- move single instance services into their own folder
- generate Systemd templates for any multi-instance service files in slave.mk
- detect single or multi-instance platform in systemd-sonic-generator based on asic.conf platform specific file.
- update container hostname after creation instead of during creation (docker_image_ctl)
- run Docker containers in a network namespace if specified
- add a service to create a simulated multi-ASIC topology on the virtual switch platform
Signed-off-by: Lawrence Lee <t-lale@microsoft.com>
Signed-off-by: Suvarna Meenakshi <Suvarna.Meenaksh@microsoft.com>
wget creates empty file on failure which makes subsequent make runs
think that file is already there and won't try to download it again.
e.g.:
$ make target/files/stretch/fw-SPC-rel-13_2000_2602-EVB.mfa
...
Fails to download
...
$ ls target/files/stretch/fw-SPC-rel-13_2000_2602-EVB.mfa
target/files/stretch/fw-SPC-rel-13_2000_2602-EVB.mfa
$ make target/files/stretch/fw-SPC-rel-13_2000_2602-EVB.mfa
make: `target/files/stretch/fw-SPC-rel-13_2000_2602-EVB.mfa' is up to
date.
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
Delay CPU intensive services at boot
- How I did it
Made snmp.timer work and add telemetry.timer.
But this is not enough because it breaks the existing snmp dependency on swss.
So, in this solution snmp timer is a wanted by swss service, but since OnBootSec timer expires only once it will not trigger snmp service, so I added line "OnUnitActiveSec=0 sec" which will start snmp service based on the last time it was active. On boot only OnBootSec will expire, on swss start/restarts only second timer will expire immediately and trigger snmp service.
However, snmp service will not stop after "systemctl stop snmp" because of the second timer which will always expire when snmp service because unavailable.
So there is a conflict which will be handled by systemd if we add "Conflicts=" line to both snmp.service and snmp.timer.
So during boot:
snmp does not start by default
swss starts and starts snmp timer
OnUnitActiveSec=0 does not expire since there is no snmp active
OnBootSec expires and starts snmp service and snmp timer gets stopped
During "systemctl restart swss"
snmp stops because of Requisite on swss
snmp unblocks snmp timer from running
swss starts and starts snmp timer
OnUnitActiveSec=0 expires imidiately and start snmp which stops snmp timer
During "systemctl stop snmp"
stop of snmp service unblocks snmp timer but no one starts the timer so it is not started by "OnUnitActiveSec=0"
* Build sonic-ztp package
- Add changes in make rules to conditionally include sonic-ztp package
Signed-off-by: Rajendra Dendukuri <rajendra.dendukuri@broadcom.com>
* In the event of a kernel crash, we need to gather as much information
as possible to understand and identify the root cause of the crash.
Currently, the kernel does not provide much information, which make
kernel crash investigation difficult and time consuming.
Fortunately, there is a way in the kernel to provide more information
in the case of a kernel crash. kdump is a feature of the Linux kernel
that creates crash dumps in the event of a kernel crash. This PR
will add kermel kdump support.
An extension to the CLI utilities config and show is provided to
configure and manage kdump:
- enable / disable kdump functionality
- configure kdump (how many kernel crash logs can be saved, memory
allocated for capture kernel)
- view kernel crash logs
slave.mk: add SONIC_PLATFORM_API_PY2 as dependency of host
sonic_debian_extension.j2: install sonic_daemon_base and Mellanox-specific sonic_platform on host
mlnx-platform-api.mk: export mlnx_platform_api_py2_wheel_path for sonic_debian_extension.j2
sonic-daemon-base.mk: export daemon_base_py2_wheel_path for sonic_debian_extension.j2
daemon_base.py: hind unnecessary dependency of swss_common on host
Introduce a new "sflow" container (if ENABLE_SFLOW is set). The new docker will include:
hsflowd : host-sflow based daemon is the sFlow agent
psample : Built from libpsample repository. Useful in debugging sampled packets/groups.
sflowtool : Locally dump sflow samples (e.g. with a in-unit collector)
In case of SONiC-VS, enable psample & act_sample kernel modules.
VS' syncd needs iproute2=4.20.0-2~bpo9+1 & libcap2-bin=1:2.25-1 to support tc-sample
tc-syncd is provided as a convenience tool for debugging (e.g. tc-syncd filter show ...)
* slave.mk
* .gitignore
The SONIC_PYTHON_STDEB_DEBS group is part of SONIC_CLEAN_DEBS
for cleaning with 'make clean', but this group is overlooked
since they reside in PYTHON_DEBS_PATH, not DEBS_PATH. This
fix creates a separate clean rule for SONIC_PYTHON_STDEB_DEBS.
Also noticed the .arch file showing up on 'git status' so
added it to .gitignore.
Signed-off-by: Greg Paussa <greg.paussa@broadcom.com>
* [Makefile/slave docker] ARM arch doesn't support few packages
iproute2 is missing for ARM sonic-slave docker
Signed-off-by: Antony Rheneus <arheneus@marvell.com>
ARM Architecture support in SONIC
make configure platform=[ASIC_VENDOR_ARCH] PLATFORM_ARCH=[ARM_ARCH]
SONIC_ARCH: default amd64
armhf - arm32bit
arm64 - arm64bit
Signed-off-by: Antony Rheneus <arheneus@marvell.com>
* Upgrade ifupdown2 to version 1.2.8
Required by ZTP to support ZTP over IPv6 transport
Signed-off-by: Rajendra Dendukuri <rajendra.dendukuri@broadcom.com>
* Added debug symbols to many debug dockers.
* For debug images *only*:
1) Archive source files into debug image
2) Archived source is copied into /src
3) Created an empty dir /debug
4) Mount both /src as ro & /debug as rw into every docker
5) Login banner will give some details on /src & /debug
6) Devs can copy core file into /debug and view it from inside a container.
7) Dev may create all gdb logs and other data directly into /debug.
* Dropped redundant REDIS_TOOLS per review comments.
* Added debug symbols to frr package and hence FRR based BGP docker.
* 1) Moved dbg_files.sh to scripts/
2) Src directories to archive are now collected from individual Makefiles.
3) Added few more debug symbols
4) Added few more debug dockers.
Here after no more changes except per review comments.
To debug:
Install required version of debug image in Switch or VM.
Copy core file into /debug of host
Get into Docker
gdb /usr/bin/<daemon> -c /debug/<your core file>
set directory /src/... <-- inside gdb to get the source
For non-in-depth debugging:
Download corresponding debug Docker image (docker-...-dbg.gz) to your VM
Load the image
Run image with entrypoint as 'bash' with dir containing core mapped in.
Run gdb on the core.
* [build]: wait 60 seconds for docker engine to start
On some platforms, it can take more than 1 second for docker
engine to start.
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* Updated Makefile infrastructure to build debug images.
As a sample, platform/broadcom/docker-orchagent-brcm.mk is updated to add a docker-orchagent-brcm-dbg.gz target.
Now "BLDENV=stretch make target/docker-orchagent-brcm-dbg.gz" will build the debug image.
NOTE: If you don't specify NOSTRETcH=1, it implicitly calls "make stretch", which builds all stretch targets and that would include debug dockers too.
This debug image can be used in any linux box to inspect core file. If your module's external dependency can be suitably mocked, you my even manually run it inside.
"docker run -it --entrypoint=/bin/bash e47a8fb8ed38"
You may map the core file path to this docker run.
* Dropped the regular binary using DBG_PACKAGES and a small name change to help readability.
* Tweaked the changes to retain the existing behavior w.r.t INSTALL_DEBUG_TOOLS=y.
When this change ('building debug docker image transparently') is extended to all dockers, this flag would become redundant. Yet, there can be some test based use cases that rely on this flag.
Until after all the dockers gets their debug images by default and we switch all use cases of this flag to use the newly built debug images, we need to maintain the existing behavior.
* 1) slave.mk - Dropped unused Docker build args
2) Debug template builder: renamed build_dbg_j2.sh to build_debug_docker_j2.sh
3) Dropped insignifcant statement CMD from debug Docker file, as base docker has Entrypoint.
* Reverted some changes, per review comments.
"User, uid, guid, frr-uid & frr-guid" are required for all docker images, with exception of debug images.
* Get in sync with the new update that filters out dockers to be built (SONIC_STRETCH_DOCKERS_FOR_INSTALLERS) and build debug-dockers only for those to be built and debug target is available.
* Mkae a template for each target that can be shared by all platforms.
Where needed a platform entry can override the template.
This avoids duplication, hence easier to maintain.
* A small change, that can fit better with other targets too.
Just take the platform code and do the rest in template.
* Extended debug to all stretch based docker images
* 1) Combined all orchagent makefiles into one platform independent make under rules/docker-orchagent.mk
2) Extened debug image to all stretch dockers
* Changes per review comments:
1) Dropped LIBSAIREDIS_DBG from database, teamd, router-advertiser, telemetry, and platform-monitor docker*.mk files from _DBG_DEPENDS list
2) W.r.t docker make for syncd, moved DEPENDS from template to specific makefile and let the template has stuff that is applicable to all.
* 1) Corrected a copy/paste mistake
* Fixed a copy/paste bug
* The base syncd dockers follow a template, which defines the base docker as DOCKER_SYNCD_BASE instead of DOCKER_SYNCD_<platform code>. Fix the docker-syncd-<mlnx, bfn>.mk to use the new one.
[Yet to be tested locally]
* Fixed spelling mistake
* Enable build of dbg-sonic-broadcom.bin, which uses dbg-dockers in place of regular dockers, for dockers that build debug version. For dockers that do not build debug version, it uses the regular docker.
This debug bin is installable and usable in a DUT, just like a regular bin.
* Per review comments:
1) Share a single rule for final image for normal & debug flavors (e.g. sonic-broadcom.bin & sonic-broadcom-dbg.bin)
2) Put dbg as suffix in final image name.
3) Compared target/sonic-broadcom.bin.logs with & w/o fix to verify integrity of sonic-broadcom.bin
4) Compared target/sonic-broadcom.bin.logs with sonic-broadcom-dbg.bin.log for verification
This fix takes care of ONIE image only. The next PR will cover the rest.
The next PR, will also make debug image conditional with flag.
* Updated per comments.
Now that debug dockers are available, do not need a way to install debug symbols in regular dockers.
With this commit, when INSTALL_DEBUG_TOOLS=y is set, it builds debug dockers (for dockers that enable debug build) and the final image uses debug dockers. For dockers that do not enable debug build, regular dockers get used in the final image.
Note:
The debug dockers are explicitly named as <docker name>-dbg.gz. But there is no "-dbg" suffix for image.
Hence if you make two runs with and w/o INSTALL_DEBUG_TOOLS=y, you have complete set of regular dockers + debug dockers. But the image gets overwritten.
Hence if both regular & debug images are needed, make two runs, as one with INSTALL_DEBUG_TOOLS=y and one w/o. Make sure to copy/rename the final image, before making the second run.
Overall goal: Build debug images for every stretch docker.
An earlier PR (#2789) made the first cut, by transforming broadcom/orchagent to build target/docker-orhagent-dbg.gz.
Changes in this PR:
Made docker-orchagent build to be platform independent.
1.1) Created rules/docker_orchagent.mk
1.2) Removed platform//docker-orchagent-*.mk
1.3) Removed the corresponding entry from platform//rules.mk
Extended the debug docker image build to stretch based syncd dockers.
2.1) For now, only mellanox & barefoot are stretch based.
2.2) All the common variable definitions are put in one place platform/template/docker-syncd-base.mk
2.3) platform/[mellanox, bfn]/docker-syncd-[mlnx, bfn].mk are updated as detailed below.
2.3.1) Set platform code and include template base file
2.3.2) Add the dependencies & debug dependencies and any update over what base template offers.
Extended all stretch based non-platform dockers to build debug dockers too.
3.1) Affected are:
docker-database.mk,
docker-platform-monitor.mk,
docker-router-advertiser.mk,
docker-teamd.mk,
docker-telemetry.mk
Next: Build debug flavor of final images with regular dockers replaced with debug dockers where available.
* Updated Makefile infrastructure to build debug images.
As a sample, platform/broadcom/docker-orchagent-brcm.mk is updated to add a docker-orchagent-brcm-dbg.gz target.
Now "BLDENV=stretch make target/docker-orchagent-brcm-dbg.gz" will build the debug image.
This debug image can be used in any linux box to inspect core file. If your module's external dependency can be suitably mocked, you my even manually run it inside.
"docker run -it --entrypoint=/bin/bash e47a8fb8ed38"
You may map the core file path to this docker run.
* Dropped the regular binary using DBG_PACKAGES and a small name change to help readability.
* Tweaked the changes to retain the existing behavior w.r.t INSTALL_DEBUG_TOOLS=y.
When this change ('building debug docker image transparently') is extended to all dockers, this flag would become redundant. Yet, there can be some test based use cases that rely on this flag.
Until after all the dockers gets their debug images by default and we switch all use cases of this flag to use the newly built debug images, we need to maintain the existing behavior.
* [vm build] force Linux to drop cache before calling kvm
KVM need to allocate 2G memory for this build. The system memory might
be occupied by cache at the moment and doesn't have 2G chunk to give
out. Forcing Kernel to drop cache to boost the chance of getting 2G
memory.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [make] add option to enable/disable VS build memory preparation
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [docker-radvd]: upgrade docker radvd to stretch based
* install jinja>=2.10
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* install pip packages for testing sonic-utilities
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* set storage driver to vfs
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* [build]: put stretch debian packages under target/debs/stretch/
* in stretch build phase, all debian packages built in that stage are placed under target/debs/stretch directory.
* for python-based debian packages, since they are really the same for jessie and stretch, they are placed under target/python-debs directory.
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* Add missing timestamp in docker meta label tag value
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* add BUILD_NUMBER as well
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* Add Tag info to docker label meta data
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Move DIRTY_SUFFIX to sonic_get_version()
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
seen issues to build dockers using aufs in ubuntu 18.04
Immedidate dockers are exported to docker file and then
imported into sonic image. Thus, whether using vfs or aufs
as the storage driver does not matter for the immediate build.
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* [baseimage]: install picocom 3.1 in base image
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* add picocom to stretch build
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* fix slave.mk bug
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* Fix for bash's memory-leak
Memory leak is observed during the execution of scripts that make use of bash-arrays. In scenarios where the offending script is executed on a regular basis (e.g. fancontrol), the leaking process may end up consuming most of the system resources.
In this PR i'm replacing bash in all the contexts where it executes (both host and dockers). The official patch for this issue is here: https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-040
* Fixing minor issue during code-merge
Signed-off-by: Rodny Molina <rmolina@linkedin.com>
* [make] introducing new build option KERNEL_BUILD_METHOD
- Kernel could be built from source files with method 'build'
- Kernel could be downloaded from Azure storage with method 'download'
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* Replace BUILD with PROCURE
* fix typo
* Initial commit
* Add Ingrasys S9180-32X platform dirver.
Signed-off-by: Wade He <chihen.he@gmail.com>
* Add bfn.service for init barefoot.
Signed-off-by: Wade He <chihen.he@gmail.com>
* [Barefoot Beta] Add some functions and fixed some bugs.
1. Update sensors.conf.
2. Fixed IO expander init.
3. Fixed PSU EEPROM.
4. Fixed MB EEPROM.
5. Add fancontrol and fan init.
6. Add SYS LED control (sys, fan, fan tray).
7. 2.5V compute and setup max and min.
8. Fixed typo MB eeprom delete address.
9. Remove coretemp to BMC.
10. Add active CPLD.
11. Modify SFP+ GPIO slave address.
12. Modify tmp75 Near Port 32 slave address.
Signed-off-by: Wade He <chihen.he@gmail.com>
* Add bfn script in /etc/init.d/
Signed-off-by: Wade He <chihen.he@gmail.com>
* Add bfn service in debian
Signed-off-by: Wade He <chihen.he@gmail.com>
* Fixed CPLD switch LED behavior.
Signed-off-by: Wade He <chihen.he@gmail.com>
* [Barefoot Beta] Fixed sensors and hwmon order.
1. Fixed ignore sensors Vbat.
2. Reorg hwmon order.
Signed-off-by: Wade He <chihen.he@gmail.com>
* Fixed PSU1 and PSU2 EEPROM order.
Signed-off-by: Wade He <chihen.he@gmail.com>
* initial barefoot checkin october 2017
* update refpoint
* update refpoints
* update refpoints to bf-master
* update refpoint
* update refpoint to tested version
* change to platform from asic
* update refpoint for swss
* revert core creation setting
* update refpoints
* add telnet for debug shell
* update refpoints 11/17/17
* missed change in file on previous merge
* [CPLD] Fixed blink LED issue.
* Fixed blink LED mask set error.
Signed-off-by: Wade He <chihen.he@gmail.com>
* Update bf_kdrv.c for 6.0.2.39
* Update bf kernel driver
* Add bf_fun kernel module.
* Update bf_tun for fixed build error
* merge with Azure master (12/12/17)
* update swss refpoint
* update refpoint of swss
* library dependency for stack unroll
* update refpoint to bf-master
* [DHCP relay]: Fix circuit ID and remote ID bugs (#1248)
* [DHCP relay]: Fix circuit ID and remote ID bugs
* Set circuit_id_len after setting circuit_id_len to ip->name
* [Platform] Add Psuutil and update sensors.conf for S9100-32X, S8810-32Q and S9200-64X (#1272)
* Add I2C CPLD kernel module for psuutil.
* Support psuutil script.
* Add voltage min and max threshold.
* Update sensors.conf for tmp75.
Signed-off-by: Wade He <chihen.he@gmail.com>
* Allow multi platform support - infra (more changes to follow)
* update relative path to include platform for clarity
* [Platform] Add Ingrasys S9130-32X and S9230-64X with Nephos Switch ASIC for "branch 201712" (#1274)
- What I did
Add switch ASIC vendor: Nephos
Add Nephos platforms: Ingrasys S9130-32X, Ingrasys S9230-64X
- How I did it
Add platform/nephos files
Add platform/nephos/sonic-platform-modules-ingrasys submodule
Add device/ingrasys/x86_64-ingrasys_s9130_32x-r0 files
Add device/ingrasys/x86_64-ingrasys_s9230_64x-r0 files
Add SONiC to support Nephos platform
Update Head of submodule src/sonic-sairedis to "3b817bb"
- How to verify it
To build SONiC installer image and docker images, run the following commands:
make configure PLATFORM=nephos
make target/sonic-nephos.bin
Check system and network feature is worked as well
- Description for the changelog
Add switch ASIC vendor and platforms for Nephos
- A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: Sam Yang <yang.kaiyu@gmail.com>
* change source of files to github (from dropbox), update sairedis refpoint
* update refpoint of sairedis
* [centec] support CENTEC SAI 1.0 on 201712 branch and update e582-48x6q board (#1269)
* [marvel]: Marvell's updates for SONiC.201712 & SAI v1.0 (#1287)
* update sairedis (fast-boot refpoint)
* fix syncd rpc make files
* update refpoint to handle Makefile change (no functional change)
* [Marvell]: Add support for SLM5401-54x device (#1307)
* Marvell's updates for SONiC.201712 & SAI v1.0
* [Platform] Add Marvell's SLM5401-54x for branch 201712
* [Broadcom]: Update Boradcom SAI package to 3.0.3.3-3 (#1312) (#1321)
- update Arista 7050-QX32S config.bcm file
- update Accton th-as771*-32x100G.config.bcm files
* update refpoint for Makefile chnage in sairedis
* update refpoint - sairedis
* update sairedis to older refpoint till we debug clean build
* export asic platform for build
* update refpoint for makefiles
* [PLATFORM] Centec update E582 driver fan/epprom/sensor (#1332)
* Upload wnc-osw1800
* Modify for Barefoot suggest
* Revert bfn-platform.mk
* Update bfn-platform-wnc.mk
Update parameter name
* Update parameter name
* initial support for WNC platform
* change switch name to "switch"
* Delete bf modules for rel_7_0
* Add Ingrasys S9180 platform
Signed-off-by: Wade He <chihen.he@gmail.com>
* Modify bfnsdk for Ingrasys S9180 platform
Signed-off-by: Wade He <chihen.he@gmail.com>
* Resolved the conflict.
* Resolved the conflict.
* Update submodule path and url.
* Delete unused file.
* Update PSU GPIO and EEPROM for psuutil.
* Add psuutil in S9180-32X
Signed-off-by: Wade He <chihen.he@gmail.com>
* update refpoint
* update refpoint
* change contact email, update refpoint
* cleanup and update kernel modules
* updates based on review
* update refpoint
* update refpoint
* fix typo in config script to check for platforms
* remove stale file
* resolve conflicts
* cleanup diffs with Azure repo and update SDK debs
* update refpoints to Azure
* address review comments
* revert refpoint of swss-common
* porting the build fix from master
* porting build fix from master
* Minor Fix
* Minor fix
* Temp to sde deb packages url
* Update sonic - sairedis,swss & swss-common refpoints
* Update git modules url path to bfn repo
* updated paths for swss, swss-common & sairedis
* Update refpoint for sonic-swss to local bfn repo
* Update URL for downloading sde debian packages
* porting fix links of debian git server from master
* porting fix links of debian git server from master
* [Ingrasys] Add platform support for S9280-64X with Barefoot ASIC
* Update ref points for swss, swss-common and sairedis repos
* Add sonic platform scripts for bfn montara/maverick
* Call sh scripts instead of calling py scripts
* Address upstream PR Comments (#10)
* Update bf-master with azure/master
* Undo changes to some files
* Revert "Address upstream PR Comments (#10)"
This reverts commit a7fddb83ca.
* Address upstream comments (#11)
* Remove all non bfn specific changes from upstream PR
* Revert "Address upstream comments (#11)"
This reverts commit 559132103e.
* Undo non bfn changes
* Little more cleanup
* Add back code removed in merge
* export CONFIGURED_PLATFORM
* Update sairedis and swss refpoints
* Address Upstream PR comment
* change deb pkg dependency from 3.16.0-4-amd64 to 3.16.0-5-amd64
* Set default tx queue len for usb0 interface to 64
* Update sairedis refpoint
* Update swss ref point
* Add bfn buffer cfg files for montara/maverick as per new design
* Update buffer cfg templates for bfn montara
* add non zero size to buffer profile
* add macro to generate port lists
* Update buffer cfg templates for bfn mavericks
* add non zero size for buffer profiles
* add port generation macro
* Add missing psmisc package
* BGP docker seems to be missing killall utility being used by fast-reboot script. This is causing non graceful termination of BGP sessions.
Adding psmisc to resolve this issue.
* Update swss ref point
* Update swss ref point
* Update sairedis refpoint
* Update sairedis refpoint
* Update sairedis refpoint
* Update sairedis refpoint
* Update refpoint for sairedis and swss
* sairedis to azure master
* swss to latest bfn bf-master
* Update gitmodules
Update url for sairedis to azure master
* Correct typo in bfn platform script
* Update swss and sairedis ref points
* Update swss ref point
* Address Review comments
* Update swws path in gitmodules to azure master
* update swss refpoint
* update base docker j2 file -remove psmisc package (could be a concern, would cause fast reboot to not work correctly will fix in another PR)
* Fix sairedis refpoint broken in by previous merge
* Remove psmisc from docker base image
* This will break fast reboot as killall is required for killing bgp process and initiating graceful termination of BGP session.
Will fix this in a seperate PR. Need this for SONIC upstreaming
* Address upstream comments
* Remove bmc interface from interface jinja template and sample output interfaces file
* Add bmc interface at boot time to network interfaces for bfn bmc based platforms
* Remove autogen ingrasys debian files
* Revert "Remove autogen ingrasys debian files"
* Buffer and qos config template fix for bfn platforms (#21)
SWI-1509 Buffer and qos config template fix for bfn platforms
* Fix qos config files for montara & mavericks (#22)
* Reference only ppg 3,4 in qos files as no profiles are attached to 0,1 in buffer configs
* Fix vs test (#23)
* Use MAC from EEPROM for PortChannels
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
* Use MAC from EEPROM in DEVICE_METADATA
Will affect MAC for VLAN interfaces
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
* Get MAC via decode-syseeprom
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
* hw-management is now a service
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
* Add error handling for MAC fetch process
Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
* [slave.mk]: Fix displaying username and password in build summary
We display contents of DEFAULT_USERNAME and DEFAULT_PASSWORD, while
image can be build with USERNAME and/or PASSWORD given on make(1)
command line. For example:
$ make USERNAME=adm PASSWORD=mypass target/sonic-broadcom.bin
Fix by displaying USERNAME and PASSWORD variables in build summary.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
* [baseimage]: Improve default user account handling
There are couple of issues with current implementation of default
user account management in baseimage:
1) It uses DES to encrypt accounts password. Furthermore this
effectively limits password length to 8 symbols, even if more
provided with PASSWORD or DEFAULT_PASSWORD from rules/config.
2) Salt value for password is same on all builds even with different
password increasing attack surface.
3) During the build process password passed as command line parameter
either as plain text (if given to make(1) as "make PASSWORD=...")
or DES encrypted (if given to build_debian.sh) can be seen by
non-build users using /proc/<pid>/cmdline file that has group and
world readable permissions.
Both 1) and 2) come from:
perl -e 'print crypt("$(PASSWORD)", "salt"),"\n"')"
that by defalt uses DES if salt does not have format $<id>$<salt>$,
where <id> is hashing function id. See crypt(3) for more details on
valid <id> values.
To address issues above we propose following changes:
1) Do not create password by hands (e.g. using perl snippet above):
put this job to chpasswd(8) which is aware about system wide
password hashing policy specified in /etc/login.defs with
ENCRYPT_METHOD (by default it is SHA512 for Debian 8).
2) Now chpasswd(8) will take care about proper salt value.
3) This has two steps:
3.1) For compatibility reasons accept USERNAME and PASSWORD as
make(1) parameters, but warn user that this is unsafe.
3.2) Use process environment to pass USERNAME and PASSWORD variables
from Makefile to build_debian.sh as more secure alternative to
passing via command line parameters: /proc/<pid>/environ
readable only by user running process or privileged users like
root.
Before change:
--------------
hash1
-----
# u='admin'
# p="$(LANG=C perl -e 'print crypt("YourPaSs", "salt"),"\n"')"
^^^^^^^^
8 symbols
# echo "$u:$p" | chpasswd -e
# getent shadow admin
admin:sazQDkwgZPfSk:17680:0:99999:7:::
^^^^^^^^^^^^^
Note the hash (DES encrypted password)
hash2
-----
# u='admin'
# p="$(LANG=C perl -e 'print crypt("YourPaSsWoRd", "salt"),"\n"')"
^^^^^^^^^^^^
12 symbols
# echo "$u:$p" | chpasswd -e
# getent shadow admin
admin:sazQDkwgZPfSk:17680:0:99999:7:::
^^^^^^^^^^^^^
Hash is the same as for "YourPaSs"
After change:
-------------
hash1
-----
# echo "admin:YourPaSs" | chpasswd
# getent shadow admin
admin:$6$1Nho1jHC$T8YwK58FYToXMFuetQta7/XouAAN2q1IzWC3bdIg86woAs6WuTg\
^^^^^^^^
Note salt here
ksLO3oyQInax/wNVq.N4de6dyWZDsCAvsZ1:17681:0:99999:7:::
hash2
-----
# echo "admin:YourPaSs" | chpasswd
# getent shadow admin
admin:$6$yKU5g7BO$kdT02Z1wHXhr1VCniKkZbLaMPZXK0WSSVGhSLGrNhsrsVxCJ.D9\
^^^^^^^^
Here salt completely different from case above
plFpd8ksGNpw/Vb92hvgYyCL2i5cfI8QEY/:17681:0:99999:7:::
Since salt is different hashes for same password different too.
hash1
-----
# LANG=C perl -e 'print crypt("YourPaSs", "\$6\$salt\$"),"\n"'
^^^^^
We want SHA512 hash
$6$salt$qkwPvXqUeGpexO1vatnIQFAreOTXs6rnDX.OI.Sz2rcy51JrO8dFc9aGv82bB\
yd2ELrIMJ.FQLNjgSD0nNha7/
hash2
-----
# LANG=C perl -e 'print crypt("YourPaSsWoRd", "\$6\$salt\$"),"\n"'
$6$salt$1JVndGzyy/dj7PaXo6hNcttlQoZe23ob8GWYWxVGEiGOlh6sofbaIvwl6Ho7N\
kYDI8zwRumRwga/A29nHm4mZ1
Now with same "salt" and $<id>$, and same 8 symbol prefix in password, but
different password length we have different hashes.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
* SONiC system telemetry Support
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Update package name from telemetry to sonic-telemetry
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
Python packages, having their version changed, will fail to build
because deb_dist directory contains both build directories for old and
new version, and (for some uncleaer reason) debian utilities don't know
which one to choose.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Fix build of libsaithrift for broadcom
* Restore libsaithrift-dev building
* Comment out libsaithrift library on cavium and marvell. Both of them have old SAI drivers
* Revert back unintentional acton changes
* Don't run the package checks when building sairedis package
* Add switch ASIC vendor and platforms for Nephos
- What I did
Add switch ASIC vendor: Nephos
Add Nephos platforms: Ingrasys S9130-32X, Ingrasys S9230-64X
- How I did it
Add platform/nephos files
Add platform/nephos/sonic-platform-modules-ingrasys submodule
Add device/ingrasys/x86_64-ingrasys_s9130_32x-r0 files
Add device/ingrasys/x86_64-ingrasys_s9230_64x-r0 files
Add SONiC to support Nephos platform
- How to verify it
To build SONiC installer image and docker images, run the following commands:
make configure PLATFORM=nephos
make target/sonic-nephos.bin
Check system and network feature is worked as well
- Description for the changelog
Add switch ASIC vendor and platforms for Nephos
- A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: Sam Yang <yang.kaiyu@gmail.com>
* Advance sonic-sairedis submodule to include #271 (Add Nephos ASIC)
* asyncsnmp depends on sonic-utilities so it is possible to import sonic_psu
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
* Ignore sonic_utilities test during build
* [TACACS+]: Add support for TACACS+ Authentication
* pam_tacplus - A TACACS+ protocol client library and PAM module to
supports core TACACS+ functions for AAA.
* nss_tacplus - A NSS plugin for TACACS+ to extend function getpwnam,
make the TACACS+ authenticated user which is not found in local
could login successfully.
* Add make rules for pam_tacplus and install script
* Add a patch for pam_tacplus to disable pam-auth-update pam-tacplus
by default
* Add a patch for pam_tacplus to inlucde and build nss_tacplus
Signed-off-by: chenchen.qcc@alibaba-inc.com
* [TACACS+]: Add nss-tacplus as a separate src repo
* Separate nss-tacplus from pam-tacplus, modify tacacs.mk and
makefile, add a patch to adapt to the new user map profile.
* Use the lastest stable version for pam-tacplus, add a dependent
package in sonic-salve, add two patches to fix build error.
* Add scripts to disable tacplus by default.
* Remove hostcfgd service file
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
* [TACACS+]: Fix nss-tacplus filter some valid TACACS+ username
* The NAME_REGEX for username check in plugin nss-tacplus is
the ANSI version "^[0-9a-zA-Z_-\ ]*$", but the regular expression
in /etc/adduser.conf is not defined as ANSI version. To avoid
nss-tacplus filter some valid TACACS+ username, remove username
check.
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
1. _INSTALLS defines the packages to be installed in the image
at the build time.
2. _LAZY_INSTALLS defines the packages to be installed in the image
at the first run time
3. _DEPENDS defines the packages to at the build dependency of
the image
* [build]: sonic-utilities package now depends on swsssdk; add build dependency
* Now building sonic-utilities Python package in wheel format
* Update sonic-utilities submodule
* Change output wheel name to match proper format
* Add timestamp suffix to the dirty images version string
This will allow to build different debug images without
having to update BUILD_NUMBER variable before the build
* Changed timestamp format to YYYYMMDD.HHMMSS
* Framework to plugin Organization specific scripts
* Framework to plugin Organization specific scripts
* Framework to plugin Organization specific scripts
* add getopt option to organization script
* Bump sonic-platform-modules-arista submodule
* Allow image specific mount option for containers
* Add led plugin for DCS-7060CX-32S
* Add led plugin for DCS-7260CX3-64
Print current build configuration before run
Update screen with currently running targets (only available if TERM is
available)
Change format of printed targets
Signed-off-by: marian-pritsak <marianp@mellanox.com>
By default, wget tries to use timestamp received from the server. This
behavior messes up make dependencies which are also based on last
modification time. In order to avoid this, we use the current time as a
timestamp to keep dependencies in correct order.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* [config]: Add SONIC_CONFIG_MAKE_JOBS
This config option allows user to specify -j value that will be passed
to each package build.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* [bgp] Save admin state and set default state to shutdown
* Set default behavior to no shutdown
* Add build option SHUTDOWN_BGP_ON_START
* Script change for default admin state to be on
* Address CR comments to bgp_neighbor script
* Fix script bug
ENABLE_SYNCD_RPC should be initialized before all recipes are included
in order for them to be able to use this variable
Signed-off-by: marian-pritsak <marianp@mellanox.com>
Under rules/config now there's additional configuration option
ENABLE_SYNCD_RPC that allows building SONIC installer with
docker-syncd-*-rpc for evaluation purposes.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
- Extending SONiC building infrastructure to provide users
with greater flexibility, by allowing them to elect a
routing-stack different than the default one (quagga). The desired
routing-stack will be defined in rules/config file.
- As part of these changes I'm adding support for
Free-Range-Routing (FRR) stack. Quagga will continue to be
the default routing-stack.
Signed-off-by: Rodny Molina <rodny@linkedin.com>
* [build]: Include SONiC version into installer.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Append dirty if contains local changes
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* Update config
* Use correct name for kernel version field
* Update sysDescription.j2
* [base image]: Install SwSS SDK Python packages (Python 2 & 3) into base image
* Fix typo in existing variable name
* Only install Python 2 version, as Python 3 is not installed in base image