Commit Graph

7974 Commits

Author SHA1 Message Date
Mai Bui
52bebb94eb
[202305] [docker-macsec] fix privileged and volumes settings (#17130)
cherry pick #16894

Why I did it
Privileges and volumes were incorrectly set in macsec container. Privileged flag is set to false and volumes are not mounted properly.

admin@vlab-01:~$ docker inspect macsec0 | grep Privi
           "Privileged": false,
admin@vlab-01:~$ docker inspect macsec0 | grep -A 10 Binds
           "Binds": [
               "/var/run/redis0:/var/run/redis:rw",
               "/var/run/redis-chassis:/var/run/redis-chassis:ro",
               "/usr/share/sonic/device/x86_64-nokia_ixr7250e_36x400g-r0/Nokia-IXR7250E-36x100G/0:/usr/share/sonic/hwsku:ro",
               "/var/run/redis0/:/var/run/redis0/:rw",
               "/usr/share/sonic/device/x86_64-nokia_ixr7250e_36x400g-r0:/usr/share/sonic/platform:ro"
           ],
Work item tracking
Microsoft ADO (number only):
How I did it
How to verify it
Make sure privileged settings remain unchanged and make sure volumes are properly mounted

admin@vlab-01:~$ docker inspect macsec | grep Privi
            "Privileged": false,
admin@vlab-01:~$ docker inspect macsec | grep -A 10 Binds
            "Binds": [
                "/etc/timezone:/etc/timezone:ro",
                "/var/run/redis:/var/run/redis:rw",
                "/var/run/redis-chassis:/var/run/redis-chassis:ro",
                "/etc/fips/fips_enable:/etc/fips/fips_enable:ro",
                "/usr/share/sonic/templates/rsyslog-container.conf.j2:/usr/share/sonic/templates/rsyslog-container.conf.j2:ro",
                "/etc/sonic:/etc/sonic:ro",
                "/host/warmboot:/var/warmboot",
                "/usr/share/sonic/device/x86_64-kvm_x86_64-r0/Force10-S6000/:/usr/share/sonic/hwsku:ro",
                "/usr/share/sonic/device/x86_64-kvm_x86_64-r0:/usr/share/sonic/platform:ro"
            ],
2023-11-16 21:49:43 +08:00
mssonicbld
7d5b882877
[Mellanox] fix new MSN2700-A1 platform name (#17151) (#17198) 2023-11-16 21:40:47 +08:00
Pavan Naregundi
fdf54a01cc
[Marvell-arm64] Support lazy install of sdk drivers (#17135)
* Support lazy install of sdk drivers

This patch adds support for lazy install of Marvell prestera SDK
drivers for platform-nokia. Lazy install for drivers is added as
updated sdk driver needs to classify the drivers required for platform
during compile time. SDK drivers and platform files are now fetched
from a submodule(mrvl-prestera).

Additionaly, DTB required for sonic_fit creation during compile time
is sourced from sonic-linux-kernel.

Signed-off-by: Pavan Naregundi <pnaregundi@marvell.com>

* Add hugepage cmdline agrument

Updated sdk & driver requries hugepage to be reserved during kernel
boot. These kernel command line agrument are passed from installer.conf
in device folder.

Signed-off-by: Pavan Naregundi <pnaregundi@marvell.com>

* Update SAI deb to 1.12.0-3

Signed-off-by: Pavan Naregundi <pnaregundi@marvell.com>

---------

Signed-off-by: Pavan Naregundi <pnaregundi@marvell.com>
2023-11-16 21:24:53 +08:00
Vivek
60dc4d2e89
[202305] Fix v6relay dual tor if selection issue (#17186)
Why I did it
dhcp_relay dual tor tests are failing in 202305

How I did it
Backport #15864 to 202305

How to verify it
Ran sonic-mgmt dhcp_relay tests.
2023-11-16 21:22:15 +08:00
Lawrence Lee
dc33611029 [tph]: Detect LAG flaps from APPL_DB (#16879)
Why I did it
A race condition exists while the TPH is processing a netlink message - if a second netlink message arrives during processing it will be missed since TPH is not listening for other messages.
Another bug was found where TPH was unnecessarily restarting since it was checking admin status instead of operational status of portchannels.

How I did it
Subscribe to APPL_DB for updates on LAG operational state
Track currently sniffed interfaces

How to verify it
Send tunnel packets with destination IP of an unresolved neighbor, verify that ping commands are run
Shut down a portchannel interface, verify that sniffer does not restart
Send tunnel packets, verify ping commands are still run
Bring up portchannel interface, verify that sniffer restarts

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2023-11-16 20:49:42 +08:00
Stepan Blyshchak
fd10ce1f8b [YANG][ACL] Change LAG -> PORTCHANNEL in DB schema (#17062)
Orchagent uses PORTCHANNEL term when parsing this field. Change the YANG model to align to orchagent.

- Why I did it
When specifying PORTCHANNEL in ACL_TABLE_TYPE table YAGN model validation does not pass, when using term LAG orchagent does not accept such table type.
Fix it by aligning YANG model to orchagent.

- How I did it
Fix in YANG model.

- How to verify it
Create custom ACL table type.

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
2023-11-16 20:48:58 +08:00
mssonicbld
f233a26686
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#17173)
#### Why I did it
src/sonic-utilities
```
* 3609e417 - (HEAD -> 202305, origin/202305) [sonic-package-manager] do not modify config_db.json (#3032) (2 hours ago) [Stepan Blyshchak]
* 354dfe80 - [sonic_installer]: Improve exception handling: introduce notes. (#3028) (3 hours ago) [Nazarii Hnydyn]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-15 16:34:18 +08:00
ganglv
f2a495f7e5
[202305] Share image for gnmi and telemetry (#17137)
Why I did it
Share docker image to support gnmi container and telemetry container
backport #16863

Work item tracking
Microsoft ADO 25423918:
How I did it
Create telemetry image from gnmi docker image.
Enable gnmi container and disable telemetry container by default.

How to verify it
Run end to end test.
2023-11-15 11:28:21 +08:00
mssonicbld
a3f81537b3
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17146)
#### Why I did it
src/sonic-swss
```
* 65720c1a - (HEAD -> 202305, origin/202305) Send hearbeat during warm reboot freese (#2923) (#2956) (14 hours ago) [Hua Liu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-12 16:32:22 +08:00
mssonicbld
94b520bbb1
[FRR][patch] Add encap type when building packet for FPM (#17052) (#17145) 2023-11-12 01:48:42 +08:00
mssonicbld
f962fa69aa
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#17122) 2023-11-10 15:50:49 +08:00
mssonicbld
40d1159b00
[Build] Deprecate the mirror packages.trafficmanager.net/debian (#17113) (#17128) 2023-11-10 01:35:11 +08:00
mssonicbld
21c6e9ff80
[gearbox] use credo sai v0.9.3 (#16860) (#17126) 2023-11-09 17:26:34 +08:00
mssonicbld
27b687a010
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17121)
#### Why I did it
src/sonic-swss
```
* 9b9ac4fd - (HEAD -> 202305, origin/202305) Add more debug information when PFC WD is triggered (#2858) (8 minutes ago) [Stephen Sun]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-09 16:32:59 +08:00
mssonicbld
f64f96eeb4
Fix LAG going down after warm reboot with SONiC neighbors (#17040) (#17117) 2023-11-08 23:09:05 +08:00
mssonicbld
14934ab165
[knet]: Disable NETIF_F_HW_CSUM in KNET (#17080) (#17118) 2023-11-08 22:49:58 +08:00
mssonicbld
403d09db78
[Mellanox] [SN5600] Removing 8x DPB mode from platform files (#17071) (#17119) 2023-11-08 22:48:22 +08:00
mssonicbld
f887f59836
[minigraph-parser] Disable unsupported counters on management devices (#16937) (#17103)
Why I did it
To avoid orchagent crash issue like sonic-net/sonic-swss#2935, disable unsupported counters on SONiC management devices.

Work item tracking
Microsoft ADO (number only): 25437720
How I did it
Update the minigraph parser to disable unsupported counters on management devices.

How to verify it
Verified by unittest.
Manually apply patch to DUT and do config load_minigraph

Co-authored-by: Zhijian Li <zhijianli@microsoft.com>
Co-authored-by: StormLiangMS <89824293+StormLiangMS@users.noreply.github.com>
2023-11-08 18:10:30 +08:00
zitingguo-ms
1bc358ae8d
Fix device type and add cluster in DEVICE_NEIGHBOR_METADATA yang model (#17049) (#17109)
Why I did it
The current DEVICE_NEIGHBOR_METADATA yang model has two issues that would block GCU operation when it checks if the current config aligns with the YANG model:

Missing cluster field in YANG
Incomplete set of device type. The device type in YANG model doesn't include all the device type.
Work item tracking
Microsoft ADO (number only): 25577813
How I did it
Add cluster field in DEVICE_NEIGHBOR_METADATA YANG model.
Change device type to string.
Fix the UT test accordingly.
How to verify it
Build the image and verify the unit tests passed.

Signed-off-by: zitingguo-ms <zitingguo@microsoft.com>
2023-11-08 11:05:32 +08:00
mssonicbld
78cc6cfa22
[copp]: Enable rate limiting for bgp, lacp, dhcp, lldp, macsec and udld (#14859) (#17111) 2023-11-07 20:52:08 +08:00
Hua Liu
a11b33b6ca
Write error message to syslog when add user failed or connect to TACACS server failed. (#16240) (#17081)
Write error message to syslog when add user failed or connect to TACACS server failed.

Why I did it
With these messages, we can downgrade TACACS server with issue to lower priority.

Work item tracking
Microsoft ADO: 24667696
How I did it
Write error message to syslog when add user failed or connect to TACACS server failed.

How to verify it
Pass all UT.
Manually verify error message generated.
2023-11-06 23:07:10 +08:00
StormLiangMS
0e5bac9821
Cherry pick to 202305 - Enable fib suppress for leafrouter by default #17101
Why I did it
Cherry pick #17072

Work item tracking
Microsoft ADO (25564723):
How I did it
How to verify it
2023-11-06 23:05:31 +08:00
jhli-cisco
7117fed404
Update cisco-8000.ini (#17099)
Why I did it
Drop for 8111-32EH-O:

Fix for clear_trap_configuration errors
Fix OREDERED ECMP NHG drop when route is added before members are added
Fix port handling of empty ecmp group to drop packets
Fix for link_notification_handle error
Auto FPD upgrade support
Work item tracking
Microsoft ADO (number only):
How I did it
update platform to 202305.1.0.1
2023-11-06 12:18:30 +08:00
mssonicbld
80d9a9951a
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#17082)
#### Why I did it
src/sonic-gnmi
```
* a49ca56 - (HEAD -> 202305, origin/202305) Merge pull request #167 from zbud-msft/cherry-pick-fix-panic-202305 (11 hours ago) [StormLiangMS]
* 6ba1125 - Merge branch '202305' into cherry-pick-fix-panic-202305 (2 weeks ago) [Zain Budhwani]
* 3a0fbb9 - Fix build error (2 weeks ago) [Zain Budhwani]
* 7fad847 - Recover from potential panic when doing map to JSON serialization (#161) (2 weeks ago) [Zain Budhwani]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-03 16:33:00 +08:00
mssonicbld
9ab60260a5
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#17084)
#### Why I did it
src/sonic-platform-common
```
* e7325db - (HEAD -> 202305, origin/202305) Fix SSD health percentage issue for vendor Virtium (#407) (#408) (11 hours ago) [Stephen Sun]
* 87e33ab - [Credo][Ycable] Remove the thread locker protection from the thread-safe APIs (#388) (11 hours ago) [Xinyu Lin]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-03 16:32:53 +08:00
mssonicbld
b85f891472
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17085)
#### Why I did it
src/sonic-sairedis
```
* 5a052ed - (HEAD -> 202305, origin/202305) [warmboot] Add workaround for `INIT_VIEW` failure  (#1252) (11 hours ago) [Jing Zhang]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-03 16:32:49 +08:00
mssonicbld
eaca6ccde9
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#17088) 2023-11-03 15:38:14 +08:00
mssonicbld
8eb249827a
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17087) 2023-11-03 15:33:21 +08:00
Vadym Hlushko
28ecd068d4
[202305][buffers] Add 'create_only_config_db_buffers.json' file for the Mellanox devices (not MSFT SKU) (#17006)
Why I did it
Add the create_only_config_db_buffers attribute to the DEVICE_METADATA|localhost. If the "create_only_config_db_buffers" exists and is equal to "true" - the buffers will be created according to the config_db configuration (for example BUFFER_QUEUE|* table), otherwise the maximum available buffers (which are read from SAI) will be created, regardless of the CONFIG_DB buffers configuration.

Work item tracking
Microsoft ADO (number only):
How I did it
Add the create_only_config_db_buffers.json files for Mellanox devices (not MSFT SKU's), and inject the content to the CONFIG_DB during the swss docker container start.

How to verify it
Manual verification:

Install the image with this PR included on the not MSFT SKU switch
Check the show queue counters output and verify that only configured in CONFIG_DB buffers are created
root@sonic:/home/admin# show queue counters
     Port    TxQ    Counter/pkts    Counter/bytes    Drop/pkts    Drop/bytes
---------  -----  --------------  ---------------  -----------  ------------
Ethernet0    UC0               0                0            0           N/A
Ethernet0    UC1               0                0            0           N/A
Ethernet0    UC2               0                0            0           N/A
Ethernet0    UC3               0                0            0           N/A
Ethernet0    UC4               0                0            0           N/A
Ethernet0    UC5               0                0            0           N/A
Ethernet0    UC6               0                0            0           N/A
Open the /usr/share/sonic/device/$DEVICE/$SKU/create_only_config_db_buffers.json and change it to:
"create_only_config_db_buffers": "false"
Do config reload
Check the show queue counters output and verify that all available buffers are created
root@sonic:/home/admin# show queue counters
     Port    TxQ    Counter/pkts    Counter/bytes    Drop/pkts    Drop/bytes
---------  -----  --------------  ---------------  -----------  ------------
Ethernet0    UC0               0                0            0           N/A
Ethernet0    UC1               0                0            0           N/A
Ethernet0    UC2               0                0            0           N/A
Ethernet0    UC3               0                0            0           N/A
Ethernet0    UC4               0                0            0           N/A
Ethernet0    UC5               0                0            0           N/A
Ethernet0    UC6               0                0            0           N/A
Ethernet0    UC7              60            15346            0           N/A
Ethernet0    MC8             N/A              N/A          N/A           N/A
Ethernet0    MC9             N/A              N/A          N/A           N/A
Ethernet0   MC10             N/A              N/A          N/A           N/A
Ethernet0   MC11             N/A              N/A          N/A           N/A
Ethernet0   MC12             N/A              N/A          N/A           N/A
Ethernet0   MC13             N/A              N/A          N/A           N/A
Ethernet0   MC14             N/A              N/A          N/A           N/A
Ethernet0   MC15             N/A              N/A          N/A           N/A
2023-11-03 14:27:17 +08:00
mssonicbld
fbf30ec6a8
[tacacs]: Fix tcpdump report error when tacacs enabled (#16372) (#17077) 2023-11-03 04:31:18 +08:00
mssonicbld
feaa855346
Add special rsyslog filter for MSN2700 platform (#16684) (#17078) 2023-11-03 03:05:44 +08:00
Nazarii Hnydyn
7d54155f67
[ppi]: Enable global port late create for all Mellanox HWSKUs. (#16946)
Why I did it
To improve FAST reboot dataplane downtime
Work item tracking
N/A
How I did it
Updated SAI xml config file
How to verify it
Run sonic-mgmt tests of fastboot
2023-11-02 23:14:18 +08:00
mssonicbld
d814cc41d4
[eventd]: Disabling eventd tests (#17053) (#17061) 2023-11-01 23:39:49 +08:00
mssonicbld
530f756304
Upgrade XGS saibcm-modules to 8.4 (#16246) (#17024) 2023-10-27 00:13:26 +08:00
mssonicbld
fc8d645b87
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17017)
#### Why I did it
src/sonic-swss
```
* 5bee57a4 - (HEAD -> 202305, origin/202305) Fix data race in on_switch_shutdown_request() (#2931) (16 hours ago) [Yakiv Huryk]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-10-26 16:32:39 +08:00
mssonicbld
09cb711cd7
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#17018)
#### Why I did it
src/sonic-utilities
```
* 569beb19 - (HEAD -> 202305, origin/202305) Revert "Remove syslog service validator in GCU (#2991)" (#3015) (16 hours ago) [jingwenxie]
* ab7f03ea - [db_migrator] Fix the broken version chain (#3014) (16 hours ago) [Vivek]
* 0f17b8d5 - [fwutil] Fix python SyntaxWarning for 'is' with literals (#3013) (16 hours ago) [Kebo Liu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-10-26 16:32:34 +08:00
Prince Sunny
8564be4344
[Submodule] Update for sonic-restapi (#16994)
Why I did it
Submodule update for sonic-restapi

ccad4a2 - 2023-10-17 : [Tunnel] Support co-existence of IPv4 and IPv6 tunnels (#147) [Prince Sunny]
c8fa96b - 2023-10-12 : Remove command to install libhiredis deb file (#146) [Saikrishna Arcot]

Work item tracking
Microsoft ADO 25072916:
How I did it
How to verify it
2023-10-26 09:30:24 +08:00
mssonicbld
8cc74240b0
Add yang model for PFC watchdog debug information (#16206) (#17008) 2023-10-26 01:26:05 +08:00
mssonicbld
da90d5624d
[Mellanox] Enhance the processing of Kconfig in the hw-mgmt integration (#16752) (#17009) 2023-10-26 00:46:54 +08:00
Samuel Angebault
7982c3a2a8 Add some config options to make gbsyncd optional (#16840)
Why I did it
In an effort to allow people to build a slim version of SONiC to fit on devices to small storage, there is a need to disable some unneeded features.
The docker-gbsyncd are only applicable to devices with external gearboxes and might not apply to devices that need a small image.
It is therefore desirable to have a knob to not include these gbsyncd containers.

Work item tracking
Microsoft ADO (number only):
How I did it
Add a new config INCLUDE_GBSYNCD which is enabled by default to retain the previous behavior.
Setting it to n will not include the platform/components/docker-gbsyncd-*.mk.

How to verify it
Set INCLUDE_GBSYNCD = n and witness that docker-gbsyncd images are not present in the final image.
2023-10-25 22:32:41 +08:00
Zain Budhwani
d48c272677 Add fix for deserializing XSUB/XPUB subscription message (#16598)
### Why I did it

##### Work item tracking
- Microsoft ADO **(number only)**:24851367

#### How I did it

Read subscription message when capture service starts, before reading cached events.

#### How to verify it

UT/Manual testing
2023-10-25 12:32:31 +08:00
mssonicbld
8cc1998e74
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#16977) 2023-10-25 05:10:13 +08:00
mssonicbld
d050ac8c4d
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#16987) 2023-10-25 03:48:40 +08:00
Samuel Angebault
274e929f11
Reduce SONiC image filesystem size (#16948)
Why I did it
Running SONiC releases past 202012 has become really challenging on system with small storage devices (4GB).
Some of these devices can also be limited by only having 4GB of RAM which complicates mitigations.
The main contributor to these issues is the SONiC image growth.
Being able to reduce it by some decent amount should allow these systems to run SONiC longer.
It would also reduce some impacts related to space savings mitigations.

Work item tracking
Microsoft ADO (number only):
How I did it
Add a build option to reduce the image size.
The image reduction process is affecting the builds in 2 ways:

change some packages that are installed in the rootfs
apply a rootfs reduction script
The script itself will perform a few steps:

remove file duplication by leveraging hardlinks
under /usr/share/sonic since the symlinks under the device folder are lost during the build.
under /var/lib/docker since the files there will only be mounted ro
remove some extra files (man, docs, licenses, ...)
some image specific space reduction (only for aboot images currently)
The script can later be improved but for now it's reducing the rootfs size by ~30%.

How to verify it
Compare the size of an image with this option enabled and this option enabled.
Expect the fully extracted content to be ~30% less.

Which release branch to backport (provide reason below if selected)
This is a backport of #16729

Description for the changelog
Add build option to reduce final image size
2023-10-24 21:08:38 +08:00
Vivek
34728958a1
[submodule] Update sonic-dhcp-relay submodule (#16942)
Why I did it
Update the submodule to include the following fixes

2b33d76 dhcpv6 per interface counter support 
6a6ce24 fix dhcpv6 relay dual tor source interface selection issue 
c36b8e3 [actions] Support Semgrep by Github Actions (#39)
Work item tracking
Microsoft ADO (number only):
How I did it
How to verify it
2023-10-24 09:55:46 +08:00
mssonicbld
9354980199
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#16919) 2023-10-24 03:46:07 +08:00
Saikrishna Arcot
d554cd55d6
[202305] Update Linux kernel to 5.10.179 (#16958)
Why I did it
Update the kernel to 5.10.179 for the 202305 branch

Work item tracking
Microsoft ADO (number only): 24592132
How I did it
How to verify it
2023-10-23 22:37:30 +08:00
mssonicbld
bf605cf771
[ci/build]: Upgrade SONiC package versions (#16964) 2023-10-21 23:04:00 +08:00
mssonicbld
ad70614630
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#16922) 2023-10-21 16:47:48 +08:00
mssonicbld
0de27046bb
[submodule] Update submodule linkmgrd to the latest HEAD automatically (#16917) 2023-10-21 16:47:12 +08:00