Commit Graph

91 Commits

Author SHA1 Message Date
byu343
ecf5c8d311 ssh and snmp allow list (#1363)
- Service ACL framework for Arista platforms
2018-02-08 17:43:52 -08:00
Joe LeVeque
134707f822
Move platform-specific hardware plugin base packages to sonic-platform-common submodule (#1301) 2018-01-17 17:11:31 -08:00
Joe LeVeque
0fffa6c63b
Add caclmgrd and related files to translate and install control plane ACL rules (#1240) 2018-01-09 17:55:10 -08:00
lguohan
15d433d975
[build]: allow to use http(s) proxy in the build (#1265)
* allow to use http(s) proxy in the build

To enable this, use following command
http_proxy=[your_proxy] https_proxy=[your_proxy] make
2017-12-23 23:34:15 -08:00
Liuqu
dce6d3536b [TACACS+]: Add configDB enforcer for TACACS+ (#1214)
* [TACACS+]: Add configDB enforcer for TACACS+

* hostcfgd - configDB enforcer for TACACS+, listen configDB to
  modify the pam configuration for Authentication in host
* Add a service script for hostcfgd

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>

* [TACACS+]: Generate conf file by template file

* Generate common-auth-sonic and tacplus_nss.conf by jinja2 template

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
2017-12-12 03:45:44 -08:00
Liuqu
8383b1f256 [TACACS+]: Add support for TACACS+ Authentication (#1019)
* [TACACS+]: Add support for TACACS+ Authentication

* pam_tacplus - A TACACS+ protocol client library and PAM module to
  supports core TACACS+ functions for AAA.
* nss_tacplus - A NSS plugin for TACACS+ to extend function getpwnam,
  make the TACACS+ authenticated user which is not found in local
  could login successfully.

* Add make rules for pam_tacplus and install script
* Add a patch for pam_tacplus to disable pam-auth-update pam-tacplus
  by default
* Add a patch for pam_tacplus to inlucde and build nss_tacplus

  Signed-off-by: chenchen.qcc@alibaba-inc.com

* [TACACS+]: Add nss-tacplus as a separate src repo

* Separate nss-tacplus from pam-tacplus, modify tacacs.mk and
  makefile, add a patch to adapt to the new user map profile.
* Use the lastest stable version for pam-tacplus, add a dependent
  package in sonic-salve, add two patches to fix build error.
* Add scripts to disable tacplus by default.
* Remove hostcfgd service file

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>

* [TACACS+]: Fix nss-tacplus filter some valid TACACS+ username

* The NAME_REGEX for username check in plugin nss-tacplus is
  the ANSI version "^[0-9a-zA-Z_-\ ]*$", but the regular expression
  in /etc/adduser.conf is not defined as ANSI version. To avoid
  nss-tacplus filter some valid TACACS+ username, remove username
  check.

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
2017-12-07 03:36:17 -08:00
Taoyu Li
617b3e43b1
Add service to config hostname based on configdb (#1174) 2017-11-22 14:36:25 -08:00
byu343
d7d6c41184 [Arista]: Fix the udev waiting in networking start (#1093)
* [Arista]: Fix the udev waiting in networking start

This change is to fix the issue in https://github.com/aristanetworks/sonic/issues/16
For the checking condition used, it is only applied to Arista switches

Signed-off-by: Boyang Yu <byu@arista.com>

* [Arista]: Correct for PR comments

Signed-off-by: Boyang Yu <byu@arista.com>
2017-10-30 18:04:40 -07:00
lguohan
dc0f3ceb5c add version tag for the docker images (#1021)
docker images are also tagged with the same image version.
2017-10-08 02:10:14 -07:00
Joe LeVeque
8a305ce9c9 [sonic-utilities]: Build as Debian package once again (revert change to wheel) (#1018) 2017-10-06 12:46:47 -07:00
Joe LeVeque
1cd9818fe9 [build]: sonic-utilities package depends on swsssdk; build as wheel and add build dependency (#1011)
* [build]: sonic-utilities package now depends on swsssdk; add build dependency

* Now building sonic-utilities Python package in wheel format

* Update sonic-utilities submodule

* Change output wheel name to match proper format
2017-10-04 19:50:39 -07:00
Oleksandr Ivantsiv
7c75030cea [mlnx-fw-upgrade]: Define required FW version in build time. (#902)
- Do not query required FW from file.
2017-08-22 08:08:07 -07:00
Joe LeVeque
9d5adb993a [System logs]: Improvements to prevent filling /var/log partition (#865)
- Force log rotation at size thresholds only (no longer also rotating logs daily), allowing for more consistent archived log size
- Eliminate remaining duplicate log messages
- Cron facility now only logs to cron.log (was also logging to syslog)
- Debug, mail, news and user log facilities only log to syslog; no longer creating separate log files for these facilities
- Cron job that calls logrotate every minute now uses the main /etc/logrotate.conf file so as to check/rotate all logs every minute, not just the logs specified in the rsyslog file. Also redirecting output of this command to /dev/null to prevent "(CRON) info (No MTA installed, discarding output)" messages in cron.log due to lack of a mail service
- Delete archive files based on remaining /var/log partition space. Note that this solution currently requires a minimum /var/log partition size of 32MB to function correctly
- Update sonic-sairedis and sonic-swss submodules to incorporate recording file name changes
- Add .screen file to .gitignore (unrelated)
2017-08-10 16:24:57 -07:00
Taoyu Li
a2fe0212be [ConfigDB] Move all BGP configuration into DB (#861)
- BGP data read from minigraph.py now match DB schema
- BGP templates are updated
- bgpcfgd can now deal with runtime neighbor create/delete
2017-08-08 16:23:58 -07:00
Taoyu Li
b6efe438b5 Introduce ConfigDB (#808)
* [cfggen] Support reading from and writing to configdb
* [bgp] Move bgp_admin_state to configdb, support dynamic admin state change
* [sonic-utilities] Adapt configDB for admin status, support config save and config load
2017-08-01 19:02:00 -07:00
Oleksandr Ivantsiv
382d52843f [mellanox]: Move FW upgrade script to base image. (#849)
- Download files to target/files directory (instead of target/debs)
- Clean python-weels log files
2017-07-28 10:57:51 -07:00
Joe LeVeque
f49cac086f Remove extra trailing newlines at EOF (#804)
Files now end with a single newline
2017-07-12 20:54:37 -07:00
sihuihan88
3268946de5 [BGPD]: add bgp dynamic neighbor configuration (#708)
* add bgp dynamic neighbor configuration

* [bgpd]: update as comments

* update as comment

* update to deployment_id_asn_map

* minor change
2017-06-21 18:52:50 -07:00
Taoyu Li
5e6620e19e [bgp] Save bgp admin state (#690)
* [bgp] Save admin state and set default state to shutdown

* Set default behavior to no shutdown

* Add build option SHUTDOWN_BGP_ON_START

* Script change for default admin state to be on

* Address CR comments to bgp_neighbor script

* Fix script bug
2017-06-12 11:05:22 -07:00
lguohan
147b89fa43 [sonic-utilities]: update sonic-utilities to use redis-load-dump to dump redis db data (#530) 2017-04-25 11:07:54 -07:00
Joe LeVeque
6c202919b3 [System logs]: Eliminate duplicate log messages and attempt rotation more frequently (#520)
* Rename 'ACSFileFormat' -> 'SONiCFileFormat'

* Rename '00-acs.conf' -> '00-sonic.conf'

* Add logrotate.d and systemd-journald config files to image

* Log all SONiC process messages to /var/log/syslog; prevent duplicate logging to /var/log/messages

* Do not redirect cron and daemon logs to their own files, let them log to /var/log/syslog

* Log all teamd messages to /var/log/teamd.log; Add more SONiC program names to SONiC rules clause

* Remove duplicate code by condensing quagga programs into a list; Fix teamd log rule

* Kernel and LPR messages no longer getting duplicated to their own log files

* Now calling logrotate every minute via cron job

* Need full path to logrotate in cron job

* Add '.log' suffix to wildcards, otherwise logrotate will rotate already-rotated logs (e.g., bgpd.log.1.1.1.1.1...)

* Add microsecond granularity to syslog messages

* Don't overwrite system crontab, instead, install additional logrotate crontab file into /etc/cron.d

* Removed incomplete concept of per-process SONiC logs. We can revisit again later
2017-04-21 08:22:44 -07:00
Marian Pritsak
6dbe979e5f [build]: Include SONiC version into installer. (#472)
* [build]: Include SONiC version into installer.

Signed-off-by: marian-pritsak <marianp@mellanox.com>

* Append dirty if contains local changes

Signed-off-by: marian-pritsak <marianp@mellanox.com>

* Update config

* Use correct name for kernel version field

* Update sysDescription.j2
2017-04-05 16:14:41 -07:00
Joe LeVeque
b7d2009b14 [base image]: Install SwSS SDK Python 2 package into base image (#461)
* [base image]: Install SwSS SDK Python packages (Python 2 & 3) into base image

* Fix typo in existing variable name

* Only install Python 2 version, as Python 3 is not installed in base image
2017-04-03 23:56:15 -07:00
Nadiya
6f04867954 [oneimage] Add cavium packet driver (#469)
* [oneimage] Add cavium packet driver

Signed-off-by: Nadiya.Stetskovych <Nadiya.Stetskovych@cavium.com>

* Rename cavm_platform_modules.mk and cavm_xpnet.mk to fit naming convetion

Signed-off-by: Nadiya.Stetskovych <Nadiya.Stetskovych@cavium.com>

* Allow dpkg -i for cavm_xpnet

Signed-off-by: Nadiya.Stetskovych <Nadiya.Stetskovych@cavium.com>
2017-04-03 19:13:29 -07:00
Shuotian Cheng
e2cc409f8a [database]: Mount /var/run/redis/ folder from host for all dockers (#418)
- Create /var/run/redis/ folder on the host
- Install Python client for Redis on the host
- Mount /var/run/redis/ as read/write from host for all dockers
- Enable accessing the database everywhere including on the host and from remote

Signed-off-by: Shuotian Cheng <shuche@microsoft.com>
2017-03-23 12:18:52 -07:00
Taoyu Li
3643281594 [cfggen] Add tool to translate openconfig acl into sonic format (#388)
* Build sonic-config-engine as whl instead of deb package
* Add tool to translate openconfig acl into sonic format
2017-03-17 14:51:42 -07:00
Taoyu Li
bd6bf1ff9a [config] [oneimage & dhcp relay docker] Move ntp, rsyslog, and dhcp server information into minigraph (#374)
Move DHCP, rsyslog, and NTP server information into minigraph


* Fix dhcp relay template according to CR
2017-03-06 12:41:26 -08:00
Oleksandr Ivantsiv
ba0f19ad54 [build_debuian]: Fix issue #267 (docker connect failure). (#365) 2017-03-03 02:26:44 -08:00
Qi Luo
d3891a2a42 Keep pip in the debian image (#356) 2017-03-02 16:04:18 -08:00
Joe LeVeque
4eb549d36f [sonic_cli]: Fix bash completion for 'show' command (#355) 2017-03-02 12:17:04 -08:00
lguohan
0ed9b3ce28 [platform]: remove sku from build parameter (#350)
different sku will be contained in a single one sonic image.
no longer need to specify sku at the build time
2017-03-01 17:05:13 -08:00
Marian Pritsak
a8776033bf Merge swss and syncd into single service (#334)
Current implementation of swss and syncd causes a lot
of problems in terms of dependencies and synchronization.
Instead of handling them in separate services, we now
start and stop them both as a single entity.

Signed-off-by: marian-pritsak <marianp@mellanox.com>
2017-03-01 10:57:35 -08:00
lguohan
b9b7d7a295 [installer]: support platform driver lazy installation (#340)
allow one image to support multiple switch devices, install
corresponding platform driver during the first boot time.
2017-02-27 13:08:41 -08:00
Joe LeVeque
2a551d3c60 Consolidate device-specific files; install as a Debian package (#316)
( All device-specific files now reside under /device directory in a <vendor-name>/<platform-string>/<hardware-SKU> directory structure in repo.

* Device-specific files are now packaged into a Debian package (sonic-device-data) and are now installed to /usr/share/sonic/device/<platform-string>/<hardware-SKU>/ directory on switch.
2017-02-27 00:13:36 -08:00
Taoyu Li
073c28bf15 Move template files to /usr/share/sonic/templates (#305) 2017-02-18 17:50:29 -08:00
Taoyu Li
ea372cc7c1 Add get_graph service to fetch minigraph automatically (#288)
- Add a functionality to get SNMP community from DHCP (option 224)
- Add a functionality to get minigraph from http service instead of using default minigraph
  - The url for graph service is passed through DHCP option 225
  - This feature is by default disabled. Modify rule/config to enable it on build time, or modify /etc/sonic/graph_service_url on run time.
- Fix a bug that getting hostname from DHCP is not working correctly
2017-02-17 13:47:01 -08:00
Marian Pritsak
ec584a2cc0 [sonic-utilities]: integrate into base image (#282)
Signed-off-by: marian-pritsak <marianp@mellanox.com>
2017-02-12 15:05:12 -08:00
lguohan
6119a58e4a [build_debian]: install deps in rootfs instead of just extracting the packages (#280)
packages contains post-install that needs to be performed
2017-02-10 07:39:05 -08:00
Oleksandr Ivantsiv
53a9792014 [Makefile]: Add possibility for docker containers to install files to base image (#240)
- Add vtysh/lldpctl/sensors to baseimage
2017-02-07 00:33:20 -08:00
Taoyu Li
60e1fc3c98 ONEImage - Read all platform dependent information from sonic-config-engine (#238)
Read all platform dependent information from sonic-config-engine
2017-02-02 20:34:34 -08:00
Oleksandr Ivantsiv
34ea91349c one image implementation (#215)
* Single image

* Fix review comments

* Update syncd service. Add HW mgmt to Mellanox single image.

* Add single image template for Broadcom platform.

SKU should be provided during configure:
make configure PLATFORM=broadcom SKU=Force10-S6000

* Add single image template for Cavium platform.

SKU should be provided during configure:
make configure PLATFORM=cavium SKU=AS7512

* Add description to sonic_debian_extension.j2 file.
2017-01-29 11:33:33 -08:00