devices
Necessary changes made in qos.config.j2 to use the macro if present

Signed-off-by: Neetha John <nejo@microsoft.com>
2020-05-09 18:25:17 +00:00
Ying Xie
660b0be9c5
[201811][sairedis] advance sairedis submodule head (#4562)
Submodule src/sonic-sairedis 5065d7858..370e3c171:
  > [syncd] Use steady clock for TimerWatchdog (#613)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2020-05-09 09:04:16 -07:00
Joe LeVeque
ceb878414d [process-reboot-cause] If software reboot cause is unknown add note if first boot into new image (#4538) 2020-05-08 20:37:22 +00:00
Qi Luo
708d901209
[bgpcfgd]: ip_addr is not defined (#4560) 2020-05-08 12:19:48 -07:00
Guohan Lu
9966a0a341 [bgpcfgd]: fix missing reference
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-05-08 06:09:40 +00:00
Renuka Manavalan
de05770895
Extend debug image build ability to all platforms. (#3134) (#4524) 2020-05-04 09:48:40 -07:00
Ying Xie
e2ae4ff365
[201811][utilities] advance utilities submodule head (#4490)
Submodule src/sonic-utilities d7e8f84cf..8c21fc151:
  > [utility] Filter FDB entries (#890)
  > Fix the warm-reboot script to support FRR based warm-reboot (#842)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2020-04-28 17:27:52 -07:00
Tamer Ahmed
0540bc4728 [dhcpmon] Filter DHCP O/A Messages of Neighboring Vlans (#4469)
* [dhcpmon] Filter DHCP O/A Messages of Neighboring Vlans

This code fixes a bug where two or more vlans exist. Cross contamination
happens for DHCP packets Offer/Ack when received on shared northbound links.
The code filters out those packet based on dst IP equal Vlan loopback IP.

signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-04-28 21:06:11 +00:00
Nazarii Hnydyn
bea64ba231
[platform] Add SSD Health tools. (#4464) 2020-04-27 08:29:30 -07:00
Danny Allen
d2acc7f9b0
[syncd-rpc] Fix PTF dependency in syncd-rpc image (#4438)
Signed-off-by: Danny Allen <daall@microsoft.com>
2020-04-17 10:13:32 -07:00
Renuka Manavalan
ca55099864 Update dockers with platform & SONiC version as part of name/tag. (#4337)
* Include platform info in name.
Get SONiC Version as parameter and use
Make additional tag as optional.
Avoid repetitions by using function.

* Per review comments, make SONIC_VERSION optional and added some comments.

* 1) Added additional params are optional
2) Handle DOCKER_IMAGE_TAG only if given
3) Use BUILD_NUMBER only if SONIC_VERSION not given
4) Tag with SONIC_VERSION if given.

Current behavior is not changed, unless SONIC_VERSION is given.

* Update per review comments
1) Added new args with options
2) Handle PORT possible being empty
3) Exhibit new behavior only if both version & platform are given.

* Drop redundant quotes
2020-04-15 17:19:56 +00:00
Stepan Blyshchak
fd2ca95f06
[mlnx] add option to build sdk from sources (#4378)
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2020-04-13 08:29:54 -07:00
Nazarii Hnydyn
096a0e1e18
[mellanox]: Add SSD FW update tool (#4352)
* [mellanox]: Add SSD FW update tool.

Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com>

* [mellanox]: Update SSD tool.

Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com>
2020-04-13 18:12:16 +03:00
Renuka Manavalan
bf83b03b47 Pass image_type to build_debian.sh, so it can do any required customizations. (#4401) 2020-04-08 22:09:06 +00:00
Stepan Blyshchak
46e5753656
[mellanox] update SDK to 4.3.1646 (#4381)
* fixes an issue when /host/warmboot/issu_bank.txt is empty/corrupted
switch is not able to over come this and enters continuos reload/reboot
failure.

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2020-04-07 15:01:46 +03:00
Arun Saravanan Balachandran
b16807003a
DellEMC: S6100 CPLD upgrade (#4299)
* DellEMC: S6100 CPLD upgrade

* DellEMC: S6100 CPLD upgrade - Retry on failure
2020-04-06 14:53:53 -07:00
Ying Xie
37684bb692
[201811][utilities] advance submodule heads (#4368)
Submodule src/sonic-utilities f431510ae..d7e8f84cf:
Fix issue of fields overwritten before display (#863)

Signed-off-by: Guohan Lu <lguohan@gmail.com>
Co-authored-by: Guohan Lu <lguohan@gmail.com>
2020-04-04 22:18:51 -07:00
SuvarnaMeenakshi
fba321ae6c [ntp]: Add "tinker panic 0" in ntp.conf to avoid ntpd from panic (#4263)
- What I did
Add configuration to avoid ntpd from panic and exit if the drift between new time and current system time is large.

- How I did it
Added "tinker panic 0" in ntp.conf file.

- How to verify it
[this assumes that there is a valid NTP server IP in config_db/ntp.conf]

Change the current system time to a bad time with a large drift from time in ntp server; drift should be greater than 1000s.
Reboot the device.
Before the fix:
3. upon reboot, ntp-config service comes up fine, ntp service goes to active(exited) state without any error message. This is because the offset between new time (from ntp server) and the current system time is very large, ntpd goes to panic mode and exits. The system continues to show the bad time.

After the fix:
3. Upon reboot, ntp-config comes up fine, ntp services comes up from and stays in active (running) state. The system clock gets synced with the ntp server time.
2020-04-03 19:42:17 +00:00
Joe LeVeque
28512122bc [minigraph.py] Add support for 'OutAcl' keyword and attaching ACLs to VLAN interfaces (#4229)
- Support parsing egress ACLs from minigraph file specified by the "OutAcl" element
- Support attaching ACLs to VLAN interfaces
2020-04-03 19:42:17 +00:00
Stepan Blyshchak
4bb2190ba6
[mellanox] update CPLD archive (#4349)
New CPLD includes support for watchdog type 3 with maximum timeout 65536 sec.

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2020-04-03 03:47:40 -07:00
Joe LeVeque
cbf7c7d80d [rsyslog] Suppress duplicate messages from base image and all Docker containers (#2497) 2020-04-02 21:42:01 +00:00
Stepan Blyshchak
a4dd0aa09f
[mellanox] add hardware watchdog script (#4274)
admin@sonic:~$ sudo hw-management-wd.sh
Usage: hw-management-wd.sh start [timeout] | stop | tleft | check_reset | help
start - start watchdog
        timeout is optional. Default value will be used in case if it's omitted
        timeout provided in seconds
stop - stop watchdog
tleft - check watchdog timeout left
check_reset - check if previous reset was caused by watchdog
        Prints only in case of watchdog reset
help -this help

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2020-03-31 20:34:55 -07:00
Volodymyr Samotiy
c8d8f1c6f0
[Mellanox]: Update FW to 13.2000.1658 version (#4343)
This new FW version includes the following fixes:

SFP thermal shutdown issue

Signed-off-by: Volodymyr Samotiy <volodymyrs@mellanox.com>
2020-03-31 20:33:25 -07:00
Wenda Ni
96675bc476 Add new hwsku Arista-7050QX32S-Q32 (#3091)
Signed-off-by: Wenda Ni <wenni@microsoft.com>
2020-03-22 22:42:48 +00:00
Ying Xie
d567dbd6fe
[201811][utilities] advance utilities submodule head (#4290)
Submodule src/sonic-utilities e9747899a..f431510ae:
  > [201811][intfutil] set speed to 0 when interface speed is not available (#840)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2020-03-19 18:42:48 -07:00
Sujin Kang
d8c39c3a2f
[201811][fancontrol] Restart process upon unexpected exit (#4161)
* Add restart configuration of fancontrol for pmon.

* Clean up the default value setting for exitcodes

* Remove the default setting of stopwaitsecs
2020-03-19 17:23:30 -07:00
yozhao101
1cc6141a93 [Monit] Delay start of monitoring for 5 minutes (#4281) 2020-03-19 22:49:04 +00:00
Ying Xie
63028222a0 [NTP] Revert change in PR 2598 (#4265)
We believe that the supervisord issue in face of clock rolling backwards
has been addressed. Therefore reverting change 2598 to allow ntp sync
to right clock at the start up time.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2020-03-19 16:08:20 +00:00
pavel-shirshov
a881a23908
[bgpcfgd]: Generate set src configuration dynamically (#4273)
* [bgpcfgd]: Generate set src configuration dynamically

Sometimes zebra starts faster then swss configures Loopback0
In this case "set src" inside of the route map will not be
inserted to the configuration because zebra doesn't see Loopback
ips in the list of available ip addresses.

I've added extra logic to push the "set src" configuration only
when Loopback has been configured by swss.
2020-03-18 08:48:03 -07:00
Samuel Angebault
6c48a3f113
[arista] Update drivers submodule (#4272)
- Add mac address check for management port
- Fix sfputil reset logic
2020-03-17 21:14:48 -07:00
Qi Luo
ae8f55be74
Revert "[snmp] Configure snmp docker hostname from config DB (#2773)" (#4242)
This reverts commit f2e60f8c91.
2020-03-10 08:00:15 -07:00
Qi Luo
05b4ae2031
Update submodule for sonic-snmpagent (#4241)
* Parse quagga output without knowledge about hostname, so robust against hostname changes or mismatch
2020-03-10 08:00:03 -07:00
zhenggen-xu
19c1ad36a5
[201811] [interfaces-config.sh] Flush the loopback interface addresses (#4234)
* [interfaces-config.sh] Flush the loopback interface before configure it

Without this, you may end up with more and more ip addresses
on loopback interface after you change the loopback ip and do config reload

Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
2020-03-09 16:14:59 -07:00
pavel-shirshov
b3ce209b7f
[quagga]: Increase netlink receive buffer for zebra (#4228)
Increased netlink socket receive buffer size for zebra. Otherwise we receive following messages sometimes:
zebra[60]: netlink-listen recvmsg overrun: No buffer space available
2020-03-06 11:14:25 -08:00
noaOrMlnx
aa73dbd6e6 [Mellanox] Update MFT version to 4.13.5 (#4199) 2020-03-02 18:01:35 +00:00