Commit Graph

8308 Commits

Author SHA1 Message Date
abdosi
b6edc374ba
[build]: Added flag in sonic_version.yml to see if image is secured or non-secured (#16191)
What I did:

Added flag in sonic_version.yml to see if compiled image is secured or non-secured. This is done using build/compile time environmental variable SECURE_UPGRADE_MODE as define in HLD: https://github.com/sonic-net/SONiC/blob/master/doc/secure_boot/hld_secure_boot.md

This flag does not provide the runtime status of whether the image has booted securely or not. It's possible that compile time signed image (secured image) can boot on non secure platform.

Why I did:
Flag can be used for manual check or by the test case.

ADO: 24319390

How I verify:
Manual Verification

---
build_version: 'master-16191.346262-cdc5e72a3'
debian_version: '11.7'
kernel_version: '5.10.0-18-2-amd64'
asic_type: broadcom
asic_subtype: 'broadcom'
commit_id: 'cdc5e72a3'
branch: 'master-16191'
release: 'none'
build_date: Fri Aug 25 03:15:45 UTC 2023
build_number: 346262
built_by: AzDevOps@vmss-soni001UR5
libswsscommon: 1.0.0
sonic_utilities: 1.2
sonic_os_version: 11
secure_boot_image: 'no'

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2023-08-29 13:41:01 -07:00
jingwenxie
f39adda55e
Revert "[yang][dhcp_server] Add dhcp_server_ipv4 yang model (#15955)" (#16322)
This reverts commit 44d52dbb8b.
2023-08-29 13:26:59 -07:00
Nonodark Huang
42cf153624
[ufispace][pddf] Add the pddf package dependency to the ufispace platform modules mk file. (#16302)
Signed-off-by: nonodark <ef67891@yahoo.com.tw>
2023-08-29 09:45:28 -07:00
Liu Shilong
459ba257a4
[ci] Add job to cleanup nfs in armhf and arm64 agents. (#16270)
Why I did it
Clean old cached file in nfs disk for armhf/arm64

Work item tracking
Microsoft ADO (number only): 24930879
2023-08-29 19:14:45 +08:00
guangyao6
80ce957d20
Add no-export to sentinel community-list (#16285)
Why I did it
Add no-export to bgp sentinel community-list. So that bgp updates from bgp sentinel service must match sentinel community and no-export, otherwise, the bgp update will be dropped.

Work item tracking
Microsoft ADO (24946274):
How I did it
Add no-export to bgp sentinel community-list.

How to verify it
Run UT, case would pass. Build the image and start the device. Add bgp sentinel and check that no-export community exist in bgp sentinel community list.
2023-08-29 09:12:19 +08:00
Yakiv Huryk
d0a40afcad
[build] add SKIP_BUILD_HOOK support for curl (#15923)
#### Why I did it
To support SKIP_BUILD_HOOK for curl command so the targets downloaded by curl (SONIC_ONLINE_DEBS, SONIC_ONLINE_FILES) can utilize it.

##### Work item tracking
- Microsoft ADO **(number only)**:

#### How I did it
Add a logic to invoke a real command instead of a `download_packages()` (the same way it's done for wget)

#### How to verify it
Add an online target (with URL attribute).
Add the "SKIP_VERSION=y" to this target.
Check that download_packages is not invoked.
2023-08-28 13:25:06 -07:00
Yaqiang Zhu
44d52dbb8b
[yang][dhcp_server] Add dhcp_server_ipv4 yang model (#15955)
Add yang model for IPv4 DHCP Server.
Add four new tables: DHCP_SERVER_IPV4, DHCP_SERVER_IPV4_CUSTOMIZED_OPTIONS, DHCP_SERVER_IPV4_RANGE, DHCP_SERVER_IPV4_PORT
2023-08-28 08:43:28 -07:00
Yaqiang Zhu
4da72b9eca
[yang] Add Bmc to Device Neighbor Metadata element type list (#16188)
Bmc is a valid neighbor type in minigraph, however it was missing from the YANG model definition. Usually, the Bmc type device can be neighbor of BmcMgmtToRRouter. This PR is to introduce this type.
2023-08-28 08:42:27 -07:00
Zhijian Li
1d1489b2c7
[minigraph-parser] Update the definition of acl table type BMCDATA and BMCDATAV6 (#16249)
Why I did it
According to ACL-Table-Type-HLD, the value type of MATCHES, ACTIONS and BIND_POINTS should be list instead of string. Opening this PR to update the definition of BMCDATA and BMCDATAV6.

How I did it
Update the definition of BMCDATA and BMCDATAV6 in minigraph-parser.

How to verify it
Verified by UT and build SONiC image.
2023-08-28 08:40:55 -07:00
Zhijian Li
83dca59efc
[YANG SONIC-ACL] Fix Yang definition of ACL_TABLE_TYPE (#16247)
How I did it
Update Yang definition of ACL_TABLE_TYPE.
Update existing testcase.
Add new testcase to cover lowercase key scenario.

How to verify it
Verified by building sonic_yang_models-1.0-py3-none-any.whl. While building the target package, unit tests were run and passed.
2023-08-28 08:40:01 -07:00
Rajkumar-Marvell
2c9c96c0d8
[SFLOW] Fixed SFLOW DROPMON patch to align with 2.0.45 version (#15948)
- Why I did it
Fixed build failure when flag ENABLE_SFLOW_DROPMON=y set

- How I did it
Fixed sflow dropmon patch to align with hsflowd version 2.0.45

Signed-off-by: rajkumar38 <rpennadamram@marvell.com>
2023-08-28 18:36:46 +03:00
Stephen Sun
0446d7654f
Add yang model for scheduler in PORT_QOS_MAP (#16244)
Signed-off-by: Stephen Sun <stephens@nvidia.com>
2023-08-28 15:05:11 +03:00
Stephen Sun
be8843b166
Fix issue: unprintable character is rendered when handling comments in j2 (#16287)
Use "{#-" and "-#}" to mark comments in jinja template

Signed-off-by: Stephen Sun <stephens@nvidia.com>
2023-08-28 15:03:39 +03:00
Nazarii Hnydyn
65b0011866
[Mellanox] [PPI] Enable global port late create for SN5600 (#15866)
- Why I did it
Enabled port late create on SN5600 Spectrum-4 switch boots up with no ports

Work item tracking
N/A

- How I did it
Updated SAI xml config file

- How to verify it
Run sonic-mgmt tests of fastboot

Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
2023-08-28 14:50:53 +03:00
mssonicbld
55849d0c6b
[ci/build]: Upgrade SONiC package versions (#16300) 2023-08-28 18:31:51 +08:00
mssonicbld
c8465c0d9a
[ci/build]: Upgrade SONiC package versions (#16294) 2023-08-26 18:45:45 +08:00
mssonicbld
36b21157d6
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#16282)
#### Why I did it
src/sonic-gnmi
```
* 7a1b7cd - (HEAD -> master, origin/master, origin/HEAD) Improve full path logic (#146) (37 minutes ago) [ganglv]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-08-25 16:32:36 +08:00
mssonicbld
e9abf9e5ee
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#16283)
#### Why I did it
src/sonic-linux-kernel
```
* a2aa335 - (HEAD -> master, origin/master, origin/HEAD) PATCH] net: allow user to set metric on default route learned via Router Advertisement (#326) (12 hours ago) [abdosi]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-08-25 16:32:30 +08:00
mssonicbld
618bddc07d
[submodule] Update submodule sonic-mgmt-common to the latest HEAD automatically (#16284) 2023-08-25 14:59:01 +08:00
Stephen Sun
67863b8d57
Add yang model for PFC watchdog debug information (#16206)
### Why I did it
When PFC WD is triggered there is no diagnosis information which makes it difficult to understand why PFC WD was triggered. So, we add a field `additional_information` to accommodate the diagnosis information.

### How to verify it
unit test
2023-08-23 13:57:37 -07:00
Samuel Angebault
c1c1054952
[Arista] Update platform library submodules (#16112)
Ignore intermittent IO errors during get_change_event in the Platform API
Fix tunings for some ports on CatalinaDD
Fix kernel module build for 6.1 kernel in preparation of bookworm upgrade
2023-08-23 11:05:42 -07:00
Aravind Mani
821be3f6fc
DellEMC: System health config changes (#15771)
Why I did it
System health config is missing in few Dell platforms.

How I did it
Added system health monitoring config and its related API's

How to verify it
show system-health summary/detail commands.
2023-08-23 11:05:03 -07:00
Aravind Mani
0eb7907e87
Dell S6100 Platform API 2.0 fixes (#16208)
Why I did it
Dell S6100 Platform components needs to be updated.

How I did it
Modified platform.json to fix the issue.

How to verify it
Run sonic-mgmt component test and check whether it passes.
2023-08-23 11:01:22 -07:00
Junchao-Mellanox
95f317a5e2
[Mellanox] Fix issue: watchdogutil command does not work (#16091)
- Why I did it
watchdogutil uses platform API watchdog instance to control/query watchdog status. In Nvidia watchdog status, it caches "armed" status in a object member "WatchdogImplBase.armed". This is not working for CLI infrastructure because each CLI will create a new watchdog instance, the status cached in previous instance will totally lose. Consider following commands:

admin@sonic:~$ sudo watchdogutil arm -s 100      =====> watchdog instance1, armed=True
Watchdog armed for 100 seconds
admin@sonic:~$ sudo watchdogutil status             ======> watchdog instance2, armed=False
Status: Unarmed
admin@sonic:~$ sudo watchdogutil disarm            =======> watchdog instance3, armed=False
Failed to disarm Watchdog

- How I did it
Use sysfs to query watchdog status

- How to verify it
Manual test
Unit test
2023-08-23 09:30:58 +03:00
Samuel Angebault
d42066cf8d
[Arista] Remove one pcie device accross platforms (#16173)
These devices will not reliabily report the proper devid and vendorid
when reading it is read directly from the pci config space.
It can be read but shouldn't be compared against some fixed value like
the one stored in pcie.yaml.

Since this makes pcied unhappy, the simplest path forward is to just
remove this device from monitoring.
2023-08-22 17:07:14 -07:00
Zhijian Li
7445106bb9
[YANG SONIC-ACL] Fix Yang definition of IN_PORTS and OUT_PORTS (#16220)
How I did it
Update Yang definition of IN_PORTS and OUT_PORTS to string.
Since we cannot split the string with comma (,) and validate each substring is a valid SONiC port name. The only restriction for them is must be a string.

How to verify it
Verified by building sonic_yang_models-1.0-py3-none-any.whl. While building the target package, unit tests were run and passed.
Build a SONiC image based on 202205 branch and installed on physical DUT. Re try the steps in [Yang] Incorrect definition of IN_PORTS and OUT_PORTS in sonic-acl.yang #16190 and can see below success response:
2023-08-22 11:26:04 -07:00
Vivek
0652991eb8
Run db_migrator for non first-time reboots (#16116)
- Why I did it
The recent change #15685 (comment) removed the db migration for non first reboots.
This is problematic for many deployments which doesn't rely on ZTP and push a custom config_db.json
Port to older branches after #15685 is ported back

- How I did it
Re-introduce the logic to run the db_migrator on non-first boots

- How to verify it
Verified reboot and warm-reboot cases

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2023-08-22 18:36:38 +03:00
mssonicbld
fbe75ee85b
[submodule] Update submodule dhcpmon to the latest HEAD automatically (#16227)
#### Why I did it
src/dhcpmon
```
* a3c5381 - (HEAD -> master, origin/master, origin/HEAD) Merge pull request #11 from jcaiMR/dev/jcai_fix_err_log (12 hours ago) [StormLiangMS]
* ab78a31 - Merge branch 'master' into dev/jcai_fix_err_log (4 days ago) [jcaiMR]
* 5314b72 - remove unnessary log message in case too many log output (5 days ago) [jcaiMR]
* 01f4fa7 - fix build issue (5 days ago) [jcaiMR]
* c2fbb34 - fix format issue (5 days ago) [jcaiMR]
* 79b6720 - fix a notification message format issue (6 days ago) [jcaiMR]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-08-22 18:32:45 +08:00
mssonicbld
55fb6d0a5a
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#16228)
#### Why I did it
src/sonic-gnmi
```
* ac94807 - (HEAD -> master, origin/master, origin/HEAD) Support get all with json (#145) (19 hours ago) [ganglv]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-08-22 16:32:26 +08:00
Vadym Hlushko
b214a8a8b6
[Mellanox] Change SDK API sx_mgmt_phy_module_info_get() to sysfs (#15963)
- Why I did it
Change Mellanox platform API implementation to use ASIC driver sysfs for the module operational state and status error fields.

- How I did it
Modify the platform/mellanox/mlnx-platform-api/sonic_platform/sfp.py file by change the call of sx_mgmt_phy_module_info_get() SDK API to sysfs

- How to verify it
Simulate the unplug cable event
Check the CLI output
sfputil show presence
sfputil show error-status -hw
Simulate the plug cable event
Repeat 2 step

Signed-off-by: vadymhlushko-mlnx <vadymh@nvidia.com>
2023-08-21 20:54:13 +03:00
mssonicbld
871b122495
[ci/build]: Upgrade SONiC package versions (#16219) 2023-08-21 18:32:24 +08:00
mssonicbld
c8dfe5cd07
[submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (#16182) 2023-08-21 14:54:09 +08:00
mssonicbld
bc073f0af3
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#16218) 2023-08-21 14:42:14 +08:00
mssonicbld
c3831d556c
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#16159) 2023-08-20 15:42:24 +08:00
mssonicbld
363dd0ba9b
[submodule] Update submodule dhcpmon to the latest HEAD automatically (#16197) 2023-08-20 15:33:53 +08:00
mssonicbld
c64728525d
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#16128) 2023-08-20 15:27:34 +08:00
mssonicbld
1e648daa84
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#16167) 2023-08-20 15:19:36 +08:00
mssonicbld
54c5f2fa7b
[submodule] Update submodule sonic-mgmt-common to the latest HEAD automatically (#16200) 2023-08-20 15:03:42 +08:00
mssonicbld
ca40b00351
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#16155) 2023-08-20 14:57:55 +08:00
mssonicbld
ec91ff30c9 [ci/build]: Upgrade SONiC package versions 2023-08-20 14:32:25 +08:00
Ye Jianquan
5204bfb5e5
Revert "Remove privileged flag for database and snmp docker (#13783)" (#16210)
This reverts commit cf72683f12.
2023-08-19 21:03:42 +03:00
judyjoseph
0bd8c3bf11
sudo not required explicitly as /bin/ip netns identify is part of READ_ONLY_CMDS in sudoers file (#16115)
Why I did it
Few commands in multiasic platforms when run with the "sudo ip netns exec asic0 " option was taking like 15 mins to get the o/p. This behavior of sudo getting hung was seen by just doing this

jujoseph@svcstr-server-2:~ sudo ip netns exec asic0 bash
jujoseph@svcstr-server-2:~ sudo ls

deally sudo is not needed as we have /bin/ip netns identify present in /etc/sudoers file. Hence removing it
2023-08-18 14:25:41 -07:00
Aaron Payment
a4098de529
Misc platform improvements for DCS-7060DX5-64S (#13875)
* sonic-buildimage: Add 7060DX5-64S brcm tunnel config

Add bcm_tunnel_term_compatible_mode: 1 support, which allows
Loopback configuration to no longer result in SAI failure
"tunnel terminator add failed with error Feature unavailable"
that caused Orchagent SIGABRT

Signed-off-by: Aaron Payment <aaronp@arista.com>

* sonic-buildimage: Set port config ENABLE:0 in 7060DX5-64S brcm config

Set ENABLE:0 for the front panel ports in the brcm config so that the
ports are default admin down. This change prevents the issue that ports
are able to link up and pass traffic resulting in mac learn events after
SAI create switch and before SAI admin state up. The unexpected mac learn events
resulted in Orch agent crash in PortsOrch init, which occurs after SAI
create switch and before SAI admin state up.

* fix sensors.conf on CatalinaDD

* Add support for two sfp ports

* Add copper 50g tuning to babbagelp on catalina

---------

Signed-off-by: Aaron Payment <aaronp@arista.com>
Co-authored-by: enes.oncu <enes.oncu@arista.com>
Co-authored-by: Boyang Yu <byu@arista.com>
2023-08-18 13:05:05 -07:00
Marty Y. Lok
a28352e781
[Nokia][DeviceData] Update the Nokia platform IXR-7250E device data (#16028)
Why I did it
Update the platform_reboot of Nokia Platform IXR-7250E-36x400G to displays the correct reboot-cause history when reboot from supervisor card.

Work item tracking
Microsoft ADO (number only):
How I did it
Modify the platform_reboot script to copy the correct reboo-cause.txt file from NDK to the /host/reboot-cause directory at the down cycle when the reboot is issued from Supervisor (for both reboot right after install a new image and normal reboot)

Signed-off-by: mlok <marty.lok@nokia.com>
2023-08-17 16:35:21 -07:00
Mai Bui
6c96b29484
[docker-teamd] limit privileged flag for teamd container (#15829)
Signed-off-by: Mai Bui <maibui@microsoft.com>
2023-08-17 09:48:57 -07:00
Saikrishna Arcot
5723ba29e4
Remove depot_tools repo (#16114)
It appears that this was initially added to provide the git-retry
command (which doesn't appear to be used today). However, this repo is
now also providing bazel (which is actually used in our build today),
and this command (along with git-retry) expects some vpython3 binary to
be set up/installed.

Rather than going through that, just get rid of this repo.
2023-08-16 14:18:50 -07:00
Vivek
d4923615d6
[Mellanox] [SN4410] Support new breakout modes for PAM4 (#15668)
- Why I did it
Add new breakout modes to be used in PAM4 supported cables

- How I did it

- How to verify it
Verified the 50G per lane breakout modes are applied properly on the switch

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2023-08-16 08:30:33 +03:00
Mai Bui
030c57200d
[docker-lldp] limit privileged flag for lldp container (#15830)
#### Why I did it
HLD implementation: Container Hardening (https://github.com/sonic-net/SONiC/pull/1364)
##### Work item tracking
- Microsoft ADO **(number only)**: 14807420

#### How I did it
Reduce linux capabilities in privileged flag, retain NET_ADMIN capability
2023-08-15 11:27:12 -07:00
Andriy Dobush
cf72683f12
Remove privileged flag for database and snmp docker (#13783)
#### Why I did it
Reduce docker privilege 
This is part of HLD https://github.com/sonic-net/SONiC/pull/1364

#### How I did it
Remove flag --privileged
#### How to verify it
docker exec -it database bash
root@0048b82b460b:/# ip link add dummy0 type dummy
RTNETLINK answers: Operation not permitted
2023-08-15 11:18:50 -07:00
Kebo Liu
1626e198a8
[Mellanox] Update SDK/FW/SAI to 4.6.1020/2012.1020/SAIBuild2305.25.0.3 (#16096)
SONiC changes:
1. Support Spectrum4 ASIC FW binary building.
2. Support new SDK sx-obj-desc lib building since new SAI need it.
3. Remove SX_SCEW debian package from Mellanox SDK build since we are no longer using it (we use libxml2 instead).
4. Update SAI, SDK, FW to version 4.6.1020/2012.1020/SAIBuild2305.25.0.3

SDK/FW bug fixes
1. In SPC-1 platforms: Fastboot mode is not operational for Split port with Force mode in 50G speed
SFP modules are kept in disabled state after set LPM (low power mode) on/off for at least 3 minutes.
2. When preforming fast boot from an old SDK version (currently installed) to a newer one (target version), and the system was initially loaded with a new SDK version (past version), and the system has not been wiped, under specific conditions, the fast boot would use the past version's data and may fail.

SDK/FW Features
1. On SN2700 all ports can support y cable by credo

SAI bug Fixes
1. When creating an ACL rule with SAI_ACL_ENTRY_ATTR_FIELD_SRC_IP/SAI_ACL_ENTRY_ATTR_FIELD_DST_IP enabled, and then disabling the field by setting enable=false, a match on L3_type=IPv4 will remain programmed for the rule Issue resolved after the fix
2. Allow the max scale of virtual routers to be configure for SPC-1, SPC-2, SPC-3 when fastboot enable 
3. Remove default hash key of SRC_MAC, DST_MAC and ETH_TYPE

SAI features
1. Port init profile

- How I did it
Update SDK/FW/SAI make files

- How to verify it
Run full sonic-mgmt regression on Mellanox platform

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2023-08-15 15:32:52 +03:00