Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[chassis]: remote cli commands infra for sonic chassis #2701

Merged
merged 6 commits into from
Apr 21, 2023

Conversation

arlakshm
Copy link
Contributor

@arlakshm arlakshm commented Feb 28, 2023

Microsoft ADO 17792956

What I did

Since each Linecard is running an independent SONiC Instance, the user needs to login to a linecard to run any CLI command
The user can login to each Linecard 2 ways

  • Ssh directly to the linecard using the management IP address
  • Ssh to supervisor and from supervisor ssh to the Linecard using the Linecard’s internal IP address

To simplify the user experience and allow scripting agents to execute commands on all linecards.
Two new commands are being added
rexec <linecard_name|all> -c <cli_command> This command will execute the command on specified linecards or all linecards.

rshell <linecard_name> connects to the linecard for interactive shell

How to verify it

UT and testing in the chassis
UT results for new files
rcli/init.py 0 0 0 0 100%
rcli/linecard.py 82 8 16 2 88%
rcli/rexec.py 28 2 10 1 92%
rcli/rshell.py 25 3 6 2 84%
rcli/utils.py 78 6 26 2 90%

Previous command output (if the output of a command-line utility has changed)

New command output (if the output of a command-line utility has changed)

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <[email protected]>
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <[email protected]>
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <[email protected]>
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <[email protected]>
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <[email protected]>
@arlakshm arlakshm merged commit 7e24463 into sonic-net:master Apr 21, 2023
StormLiangMS pushed a commit that referenced this pull request Apr 26, 2023
What I did
Since each Linecard is running an independent SONiC Instance, the user needs to login to a linecard to run any CLI command
The user can login to each Linecard 2 ways

Ssh directly to the linecard using the management IP address
Ssh to supervisor and from supervisor ssh to the Linecard using the Linecard’s internal IP address
To simplify the user experience and allow scripting agents to execute commands on all linecards.
Two new commands are being added
rexec <linecard_name|all> -c <cli_command> This command will execute the command on specified linecards or all linecards.

rshell <linecard_name> connects to the linecard for interactive shell

How to verify it
UT and testing in the chassis
UT results for new files
rcli/init.py 0 0 0 0 100%
rcli/linecard.py 82 8 16 2 88%
rcli/rexec.py 28 2 10 1 92%
rcli/rshell.py 25 3 6 2 84%
rcli/utils.py 78 6 26 2 90%

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <[email protected]>
StormLiangMS pushed a commit to sonic-net/sonic-buildimage that referenced this pull request Apr 28, 2023
Why I did it
Support for SONIC chassis isolation using TSA and un-isolation using TSB from supervisor module

Work item tracking
Microsoft ADO (number only): 17826134
How I did it
When TSA is run on the supervisor, it triggers TSA on each of the linecards using the secure rexec infrastructure introduced in sonic-net/sonic-utilities#2701. User password is requested to allow secure login to linecards through ssh, before execution of TSA/TSB on the linecards

TSA of the chassis withdraws routes from all the external BGP neighbors on each linecard, in order to isolate the entire chassis. No route withdrawal is done from the internal BGP sessions between the linecards to prevent transient drops during internal route deletion. With these changes, complete isolation of a single linecard using TSA will not be possible (a separate CLI/script option will be introduced at a later time to achieve this)

Changes also include no-stats option with TSC for quick retrieval of the current system isolation state

This PR also reverts changes in #11403

How to verify it
These changes have a dependency on sonic-net/sonic-utilities#2701 for testing

Run TSA from supervisor module and ensure transition to Maintenance mode on each linecard
Verify that all routes are withdrawn from eBGP neighbors on all linecards
Run TSB from supervisor module and ensure transition to Normal mode on each linecard
Verify that all routes are re-advertised from eBGP neighbors on all linecards
Run TSC no-stats from supervisor and verify that just the system maintenance state is returned from all linecards
mssonicbld pushed a commit to mssonicbld/sonic-buildimage that referenced this pull request Apr 28, 2023
Why I did it
Support for SONIC chassis isolation using TSA and un-isolation using TSB from supervisor module

Work item tracking
Microsoft ADO (number only): 17826134
How I did it
When TSA is run on the supervisor, it triggers TSA on each of the linecards using the secure rexec infrastructure introduced in sonic-net/sonic-utilities#2701. User password is requested to allow secure login to linecards through ssh, before execution of TSA/TSB on the linecards

TSA of the chassis withdraws routes from all the external BGP neighbors on each linecard, in order to isolate the entire chassis. No route withdrawal is done from the internal BGP sessions between the linecards to prevent transient drops during internal route deletion. With these changes, complete isolation of a single linecard using TSA will not be possible (a separate CLI/script option will be introduced at a later time to achieve this)

Changes also include no-stats option with TSC for quick retrieval of the current system isolation state

This PR also reverts changes in sonic-net#11403

How to verify it
These changes have a dependency on sonic-net/sonic-utilities#2701 for testing

Run TSA from supervisor module and ensure transition to Maintenance mode on each linecard
Verify that all routes are withdrawn from eBGP neighbors on all linecards
Run TSB from supervisor module and ensure transition to Normal mode on each linecard
Verify that all routes are re-advertised from eBGP neighbors on all linecards
Run TSC no-stats from supervisor and verify that just the system maintenance state is returned from all linecards
dprital added a commit to dprital/sonic-buildimage that referenced this pull request May 1, 2023
Update sonic-utilities submodule pointer to include the following:
* 600377f7 [DPB]Fixing typo in config breakout output ([sonic-net#2802](sonic-net/sonic-utilities#2802))
* 8ae2424a [config]Support multi-asic  Golden Config override ([sonic-net#2738](sonic-net/sonic-utilities#2738))
* 79003ab2 [chassis]: remote cli commands infra for sonic chassis ([sonic-net#2701](sonic-net/sonic-utilities#2701))
* cbc55eeb [voq][chassis][generate_dump] [BCM] Dump only the relevant BCM commands for fabric cards ([sonic-net#2606](sonic-net/sonic-utilities#2606))
* 39c94b7e [GCU] Prohibit removal of PFC_WD POLL_INTERVAL field ([sonic-net#2545](sonic-net/sonic-utilities#2545))

Signed-off-by: dprital <[email protected]>
dprital added a commit to dprital/sonic-buildimage that referenced this pull request May 1, 2023
Update sonic-utilities submodule pointer to include the following:
* 88ffb167 [config]config reload should generate sysinfo if missing ([sonic-net#2778](sonic-net/sonic-utilities#2778))
* 7443b9e5 [sonic-package-manager] support extension with multiple YANG modules ([sonic-net#2752](sonic-net/sonic-utilities#2752))
* 522c3a9e [sonic-package-manager] add support for multiple CLI plugin files ([sonic-net#2753](sonic-net/sonic-utilities#2753))
* b38fcfd1 [show][muxcable] fix  RC ([sonic-net#2812](sonic-net/sonic-utilities#2812))
* 7e24463f [chassis]: remote cli commands infra for sonic chassis ([sonic-net#2701](sonic-net/sonic-utilities#2701))
* bee593e4 [DPB]Fixing typo in config breakout output ([sonic-net#2802](sonic-net/sonic-utilities#2802))
* ada603c5 [config]Support multi-asic  Golden Config override ([sonic-net#2738](sonic-net/sonic-utilities#2738))
* 88a7daa8 [show][barefoot] replace shell=True ([sonic-net#2699](sonic-net/sonic-utilities#2699))
* 5e99edb5 [sonic_package_manager] replace shell=True ([sonic-net#2726](sonic-net/sonic-utilities#2726))
* b547bb45 [acl-loader] Only add default deny rule when table is L3 or L3V6 ([sonic-net#2796](sonic-net/sonic-utilities#2796))

Signed-off-by: dprital <[email protected]>
dprital added a commit to dprital/sonic-utilities that referenced this pull request May 4, 2023
arlakshm added a commit to arlakshm/sonic-utilities that referenced this pull request May 10, 2023
lguohan pushed a commit that referenced this pull request May 10, 2023
lguohan added a commit that referenced this pull request May 10, 2023
arlakshm added a commit to arlakshm/sonic-utilities that referenced this pull request May 25, 2023
arlakshm added a commit that referenced this pull request Jun 6, 2023
What I did
Microsoft ADO 17792956

Since each Linecard is running an independent SONiC Instance, the user needs to login to a linecard to run any CLI command
The user can login to each Linecard 2 ways

Ssh directly to the linecard using the management IP address
Ssh to supervisor and from supervisor ssh to the Linecard using the Linecard’s internal IP address
To simplify the user experience and allow scripting agents to execute commands on all linecards.
Two new commands are being added
rexec <linecard_name|all> -c <cli_command> This command will execute the command on specified linecards or all linecards.

rshell <linecard_name> connects to the linecard for interactive shell

This PR is adding the changes of PR #2701

How to verify it
UT and tested chassis

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <[email protected]>
pdhruv-marvell pushed a commit to pdhruv-marvell/sonic-utilities that referenced this pull request Aug 23, 2023
pdhruv-marvell pushed a commit to pdhruv-marvell/sonic-utilities that referenced this pull request Aug 23, 2023
What I did
Microsoft ADO 17792956

Since each Linecard is running an independent SONiC Instance, the user needs to login to a linecard to run any CLI command
The user can login to each Linecard 2 ways

Ssh directly to the linecard using the management IP address
Ssh to supervisor and from supervisor ssh to the Linecard using the Linecard’s internal IP address
To simplify the user experience and allow scripting agents to execute commands on all linecards.
Two new commands are being added
rexec <linecard_name|all> -c <cli_command> This command will execute the command on specified linecards or all linecards.

rshell <linecard_name> connects to the linecard for interactive shell

This PR is adding the changes of PR sonic-net#2701

How to verify it
UT and tested chassis

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants