Commit Graph

3382 Commits

Author SHA1 Message Date
Sumukha Tumkur Vani
6ca112e7e6 Update sonic-restapi (#4692)
Auto restart restapi server after cert rollover
2020-06-03 15:40:30 -07:00
Srideep
0de051ab9f [DellEmc] Changes to suppot new portmap for s5232f t0 config (#4670)
To support t0 config
2020-06-03 15:38:47 -07:00
Joe LeVeque
913d380f6b [caclmgrd] Get first VLAN host IP address via next() (#4685)
I found that with IPv4Network types, calling list(ip_ntwrk.hosts()) is reliable. However, when doing the same with an IPv6Network, I found that the conversion to a list can hang indefinitely. This appears to me to be a bug in the ipaddress.IPv6Network implementation. However, I could not find any other reports on the web.

This patch changes the behavior to call next() on the ip_ntwrk.hosts() generator instead, which returns the IP address of the first host.
2020-06-03 15:38:11 -07:00
abdosi
e00d038774 [sonic-slave]: add debian packages needed to compile BRCM SAI3.7 (#4672)
both for sonic-slave-stretch and sonic-slave-buster
2020-06-03 15:36:52 -07:00
Joe LeVeque
f2c0ed8e21 [caclmgrd] Allow more ICMP types (#4625) 2020-06-03 15:35:49 -07:00
Joe LeVeque
1e59be8941 [caclmgrd] Ignore keys in interface-related tables if no IP prefix is present (#4581)
Since the introduction of VRF, interface-related tables in ConfigDB will have multiple entries, one of which only contains the interface name and no IP prefix. Thus, when iterating over the keys in the tables, we need to ignore the entries which do not contain IP prefixes.
2020-06-03 15:35:10 -07:00
Joe LeVeque
ac957a0c7a [caclmgrd] Add some default ACCEPT rules and lastly drop all incoming packets (#4412)
Modified caclmgrd behavior to enhance control plane security as follows:

Upon starting or receiving notification of ACL table/rule changes in Config DB:
1. Add iptables/ip6tables commands to allow all incoming packets from established TCP sessions or new TCP sessions which are related to established TCP sessions
2. Add iptables/ip6tables commands to allow bidirectional ICMPv4 ping and traceroute
3. Add iptables/ip6tables commands to allow bidirectional ICMPv6 ping and traceroute
4. Add iptables/ip6tables commands to allow all incoming Neighbor Discovery Protocol (NDP) NS/NA/RS/RA messages
5. Add iptables/ip6tables commands to allow all incoming IPv4 DHCP packets
6. Add iptables/ip6tables commands to allow all incoming IPv6 DHCP packets
7. Add iptables/ip6tables commands to allow all incoming BGP traffic
8. Add iptables/ip6tables commands for all ACL rules for recognized services (currently SSH, SNMP, NTP)
9. For all services which we did not find configured ACL rules, add iptables/ip6tables commands to allow all incoming packets for those services (allows the device to accept SSH connections before the device is configured)
10. Add iptables rules to drop all packets destined for loopback interface IP addresses
11. Add iptables rules to drop all packets destined for management interface IP addresses
12. Add iptables rules to drop all packets destined for point-to-point interface IP addresses
13. Add iptables rules to drop all packets destined for our VLAN interface gateway IP addresses
14. Add iptables/ip6tables commands to allow all incoming packets with TTL of 0 or 1 (This allows the device to respond to tools like tcptraceroute)
15. If we found control plane ACLs in the configuration and applied them, we lastly add iptables/ip6tables commands to drop all other incoming packets
2020-06-03 09:41:52 -07:00
Kebo Liu
618d529ef4
[201911][Mellanox] Update hw-mgmt package to V.7.0010.1000 (#4688) 2020-06-02 14:53:09 -07:00
Sumukha Tumkur Vani
a693f02362 Read cloudtype info from minigraph (#4642) 2020-05-27 18:08:34 -07:00
pavel-shirshov
5969470ab8 [sonic-slave]: Install pympler to find the memory leaks in python (#4652) 2020-05-27 18:07:44 -07:00
Arun Saravanan Balachandran
98b8d1eee1 DellEMC: get_change_event Platform API implementation for S6000, S6100 and Z9100 (#4593)
For detecting transceiver change events through xcvrd in DellEMC S6000, S6100 and Z9100 platforms.

- In S6000, rename 'get_transceiver_change_event' in chassis.py to 'get_change_event' and return appropriate values.
- In S6100, implement 'get_change_event' through polling method (poll interval = 1 second) in chassis.py (Transceiver insertion/removal does not generate interrupts due to a CPLD bug)
- In Z9100, implement 'get_change_event' through interrupt method using select.epoll().
2020-05-27 18:00:45 -07:00
shlomibitton
3ca65bdb67 [Mellanox] Fix 'sensors.conf' mapping for MSN4700 (#4511)
* [Mellanox] Fix 'sensors.conf' mapping for SN4700

Signed-off-by: Shlomi Bitton <shlomibi@mellanox.com>

* Fix some labels name
2020-05-27 17:58:55 -07:00
Tyler Li
16d9fc8848 Fix vrf test failed after frr update to 7.2 (#3763) 2020-05-27 07:11:23 +00:00
Nazarii Hnydyn
12fb95c561
[201911][sonic-platform-common]: Advance submodule (#4635)
Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com>
2020-05-23 12:21:16 -07:00
pavel-shirshov
209febcf56 Update golang version for 1.11.5 to 1.14.2 (#4520) 2020-05-21 23:53:10 -07:00
Abhishek Dosi
6ebc79e297 [submodule update] sonic-rest API's
PR#39  Setup module versioning
Add support for get all Vlans (#37)
2020-05-21 22:20:18 -07:00
Abhishek Dosi
7b5fb95fc7 [submodule update] sonic-util
Revert "[config] Add 'interface transceiver' subgroup with 'lpmode' and
 'reset' subcommands (#904)"
  Multi-asic changes for config bgp commands and utilities. (#910)
2020-05-20 22:44:14 -07:00
Abhishek Dosi
a197dd46e0 [submodule update] sonic-swss with PR
[vnet] Fix IP2ME route creation logic for BITMAP VNET interface (#1284)
2020-05-20 22:44:14 -07:00
Ying Xie
14b3f0022b [ntp] enable/disable NTP long jump according to reboot type (#4577)
* [ntp] enable/disable NTP long jump according to reboot type

- Enable NTP long jump after cold reboot.
- Disable NTP long jump after warrm/fast reboot.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>

* fix typo

* further refactoring

* use sonic-db-cli instead
2020-05-20 22:44:14 -07:00
Samuel Angebault
dcb780e2e9 [arista]: remove the soc property disabling sram scan (#4623) 2020-05-20 22:44:14 -07:00
arlakshm
fd2831c15c [config]: Fix the device type and internal bgp session status for multi NPU platforms (#4600)
* The following changes for multi-npu platforms are done
- Set the type in device_metadata for asic configuration to be same as host
- Set the admin-status of internal bgp sessions as up
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2020-05-20 22:44:14 -07:00
abdosi
bb60e2b670 Changes to support config-setup service for multi-npu (#4609)
* Changes to support config-setup service for multi-npu
platforms. For Multi-npu we are not supporting as of
now config initializtion and ZTP. It will support creating
config db from minigraph or using  config db from previous
file system

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

* Address Review Comments.

* Address Review comments

* Address Review Comments of using pyhton based config load_minigraph/
config save/config reload from shell scripts so that we don't duplicate
code. Also while running from shell we will skip stop/start services
done by those commands.

* Updated to use python command so no code duplication.
2020-05-20 22:44:14 -07:00
judyjoseph
7bd7756129 Adding new BGP peer groups PEER_V4_INT and PEER_V6_INT. (#4620)
* Adding new BGP peer groups PEER_V4_INT and PEER_V6_INT. The internal BGP sessions
will be added to this peer group while the external BGP sessions will be added
to the exising PEER_V4 and PEER_V6 peer group.

* Check for "ASIC" keyword in the hostname to identify the internal neighbors.
2020-05-20 22:44:14 -07:00
Qi Luo
1f3091c5e1
[minigraph] Support FECDisabled in minigraph parser (#4556) (#4624)
Signed-off-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2020-05-20 16:23:16 -07:00
Abhishek Dosi
7234bc120a [Submodule update] sonic-utlities with PR's
[201911][show] Fix abbreviations for 'show ip bgp ...' commands (#909)
Changes to support acl-loader and mirror-session config commands for
multi-npu platforms. (#908)
Changes to commands  config reload/load-minigraph (#919)
Stop/Start restapi server upon config reload (#911)
[config] Add 'interface transceiver' subgroup with 'lpmode' and
'reset' subcommands (#904)
2020-05-20 08:17:23 -07:00
Danny Allen
4079d39697 [minigraph] Add tags for egress mirror tables (#4526)
Signed-off-by: Danny Allen <daall@microsoft.com>
2020-05-20 08:01:38 -07:00
Andriy Kokhan
11ce7617d2 [BFN] Updated Barefoot SDK to 2020-05-07 (#4566)
Signed-off-by: Andriy Kokhan <akokhan@barefootnetworks.com>
2020-05-20 07:55:54 -07:00
Santhosh Kumar T
045d5e6f23 [DellEMC] S6000 Disable Low power mode by default (#4592) 2020-05-20 07:55:16 -07:00
arlakshm
321b99b48c Change to enable redistribute connected on Frontend asics instead of backend asics (#4588)
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2020-05-20 07:53:50 -07:00
abdosi
508f6bfa02 Fix for issue where image is compile with flag ENABLE_DHCP_GRAPH_SERVICE (#4573)
and then we load image and reboot even if there was existing
config_db.json we will look for DHCP Service. we should disbale
update_graph in such cases. This behaviour is silimar to what we have in
201811 image.
2020-05-20 07:53:23 -07:00
abdosi
f087275e92 Moved utility functions for multi-npu platforms from sonic-utilities to sonic_device_util.py (#4559)
* Moved utility functions for multi-npu platforms from
sonic-utilities config/main.py to here so that they can be used
any module

* Fix the issue with test run during compilation with acl-uploader
PR#908 of sonic-utilities.

* Fix get_num_npu as it was retuning string and not int

* Address Review Comments

* Address Review Comments
2020-05-20 07:52:43 -07:00
abdosi
9ea746e25f Changes for LLDP docker to support multi-npu platforms (#4530)
* Changes for LLDP for Multi NPU Platoforms:-
a) Enable LLDP for Host namespace for Management Port
b) Make sure Management IP is avaliable in per asic namespace
   needed for LLDP Chassis configuration
c) Make sure chassis mac-address is correct in per asic namespace
d) Do not run lldp on eth0 of per asic namespace and avoid chassis
   configuration for same
e) Use Linux hostname instead from Device Metadata for lldp chassis
   configuration since in multi-npu platforms device metadata hostname
   will be differnt

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

* Address Review Comment with following changes:
a) Use Device Metadata hostname even in per namespace conatiner.
   updated minigraph parsing for same to have hostname as system
   hostname and add new key for asic name

b) Minigraph changes to have MGMT_INTERFACE Key in per asic/namespace
   config also as needed for LLDP for setting chassis management IP.

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

* Address Review Comments
2020-05-20 07:51:49 -07:00
abdosi
8fc4657f68 [sonic-buildimage] updated minigraph for ACL Table data and ACL Interface Binding for Multi-NPU platforms (#4491)
* [sonic-buildimage] updated minigraph for ACL Table data and ACL Interface
binding update for multu-npu platform based on subrole as "Frontend" or
"Backend". For backend npu no ACL table is associated. For frontend npu
only front-panel interface are associated.

Updated with test case and fix typo in sample-mingraph for npu

Address Review comments

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

* Fixed the logic as per preview comment. Interface Filter logic
only applies to Everflow/Mirror tables.

* Address Review Comments.
2020-05-20 07:50:45 -07:00
pavel-shirshov
2778363049 [FRR]: Update frr to latest 7.2.1-s3 (#4294)
- Updated to latest frr 7.2.1 from the master.
- Updated patches accordingly
2020-05-20 07:48:23 -07:00
Guohan Lu
16ad356f3a [baseimage]: install same version for docker-ce and docker-ce-cli
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-05-20 00:45:37 +00:00
Guohan Lu
70271aa518 [sonic-slave-stretch]: install same version for docker-ce and docker-ce-cli
difference versions can cause compatibility issue between the server and client

Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-05-19 05:20:01 +00:00
paavaanan
e2e3dde38c DellEMC S6000 updated sensors.conf (#4568)
Change PSU MAX temperature to 80 degree
Change tmp75 sensors default temperature value from 25/50 to 70/80 degree.
2020-05-13 23:16:19 -07:00
Srideep
17e6b8a6b7 [device] DellEMC s5232f 50G hwsku support (#4525)
* [device] DellEmc S5232 support for new hwsku C8D48
8 100G ports and 48 50G ports

* 10G ports update for S5232 hwsku-C8D48

Signed-off-by: Srideep Devireddy <srideep_devireddy@dell.com>
2020-05-13 23:11:40 -07:00
Myron Sosyak
95349d2b61
[201911][devices] skip_fancontrol for wedge 100 barefoot platforms (#4528) 2020-05-13 09:58:17 -07:00
Kebo Liu
fffee7e33a [mellanox]: Update SAI to 1.16.4, SDK to 4.4.0918, FW to *.2007.1140 (#4571)
- mgmt buffer issue on 400G port
- high CPU utilization issue caused by some counter reading
2020-05-12 22:46:21 -07:00
lguohan
710d176162 [baseimage]: pin down package version for azure-storage, watchdog and futures (#4575)
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2020-05-12 06:19:05 +00:00
Abhishek Dosi
e4ccfa56c4 [sonic-utilities] sub-module update.
Reverted Add 'interface transceiver' subgroup with 'lpmode' and 'reset'
subcommands (#904) as it dependent of #903 which is not marked to
cherry-pick for 201911. Need to add that before we can use this.
2020-05-09 22:47:26 -07:00
Abhishek Dosi
45c2ab63a3 [submodule update] sonic-utilities with PR:
Support load_minigraph command for multi NPU platform
2020-05-09 21:36:44 -07:00
judyjoseph
c808640f4e Multi DB with namespace support, Introducing the database_global.json… (#4477)
* Multi DB with namespace support, Introducing the database_global.json file
for supporting accessing DB's in other namespaces for service running in
linux host

* Updates based on comments

* Adding the j2 templates for database_config and database_global files.

* Updating to retrieve the redis DIR's to be mounted from database_global.json file.

* Additional check to see if asic.conf file exists before sourcing it.

* Updates based on PR comments discussion.

* Review comments update

* Updates to the argument "-n" for namespace used in both context of parsing minigraph and multi DB access.

* Update with the attribute "persistence_for_warm_boot" that was added to database_config.json file earlier.

* Removing the database_config.json file to avioid confusion in future.
We use the database_config.json.j2 file to generate database_config.json files dynamically.

* Update the comments for sudo usage in docker_image_ctrl.j2

* Update with the new logic in PING PONG tests using sonic-db-cli. With this we wait till the
PONG response is received when redis server is up.

* Similar changes in swss and syncd scripts for the PING tests with sonic-db-cli

* Updated with a missing , in the database_config.json.j2 file, Do pip install of j2cli in docker-base-buster.
2020-05-09 21:33:07 -07:00
rlhui
87f3592d22 Added the below PRs:
[Vnet] Fix NameError for 'swsssdk' and align output (#902)
[config] Add 'interface transceiver' subgroup with 'lpmode' and 'reset' subcommands (#904)
Improved route_check tool and adopt to 20191130 image. (#898)
2020-05-09 19:38:48 -07:00
Santhosh Kumar T
1e3df476e5 [DellEMC] S6100 Last Reboot Reason Thermal Support (#3767) 2020-05-09 18:37:31 -07:00
wangshengjun
18e51088a0 [ebtables]add the filter rule for ARP packets with vlan tag: (#3945)
1. ebtables -t filter -A FORWARD -p 802_1Q --vlan-encap 0806 -j DROP
The ARP packet with vlan tag can't match the default rule.

Signed-off-by: wangshengjun <wangshengjun@asterfusion.com>
2020-05-09 18:36:36 -07:00
Joe LeVeque
9bdd2ef014 [process-reboot-cause] If software reboot cause is unknown add note if first boot into new image (#4538) 2020-05-09 18:17:31 -07:00
Dong Zhang
3faa4e936e [MultiDB] use sonic-db-cli PING and fix wrong multiDB API in NAT (#4541) 2020-05-09 18:16:48 -07:00
Akhilesh Samineni
3be7c5786b [NAT] : Removed requires dependency on swss (#4551)
Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
2020-05-09 18:16:02 -07:00