Commit Graph

159 Commits

Author SHA1 Message Date
kram
b02b29a984 updates based on review 2018-03-12 21:06:38 -07:00
kram
e2696683ff Merge remote-tracking branch 'azure/master' into bf-master 2017-12-13 17:49:24 -08:00
kram
ee659f06f6 merge with Azure master (12/12/17) 2017-12-12 20:07:42 -08:00
Liuqu
dce6d3536b [TACACS+]: Add configDB enforcer for TACACS+ (#1214)
* [TACACS+]: Add configDB enforcer for TACACS+

* hostcfgd - configDB enforcer for TACACS+, listen configDB to
  modify the pam configuration for Authentication in host
* Add a service script for hostcfgd

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>

* [TACACS+]: Generate conf file by template file

* Generate common-auth-sonic and tacplus_nss.conf by jinja2 template

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
2017-12-12 03:45:44 -08:00
Liuqu
8383b1f256 [TACACS+]: Add support for TACACS+ Authentication (#1019)
* [TACACS+]: Add support for TACACS+ Authentication

* pam_tacplus - A TACACS+ protocol client library and PAM module to
  supports core TACACS+ functions for AAA.
* nss_tacplus - A NSS plugin for TACACS+ to extend function getpwnam,
  make the TACACS+ authenticated user which is not found in local
  could login successfully.

* Add make rules for pam_tacplus and install script
* Add a patch for pam_tacplus to disable pam-auth-update pam-tacplus
  by default
* Add a patch for pam_tacplus to inlucde and build nss_tacplus

  Signed-off-by: chenchen.qcc@alibaba-inc.com

* [TACACS+]: Add nss-tacplus as a separate src repo

* Separate nss-tacplus from pam-tacplus, modify tacacs.mk and
  makefile, add a patch to adapt to the new user map profile.
* Use the lastest stable version for pam-tacplus, add a dependent
  package in sonic-salve, add two patches to fix build error.
* Add scripts to disable tacplus by default.
* Remove hostcfgd service file

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>

* [TACACS+]: Fix nss-tacplus filter some valid TACACS+ username

* The NAME_REGEX for username check in plugin nss-tacplus is
  the ANSI version "^[0-9a-zA-Z_-\ ]*$", but the regular expression
  in /etc/adduser.conf is not defined as ANSI version. To avoid
  nss-tacplus filter some valid TACACS+ username, remove username
  check.

  Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
2017-12-07 03:36:17 -08:00
Prince Sunny
744927acd3
Derive varlog size based on total flash size (#1209) 2017-12-06 15:13:18 -08:00
lguohan
b907e4e9f5
[vs]: add vlan configuration support in virtual switch (#1200) 2017-11-30 14:59:25 -08:00
Samuel Angebault
7f25b94378 [aboot]: Add setfacl in the initramfs (#1185)
Arista platforms need the filesystem ACLs to be removed on boot to
prevent invalid permission to be set for new files.
2017-11-24 17:30:11 -08:00
Taoyu Li
617b3e43b1
Add service to config hostname based on configdb (#1174) 2017-11-22 14:36:25 -08:00
Andriy Moroz
6d0329af3d Move QoS configuration to Config DB (#1178)
* Move Mellanox QoS configuration to config DB

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>

* Move qos.json to hwsku subfolder

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>

* Remove copying of old qos config

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>

* Update WRED threshold values

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>

* hwsku2

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>

* Fix syntax error in json

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>

* Add qos config for some Dell and Arista platforms

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>

* Fix inital qos config on clean boot

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>

* Updated swss-common and swss pointers (QoS in Config DB)

Signed-off-by: Andriy Moroz <c_andriym@mellanox.com>
2017-11-22 08:58:22 -08:00
Samuel Angebault
21764008da [Aboot] Declare flash_size for all platform (#1171)
The flash_size parameter can then be used to compute the varlog_size
2017-11-22 02:58:20 -08:00
Taoyu Li
c5eba7dd34 [baseimage]: Fix racing condition between updategraph and rc.local (#1175) 2017-11-22 00:51:05 -08:00
kram
1cc0c952ea Merge remote-tracking branch 'azure/master' into bf-master 2017-11-20 10:45:34 -08:00
lguohan
df529efef7
[baseimage]: fix mac address calculation on mellanox and centec platform (#1166) 2017-11-20 10:05:08 -08:00
Joe LeVeque
cea87e985c
Add docker-router-advertiser to support IPv6 router advertisements (#1103) 2017-11-14 14:40:15 -08:00
Prince Sunny
803c263331 [baseimage]: Subnet route added for management interface (eth0) - "fixes #1023" (#1142)
* Added management subnet route to route table-default in kernel.

* Added sample output to interface file
2017-11-14 08:19:24 -08:00
kram
784d737b80 Merge remote-tracking branch 'azure/master' into bf-master 2017-11-13 15:31:48 -08:00
Ying Xie
764cb913f1
[Arista7260cx3] Increase /var/log partition size to 4G (#1140) 2017-11-10 15:47:38 -08:00
Haiyang Zheng
a69b353630 [interfaces.j2] Get mtu value from config DB if provided (#1128)
Signed-off-by: Haiyang Zheng <haiyang.z@alibaba-inc.com>
2017-11-10 13:54:31 -08:00
Marian Pritsak
c64d423fec [rc.local]: Fix init_cfg.json (#1129)
If device MAC is added to init_cfg.json, it has to be done using
intermediate file. We cannot redirect to same file while trying to read
from it because it will be truncated first.

Signed-off-by: marian-pritsak <marianp@mellanox.com>
2017-11-08 08:50:22 -08:00
Taoyu Li
f7c39720f7
Restart ntp after ntp-config (#1106)
* Restart ntp after ntp-config
* Remove ntp dependency to ntp-config
2017-11-07 14:51:07 -08:00
lguohan
1ce9b85e3c
[init]: save the initial switch mac to config db (#1125)
* [init]: save the initial switch mac to config db

Save the initial switch mac to config db DEVICE_METADATA|localhost entry.

* update sonic-swss submodule
2017-11-06 23:40:27 -08:00
JipanYanga
7406d3709b [configdb]: Add support for vlanconfd and intfconfd (#1063)
* Add support for vlanconfd and intfconfd

Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>

* Change name to vlanmgrd and intfmgrd

Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>

* Add missing vlan_members for parse_dpg result

Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>

* Remove cfgmgr debug CLI from image

Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>

* Update swss and swss-common submodules for VLAN trunk support

Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
2017-11-05 22:37:16 -08:00
JipanYanga
84cbfd5bbc [configdb]: Store switch mac to configDB switch table (#1108)
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
2017-11-05 00:31:29 -07:00
Samuel Angebault
ca214b947c [arista]: Bump sonic-platform-modules-arista submodule (#1111)
* Bump sonic-platform-modules-arista

Improves i2c performance for xcvrs
Fix the led_plugin by ignoring unknown ports
Miscellaneous improvements

* Fix index column for Arista-7260CX3-D108C8

* Fix flash permissions for Arista platforms

The ext4 flash uses acl to properly handle permissions in EOS.
Aboot isn't built with this support and therefore can't be used
to set the flash permissions. It has to be deferred in sonic initrd.
2017-11-03 15:22:05 -07:00
kram
c019a461d2 Merge branch 'rel_6_0' into bf-master 2017-11-03 13:54:55 -07:00
kram
743edc0cad initial barefoot checkin october 2017 2017-11-02 17:11:14 -07:00
Shuotian Cheng
06c0f7d2e8 Revert "[ntp]: Restart ntp after ntp-config (#1098)" (#1102)
This reverts commit c832f2af62.
2017-11-01 18:40:33 -07:00
Taoyu Li
c832f2af62 [ntp]: Restart ntp after ntp-config (#1098) 2017-10-31 22:20:18 -07:00
byu343
d7d6c41184 [Arista]: Fix the udev waiting in networking start (#1093)
* [Arista]: Fix the udev waiting in networking start

This change is to fix the issue in https://github.com/aristanetworks/sonic/issues/16
For the checking condition used, it is only applied to Arista switches

Signed-off-by: Boyang Yu <byu@arista.com>

* [Arista]: Correct for PR comments

Signed-off-by: Boyang Yu <byu@arista.com>
2017-10-30 18:04:40 -07:00
Taoyu Li
a7ea0556c8 [updategraph]: Support a special value to use empty configuration (#1086)
When updategraph service is enabled, a special value 'default'
from DHCP response will now initialize the system with an empty
configuration instead of existing minigraph.

A DHCP response without option 224 will remain the current behavior
of skipping graph update and use existing default minigraph.
2017-10-27 18:01:02 -07:00
Joe LeVeque
37dc7bd478 [interfaces]: Set hwaddr of VLAN interfaces to system MAC upon creation (#1042) 2017-10-16 17:36:21 -07:00
Hnydyn Nazar
118c2dd39d [ntp]: Fix NTP sync while using DHCP (#1035) 2017-10-13 17:08:35 -07:00
Shuotian Cheng
dbced4fb77 [snmp]: Add swss dependency for snmp service (#1034)
- snmp service needs swss to be ready to get the port counter map

Signed-off-by: Shu0T1an ChenG <shuche@microsoft.com>
2017-10-12 00:28:16 -07:00
Marian Pritsak
ecd99c73d1 [swss]: Flush flex counter DB in swss_serivce.j2 (#1029) 2017-10-10 12:49:06 -07:00
lguohan
dc0f3ceb5c add version tag for the docker images (#1021)
docker images are also tagged with the same image version.
2017-10-08 02:10:14 -07:00
Joe LeVeque
8a305ce9c9 [sonic-utilities]: Build as Debian package once again (revert change to wheel) (#1018) 2017-10-06 12:46:47 -07:00
Joe LeVeque
1cd9818fe9 [build]: sonic-utilities package depends on swsssdk; build as wheel and add build dependency (#1011)
* [build]: sonic-utilities package now depends on swsssdk; add build dependency

* Now building sonic-utilities Python package in wheel format

* Update sonic-utilities submodule

* Change output wheel name to match proper format
2017-10-04 19:50:39 -07:00
Volodymyr Samotiy
763205ff7d [config]: Fix management interface configuration (#966)
* [config]: Fix management interface configuration

* [config]: Fix management interface configuration

* Fix comments
2017-09-20 23:55:50 -07:00
Prince Sunny
72f5d6bcb7 [interfaces]: Change MTU value to 9100 (#967)
* Updated MTU to the widely used value with other devices
2017-09-19 19:29:00 -07:00
ravijo2
458093fee5 Framework to plugin Organization specific scripts during ONIE Image build (#951)
* Framework to plugin Organization specific scripts

* Framework to plugin Organization specific scripts

* Framework to plugin Organization specific scripts

* add getopt option to organization script
2017-09-19 16:23:31 -07:00
padmanarayana
6935e00909 [build/onie installer] Install grub for SONiC post migration from another NOS (#949)
* Install grub for SONiC post migration from another NOS

* Install grub from bundled debian package instead of using ONIE's. Address review comments
2017-09-17 11:41:29 -07:00
Ying Xie
56ae5edc7f [service template] Starting new docker when HWSKU change is detected (#946)
Existing dockers has paths mounted according to the HWSKU. When HWSKU
changes, these dockers need to be destroyed and recreated with the
correct paths mounted.
2017-09-14 08:43:02 -07:00
Taoyu Li
c9cc7aea41 [configdb] Migrate minigraph configurations to DB (#942)
Modify minigraph parser output format so it fit DB schema
Modify configuration templates to fit new schema
Systemd services dependencies are modified so database starts before any configuration consumer
2017-09-12 14:13:27 -07:00
Marian Pritsak
8f1ac5d5ec [rsyslog]: Use timegenerated instead of timestamp (#944)
* [rsyslog]: Use timegenerated instead of timestamp

This is useful when rsyslog is used to put markers generated on other machines.
This way all messages will have a timestamp from a single system.

* [rsyslog] Use subseconds from local machine
2017-09-08 18:25:25 -07:00
Marian Pritsak
e418675ba5 [rsyslog]: Use SONiC template in containers (#940) 2017-09-07 13:01:20 -07:00
lguohan
116ba4b180 [baseimage]: allocate varlog disk in the initramfs stage (#936)
moving to initramfs unifies disk allocate on different platforms.
use fallocate instead of dd to speed up the disk allocation.

By default, mkfs.ext4 has -E discard option which discards the blocks
at the mkfs time, also speed up the initialization time.
2017-09-06 20:07:32 -07:00
padmanarayana
2d3b064437 [image]: build sonic-broadcom.raw image for sonic conversion from ftos (#901)
1. "make target/sonic-broadcom.raw" will create the compressed dd'able image.
2. This will also update the grub config files (device/dell/*/nos_to_sonic_grub.cfg) with the image versions.
2017-08-27 20:13:38 -07:00
Oleksandr Ivantsiv
7c75030cea [mlnx-fw-upgrade]: Define required FW version in build time. (#902)
- Do not query required FW from file.
2017-08-22 08:08:07 -07:00
byu343
a92f5a9ffe Add arista-net initramfs hook (#899) 2017-08-19 21:32:10 -07:00