Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

201911 #198

Merged
merged 104 commits into from
Jul 7, 2020
Merged

201911 #198

merged 104 commits into from
Jul 7, 2020

Conversation

Alex-Dai
Copy link
Collaborator

@Alex-Dai Alex-Dai commented Jul 7, 2020

- What I did

- How I did it

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

nazariig and others added 30 commits May 23, 2020 12:21
* [Mellanox] Fix 'sensors.conf' mapping for SN4700

Signed-off-by: Shlomi Bitton <[email protected]>

* Fix some labels name
…0 and Z9100 (#4593)

For detecting transceiver change events through xcvrd in DellEMC S6000, S6100 and Z9100 platforms.

- In S6000, rename 'get_transceiver_change_event' in chassis.py to 'get_change_event' and return appropriate values.
- In S6100, implement 'get_change_event' through polling method (poll interval = 1 second) in chassis.py (Transceiver insertion/removal does not generate interrupts due to a CPLD bug)
- In Z9100, implement 'get_change_event' through interrupt method using select.epoll().
… packets (#4412)

Modified caclmgrd behavior to enhance control plane security as follows:

Upon starting or receiving notification of ACL table/rule changes in Config DB:
1. Add iptables/ip6tables commands to allow all incoming packets from established TCP sessions or new TCP sessions which are related to established TCP sessions
2. Add iptables/ip6tables commands to allow bidirectional ICMPv4 ping and traceroute
3. Add iptables/ip6tables commands to allow bidirectional ICMPv6 ping and traceroute
4. Add iptables/ip6tables commands to allow all incoming Neighbor Discovery Protocol (NDP) NS/NA/RS/RA messages
5. Add iptables/ip6tables commands to allow all incoming IPv4 DHCP packets
6. Add iptables/ip6tables commands to allow all incoming IPv6 DHCP packets
7. Add iptables/ip6tables commands to allow all incoming BGP traffic
8. Add iptables/ip6tables commands for all ACL rules for recognized services (currently SSH, SNMP, NTP)
9. For all services which we did not find configured ACL rules, add iptables/ip6tables commands to allow all incoming packets for those services (allows the device to accept SSH connections before the device is configured)
10. Add iptables rules to drop all packets destined for loopback interface IP addresses
11. Add iptables rules to drop all packets destined for management interface IP addresses
12. Add iptables rules to drop all packets destined for point-to-point interface IP addresses
13. Add iptables rules to drop all packets destined for our VLAN interface gateway IP addresses
14. Add iptables/ip6tables commands to allow all incoming packets with TTL of 0 or 1 (This allows the device to respond to tools like tcptraceroute)
15. If we found control plane ACLs in the configuration and applied them, we lastly add iptables/ip6tables commands to drop all other incoming packets
… present (#4581)

Since the introduction of VRF, interface-related tables in ConfigDB will have multiple entries, one of which only contains the interface name and no IP prefix. Thus, when iterating over the keys in the tables, we need to ignore the entries which do not contain IP prefixes.
both for sonic-slave-stretch and sonic-slave-buster
I found that with IPv4Network types, calling list(ip_ntwrk.hosts()) is reliable. However, when doing the same with an IPv6Network, I found that the conversion to a list can hang indefinitely. This appears to me to be a bug in the ipaddress.IPv6Network implementation. However, I could not find any other reports on the web.

This patch changes the behavior to call next() on the ip_ntwrk.hosts() generator instead, which returns the IP address of the first host.
Auto restart restapi server after cert rollover
… fail (#4675)

This change allows the recursive `git clean` and `git reset` commands to continue even if they encounter an error in one of the submodules. Previously, if an error was encountered, the operation would terminate with a message similar to the following:

Stopping at 'src/sonic-mgmt-framework'; script returned non-zero status.
 [aclorch] Add support for creating ingress and egress MIRROR tables
 concurrently (#1286)
[proxy_arp] Implement proxy ARP feature (#1302)
Fix LAG member test case (#1304)
[orchagent] Set default MTU for the underlay loopback interface (#1299)
  Fix memory leak in pyext when Selectable is returned to Python (#343)
Make sure db_migrator is run after all config are loaded during (#926)
Vnet alias mapping (#924)
Changes to make lldp show command for multi-npu platforms. (#914)
[Mellanox] Fix thermal control issue: use natural sort for fan
status and thermal status (#836)
[Mellanox] add document for thermal control related cli (#832)
 Corrected the copp rule as per NAT HLD (#1300)
Backport thermal control feature from master branch to 201911 branch by cherry-picking commits and manually resolving conflicts.
…4752)

**- Why I did it**

- Skip thermalctld in DellEMC S6000, S6100, Z9100 and Z9264 platforms.
- Change the return type of thermal Platform APIs in DellEMC S6000, S6100 and Z9100 platforms to 'float'.

**- How I did it**

- Add 'skip_thermalctld:true' in pmon_daemon_control.json for DellEMC S6000, S6100, Z9100 and Z9264 platforms.
- Made changes in thermal.py, for 'get_temperature', 'get_high_threshold' and 'get_low_threshold' to return 'float' value.

**- How to verify it**

- Check thermalctld is not running in 'pmon'.
- Wrote a python script to load Chassis class and then call the APIs accordingly and verify the return type.
* [Mellanox] Initialize system LED color to green for 201911

* Rename variable to make it more readable
…tem (#4431)

* Run fsck filesystem check support prior mounting filesystem

If the filesystem become non clean ("dirty"), SONiC does not run fsck to
repair and mark it as clean again.

This patch adds the functionality to run fsck on each boot, prior to the
filesystem being mounted. This allows the filesystem to be repaired if
needed.

Note that if the filesystem is maked as clean, fsck does nothing and simply
return so this is perfectly fine to call fsck every time prior to mount the
filesystem.

How to verify this patch (using bash):

Using an image without this patch:

Make the filesystem "dirty" (not clean)
[we are making the assumption that filesystem is stored in /dev/sda3 - Please adjust depending of the platform]
[do this only on a test platform!]

dd if=/dev/sda3 of=superblock bs=1 count=2048
printf "$(printf '\\x%02X' 2)" | dd of="superblock" bs=1 seek=1082 count=1 conv=notrunc &> /dev/null
dd of=/dev/sda3 if=superblock bs=1 count=2048

Verify that filesystem is not clean
tune2fs -l /dev/sda3 | grep "Filesystem state:"

reboot and verify that the filesystem is still not clean
Redo the same test with an image with this patch, and verify that at next reboot the filesystem is repaired and becomes clean.

fsck log is stored on syslog, using the string FSCK as markup.
…4673)

This will allow us to disable services and have it persist across reboots by using the `systemctl mask` operation
Fix hostcfgd so that changes to the "FEATURE" table in ConfigDB are properly handled. Three changes here:

1. Fix indenting such that the handling of each key actually occurs in the for key in status_data.keys(): loop
2. Add calls to sudo systemctl mask and sudo systemctl unmask as appropriate to ensure changes persist across reboots
3. Substitute returns with continues so that even if one service fails, we still try to handle the others

Note that the masking is persistent, even if the configuration is not saved. We may want to consider only calling systemctl enable/disable in hostcfgd when the DB table changes, and only call systemctl mask/unmask upon calling config save.
abdosi and others added 23 commits July 5, 2020 15:32
… both host and docker namespace (#4838)

* [sonic-buildimage] Changes to make network specific sysctl
common for both host and docker namespace (in multi-npu).

This change is triggered with issue found in multi-npu platforms
where in docker namespace
net.ipv6.conf.all.forwarding was 0 (should be 1) because of
which RS/RA message were triggered and link-local router were learnt.

Beside this there were some other sysctl.net.ipv6* params whose value
in docker namespace is not same as host namespace.

So to make we are always in sync in host and docker namespace
created common file that list all sysctl.net.* params and used
both by host and docker namespace. Any change will get applied
to both namespace.

Signed-off-by: Abhishek Dosi <[email protected]>

* Address Review Comments and made sure to invoke augtool
only one and do string concatenation of all set commands

* Address Review Comments.
* Tests of FRR templates which rendered by sonic-cfggen
- Xilinx/pericom peripherals are not actively used in DellEMC S6100 switch.
- These peripherals are throwing PCIE corrected messages in some of the units and filling syslog.
- Since it is not usable disabling it at startup.
…is no one (#4860)

If some table with a list of tuples (interface name, ip prefix) has ip prefixes without a mask length, it will cause issues in SONiC. For example quagga and frr will treat ipv4 address without a mask, so "10.20.30.40" address will be treated as "10.0.0.0/8", which is dangerous.

The fix here is that when pfx_filter get a tuple (interface name, ip prefix), where the ip prefix doesn't have prefix mask length, add a mask by default: "/32 for ipv4 addresses, /128 for ipv6 addresses".

Co-authored-by: Pavel Shirshov <[email protected]>
* Tests for bgpcfgd templates
In the scope of migration from docker shell plugin to docker connection plugin, we need to have docker-ce-cli installed in docker-sonic-mgmt. sonic-net/sonic-mgmt#1269

Added docker-ce-cli package to docker-sonic-mgmt.
* Install python-subnettree to sonic-mgmt container.
…ild break

looks like version 0.42 has build issues

Signed-off-by: Guohan Lu <[email protected]>
The snmp tool is required for interacting with certain type
of PDU hosts in platform PSU/power related testing. This
change is to have the snmp tool pre-built in the sonic-mgmt
docker image.

Signed-off-by: Xin Wang <[email protected]>
. env-201811/bin/activate

The ansible 2.0.0.2 will be used.
* Add IxNetwork python client to sonic mgmt docker
spytest requires higher paramiko version. Fix it to 2.7.1.

Signed-off-by: Ying Xie <[email protected]>
- Alphabetize dependencies to prevent duplicates
- Remove unneccesary git clone

Signed-off-by: Danny Allen <[email protected]>
The current stdout file which also includes the dut logs are very verbose and noisy.

We have manually installed it in the sonic-mgmt docker in our organization and tuned the pytest settings to produce very helpful and concise logs.

pytest-html plugins can be used to post-process the output in various ways based on our different and unique organizational needs.

Hence proposing to add this pkt to the docker file
@Alex-Dai Alex-Dai merged commit 3f4fdbe into SONIC-DEV:201911 Jul 7, 2020
mudsut4ke pushed a commit that referenced this pull request Apr 2, 2021
c20bf60 Qi Luo  Mon Mar 15 14:28:31 2021 -0700  Implement rfc4363 FdbUpdater for lag inside vlan (#203)
292024a abdosi  Mon Mar 15 12:15:21 2021 -0700  Updated lldpRemManAddrTable to use all the management ip address associated with interface. (#201)
9b83459 liushilongbuaa  Fri Mar 12 14:35:23 2021 +0800  [CI] Setup dummy azure pipeline (#198)

Signed-off-by: Abhishek Dosi <[email protected]>
mudsut4ke pushed a commit that referenced this pull request Apr 2, 2021
Unset CONFIG_THERMAL_STATISTICS to prevent kernel crash (#199)
[net] Disable prio and cls cgroups to make working cgroup2 sock matching (#198)
[doc]: Fix typos in README (#206)
[Mellanox] Backport patch to remove critical trip point from thermal zones (#201)

Signed-off-by: Stephen Sun <[email protected]>
jerseyang pushed a commit that referenced this pull request Jun 4, 2021
…ux-kernel submodules (sonic-net#7064)

sonic-swss
* Add table descriptions for dynamic buffer calculation to the documents (sonic-net#1664)
* Remove vxlanmgrd dependency on orchagent (sonic-net#1647)

sonic-utilities
* [show] Fix 'show mac' output, when FDB entry with Vlan 1 is present (sonic-net#1368)
* [warm-reboot]: Check empty key before issuing redis hget (sonic-net#1496)
* [generate-dump] Remove Arista specific logic (sonic-net#1482)
* [warm-reboot]: added automated recover for ISSU file (sonic-net#1466)
* [warm-reboot] Check if warm restart flag is set when issuing a warm-reboot (sonic-net#1460)
* [show][config] fix for show/config muxcable hwmode model value; fix show/config muxcable return codes; (sonic-net#1494)

sonic-linux-kernel
* [net] Disable prio and cls cgroups to make working cgroup2 sock matching (#198)

Signed-off-by: Danny Allen <[email protected]>
jerseyang pushed a commit that referenced this pull request Jun 4, 2021
c20bf60 Qi Luo  Mon Mar 15 14:28:31 2021 -0700  Implement rfc4363 FdbUpdater for lag inside vlan (#203)
292024a abdosi  Mon Mar 15 12:15:21 2021 -0700  Updated lldpRemManAddrTable to use all the management ip address associated with interface. (#201)
9b83459 liushilongbuaa  Fri Mar 12 14:35:23 2021 +0800  [CI] Setup dummy azure pipeline (#198)

Signed-off-by: Abhishek Dosi <[email protected]>
mudsut4ke pushed a commit that referenced this pull request Sep 9, 2021
7670b49 [sonic_platform/sfp_base] Add common definition for get SFP error status (#194)
1336598 [CI] sonic-config-engine now depends on SONiC YANG packages (#198)
f57fee4 Add to check pcie configuration revision to get the right configuration. (#195)
4e3a0a0 Fix typo for midplane APIs. (#196)
fc2e9e2 [eeprom_tlv_info] Optimize EEPROM data process by using visitor pattern (#193)
jerseyang pushed a commit that referenced this pull request Sep 26, 2021
* 063e915 2021-06-15 | [CI] sonic-config-engine now depends on SONiC YANG packages (#198) (HEAD, origin/202012) [Joe LeVeque]
* 2d36a79 2021-07-13 | Fix Xcvrd crash due to invalid key access in type_of_media_interface, host_electrical_interface, connector_dict (#206) [Prince George]
* 67b8a77 2021-06-18 | Fix decode error when parsing EEPROM fields (#199) [Aravind Mani]
* 238d76b 2021-06-17 | Unifying the platform api for get_pcie_aer_stats with PcieBase (#197) [Sujin Kang]

Signed-off-by: Guohan Lu <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.