Commit Graph

1406 Commits

Author SHA1 Message Date
Qi Luo
6459275397 Revert "[vs-test]: not forward routes with no-export community (#1774)" (#1828)
This reverts commit b37540febd.
2018-06-29 14:33:43 -07:00
Prince Sunny
1caad016f9
Support T1 sku, create symlink (#1827) 2018-06-29 14:33:11 -07:00
Joe LeVeque
f04f0704f7
Build python-click Debian package from version 6.7-4 source to fix CLI autocomplete/suggest (#1824) 2018-06-29 09:59:46 -07:00
Polly Hsu
043435958c [device]: Add a new supported device AS7312-54XS (#1821)
* Switch Vendor: Edge-core
* Switch SKU: AS7312-54XS
* ASIC Vendor: Broadcom
* Swich ASIC: Tomahawk+
* Port Configuration: 48x25G + 6x100G
* SONiC Image: SONiC-ONIE-Broadcom
Signed-off-by: polly_hsu@edge-core.com
2018-06-29 09:40:43 -07:00
Qi Luo
5ad7d24d16
[mgmt] Fix pycparser installation (#1820) 2018-06-29 08:39:12 -07:00
Qi Luo
ff237aaf18
[syncd] Treat bcmcmd as a supervisor task so we could collect stdout/stderr (#1825) 2018-06-29 08:37:20 -07:00
Wenda Ni
a89b8d86cc Correct a7060 config for tor (#1823)
Move a7060 configs out of syncd docker

Signed-off-by: Wenda <wenni@microsoft.com>
2018-06-28 16:50:14 -07:00
Joe LeVeque
301fc282a7 Add initial support for keeping track of and displaying reboot cause (#1812)
* [rc.local] Move all constants and functions to top of file; Unify style; Reword messages

* Add function to process reboot cause upon boot

* Simplify retrieval of SONIC_VERSION per comments

* Change wording
2018-06-28 05:29:14 -07:00
Wenda Ni
d995147050 Migrate brcm platform to use new ECN config, which is (#1818)
applied on lossless traffic

Arista-7060CX-32S-C32
Arista-7060CX-32S-D48C8
Arista-7060CX-32S-Q32
Arista-7260CX3-D108C8
Force10-Z9100-T0
Force10-Z9100

Signed-off-by: Wenda Ni <wenni@microsoft.com>
2018-06-27 19:22:37 -07:00
pavel-shirshov
9a64655393
sonic-quagga update. Don't spam with 'Vtysh connected from' message (#1817) 2018-06-26 17:29:33 -07:00
pavel-shirshov
0a41247402
Update sonic-swss. Postpone creation of queue maps (#1816) 2018-06-26 14:48:07 -07:00
pavel-shirshov
d57bef55db Enable all counters: queue, port, and pfcwd (#1814)
* Enable all counters: queue, port, and pfcwd

* Fixed a small bug inside of sonic-utilities

* Another typo
2018-06-26 06:34:25 -07:00
Qi Luo
7ba08e5bf6
Prefix docker container name to syslog syslogtag (program name) (#1810) 2018-06-25 10:48:42 -07:00
stepanblyschak
3d24305253 [mellanox] Update SAI, SDK, FW pointers (#1811)
SAI 1.12.0
SDK 4.2.8103
FW 13.1701.0008

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2018-06-25 08:43:22 -07:00
Samuel Angebault
ec850df74b [devices]: Use arista library as led plugin for more platforms. (#1809)
This apply to arista_7050_qx32 and arista_7050_qx32s.
2018-06-23 17:24:56 -07:00
pavel-shirshov
07ea9741fb Enable sairedis counter thread in 3 minutes after SONiC was started (#1805) 2018-06-22 19:53:51 -07:00
Wenda Ni
7389443597 [devices]: Migrate a7050-qx-32s to use the new buffers config architecture and create the profile for t1 (#1709)
Move the ingress lossless profile from buffers.json.j2 to pg_profile_lookup.ini

Move pool and the rest of the profile from buffers.json.j2 to
buffers_defaults_t1.j2

Add port speed info in port_config.ini

Make buffers_default_t1.j2 the default profile in buffers.json.j2

Signed-off-by: Wenda Ni <wenni@microsoft.com>
2018-06-22 18:53:30 -07:00
Serhey Popovych
bac572229e [docker-fpm-frr]: Fix build with frr used for routing stack (#1728)
After commit 832be7b8f4 ("[dockers] Prevent apt-get from installing
suggested and recommended packages by default (#1666)") SONiC fails
to build when FRR is used for routing stack (e.g. SONIC_ROUTING_STACK
is set to frr in rules/config).

To fix issue just replicate changes from docker-fpm-quagga to
docker-fpm-frr to make dependencies installed correctly after above
change to package installing behaviour.

Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
2018-06-22 18:46:05 -07:00
pavel-shirshov
a2a6aead4c [bgp]: Enable bgp soft-reconfiguration inbound for quagga templates (#1803)
* Enable bgp soft-reconfiguration inbound for quagga templates
2018-06-22 18:04:18 -07:00
sihuihan88
82343ca165 [sai]: update SAI version to 3.1.3.4-15 (#1808)
Signed-off-by: Sihui Han <sihan@microsoft.com>
2018-06-22 18:03:27 -07:00
sihuihan88
b37540febd [vs-test]: not forward routes with no-export community (#1774)
Signed-off-by: Sihui Han <sihan@microsoft.com>
2018-06-22 12:14:09 -07:00
Taoyu Li
deacbb8261 [tacacs] To modify local user permission according to priv lvl (#1804) 2018-06-22 11:57:44 -07:00
Joe LeVeque
d0803b76ce [sonic-platform-common] Update submodule (#1806) 2018-06-22 11:56:57 -07:00
Pradchaya P
3ea616dcc3 [platform] Celestica: dx010 init gpio sysfs (#1807) 2018-06-22 11:56:22 -07:00
pavel-shirshov
3681cfa553
Use only active ports when applying buffers/qos configuration (#1787)
* First part of skipping not used port for qos configuration

* Use active ports only to set QoS parameters for 6100

* Add a test for qos.json.j2

* Add a test for Dell S6100 buffers.json template

* Update submodulre
2018-06-21 11:51:37 -07:00
Wirut Getbamrung
aaac497370 [device]: Fix a bug that psuutil cannot access gpio sysfs to get PSU status (#1789) 2018-06-21 10:57:32 -07:00
Taoyu Li
b745c0bf1b Modify sudo lecture message to be more informational (#1800) 2018-06-21 10:41:50 -07:00
Taoyu Li
7557007761 [interface-config] Force eth0 before reconfiguration (#1802) 2018-06-21 10:40:28 -07:00
pavel-shirshov
bbca58329b
Manually send SIGHUP to vtysh when the current session was disconnected (#1801)
* Manually send SIGHUP to vtysh when the current session was disconnected

* Address comments
2018-06-20 12:15:09 -07:00
Denis Maslov
d82db79051 [caclmgrd] Translation of ACL Control Plane rules into iptables commands fixed (#1798)
Signed-off-by: Denis Maslov <Denis.Maslov@cavium.com>
2018-06-19 21:14:49 -07:00
Qi Luo
81b782cb86 [libnl3]: Backup libnl3 source packages in Azure Storage (#1799)
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2018-06-19 21:09:08 -07:00
Shuotian Cheng
493ae71f8f [Broadcom]: update Broadcom SAI to 3.1.3.4-14 (#1797)
Fix mirror session destination update bug causing no resources issue

Signed-off-by: Shu0T1an ChenG <shuche@microsoft.com>
2018-06-19 17:52:09 -07:00
Rodny Molina
b5f153b3ae Introducing 'debugging' and 'profiling' options in sonic build-infra (#1782) 2018-06-19 15:59:12 -07:00
Qi Luo
a8a7b795db [libnl3]: Upgrade libnl3 version to 3.2.27-2, same version as in Debian Stretch (#1795)
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2018-06-19 13:12:28 -07:00
Qi Luo
1c8bacb007
Fix comment typos (#1794)
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2018-06-14 21:53:31 -07:00
pavel-shirshov
fae346f586
Don't create a pty to run vtysh inside of the docker container (#1792) 2018-06-14 12:11:29 -07:00
Joe LeVeque
1942183185 [devices]: Add Broadcom config files for Arista 7050 SKUs; Remove 'serdes_firmware_mode_xe=0x1' line (#1779)
* Add Broadcom config files for Arista-7050-QX32 and Arista-7050-Q16S64 SKUs under respective directories

* Remove 'serdes_firmware_mode_xe=0x1' line from Arista 7050 Broadcom config files
2018-06-11 13:54:02 -07:00
Pradchaya P
481463ccbf Add Celestica seastone dx010 psuutil.py plugins (#1781) 2018-06-11 10:40:58 -07:00
stepanblyschak
ed06aca40e [mellanox] Add cpldupdate utility to SONiC image (#1746)
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2018-06-09 11:31:34 -07:00
Joe LeVeque
dc547e4c8d [sonic-platform-daemons] Update submodule (#1754) 2018-06-09 11:30:55 -07:00
stepanblyschak
a4b830b3af [mellanox] Update hw-mgmt pointer (#1759)
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
2018-06-09 11:29:52 -07:00
Serhey Popovych
8d88455509 [baseimage]: Improve password hashing for default user account (#1748)
* [slave.mk]: Fix displaying username and password in build summary

We display contents of DEFAULT_USERNAME and DEFAULT_PASSWORD, while
image can be build with USERNAME and/or PASSWORD given on make(1)
command line. For example:

  $ make USERNAME=adm PASSWORD=mypass target/sonic-broadcom.bin

Fix by displaying USERNAME and PASSWORD variables in build summary.

Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>

* [baseimage]: Improve default user account handling

There are couple of issues with current implementation of default
user account management in baseimage:

  1) It uses DES to encrypt accounts password. Furthermore this
     effectively limits password length to 8 symbols, even if more
     provided with PASSWORD or DEFAULT_PASSWORD from rules/config.

  2) Salt value for password is same on all builds even with different
     password increasing attack surface.

  3) During the build process password passed as command line parameter
     either as plain text (if given to make(1) as "make PASSWORD=...")
     or DES encrypted (if given to build_debian.sh) can be seen by
     non-build users using /proc/<pid>/cmdline file that has group and
     world readable permissions.

Both 1) and 2) come from:

  perl -e 'print crypt("$(PASSWORD)", "salt"),"\n"')"

that by defalt uses DES if salt does not have format $<id>$<salt>$,
where <id> is hashing function id. See crypt(3) for more details on
valid <id> values.

To address issues above we propose following changes:

  1) Do not create password by hands (e.g. using perl snippet above):
     put this job to chpasswd(8) which is aware about system wide
     password hashing policy specified in /etc/login.defs with
     ENCRYPT_METHOD (by default it is SHA512 for Debian 8).

  2) Now chpasswd(8) will take care about proper salt value.

  3) This has two steps:

    3.1) For compatibility reasons accept USERNAME and PASSWORD as
         make(1) parameters, but warn user that this is unsafe.

    3.2) Use process environment to pass USERNAME and PASSWORD variables
         from Makefile to build_debian.sh as more secure alternative to
         passing via command line parameters: /proc/<pid>/environ
         readable only by user running process or privileged users like
         root.

Before change:
--------------

  hash1
  -----
  # u='admin'
  # p="$(LANG=C perl -e 'print crypt("YourPaSs", "salt"),"\n"')"
                                      ^^^^^^^^
                                      8 symbols
  # echo "$u:$p" | chpasswd -e

  # getent shadow admin
  admin:sazQDkwgZPfSk:17680:0:99999:7:::
        ^^^^^^^^^^^^^
        Note the hash (DES encrypted password)

  hash2
  -----
  # u='admin'
  # p="$(LANG=C perl -e 'print crypt("YourPaSsWoRd", "salt"),"\n"')"
                                      ^^^^^^^^^^^^
                                      12 symbols
  # echo "$u:$p" | chpasswd -e

  # getent shadow admin
  admin:sazQDkwgZPfSk:17680:0:99999:7:::
        ^^^^^^^^^^^^^
        Hash is the same as for "YourPaSs"

After change:
-------------

  hash1
  -----
  # echo "admin:YourPaSs" | chpasswd
  # getent shadow admin
  admin:$6$1Nho1jHC$T8YwK58FYToXMFuetQta7/XouAAN2q1IzWC3bdIg86woAs6WuTg\
           ^^^^^^^^
           Note salt here
  ksLO3oyQInax/wNVq.N4de6dyWZDsCAvsZ1:17681:0:99999:7:::

  hash2
  -----
  # echo "admin:YourPaSs" | chpasswd
  # getent shadow admin
  admin:$6$yKU5g7BO$kdT02Z1wHXhr1VCniKkZbLaMPZXK0WSSVGhSLGrNhsrsVxCJ.D9\
           ^^^^^^^^
           Here salt completely different from case above
  plFpd8ksGNpw/Vb92hvgYyCL2i5cfI8QEY/:17681:0:99999:7:::

Since salt is different hashes for same password different too.

  hash1
  -----
  # LANG=C perl -e 'print crypt("YourPaSs", "\$6\$salt\$"),"\n"'
                                             ^^^^^
                                             We want SHA512 hash
  $6$salt$qkwPvXqUeGpexO1vatnIQFAreOTXs6rnDX.OI.Sz2rcy51JrO8dFc9aGv82bB\
  yd2ELrIMJ.FQLNjgSD0nNha7/

  hash2
  -----
  # LANG=C perl -e 'print crypt("YourPaSsWoRd", "\$6\$salt\$"),"\n"'
  $6$salt$1JVndGzyy/dj7PaXo6hNcttlQoZe23ob8GWYWxVGEiGOlh6sofbaIvwl6Ho7N\
  kYDI8zwRumRwga/A29nHm4mZ1

Now with same "salt" and $<id>$, and same 8 symbol prefix in password, but
different password length we have different hashes.

Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
2018-06-09 11:29:16 -07:00
zhenggen-xu
d2b1a0bcea [devices]: Add index and speed for port_config.ini on Celestica platform (#1780) 2018-06-09 11:21:01 -07:00
zhenggen-xu
83d9c7e593 [bcmsh] Fix the bcmsh issues. (#1761)
bcmsh is not copied to /usr/bin/ at host side
2018-06-06 15:39:23 -07:00
Mykola F
0ff7ba69f7 [sai.profile] move hwsku specific device configs to device/mellanox/platform/hwsku (#1768) 2018-06-06 10:05:46 -07:00
Joe LeVeque
711be8f7da [caclmgrd] Heuristically determine whether ACL is IPv4 or IPv6, use iptables/ip6tables accordingly (#1767)
* [caclmgrd] Heuristically determine whether ACL is IPv4 or IPv6, use iptables/ip6tables accordingly

* Check all rules in table until we find one with a SRC_IP
2018-06-05 03:24:30 -07:00
Qi Luo
eee36719ea
Revert the feature: serial port watchdog service (#1766)
* Revert "[serial watchdog] remove serial watchdog service dependency to rc.local (#1752)"
* Revert "[service] introducing serial port watchdog service (#1743)"
2018-06-04 21:06:58 -07:00
Qi Luo
d54a7ae566
[baseimage] Adding setuid permissions to ping binaries, so sudo is no longer needed (#1765) 2018-06-04 21:01:53 -07:00
Shuotian Cheng
b58a94dc53
[sonic-mgmt]: Install the latest Microsoft Azure Kusto Library for Python (#1756)
https://github.com/Azure/azure-kusto-python

azure-kusto-data Package provides the capability to query Kusto clusters with Python.
azure-kusto-ingest Package allows sending data to Kusto service - i.e. ingest data.

The removed package adal is a dependent of the Azure Kusto Library.
The removed azure-storage is deprecated and being replaced with new packages that are
also the dependents of the Azure Kusto Library. (https://github.com/Azure/azure-storage-python)

Signed-off-by: Shu0T1an ChenG <shuche@microsoft.com>
2018-06-01 11:33:13 -07:00
lguohan
e7d17c0a2b
[broadcom]: update brcm sai to 3.1.3.4-13 (#1760)
Signed-off-by: Guohan Lu <gulv@microsoft.com>
2018-06-01 08:13:58 -07:00