Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye (#13294)
* Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* iproute2: Force a new version and timestamp to be used for the package
There is an issue with Docker's overlay2 storage driver when not using
native diffs (and thus falling back to naive diff mode), which is the
case in the CI builds. The way the naive diff mode detects changes is by
comparing the file size and comparing the timestamps (specifically, I
believe it's the modification timestamp), and if there's a change there,
then it's considered a change that needs to be recorded as part of that
layer.
The problem is that with the code being added in the patch, the file
size remains the same, and the timestamp of binary files appear to be
the same timestamp as the changelog entry (likely for reproducible build
purposes). The file size remains the same likely due to extra padding
within the file introduced by relro. Because of this, Docker doesn't
detect this file has changed, and doesn't save the new file as part of
this layer.
To work around this, create a new changelog entry (with a new version as
well) with a new timestamp. This will result in the binary files having
a different timestamp, and thus will get saved by Docker as part of that
layer.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
---------
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-03-19 23:14:27 -05:00
FROM docker-swss-layer-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}}
2017-10-24 00:01:42 -05:00
2018-06-25 12:48:42 -05:00
ARG docker_container_name
2022-12-20 02:53:58 -06:00
2022-12-14 18:49:37 -06:00
COPY [ "etc/rsyslog.conf" , "/etc/rsyslog.conf" ]
2018-09-11 16:57:29 -05:00
RUN [ -f /etc/rsyslog.conf ] && sed -ri " s/%syslogtag%/ $docker_container_name #%syslogtag%/; " /etc/rsyslog.conf
2018-06-25 12:48:42 -05:00
2017-10-24 00:01:42 -05:00
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND = noninteractive
2023-03-28 01:04:33 -05:00
RUN apt-get update && apt-get install -y gnupg
2017-11-30 16:59:25 -06:00
COPY [ "sonic-dev.gpg.key" , "/etc/apt/" ]
RUN apt-key add /etc/apt/sonic-dev.gpg.key
RUN echo "deb http://packages.microsoft.com/repos/sonic-dev/ jessie main" >> /etc/apt/sources.list
2017-10-24 00:01:42 -05:00
RUN apt-get update
RUN apt-get install -y net-tools \
2017-11-30 16:59:25 -06:00
arping \
Fix potential blackholing/looping traffic when link-local was used and refresh ipv6 neighbor to avoid CPU hit (#1904)
* Fix potential blackholing/looping traffic and refresh ipv6 neighbor to avoid CPU hit
In case ipv6 global addresses were configured on L3 interfaces and used for peering,
and routing protocol was using link-local addresses on the same interfaces as prefered nexthops,
the link-local addresses could be aged out after a while due to no activities towards the link-local
addresses themselves. And when we receive new routes with the link-local nexthops, SONiC won't insert
them to the HW, and thus cause looping or blackholing traffic.
Global ipv6 addresses on L3 interfaces between switches are refreshed by BGP keeplive and other messages.
On server facing side, traffic may hit fowarding plane only, and no refresh for the ipv6 neighbor entries regularly.
This could age-out the linux kernel ipv6 neighbor entries, and HW neighbor table entries could be removed,
and thus traffic going to those neighbors would hit CPU, and cause traffic drop and temperary CPU high load.
Also, if link-local addresses were not learned, we may not get them at all later.
It is intended to fix all above issues.
Changes:
Add ndisc6 package in swss docker and use it for ipv6 ndp ping to update the neighbors' state on Vlan interfaces
Change the default ipv6 neighbor reachable timer to 30mins
Add periodical ipv6 multicast ping to ff02::11 to get/refresh link-local neighbor info.
* Fix review comments:
Add PORTCHANNEL_INTERFACE interface for ipv6 multicast ping
format issue
* Combine regular L3 interface and portchannel interface for looping
* Add ndisc6 package to vs docker
2018-08-12 05:14:55 -05:00
ndisc6 \
2017-10-24 00:01:42 -05:00
ethtool \
tcpdump \
ifupdown \
bridge-utils \
python-ply \
libqt5core5a \
libqt5network5 \
libgmp10 \
libjudydebian1 \
openssh-client \
openssh-server \
libc-ares2 \
2020-07-18 02:11:09 -05:00
iproute2 \
2017-11-30 16:59:25 -06:00
grub2-common \
bash-completion \
libelf1 \
2018-11-06 23:07:12 -06:00
libmnl0 \
logrotate \
apt-utils \
2018-11-09 19:06:09 -06:00
psmisc \
Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye (#13294)
* Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* iproute2: Force a new version and timestamp to be used for the package
There is an issue with Docker's overlay2 storage driver when not using
native diffs (and thus falling back to naive diff mode), which is the
case in the CI builds. The way the naive diff mode detects changes is by
comparing the file size and comparing the timestamps (specifically, I
believe it's the modification timestamp), and if there's a change there,
then it's considered a change that needs to be recorded as part of that
layer.
The problem is that with the code being added in the patch, the file
size remains the same, and the timestamp of binary files appear to be
the same timestamp as the changelog entry (likely for reproducible build
purposes). The file size remains the same likely due to extra padding
within the file introduced by relro. Because of this, Docker doesn't
detect this file has changed, and doesn't save the new file as part of
this layer.
To work around this, create a new changelog entry (with a new version as
well) with a new timestamp. This will result in the binary files having
a different timestamp, and thus will get saved by Docker as part of that
layer.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
---------
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-03-19 23:14:27 -05:00
python3-scapy \
2020-03-15 15:54:05 -05:00
conntrack \
2020-06-22 17:38:36 -05:00
iptables \
2020-09-20 22:16:42 -05:00
jq \
2020-10-14 12:16:35 -05:00
libzmq5 \
2022-08-08 10:29:51 -05:00
libzmq3-dev \
uuid-dev \
2020-10-14 12:16:35 -05:00
# For installing Python m2crypto package
# (these can be uninstalled after installation)
build-essential \
python3-dev \
libssl-dev \
swig \
# For using Python m2crypto package
2021-02-08 21:35:08 -06:00
openssl \
# For installing dependent Python packages of sonic-host-services
# (these can be uninstalled after installation)
libcairo2-dev \
libdbus-1-dev \
libgirepository1.0-dev \
libsystemd-dev \
pkg-config \
# For installing dependent Python packages of sonic-host-services
# these packages are needed at runtime
gir1.2-glib-2.0 \
libdbus-1-3 \
libgirepository-1.0-1 \
2022-04-22 03:07:07 -05:00
{ %- if ENABLE_ASAN = = "y" %}
Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye (#13294)
* Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* iproute2: Force a new version and timestamp to be used for the package
There is an issue with Docker's overlay2 storage driver when not using
native diffs (and thus falling back to naive diff mode), which is the
case in the CI builds. The way the naive diff mode detects changes is by
comparing the file size and comparing the timestamps (specifically, I
believe it's the modification timestamp), and if there's a change there,
then it's considered a change that needs to be recorded as part of that
layer.
The problem is that with the code being added in the patch, the file
size remains the same, and the timestamp of binary files appear to be
the same timestamp as the changelog entry (likely for reproducible build
purposes). The file size remains the same likely due to extra padding
within the file introduced by relro. Because of this, Docker doesn't
detect this file has changed, and doesn't save the new file as part of
this layer.
To work around this, create a new changelog entry (with a new version as
well) with a new timestamp. This will result in the binary files having
a different timestamp, and thus will get saved by Docker as part of that
layer.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
---------
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-03-19 23:14:27 -05:00
libasan6 \
2022-04-22 03:07:07 -05:00
{ %- endif %}
Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye (#13294)
* Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* iproute2: Force a new version and timestamp to be used for the package
There is an issue with Docker's overlay2 storage driver when not using
native diffs (and thus falling back to naive diff mode), which is the
case in the CI builds. The way the naive diff mode detects changes is by
comparing the file size and comparing the timestamps (specifically, I
believe it's the modification timestamp), and if there's a change there,
then it's considered a change that needs to be recorded as part of that
layer.
The problem is that with the code being added in the patch, the file
size remains the same, and the timestamp of binary files appear to be
the same timestamp as the changelog entry (likely for reproducible build
purposes). The file size remains the same likely due to extra padding
within the file introduced by relro. Because of this, Docker doesn't
detect this file has changed, and doesn't save the new file as part of
this layer.
To work around this, create a new changelog entry (with a new version as
well) with a new timestamp. This will result in the binary files having
a different timestamp, and thus will get saved by Docker as part of that
layer.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
---------
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-03-19 23:14:27 -05:00
dbus \
redis-server
2017-11-13 16:38:07 -06:00
2020-11-25 12:28:36 -06:00
# For sonic-config-engine Python 3 package
# Install pyangbind here, outside sonic-config-engine dependencies, as pyangbind causes enum34 to be installed.
# Then immediately uninstall enum34, as enum34 should not be installed for Python >= 3.4, as it causes a
# conflict with the new 'enum' module in the standard library
# https://github.com/robshakir/pyangbind/issues/232
RUN pip3 install pyangbind = = 0.8.1
RUN pip3 uninstall -y enum34
2020-12-15 13:06:30 -06:00
# Dependencies of restore_neighbors.py
RUN pip3 install \
scapy = = 2.4.4 \
pyroute2 = = 0.5.14 \
netifaces = = 0.10.9
2018-05-02 13:46:21 -05:00
{ % if docker_sonic_vs_debs.strip( ) -%}
# Copy locally-built Debian package dependencies
2021-01-04 23:57:58 -06:00
COPY { %- for deb in docker_sonic_vs_debs.split( ' ' ) %} debs/{ { deb } } { %- endfor %} /debs/
2017-10-24 00:01:42 -05:00
2018-05-02 13:46:21 -05:00
# Install locally-built Debian packages and implicitly install their dependencies
2021-01-04 23:57:58 -06:00
RUN dpkg_apt( ) { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; } ; { %- for deb in docker_sonic_vs_debs.split( ' ' ) %} dpkg_apt /debs/{ { deb } } ; { %- endfor %}
2018-05-02 13:46:21 -05:00
{ %- endif %}
2019-02-05 00:06:37 -06:00
{ % if docker_sonic_vs_pydebs.strip( ) -%}
# Copy locally-built Debian package dependencies
2021-01-04 23:57:58 -06:00
COPY { %- for deb in docker_sonic_vs_pydebs.split( ' ' ) %} python-debs/{ { deb } } { %- endfor %} /debs/
2019-02-05 00:06:37 -06:00
# Install locally-built Debian packages and implicitly install their dependencies
2021-01-04 23:57:58 -06:00
RUN dpkg_apt( ) { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; } ; { %- for deb in docker_sonic_vs_pydebs.split( ' ' ) %} dpkg_apt /debs/{ { deb } } ; { %- endfor %}
2019-02-05 00:06:37 -06:00
{ %- endif %}
2020-06-22 17:38:36 -05:00
{ % if docker_sonic_vs_whls.strip( ) %}
# copy all whl PKGs first,
2021-01-04 23:57:58 -06:00
copy { %- for whl in docker_sonic_vs_whls.split( ' ' ) %} python-wheels/{ { whl } } { %- endfor %} python-wheels/
2020-06-22 17:38:36 -05:00
# install PKGs after copying all PKGs to avoid dependency failure
# use py3 to find python3 package, which is forced by wheel as of now
{ %- for whl in docker_sonic_vs_whls.split( ' ' ) %}
2020-10-26 15:48:50 -05:00
RUN pip{ % if 'py3' in whl %} 3{ % else %} 2{ % endif %} install python-wheels/{ { whl } }
2020-06-22 17:38:36 -05:00
{ %- endfor %}
{ % endif %}
2018-05-02 13:46:21 -05:00
# Clean up
2020-10-14 12:16:35 -05:00
RUN apt-get purge -y build-essential libssl-dev swig
Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye (#13294)
* Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
* iproute2: Force a new version and timestamp to be used for the package
There is an issue with Docker's overlay2 storage driver when not using
native diffs (and thus falling back to naive diff mode), which is the
case in the CI builds. The way the naive diff mode detects changes is by
comparing the file size and comparing the timestamps (specifically, I
believe it's the modification timestamp), and if there's a change there,
then it's considered a change that needs to be recorded as part of that
layer.
The problem is that with the code being added in the patch, the file
size remains the same, and the timestamp of binary files appear to be
the same timestamp as the changelog entry (likely for reproducible build
purposes). The file size remains the same likely due to extra padding
within the file introduced by relro. Because of this, Docker doesn't
detect this file has changed, and doesn't save the new file as part of
this layer.
To work around this, create a new changelog entry (with a new version as
well) with a new timestamp. This will result in the binary files having
a different timestamp, and thus will get saved by Docker as part of that
layer.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
---------
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-03-19 23:14:27 -05:00
RUN apt-get purge -y python3-dev
2021-02-08 21:35:08 -06:00
RUN apt-get purge -y libcairo2-dev libdbus-1-dev libgirepository1.0-dev libsystemd-dev pkg-config
2018-05-02 13:46:21 -05:00
RUN apt-get clean -y
RUN apt-get autoclean -y
RUN apt-get autoremove -y
RUN rm -rf /debs ~/.cache
2017-10-24 00:01:42 -05:00
2017-11-13 16:38:07 -06:00
RUN sed -ri ' s/^( save .*$) /# \1 /g; \
s/^daemonize yes$/daemonize no/; \
2017-10-24 00:01:42 -05:00
s/^logfile .*$/logfile "" /; \
s/^# syslog-enabled no$/syslog-enabled no/; \
2017-11-13 16:38:07 -06:00
s/^# unixsocket/unixsocket/; \
2017-11-30 16:59:25 -06:00
s/notify-keyspace-events "" /notify-keyspace-events AKE/; \
2019-07-04 00:16:10 -05:00
s/redis-server.sock/redis.sock/g; \
2017-11-13 16:38:07 -06:00
s/^client-output-buffer-limit pubsub [ 0-9] +mb [ 0-9] +mb [ 0-9] +/client-output-buffer-limit pubsub 0 0 0/ \
2017-10-24 00:01:42 -05:00
' /etc/redis/redis.conf
COPY [ "50-default.conf" , "/etc/rsyslog.d/" ]
2020-10-14 17:15:24 -05:00
COPY [ "start.sh" , "orchagent.sh" , "files/update_chassisdb_config" , "/usr/bin/" ]
2022-04-22 03:07:07 -05:00
COPY [ "supervisord.conf.j2" , "/usr/share/sonic/templates/" ]
2017-11-30 16:59:25 -06:00
COPY [ "files/configdb-load.sh" , "/usr/bin/" ]
2019-01-30 04:04:20 -06:00
COPY [ "files/arp_update" , "/usr/bin/" ]
2020-11-23 11:31:42 -06:00
COPY [ "files/buffers_config.j2" , "files/qos_config.j2" , "files/arp_update_vars.j2" , "files/copp_cfg.j2" , "/usr/share/sonic/templates/" ]
2018-11-21 00:32:40 -06:00
COPY [ "files/sonic_version.yml" , "/etc/sonic/" ]
2020-11-25 14:47:50 -06:00
COPY [ "port_breakout_config_db.json" , "/etc/sonic/" ]
2019-11-20 12:40:19 -06:00
COPY [ "database_config.json" , "/etc/default/sonic-db/" ]
2020-07-29 16:20:31 -05:00
COPY [ "hostname.j2" , "/usr/share/sonic/templates/" ]
2021-06-23 12:18:55 -05:00
COPY [ "init_cfg.json.j2" , "/usr/share/sonic/templates/" ]
2020-07-29 16:20:31 -05:00
COPY [ "default_chassis_cfg.json" , "/etc/default/sonic-db/" ]
2020-12-13 13:35:39 -06:00
COPY [ "asic_table.json" , "/etc/sonic/" ]
2021-11-24 07:00:23 -06:00
COPY [ "zero_profiles.json" , "/etc/sonic" ]
2020-12-13 13:35:39 -06:00
COPY [ "buffermgrd.sh" , "/usr/bin/" ]
2017-10-24 00:01:42 -05:00
2020-08-20 19:10:58 -05:00
COPY [ "platform.json" , "/usr/share/sonic/device/x86_64-kvm_x86_64-r0/" ]
2023-07-11 11:57:50 -05:00
COPY [ "platform-dpu-2p.json" , "/usr/share/sonic/device/x86_64-kvm_x86_64-r0/" ]
2020-08-20 19:10:58 -05:00
COPY [ "hwsku.json" , "/usr/share/sonic/device/x86_64-kvm_x86_64-r0/Force10-S6000/" ]
2021-09-15 16:02:03 -05:00
COPY [ "hwsku.json" , "/usr/share/sonic/device/x86_64-kvm_x86_64-r0/brcm_gearbox_vs/" ]
2021-11-02 01:21:06 -05:00
COPY [ "hwsku.json" , "/usr/share/sonic/device/x86_64-kvm_x86_64-r0/Mellanox-SN2700/" ]
2020-08-20 19:10:58 -05:00
2022-04-22 03:07:07 -05:00
RUN mkdir -p /etc/supervisor/conf.d/
RUN sonic-cfggen -a "{\"ENABLE_ASAN\":\"{{ENABLE_ASAN}}\"}" -t /usr/share/sonic/templates/supervisord.conf.j2 > /etc/supervisor/conf.d/supervisord.conf
RUN rm -f /usr/share/sonic/templates/supervisord.conf.j2
2022-06-23 17:38:24 -05:00
{ %- if ENABLE_ASAN = = "y" %}
RUN mkdir -p /var/log/asan
{ %- endif %}
2017-11-13 16:38:07 -06:00
RUN echo "docker-sonic-vs" > /etc/hostname
2019-05-08 01:40:40 -05:00
RUN mkdir -p /etc/quagga
2017-11-30 16:59:25 -06:00
RUN touch /etc/quagga/zebra.conf
2017-11-13 16:38:07 -06:00
2019-05-08 01:40:40 -05:00
# disable integrated vtysh config
RUN rm /etc/frr/frr.conf
2023-02-06 11:38:39 -06:00
COPY [ "frr/zebra.conf" , "/etc/frr/" ]
2018-11-16 11:40:35 -06:00
# Create /var/warmboot/teamd folder for teammgrd
RUN mkdir -p /var/warmboot/teamd
2020-09-01 15:39:10 -05:00
# Set PLATFORM and HWSKU environment variables
ENV PLATFORM = x86_64-kvm_x86_64-r0
ENV HWSKU = Force10-S6000
2020-11-22 23:18:44 -06:00
ENTRYPOINT [ "/usr/local/bin/supervisord" ]