Commit Graph

3171 Commits

Author SHA1 Message Date
Kebo Liu
61c304d00a
[mellanox]: Update SAI to 1.16.4, SDK to 4.4.0918, FW to *.2007.1140 (#4571)
- mgmt buffer issue on 400G port
- high CPU utilization issue caused by some counter reading
2020-05-11 14:11:05 -07:00
Joe LeVeque
5e8e0d76fc
[caclmgrd] Add some default ACCEPT rules and lastly drop all incoming packets (#4412)
Modified caclmgrd behavior to enhance control plane security as follows:

Upon starting or receiving notification of ACL table/rule changes in Config DB:
1. Add iptables/ip6tables commands to allow all incoming packets from established TCP sessions or new TCP sessions which are related to established TCP sessions
2. Add iptables/ip6tables commands to allow bidirectional ICMPv4 ping and traceroute
3. Add iptables/ip6tables commands to allow bidirectional ICMPv6 ping and traceroute
4. Add iptables/ip6tables commands to allow all incoming Neighbor Discovery Protocol (NDP) NS/NA/RS/RA messages
5. Add iptables/ip6tables commands to allow all incoming IPv4 DHCP packets
6. Add iptables/ip6tables commands to allow all incoming IPv6 DHCP packets
7. Add iptables/ip6tables commands to allow all incoming BGP traffic
8. Add iptables/ip6tables commands for all ACL rules for recognized services (currently SSH, SNMP, NTP)
9. For all services which we did not find configured ACL rules, add iptables/ip6tables commands to allow all incoming packets for those services (allows the device to accept SSH connections before the device is configured)
10. Add iptables rules to drop all packets destined for loopback interface IP addresses
11. Add iptables rules to drop all packets destined for management interface IP addresses
12. Add iptables rules to drop all packets destined for point-to-point interface IP addresses
13. Add iptables rules to drop all packets destined for our VLAN interface gateway IP addresses
14. Add iptables/ip6tables commands to allow all incoming packets with TTL of 0 or 1 (This allows the device to respond to tools like tcptraceroute)
15. If we found control plane ACLs in the configuration and applied them, we lastly add iptables/ip6tables commands to drop all other incoming packets
2020-05-11 12:36:47 -07:00
paavaanan
c95db04f12
DellEMC S6000 updated sensors.conf (#4568)
Change PSU MAX temperature to 80 degree
Change tmp75 sensors default temperature value from 25/50 to 70/80 degree.
2020-05-11 11:06:53 -07:00
abdosi
a96f9ecee9
Changes for LLDP docker to support multi-npu platforms (#4530)
* Changes for LLDP for Multi NPU Platoforms:-
a) Enable LLDP for Host namespace for Management Port
b) Make sure Management IP is avaliable in per asic namespace
   needed for LLDP Chassis configuration
c) Make sure chassis mac-address is correct in per asic namespace
d) Do not run lldp on eth0 of per asic namespace and avoid chassis
   configuration for same
e) Use Linux hostname instead from Device Metadata for lldp chassis
   configuration since in multi-npu platforms device metadata hostname
   will be differnt

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

* Address Review Comment with following changes:
a) Use Device Metadata hostname even in per namespace conatiner.
   updated minigraph parsing for same to have hostname as system
   hostname and add new key for asic name

b) Minigraph changes to have MGMT_INTERFACE Key in per asic/namespace
   config also as needed for LLDP for setting chassis management IP.

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

* Address Review Comments
2020-05-11 11:05:44 -07:00
Guohan Lu
cbe948e087 [build]: increase raw image disk size to 3GB
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-05-11 07:34:57 +00:00
Neetha John
286aa35ac6
[qos]: Alpha and ECN settings change for Th (#4564)
Dynamic threshold setting changed to 0 and WRED profile green min threshold set to 250000 for Tomahawk devices

Changed the dynamic threshold settings in pg_profile_lookup.ini
Added a macro for WRED profiles in qos.json.j2 for Tomahawk devices
Necessary changes made in qos.config.j2 to use the macro if present

Signed-off-by: Neetha John <nejo@microsoft.com>
2020-05-09 11:21:18 -07:00
judyjoseph
acf465b43b
Multi DB with namespace support, Introducing the database_global.json… (#4477)
* Multi DB with namespace support, Introducing the database_global.json file
for supporting accessing DB's in other namespaces for service running in
linux host

* Updates based on comments

* Adding the j2 templates for database_config and database_global files.

* Updating to retrieve the redis DIR's to be mounted from database_global.json file.

* Additional check to see if asic.conf file exists before sourcing it.

* Updates based on PR comments discussion.

* Review comments update

* Updates to the argument "-n" for namespace used in both context of parsing minigraph and multi DB access.

* Update with the attribute "persistence_for_warm_boot" that was added to database_config.json file earlier.

* Removing the database_config.json file to avioid confusion in future.
We use the database_config.json.j2 file to generate database_config.json files dynamically.

* Update the comments for sudo usage in docker_image_ctrl.j2

* Update with the new logic in PING PONG tests using sonic-db-cli. With this we wait till the
PONG response is received when redis server is up.

* Similar changes in swss and syncd scripts for the PING tests with sonic-db-cli

* Updated with a missing , in the database_config.json.j2 file, Do pip install of j2cli in docker-base-buster.
2020-05-08 21:24:05 -07:00
Qi Luo
d0099ed43e
[minigraph] Support FECDisabled in minigraph parser (#4556)
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2020-05-08 19:47:05 -07:00
Akhilesh Samineni
86627dfd35
[NAT] : Removed requires dependency on swss (#4551)
Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
2020-05-08 00:01:48 -07:00
SuvarnaMeenakshi
7f14acbf03
[minigraph.py]: Fix undefined variable error. (#4555)
Signed-off-by: SuvarnaMeenakshi <sumeenak@microsoft.com>
2020-05-07 23:17:22 -07:00
Junchao-Mellanox
1cdcb2c62d
[Mellanox] Add patch to disable hw-management thermal control shell script (#4550)
* [Mellanox] Add patch to disable hw-management thermal control shell script

* Remove SimX patch since https://github.com/Azure/sonic-buildimage/pull/4364/files has already handle it
2020-05-07 12:35:48 -07:00
shlomibitton
404ae85e2c
[Mellanox] Fix 'sensors.conf' mapping for MSN4700 (#4511)
* [Mellanox] Fix 'sensors.conf' mapping for SN4700

Signed-off-by: Shlomi Bitton <shlomibi@mellanox.com>

* Fix some labels name
2020-05-07 16:19:51 +03:00
shlomibitton
d9210d7ace
[Mellanox] Fix SN3420 'sensors.conf' label names (#4544)
Signed-off-by: Shlomi Bitton <shlomibi@mellanox.com>
2020-05-07 16:15:13 +03:00
Joe LeVeque
dfdd94d8ad
[process-reboot-cause] If software reboot cause is unknown add note if first boot into new image (#4538) 2020-05-06 22:48:33 -07:00
wangshengjun
bed4a799df
[ebtables]add the filter rule for ARP packets with vlan tag: (#3945)
1. ebtables -t filter -A FORWARD -p 802_1Q --vlan-encap 0806 -j DROP
The ARP packet with vlan tag can't match the default rule.

Signed-off-by: wangshengjun <wangshengjun@asterfusion.com>
2020-05-06 20:03:09 -07:00
abdosi
fc28af7ce9
[bgpcfgd]: Fix for BGP peer not coming up even after config BGP startup all (#4547)
Issue was key not correct to look into self.peer. It need to be tuple of
(vrf,nbr). Updated for both add/del
2020-05-06 19:30:31 -07:00
Danny Allen
3ae5945cfc
[minigraph] Add tags for egress mirror tables (#4526)
Signed-off-by: Danny Allen <daall@microsoft.com>
2020-05-06 15:43:29 -07:00
Dong Zhang
340cf826a6
[MultiDB] use sonic-db-cli PING and fix wrong multiDB API in NAT (#4541) 2020-05-06 15:41:28 -07:00
arlakshm
2db87669c2
[bgp]: align the bgp templates with new minigraph for multi NPU platforms (#4488)
- change the references to 'type' field to 'sub_role'
- change the references to 'InternalFrontend' and 'InternalBackend' to 'FrontEnd' and 'BackEnd' respectively
- add a statement to reflect route-reflector for backend asics
- add a change to set "next-hop-self force" configuration for internal BGP session in multi asic platform.

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2020-05-06 14:58:02 -07:00
Guohan Lu
767bc5c8c0 [build]: add docker-saiserver-* as stretch docker targets
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-05-06 10:23:38 +00:00
Kalimuthu-Velappan
fd953a437e
Fix for missing dependency in the sonic device package and added .dep file for yang module (#4471) 2020-05-06 13:17:08 +08:00
Wei Bai
46ef6defa7
[docker-sonic-mgmt] Add IxNetwork python client (#4533)
* Add IxNetwork python client to sonic mgmt docker
2020-05-05 18:40:20 -07:00
Myron Sosyak
5307f9448e
[devices] skip_fancontrol for wedge 100 barefoot platforms (#4528) 2020-05-05 02:05:17 -07:00
Srideep
6c9dd7674d
[device] DellEMC s5232f 50G hwsku support (#4525)
* [device] DellEmc S5232 support for new hwsku C8D48
8 100G ports and 48 50G ports

* 10G ports update for S5232 hwsku-C8D48

Signed-off-by: Srideep Devireddy <srideep_devireddy@dell.com>
2020-05-05 00:22:10 -07:00
SuvarnaMeenakshi
8ac1c60b2a
[config engine] Parser changes to support parsing of multi-asic device minigraph (#4222)
- Changes to minigraph.py to parse minigraph.xml of a multi asic platform 
- Changes to portconfig.py to parse additional column "asic_port_name" in
port_config.ini
- Add a new option -n to sonic-cfggen for multi asic platforms
- Add unit tests for config generation for multi asic platforms

Signed-off-by: SuvarnaMeenakshi <sumeenak@microsoft.com>
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2020-05-04 16:15:15 -07:00
pavel-shirshov
86e13907b4
Update golang version for 1.11.5 to 1.14.2 (#4520) 2020-05-04 15:00:07 -07:00
judyjoseph
e8748ebf1b
[submodule]: advance sonic-utilities submodule (#4523)
c2facd8 [show] Fix abbreviations for 'show ip bgp ...' commands (#901)
cb68e7d Add support for multi-ASIC devices (#877)
44ed6e9 Improved route_check tool and adopt to 20191130 image. (#898)
6fba8db [psushow] Add a column to display LED color to show platform psustatus output (#886)
e747456 ssd_mitigation_changes (#829)
2020-05-04 09:34:35 -07:00
shlomibitton
30bbbbf24f
hw-mgmt_V.7.0000.3034 integration (#4519)
Signed-off-by: Shlomi Bitton <shlomibi@mellanox.com>
2020-05-02 20:37:14 +03:00
lguohan
c55603f494
[build]: add docker-ptf-* as stretch docker targets (#4516)
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-05-01 11:20:33 -07:00
dereksun01
34cad97f30
[device] Modify configuration and add led_proc_init.soc (#4418)
- Modify configuration file path in sai.profile.
- Modify configuration file for as7726_32x.
- Add led_proc_init.soc and custom_led.bin
2020-05-01 06:34:54 -07:00
dereksun01
3f1c3dda99
[device/accton] Modify as8000 configuration (#4446) 2020-05-01 05:36:04 -07:00
dereksun01
506e9546c9
[device] Upgrade as4630_54pe for new platform (#4268)
- Add port auto-negotiation attribute.
- Add CPLD command to disable mode.
2020-05-01 05:27:32 -07:00
rkdevi27
4511216789
Ssd mitigation changes (#4214)
* ssd_mitigation_changes

* ssd_mitigation_changes

* ssd_mitigation_changes

* ssd_mitigation_changes
2020-04-30 22:58:09 -07:00
Sujin Kang
cbc75fe4c8
[pmon]: Fix the continous syseepromd autorestart issue on 201911 (#4478)
- Remove syseepromd from the critical process of pmon docker
- Fix supervisor autorestart configuration of syseepromd
2020-04-30 15:51:34 -07:00
Joe LeVeque
46161ca0e0
[sonic-utilities][sonic-ztp] Update submodules (#4501)
* src/sonic-utilities 7ce5b62...3471926 (4):
  > Make `config` command support abbreviation. (#893)
  > [fwutil]: Fix firmware update command. (#895)
  > [doc]: ZTP configuration and show commands (#866)
  > Allow show ztp to display non-sensitive information visible to
  > non-root user (#872)

* src/sonic-ztp 374c9e8...c959371 (2):
  > Fix ztp profile unit test (#14)
  > Create a shadow ZTP data json file accessible to non-root user (#13)
2020-04-30 15:48:42 -07:00
Sabareesh-Kumar-Anandan
81f4c81f0c
[build]: changing debian names based on Architecture (#4508)
Replacing "amd64" with $PLATFORM_ARCH variable
Fix for compiling marvell-armhf arch

Signed-off-by: Sabareesh Kumar Anandan <sanandan@marvell.com>
2020-04-30 15:47:03 -07:00
Kebo Liu
352a39742a
[mellanox]: MSN4700 support 8 lanes 400G with new SAI/SDK/FW (#4509)
Update SAI/SDK/FW and MSN4700 device files to support 8 lanes 400G

Update SAI to 1.16.3
Update SDK to 4.4.0914
Update FW to *.2007.1112
Update MSN4700 device files to support 8 lanes 400G
2020-04-30 15:46:21 -07:00
Dong Zhang
aca5bec842
[sonic-py-swsssdk/snmpagent] update submodule for sonic-py-swsssdk / snmpagent (#4421)
* [sonic-py-swsssdk] update submodule for sonic-py-swsssdk
* update snmpagent submodule
* [sonic-py-swsssdk] update submodule for namespace changes
2020-04-30 13:09:24 -07:00
lguohan
86bc8aec5f
[vs]: dynamically create front panel ports in vs docker (#4499)
currently, vs docker always create 32 front panel ports.

when vs docker starts, it first detects the peer links
in the namespace and then setup equal number of front panel
interfaces as the peer links.

Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-04-30 12:50:59 -07:00
Nazarii Hnydyn
2153caef59
[submodule]: Advance sonic-platform-common. (#4513)
Commits on Mar 20, 2020
SFP(sff8472 attributes) transciever eeprom attribute support. (#74) 9b1dea5

Commits on Mar 22, 2020
Detect an SFP adapter in a QSFP port, and instantiate an SFP object i… 116eeec

Commits on Apr 13, 2020
[component]: Introduce new firmware management API. 2632a59

Commits on Apr 16, 2020
[Chassis base] Add sfp error event definition (#80) f1f00ec

Commits on Apr 24, 2020
[component]: Update firmware management API. 777901f
[component]: Extend docstrings for firmware management API. b066ec7

Commits on Apr 30, 2020
[component]: Fix review comments. d96344e
Merge pull request #82 from nazariig/master-component-firmware-api 28c39c5 

Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com>
2020-04-30 12:45:12 -07:00
Junchao-Mellanox
4c210f0d02
[Mellanox] Enhancement for support PSU LED management (#4467) 2020-04-30 12:42:01 -07:00
Samuel Angebault
80a025a7c2
[arista] update platform driver submodules (#4512)
- Add Makefile rules to build debug containers for SWI images
- Fix some platform API implementation for xcvrd and thermalctld
- Improvements to arista diag command
- Miscellaneous refactors

Co-authored-by: Maxime Lorrillere <mlorrillere@arista.com>
2020-04-30 12:06:19 -07:00
Stephen Sun
a87bf4df83
[Mellanox] Fix error in sensors.conf for 3700/3700c/3800 (#4506) 2020-04-30 10:30:58 -07:00
Guohan Lu
6850644640 [vs]: add missing dvslib link for the vs test
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-04-30 17:17:58 +00:00
Olivier Singla
799f22d4c7
[baseimage]: Run fsck filesystem check support prior mounting filesystem (#4431)
* Run fsck filesystem check support prior mounting filesystem

If the filesystem become non clean ("dirty"), SONiC does not run fsck to
repair and mark it as clean again.

This patch adds the functionality to run fsck on each boot, prior to the
filesystem being mounted. This allows the filesystem to be repaired if
needed.

Note that if the filesystem is maked as clean, fsck does nothing and simply
return so this is perfectly fine to call fsck every time prior to mount the
filesystem.

How to verify this patch (using bash):

Using an image without this patch:

Make the filesystem "dirty" (not clean)
[we are making the assumption that filesystem is stored in /dev/sda3 - Please adjust depending of the platform]
[do this only on a test platform!]

dd if=/dev/sda3 of=superblock bs=1 count=2048
printf "$(printf '\\x%02X' 2)" | dd of="superblock" bs=1 seek=1082 count=1 conv=notrunc &> /dev/null
dd of=/dev/sda3 if=superblock bs=1 count=2048

Verify that filesystem is not clean
tune2fs -l /dev/sda3 | grep "Filesystem state:"

reboot and verify that the filesystem is still not clean
Redo the same test with an image with this patch, and verify that at next reboot the filesystem is repaired and becomes clean.

fsck log is stored on syslog, using the string FSCK as markup.
2020-04-30 00:33:20 -07:00
shlomibitton
b6291372d9
[Mellanox] Add a new Mellanox platform x86_64-mlnx_msn4600c and new SKU ACS-MSN4600C (#4483)
* New SKU support for MSN4600C

Signed-off-by: Shlomi Bitton <shlomibi@mellanox.com>
2020-04-30 00:30:11 -07:00
Sumukha Tumkur Vani
e1ba5b0f5f
[docker-restapi]: add restapi config to config Db (#4495) 2020-04-30 00:25:49 -07:00
Guohan Lu
a539cf2f46 [build]: remove -t for non-tty terminal
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-04-30 05:59:20 +00:00
lguohan
00383051f4
[docker-iccpd]: disable iccpd build by default (#4502)
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-04-29 22:45:46 -07:00
jianjundong
4c55adfd6e
[iccpd]: ICCPD support IPv6 ND (#4422)
accomplish it according MCLAG HLD document, the principle is similar to IPv4 ARP.
2020-04-29 11:10:35 -07:00