This pull request was cherry picked from "#1238" to resolve the conflicts.
- Why I did it
Add support to specify source address for TACACS+
- How I did it
Add patches for libpam-tacplus and libnss-tacplus. The patches parse the new option 'src_ip' and store the converted addrinfo. Then the addrinfo is used for TACACS+ connection.
Add a attribute 'src_ip' for table "TACPLUS|global" in configDB
Add some code to adapt to the attribute 'src_ip'.
- How to verify it
Config command for source address PR in sonic-utilities
config tacacs src_ip <ip_address>
- Description for the changelog
Add patches to specify source address for the TACACS+ outgoing packets.
- A picture of a cute animal (not mandatory but encouraged)
**UT logs: **
UT_tacacs_source_intf.txt
Resubmitting the changes for (#4825) with fixes for sonic-bgpcdgd test failures
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
also update submodule
* 01f810f 2020-07-02 | fix compiling issue for gcc8.3 (#1339) [lguohan]
* 9b13120 2020-07-03 | Fix in script to avoid orchagent crash when port down followed by fdb delete (#1340) [rupesh-k]
* 9b01844 2020-07-01 | [qosorch] Update QoS scheduler params for shaping features (#1296) [Michael Li]
* 86b5e99 2020-07-02 | [mirrororch] Port Mirroring implementation (#1314) [rupesh-k]
* c05601c 2020-06-24 | [portsyncd]: add debug message if a port cannot be found in port able (#1328) [lguohan]
* a0b6412 2020-06-23 | COPP_DEL_fix: DEL for one trap group from SONIC is resetting all the trap IDs (#1273) [SinghMinu]
Signed-off-by: Guohan Lu <lguohan@gmail.com>
make swss build depends only on libsairedis instead of syncd. This allows to build swss without depending
on vendor sai library.
Currently, libsairedis build also buils syncd which requires vendor SAI lib. This makes difficult to build
swss docker in buster while still keeping syncd docker in stretch, as swss requires libsairedis which also
build syncd and requires vendor to provide SAI for buster. As swss docker does not really contain syncd
binary, so it is not necessary to build syncd for swss docker.
* [submodule]: update sonic-sairedis
* ccbb3bc 2020-06-28 | add option to build without syncd (HEAD, origin/master, origin/HEAD) [Guohan Lu]
* 4247481 2020-06-28 | install saidiscovery into syncd package [Guohan Lu]
* 61b8e8e 2020-06-26 | Revert "sonic-sairedis: Add support to sonic-sairedis for gearbox phys (#624)" (#630) [Danny Allen]
* 85e543c 2020-06-26 | add a README to tests directory to describe how to run 'make check' (#629) [Syd Logan]
* 2772f15 2020-06-26 | sonic-sairedis: Add support to sonic-sairedis for gearbox phys (#624) [Syd Logan]
Signed-off-by: Guohan Lu <lguohan@gmail.com>
* Loopback IP changes for multi ASIC devices
multi ASIC will have 2 Loopback Interfaces
- Loopback0 has globally unique IP address, which is advertised by the multi ASIC device to its peers.
This way all the external devices will see this device as a single device.
- Loopback4096 is assigned an IP address which has a scope is within the device. Each ASIC has a different ip address for Loopback4096. This ip address will be used as Router-Id by the bgp instance on multi ASIC devices.
This PR implements this change for multi ASIC devices
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
If some table with a list of tuples (interface name, ip prefix) has ip prefixes without a mask length, it will cause issues in SONiC. For example quagga and frr will treat ipv4 address without a mask, so "10.20.30.40" address will be treated as "10.0.0.0/8", which is dangerous.
The fix here is that when pfx_filter get a tuple (interface name, ip prefix), where the ip prefix doesn't have prefix mask length, add a mask by default: "/32 for ipv4 addresses, /128 for ipv6 addresses".
Co-authored-by: Pavel Shirshov <pavel.contrib@gmail.com>
Updated the NAT iptables patch for 4.19 buster
Depends on PR : Azure/sonic-linux-kernel#147
1 Known issue:
With both NAT patch files for 4.19 buster kernel, seeing 1 display issue in iptables like explained below
On Docker NAT, iptables supported version is 1.6.0 and on base OS it’s 1.8.2. So seeing an display issue of which fullcone option is not showing in version 1.8.2 iptables output and no issues in functionality.
Display issue – For example of comparsion:
NAT Docker:
root@sonic:/home/admin# docker exec -it nat bash
root@sonic:/# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT all -- * * 0.0.0.0/0 0.0.0.0/0 to:1.1.1.1 fullcone
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 30 packets, 2749 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 30 packets, 2749 bytes)
pkts bytes target prot opt in out source destination
root@sonic:/#
Base OS:
root@sonic:/home/admin# iptables-legacy -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1 36 DNAT all -- * * 0.0.0.0/0 0.0.0.0/0 to:1.1.1.1
Chain INPUT (policy ACCEPT 1 packets, 36 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 41 packets, 3572 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 41 packets, 3572 bytes)
pkts bytes target prot opt in out source destination
root@sonic:/home/admin#
To fix this issue, iptables need to update from 1.6.0 to 1.8.2 version and have to update the NAT docker from stretch to buster. Will raise a new PR with this.
Signed-off-by: Akhilesh Samineni akhilesh.samineni@broadcom.com
Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
* [systemd-generator]: Fix the code to make sure that dependencies
of host services are generated correctly for multi-asic platforms.
Add code to make sure that systemd timer files are also modified
to add the correct service dependency for multi-asic platforms.
Signed-off-by: SuvarnaMeenakshi <sumeenak@microsoft.com>
* [systemd-generator]: Minor fix, remove debug code and
remove unused variable.
* src/sonic-platform-common 75698a8...82bbeab (9):
> [sfputil] Make SfpUtilHelper.get_physical_to_logical noexcept as in SfpUtilBase (#96)
> [sfp_base] Update return value documentation of channel-specific methods (#98)
> [sfp] Tweak key names of some transceiver info fields (#97)
> fix typo: portconfig.ini to port_config.ini (#94)
> [chassis_base] Add platform API support for system LED (#91)
> Add PCIe check commad (#64)
> [sfputilbase.py] Don't try to print EEPROM sysfs file name if we failed to read from it (#81)
> [sfputilbase | sfputilhelper] Add support of platform.json (#72)
> [eeprom] Add try-except to catch the IOError (#85)
* src/sonic-platform-daemons 0f4fd83...abe115e (2):
> [xcvrd] Tweak some transceiver info key names (#62)
> [psud][thermalctld] Always get fan/PSU LED status from platform API to avoid status inconsistencies (#59)
* src/sonic-utilities fd7781b...16a33f2 (9):
> [config] Fix syntax error (#966)
> [config] Fix indentation level in _get_disabled_services_list() (#965)
> a4e64d1 [sonic_installer] Refactor sonic_installer code (#953)
> 90efd62 [Show | Command Reference] Add Port breakout Show Command (#859)
> [sfpshow][mock_state_db] Tweak key names of some transceiver info fields (#958)
> [show] Add missing verbose option to "show line" (#961)
> [filter-fdb] Check VLAN Presence When Filter FDB (#957)
> [master]fix #4716 show ipv6 interfaces neighbor_ip is N/A issue (#948)
> Fix for command. show interface transceiver eeprom -d Ethernet (#955)
Note: sonic-utilities update fixes#4716
* c60b1f4 2020-06-26 | e1000: Do not perform reset in reset_task if we are already down (#148) (HEAD -> master, origin/master, origin/HEAD) [lguohan]
* c6aeedd 2020-06-25 | Updated NAT kernel patch for 4.19 buster (#147) [Akhilesh Samineni]
Signed-off-by: Guohan Lu <lguohan@gmail.com>
To enable tagged vlan support by minigraph parser. This enables us to generate a config_db file that will enable SONiC device to operate using tagged and untagged vlan.
- Why I did it
New repo sonic-mgmt-common is introduced for the common translib related code. This commit adds build rules for this new repo.
- How I did it
Added sonic-mgmt-common submodule
Added build rules for the new sonic-mgmt-common repo. It creates two deb packages -- sonic-mgmt-common_1.0.0_{arch}.deb and sonic-mgmt-common-codegen_1.0.0_{arch}.deb. Package cache is enabled.
Added dependency on sonic-mgmt-common for mgmt-framework and telemetry debs and dockers.
- How to verify it
Full build and incremental builds
Basic ACL and interface opreations through REST, KLISH CLI and gNMI
- Description for the changelog
Git submodule and build rules for the new sonic-mgmt-common repo.
* Add secureboot support in boot0
* Initramfs changes for secureboot on Aboot devices
* Do not compress squashfs and gz in fs.zip
It doesn't make much sense to do so since these files are already
compressed.
Also not compressing the squashfs has the advantage of making it
mountable via a loop device.
* Add loopoffset parameter to initramfs-tools
**- What I did**
Add support of **platform.json** parsing to **portconfig.py** file which is being used by **_sonic-cfggen_** and ***minigraph.py*** file under ***src/sonic-config-engine*** folder to get port config via get_port_config function.
**- How I did it**
1. **portconfig.py** file will first check whether the **platform.json** file is there or not. if not then whether port_config.ini file is there or not. Modified **get_port_config_file_name** for this purpose.
2. Added two separate functions i.e. **parse_platform_json_file** to get port attributes from **platform.json** and **gen_port_config** to generate port attributes.
3. Added another two functions i.e get_breakout_mode parse_breakout_mode to get breakout mode and parse breakout mode from platform.json respectively.
**- How to verify it**
rebuilt "sonic_config_engine-1.0" wheel package with all the test cases.All the below-mentioned test cases passed.
```
# Check whether all interfaces present or not as per platform.json
def test_platform_json_interfaces_keys(self):
# Check specific Interface with it's proper configuration as per platform.json
def test_platform_json_specific_ethernet_interfaces(self):
# Check all Interface with it's proper configuration as per platform.json
def test_platform_json_all_ethernet_interfaces(self):
```
Signed-off-by: Sangita Maity <sangitamaity0211@gmail.com>
* src/sonic-utilities 5765570...a21e01a (13):
> [config] Don't attempt to restart disabled services (#944)
> [crm] Use swsssdk API instead of redis-cli for getting keys from redis DB (#943)
> Fixed fast-reboot for BFN platform (#871)
> [sfputil] Add support of platform.json (#767)
> [show] Add support for SONiC Gearbox Manager via new gearboxutil utility (#931)
> [warm-reboot]: added pre-check for ISSU file (#915)
> Add_intf_range (#913)
> add fec config/show option (#764)
> Make sure db_migrator is run after all config are loaded during (#926)
> Changes to make lldp show command for multi-npu platforms. (#914)
> [showtech]: add knet dump information in show tech (#925)
> Vnet alias mapping (#924)
> Revert the change to kdump reboot (#916)
- Add .gitignore files in each subdirectory of src/, so as to reduce the size of the .gitignore file in the project root, and also make it easier to maintain (i.e., if a directory in src/ is removed, there will not be outdated entries in the root .gitignore file.
- Also add missing .gitignore entries and remove outdated entries and duplicates.
The -sv2 suffix was used to differentiate SNMP Dockers when we transitioned from "SONiCv1" to "SONiCv2", about four years ago. The old Docker materials were removed long ago; there is no need to keep this suffix. Removing it aligns the name with all the other Dockers.
Update sonic-snmpagent submodule with PRs:
89b7b2c [Multi-asic]: Namespace support for LLDP and Sensor tables (#131)
fcb8955 Simplify test code (#132)
a677876 [Multi-asic]: Support multi-asic platform (#126)
update sonic-py-swsssdk submodule with PRs:
132f8d5 [MultiDB]: use python class composition to avoid confusion in base class (#74)
Signed-off-by: SuvarnaMeenakshi <sumeenak@microsoft.com>
- What I did
In order to allow the SONiC community to check in platform capability file i.e. platform.json
file directly under device folder. We need to add this test to make sure the contents of the this file is compliant with platform capability design specified in DPB HLD doc
- How I did it
Added platformJson_checker.py file in Test folder.
Signed-off-by: Sangita Maity <sangitamaity0211@gmail.com>
* Update sonic-sairedis (sairedis with SAI 1.6 headers)
* Update SAIBCM to 3.7.4.2, which is built upon SAI1.6 headers
* missed updating BRCM_SAI variable, fixed it
* Update SAIBCM to 3.7.4.2, updated link to libsaibcm
* [Mellanox] Update SAI (release:v1.16.3; API:v1.6)
Signed-off-by: Volodymyr Samotiy <volodymyrs@mellanox.com>
* Update sonic-sairedis pointer to include SAI1.6 headers
* [Mellanox] Update SDK to 4.4.0914 and FW to xx.2007.1112 to match SAI 1.16.3 (API:v1.6)
Signed-off-by: Volodymyr Samotiy <volodymyrs@mellanox.com>
* ensure the veth link is up in docker VS container
* ensure the veth link is up in docker VS container
* [Mellanox] Update SAI (release:v1.16.3.2; API:v1.6)
Signed-off-by: Volodymyr Samotiy <volodymyrs@mellanox.com>
* use 'config interface startup' instead of using ifconfig command, also undid the previous change'
Co-authored-by: Volodymyr Samotiy <volodymyrs@mellanox.com>
Changes:
-- Removing the part where build dependencies are installed in setup.py.
-- Adding build dependencies in corresponsing rules\..*.mk file.
Signed-off-by: Praveen Chaudhary pchaudhary@linkedin.com
* [platform]: Add a new supported platform, Delta-agc032
Switch Vendor: Delta
Switch SKU: Delta-agc032
CPU: BROADWELL-DE
ASIC Vendor: Broadcom
Switch ASIC: Tomahawk3, BCM56980
Port Configuration: 32x400G + 2x10G
- What I did
Add a new Delta platform Delta-agc032.
- How I did it
Add files by following SONiC Porting Guide.
- How to verify it
1. decode-syseeprom
2. sensors
3. psuutil
4. sfputil
5. show interface status
6. bcmcmd
Signed-off-by: zoe-kuan <ZOE.KUAN@deltaww.com>
**- Why I did it**
Advance sonic-py-swsssdk submodule to fix#4632
**- How I did it**
In py3, the response from redis connector is encoded as byte array. They
need to be decoded before accessing them as strings.
Use following commands to test
sonic-db-cli CONFIG_DB "keys *"
sonic-db-cli CONFIG_DB "hget PORT|Ethernet0 admin_status"
**- How to verify it**
sonic-db-cli CONFIG_DB "keys *"
sonic-db-cli CONFIG_DB "hget PORT|Ethernet0 admin_status"
Signed-off-by: Rajendra Dendukuri <rajendra.dendukuri@broadcom.com>
