The asan-enabled docker image will be used in other CIs that run DVS tests.
Why I did it
To add a possibility to run DVS tests with ASAN for other CIs (e.g. swss).
How I did it
Added the 'asan_image' flag to the vs job group.
How to verify it
Run the CI and check the docker-sonic-vs-asan.gz artifact.
Signed-off-by: Sudharsan Dhamal Gopalarathnam sudharsand@nvidia.com
Why I did it
During the system boot up when 'show platform status' or 'show version' command is executed before STATE_DB CHASSIS_INFO table is populated, the show will try to fallback to use the platform API. The DMI file in mellanox platforms require root permission for access. So if the show commands are executed as admin or any other user, the following error log will appear in the syslog
Jun 28 17:21:25.612123 sonic ERR show: Fail to decode DMI /sys/firmware/dmi/entries/2-0/raw due to PermissionError(13, 'Permission denied')
How I did it
Check the file permission before accessing it.
How to verify it
Added UT to verify. Manually verified if the error log is not thrown.
Signed-off-by: polly_hsu polly_hsu@edge-core.com
Why I did it
Update to support as7816-64x DPB (Dynamic Port Breakout)
How I did it
Download the SONiC master image with commit, 64dc08a dated 2022-04-05 from SONiC Image Azure Pipelines
Update the file change of this PR accordingly
How to verify it
Set the default t1 topology configuration
Configure to breakout Ethernet0 from "1x100G[40G]" to "4x25G"
$ sudo config interface breakout Ethernet0 "4x25G" -f
Check the SONiC DBP interface status is expected
$ show interfaces status
Why I did it
Support Intel Tofino based platforms Netberg Aurora 610
ASIC: Intel Tofino BFN-T10-032D-020
Pors: 48x 25G + 8x 100G
How I did it
Added specification to device/netberg directory
Added platform/barefoot/sonic-platform-modules-netberg contains kernel modules, scripts and sonic_platform packages.
Modified the platform/barefoot/one-image.mk and platform/barefoot/rule.mk to include Aurora 610 related ID and files.
How to verify it
Build SONiC
Install the image on the device and verify the related components are installed and shown correctly.
<!--
Please make sure you've read and understood our contributing guidelines:
https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md
** Make sure all your commits include a signature generated with `git commit -s` **
If this is a bug fix, make sure your description includes "fixes #xxxx", or
"closes #xxxx" or "resolves #xxxx"
Please provide the following information:
-->
#### Why I did it
The tests that are available for interfaces.j2 only covers the case when ZTP is disabled and MGMT_INTERFACE is defined. This change adds unit tests for:
1) When ZTP is enabled, with combination of (ip enabled/disabled, inband enabled/disabled)
2) When ZTP is disabled, and MGMT_INTERFACE is not defined, with mgmtVrfEnabled set to true/false
#### How I did it
I created multiple mock-up files to:
1) Enable/disable ZTP, and subconditions under ZTP
2) Created graph file that has no management interface defined
#### How to verify it
Compared output with interfaces.j2 template to ensure the output is expected.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Why I did it
Add 6512-32r support for Wistron platform
Update sw-to3200k for newer branch
How I did it
Add code in device and platform folder for 6512-32r
Update sw-to3200k code both in device and platform folder
How to verify it
Install on Wistron device and run command to verify
Signed-off-by: RogerChang Roger_Chang@wistron.com
The following packages have unmet dependencies:
libssl-dev : Depends: libssl1.1 (= 1.1.1n-0+deb11u3) but 1.1.1n-0+deb11u2 is to be installed
E: Unable to correct problems, you have held broken packages.
Avoid write_standby in warm restart context.
sign-off: Jing Zhang zhangjing@microsoft.com
Why I did it
In warm restart context, we should avoid mux state change.
How I did it
Check warm restart flag before applying changes to app db.
How to verify it
Ran write_standby in table missing, key missing, field missing scenarios.
Did a warm restart, app db changes were skipped. Saw this in syslog:
WARNING write_standby: Taking no action due to ongoing warmrestart.
#### Why I did it
To address https://github.com/Azure/sonic-buildimage/issues/11110 - Add yang model unit test for check_up_status field type
#### How I did it
Add check_up_status with different values in sample_config_db.json and
the field with correct and incorrect values in feature.json
#### How to verify it
Build sonic_yang_models-1.0-py3-none-any.whl
Added initial set of config files to allow for booting and partial traffic testing in SONiC on the 720DT-48S.
How to verify it
- Switch boots
- show interfaces status shows links up on interfaces Ethernet24-51
- Traffic flows with no errors on interfaces Ethernet24-51
Why I did it
To return 'False' in update_firmware component API in DellEMC Z9332f platform, if the firmware image is not present in the provided image path.
How I did it
Updated 'update_firmware' in component.py to return False if image is not found in location provided by 'image_path'
How to verify it
Verified that the API returns False when an invalid image path is specified.
#### Why I did it
Revert PR '[Submodule] Update src/sonic-py-swsssdk #10996' which break UT in sonic-swss and sonic-swss-common
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Revert PR '[Submodule] Update src/sonic-py-swsssdk #10996'
#### Link to config_db schema for YANG module changes
#### A picture of a cute animal (not mandatory but encouraged)
- Why I did it
New security feature for enforcing strong passwords when login or changing passwords of existing users into the switch.
- How I did it
By using mainly Linux package named pam-cracklib that support the enforcement of user passwords, the daemon named hostcfgd, will support add/modify password policies that enforce and strengthen the user passwords.
- How to verify it
Manually Verification-
1. Enable the feature, using the new sonic-cli command passw-hardening or manually add the password hardening table like shown in HLD by using redis-cli command
2. Change password policies manually like in step 1.
Notes:
password hardening CLI can be found in sonic-utilities repo-
P.R: Add support for Password Hardening sonic-utilities#2121
code config path: config/plugins/sonic-passwh_yang.py
code show path: show/plugins/sonic-passwh_yang.py
3. Create a new user (using adduser command) or modify an existing password by using passwd command in the terminal. And it will now request a strong password instead of default linux policies.
Automatic Verification - Unitest:
This PR contained unitest that cover:
1. test default init values of the feature in PAM files
2. test all the types of classes policies supported by the feature in PAM files
3. test aging policy configuration in PAM files
- Why I did it
This is for the eventual support of multiple architectures for the mellanox platform.
- How I did it
Change the location of the binaries in Switch-SDK-drivers so that the path specifies the target architecture in addition to the target distribution that the debians are built for.
This is the most straightforward way to separate binaries built against different architectures and selectively target them for installation in the mellanox SONiC image.
- How to verify it
Build SONiC for mellanox and verify it compiles successfully.
Signed-off-by: bingwang <wang.bing@microsoft.com>
Why I did it
This PR brings two changes
Add lossy PG profile for PG2 and PG6 on T1 for ports between T1 and T2.
After PR Update qos config to clear queues for bounced back traffic #10176 , the DSCP_TO_TC_MAP and TC_TO_PG_MAP is updated when remapping is enable
DSCP_TO_TC_MAP
Before After Why do this change
"2" : "1" "2" : "2" Only change for leaf router to map DSCP 2 to TC 2 as TC 2 will be used for lossless TC
"6" : "1" "6" : "6" Only change for leaf router to map DSCP 6 to TC 6 as TC 6 will be used for lossless TC
TC_TO_PRIORITY_GROUP_MAP
Before After Why do this change
"2" : "0" "2" : "2" Only change for leaf router to map TC 2 to PG 2 as PG 2 will be used for lossless PG
"6" : "0" "6" : "6" Only change for leaf router to map TC 6 to PG 6 as PG 6 will be used for lossless PG
So, we have two new lossy PGs (2 and 6) for the T2 facing ports on T1, and two new lossless PGs (2 and 6) for the T0 facing port on T1.
However, there is no lossy PG profile for the T2 facing ports on T1. The lossless PGs for ports between T1 and T0 have been handled by buffermgrd .Therefore, We need to add lossy PG profiles for T2 facing ports on T1.
We don't have this issue on T0 because PG 2 and PG 6 are lossless PGs, and there is no lossy traffic mapped to PG 2 and PG 6
Map port level TC7 to PG0
Before the PCBB change, DSCP48 -> TC 6 -> PG 0.
After the PCBB change, DSCP48 -> TC 7 -> PG 7
Actually, we can map TC7 to PG0 to save a lossy PG.
How I did it
Update the qos and buffer template.
How to verify it
Verified by UT.
- Why I did it
While doing config reload, FEATURE table may be removed and re-add. During this process, updating FEATURE table is not atomic. It could be that the FEATURE table has entry, but each entry has no field. This PR introduces a retry mechanism to avoid this.
- How I did it
Introduces a retry mechanism to avoid this.
- How to verify it
New unit test added to verify the flow as well as running some manual test.
- Why I did it
To provide an ability to suppress ASAN false positives and have a clean ASAN report for docker-sonic-vs/mlnx-syncd/orchagent docker
- How I did it
Added the "print_suppressions=0" to ASAN configs.
- How to verify it
add a suppression to some ASAN-enabled component (the suppression should catch some leak)
build with ENABLE_ASAN=y
run a test and see that the ASAN report is empty instead of having the suppression summary
Signed-off-by: Yakiv Huryk <yhuryk@nvidia.com>
Swss commits:
93af69c [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (#2304)
37349cf [swssconfig] Optimize performance of swssconfig (#2336)
84e9b07 [fdborch] fix heap-use-after-free in clearFdbEntry() (#2353)
1b8bd94 Create ACL table fails due to incorrect check for supported ACL actions #11235 (#2351)
1ed0b4b [macsec] Refactor the logic of macsec name map (#2348)
f88f992 [mock_tests] Add Sflow Orch UTs (#2295)
ec57bf1 [macsec] Update macsec flex counter (#2338)
6e0fc85 [ACL] Support stage particular match fields (#2341)
efb4530 [orchagent, DTel]: report session support to set user vrf (#2326)
d82874d Fix for "orchagent crashed when trying to delete fdb static entry with swssconfig #11046" (#2332)
0c789e6 Fix qos map test in vs test (#2343)
1bb5070 Enhance mock test for dynamic buffer manager for port removing and qos reload flows (#2262)
700492f [aclorch] Fix and simplify DTel watchlist tables and entries (#2155)
Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2022-06-24 93af69c: [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (Azure/sonic-swss#2304)
2022-06-24 37349cf: [swssconfig] Optimize performance of swssconfig (Azure/sonic-swss#2336)
2022-06-24 84e9b07: [fdborch] fix heap-use-after-free in clearFdbEntry() (Azure/sonic-swss#2353)
2022-06-24 1b8bd94: Create ACL table fails due to incorrect check for supported ACL actions #11235 (Azure/sonic-swss#2351)
2022-06-24 1ed0b4b: [macsec] Refactor the logic of macsec name map (Azure/sonic-swss#2348)
2022-06-23 f88f992: [mock_tests] Add Sflow Orch UTs (Azure/sonic-swss#2295)
2022-06-23 ec57bf1: [macsec] Update macsec flex counter (Azure/sonic-swss#2338)
2022-06-22 6e0fc85: [ACL] Support stage particular match fields (Azure/sonic-swss#2341)
2022-06-22 efb4530: [orchagent, DTel]: report session support to set user vrf (Azure/sonic-swss#2326)
2022-06-22 d82874d: Fix for "orchagent crashed when trying to delete fdb static entry with swssconfig #11046" (Azure/sonic-swss#2332)
2022-06-22 0c789e6: Fix qos map test in vs test (Azure/sonic-swss#2343)
2022-06-17 1bb5070: Enhance mock test for dynamic buffer manager for port removing and qos reload flows (Azure/sonic-swss#2262)
2022-06-16 700492f: [aclorch] Fix and simplify DTel watchlist tables and entries (Azure/sonic-swss#2155)
Updating sonic-utilities submodule with the below commits
f64d280 [sfpshow/sfputil] Enhance sfpshow and sfputil to behavior correctly on RJ45 ports
2f6a547 Image-installer: Fix duplication of image prefix
cc775ab [generate dump] Move the Core/Log collection to the End of process Execution and removed default timeout
6dbb4bd Add an option in queue stat to display voq counters
248ddd5 Gives cisco-8000 more flexibility to easily add subcommnads under show platform
9f2607d [config reload] Fixing config reload when timer based services are disabled
#### Why I did it
Fix the build with updated sairedis
#### How I did it
Specify nopython2 for syncd and fixed a copy paste mistake for libsairedis
#### How to verify it
Run build with updated sairedis
This reverts commit 90a849ea85.
#### Why I did it
The interfaces unit test did not cover some of the conditions in interfaces.j2 that was changed in #11204. Therefore reverting the change and add the tests before making the change to interfaces.j2.
#### How I did it
Git revert.
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
#### Link to config_db schema for YANG module changes
#### A picture of a cute animal (not mandatory but encouraged)
Updating sonic-utilities sub module with the following commits
ca785a2 Remove sonic-db-cli
#### Why I did it
To fix sonic-db-cli high CPU usage on SONiC startup issue: https://github.com/Azure/sonic-buildimage/issues/10218
sonic-db-cli re-write with c++ and move to sonic-swss-common repo.
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
#### Description for the changelog
ca785a2 Remove sonic-db-cli
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
Updating sonic-utilities sub module with the following commits
40a685c [azp] Fix the 'make check' failure at the step 'Compile sonic sairedis'
ecf5bbc [sonic-cli] Fix sonic-db-cli output format not backward compatible with python version issue.
34c4b05 [portcounter] Check if counter ID exists before arithmetic operation
#### Why I did it
To fix sonic-db-cli output format not backward compatible with python version issue, need update sonic-swss-common submodule.
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
#### Description for the changelog
40a685c [azp] Fix the 'make check' failure at the step 'Compile sonic sairedis'
ecf5bbc [sonic-cli] Fix sonic-db-cli output format not backward compatible with python version issue.
34c4b05 [portcounter] Check if counter ID exists before arithmetic operation
#### A picture of a cute animal (not mandatory but encouraged)
To ensure that ASAN logs are always generated. Currently, the way to get the logs is to map the "/var/log/asan" outside of a container, which doesn't work for DVS test run with "--imgname" option.
Signed-off-by: Yakiv Huryk <yhuryk@nvidia.com>
- Why I did it
To implement Syslog Source IP feature based on HLD: https://github.com/sonic-net/SONiC/pull/1002
- How I did it
Added the relevant yang model
- How to verify it
Added unit test
Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
#### Why I did it
Support the following tables which were introduced during dynamic buffer calculation
- LOSSLESS_TRAFFIC_PATTERN
- DEFAULT_LOSSLESS_BUFFER_PARAMETER
#### How I did it
- LOSSLESS_TRAFFIC_PATTERN
|name|type|range|mandatory|description|
|---|---|---|---|---|
|mtu|uint16|64~10240|true|The maximum packet size of a lossless packet|
|small_packet_percentage|uint8|0~100|true|The percentage of small packet|
- DEFAULT_LOSSLESS_BUFFER_PARAMETER
|name|type|range|mandatory|description|
|---|---|---|---|---|
|default_dynamic_th|int8|-8~7|true|The default dynamic_th for all buffer profiles that are dynamically generated for lossless PG|
|over_subscribe_ratio|uint16|-|false|The oversubscribe ratio for shared headroom pool.|
|||||Semantically, the upper bound is the number of physical ports but it can not be represented in the yang module. So we keep the upper bound open. As the type is (signed) integer whose lower bound is 0 by nature, we do not need to specify the range.|
#### How to verify it
Run unit test
Update the bcm config file system_ref_core_clock_khz param to handlesystems with J2cplus linecards.
We need system_ref_core_clock_khz to be set to 1600000 for supporting j2 and j2cplus linecards on the same chassis.
#### Why I did it
There might be a case where service checker periodic operation determined that specific container is running but when it tries to perform an operation on it, it was already closed by the user. This is a valid flow and we should not log an error message, informative warning is enough.
#### How I did it
I reduce log severity.
#### How to verify it
I verified it manually.