forked from sonic-net/sonic-buildimage
-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
201911 cel dev #200
Closed
Closed
201911 cel dev #200
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Nazarii Hnydyn <[email protected]>
* [Mellanox] Fix 'sensors.conf' mapping for SN4700 Signed-off-by: Shlomi Bitton <[email protected]> * Fix some labels name
…0 and Z9100 (sonic-net#4593) For detecting transceiver change events through xcvrd in DellEMC S6000, S6100 and Z9100 platforms. - In S6000, rename 'get_transceiver_change_event' in chassis.py to 'get_change_event' and return appropriate values. - In S6100, implement 'get_change_event' through polling method (poll interval = 1 second) in chassis.py (Transceiver insertion/removal does not generate interrupts due to a CPLD bug) - In Z9100, implement 'get_change_event' through interrupt method using select.epoll().
201911 cel dev
… packets (sonic-net#4412) Modified caclmgrd behavior to enhance control plane security as follows: Upon starting or receiving notification of ACL table/rule changes in Config DB: 1. Add iptables/ip6tables commands to allow all incoming packets from established TCP sessions or new TCP sessions which are related to established TCP sessions 2. Add iptables/ip6tables commands to allow bidirectional ICMPv4 ping and traceroute 3. Add iptables/ip6tables commands to allow bidirectional ICMPv6 ping and traceroute 4. Add iptables/ip6tables commands to allow all incoming Neighbor Discovery Protocol (NDP) NS/NA/RS/RA messages 5. Add iptables/ip6tables commands to allow all incoming IPv4 DHCP packets 6. Add iptables/ip6tables commands to allow all incoming IPv6 DHCP packets 7. Add iptables/ip6tables commands to allow all incoming BGP traffic 8. Add iptables/ip6tables commands for all ACL rules for recognized services (currently SSH, SNMP, NTP) 9. For all services which we did not find configured ACL rules, add iptables/ip6tables commands to allow all incoming packets for those services (allows the device to accept SSH connections before the device is configured) 10. Add iptables rules to drop all packets destined for loopback interface IP addresses 11. Add iptables rules to drop all packets destined for management interface IP addresses 12. Add iptables rules to drop all packets destined for point-to-point interface IP addresses 13. Add iptables rules to drop all packets destined for our VLAN interface gateway IP addresses 14. Add iptables/ip6tables commands to allow all incoming packets with TTL of 0 or 1 (This allows the device to respond to tools like tcptraceroute) 15. If we found control plane ACLs in the configuration and applied them, we lastly add iptables/ip6tables commands to drop all other incoming packets
… present (sonic-net#4581) Since the introduction of VRF, interface-related tables in ConfigDB will have multiple entries, one of which only contains the interface name and no IP prefix. Thus, when iterating over the keys in the tables, we need to ignore the entries which do not contain IP prefixes.
…ic-net#4672) both for sonic-slave-stretch and sonic-slave-buster
I found that with IPv4Network types, calling list(ip_ntwrk.hosts()) is reliable. However, when doing the same with an IPv6Network, I found that the conversion to a list can hang indefinitely. This appears to me to be a bug in the ipaddress.IPv6Network implementation. However, I could not find any other reports on the web. This patch changes the behavior to call next() on the ip_ntwrk.hosts() generator instead, which returns the IP address of the first host.
…et#4670) To support t0 config
Auto restart restapi server after cert rollover
… fail (sonic-net#4675) This change allows the recursive `git clean` and `git reset` commands to continue even if they encounter an error in one of the submodules. Previously, if an error was encountered, the operation would terminate with a message similar to the following: Stopping at 'src/sonic-mgmt-framework'; script returned non-zero status.
[aclorch] Add support for creating ingress and egress MIRROR tables concurrently (sonic-net#1286) [proxy_arp] Implement proxy ARP feature (sonic-net#1302) Fix LAG member test case (sonic-net#1304) [orchagent] Set default MTU for the underlay loopback interface (sonic-net#1299)
Fix memory leak in pyext when Selectable is returned to Python (sonic-net#343)
Make sure db_migrator is run after all config are loaded during (sonic-net#926) Vnet alias mapping (sonic-net#924) Changes to make lldp show command for multi-npu platforms. (sonic-net#914) [Mellanox] Fix thermal control issue: use natural sort for fan status and thermal status (sonic-net#836) [Mellanox] add document for thermal control related cli (sonic-net#832)
Signed-off-by: Volodymyr Samotiy <[email protected]>
Corrected the copp rule as per NAT HLD (sonic-net#1300)
…net#4677) Backport thermal control feature from master branch to 201911 branch by cherry-picking commits and manually resolving conflicts.
…onic-net#4752) **- Why I did it** - Skip thermalctld in DellEMC S6000, S6100, Z9100 and Z9264 platforms. - Change the return type of thermal Platform APIs in DellEMC S6000, S6100 and Z9100 platforms to 'float'. **- How I did it** - Add 'skip_thermalctld:true' in pmon_daemon_control.json for DellEMC S6000, S6100, Z9100 and Z9264 platforms. - Made changes in thermal.py, for 'get_temperature', 'get_high_threshold' and 'get_low_threshold' to return 'float' value. **- How to verify it** - Check thermalctld is not running in 'pmon'. - Wrote a python script to load Chassis class and then call the APIs accordingly and verify the return type.
Signed-off-by: Nazarii Hnydyn <[email protected]>
…#4743) * [Mellanox] Initialize system LED color to green for 201911 * Rename variable to make it more readable
…tem (sonic-net#4431) * Run fsck filesystem check support prior mounting filesystem If the filesystem become non clean ("dirty"), SONiC does not run fsck to repair and mark it as clean again. This patch adds the functionality to run fsck on each boot, prior to the filesystem being mounted. This allows the filesystem to be repaired if needed. Note that if the filesystem is maked as clean, fsck does nothing and simply return so this is perfectly fine to call fsck every time prior to mount the filesystem. How to verify this patch (using bash): Using an image without this patch: Make the filesystem "dirty" (not clean) [we are making the assumption that filesystem is stored in /dev/sda3 - Please adjust depending of the platform] [do this only on a test platform!] dd if=/dev/sda3 of=superblock bs=1 count=2048 printf "$(printf '\\x%02X' 2)" | dd of="superblock" bs=1 seek=1082 count=1 conv=notrunc &> /dev/null dd of=/dev/sda3 if=superblock bs=1 count=2048 Verify that filesystem is not clean tune2fs -l /dev/sda3 | grep "Filesystem state:" reboot and verify that the filesystem is still not clean Redo the same test with an image with this patch, and verify that at next reboot the filesystem is repaired and becomes clean. fsck log is stored on syslog, using the string FSCK as markup.
…onic-net#4673) This will allow us to disable services and have it persist across reboots by using the `systemctl mask` operation
Fix hostcfgd so that changes to the "FEATURE" table in ConfigDB are properly handled. Three changes here: 1. Fix indenting such that the handling of each key actually occurs in the for key in status_data.keys(): loop 2. Add calls to sudo systemctl mask and sudo systemctl unmask as appropriate to ensure changes persist across reboots 3. Substitute returns with continues so that even if one service fails, we still try to handle the others Note that the masking is persistent, even if the configuration is not saved. We may want to consider only calling systemctl enable/disable in hostcfgd when the DB table changes, and only call systemctl mask/unmask upon calling config save.
- Xilinx/pericom peripherals are not actively used in DellEMC S6100 switch. - These peripherals are throwing PCIE corrected messages in some of the units and filling syslog. - Since it is not usable disabling it at startup.
…is no one (sonic-net#4860) If some table with a list of tuples (interface name, ip prefix) has ip prefixes without a mask length, it will cause issues in SONiC. For example quagga and frr will treat ipv4 address without a mask, so "10.20.30.40" address will be treated as "10.0.0.0/8", which is dangerous. The fix here is that when pfx_filter get a tuple (interface name, ip prefix), where the ip prefix doesn't have prefix mask length, add a mask by default: "/32 for ipv4 addresses, /128 for ipv6 addresses". Co-authored-by: Pavel Shirshov <[email protected]>
Signed-off-by: Shlomi Bitton <[email protected]>
* Tests for bgpcfgd templates
…-net#3868) In the scope of migration from docker shell plugin to docker connection plugin, we need to have docker-ce-cli installed in docker-sonic-mgmt. sonic-net/sonic-mgmt#1269 Added docker-ce-cli package to docker-sonic-mgmt.
…ic-net#3978) * Install python-subnettree to sonic-mgmt container.
…ild break looks like version 0.42 has build issues Signed-off-by: Guohan Lu <[email protected]>
…c-net#4110) The snmp tool is required for interacting with certain type of PDU hosts in platform PSU/power related testing. This change is to have the snmp tool pre-built in the sonic-mgmt docker image. Signed-off-by: Xin Wang <[email protected]>
…net#4325) . env-201811/bin/activate The ansible 2.0.0.2 will be used.
…c-net#4411) Signed-off-by: Danny Allen <[email protected]>
* Add IxNetwork python client to sonic mgmt docker
Signed-off-by: Guohan Lu <[email protected]>
spytest requires higher paramiko version. Fix it to 2.7.1. Signed-off-by: Ying Xie <[email protected]>
Signed-off-by: Ying Xie <[email protected]>
…r' arguments in pytest-ansible (sonic-net#4681)
- Alphabetize dependencies to prevent duplicates - Remove unneccesary git clone Signed-off-by: Danny Allen <[email protected]>
…et#4791) The current stdout file which also includes the dut logs are very verbose and noisy. We have manually installed it in the sonic-mgmt docker in our organization and tuned the pytest settings to produce very helpful and concise logs. pytest-html plugins can be used to post-process the output in various ways based on our different and unique organizational needs. Hence proposing to add this pkt to the docker file
Cherry pick sonic-net/sonic-ztp#17 to 201911 branch to fix sonic-net/sonic-ztp#15
bbinxie
approved these changes
Jul 13, 2020
mudsut4ke
pushed a commit
that referenced
this pull request
Sep 9, 2021
…ic-net#8577) This PR updates the following commits in sonic-platform-daemons e038bc2 [xcvrd] initial support for integrating vendor specfic class objects for calling Y-Cable API's inside xcvrd (#197) 57e3d78 Fix issue#8230 (#210) f63fc94 [thermalctld] Use interval set in thermal policy if available (#164) 8b2227d [CI] Sum up Azp unit test code coverage (#209) b880c48 [xrcvd]: Added unit test for sfp oir events (#205) 4a32b5a [y-cable] fix for logging the xcvrd metrics before writing the state to the State-DB (#208) 53e1532 (origin/shilong-test) Add str conversion for numeric xcvr info fields to xcvrd (#200) 03a4add Introduce mgmtinit delay after transceiver module insertion (#201) This PR updates the following commits in sonic-platform-common 0dc71c1 Add y-cable driver for simulated mux (#213) Signed-off-by: vaibhav-dahiya <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)