* Switch the nss look up order as "compat" followed by "tacplus".
This helps use the legacy passwd file for user info and go to tacacs only if not found.
This means, we never contact tacacs for local users like "admin".
This isolates local users from any issues with tacacs servers.
W/o this fix, the sudo commands by local users could take <count of servers> * <tacacs timeout> seconds, if the tacacs servers are unreachable.
* Skip tacacs server access for local non-tacacs users.
Revert the order of 'compat tacplus' to original 'tacplus compat' as tacplus
access is required for all tacacs users, who also get created locally.
- Add ebtables package, and install some filter rules:
1. ebtables -A FORWARD -d BGA -j DROP
2. ebtables -A FORWARD -p ARP -j DROP
Basically, we let the ARP packets in the VLAN being forwarded by the ASIC,
kernel gets a copy of these ARP packets and the forwarding from Kenerl gets
dropped. So there is always only one copy of ARP/response in the VLAN.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [platform/cel] Implement FAN APIs based on the new platform API
* [platform/cel] Move platform api to under device platform
* [platform/cel] Remove rule to build platform api python wheel
- use superviord to manage process in frr docker
- intro separated configuration mode for frr
- bring quagga configuration template to frr.
Signed-off-by: Guohan Lu <gulv@microsoft.com>
Submodule src/sonic-swss ea4cba6..f8792d5:
> [watermarkorch] only perform periodic clear if the polling is on (#781)
> [arp] copy arp IO to cpu instead of trap and drop (#812)
> fix bad parameter for gCrmOrch->incCrmAclUsedCounter in qosorch (#830)
> [test_watermark] avoid watermark clear vs test random failure (#873)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* catch signal SIGINT and SIGTERM to set all fans full-speed before end fan monitor.
Signed-off-by: roy_lee <roy_lee@accton.com>
* Add fan_control monitor for as7816-64x.
Signed-off-by: roy_lee <roy_lee@accton.com>
* Fix typo.
Signed-off-by: roy_lee <roy_lee@accton.com>
* Correct typo and duty setting after verified.
Signed-off-by: roy_lee <roy_lee@accton.com>
* [frr]: change frr as default sonic routing stack
* fix quagga configuration
* [vstest]: fix bgp test for frr
* [vstest]: skip bgp/test_invalid_nexthop.py for frr
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* [service] Restart SwSS Docker container if orchagent exits unexpectedly
* Configure systemd to stop restarting swss if it attempts to restart more than 3 times in 20 minutes
* Move supervisor-proc-exit-listener script
* [docker-dhcp-relay] Enhance wait_for_intf.sh.j2 to utilize STATEDB
* Ensure dependent services stop/start/restart with SwSS
* Change 'StartLimitInterval' to 'StartLimitIntervalSec', as Stretch installs systemd 232 (>= v230)
* Also update journald.conf options
* Remove 'PartOf' option from unit files
* Add '$(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)' to new shared docker-orchagent makefile
* Make supervisor-proc-exit-listener script read from 'critical_processes' file inside container
* Update critical_processes file for swss container
Submodule src/sonic-utilities 6ee0aea..b531934:
> [db migrator] Introduce the DB migration infrastructure (#519)
> Skip INTERFACE entries w/o prefix (#477)
> Bring queue storm status to 'pfcwd show stats' (#500)
> Align PSU DB count field with the schema Spec. (#509)
> [scripts] remove duplicate script copying for nbrshow (#517)
> If fast-reboot-dump gives an error, don't continue with fast-reboot (#515)
> load_minigraph: restart hostcfgd (#511)
> [fast/warm reboot] add some sanity check before warm reboot (#510)
> show BPS, PPS, UTIL rates w/o previous clear (#508)
> In sync with our latest change, where we default failthrough to be False. (#507)
> Add warm-boot feature processing for wedge100bf_32x/65x platforms (#485)
> [generate_dump] system dump improvements (#503)
> [neighbor advertiser] convert int to string before concatenating (#505)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* DellEMC S6000, xcvrd support
* sleep 1 second to avoid busy looping
* removal of dead code
* Correct typo error to 1 second
* Introduced 1 second sleep
* Revamped script with blocking call support
* get_transceiver_change_event api definition update
* adding timeout support for get_transceiver_change_event
Port libteam patch which fixes the race condition we observed during
warm reboot.
Remove early patches: 0006, 0008, 0009.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* Base DHCP relay Docker image on Strech base Docker
* Change URL for isc-dhcp source repository
* Upgrade isc-dhcp source branch to 4.3.5-3.1
* Update patch #0001 to apply to isc-dhcp 4.3.5-3.1
* Update patch #0002 to apply to isc-dhcp 4.3.5-3.1
* Update patch #0003 to apply to isc-dhcp 4.3.5-3.1
* Update patch #0004 to apply to isc-dhcp 4.3.5-3.1
* Remove security patches, as they are now applied as part of 4.3.5-3.1 source
* Reorder patches to apply bug fix first, then features
* Extend makefile to build debug Docker image
* Update commit that series file applies against
SWSS clears DB tables, if teamd is not started after swss, there is a
race condition that swss might clear vital teamd information.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* Add bridge-utils to orchagent image
- Add vxlanmgrd to supervisorctl in docker -orchagent
Signed-off-by: Ze Gan zegan@microsoft.com
* Update submodule pointer for swss to include Vxlanmgrd changes
The base syncd dockers follow a template, which defines the base docker as DOCKER_SYNCD_BASE instead of DOCKER_SYNCD_. Fix the docker-syncd-<mlnx, bfn>.mk to use the new one.
This service (weekly) will let SSD firmware to do the garbage collection
after file-system deleted files. It could avoid slowness or
even READ-ONLY error due to SSD not being able to free the pages
even though the file system thinks there was a lot of space left.
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
Overall goal: Build debug images for every stretch docker.
An earlier PR (#2789) made the first cut, by transforming broadcom/orchagent to build target/docker-orhagent-dbg.gz.
Changes in this PR:
Made docker-orchagent build to be platform independent.
1.1) Created rules/docker_orchagent.mk
1.2) Removed platform//docker-orchagent-*.mk
1.3) Removed the corresponding entry from platform//rules.mk
Extended the debug docker image build to stretch based syncd dockers.
2.1) For now, only mellanox & barefoot are stretch based.
2.2) All the common variable definitions are put in one place platform/template/docker-syncd-base.mk
2.3) platform/[mellanox, bfn]/docker-syncd-[mlnx, bfn].mk are updated as detailed below.
2.3.1) Set platform code and include template base file
2.3.2) Add the dependencies & debug dependencies and any update over what base template offers.
Extended all stretch based non-platform dockers to build debug dockers too.
3.1) Affected are:
docker-database.mk,
docker-platform-monitor.mk,
docker-router-advertiser.mk,
docker-teamd.mk,
docker-telemetry.mk
Next: Build debug flavor of final images with regular dockers replaced with debug dockers where available.
* Add new device CIG CS6436-56P
* Delete minigraph.xml
It isn't necessary in the current system, just delete it
* Update qos.json.j2
* Update port_config.ini
Add the speed column. The cmd to show interface status as:
root@switch1:~# show interface status
Interface Lanes Speed MTU Alias Oper Admin Type Asym PFC
----------- --------------- ------- ----- ------------ ------ ------- ------ ----------
Ethernet0 8 25G 9100 Ethernet1/1 up up SFP N/A
Ethernet1 9 25G 9100 Ethernet2/1 up up SFP N/A
Ethernet2 10 25G 9100 Ethernet3/1 down down N/A N/A
Ethernet3 11 25G 9100 Ethernet4/1 down down N/A N/A
Ethernet4 12 25G 9100 Ethernet5/1 down down N/A N/A
Ethernet5 13 25G 9100 Ethernet6/1 down down N/A N/A
Ethernet6 14 25G 9100 Ethernet7/1 down down N/A N/A
Ethernet7 15 25G 9100 Ethernet8/1 down down N/A N/A
Ethernet8 16 25G 9100 Ethernet9/1 down down N/A N/A
Ethernet9 17 25G 9100 Ethernet10/1 down down N/A N/A
Ethernet10 18 25G 9100 Ethernet11/1 down down N/A N/A
Ethernet11 19 25G 9100 Ethernet12/1 down down N/A N/A
Ethernet12 20 25G 9100 Ethernet13/1 down down N/A N/A
Ethernet13 21 25G 9100 Ethernet14/1 down down N/A N/A
Ethernet14 22 25G 9100 Ethernet15/1 down down N/A N/A
Ethernet15 23 25G 9100 Ethernet16/1 down down N/A N/A
Ethernet16 32 25G 9100 Ethernet17/1 down down N/A N/A
Ethernet17 33 25G 9100 Ethernet18/1 down down N/A N/A
Ethernet18 34 25G 9100 Ethernet19/1 down down N/A N/A
Ethernet19 35 25G 9100 Ethernet20/1 down down N/A N/A
Ethernet20 40 25G 9100 Ethernet21/1 down down N/A N/A
Ethernet21 41 25G 9100 Ethernet22/1 down down N/A N/A
Ethernet22 42 25G 9100 Ethernet23/1 down down N/A N/A
Ethernet23 43 25G 9100 Ethernet24/1 down down N/A N/A
Ethernet24 48 25G 9100 Ethernet25/1 down down N/A N/A
Ethernet25 49 25G 9100 Ethernet26/1 down down N/A N/A
Ethernet26 50 25G 9100 Ethernet27/1 down down N/A N/A
Ethernet27 51 25G 9100 Ethernet28/1 down down N/A N/A
Ethernet28 56 25G 9100 Ethernet29/1 down down N/A N/A
Ethernet29 57 25G 9100 Ethernet30/1 down down N/A N/A
Ethernet30 58 25G 9100 Ethernet31/1 down down N/A N/A
Ethernet31 59 25G 9100 Ethernet32/1 down down N/A N/A
Ethernet32 64 25G 9100 Ethernet33/1 down down N/A N/A
Ethernet33 65 25G 9100 Ethernet34/1 down down N/A N/A
Ethernet34 66 25G 9100 Ethernet35/1 down down N/A N/A
Ethernet35 67 25G 9100 Ethernet36/1 down down N/A N/A
Ethernet36 68 25G 9100 Ethernet37/1 down down N/A N/A
Ethernet37 69 25G 9100 Ethernet38/1 down down N/A N/A
Ethernet38 70 25G 9100 Ethernet39/1 down down N/A N/A
Ethernet39 71 25G 9100 Ethernet40/1 down down N/A N/A
Ethernet40 72 25G 9100 Ethernet41/1 down down N/A N/A
Ethernet41 73 25G 9100 Ethernet42/1 down down N/A N/A
Ethernet42 74 25G 9100 Ethernet43/1 down down N/A N/A
Ethernet43 75 25G 9100 Ethernet44/1 down down N/A N/A
Ethernet44 76 25G 9100 Ethernet45/1 down down N/A N/A
Ethernet45 77 25G 9100 Ethernet46/1 down down N/A N/A
Ethernet46 78 25G 9100 Ethernet47/1 down down N/A N/A
Ethernet47 79 25G 9100 Ethernet48/1 down down N/A N/A
Ethernet48 84,85,86,87 100G 9100 Ethernet49/1 up up QSFP28 N/A
Ethernet49 80,81,82,83 100G 9100 Ethernet50/1 up up QSFP28 N/A
Ethernet50 92,93,94,95 100G 9100 Ethernet51/1 down down N/A N/A
Ethernet51 88,89,90,91 100G 9100 Ethernet52/1 down down N/A N/A
Ethernet52 108,109,110,111 100G 9100 Ethernet53/1 down down N/A N/A
Ethernet53 104,105,106,107 100G 9100 Ethernet54/1 down down N/A N/A
Ethernet54 116,117,118,119 100G 9100 Ethernet55/1 down down N/A N/A
Ethernet55 112,113,114,115 100G 9100 Ethernet56/1 down down N/A N/A
root@switch1:~#