Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

201911 cel dev #200

Closed
wants to merge 109 commits into from
Closed

201911 cel dev #200

wants to merge 109 commits into from

Conversation

Alex-Dai
Copy link
Collaborator

- What I did

- How I did it

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

nazariig and others added 30 commits May 23, 2020 12:21
* [Mellanox] Fix 'sensors.conf' mapping for SN4700

Signed-off-by: Shlomi Bitton <[email protected]>

* Fix some labels name
…0 and Z9100 (sonic-net#4593)

For detecting transceiver change events through xcvrd in DellEMC S6000, S6100 and Z9100 platforms.

- In S6000, rename 'get_transceiver_change_event' in chassis.py to 'get_change_event' and return appropriate values.
- In S6100, implement 'get_change_event' through polling method (poll interval = 1 second) in chassis.py (Transceiver insertion/removal does not generate interrupts due to a CPLD bug)
- In Z9100, implement 'get_change_event' through interrupt method using select.epoll().
… packets (sonic-net#4412)

Modified caclmgrd behavior to enhance control plane security as follows:

Upon starting or receiving notification of ACL table/rule changes in Config DB:
1. Add iptables/ip6tables commands to allow all incoming packets from established TCP sessions or new TCP sessions which are related to established TCP sessions
2. Add iptables/ip6tables commands to allow bidirectional ICMPv4 ping and traceroute
3. Add iptables/ip6tables commands to allow bidirectional ICMPv6 ping and traceroute
4. Add iptables/ip6tables commands to allow all incoming Neighbor Discovery Protocol (NDP) NS/NA/RS/RA messages
5. Add iptables/ip6tables commands to allow all incoming IPv4 DHCP packets
6. Add iptables/ip6tables commands to allow all incoming IPv6 DHCP packets
7. Add iptables/ip6tables commands to allow all incoming BGP traffic
8. Add iptables/ip6tables commands for all ACL rules for recognized services (currently SSH, SNMP, NTP)
9. For all services which we did not find configured ACL rules, add iptables/ip6tables commands to allow all incoming packets for those services (allows the device to accept SSH connections before the device is configured)
10. Add iptables rules to drop all packets destined for loopback interface IP addresses
11. Add iptables rules to drop all packets destined for management interface IP addresses
12. Add iptables rules to drop all packets destined for point-to-point interface IP addresses
13. Add iptables rules to drop all packets destined for our VLAN interface gateway IP addresses
14. Add iptables/ip6tables commands to allow all incoming packets with TTL of 0 or 1 (This allows the device to respond to tools like tcptraceroute)
15. If we found control plane ACLs in the configuration and applied them, we lastly add iptables/ip6tables commands to drop all other incoming packets
… present (sonic-net#4581)

Since the introduction of VRF, interface-related tables in ConfigDB will have multiple entries, one of which only contains the interface name and no IP prefix. Thus, when iterating over the keys in the tables, we need to ignore the entries which do not contain IP prefixes.
I found that with IPv4Network types, calling list(ip_ntwrk.hosts()) is reliable. However, when doing the same with an IPv6Network, I found that the conversion to a list can hang indefinitely. This appears to me to be a bug in the ipaddress.IPv6Network implementation. However, I could not find any other reports on the web.

This patch changes the behavior to call next() on the ip_ntwrk.hosts() generator instead, which returns the IP address of the first host.
Auto restart restapi server after cert rollover
… fail (sonic-net#4675)

This change allows the recursive `git clean` and `git reset` commands to continue even if they encounter an error in one of the submodules. Previously, if an error was encountered, the operation would terminate with a message similar to the following:

Stopping at 'src/sonic-mgmt-framework'; script returned non-zero status.
 [aclorch] Add support for creating ingress and egress MIRROR tables
 concurrently (sonic-net#1286)
[proxy_arp] Implement proxy ARP feature (sonic-net#1302)
Fix LAG member test case (sonic-net#1304)
[orchagent] Set default MTU for the underlay loopback interface (sonic-net#1299)
  Fix memory leak in pyext when Selectable is returned to Python (sonic-net#343)
Make sure db_migrator is run after all config are loaded during (sonic-net#926)
Vnet alias mapping (sonic-net#924)
Changes to make lldp show command for multi-npu platforms. (sonic-net#914)
[Mellanox] Fix thermal control issue: use natural sort for fan
status and thermal status (sonic-net#836)
[Mellanox] add document for thermal control related cli (sonic-net#832)
 Corrected the copp rule as per NAT HLD (sonic-net#1300)
…net#4677)

Backport thermal control feature from master branch to 201911 branch by cherry-picking commits and manually resolving conflicts.
…onic-net#4752)

**- Why I did it**

- Skip thermalctld in DellEMC S6000, S6100, Z9100 and Z9264 platforms.
- Change the return type of thermal Platform APIs in DellEMC S6000, S6100 and Z9100 platforms to 'float'.

**- How I did it**

- Add 'skip_thermalctld:true' in pmon_daemon_control.json for DellEMC S6000, S6100, Z9100 and Z9264 platforms.
- Made changes in thermal.py, for 'get_temperature', 'get_high_threshold' and 'get_low_threshold' to return 'float' value.

**- How to verify it**

- Check thermalctld is not running in 'pmon'.
- Wrote a python script to load Chassis class and then call the APIs accordingly and verify the return type.
…#4743)

* [Mellanox] Initialize system LED color to green for 201911

* Rename variable to make it more readable
…tem (sonic-net#4431)

* Run fsck filesystem check support prior mounting filesystem

If the filesystem become non clean ("dirty"), SONiC does not run fsck to
repair and mark it as clean again.

This patch adds the functionality to run fsck on each boot, prior to the
filesystem being mounted. This allows the filesystem to be repaired if
needed.

Note that if the filesystem is maked as clean, fsck does nothing and simply
return so this is perfectly fine to call fsck every time prior to mount the
filesystem.

How to verify this patch (using bash):

Using an image without this patch:

Make the filesystem "dirty" (not clean)
[we are making the assumption that filesystem is stored in /dev/sda3 - Please adjust depending of the platform]
[do this only on a test platform!]

dd if=/dev/sda3 of=superblock bs=1 count=2048
printf "$(printf '\\x%02X' 2)" | dd of="superblock" bs=1 seek=1082 count=1 conv=notrunc &> /dev/null
dd of=/dev/sda3 if=superblock bs=1 count=2048

Verify that filesystem is not clean
tune2fs -l /dev/sda3 | grep "Filesystem state:"

reboot and verify that the filesystem is still not clean
Redo the same test with an image with this patch, and verify that at next reboot the filesystem is repaired and becomes clean.

fsck log is stored on syslog, using the string FSCK as markup.
…onic-net#4673)

This will allow us to disable services and have it persist across reboots by using the `systemctl mask` operation
Fix hostcfgd so that changes to the "FEATURE" table in ConfigDB are properly handled. Three changes here:

1. Fix indenting such that the handling of each key actually occurs in the for key in status_data.keys(): loop
2. Add calls to sudo systemctl mask and sudo systemctl unmask as appropriate to ensure changes persist across reboots
3. Substitute returns with continues so that even if one service fails, we still try to handle the others

Note that the masking is persistent, even if the configuration is not saved. We may want to consider only calling systemctl enable/disable in hostcfgd when the DB table changes, and only call systemctl mask/unmask upon calling config save.
paavaanan and others added 25 commits July 5, 2020 15:37
- Xilinx/pericom peripherals are not actively used in DellEMC S6100 switch.
- These peripherals are throwing PCIE corrected messages in some of the units and filling syslog.
- Since it is not usable disabling it at startup.
…is no one (sonic-net#4860)

If some table with a list of tuples (interface name, ip prefix) has ip prefixes without a mask length, it will cause issues in SONiC. For example quagga and frr will treat ipv4 address without a mask, so "10.20.30.40" address will be treated as "10.0.0.0/8", which is dangerous.

The fix here is that when pfx_filter get a tuple (interface name, ip prefix), where the ip prefix doesn't have prefix mask length, add a mask by default: "/32 for ipv4 addresses, /128 for ipv6 addresses".

Co-authored-by: Pavel Shirshov <[email protected]>
…-net#3868)

In the scope of migration from docker shell plugin to docker connection plugin, we need to have docker-ce-cli installed in docker-sonic-mgmt. sonic-net/sonic-mgmt#1269

Added docker-ce-cli package to docker-sonic-mgmt.
…ild break

looks like version 0.42 has build issues

Signed-off-by: Guohan Lu <[email protected]>
…c-net#4110)

The snmp tool is required for interacting with certain type
of PDU hosts in platform PSU/power related testing. This
change is to have the snmp tool pre-built in the sonic-mgmt
docker image.

Signed-off-by: Xin Wang <[email protected]>
…net#4325)

. env-201811/bin/activate

The ansible 2.0.0.2 will be used.
* Add IxNetwork python client to sonic mgmt docker
spytest requires higher paramiko version. Fix it to 2.7.1.

Signed-off-by: Ying Xie <[email protected]>
- Alphabetize dependencies to prevent duplicates
- Remove unneccesary git clone

Signed-off-by: Danny Allen <[email protected]>
…et#4791)

The current stdout file which also includes the dut logs are very verbose and noisy.

We have manually installed it in the sonic-mgmt docker in our organization and tuned the pytest settings to produce very helpful and concise logs.

pytest-html plugins can be used to post-process the output in various ways based on our different and unique organizational needs.

Hence proposing to add this pkt to the docker file
@Alex-Dai Alex-Dai closed this Jul 13, 2020
mudsut4ke pushed a commit that referenced this pull request Sep 9, 2021
…ic-net#8577)

This PR updates the following commits in sonic-platform-daemons

e038bc2 [xcvrd] initial support for integrating vendor specfic class objects for calling Y-Cable API's inside xcvrd (#197)
57e3d78 Fix issue#8230 (#210)
f63fc94 [thermalctld] Use interval set in thermal policy if available (#164)
8b2227d [CI] Sum up Azp unit test code coverage (#209)
b880c48 [xrcvd]: Added unit test for sfp oir events (#205)
4a32b5a [y-cable] fix for logging the xcvrd metrics before writing the state to the State-DB (#208)
53e1532 (origin/shilong-test) Add str conversion for numeric xcvr info fields to xcvrd (#200)
03a4add Introduce mgmtinit delay after transceiver module insertion (#201)

This PR updates the following commits in sonic-platform-common
0dc71c1 Add y-cable driver for simulated mux (#213)

Signed-off-by: vaibhav-dahiya <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.