Backport [generate_dump] remove secrets from dump files #1886 to 201911 #1959
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Fastboot/warmboot platform plugin * Added platform plugin
Add utility to translate text output of syseeprom dump into JSON, for consumption by new management (1.0) command. Signed-off-by: Howard Persh <hpersh@yahoo.com>
…-net#752) Signed-off-by: Mykola Faryma <mykolaf@mellanox.com>
Currently it misses the case where data for a new key is empty.
sonic-net#757) * [neighbor advertiser] catch all exceptions while trying https endpoint When connecting https endpoint failed, we need to try http endpoint. Therefore we need to catch all exceptions. Signed-off-by: Ying Xie <ying.xie@microsoft.com> * raise exception if https returned non-success status code
…re (sonic-net#758) * [neighbor advertiser] raise exception when http endpoint return failure Signed-off-by: Ying Xie <ying.xie@microsoft.com> * Delete deprecated error checking code * Add back check for None
…(s) (sonic-net#761) Once any critical service is shutdown (radv/swss/syncd), we have to commit to the reboot. Failing in the middle will leave the system in bad state. Signed-off-by: Ying Xie <ying.xie@microsoft.com>
sonic-net#770) * A generic JSON file updater, which can add/update-existing attributes. This tool would be used to update /etc/sonic/core_analyzer.rc.json file to add credentials by HW proxy. * Updated per review comments. The option is better named.
* [portstat] fix header used Signed-off-by: Mykola Faryma <mykolaf@mellanox.com> * [portstat] fix print table_as_json Signed-off-by: Mykola Faryma <mykolaf@mellanox.com> * Fix tx_ovr field
* [show] enhance 'show ip[v6] bgp summary' command * changing ipaddr to ipaddress
…op counters (sonic-net#784) Signed-off-by: Danny Allen <daall@microsoft.com>
Merge two vrf configuration to avoid user can't add or delete management VRF through CLI. Co-authored-by: Minkang-Tsai <58835052+Minkang-Tsai@users.noreply.github.com>
If ACL table name contains the substring "v6", set the EtherType of the rule to V6, otherwise set to V4.
… OID->interface name mapping (sonic-net#789) In release branches prior to 201911, FDB or ARP learnt on VLAN interface LAG port will cause nothing to appear in the "show arp" or "show mac" output because there existed no OID->interface name never had the mappings for LAG interface. This issue has since been fixed in master (and 201911). However, making this change in master is not harmful and will prevent a regression from causing no output to be displayed for the interface name in the future.
* [neighbor advertiser] remove http endpoint access Signed-off-by: Ying Xie <ying.xie@microsoft.com> * Remove obsolete comment
- Remove prefix-trimming from drop reason capability query - Remove prefix-trimming from create/add safety checks Signed-off-by: Danny Allen <daall@microsoft.com>
…t#645) Signed-off-by: akhilesh.samineni@broadcom.com
Implemented following commands to use Zero Touch Provisioning show ztp status config ztp enable config ztp disable config ztp run Signed-off-by: Rajendra Dendukuri <rajendra.dendukuri@broadcom.com> Co-authored-by: Akhilesh Samineni <47657796+AkhileshSamineni@users.noreply.github.com> Co-authored-by: rlhui <48738894+rlhui@users.noreply.github.com>
…or each container (sonic-net#798) Since we introduced the auto-restart feature for each container, we need add a show subcommand to display the current status of auto-restart feature for all containers or a specific container. - How I did it We define a function named autorestart to show the status of this features. This function will accept an option parameter which is the container name. If this parameter is not specified, this function will by default show the status of all containers. Otherwise it will show the status of specific container. Signed-off-by: Yong Zhao <yozhao@microsoft.com>
…re for each container (sonic-net#801)
…init_cfg.json implicitly (sonic-net#812) * [config/main.py] Modify the load() and reload() functions to load config from config_db.json and init_cfg.json. Signed-off-by: Yong Zhao <yozhao@microsoft.com> * [config/main.py] Undo the changes which load the configuration from init_cfg.json for load() function and define a constant string for the path of init_cfg.json. Signed-off-by: Yong Zhao <yozhao@microsoft.com> * [config/main.py] Correct a typo. Signed-off-by: Yong Zhao <yozhao@microsoft.com> * [config/main.py] Added an else statement in line 551 to decide whether the init_cfg.json exsits or not in reload function. Signed-off-by: Yong Zhao <yozhao@microsoft.com> * [config/main.py] Correct a typo error. Signed-off-by: Yong Zhao <yozhao@microsoft.com> * [config/main.py] Change the loading order and we should first load init_cfg.json and then config_db.json. Signed-off-by: Yong Zhao <yozhao@microsoft.com> * [config/main.py] Use constant string to represent the path of init_cfg.json. Signed-off-by: Yong Zhao <yozhao@microsoft.com>
Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
…onic-net#815) This is possible if some of docker are not built then corresponding service file will not be present
…onic-net#624) This change is related to Platform Driver Development Framework (PDDF) which is being added to sonic-buildimage repo. More details can be found here, sonic-net/SONiC#406 PDDF supports its own CLI utilities, which use generic PDDF component plugins. I added these PDDF CLI utilities.
Add a "show platform fanstatus" command to allow user fetch FAN status data. Add a "show platform temperature" command to allow user fetch thermal status data.
…ts (sonic-net#772) * [fwutil]: initial version. Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com> * [fwutil]: Fix UI: enable progressbar render finalizer. Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com> * [fwutil]: integrate utility with SONiC CLI. Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com> * [fwutil]: update CLI command reference documentation. Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com> * [fwutil]: Revisit CLI architecture: avoid direct imports. Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com> * [fwutil]: Fix review comments: refactor CLI command reference. Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com> * [fwutil]: Fix review comments: update CLI documentation. Signed-off-by: Nazarii Hnydyn <nazariig@mellanox.com>
…port list (sonic-net#1576) How I did it I discovered that using the @ syntax to insert the port list as a comma-separated list/array actually causes the port list to be deleted when the same table is config add-ed multiple times. Using a list works. (We still need to determine the root cause for why the @ syntax fails). How to verify it Updated the tests and ran the command locally to verify the fix. Still working on adding a new regression test case for this.
+ update 'show ip interface' command in tech support collection + fix unbound variable issue in case command times out
…t#1587) This is port of the PR sonic-net#1574 in 201911 branch This PR is to add support for the commands show ip bgp neighbor and show ip bgp network Add unit tests for these commands
Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
Support ssd_fw_update for Soft reboot How I did it Move ssd_fw_update after enabling watchdog Set reboot_type as soft-reboot instead of getting from the file name Perform ssd_fw_update with reboot_type
What I did Add soft-reboot to /usr/bin How I did it Add soft-reboot to the script list for sonic-utilities. How to verify it See if soft-reboot is available on buildimage.
Signed-off-by: bingwang <bingwang@microsoft.com>
sonic-net#1637) * [201911][db_migrator] fix old 1911 feature config migration to a new one. This change is in addition to sonic-net#1522. The init_cfg.json may have important fields added to configuration, while in previous fix these entries will not be added when table already exists. This change fixes this behaviour. Also, in order to preserve users auto_restart configuration a special logic for migrating CONTAINER_FEATURE table has been implemented. Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
…nic-net#1652) Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
…o a new … (sonic-net#1637)" This reverts commit 42354e6.
…2km-cable supported (sonic-net#1575) Update mellanox buffer migrator with 2km-cable supported
…schema (sonic-net#1655) What I did Fixed badly converted code change from master for 201911in sonic-net#1637. This PR fixes python3.5 feature usage. How I did it Used python2 approach. How to verify it Takes this script and run on switch: db_migrator.py -o migrate.
…onic-net#1647) Change to use rvtysh when calling the show commands
Fix the name 'mock_show_bgp_command' not defined issue, caused by code merge.
…nic-net#1703) What I did Change the method name to align with master, reduce diverge issue
…igraph (sonic-net#1725) * [minigraph][port_config] Consume port_config.json while reloading minigraph (sonic-net#1705) * Fix build issue for 201911 Signed-off-by: Jing Kan jika@microsoft.com
* Implement null_route_helper script Signed-off-by: bingwang <wang.bing@microsoft.com>
…sonic-net#1594) (sonic-net#1729) Gracefully handle improper 'specification_compliance' field The 'specification_compliance' field of transceiver info is expected to be a string representation of a dictionary. However, there is a chance, upon some kind of platform issue that a vendor's platform API returns something like 'N/A'. In this case, sfpshow would crash. Rather than crash, sfpshow should handle this gracefully and output 'N/A' instead. Co-authored-by: Joe LeVeque <jleveque@users.noreply.github.com>
…-net#1758) Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
…boot (sonic-net#1804) To reduce fastboot dataplane downtime, delay flex counters by removing the flex_counter table from config_db before reboot. This is porting changes from 202012 branch to 201911 branch. Related PR for 202012 branch: sonic-net#1774
…et#1881) Port fix from master to stop pmon service for reboot and soft-reboot What I did Remove exec from the platform_reboot call to handle any hang issue during reboot Port missing fix from master : stop pmon service for reboot and soft-reboot How I did it Remove "exec" from " exec ${DEVPATH}/${PLATFORM}/${PLAT_REBOOT} $@" How to verify it Perform sudo reboot after DE initializing the platfom driver and see if the device gracefully reboots by /sbin/reboot after failing on platform_reboot.
The race condition is caused by a blocking Redis call which gets the contents of the FDB entry from ASIC DB. Since it has been implemented as a simple loop, there is no guarantee that entry will be present in DB when the contents are being read. Closes sonic-net#1866 - What I did Fixed: [fdb] 'show mac' command failed with t0-56-po2vlan topology sonic-net#1866 - How I did it Removed blocking calls from fdbshow - How to verify it Run FDB test - Previous command output (if the output of a command-line utility has changed) root@sonic:/home/admin# show mac Key 'ASIC_STATE:SAI_OBJECT_TYPE_FDB_ENTRY:{"bvid":"oid:0x260000000009cc","mac":"02:11:22:33:20:00","switch_id":"oid:0x21000000000000"}' unavailable in database '1' - New command output (if the output of a command-line utility has changed) root@sonic:/home/admin# show mac No. Vlan MacAddress Port Type ----- ------ ------------ ------ ------ Total number of entries 0
…net#1872) * disk_check: Check & mount RO as RW using tmpfs (sonic-net#1569) What I did There is a bug that occasionally turn root-overlay as RO. This makes /etc & /home as RO. This blocks any new remote user login, as that needs to write into /etc & /home. This tool scans /etc & /home (or given dirs) as in RW or RO state. If RO, it could create a writable overlay using tmpfs. This is transient and stays until next reboot. Any write after the overlay will be lost upon reboot. But this allows new remote users login. How I did it Create upper & work dirs in /run/mount (tmpfs). Mount /etc & /home as lowerdirs and use the same name for final merge. This allows anyone opening a file in /etc or /home to operate on the merged overlay, transparently. How to verify it Mount any dir on tmpfs ( mount -t tmpfs tmpfs test_dir) remount as RO (mount -o remount,ro test_dir) Pass that dir to this script. (disk_check.py -d ./test_dir) Now it should be RW
…-net#1907) How I did it Modify port2alias to read ports from all namespaces. How to verify it Tested on single and multi-asic platforms.
Remove secrets from dump files.
What I did
Add bash functions to remove secrets from dump files.
How I did it
For tacacs key, radius key, snmp community srring, use sed command with regex to remove user secrets from dump files.
For certs, update tar command exclude list to remove those certs from dump file.
How to verify it
Run 'show techsupport' command and check secrets removed from dump files.
Previous command output (if the output of a command-line utility has changed)
New command output (if the output of a command-line utility has changed)
# Conflicts:
# scripts/generate_dump
|
target branch should be 201911, submit a new PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport [generate_dump] remove secrets from dump files #1886 to 201911
What I did
How I did it
How to verify it
Previous command output (if the output of a command-line utility has changed)
New command output (if the output of a command-line utility has changed)