Commit Graph

143 Commits

Author SHA1 Message Date
Ying Xie
720c71399c
Improve: buffer configuration infrastructure (#1403)
* [sonic build] Define folder macro for target folder /usr/sonic/share/templates

* [sonic-cfggen] allow templates to include from common folders

- Allow templates to include files under /usr/share/sonic/templates
- Allow templates to include files in the same folder as the root template

* [Buffer config] install the buffer configuration template

* [Arista7260cx3] Add buffer configuration for Arista7260CX3 T0 topology

- pg profile look up table is incomplete. Currently contains T0 default
  values.

* [Arista7260cx3] Adding QoS configuration

* Address review comments

1. Stop generating ingress pg configuration for lossless pgs.
2. Stop putting ports into speed sets, put all ports in one set.
3. Remove ingress lossless profiles.
4. Added some tailing '-' back to remove leading spaces.
2018-02-27 12:15:56 -08:00
Joe LeVeque
6ccd1601b8
Modify Arista service ACL solution to listen to ACL changes in ConfigDB (#1385) 2018-02-12 11:10:01 -08:00
byu343
ecf5c8d311 ssh and snmp allow list (#1363)
- Service ACL framework for Arista platforms
2018-02-08 17:43:52 -08:00
Joe LeVeque
134707f822
Move platform-specific hardware plugin base packages to sonic-platform-common submodule (#1301) 2018-01-17 17:11:31 -08:00
Joe LeVeque
0fffa6c63b
Add caclmgrd and related files to translate and install control plane ACL rules (#1240) 2018-01-09 17:55:10 -08:00
lguohan
15d433d975
[build]: allow to use http(s) proxy in the build (#1265)
* allow to use http(s) proxy in the build

To enable this, use following command
http_proxy=[your_proxy] https_proxy=[your_proxy] make
2017-12-23 23:34:15 -08:00
Liuqu
dce6d3536b [TACACS+]: Add configDB enforcer for TACACS+ (#1214)
* [TACACS+]: Add configDB enforcer for TACACS+

* hostcfgd - configDB enforcer for TACACS+, listen configDB to
  modify the pam configuration for Authentication in host
* Add a service script for hostcfgd

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>

* [TACACS+]: Generate conf file by template file

* Generate common-auth-sonic and tacplus_nss.conf by jinja2 template

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
2017-12-12 03:45:44 -08:00
Liuqu
8383b1f256 [TACACS+]: Add support for TACACS+ Authentication (#1019)
* [TACACS+]: Add support for TACACS+ Authentication

* pam_tacplus - A TACACS+ protocol client library and PAM module to
  supports core TACACS+ functions for AAA.
* nss_tacplus - A NSS plugin for TACACS+ to extend function getpwnam,
  make the TACACS+ authenticated user which is not found in local
  could login successfully.

* Add make rules for pam_tacplus and install script
* Add a patch for pam_tacplus to disable pam-auth-update pam-tacplus
  by default
* Add a patch for pam_tacplus to inlucde and build nss_tacplus

  Signed-off-by: chenchen.qcc@alibaba-inc.com

* [TACACS+]: Add nss-tacplus as a separate src repo

* Separate nss-tacplus from pam-tacplus, modify tacacs.mk and
  makefile, add a patch to adapt to the new user map profile.
* Use the lastest stable version for pam-tacplus, add a dependent
  package in sonic-salve, add two patches to fix build error.
* Add scripts to disable tacplus by default.
* Remove hostcfgd service file

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>

* [TACACS+]: Fix nss-tacplus filter some valid TACACS+ username

* The NAME_REGEX for username check in plugin nss-tacplus is
  the ANSI version "^[0-9a-zA-Z_-\ ]*$", but the regular expression
  in /etc/adduser.conf is not defined as ANSI version. To avoid
  nss-tacplus filter some valid TACACS+ username, remove username
  check.

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
2017-12-07 03:36:17 -08:00
Taoyu Li
617b3e43b1
Add service to config hostname based on configdb (#1174) 2017-11-22 14:36:25 -08:00
byu343
d7d6c41184 [Arista]: Fix the udev waiting in networking start (#1093)
* [Arista]: Fix the udev waiting in networking start

This change is to fix the issue in https://github.com/aristanetworks/sonic/issues/16
For the checking condition used, it is only applied to Arista switches

Signed-off-by: Boyang Yu <byu@arista.com>

* [Arista]: Correct for PR comments

Signed-off-by: Boyang Yu <byu@arista.com>
2017-10-30 18:04:40 -07:00
lguohan
dc0f3ceb5c add version tag for the docker images (#1021)
docker images are also tagged with the same image version.
2017-10-08 02:10:14 -07:00
Joe LeVeque
8a305ce9c9 [sonic-utilities]: Build as Debian package once again (revert change to wheel) (#1018) 2017-10-06 12:46:47 -07:00
Joe LeVeque
1cd9818fe9 [build]: sonic-utilities package depends on swsssdk; build as wheel and add build dependency (#1011)
* [build]: sonic-utilities package now depends on swsssdk; add build dependency

* Now building sonic-utilities Python package in wheel format

* Update sonic-utilities submodule

* Change output wheel name to match proper format
2017-10-04 19:50:39 -07:00
Oleksandr Ivantsiv
7c75030cea [mlnx-fw-upgrade]: Define required FW version in build time. (#902)
- Do not query required FW from file.
2017-08-22 08:08:07 -07:00
Joe LeVeque
9d5adb993a [System logs]: Improvements to prevent filling /var/log partition (#865)
- Force log rotation at size thresholds only (no longer also rotating logs daily), allowing for more consistent archived log size
- Eliminate remaining duplicate log messages
- Cron facility now only logs to cron.log (was also logging to syslog)
- Debug, mail, news and user log facilities only log to syslog; no longer creating separate log files for these facilities
- Cron job that calls logrotate every minute now uses the main /etc/logrotate.conf file so as to check/rotate all logs every minute, not just the logs specified in the rsyslog file. Also redirecting output of this command to /dev/null to prevent "(CRON) info (No MTA installed, discarding output)" messages in cron.log due to lack of a mail service
- Delete archive files based on remaining /var/log partition space. Note that this solution currently requires a minimum /var/log partition size of 32MB to function correctly
- Update sonic-sairedis and sonic-swss submodules to incorporate recording file name changes
- Add .screen file to .gitignore (unrelated)
2017-08-10 16:24:57 -07:00
Taoyu Li
a2fe0212be [ConfigDB] Move all BGP configuration into DB (#861)
- BGP data read from minigraph.py now match DB schema
- BGP templates are updated
- bgpcfgd can now deal with runtime neighbor create/delete
2017-08-08 16:23:58 -07:00
Taoyu Li
b6efe438b5 Introduce ConfigDB (#808)
* [cfggen] Support reading from and writing to configdb
* [bgp] Move bgp_admin_state to configdb, support dynamic admin state change
* [sonic-utilities] Adapt configDB for admin status, support config save and config load
2017-08-01 19:02:00 -07:00
Oleksandr Ivantsiv
382d52843f [mellanox]: Move FW upgrade script to base image. (#849)
- Download files to target/files directory (instead of target/debs)
- Clean python-weels log files
2017-07-28 10:57:51 -07:00
Joe LeVeque
f49cac086f Remove extra trailing newlines at EOF (#804)
Files now end with a single newline
2017-07-12 20:54:37 -07:00
sihuihan88
3268946de5 [BGPD]: add bgp dynamic neighbor configuration (#708)
* add bgp dynamic neighbor configuration

* [bgpd]: update as comments

* update as comment

* update to deployment_id_asn_map

* minor change
2017-06-21 18:52:50 -07:00
Taoyu Li
5e6620e19e [bgp] Save bgp admin state (#690)
* [bgp] Save admin state and set default state to shutdown

* Set default behavior to no shutdown

* Add build option SHUTDOWN_BGP_ON_START

* Script change for default admin state to be on

* Address CR comments to bgp_neighbor script

* Fix script bug
2017-06-12 11:05:22 -07:00
lguohan
147b89fa43 [sonic-utilities]: update sonic-utilities to use redis-load-dump to dump redis db data (#530) 2017-04-25 11:07:54 -07:00
Joe LeVeque
6c202919b3 [System logs]: Eliminate duplicate log messages and attempt rotation more frequently (#520)
* Rename 'ACSFileFormat' -> 'SONiCFileFormat'

* Rename '00-acs.conf' -> '00-sonic.conf'

* Add logrotate.d and systemd-journald config files to image

* Log all SONiC process messages to /var/log/syslog; prevent duplicate logging to /var/log/messages

* Do not redirect cron and daemon logs to their own files, let them log to /var/log/syslog

* Log all teamd messages to /var/log/teamd.log; Add more SONiC program names to SONiC rules clause

* Remove duplicate code by condensing quagga programs into a list; Fix teamd log rule

* Kernel and LPR messages no longer getting duplicated to their own log files

* Now calling logrotate every minute via cron job

* Need full path to logrotate in cron job

* Add '.log' suffix to wildcards, otherwise logrotate will rotate already-rotated logs (e.g., bgpd.log.1.1.1.1.1...)

* Add microsecond granularity to syslog messages

* Don't overwrite system crontab, instead, install additional logrotate crontab file into /etc/cron.d

* Removed incomplete concept of per-process SONiC logs. We can revisit again later
2017-04-21 08:22:44 -07:00
Marian Pritsak
6dbe979e5f [build]: Include SONiC version into installer. (#472)
* [build]: Include SONiC version into installer.

Signed-off-by: marian-pritsak <marianp@mellanox.com>

* Append dirty if contains local changes

Signed-off-by: marian-pritsak <marianp@mellanox.com>

* Update config

* Use correct name for kernel version field

* Update sysDescription.j2
2017-04-05 16:14:41 -07:00
Joe LeVeque
b7d2009b14 [base image]: Install SwSS SDK Python 2 package into base image (#461)
* [base image]: Install SwSS SDK Python packages (Python 2 & 3) into base image

* Fix typo in existing variable name

* Only install Python 2 version, as Python 3 is not installed in base image
2017-04-03 23:56:15 -07:00
Nadiya
6f04867954 [oneimage] Add cavium packet driver (#469)
* [oneimage] Add cavium packet driver

Signed-off-by: Nadiya.Stetskovych <Nadiya.Stetskovych@cavium.com>

* Rename cavm_platform_modules.mk and cavm_xpnet.mk to fit naming convetion

Signed-off-by: Nadiya.Stetskovych <Nadiya.Stetskovych@cavium.com>

* Allow dpkg -i for cavm_xpnet

Signed-off-by: Nadiya.Stetskovych <Nadiya.Stetskovych@cavium.com>
2017-04-03 19:13:29 -07:00
Shuotian Cheng
e2cc409f8a [database]: Mount /var/run/redis/ folder from host for all dockers (#418)
- Create /var/run/redis/ folder on the host
- Install Python client for Redis on the host
- Mount /var/run/redis/ as read/write from host for all dockers
- Enable accessing the database everywhere including on the host and from remote

Signed-off-by: Shuotian Cheng <shuche@microsoft.com>
2017-03-23 12:18:52 -07:00
Taoyu Li
3643281594 [cfggen] Add tool to translate openconfig acl into sonic format (#388)
* Build sonic-config-engine as whl instead of deb package
* Add tool to translate openconfig acl into sonic format
2017-03-17 14:51:42 -07:00
Taoyu Li
bd6bf1ff9a [config] [oneimage & dhcp relay docker] Move ntp, rsyslog, and dhcp server information into minigraph (#374)
Move DHCP, rsyslog, and NTP server information into minigraph


* Fix dhcp relay template according to CR
2017-03-06 12:41:26 -08:00
Oleksandr Ivantsiv
ba0f19ad54 [build_debuian]: Fix issue #267 (docker connect failure). (#365) 2017-03-03 02:26:44 -08:00
Qi Luo
d3891a2a42 Keep pip in the debian image (#356) 2017-03-02 16:04:18 -08:00
Joe LeVeque
4eb549d36f [sonic_cli]: Fix bash completion for 'show' command (#355) 2017-03-02 12:17:04 -08:00
lguohan
0ed9b3ce28 [platform]: remove sku from build parameter (#350)
different sku will be contained in a single one sonic image.
no longer need to specify sku at the build time
2017-03-01 17:05:13 -08:00
Marian Pritsak
a8776033bf Merge swss and syncd into single service (#334)
Current implementation of swss and syncd causes a lot
of problems in terms of dependencies and synchronization.
Instead of handling them in separate services, we now
start and stop them both as a single entity.

Signed-off-by: marian-pritsak <marianp@mellanox.com>
2017-03-01 10:57:35 -08:00
lguohan
b9b7d7a295 [installer]: support platform driver lazy installation (#340)
allow one image to support multiple switch devices, install
corresponding platform driver during the first boot time.
2017-02-27 13:08:41 -08:00
Joe LeVeque
2a551d3c60 Consolidate device-specific files; install as a Debian package (#316)
( All device-specific files now reside under /device directory in a <vendor-name>/<platform-string>/<hardware-SKU> directory structure in repo.

* Device-specific files are now packaged into a Debian package (sonic-device-data) and are now installed to /usr/share/sonic/device/<platform-string>/<hardware-SKU>/ directory on switch.
2017-02-27 00:13:36 -08:00
Taoyu Li
073c28bf15 Move template files to /usr/share/sonic/templates (#305) 2017-02-18 17:50:29 -08:00
Taoyu Li
ea372cc7c1 Add get_graph service to fetch minigraph automatically (#288)
- Add a functionality to get SNMP community from DHCP (option 224)
- Add a functionality to get minigraph from http service instead of using default minigraph
  - The url for graph service is passed through DHCP option 225
  - This feature is by default disabled. Modify rule/config to enable it on build time, or modify /etc/sonic/graph_service_url on run time.
- Fix a bug that getting hostname from DHCP is not working correctly
2017-02-17 13:47:01 -08:00
Marian Pritsak
ec584a2cc0 [sonic-utilities]: integrate into base image (#282)
Signed-off-by: marian-pritsak <marianp@mellanox.com>
2017-02-12 15:05:12 -08:00
lguohan
6119a58e4a [build_debian]: install deps in rootfs instead of just extracting the packages (#280)
packages contains post-install that needs to be performed
2017-02-10 07:39:05 -08:00
Oleksandr Ivantsiv
53a9792014 [Makefile]: Add possibility for docker containers to install files to base image (#240)
- Add vtysh/lldpctl/sensors to baseimage
2017-02-07 00:33:20 -08:00
Taoyu Li
60e1fc3c98 ONEImage - Read all platform dependent information from sonic-config-engine (#238)
Read all platform dependent information from sonic-config-engine
2017-02-02 20:34:34 -08:00
Oleksandr Ivantsiv
34ea91349c one image implementation (#215)
* Single image

* Fix review comments

* Update syncd service. Add HW mgmt to Mellanox single image.

* Add single image template for Broadcom platform.

SKU should be provided during configure:
make configure PLATFORM=broadcom SKU=Force10-S6000

* Add single image template for Cavium platform.

SKU should be provided during configure:
make configure PLATFORM=cavium SKU=AS7512

* Add description to sonic_debian_extension.j2 file.
2017-01-29 11:33:33 -08:00