* [caclmgrd] Heuristically determine whether ACL is IPv4 or IPv6, use iptables/ip6tables accordingly
* Check all rules in table until we find one with a SRC_IP
* Revert "[serial watchdog] remove serial watchdog service dependency to rc.local (#1752)"
* Revert "[service] introducing serial port watchdog service (#1743)"
* [serial watchdog] remove serial watchdog service dependency to rc.local
When restarting this service in rc.local, the dependency causes an error
in syslog. Removing the dependency to mute the error log entry.
* remove lines with empty inputs
* [rc.local] refactor platform identification code to separate function
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [rc.local] infrastructure to take action according to installer.conf
* [serial port watchdog] add service to watch serial port processes
Monitor serial port processes. Kill ones stuck for too long.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [rc.local] start watchdog on serial port specified by installer.conf
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [fast-reboot]: support encoded & gzipped minigraph in fast reboot
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* add acl.json and snmp.yml into fast-reboot
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* Fix tcpdmatch dependency
Issue: sonic_debian_extension.j2 uses tcpdmatch from src folder
which is result of libwrap build
Fix: added tcpd.deb to build results and extract required files
from build results
* Install libwrap0 and tcpd deb packages
cfggen generates new eth0 configuration. Need to first
clean existing configuration on eth0 before bring up
new configuration on eth0. Thus, we need to first bring
down eth0 before putting new configuration into /etc/network/
interfaces
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* SONiC system telemetry Support
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Update package name from telemetry to sonic-telemetry
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
commit 0965b33 added quote to build_version in /etc/sonic/sonic_version.yml,
e.g., sonic_version : '20170104.10'. scripts to use the $sonic_version need
to remove the quote.
Signed-off-by: Guohan Lu <gulv@microsoft.com>
- Service unit file not getting generated because I changed the docker
container name from 'router_advertiser' to 'radv', however I didn't
rename the service unit file template name to match. However,
slave.mk generates a service file for every docker based on its
container name, and since there was no matching 'radv.service.j2'
template file, this file stopped getting generated and therefore
the docker container was never getting started.
- Also add swss.service to 'Requires'
- Move all minigraph-related action from rc.local to updategraph
- updategraph service is now after database. All feature services are now after and depending on updategraph
* Support OS9 -> SONiC fast-reboot migration
* Address review comments. Update NOS mac in EEPROM and net.rules for eth0
* Address review comments. Update sonic-platform-modules-dell to fac81d...
* Fix script for POSIX compliance
Now properly differenciate the image installation and the kexec
operations. This is useful for fast-reboot operations.
Minor updates include
- better command line management
- using partition UUID in the command line
* [sonic build] Define folder macro for target folder /usr/sonic/share/templates
* [sonic-cfggen] allow templates to include from common folders
- Allow templates to include files under /usr/share/sonic/templates
- Allow templates to include files in the same folder as the root template
* [Buffer config] install the buffer configuration template
* [Arista7260cx3] Add buffer configuration for Arista7260CX3 T0 topology
- pg profile look up table is incomplete. Currently contains T0 default
values.
* [Arista7260cx3] Adding QoS configuration
* Address review comments
1. Stop generating ingress pg configuration for lossless pgs.
2. Stop putting ports into speed sets, put all ports in one set.
3. Remove ingress lossless profiles.
4. Added some tailing '-' back to remove leading spaces.
* Reduce SONiC migration partition from 8G to 1G.
* Changes to create 1G partition with ability to resize post migration.
* Remove redundant changes in varlog
* Use findfs to interpret root. Move resize in case cmdline params are reordered
- What I did
Updating SDK version from 3.16.0-4 to 3.16.0-5
- How I did it
Updating SDK version in files/build_templates/swss.service.j2
- How to verify it
Checking command "config load_minigraph" without errors
- Description for the changelog
Updating SDK version from 3.16.0-4 to 3.16.0-5 in swss.service.j2
- A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: Sam Yang <yang.kaiyu@gmail.com>
* Upgrade linux-image version
* Add missing dependency of igb
* Fix mft build rule
* Add missing dependency of ixgbe
* [Broadcom]: Update OpenNSL modules to be compatible with kernel 3.16.0-5 (#3)
* [Nephos] Update SDK version to support new kernel module 3.16.0-5 (#4)
* [mellanox]: Update URL for SDK (#5)
When teamd service restarted, the port channels will be recreated.
Dhcp relay service needs to be restarted after that to listen on the
right port channels.
* Add switch ASIC vendor and platforms for Nephos
- What I did
Add switch ASIC vendor: Nephos
Add Nephos platforms: Ingrasys S9130-32X, Ingrasys S9230-64X
- How I did it
Add platform/nephos files
Add platform/nephos/sonic-platform-modules-ingrasys submodule
Add device/ingrasys/x86_64-ingrasys_s9130_32x-r0 files
Add device/ingrasys/x86_64-ingrasys_s9230_64x-r0 files
Add SONiC to support Nephos platform
- How to verify it
To build SONiC installer image and docker images, run the following commands:
make configure PLATFORM=nephos
make target/sonic-nephos.bin
Check system and network feature is worked as well
- Description for the changelog
Add switch ASIC vendor and platforms for Nephos
- A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: Sam Yang <yang.kaiyu@gmail.com>
* Advance sonic-sairedis submodule to include #271 (Add Nephos ASIC)
snmp.service needs to read chassis serial number for one of its mibs.
We save this value in state DB so that it is accessible from container.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* [TACACS+]: Add configDB enforcer for TACACS+
* hostcfgd - configDB enforcer for TACACS+, listen configDB to
modify the pam configuration for Authentication in host
* Add a service script for hostcfgd
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
* [TACACS+]: Generate conf file by template file
* Generate common-auth-sonic and tacplus_nss.conf by jinja2 template
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
* [TACACS+]: Add support for TACACS+ Authentication
* pam_tacplus - A TACACS+ protocol client library and PAM module to
supports core TACACS+ functions for AAA.
* nss_tacplus - A NSS plugin for TACACS+ to extend function getpwnam,
make the TACACS+ authenticated user which is not found in local
could login successfully.
* Add make rules for pam_tacplus and install script
* Add a patch for pam_tacplus to disable pam-auth-update pam-tacplus
by default
* Add a patch for pam_tacplus to inlucde and build nss_tacplus
Signed-off-by: chenchen.qcc@alibaba-inc.com
* [TACACS+]: Add nss-tacplus as a separate src repo
* Separate nss-tacplus from pam-tacplus, modify tacacs.mk and
makefile, add a patch to adapt to the new user map profile.
* Use the lastest stable version for pam-tacplus, add a dependent
package in sonic-salve, add two patches to fix build error.
* Add scripts to disable tacplus by default.
* Remove hostcfgd service file
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
* [TACACS+]: Fix nss-tacplus filter some valid TACACS+ username
* The NAME_REGEX for username check in plugin nss-tacplus is
the ANSI version "^[0-9a-zA-Z_-\ ]*$", but the regular expression
in /etc/adduser.conf is not defined as ANSI version. To avoid
nss-tacplus filter some valid TACACS+ username, remove username
check.
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
If device MAC is added to init_cfg.json, it has to be done using
intermediate file. We cannot redirect to same file while trying to read
from it because it will be truncated first.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* [init]: save the initial switch mac to config db
Save the initial switch mac to config db DEVICE_METADATA|localhost entry.
* update sonic-swss submodule
* Add support for vlanconfd and intfconfd
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Change name to vlanmgrd and intfmgrd
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Add missing vlan_members for parse_dpg result
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Remove cfgmgr debug CLI from image
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Update swss and swss-common submodules for VLAN trunk support
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Bump sonic-platform-modules-arista
Improves i2c performance for xcvrs
Fix the led_plugin by ignoring unknown ports
Miscellaneous improvements
* Fix index column for Arista-7260CX3-D108C8
* Fix flash permissions for Arista platforms
The ext4 flash uses acl to properly handle permissions in EOS.
Aboot isn't built with this support and therefore can't be used
to set the flash permissions. It has to be deferred in sonic initrd.
* [Arista]: Fix the udev waiting in networking start
This change is to fix the issue in https://github.com/aristanetworks/sonic/issues/16
For the checking condition used, it is only applied to Arista switches
Signed-off-by: Boyang Yu <byu@arista.com>
* [Arista]: Correct for PR comments
Signed-off-by: Boyang Yu <byu@arista.com>
When updategraph service is enabled, a special value 'default'
from DHCP response will now initialize the system with an empty
configuration instead of existing minigraph.
A DHCP response without option 224 will remain the current behavior
of skipping graph update and use existing default minigraph.
* [build]: sonic-utilities package now depends on swsssdk; add build dependency
* Now building sonic-utilities Python package in wheel format
* Update sonic-utilities submodule
* Change output wheel name to match proper format
* Framework to plugin Organization specific scripts
* Framework to plugin Organization specific scripts
* Framework to plugin Organization specific scripts
* add getopt option to organization script
Existing dockers has paths mounted according to the HWSKU. When HWSKU
changes, these dockers need to be destroyed and recreated with the
correct paths mounted.
Modify minigraph parser output format so it fit DB schema
Modify configuration templates to fit new schema
Systemd services dependencies are modified so database starts before any configuration consumer
* [rsyslog]: Use timegenerated instead of timestamp
This is useful when rsyslog is used to put markers generated on other machines.
This way all messages will have a timestamp from a single system.
* [rsyslog] Use subseconds from local machine
moving to initramfs unifies disk allocate on different platforms.
use fallocate instead of dd to speed up the disk allocation.
By default, mkfs.ext4 has -E discard option which discards the blocks
at the mkfs time, also speed up the initialization time.
1. "make target/sonic-broadcom.raw" will create the compressed dd'able image.
2. This will also update the grub config files (device/dell/*/nos_to_sonic_grub.cfg) with the image versions.
- Force log rotation at size thresholds only (no longer also rotating logs daily), allowing for more consistent archived log size
- Eliminate remaining duplicate log messages
- Cron facility now only logs to cron.log (was also logging to syslog)
- Debug, mail, news and user log facilities only log to syslog; no longer creating separate log files for these facilities
- Cron job that calls logrotate every minute now uses the main /etc/logrotate.conf file so as to check/rotate all logs every minute, not just the logs specified in the rsyslog file. Also redirecting output of this command to /dev/null to prevent "(CRON) info (No MTA installed, discarding output)" messages in cron.log due to lack of a mail service
- Delete archive files based on remaining /var/log partition space. Note that this solution currently requires a minimum /var/log partition size of 32MB to function correctly
- Update sonic-sairedis and sonic-swss submodules to incorporate recording file name changes
- Add .screen file to .gitignore (unrelated)
* [cfggen] Support reading from and writing to configdb
* [bgp] Move bgp_admin_state to configdb, support dynamic admin state change
* [sonic-utilities] Adapt configDB for admin status, support config save and config load
* [bgp] Save admin state and set default state to shutdown
* Set default behavior to no shutdown
* Add build option SHUTDOWN_BGP_ON_START
* Script change for default admin state to be on
* Address CR comments to bgp_neighbor script
* Fix script bug
* Bump sonic-platform-modules-arista submodule
* Use sonic_sfputil plugin from the arista library
* Fix undefined variable varlog_size
* Prevent minigraph.xml to be removed from the flash
* Update DCS-7050QX-32 sensors config
If routes are inserted in main table, they wont' be overwritten
by the routes learned via BGP. Then the routes will be missing
from the ASIC.
Thus a default table is used so that control plane and data plane
routes are isolated and could be configured independently.
- Now that logrotate is a cron job that runs every minute, it was polluting syslog
- Also shrink max size of less-important logs to 50MB and rotate them daily by default
* [rc.local]: Copy saved minigraph if available.
In case of sonic-to-sonic update old image stores minigraph under /host
directory. Upon first boot this minigraph will be used by new image to
save configuration.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
- rsyslog logs were being rotated regardless of whether they exceeded their maixmum size. This was due to "-f" flag passed to logrotate in cron job.
- After rotation, /var/log/syslog was never written to again. Instead, logs were written to /var/log/syslog.1. This was due to rsyslog not properly closing the file descriptor to the pre-rotated log.
- Also brought back time-related rotation via the new(er) maxsize option, which performs a boolean OR operation. If the log exceeds the maxsize OR the log hasn't been rotated in the specified, it will be rotated. Using the older size option, the time-based rotation was ignored.
- Also addresses issue #528
* Rename 'ACSFileFormat' -> 'SONiCFileFormat'
* Rename '00-acs.conf' -> '00-sonic.conf'
* Add logrotate.d and systemd-journald config files to image
* Log all SONiC process messages to /var/log/syslog; prevent duplicate logging to /var/log/messages
* Do not redirect cron and daemon logs to their own files, let them log to /var/log/syslog
* Log all teamd messages to /var/log/teamd.log; Add more SONiC program names to SONiC rules clause
* Remove duplicate code by condensing quagga programs into a list; Fix teamd log rule
* Kernel and LPR messages no longer getting duplicated to their own log files
* Now calling logrotate every minute via cron job
* Need full path to logrotate in cron job
* Add '.log' suffix to wildcards, otherwise logrotate will rotate already-rotated logs (e.g., bgpd.log.1.1.1.1.1...)
* Add microsecond granularity to syslog messages
* Don't overwrite system crontab, instead, install additional logrotate crontab file into /etc/cron.d
* Removed incomplete concept of per-process SONiC logs. We can revisit again later
* [device]: Add support for Mellanox MSN2410
MSN2410 runs on Spectrum silicon and has 56 ports:
48 25GbE and 8 100GbE
* Avoid full path within bash -c
Signed-off-by: marian-pritsak <marianp@mellanox.com>
- Do not bring up LAG member ports when LAG is not created.
This is because LAG member ports must be DOWN when joining
the teamd instances due to teamd design. Therefore, we cannot
bring up a LAG member port first and then join the port to a LAG.
Signed-off-by: Shuotian Cheng <shuche@microsoft.com>
