Commit Graph

7781 Commits

Author SHA1 Message Date
Samuel Angebault
274e929f11
Reduce SONiC image filesystem size (#16948)
Why I did it
Running SONiC releases past 202012 has become really challenging on system with small storage devices (4GB).
Some of these devices can also be limited by only having 4GB of RAM which complicates mitigations.
The main contributor to these issues is the SONiC image growth.
Being able to reduce it by some decent amount should allow these systems to run SONiC longer.
It would also reduce some impacts related to space savings mitigations.

Work item tracking
Microsoft ADO (number only):
How I did it
Add a build option to reduce the image size.
The image reduction process is affecting the builds in 2 ways:

change some packages that are installed in the rootfs
apply a rootfs reduction script
The script itself will perform a few steps:

remove file duplication by leveraging hardlinks
under /usr/share/sonic since the symlinks under the device folder are lost during the build.
under /var/lib/docker since the files there will only be mounted ro
remove some extra files (man, docs, licenses, ...)
some image specific space reduction (only for aboot images currently)
The script can later be improved but for now it's reducing the rootfs size by ~30%.

How to verify it
Compare the size of an image with this option enabled and this option enabled.
Expect the fully extracted content to be ~30% less.

Which release branch to backport (provide reason below if selected)
This is a backport of #16729

Description for the changelog
Add build option to reduce final image size
2023-10-24 21:08:38 +08:00
Vivek
34728958a1
[submodule] Update sonic-dhcp-relay submodule (#16942)
Why I did it
Update the submodule to include the following fixes

2b33d76 dhcpv6 per interface counter support 
6a6ce24 fix dhcpv6 relay dual tor source interface selection issue 
c36b8e3 [actions] Support Semgrep by Github Actions (#39)
Work item tracking
Microsoft ADO (number only):
How I did it
How to verify it
2023-10-24 09:55:46 +08:00
mssonicbld
9354980199
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#16919) 2023-10-24 03:46:07 +08:00
Saikrishna Arcot
d554cd55d6
[202305] Update Linux kernel to 5.10.179 (#16958)
Why I did it
Update the kernel to 5.10.179 for the 202305 branch

Work item tracking
Microsoft ADO (number only): 24592132
How I did it
How to verify it
2023-10-23 22:37:30 +08:00
mssonicbld
bf605cf771
[ci/build]: Upgrade SONiC package versions (#16964) 2023-10-21 23:04:00 +08:00
mssonicbld
ad70614630
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#16922) 2023-10-21 16:47:48 +08:00
mssonicbld
0de27046bb
[submodule] Update submodule linkmgrd to the latest HEAD automatically (#16917) 2023-10-21 16:47:12 +08:00
mssonicbld
e607dbc6b6
[submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (#16920) 2023-10-21 16:39:12 +08:00
mssonicbld
f057c9a160
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#16918) 2023-10-21 16:36:36 +08:00
mssonicbld
10a1d2d829
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#16921) 2023-10-21 16:32:27 +08:00
jcaiMR
0465d7fdf5 [dhcp-relay]: dhcp/dhcpv6 per interface counter support (#16377)
Why I did it
Support DHCP/DHCPv6 per-interface counter, code change in sonic-build image.

Work item tracking
Microsoft ADO (17271822):

How I did it
- Introduce libjsoncpp-dev in dhcpmon and dhcprelay repo
- Show CLI changes after counter format change

How to verify it
- Manually run show command
- dhcpmon, dhcprelay integration tests
2023-10-21 14:32:29 +08:00
Longxiang Lyu
dd20597e4d [snmp] Check intfmgrd running before start (#16588)
Add pre start check to ensure intfmgrd is running.
The check will run for 20 seconds at most.

Signed-off-by: Longxiang Lyu <lolv@microsoft.com>
2023-10-21 12:32:42 +08:00
Bob Chu
7af177b7b3 [Telemetry] enable default service config if no config from DB (#16683)
#### Why I did it
Fix issue #16533 , telemetry service exit in master and 202305 branches due to no telemetry configs in redis DB.

#### How I did it
Enable default config if no TELEMETRY configs from redis DB.

#### How to verify it
After the fix, telemetry service would work with the following two scenarios:
1. With TELEMETRY config in redis DB, load service configs from DB.
2. No TELEMETRY config in redis DB, use default service configs.
2023-10-21 12:32:37 +08:00
Stepan Blyshchak
eb1451301f [frr] fix default zebra config not inserted into empty zebra.conf (#16747)
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
2023-10-21 12:32:25 +08:00
xumia
ba7aacd49e [Security] Upgrade the OpenSSL/OpenSSH to fix CVE alerts (#16902)
### Why I did it
[Security] Upgrade the OpenSSL/OpenSSH to fix CVE alerts

Upgrade OpenSSL to 1.1.1n-0+deb11u5
Fix CVEs:
      CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
      CVE-2023-0465 (Invalid certificate policies in leaf certificates are
      CVE-2023-0466 (Certificate policy check not enabled).
      CVE-2022-4304 (Timing Oracle in RSA Decryption).
      CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).

Upgrade OpenSSH to 8.4p1-5+deb11u2
Fix CVEs:
    CVE-2023-38408 (Lacks SSH agent restriction)

##### Work item tracking
- Microsoft ADO **(number only)**: 25506776

#### How I did it
Upgrade the OpenSSL/OpenSSH package version and fix the UT failure.

#### How to verify it
Verified by UTs with and without FIPS enabled.
2023-10-21 12:32:21 +08:00
Saikrishna Arcot
fb618b6e0b
[202305] Backport PRs to fix build (#16896, #16859, #16636) (#16934)
* Remove main deb installation for derived deb build (#16859)

* Don't install dependencies of derived debs

When "building" a derived deb package, don't install the dependencies of
the package into the container. It's not needed at this stage.

* Re-add openssh-client and openssh-sftp-server as derived debs

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

---------

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
(cherry picked from commit 9ae77bc2dd)

* Re-add missing dependency for derived debs. (#16896)

* Re-add missing dependency for derived debs.

My previous changed removed the whole dependency on the main deb
existing, not just the installation of the main deb. Fix this by
readding a dependency on the main deb being built/pulled from cache.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

---------

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
(cherry picked from commit 963d40a77b)

* [build] Fix build issue in docker-ptf-sai caused by setuptools_scm new release (#16636)

docker-ptf-sai build fails on setuptools_scm's new release on 09/20/2023.
Use old version instead.

(cherry picked from commit bfa05c8349)

---------

Co-authored-by: Liu Shilong <shilongliu@microsoft.com>
2023-10-20 15:39:54 +08:00
Aman Singhal
f265c79541 [cisco]: Enable Kdump config by default for cisco-8000 (#16224)
Why I did it
Enabling kdump by default for cisco-8000 by setting crashkernel cmdline arg in device installer.conf.
After bootup, sonic-kdump-config wipes crashkernel arg from /host/grub/grub.cfg, and resets USE_KDUMP in /etc/default/kdump-tools, so kdump will not be enabled on subsequent reboot.

How I did it
Setting kdump enable config as part of init_cfg.json for cisco-8000 platforms.

How to verify it
Install SONiC image with kdump enabled by default (device/hwsku/installer.conf), then reboot.
Kdump config should persist on subsequent reboots and kdump loaded during bootup

Signed-off-by: Aman Singhal <amans@cisco.com>
2023-10-18 00:37:30 +08:00
Sudharsan Dhamal Gopalarathnam
eea4da346f [FRR] Adding patches for CVE-2023-41358 and CVE-2023-38802 (#16749)
Created patches to address two CVEs from FRR CVE-2023-41358 and CVE-2023-38802.

Patch	FRR commit	CVE fixed
0024-bgpd-Do-not-process-NLRIs-if-the-attribute-length-is.patch	FRRouting/frr@f291f1e	CVE-2023-41358
0025-bgpd-Use-treat-as-withdraw-for-tunnel-encapsulation-.patch	FRRouting/frr@8a4a88c	CVE-2023-38802
2023-10-18 00:37:22 +08:00
Ashwin Srinivasan
c31ccbaba8 Revert "Move /var/log to RAM for Mellanox SN2700, Nokia 7215 and Dell S6100 (#15077)" (#16775)
This reverts commit 05f326eed9.

Microsoft ADO 25355843:
2023-10-18 00:37:18 +08:00
Samuel Angebault
dbea038e96 Disable CPU C-States other than C1 (#16703)
Why I did it
Networking devices need to be responsive. Such responsiveness is harmed when the CPU change state.
There is a latency penalty when a CPU is idle (e.g C2) and need to exit this state to come back to C1 state.
To prevent this from happening the CPU should be forced to remain in C1 state.

How I did it
Generalize the cstate forcing to C1 to all Arista products.
This is done by adding processor.max_cstate=1 to the kernel cmdline for all CPUs.
Additionally Intel CPUs also need intel_idle.max_cstate=0 to fallback to the acpi_idle driver.

How to verify it
Check that processor.max_cstate=1 is present on the cmdline for AMD CPUs
Check that both processor.max_cstate=1 and intel_idle.max_cstate=0 are present on the cmdline for Intel CPUs
2023-10-17 20:49:07 +08:00
Samuel Angebault
a8b53e1452 [Arista] Remove pcie device monitoring for 7260CX3-64 (#12734)
On some products from this line one of the management NIC might be unpopulated.
On such products this leads to errors from pcied and pcie-check.sh

How I did it
Remove this PCIe device from pcie.yaml

How to verify it
Run pcieutil check on the 2 hardware variants and validate that it passes.
Restart pcied and make sure that there is no more error logs in the syslog.

ADO: 25447788
2023-10-17 20:49:02 +08:00
mssonicbld
e80b956502
[ci/build]: Upgrade SONiC package versions (#15617) 2023-10-17 20:48:25 +08:00
Saikrishna Arcot
39cdee57e1 [baseimage]: Update openssh to 1:8.4p1-5+deb11u2 (#16826)
Openssh in Debian Bullseye has been updated to 1:8.4p1-5+deb11u2 to fix CVE-2023-38408. 
Since we're building openssh with some patches, we need to update our version as well.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-10-17 16:34:18 +08:00
abdosi
584c448b22 [chassisd]: Updated the API get_platform_info() to return running/detected ASIC's count (#16539)
previously, get_num_asics() returns the maximum number of asics. however, the asic_count 
should be actual number of asics populated which can be get from get_asic_presence_list().

ADO: 25158825

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2023-10-16 16:34:40 +08:00
mssonicbld
503cb55cdb
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#16868)
#### Why I did it
src/sonic-swss
```
* fc63383b - (HEAD -> 202305, origin/202305) [ppi]: Implement port bulk comparison logic (#2921) (2 days ago) [Nazarii Hnydyn]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-10-13 16:33:57 +08:00
mssonicbld
f6bf09d796
upgrade xgs SAI version to 8.4.21.0 (#16805) (#16873) 2023-10-13 16:11:28 +08:00
Samuel Angebault
696c3ec44d
[202305][Arista] Update platform library submodules (#16702) 2023-10-12 22:53:35 +08:00
mssonicbld
261113ada9
[submodule] Update submodule sonic-host-services to the latest HEAD automatically (#16842)
#### Why I did it
src/sonic-host-services
```
* fc88254 - (HEAD -> 202305, origin/202305) Support to config fips state (#69) (#78) (16 hours ago) [xumia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-10-12 20:49:04 +08:00
Liu Shilong
a4e6e3da8b [build] Add sonic-utilities to sonic-host-services dependencies list. (#15987)
Why I did it
sonic-host-services depends on sonic-utilities because of FIPS feature.
Add dependency to unblock submodule sonic-host-services HEAD pointer update.

Work item tracking
Microsoft ADO (number only): 24671218
How I did it
2023-10-12 12:32:53 +08:00
Sudharsan Dhamal Gopalarathnam
d92eade3d3 [build]Fix FRR build cache issue (#16713)
### Why I did it
When FRR is built with Cache enabled, the build failed with the following error logs
```
[2023-09-20T15:17:00.273Z] fatal: Unable to hash src/sonic-frr/frr/tests/topotests/grpc_basic/lib
[2023-09-20T15:17:00.273Z] fatal: Unable to hash src/sonic-frr/frr/tests/topotests/ospfapi/lib
[2023-09-20T15:17:00.273Z] make: *** [Makefile.cache:528: target/debs/bullseye/frr_8.5.1-sonic-0_amd64.deb.smdep] Error 123
[2023-09-20T15:17:00.273Z] make: *** Waiting for unfinished jobs....
```
#### How I did it
Currently symlinks are excluded in hardcoded fashion. With FRR upgrades new symlinks might get introduced. To overcome it modified the way in which symlinks are excluded by finding symlinks using find command

#### How to verify it
Build FRR with cache enabled
2023-10-11 02:33:09 +08:00
Liu Shilong
0772884971 [build] Fix frr dpkg cache calculation issue on symbolic link file. (#16700)
Why I did it
Now build will fail on:

fatal: Unable to hash src/sonic-frr/frr/tests/topotests/grpc_basic/lib
fatal: Unable to hash src/sonic-frr/frr/tests/topotests/ospfapi/lib
make: *** [Makefile.cache:528: target/debs/buster/frr_8.5.1-sonic-0_amd64.deb.smdep] Error 123
make: *** Waiting for unfinished jobs....
Root cause is that these files are symbol links.
git hash-object can't hash symbol links.

Work item tracking
Microsoft ADO (number only): 25271730
How I did it
These two files are symbol links.
When calculate sha value, skip these two files.
2023-10-10 16:33:28 +08:00
mssonicbld
efe5ca8c49
Fix the dependency grpcio-tools version (#16776) (#16809) 2023-10-09 19:02:12 +08:00
mssonicbld
b843245757
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#16806)
#### Why I did it
src/sonic-linux-kernel
```
* e262947 - (HEAD -> 202305, origin/202305) Revert "Update to Linux 5.10.179 (#328)" (19 hours ago) [stormliang]
* e64669d - Update to Linux 5.10.179 (#328) (2 days ago) [Saikrishna Arcot]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-10-09 18:36:02 +08:00
SuvarnaMeenakshi
2579b9506c
[202305][SNMP][IPv6]: Revert PRs to support SNMP over IPv6 (#16649)
* Revert "[SNMP][IPv6]: Fix to use link local IPv6 address as snmp agentAddress (#16013)"

This reverts commit ebe8c8c223.

* Revert "[SNMP][IPv6]: Fix SNMP IPv6 reachability issue in certain scenarios (#15487) (#15874)"

This reverts commit 83aa8b8180.
2023-10-09 09:47:44 +08:00
mssonicbld
d675af7027
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#16799)
#### Why I did it
src/sonic-gnmi
```
* df4d49f - (HEAD -> 202305, origin/202305) Install necessary debs instead of entire artifact in azp (#137) (12 hours ago) [Zain Budhwani]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-10-08 16:32:21 +08:00
mssonicbld
ddd932eb92
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#16803) 2023-10-08 15:54:12 +08:00
mssonicbld
e6cdb9a590
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#16801) 2023-10-08 15:50:58 +08:00
mssonicbld
0c4a5b4a82
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#16804) 2023-10-08 15:32:19 +08:00
jhli-cisco
45b023cbe5
Update cisco-8000.ini (#16786)
Why I did it
First SONIC 202305 based release
Includes all fixes so far up to latest 202205 based 8111 drop (Code drop 111: 202205.main.0.13)
Work item tracking
Microsoft ADO (number only):
How I did it
update to 202305.main.0.1 release

How to verify it
2023-10-08 12:30:32 +08:00
Nazarii Hnydyn
ea40778e35
[ssm]: Enable Store-And-Forward switching mode for SN2700/SN3800/SN4600C/SN4700. (#16761)
BACKPORT: #16781

Why I did it
To enable Store-And-Forward switching mode for SN2700/SN3800/SN4600C/SN4700
Work item tracking
N/A
How I did it
Added vendor SAI config options
How to verify it
make configure PLATFORM=mellanox
make target/sonic-mellanox.bin
2023-10-08 12:29:09 +08:00
mssonicbld
70332c1fde
[nokia]: Updated total headroom pool size to accommodate 100G ports on T2 uplinks (#16690) (#16798) 2023-10-08 04:04:33 +08:00
mssonicbld
94044d0dbf
[Nokia][sonic-platform] Update Nokia sonic-platform submodule - SFP support for CMIS CDB operations (#16572) (#16796) 2023-10-08 03:21:38 +08:00
mssonicbld
e793e83c0a
Update BMCDATAV6 Definition (#16634) (#16797) 2023-10-08 03:06:51 +08:00
mssonicbld
c3ea44a522
[Mellanox] add new platform 2700 a1 (#16515) (#16795) 2023-10-08 03:06:03 +08:00
mssonicbld
413f4bd253
[Arista] Add new hwskus to x86_64-arista_7060dx5_32 (#16077) (#16794) 2023-10-08 02:59:07 +08:00
mssonicbld
7c812509fd
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#16764) 2023-10-05 15:21:57 +08:00
Junchao-Mellanox
648c94dd59 [Mellanox] wait reset cause ready (#16722)
Why I did it
SONiC service determine-reboot-cause might run before driver creating reset cause files. In that case, the reset cause will be "Unknown". This PR introduces a wait mechanism to wait for reset cause sysfs files ready.

How I did it
/run/hw-management/config/reset_attr_ready is the file to indicate all reset cause files are ready. In chassis.get_reboot_cause function, it waits /run/hw-management/config/reset_attr_ready for up to 45 seconds.

How to verify it
Manual test on master/202211/202205
2023-10-04 14:34:30 +08:00
mssonicbld
185a63bc7f
[fast-reboot] Fix regression: set FAST_REBOOT state_db flag to support fast-reboot from older images (#16733) (#16753) 2023-09-29 05:29:20 +08:00
xumia
28f011a2f0 [Ci] Change the package upgrade PR title (#16674)
* [Ci] Change the package upgrade PR title

* Change the branchname variable, and change the body
2023-09-28 02:33:48 +08:00
Vivek
11e9f7c0de [Nvidia] Remove the dependency on python_sdk_api for sfp api (#16545)
Sfp api can now be called from the host which doesn't have the python_sdk_api installed. Also, sfp api has been migrated to use sysfs instead of sdk handle.

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2023-09-27 18:33:34 +08:00