201911 #198
Merged
201911 #198
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com>
* [Mellanox] Fix 'sensors.conf' mapping for SN4700 Signed-off-by: Shlomi Bitton <shlomibi@mellanox.com> * Fix some labels name
…0 and Z9100 (#4593) For detecting transceiver change events through xcvrd in DellEMC S6000, S6100 and Z9100 platforms. - In S6000, rename 'get_transceiver_change_event' in chassis.py to 'get_change_event' and return appropriate values. - In S6100, implement 'get_change_event' through polling method (poll interval = 1 second) in chassis.py (Transceiver insertion/removal does not generate interrupts due to a CPLD bug) - In Z9100, implement 'get_change_event' through interrupt method using select.epoll().
… packets (#4412) Modified caclmgrd behavior to enhance control plane security as follows: Upon starting or receiving notification of ACL table/rule changes in Config DB: 1. Add iptables/ip6tables commands to allow all incoming packets from established TCP sessions or new TCP sessions which are related to established TCP sessions 2. Add iptables/ip6tables commands to allow bidirectional ICMPv4 ping and traceroute 3. Add iptables/ip6tables commands to allow bidirectional ICMPv6 ping and traceroute 4. Add iptables/ip6tables commands to allow all incoming Neighbor Discovery Protocol (NDP) NS/NA/RS/RA messages 5. Add iptables/ip6tables commands to allow all incoming IPv4 DHCP packets 6. Add iptables/ip6tables commands to allow all incoming IPv6 DHCP packets 7. Add iptables/ip6tables commands to allow all incoming BGP traffic 8. Add iptables/ip6tables commands for all ACL rules for recognized services (currently SSH, SNMP, NTP) 9. For all services which we did not find configured ACL rules, add iptables/ip6tables commands to allow all incoming packets for those services (allows the device to accept SSH connections before the device is configured) 10. Add iptables rules to drop all packets destined for loopback interface IP addresses 11. Add iptables rules to drop all packets destined for management interface IP addresses 12. Add iptables rules to drop all packets destined for point-to-point interface IP addresses 13. Add iptables rules to drop all packets destined for our VLAN interface gateway IP addresses 14. Add iptables/ip6tables commands to allow all incoming packets with TTL of 0 or 1 (This allows the device to respond to tools like tcptraceroute) 15. If we found control plane ACLs in the configuration and applied them, we lastly add iptables/ip6tables commands to drop all other incoming packets
… present (#4581) Since the introduction of VRF, interface-related tables in ConfigDB will have multiple entries, one of which only contains the interface name and no IP prefix. Thus, when iterating over the keys in the tables, we need to ignore the entries which do not contain IP prefixes.
both for sonic-slave-stretch and sonic-slave-buster
I found that with IPv4Network types, calling list(ip_ntwrk.hosts()) is reliable. However, when doing the same with an IPv6Network, I found that the conversion to a list can hang indefinitely. This appears to me to be a bug in the ipaddress.IPv6Network implementation. However, I could not find any other reports on the web. This patch changes the behavior to call next() on the ip_ntwrk.hosts() generator instead, which returns the IP address of the first host.
To support t0 config
Auto restart restapi server after cert rollover
… fail (#4675) This change allows the recursive `git clean` and `git reset` commands to continue even if they encounter an error in one of the submodules. Previously, if an error was encountered, the operation would terminate with a message similar to the following: Stopping at 'src/sonic-mgmt-framework'; script returned non-zero status.
Fix memory leak in pyext when Selectable is returned to Python (#343)
Make sure db_migrator is run after all config are loaded during (#926) Vnet alias mapping (#924) Changes to make lldp show command for multi-npu platforms. (#914) [Mellanox] Fix thermal control issue: use natural sort for fan status and thermal status (#836) [Mellanox] add document for thermal control related cli (#832)
Signed-off-by: Volodymyr Samotiy <volodymyrs@mellanox.com>
Corrected the copp rule as per NAT HLD (#1300)
Backport thermal control feature from master branch to 201911 branch by cherry-picking commits and manually resolving conflicts.
…4752) **- Why I did it** - Skip thermalctld in DellEMC S6000, S6100, Z9100 and Z9264 platforms. - Change the return type of thermal Platform APIs in DellEMC S6000, S6100 and Z9100 platforms to 'float'. **- How I did it** - Add 'skip_thermalctld:true' in pmon_daemon_control.json for DellEMC S6000, S6100, Z9100 and Z9264 platforms. - Made changes in thermal.py, for 'get_temperature', 'get_high_threshold' and 'get_low_threshold' to return 'float' value. **- How to verify it** - Check thermalctld is not running in 'pmon'. - Wrote a python script to load Chassis class and then call the APIs accordingly and verify the return type.
Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com>
* [Mellanox] Initialize system LED color to green for 201911 * Rename variable to make it more readable
…tem (#4431) * Run fsck filesystem check support prior mounting filesystem If the filesystem become non clean ("dirty"), SONiC does not run fsck to repair and mark it as clean again. This patch adds the functionality to run fsck on each boot, prior to the filesystem being mounted. This allows the filesystem to be repaired if needed. Note that if the filesystem is maked as clean, fsck does nothing and simply return so this is perfectly fine to call fsck every time prior to mount the filesystem. How to verify this patch (using bash): Using an image without this patch: Make the filesystem "dirty" (not clean) [we are making the assumption that filesystem is stored in /dev/sda3 - Please adjust depending of the platform] [do this only on a test platform!] dd if=/dev/sda3 of=superblock bs=1 count=2048 printf "$(printf '\\x%02X' 2)" | dd of="superblock" bs=1 seek=1082 count=1 conv=notrunc &> /dev/null dd of=/dev/sda3 if=superblock bs=1 count=2048 Verify that filesystem is not clean tune2fs -l /dev/sda3 | grep "Filesystem state:" reboot and verify that the filesystem is still not clean Redo the same test with an image with this patch, and verify that at next reboot the filesystem is repaired and becomes clean. fsck log is stored on syslog, using the string FSCK as markup.
…4673) This will allow us to disable services and have it persist across reboots by using the `systemctl mask` operation
Fix hostcfgd so that changes to the "FEATURE" table in ConfigDB are properly handled. Three changes here: 1. Fix indenting such that the handling of each key actually occurs in the for key in status_data.keys(): loop 2. Add calls to sudo systemctl mask and sudo systemctl unmask as appropriate to ensure changes persist across reboots 3. Substitute returns with continues so that even if one service fails, we still try to handle the others Note that the masking is persistent, even if the configuration is not saved. We may want to consider only calling systemctl enable/disable in hostcfgd when the DB table changes, and only call systemctl mask/unmask upon calling config save.
… both host and docker namespace (#4838) * [sonic-buildimage] Changes to make network specific sysctl common for both host and docker namespace (in multi-npu). This change is triggered with issue found in multi-npu platforms where in docker namespace net.ipv6.conf.all.forwarding was 0 (should be 1) because of which RS/RA message were triggered and link-local router were learnt. Beside this there were some other sysctl.net.ipv6* params whose value in docker namespace is not same as host namespace. So to make we are always in sync in host and docker namespace created common file that list all sysctl.net.* params and used both by host and docker namespace. Any change will get applied to both namespace. Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Address Review Comments and made sure to invoke augtool only one and do string concatenation of all set commands * Address Review Comments.
* Tests of FRR templates which rendered by sonic-cfggen
- Xilinx/pericom peripherals are not actively used in DellEMC S6100 switch. - These peripherals are throwing PCIE corrected messages in some of the units and filling syslog. - Since it is not usable disabling it at startup.
…is no one (#4860) If some table with a list of tuples (interface name, ip prefix) has ip prefixes without a mask length, it will cause issues in SONiC. For example quagga and frr will treat ipv4 address without a mask, so "10.20.30.40" address will be treated as "10.0.0.0/8", which is dangerous. The fix here is that when pfx_filter get a tuple (interface name, ip prefix), where the ip prefix doesn't have prefix mask length, add a mask by default: "/32 for ipv4 addresses, /128 for ipv6 addresses". Co-authored-by: Pavel Shirshov <pavel.contrib@gmail.com>
Signed-off-by: Shlomi Bitton <shlomibi@mellanox.com>
* Tests for bgpcfgd templates
In the scope of migration from docker shell plugin to docker connection plugin, we need to have docker-ce-cli installed in docker-sonic-mgmt. sonic-net/sonic-mgmt#1269 Added docker-ce-cli package to docker-sonic-mgmt.
* Install python-subnettree to sonic-mgmt container.
…ild break looks like version 0.42 has build issues Signed-off-by: Guohan Lu <gulv@microsoft.com>
The snmp tool is required for interacting with certain type of PDU hosts in platform PSU/power related testing. This change is to have the snmp tool pre-built in the sonic-mgmt docker image. Signed-off-by: Xin Wang <xinw@mellanox.com>
. env-201811/bin/activate The ansible 2.0.0.2 will be used.
Signed-off-by: Danny Allen <daall@microsoft.com>
* Add IxNetwork python client to sonic mgmt docker
Signed-off-by: Guohan Lu <lguohan@gmail.com>
spytest requires higher paramiko version. Fix it to 2.7.1. Signed-off-by: Ying Xie <ying.xie@microsoft.com>
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
…r' arguments in pytest-ansible (#4681)
- Alphabetize dependencies to prevent duplicates - Remove unneccesary git clone Signed-off-by: Danny Allen <daall@microsoft.com>
The current stdout file which also includes the dut logs are very verbose and noisy. We have manually installed it in the sonic-mgmt docker in our organization and tuned the pytest settings to produce very helpful and concise logs. pytest-html plugins can be used to post-process the output in various ways based on our different and unique organizational needs. Hence proposing to add this pkt to the docker file
Cherry pick sonic-net/sonic-ztp#17 to 201911 branch to fix sonic-net/sonic-ztp#15
mudsut4ke
pushed a commit
that referenced
this pull request
Apr 2, 2021
c20bf60 Qi Luo Mon Mar 15 14:28:31 2021 -0700 Implement rfc4363 FdbUpdater for lag inside vlan (#203) 292024a abdosi Mon Mar 15 12:15:21 2021 -0700 Updated lldpRemManAddrTable to use all the management ip address associated with interface. (#201) 9b83459 liushilongbuaa Fri Mar 12 14:35:23 2021 +0800 [CI] Setup dummy azure pipeline (#198) Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
mudsut4ke
pushed a commit
that referenced
this pull request
Apr 2, 2021
Unset CONFIG_THERMAL_STATISTICS to prevent kernel crash (#199) [net] Disable prio and cls cgroups to make working cgroup2 sock matching (#198) [doc]: Fix typos in README (#206) [Mellanox] Backport patch to remove critical trip point from thermal zones (#201) Signed-off-by: Stephen Sun <stephens@nvidia.com>
jerseyang
pushed a commit
that referenced
this pull request
Jun 4, 2021
…ux-kernel submodules (sonic-net#7064) sonic-swss * Add table descriptions for dynamic buffer calculation to the documents (sonic-net#1664) * Remove vxlanmgrd dependency on orchagent (sonic-net#1647) sonic-utilities * [show] Fix 'show mac' output, when FDB entry with Vlan 1 is present (sonic-net#1368) * [warm-reboot]: Check empty key before issuing redis hget (sonic-net#1496) * [generate-dump] Remove Arista specific logic (sonic-net#1482) * [warm-reboot]: added automated recover for ISSU file (sonic-net#1466) * [warm-reboot] Check if warm restart flag is set when issuing a warm-reboot (sonic-net#1460) * [show][config] fix for show/config muxcable hwmode model value; fix show/config muxcable return codes; (sonic-net#1494) sonic-linux-kernel * [net] Disable prio and cls cgroups to make working cgroup2 sock matching (#198) Signed-off-by: Danny Allen <daall@microsoft.com>
jerseyang
pushed a commit
that referenced
this pull request
Jun 4, 2021
c20bf60 Qi Luo Mon Mar 15 14:28:31 2021 -0700 Implement rfc4363 FdbUpdater for lag inside vlan (#203) 292024a abdosi Mon Mar 15 12:15:21 2021 -0700 Updated lldpRemManAddrTable to use all the management ip address associated with interface. (#201) 9b83459 liushilongbuaa Fri Mar 12 14:35:23 2021 +0800 [CI] Setup dummy azure pipeline (#198) Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
mudsut4ke
pushed a commit
that referenced
this pull request
Sep 9, 2021
7670b49 [sonic_platform/sfp_base] Add common definition for get SFP error status (#194) 1336598 [CI] sonic-config-engine now depends on SONiC YANG packages (#198) f57fee4 Add to check pcie configuration revision to get the right configuration. (#195) 4e3a0a0 Fix typo for midplane APIs. (#196) fc2e9e2 [eeprom_tlv_info] Optimize EEPROM data process by using visitor pattern (#193)
jerseyang
pushed a commit
that referenced
this pull request
Sep 26, 2021
* 063e915 2021-06-15 | [CI] sonic-config-engine now depends on SONiC YANG packages (#198) (HEAD, origin/202012) [Joe LeVeque] * 2d36a79 2021-07-13 | Fix Xcvrd crash due to invalid key access in type_of_media_interface, host_electrical_interface, connector_dict (#206) [Prince George] * 67b8a77 2021-06-18 | Fix decode error when parsing EEPROM fields (#199) [Aravind Mani] * 238d76b 2021-06-17 | Unifying the platform api for get_pcie_aer_stats with PcieBase (#197) [Sujin Kang] Signed-off-by: Guohan Lu <lguohan@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)