Commit Graph

7645 Commits

Author SHA1 Message Date
abdosi
15a39ac806 Fix the Loopback0 IPv6 address of LC's in chassis not reachable from (#16026)
What I did:
Fix the Loopback0 IPv6 address of LC's in chassis not reachable from peer devices.

Why I did:
For Ipv6 Loopback0 address we only advertise /64 subnet to the peer devices. However, in case of chassis each LC will have it own /128 address of that /64 subnet . Since this /128 address does not get advertised peer devices can-not ping/reach the LC's loopback0.

How I fix:
Advertise /128 Loopback0 Ipv6 address only between i-BGP peers. This way even though /64 is advertised to e-BGP peer devices when packet reaches any of LC's it can reach the appropriate LC's.

How I verify:
Manual verification
UT added for same.

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2023-08-15 04:32:34 +08:00
pavannaregundi
6876f27374 [Marvell] Fix get_system_mac for system without eeprom (#15376)
Why I did it
get_system_mac was returning 'None' mac for system without eeprom.
get_system_mac for marvell platform checks for mac in eeprom, profile.ini(hwsku file) and eth0. Check for valid mac returned by syseeprom was incorrect. Which was resulting in bypassing mac get from profile.ini and eth0.

How I did it
get_system_mac already has a logic to get first valid mac.
Removed null check for mac returned by eeprom.
Corrected the check for profile.ini file by checking if file exist.

How to verify it
Executed sonic-cfggen to check valid mac address is getting configured in config_db.json with/without profile.ini.
Signed-off-by: Pavan Naregundi <pnaregundi@marvell.com>
2023-08-15 04:32:30 +08:00
Yevhen Fastiuk
4602d30a73
[syslog] Add remote syslog configuration (cherry-pick to 202305) (#15897)
cherry-pick: #14513
depends: https://github.com/sonic-net/sonic-utilities/pull/2939

* Add an ability to configure remote syslog servers
* Add an initial configuration for remote syslog
* Extend YANG module and add unit tests

#### Why I did it
Adding the following functionality to rsyslog feature:

* Configure remote syslog servers: protocol, filter, severity level
* Update global syslog configuration: severity level, message format

#### How I did it
added parameters to syslog server and global configuration.

#### How to verify it
create syslog server using CLI/adding to Redis-DB
verify server is added to file /etc/rsyslog.conf and server is functional.

#### Description for the changelog
extend rsyslog capabilities, added server and global configuration parameters.

#### Link to config_db schema for YANG module changes
[sonic-syslog.yang](https://github.com/sonic-net/sonic-buildimage/blob/master/src/sonic-yang-models/yang-models/sonic-syslog.yang)
2023-08-14 13:12:33 -07:00
mssonicbld
ac34681b92
Update the iSMART_64 tool (#15936) (#16139)
Why I did it
Updating the iSMART_64 tool for supporting latest debian releases.

How I did it
On branch new_ismart
Changes to be committed:
(use "git restore --staged ..." to unstage)
modified: platform/broadcom/sonic-platform-modules-dell/s6100/scripts/iSMART_64

How to verify it
In s6100, run the iSMART_64 tool.
md5sum - 24725730d7649769c7ba50971c1f2955

Co-authored-by: Santhosh Kumar T <53558409+santhosh-kt@users.noreply.github.com>
2023-08-14 22:42:30 +08:00
mssonicbld
75b7ec361c
[Mellanox] Add more unit test coverage for platform API (#15842) (#16137)
- Why I did it
Increase UT coverage for Nvidia platform API code

Work item tracking
Microsoft ADO (number only):

- How I did it
Focus on low coverage file:
1. component.py
2. watchdog.py
3. pcie.py

- How to verify it
Run the unit test, the coverage has been changed from 70% to 90%

Co-authored-by: Junchao-Mellanox <57339448+Junchao-Mellanox@users.noreply.github.com>
2023-08-14 22:40:38 +08:00
mssonicbld
3119077744
Update usage leaf in sonic-events-host yang models (#15805) (#16136)
#### Why I did it

event yang models for usage currently use int as type for usage leaf, needs to be of type decimal64

##### Work item tracking
- Microsoft ADO **(number only)**:17747466

#### How I did it

Update yang models and UT

#### How to verify it

UT

Co-authored-by: Zain Budhwani <99770260+zbud-msft@users.noreply.github.com>
2023-08-14 22:40:06 +08:00
mssonicbld
ec73d0f3ff
[chassis]: removed dependency for bgp and swss for chassis supervisor (#15734) (#16135)
Fixes #15667 and #13293

Work item tracking
Microsoft ADO 24472854:

How I did it
On chassis supervisor bgp feature is disabled in hostcfgd. The dependency between swss and bgp causes the bgp containers to start even though the feature is disabled.

How to verify it
Tests on chassis supervisor and LC

Co-authored-by: Arvindsrinivasan Lakshmi Narasimhan <55814491+arlakshm@users.noreply.github.com>
2023-08-14 22:39:24 +08:00
SuvarnaMeenakshi
ebe8c8c223 [SNMP][IPv6]: Fix to use link local IPv6 address as snmp agentAddress (#16013)
<!--
     Please make sure you've read and understood our contributing guidelines:
     https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md

     ** Make sure all your commits include a signature generated with `git commit -s` **

     If this is a bug fix, make sure your description includes "fixes #xxxx", or
     "closes #xxxx" or "resolves #xxxx"

     Please provide the following information:
-->

#### Why I did it
fixes: https://github.com/sonic-net/sonic-buildimage/issues/16001
Caused by: https://github.com/sonic-net/sonic-buildimage/pull/15487

The above PR introduced change to use Management and Loopback Ipv4 and ipv6 addresses as snmpagent address in snmpd.conf file.
With this change, if Link local IP address is configured as management or Loopback IPv6 address, then snmpd tries to open socket on that ipv6 address and fails with the below error:
```
Error opening specified endpoint "udp6:[fe80::5054:ff:fe6f:16f0]:161"
Server Exiting with code 1
```
From RFC4007, if we need to specify non-global ipv6 address without ambiguity, we need to use zone id along with the ipv6 address: <address>%<zone_id>
Reference: https://datatracker.ietf.org/doc/html/rfc4007

##### Work item tracking
- Microsoft ADO **(number only)**:

#### How I did it
Modify snmpd.conf file to use the %zone_id representation for ipv6 address.
#### How to verify it
In VS testbed, modify config_db to use link local ipv6 address as management address:
    "MGMT_INTERFACE": {
        "eth0|10.250.0.101/24": {
            "forced_mgmt_routes": [
                "172.17.0.1/24"
            ],
            "gwaddr": "10.250.0.1"
        },
        "eth0|fe80::5054:ff:fe6f:16f0/64": {
            "gwaddr": "fe80::1"
        }
    },

Execute config_reload after the above change.
snmpd comes up and check if snmpd is listening on ipv4 and ipv6 addresses:
```
admin@vlab-01:~$ sudo netstat -tulnp | grep 161
tcp        0      0 127.0.0.1:3161          0.0.0.0:*               LISTEN      274060/snmpd        
udp        0      0 10.1.0.32:161           0.0.0.0:*                           274060/snmpd        
udp        0      0 10.250.0.101:161        0.0.0.0:*                           274060/snmpd        
udp6       0      0 fc00:1::32:161          :::*                                274060/snmpd        
udp6       0      0 fe80::5054:ff:fe6f::161 :::*                                274060/snmpd      -- Link local 
 
admin@vlab-01:~$ sudo ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.250.0.101  netmask 255.255.255.0  broadcast 10.250.0.255
        inet6 fe80::5054:ff:fe6f:16f0  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:6f:16:f0  txqueuelen 1000  (Ethernet)
        RX packets 36384  bytes 22878123 (21.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 261265  bytes 46585948 (44.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

admin@vlab-01:~$ docker exec -it snmp snmpget -v2c -c public fe80::5054:ff:fe6f:16f0 1.3.6.1.2.1.1.1.0
iso.3.6.1.2.1.1.1.0 = STRING: "SONiC Software Version: SONiC.master.327516-04a6031b2 - HwSku: Force10-S6000 - Distribution: Debian 11.7 - Kernel: 5.10.0-18-2-amd64"
```
Logs from snmpd:
```
Turning on AgentX master support.
NET-SNMP version 5.9
Connection from UDP/IPv6: [fe80::5054:ff:fe6f:16f0%eth0]:44308
```
Ran test_snmp_loopback test to check if loopback ipv4 and ipv6 works:
```
./run_tests.sh -n vms-kvm-t0 -d vlab-01 -c snmp/test_snmp_loopback.py  -f vtestbed.yaml -i ../ansible/veos_vtb -e "--skip_sanity --disable_loganalyzer" -u
=== Running tests in groups ===
Running: pytest snmp/test_snmp_loopback.py --inventory ../ansible/veos_vtb --host-pattern vlab-01 --testbed vms-kvm-t0 --testbed_file vtestbed.yaml --log-cli-level warning --log-file-level debug --kube_master unset --showlocals --assert plain --show-capture no -rav --allow_recover --ignore=ptftests --ignore=acstests --ignore=saitests --ignore=scripts --ignore=k8s --ignore=sai_qualify --junit-xml=logs/tr.xml --log-file=logs/test.log --skip_sanity --disable_loganalyzer
..                                                                        

snmp/test_snmp_loopback.py::test_snmp_loopback[vlab-01] PASSED 
```
<!--
If PR needs to be backported, then the PR must be tested against the base branch and the earliest backport release branch and provide tested image version on these two branches. For example, if the PR is requested for master, 202211 and 202012, then the requester needs to provide test results on master and 202012.
-->

#### Which release branch to backport (provide reason below if selected)

<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [x] 202012
- [x] 202106
- [x] 202111
- [x] 202205
- [x] 202211
- [x] 202305

#### Tested branch (Please provide the tested image version)

<!--
- Please provide tested image version
- e.g.
- [x] 20201231.100
-->

- [ ] <!-- image version 1 -->
- [ ] <!-- image version 2 -->

#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->

<!--
 Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.
-->

#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->

#### A picture of a cute animal (not mandatory but encouraged)
2023-08-14 18:32:35 +08:00
mssonicbld
fb4f2382d1
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#16061)
#### Why I did it
src/sonic-platform-common
```
* 5af6f9f - (HEAD -> 202305, origin/202305) Comment out tx power validation check and program the passed value  (#389) (3 days ago) [abdosi]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-08-09 20:51:34 +08:00
mssonicbld
ca8efbf0d3
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#16063)
#### Why I did it
src/sonic-swss
```
* 27b64579 - (HEAD -> 202305, origin/202305) Remove system neighbor DEL operation in m_toSync if SET operation for (#2853) (3 days ago) [Song Yuan]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-08-09 18:35:26 +08:00
mssonicbld
b226ae0699
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#16064)
#### Why I did it
src/sonic-swss-common
```
* 449ac55 - (HEAD -> 202305, origin/202305) [Ci] Fix collect log error in azp template (#799) (2 days ago) [xumia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-08-08 20:47:47 +08:00
Longxiang Lyu
6e49fa5fd2 [monit][dualtor] Periodically check mux neighbors consistency (#15769)
Signed-off-by: Longxiang Lyu <lolv@microsoft.com>
2023-08-08 18:33:29 +08:00
mssonicbld
63e51b4b2a
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#16059)
#### Why I did it
src/sonic-linux-kernel
```
* bf1ee0e - (HEAD -> 202305, origin/202305) Fix Makefile syntax and provide default value for CONFIGURED_PLATFORM (#324) (13 hours ago) [Saikrishna Arcot]
* 7d7abaf - Update codeowner and build info (#319) (13 hours ago) [Saikrishna Arcot]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-08-08 02:32:45 +08:00
mssonicbld
4ca01a7715
[syncd.sh] Clear semaphore before updating firmware (#15818) (#16067) 2023-08-07 18:20:15 +08:00
xumia
30f935c994 [Build] Fix some of the patches not applied issue (#15660)
Why I did it
Fix some of the patches in .patches folder not applied issue.
The command "quilt applied" only lists the applied patches, if some of the patches have issues, then the patches will not be applied when you run the build command again.

Work item tracking
Microsoft ADO (number only): 24410730
How I did it
Run the command to apply the patches without any conditions.
If failed, check if the failure reason is "series fully applied".
How to verify it
2023-08-07 16:33:01 +08:00
mssonicbld
41cdd361d6
[submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (#16062)
#### Why I did it
src/sonic-platform-daemons
```
* 6c47906 - (HEAD -> 202305, origin/202305) Update active application selected code in transceiver_info table aft… (#381) (13 hours ago) [Michael Wang - TW]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-08-07 16:32:54 +08:00
mssonicbld
e6e461ccf2
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#16065) 2023-08-07 16:30:02 +08:00
vmittal-msft
5ee18ece65 Update WRED profile on system ports (#15612)
* Update WRED profile on system ports
2023-08-07 14:33:42 +08:00
Stephen Sun
33d14521f2 [Mellanox] Use Debian reboot in Nvidia platform reboot when it is invoked from kdump capture boot (#15701)
#### Why I did it

When a kernel crash occurs, the system will reboot to the kdump capture kernel if kdump is enabled (`config kdump enable`). In the kdump capture boot, it only stores the crash information, and then reboot the system to a normal boot.
In this boot, no SONiC service is started but it invokes `reboot` which is actually the SONiC reboot that depends on SONiC services. There is a logic to skip all SONiC stuff and invoke platform reboot in SONiC reboot to avoid issues.
However, on Nvidia platforms, the platform reboot still depends on SONiC services, which can cause issues.
So, the Debian reboot is called directly in platform reboot if it is invoked from the kdump capture boot.

#### How I did it

Manual test
2023-08-07 14:33:34 +08:00
mssonicbld
33a10b479a
[nvidia] make sure shared storage with syncd is cleared on restarts (#14547) (#16046)
Why I did it
Sharing the storage of syncd with other proprietary application extensions allows them to communicate with syncd in differnt ways.
If one container wants to pass some information to syncd then shared storage can be used. However, today the shared storage isn't cleaned on restarts making it possible for syncd to read out-of-date information generated in the past.

NOTE: No plans to use it for standard SONIC dockers and we are working on removing the SDK dependency from PMON docker

How I did it
Implemented new service to clean the shared storage.

How to verify it
Do reboot/fast-reboot/warm-reboot/config-reload/systemctl restart swss and verify /tmp/ is cleaned after each restart in syncd container.

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
Co-authored-by: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com>
2023-08-07 09:27:43 +08:00
mssonicbld
471a3a8067
Add support data for fabric monitoring in CONFIG_DB. (#14170) (#16045)
Added support data for fabric monitoring in CONFIG_DB

The CONFIG_DB now has the FABRIC_MONITOR|FABRIC_MONITOR_DATA table for default value for fabric port monitoring. An example output of getting this table is:

sonic-db-cli CONFIG_DB hgetall "FABRIC_MONITOR|FABRIC_MONITOR_DATA"
{'monErrThreshCrcCells': '1', 'monErrThreshRxCells': '61035156', 'monPollThreshIsolation': '1', 'monPollThreshRecovery': '8'}

The CONFIG_DB now also has a table for each fabric port for its isolate status.
An example output of getting this table is:

sonic-db-cli CONFIG_DB hgetall "FABRIC_PORT|Fabric20"
{'alias': 'Fabric20', 'isolateStatus': 'False', 'lanes': '20'}

Co-authored-by: jfeng-arista <98421150+jfeng-arista@users.noreply.github.com>
2023-08-07 09:26:45 +08:00
mssonicbld
03fc34e56c
[YANG][vlan-sub-interface] Add vlan field (#15838) (#16057) 2023-08-07 03:48:34 +08:00
mssonicbld
1c3e5947ce
[YANG] add yang model for MUX_LINKMGR|MUXLOGGER (#15884) (#16058) 2023-08-07 03:46:18 +08:00
mssonicbld
b812e562c8
[minigraph] remove number of lanes check for changing speed from 400G to 100G and set speed setting before lane reconfiguration (#15721) (#16054) 2023-08-07 03:24:30 +08:00
mssonicbld
14ba74ede9
[E1031] fix pca9548 initializes failed occasionally (#15712) (#16052) 2023-08-07 03:01:06 +08:00
Junchao-Mellanox
bf37c3162c Fix issue: set delayed attribute to true for platform monitor service (#15816)
There is a redundant line in init_cfg.json.j2. It would cause pmon service always has "delayed=False". However, we know that PMON has a timer now. So, I try to fix it here.
2023-08-07 00:34:12 +08:00
Samuel Angebault
82108429c6
[202305][Arista] Update platform submodules (#16010)
Why I did it
fix pcied leak on chassis
fix fan status led setting on fixed systems
misc fixes
Work item tracking
Microsoft ADO (number only):
How I did it
Updated arista platform library submodules

Description for the changelog
Update Arista platform submodules
2023-08-06 21:31:17 +08:00
mssonicbld
157b9ea3b7
[Mellanox] Remove unnecessary file manipulation in the SAI Make file (#15993) (#16043) 2023-08-06 17:18:21 +08:00
mssonicbld
89fdba9e92
[Mellanox] Remove reset_from_comex from reboot cause mapping (#15793) (#16040) 2023-08-06 17:04:26 +08:00
lerry-lee
3dfe75df7d
[CI/CD] Use remote PR test template from sonic-mgmt master to run PR test (#15980)
Why I did it
Use remote PR test template from sonic-mgmt master to run PR test.

How I did it
Modify PR test azure pipeline yml file.

How to verify it
PR test executing normally.

Signed-off-by: Chun'ang Li <chunangli@microsoft.com>
2023-08-01 16:20:52 +08:00
mssonicbld
c564f37ec4
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#15981) 2023-07-27 19:18:36 +08:00
mssonicbld
9da145cdc4
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#15951) 2023-07-25 09:59:02 +08:00
mssonicbld
33d4981c52
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#15778) 2023-07-24 22:40:34 +08:00
mssonicbld
298e7ebe34
[Mellanox] Add support for BIOS update on Spectrum-4 (#15795) (#15942) 2023-07-24 02:08:20 +08:00
mssonicbld
379d45ce3e
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#15917)
#### Why I did it
src/sonic-platform-common
```
* 411d5b2 - (HEAD -> 202305, origin/202305) More prevention of fatal exception caused by VDM dictionary missing fields when a transceiver has just been pulled (#376) (2 days ago) [snider-nokia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-21 16:32:51 +08:00
Ying Xie
8369e1c6b7 Potential fix for Celestica E1031 device hang (#15822)
set CPU max_cstate to 0

Co-authored-by: Sumukha Tumkur Vani <sumukhatv@outlook.com>
2023-07-21 14:33:59 +08:00
mssonicbld
3bfe92e10e
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#15919)
#### Why I did it
src/sonic-swss
```
* fa342305 - (HEAD -> 202305, origin/202305) Remove redundant updateFabricPortState (#2850) (18 hours ago) [kenneth-arista]
* c571d8bf - Allow NOT_IMPLEMENTED sai return status for availability monitoring API (#2848) (18 hours ago) [Tejaswini Chadaga]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-20 18:33:59 +08:00
mssonicbld
aab66f8cd7
[submodule] Update submodule sonic-py-swsssdk to the latest HEAD automatically (#15777)
src/sonic-py-swsssdk

* 1109e49 - (HEAD -> 202305, origin/master, origin/HEAD, origin/202305, master) add semgrep (#141) (4 weeks ago) [Mai Bui]
How I did it
How to verify it
2023-07-19 21:18:16 +08:00
mssonicbld
54eec890ba
Revert "[gearbox] use credo sai v0.9.0 (#14149)" (#15708) (#15879) 2023-07-19 20:25:29 +08:00
mssonicbld
18b446bfe0
[ctgmgr]: do not remove label when do systemd service stop when service is in kube mode (#15642) (#15878) 2023-07-19 20:10:41 +08:00
mssonicbld
ff5c03f91b
[Nokia][sonic-platform] Update Nokia sonic-platform submodule (#15239) (#15873) 2023-07-19 20:07:15 +08:00
mssonicbld
6004054711
[arp_update]: Fix IPv6 neighbor race condition (#15583) (#15877) 2023-07-19 20:06:12 +08:00
mssonicbld
7bd67d4f37
Upgrade scapy in the PTF's python3 virtualenv to 2.5.0 (#15573) (#15875) 2023-07-19 20:05:40 +08:00
mssonicbld
83aa8b8180
[SNMP][IPv6]: Fix SNMP IPv6 reachability issue in certain scenarios (#15487) (#15874) 2023-07-19 20:04:57 +08:00
mssonicbld
f4a7e22e4e
[k8s]: Bypass the systemd service restart limit and do immediately restart when change to local mode (#15432) (#15868) 2023-07-19 20:04:23 +08:00
mssonicbld
38e721bc24
[ctrmgr]: Container image clean up bug fix (#15772) (#15870) 2023-07-19 20:02:45 +08:00
mssonicbld
74598e568a
Add health check probe for k8s upgrade containers. (#15223) (#15867)
#### Why I did it
After k8s upgrade a container, k8s can only know the container is running, don't know the service's status inside container. So we need a probe inside container, k8s will call the probe to check whether the container is really ready.
##### Work item tracking
- Microsoft ADO **(number only)**: 22453004
#### How I did it
Add a health check probe inside config engine container, the probe will check whether the start service exit normally or not if the start service exists and call the python script to do container self-related specific checks if the script is there. The python script should be implemented by feature owner if it's needed.

more details: [design doc](https://github.com/sonic-net/SONiC/blob/master/doc/kubernetes/health-check.md)
#### How to verify it
Check path /usr/bin/readiness_probe.sh inside container.

#### Which release branch to backport (provide reason below if selected)

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [x] 202205
- [x] 202211

#### Tested branch (Please provide the tested image version)
- [x] 20220531.28

Co-authored-by: lixiaoyuner <35456895+lixiaoyuner@users.noreply.github.com>
2023-07-19 16:11:13 +08:00
mssonicbld
0eb0749442
Move /var/log to RAM for Mellanox SN2700, Nokia 7215 and Dell S6100 (#15077) (#15871)
Why I did it
Move the /var/log on RAM. This is to prevent too many disk write on /var/log when mounted on disk.

Work item tracking
Microsoft ADO (number only): 17955517

How I did it
Pass kernel cmdline option "log_inram=on"

How to verify it
Mellanox SN2700
root@str-msn2700-02:~# df -h
Filesystem Size Used Avail Use% Mounted on
udev 3.9G 0 3.9G 0% /dev
tmpfs 791M 15M 776M 2% /run
root-overlay 15G 12G 2.9G 80% /
/dev/sda3 15G 12G 2.9G 80% /host
tmpfs 790M 12M 779M 2% /var/log
tmpfs 3.9G 107M 3.8G 3% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/f50948841bee041368bf7c0546ceab4c71f05951fb0ed5ae70411f28dde68907/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/c45de6c53e7185631a37e87686dd296b2585425f638aa92c720c90eae038480c/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/f5bc87d5c2965b21b222f09dd57fe0fc798e518101d7ecd25d170b7662ae3e80/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/b2f435a256b930da4897d8a096095dcce183a6efa55b5b637187a654db0585ee/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/5c3588e42b29fd0516a164c00de621b7a00236ecbb240c4d0b3903ec706c220d/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/5a4a2a2602fb4ed1d1df90c3916076f595b4d8bc18eb465dd23e33f354adcfb8/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/9926f7378de9223fd3e88c8f59d888ad178e2ca23fa978f372e9838f10b7b803/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/130abaf95cffc06d952adacb6aa54a2f5e7c54c81fa8c15184389e25a7884328/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/aeef95cf5af6e20909a4cfd6c696176cc5dcb31dd456cc8acbbd3d59d47333d7/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/ef9bb94012b9fe987e55c9b73141296da8081d258d0d134922776c3c4b3ec551/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/cf425d372b347fd68569f128e1771e5a70dbf504b2f013304d60bcef6dfbd0da/merged
overlay 15G 12G 2.9G 80% /var/lib/docker/overlay2/7a2592cdac5c7369a6a98e07dbf1c2d96d29634e7d7b593617c50cc7e09e5cb3/merged
root@str-msn2700-02:~# 
root@str-msn2700-02:~# free -h
 total used free shared buff/cache available
Mem: 7.7Gi 3.0Gi 3.3Gi 133Mi 1.5Gi 4.4Gi
Swap: 0B 0B 0B
root@str-msn2700-02:~# 


Dell S6100

root@str-s6100-acs-5:~# df -h
Filesystem Size Used Avail Use% Mounted on
udev 3.9G 0 3.9G 0% /dev
tmpfs 794M 15M 780M 2% /run
root-overlay 14G 9.9G 3.6G 74% /
/dev/sda4 14G 9.9G 3.6G 74% /host
tmpfs 793M 13M 781M 2% /var/log
tmpfs 3.9G 60K 3.9G 1% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/f94441208fba5df49b0b8f0b49c699475ed0fd07673ab4a3eb574869b8e17c83/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/1c3dc3b582599602aec0dbd78945560f330f6244d2e218750622b3814dc53ed3/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/ab5b96e72e323fff5168abc69f8599fa244410d856dbd10cdbf73c99a4fe8d67/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/0e6e3adaba6bb1d2684da444661e540030d588ef498466b7d8ff773ce263a2ea/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/1218ed8bfa7a17c8927b20005d45f5e1e4a634e653d5c5c2057ac54713dc3387/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/b31486f665e5c929966185397990553fee6b41b515cbef28c945096673ac9bef/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/b984fa70f30bd1bac92bdf8d36542ed4433b4dabc33f7bb1f0a17a5eaee90f3e/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/b7866a1462768f3564b832187837c7a5e3d493b8084204e59610960cc5f6bc19/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/113bbbe88ee8452f4310b02a1343cfb4f1beb5fedf68a7d810ff5b5d7457c9f0/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/e7cc383186c6f9acecf2031c0c1f0870b8a7f63e1918b8359afa7a13d3c28963/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/c5d269100da205981c51e70e9e86facf69487f99e234dcdac822b8ab01af3d6a/merged
overlay 14G 9.9G 3.6G 74% /var/lib/docker/overlay2/463874ab78b2e45a34cf4d3d1cd2e45ff18c0abbf37be62d2c8559dce38d6219/merged
root@str-s6100-acs-5:~# free -h
 total used free shared buff/cache available
Mem: 7.8Gi 2.1Gi 4.1Gi 69Mi 1.6Gi 5.3Gi
Swap: 0B 0B 0B
root@str-s6100-acs-5:~# 

Nokia-7215

root@str-2-7215-acs-4:~# df -h
Filesystem Size Used Avail Use% Mounted on
udev 1.5G 0 1.5G 0% /dev
tmpfs 303M 14M 289M 5% /run
root-overlay 15G 7.2G 7.2G 51% /
/dev/sda2 15G 7.2G 7.2G 51% /host
tmpfs 302M 7.5M 295M 3% /var/log
tmpfs 1.5G 60K 1.5G 1% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 4.0M 0 4.0M 0% /sys/fs/cgroup
overlay 15G 7.2G 7.2G 51% /var/lib/docker/overlay2/617e49b8b8e4368db2b3b2fb3e3204e80ec572fe7981d67ad2116d9c3e4472f3/merged
overlay 15G 7.2G 7.2G 51% /var/lib/docker/overlay2/c94b855482fc14aa1f032b0c8dc035b02f37ad9e4341cb5a8d22f14e14c63824/merged
overlay 15G 7.2G 7.2G 51% /var/lib/docker/overlay2/2d8c6ee95b212bbc8376d15916723128455678f2a3c88f382b451bec88297341/merged
overlay 15G 7.2G 7.2G 51% /var/lib/docker/overlay2/92114013a19dc19f30505ba645f961d50e093365422a9b22116ced1fa88ded2b/merged
overlay 15G 7.2G 7.2G 51% /var/lib/docker/overlay2/c8e79a8403863887666324f163a4b6633c40c8b349402b3a0f40ba7e51adb28b/merged
overlay 15G 7.2G 7.2G 51% /var/lib/docker/overlay2/27fd4a51859f3febd345a8551a0b4686d696c205048e1d595b76114385a68949/merged
root@str-2-7215-acs-4:~#
2023-07-19 16:09:37 +08:00
mssonicbld
43585c3326
Add support for secure upgrade (#11862) (#15691)
- What I did
Added support for secure upgrade.

- How I did it
During sonic_installer install, added secure upgrade image verification.
HLD can be found in the following PR: sonic-net/SONiC#1024

- Why I did it
Feature is used to allow image was not modified since built from vendor. During installation, image can be verified with a signature attached to it.

- How I did it
Feature includes image signing during build (in sonic buildimage repo) and verification during image install (in sonic-utilities).

- How to verify it
In order for image verification - image must be signed - need to provide signing key and certificate (paths in SECURE_UPGRADE_DEV_SIGNING_KEY and SECURE_UPGRADE_DEV_SIGNING_CERT in rules/config) during build , and during image install, need to enable secure boot flag in bios, and signing_certificate should be available in bios.

- Feature dependencies
In order for this feature to work smoothly, need to have secure boot feature implemented as well.
The Secure boot feature will be merged in the near future.

Co-authored-by: ycoheNvidia <99744138+ycoheNvidia@users.noreply.github.com>
2023-07-19 16:08:14 +08:00
Masaru OKI
8c94e32fe5 Pick dependency files in submodules. (#15142)
#### Why I did it

Failed to build sonic-dhcp6relay_1.0.0-0_amd64.deb

#### How I did it

src/dhcprelay has git submodule.
Dependency files by "git ls-files" are not picked files in submodules.
Add --recurse-submodules, work again.

#### How to verify it

make all
2023-07-19 14:34:12 +08:00