* [kernel] Upgrade kernel to version 4.9.168-1+deb9u5
- Picking up security patches.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* advance linux-kernel sub module head
- What I did
Move the enabling of Systemd services from sonic_debian_extension to a new systemd generator
- How I did it
Create a new systemd generator to manually create symlinks to enable systemd services
Add rules/Makefile to build generator
Add services to be enabled to /etc/sonic/generated_services.conf to be read by the generator at boot time
Signed-off-by: Lawrence Lee <t-lale@microsoft.com>
ARM Architecture support in SONIC
make configure platform=[ASIC_VENDOR_ARCH] PLATFORM_ARCH=[ARM_ARCH]
SONIC_ARCH: default amd64
armhf - arm32bit
arm64 - arm64bit
Signed-off-by: Antony Rheneus <arheneus@marvell.com>
* Upgrade ifupdown2 to version 1.2.8
Required by ZTP to support ZTP over IPv6 transport
Signed-off-by: Rajendra Dendukuri <rajendra.dendukuri@broadcom.com>
* Added debug symbols to many debug dockers.
* For debug images *only*:
1) Archive source files into debug image
2) Archived source is copied into /src
3) Created an empty dir /debug
4) Mount both /src as ro & /debug as rw into every docker
5) Login banner will give some details on /src & /debug
6) Devs can copy core file into /debug and view it from inside a container.
7) Dev may create all gdb logs and other data directly into /debug.
* Dropped redundant REDIS_TOOLS per review comments.
* Added debug symbols to frr package and hence FRR based BGP docker.
* 1) Moved dbg_files.sh to scripts/
2) Src directories to archive are now collected from individual Makefiles.
3) Added few more debug symbols
4) Added few more debug dockers.
Here after no more changes except per review comments.
To debug:
Install required version of debug image in Switch or VM.
Copy core file into /debug of host
Get into Docker
gdb /usr/bin/<daemon> -c /debug/<your core file>
set directory /src/... <-- inside gdb to get the source
For non-in-depth debugging:
Download corresponding debug Docker image (docker-...-dbg.gz) to your VM
Load the image
Run image with entrypoint as 'bash' with dir containing core mapped in.
Run gdb on the core.
This is a follow-up of sonic-snmpagent PR 92
Now that licensing issues have been solved FRR is distributed with SNMP
support compiled-in. This PR adds the last bits of configuration to get
the frr-snmp debian packages added to the docker container and the
config bits to enable the snmp module in FRR
This PR brings the functionality of being able to poll bgpd for routes
and peer status.
Signed-off-by: Michel Moriniaux <m.moriniaux@criteo.com>
* [submodule] update sonic-linux-kernel
* update linux kernel version
* Fix many version strings
* update mellanox components (built with new kernel)
* [mlnx] add make files for SDK WJH libs
* Update arista driver submodule (#8)
Make the debian packaging point to a newer kernel version.
* Update frr to frr-7.0.1
* Fix a typo
* Set right permissions on /etc/frr
* Convert external file links from debian to Azure
* Revert python3 fix
* Build frr using more than 1 job
* Add SWIG as dependency for libswss-common
* [frr]: change frr as default sonic routing stack
* fix quagga configuration
* [vstest]: fix bgp test for frr
* [vstest]: skip bgp/test_invalid_nexthop.py for frr
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* [service] Restart SwSS Docker container if orchagent exits unexpectedly
* Configure systemd to stop restarting swss if it attempts to restart more than 3 times in 20 minutes
* Move supervisor-proc-exit-listener script
* [docker-dhcp-relay] Enhance wait_for_intf.sh.j2 to utilize STATEDB
* Ensure dependent services stop/start/restart with SwSS
* Change 'StartLimitInterval' to 'StartLimitIntervalSec', as Stretch installs systemd 232 (>= v230)
* Also update journald.conf options
* Remove 'PartOf' option from unit files
* Add '$(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)' to new shared docker-orchagent makefile
* Make supervisor-proc-exit-listener script read from 'critical_processes' file inside container
* Update critical_processes file for swss container
* Base DHCP relay Docker image on Strech base Docker
* Change URL for isc-dhcp source repository
* Upgrade isc-dhcp source branch to 4.3.5-3.1
* Update patch #0001 to apply to isc-dhcp 4.3.5-3.1
* Update patch #0002 to apply to isc-dhcp 4.3.5-3.1
* Update patch #0003 to apply to isc-dhcp 4.3.5-3.1
* Update patch #0004 to apply to isc-dhcp 4.3.5-3.1
* Remove security patches, as they are now applied as part of 4.3.5-3.1 source
* Reorder patches to apply bug fix first, then features
* Extend makefile to build debug Docker image
* Update commit that series file applies against
Overall goal: Build debug images for every stretch docker.
An earlier PR (#2789) made the first cut, by transforming broadcom/orchagent to build target/docker-orhagent-dbg.gz.
Changes in this PR:
Made docker-orchagent build to be platform independent.
1.1) Created rules/docker_orchagent.mk
1.2) Removed platform//docker-orchagent-*.mk
1.3) Removed the corresponding entry from platform//rules.mk
Extended the debug docker image build to stretch based syncd dockers.
2.1) For now, only mellanox & barefoot are stretch based.
2.2) All the common variable definitions are put in one place platform/template/docker-syncd-base.mk
2.3) platform/[mellanox, bfn]/docker-syncd-[mlnx, bfn].mk are updated as detailed below.
2.3.1) Set platform code and include template base file
2.3.2) Add the dependencies & debug dependencies and any update over what base template offers.
Extended all stretch based non-platform dockers to build debug dockers too.
3.1) Affected are:
docker-database.mk,
docker-platform-monitor.mk,
docker-router-advertiser.mk,
docker-teamd.mk,
docker-telemetry.mk
Next: Build debug flavor of final images with regular dockers replaced with debug dockers where available.
* [dockers]: Upgrade SNMP docker to stretch build
* Removed patch-> 0003-CHANGES-BUG-2743-snmpd-crashes-when-receiving-a-GetN.patch
* update platform-common submodule
* adding PyYAML package to stretch dockerfile
* Installing redis package via pip in stretch dockerfile
* again updating platform-common submodule
* revert back the snmpd version to 5.7.3+dfsg-1.5
* upgrading the snmpd version to 5.7.3+dfsg-1.7+deb9u1 with openssl backport support
* update sonic-snmpagent submodule
* purge libdpkg-perl package in Dockerfile
* revert back the snmpd version to 5.7.3+dfsg-1.5
* minor change in series file
* Updated Makefile infrastructure to build debug images.
As a sample, platform/broadcom/docker-orchagent-brcm.mk is updated to add a docker-orchagent-brcm-dbg.gz target.
Now "BLDENV=stretch make target/docker-orchagent-brcm-dbg.gz" will build the debug image.
This debug image can be used in any linux box to inspect core file. If your module's external dependency can be suitably mocked, you my even manually run it inside.
"docker run -it --entrypoint=/bin/bash e47a8fb8ed38"
You may map the core file path to this docker run.
* Dropped the regular binary using DBG_PACKAGES and a small name change to help readability.
* Tweaked the changes to retain the existing behavior w.r.t INSTALL_DEBUG_TOOLS=y.
When this change ('building debug docker image transparently') is extended to all dockers, this flag would become redundant. Yet, there can be some test based use cases that rely on this flag.
Until after all the dockers gets their debug images by default and we switch all use cases of this flag to use the newly built debug images, we need to maintain the existing behavior.
* [vm build] force Linux to drop cache before calling kvm
KVM need to allocate 2G memory for this build. The system memory might
be occupied by cache at the moment and doesn't have 2G chunk to give
out. Forcing Kernel to drop cache to boost the chance of getting 2G
memory.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [make] add option to enable/disable VS build memory preparation
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
DaemonBase is to wrap the common function of daemons, such as logging,
signal handling, db connector, load specific platform plugins.
Signed-off-by: Kevin Wang <kevinw@mellanox.com>
* Upgrade database and telemetry docker to stretch build
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Remove SONIC_STRETCH_DEBS list add for redis and telemetry
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* [docker-radvd]: upgrade docker radvd to stretch based
* install jinja>=2.10
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* install pip packages for testing sonic-utilities
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* set storage driver to vfs
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* [build]: put stretch debian packages under target/debs/stretch/
* in stretch build phase, all debian packages built in that stage are placed under target/debs/stretch directory.
* for python-based debian packages, since they are really the same for jessie and stretch, they are placed under target/python-debs directory.
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* Build a Docker base image based on Debian Stretch
* Build a config-engine Docker image based on Stretch
* Do not install socat from Debian repo
* Add changes that were made to docker-base since this PR was opened
* Add psud daemon to pmon container
* Update submodule sonic-platform-daemons
Submodule update sonic-platform-daemons:
e5d8155 - [sonic-psud] add a new daemon sonic-psud to platform monitor (#20)
Signed-off-by: Kevin Wang <kevinw@mellanox.com>
* [security kernel] Upgrade kernel from 4.9.110-3+deb9u2 to 4.9.110-3+deb9u6
short version: 4.9.0-7 to 4.9.0-8
See changelogs for security fixes:
https://tracker.debian.org/media/packages/l/linux/changelog-4.9.110-3deb9u6
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* Update sonic-linux-kernel submodule after it was merged
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* [warmboot] Load database from `redis-cli save`
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Add trivial statement to make bash function valid
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Update submodule sonic-utilities: Use 'redis-cli save' to dump database to file
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Move configdb-load.sh outside docker, and only run in cold
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Fix for more strict warm check
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Restore neighbor table to kernel during system warm-reboot
Added a service: "restore_neighbors" to restore neighbor table into
kernel during system warm reboot. The service is started by supervisord
in swss docker when the docker is started.
In case system warm reboot is enabled, it will try to restore the neighbor
table from appDB into kernel through netlink API calls and update the neighbor
table by sending arp/ns requests to all neighbor entries, then it sets the
stateDB flag for neighsyncd to continue the reconciliation process.
-- Added tcpdump python-scapy debian package into orchagent and vs dockers.
-- Added python module: pyroute2 netifaces into orchagent and vc dockers.
-- Workarounded tcpdump issue in the vs docker
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* Move the restore_neighbors.py to sonic-swss submodule
Made changes to makefiles accordingly
Make dockerfile.j2 changes and supervisord config changes
Add python monotonic lib for time access
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* Added PYTHON_SWSSCOMMON as swss runtime dependency
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* FRR 4.0 integration with SONiC
-- Uses SONiC FRR repo frr/4.0 (which has SONiC support) to build image
-- Makefile changes to make frr4.0 builtable.
-- Updated/Added FRR configuration files
-- bgpd jinja template fixes
To build SONiC images with FRR4.0, simply edit rules/config file and change
routing stack to following:
SONIC_ROUTING_STACK = frr
and then build images as usual.
* Used integrated-vtysh-config in FRR
Changed to single template: frr.conf.j2 for configuration and added tests
Call add_extra_package instead add_derived_package. Because the 'extra'
package doesn't require 'base' package to be installed to be built.
This change enables make stretch with multiple threads.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [baseimage]: install picocom 3.1 in base image
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* add picocom to stretch build
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* fix slave.mk bug
Signed-off-by: Guohan Lu <gulv@microsoft.com>
The behavior could be that we are sending LLDP message but not using
lldpcli configured properties if netlink delete messages were lost.
It also could be that some interfaces do not sending messages at all.
"lldpcli show statistics" could see duplicated or missing interfaces.
Changes:
Upgrade lldpd to 0.9.6 (which introduced the adjustable netlink buffer size)
Change the netlink receive buffer size to 1MB
* [docker-platform-monitor] make file and supervisord conf change for new xcvrd deamon
* make file change for the new daemon
* supervisord conf change for the new daemon
signed-off-by Liu Kebo kebol@mellanox.com
* make xcvrd start sequence aligned with the supervisord conf
* update submodules to include xcvrd modification
* Fix for bash's memory-leak
Memory leak is observed during the execution of scripts that make use of bash-arrays. In scenarios where the offending script is executed on a regular basis (e.g. fancontrol), the leaking process may end up consuming most of the system resources.
In this PR i'm replacing bash in all the contexts where it executes (both host and dockers). The official patch for this issue is here: https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-040
* Fixing minor issue during code-merge
Signed-off-by: Rodny Molina <rmolina@linkedin.com>
* [make] introducing new build option KERNEL_BUILD_METHOD
- Kernel could be built from source files with method 'build'
- Kernel could be downloaded from Azure storage with method 'download'
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* Replace BUILD with PROCURE
* fix typo
* [docker-base] Instruct apt-get to NOT install 'recommended' or 'suggested' packages
* Modify docker-fpm-quagga, docker-snmp-sv2 and docker-sonic-vs Dockerfile templates in order to properly install .deb dependencies
* REDIS_SERVER depends on REDIS_TOOLS; ensure REDIS_TOOLS is always installed before REDIS_SERVER
* Fix tcpdmatch dependency
Issue: sonic_debian_extension.j2 uses tcpdmatch from src folder
which is result of libwrap build
Fix: added tcpd.deb to build results and extract required files
from build results
* Install libwrap0 and tcpd deb packages
* SONiC system telemetry Support
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Update package name from telemetry to sonic-telemetry
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Upgrade linux-image version
* Add missing dependency of igb
* Fix mft build rule
* Add missing dependency of ixgbe
* [Broadcom]: Update OpenNSL modules to be compatible with kernel 3.16.0-5 (#3)
* [Nephos] Update SDK version to support new kernel module 3.16.0-5 (#4)
* [mellanox]: Update URL for SDK (#5)
* Add patch to prevent 'supervisorctl start' command from hanging if system time has rolled backward
* Also add unit tests for clock rollback scenarios
* Fix build of libsaithrift for broadcom
* Restore libsaithrift-dev building
* Comment out libsaithrift library on cavium and marvell. Both of them have old SAI drivers
* Revert back unintentional acton changes
* Don't run the package checks when building sairedis package
* Add switch ASIC vendor and platforms for Nephos
- What I did
Add switch ASIC vendor: Nephos
Add Nephos platforms: Ingrasys S9130-32X, Ingrasys S9230-64X
- How I did it
Add platform/nephos files
Add platform/nephos/sonic-platform-modules-ingrasys submodule
Add device/ingrasys/x86_64-ingrasys_s9130_32x-r0 files
Add device/ingrasys/x86_64-ingrasys_s9230_64x-r0 files
Add SONiC to support Nephos platform
- How to verify it
To build SONiC installer image and docker images, run the following commands:
make configure PLATFORM=nephos
make target/sonic-nephos.bin
Check system and network feature is worked as well
- Description for the changelog
Add switch ASIC vendor and platforms for Nephos
- A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: Sam Yang <yang.kaiyu@gmail.com>
* Advance sonic-sairedis submodule to include #271 (Add Nephos ASIC)
* asyncsnmp depends on sonic-utilities so it is possible to import sonic_psu
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Ignore sonic_utilities test during build
* [TACACS+]: Add support for TACACS+ Authentication
* pam_tacplus - A TACACS+ protocol client library and PAM module to
supports core TACACS+ functions for AAA.
* nss_tacplus - A NSS plugin for TACACS+ to extend function getpwnam,
make the TACACS+ authenticated user which is not found in local
could login successfully.
* Add make rules for pam_tacplus and install script
* Add a patch for pam_tacplus to disable pam-auth-update pam-tacplus
by default
* Add a patch for pam_tacplus to inlucde and build nss_tacplus
Signed-off-by: chenchen.qcc@alibaba-inc.com
* [TACACS+]: Add nss-tacplus as a separate src repo
* Separate nss-tacplus from pam-tacplus, modify tacacs.mk and
makefile, add a patch to adapt to the new user map profile.
* Use the lastest stable version for pam-tacplus, add a dependent
package in sonic-salve, add two patches to fix build error.
* Add scripts to disable tacplus by default.
* Remove hostcfgd service file
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
* [TACACS+]: Fix nss-tacplus filter some valid TACACS+ username
* The NAME_REGEX for username check in plugin nss-tacplus is
the ANSI version "^[0-9a-zA-Z_-\ ]*$", but the regular expression
in /etc/adduser.conf is not defined as ANSI version. To avoid
nss-tacplus filter some valid TACACS+ username, remove username
check.
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
- Found a bug in v4.3.1-6 in which dhcrelay would not start if
passed an interface name with a length of 15 characters due
to truncated copy of interface name in common/lpf.c.
Bug was fixed in v4.3.2.
- v4.3.3-6 is the newest version we can build for Debian Jessie, as all
newer versions require newer versions of debhelper and
libbind-export-dev dependencies than are available for Jessie.
* [build]: sonic-utilities package now depends on swsssdk; add build dependency
* Now building sonic-utilities Python package in wheel format
* Update sonic-utilities submodule
* Change output wheel name to match proper format
* Framework to plugin Organization specific scripts
* Framework to plugin Organization specific scripts
* Framework to plugin Organization specific scripts
* add getopt option to organization script
* Bump sonic-platform-modules-arista submodule
* Allow image specific mount option for containers
* Add led plugin for DCS-7060CX-32S
* Add led plugin for DCS-7260CX3-64
* [cfggen] Support reading from and writing to configdb
* [bgp] Move bgp_admin_state to configdb, support dynamic admin state change
* [sonic-utilities] Adapt configDB for admin status, support config save and config load
Print current build configuration before run
Update screen with currently running targets (only available if TERM is
available)
Change format of printed targets
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* [config]: Add SONIC_CONFIG_MAKE_JOBS
This config option allows user to specify -j value that will be passed
to each package build.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Add docker-dhcp-relay/Dockerfile to .gitignore
* Add isc-dhcp-relay .deb package to image build process, along with my Option 82 patch
* Install custom isc-dhcp-relay in dhcp_relay docker
* Install isc-dhcp-relay build dependencies in sonic-slave Docker container
* Copy the built .deb package to the destination directory
* Add dependencies for isc-dhcp-relay
* Change Option 82 string to '<hostname>:<portname>'
* Install dependencies of .deb files implicitly in Dockerfile
* Remove unused line
* Remove unnecessary space
* [bgp] Save admin state and set default state to shutdown
* Set default behavior to no shutdown
* Add build option SHUTDOWN_BGP_ON_START
* Script change for default admin state to be on
* Address CR comments to bgp_neighbor script
* Fix script bug
Under rules/config now there's additional configuration option
ENABLE_SYNCD_RPC that allows building SONIC installer with
docker-syncd-*-rpc for evaluation purposes.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
- Extending SONiC building infrastructure to provide users
with greater flexibility, by allowing them to elect a
routing-stack different than the default one (quagga). The desired
routing-stack will be defined in rules/config file.
- As part of these changes I'm adding support for
Free-Range-Routing (FRR) stack. Quagga will continue to be
the default routing-stack.
Signed-off-by: Rodny Molina <rodny@linkedin.com>
* [build]: Include SONiC version into installer.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Append dirty if contains local changes
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Update config
* Use correct name for kernel version field
* Update sysDescription.j2