Commit Graph

1149 Commits

Author SHA1 Message Date
Ikki Zhu
2ab45b1127 [Celestica Seastone] fix multi sonic platform issues (#13356)
Why I did it
Fix the following issues for Seastone platform:

- system-health issue: show system-health detail will not complete #9530, Celestica Seastone DX010-C32: show system-health detail fails with 'Chassis' object has no attribute 'initizalize_system_led' #11322
- show platform firmware updates issue: Celestica Seastone DX010-C32: show platform firmware updates #11317
- other platform optimization

How I did it
Modify and optimize the platform implememtation.

How to verify it
Manual run the test commands described in these issues.
2023-02-04 10:48:05 +08:00
Ikki Zhu
e182d03f57 Seastone add platform capability enhancement config (#13079) 2023-02-04 09:53:45 +08:00
andywongarista
19e94dfbfc [Arista] Update ip packet checksum when set to 0xffff on 720DT-48S (#13088)
Why I did it
This is to fix test_forward_ip_packet_with_0xffff_chksum_tolerant test failure on 720DT-48S. IP packets with checksum set to 0xffff will be forwarded with the same checksum on this platform, instead of updating to the correct value.

How I did it
Add bcm config sai_verify_incoming_chksum=0 so that checksum is updated instead of being left unchanged when checksum is 0xffff. Note that packets with invalid checksum are still dropped with this config.
2023-02-04 09:53:41 +08:00
mssonicbld
05fb3f628f
[Arista] add support for hardware sku Arista-7260CX3-D92C16 (#13438) (#13448) 2023-01-20 17:36:37 +08:00
mssonicbld
ab0533e646
two platforms supporting S3IP SYSFS (TCS8400, TCS9400) (#12386) (#13210)
Why I did it
Add two platform that support s3IP framework

How I did it
Add two platforms supporting S3IP SYSFS (TCS8400, TCS9400)

How to verify it
Manual test

Co-authored-by: tianshangfei <31125751+tianshangfei@users.noreply.github.com>
2023-01-09 11:40:35 +08:00
Junchao-Mellanox
dd88006589 [Mellanox] Add device files for SN5600 (#12831)
- Why I did it
Add device files for new platform SN5600

- How I did it
Add device files for new platform SN5600

- How to verify it
Manual test
2022-12-10 10:33:21 +08:00
Mai Bui
c3c37f46ef [device/marvell] Mitigation for security vulnerability (#11876)
#### Why I did it
`os` and `commands` modules are not secure against maliciously constructed input
`getstatusoutput` is detected without a static string, uses `shell=True`
#### How I did it
Eliminate the use of `os` and `commands`
Use `subprocess` instead
2022-12-10 10:33:21 +08:00
Neetha John
93ca0caaa9 Update ECN settings for storage backend (#12855)
Signed-off-by: Neetha John <nejo@microsoft.com>

Why I did it
ECN parameters need to be updated for storage backend

How I did it
Included the check for storage backend devices to update qos configs

How to verify it
Verified that the new ecn settings are applied on storage backend device.
Verified that the old ecn settings are applied for storage frontend, non storage frontend/backend devices
2022-12-10 10:33:21 +08:00
Mai Bui
6759ad27b5 [device/ragile] Mitigation for security vulnerability (#11744)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
The [xml.etree.ElementTree](https://docs.python.org/3/library/xml.etree.elementtree.html#module-xml.etree.ElementTree) module is not secure against maliciously constructed data.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
`subprocess.getstatusoutput` is dangerous because include shell=True in the implementation
#### How I did it
Remove xml. Use [lxml](https://pypi.org/project/lxml/) XML parsers package that prevent potentially malicious operation.
Replace `os` by `subprocess`
Use command as an array instead of string
Use `getstatusoutput_noshell` in `sonic_py_common` lib
2022-12-10 10:33:21 +08:00
Aravind Mani
df8c893a9b [DPB] Dell Z9332f port breakout changes (#12789) 2022-12-10 10:33:21 +08:00
andywongarista
85700117db [Arista] Enable ipv6 128b lpm on 720DT-48S (#12832)
Why I did it
Added to allow test_crm_route to pass; the test tries to add a /126 ipv6 route and this change is required in order for the count of available routes to be updated correctly.
2022-12-10 10:33:21 +08:00
bingwang-ms
147ab55cf2 Add missing flags in qos template file (#12793) 2022-12-10 10:33:21 +08:00
Mai Bui
4963c1cc97 [device/juniper] Mitigation for security vulnerability (#11838)
Signed-off-by: maipbui maibui@microsoft.com
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
`commands` module is not secure
command injection in `getstatusoutput` being used without a static string
#### How I did it
Eliminate `commands` module, use `subprocess` module only
Convert Python 2 to Python 3
2022-12-10 10:33:21 +08:00
Bohan Yang
9b7a04dc0e [Arista]Add media_settings.json for x86_64-arista_7800r3a_36d2_lc (#12444)
Why I did it
TX FIR tuning should be done based on the type of inserted transceiver

How I did it
Add media_settings.json which contains the tuning data for 100G optic and 400G optic.

How to verify it
Tested against x86_64-arista_7800r3a_36d2_lc
2022-12-10 10:33:21 +08:00
bingwang-ms
2e0d958a42 Apply separated DSCP_TO_TC_MAP and TC_TO_QUEUE_MAP to uplink ports on dualtor (#12730)
Why I did it
The PR is to apply separated DSCP_TO_TC_MAP and TC_TO_QUEUE_MAP to uplink ports on dualtor.
The traffic with DSCP 2 and DSCP 6 from T1 is treated as lossless traffic.

DSCP    TC    Queue
2      2     2
6      6     6
Traffic with DSCP 2 or DSCP 6 from downlink is still treated as lossy traffic as before.

How I did it
Define DSCP_TO_TC_MAP|AZURE_UPLINK and TC_TO_QUEUE_MAP|AZURE_UPLINK.

How to verify it
Verified by UT
Verified by coping the new template to a testbed, and rendering a config_db.json
2022-12-10 10:33:21 +08:00
Samuel Angebault
5cd134f32b [Arista] Update platform.json for 7060CX-32S (#12783)
Why I did it
Some sonic-mgmt platform_tests/api were failing on the 7060CX-32S

How I did it
Added the missing metadata in platform.json and platform_components.json
This is purely test data and does not impact our API implementation.

How to verify it
Run platform_tests / api and expect 100% pass rate.
2022-12-10 10:33:21 +08:00
Samuel Angebault
9c8049868c [Arista] Update platform.json for 7260CX3-64 (#12757)
Why I did it
Some sonic-mgmt platform_tests/api were failing on the 7260CX3-64

How I did it
Added the missing metadata in platform.json and platform_components.json
This is purely test data and does not impact our API implementation.

How to verify it
Run platform_tests/api and expect 100% passrate.
2022-12-10 10:33:21 +08:00
Neetha John
dc21c9605e
[Profile separation] MMU infrastructure update for TD2 (#12626)
Signed-off-by: Neetha John <nejo@microsoft.com>

Why I did it
There is a need to have separate profiles on compute and storage and this infra update will help achieve that

How I did it
Moved buffer pool/profile and qos definitions on TD2 to a common folder and all TD2 hwsku's will reference that folder
2022-11-17 12:58:11 -08:00
wenyiz2021
fecc7c6a1d
[Arista] [platform] Add thermal info in platform.json (#12714)
add 1 more thermal entry
2022-11-17 11:05:16 -08:00
Samuel Angebault
4d62689914
[Arista] Add pcie.yaml to 7280CR3-32D4 variants (#12700) 2022-11-14 13:29:30 -08:00
wenyiz2021
39ebf80f1b
[arista] [chassis] Add psu/thermal info in platform.json for sup (#12667)
update psu info in platform.json on sup
2022-11-14 11:03:52 -08:00
Ying Xie
a544a07931
Enable Dx010 LPM (#12642)
Why I did it
DX010 platform has limited routing table size.

How I did it
Enabling LPM.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-11-09 08:15:41 -08:00
wenyiz2021
f581a77a64
[Chassis] [Arista] correct platform.json for sup and LC6 names (#12627)
add platform.json separately for LC6 that has different name, bc of supporting macsec
Signed-off-by: Wenyi Zhang <wenyizhang@microsoft.com>
2022-11-08 12:56:39 -08:00
judyjoseph
c259c996b4
Use the macsec_enabled flag in platform to enable macsec feature state (#11998)
* Use the macsec_enabled flag in platform to enable macesc feature state
* Add macsec supported metadata in DEVICE_RUNTIME_METADATA
2022-11-08 11:03:38 -08:00
arlakshm
c4be3a51aa
[chassis][Arista] add supervisor to the platform_env.conf (#12615)
Why I did it
Fixes #12614

How I did it
In the container_checker the database_chassis is added to expected container if device is supervisor
To detect the device is superviso, add supervisor=1 to the platform_env.conf of 7808 sup platform

How to verify it
run container_checker monit check
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2022-11-07 15:30:02 -08:00
Mai Bui
5b0c4ec1e6
[device/accton] Replace os.system and remove subprocess with shell=True (#11985)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess.Popen()` and `subprocess.run()` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
Replace `os` by `subprocess`
Remove unused functions
2022-11-07 10:31:32 -05:00
roman_savchuk
a31a4e7f82
Revert "[Barefoot] Add xon_offset to pg_profile_lookup.ini (#12073)" (#12568)
Why I did it
This changes should go with updated SDE for BFN. Without update we do see orchagent core dump.

How I did it
Revert changes

How to verify it
Deploy topology. No core dump appears
2022-11-02 09:10:07 +08:00
Vivek
a68ce12dd6
[Mellanox] [SKU] Added Mellanox-SN4700-A96C8V8 SKU (#12347)
- Why I did it
A new SKU for MSN4700 Platform i.e. Mellanox-SN4700-V16A96

Requirements:

Breakout:
Port 1-24: 4x25G(4)[10G,1G]
Port 25-28: 2x100G[200G,50G,40G,25G,10G,1G]
Port 29-32: 2x200G[100G,50G,40G,25G,10G,1G]
Downlinks: 96 (1-24) + 4 (25-28)
Uplinks: 4 (29-32)
Shared Headroom: Enabled
Over Subscribe Ratio: 1:4
Default Topology: T0
Default Cable Length for T1: 5m
VxLAN source port range set: No
Static Policy Based Hashing Supported: No

Additional Details:
QoS params: The default ones defined in qos_config.j2 will be applied
Small Packet Percentage: Used 50% for traditional buffer model Note: For dynamic model, the value defined in LOSSLESS_TRAFFIC_PATTERN|AZURE|small_packet_percentage is used
SKU was drafted under the assumption that the downlink ports uses xcvr's that will only support the first 4 lanes of the physical port they are connected to. Hence for the ports 1-24, the last four lanes are not used
Cable Lengths used for generating buffer_defaults_{t0,t1}.j2 values

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2022-10-20 09:50:07 +03:00
Mariusz Stachura
bdebcffa5c
[Barefoot] Add xon_offset to pg_profile_lookup.ini (#12073)
- Why I did it
Barefoot uses hysteresis, instead of 'xon-threshold'. 'xon' is only
supported in static mode, so there is a need to add this attribute
to every mode in PG profile init file

- How I did it
'xon_offset' was added to pg_profile_lookup.ini

- How to verify it
Install and basic sanity tests including traffic.
Checked with:
pfcwd/test_pfc_config.py pfcwd/test_pfcwd_all_port_storm.py
pfcwd/test_pfcwd_function.py pfcwd/test_pfcwd_war_reboot.py
pfc_asym/test_pfc_asym.py

Signed-off-by: Mariusz Stachura <mariusz.stachura@intel.com>

Signed-off-by: Mariusz Stachura <mariusz.stachura@intel.com>
2022-10-20 14:01:30 +08:00
Mariusz Stachura
9f88d03c2b
[QoS] Support dynamic headroom calculation for Barefoot platforms (#11708)
Signed-off-by: Mariusz Stachura <mariusz.stachura@intel.com>

What I did
Adding the dynamic headroom calculation support for Barefoot platforms.

Why I did it
Enabling dynamic mode for barefoot case.

How I verified it
The community tests are adjusted and pass.
2022-10-19 09:36:56 -07:00
Mai Bui
6f67a3ac6a
[device/quanta] Mitigation for security vulnerability (#11867)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
`shell=True` is dangerous because this call will spawn the command using a shell process
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
#### How I did it
`os` - use with `subprocess`
Use `shell=False` with shell features
- redirection: [https://stackoverflow.com/questions/4965159/how-to-redirect-output-with-subprocess-in-python/6482200#6482200?newreg=53afb91b3ebd47c5930be627fcdf2930](https://stackoverflow.com/questions/4965159/how-to-redirect-output-with-subprocess-in-python/6482200#6482200?newreg=53afb91b3ebd47c5930be627fcdf2930)
- `|` operator: [https://docs.python.org/2/library/subprocess.html#replacing-shell-pipeline](https://docs.python.org/2/library/subprocess.html#replacing-shell-pipeline)
2022-10-19 10:05:36 -04:00
andywongarista
34b6cc0de2
[Arista] Fix content of platform.json for DCS-7050CX3-32S (#12082)
* Fix platform.json for 7050cx3

* Add platform_components.json

* Mark thermals as not controllable
2022-10-18 18:38:28 -07:00
vmittal-msft
cca17ce104
Updated config files to disable DLR_INIT capability (#12401) 2022-10-18 10:13:07 -07:00
Vivek
bc8ee7a105
[Mellanox] [SKU] Mellanox-SN4700-V48C32 SKU added (#12250)
A new SKU for MSN4700 Platform i.e. Mellanox-SN4700-V48C32

Requirements:
Breakout:
Port 1-24: 2x200G
Port 25-32: 4x100G
Downlinks: 48 (1-24)
Uplinks: 32 (25-32)
Shared Headroom: Enabled
Over Subscribe Ratio: 1:8
Default Topology: T1
Default Cable Length for T1: 300m
VxLAN source port range set: No
Static Policy Based Hashing Supported: No
Additional Details:
QoS params: The default ones defined in qos_config.j2 will be applied
Small Packet Percentage: Used 50% for traditional buffer model Note: For dynamic model, the value defined in LOSSLESS_TRAFFIC_PATTERN|AZURE|small_packet_percentage is used
Cable Lengths used for generating buffer_defaults_{t0,t1}.j2 values

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2022-10-18 12:11:02 +03:00
Sambath Kumar Balasubramanian
7ba1d25757
Add 36 port 100g sku for x86_64-arista_7800r3a_36d series of linecards. (#11813)
Add 36 port 100g sku for x86_64-arista_7800r3a_36d series of linecards.
2022-10-17 11:15:19 -07:00
Sudharsan Dhamal Gopalarathnam
629343e0b7
[Mellanox]Adding SKU Mellanox-SN2700-D44C10 (#12396)
#### Why I did it
To add new SKU Mellanox-SN2700-D44C10 with following requirements:

| Port configuration | Value |
| ------  |--------- |
 | Breakout mode for each port  |**Defined in port mapping** |
| Speed of the port |  **Defined in Port mapping** |
| Auto-negotiation enable/disable | **No setting required** |
| FEC mode | **No setting required** |
|Type of transceiver used | **Not needed**|

 Buffer configuration | Value
------  |---------
 Shared headroom | **Enabled**
 Shared headroom pool factor  |  **2**
 Dynamic Buffer | **Disable**
 In static buffer scenario how many uplinks and downlinks? | **44 x50G and 2x100G Downlinks 8x100G uplinks**
 2km cable support required? | **No**

Switch configuration | Value
------  |---------
 Warmboot enabled? | **yes**
 Should warmboot be added to SAI profile when enabled? | **yes**
 Is VxLAN source port range set? | **No**
 Should Vxlan source port range be added to SAI profile when set. | **No**
 Is Static Policy Based Hashing enabled? | **No**

Port Mapping

| Ports  | Mode      |
| ------  |--------- |
| 1,2      | 1x100G |
|  3-6    | 2x50G   | 
| 7-10   | 1x100G |
| 11-22 | 2x50G   |
| 23-26 | 1x100G | 
| 27-32 | 2x50G   |

Number of Uplinks / Downlinks:
TO topology: **44 x50G and 2x100G Downlinks 8x100G uplinks**.

#### How I did it
Defined the SKU as per requirements

#### How to verify it
Load the SKU and verify if all links come up and traffic passes.
2022-10-14 22:12:28 -07:00
Mai Bui
ea101a90d5
[device/delta] Mitigation for command injection vulnerability (#11865)
#### Why I did it
`os` execution functions are not secure against maliciously constructed input.
#### How I did it
Use `subprocess` module
2022-10-13 21:11:51 -07:00
Bohan Yang
fad4034000
Add 36 port 400g SKU for x86_64-arista_7800r3a_36d series of Linecards. (#11872)
Add 36 port 400g SKU for x86_64-arista_7800r3a_36d series of Linecards.
2022-10-13 20:36:44 -07:00
Mai Bui
f1826586b0
Replace eval (#12103)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`eval()` - not secure against maliciously constructed input, can be dangerous if used to evaluate dynamic content. This may be a code injection vulnerability.
#### How I did it
`eval()` - use `literal_eval()`
2022-10-11 10:17:09 -04:00
henry huang
cb707b7969
fixed nokia platform m0 asic mismatch (#12148)
changed the platform device name under nokia directory; we now need to specify marvell armhf/arm64 to provide more accurate platform identity. otherwise onie discovery won't recognize the asic being installed.

Why I did it
when we load images using onie discovery, the process was failing because of marvell ASIC mismatch

How I did it
replace the platform asic with marvell-armhf under 7215

How to verify it
load a new image using http server and verify that the image can be loaded successfully
2022-10-11 15:04:07 +08:00
Marty Y. Lok
9d37b63824
[Nokia] Update Nokia platform IXR7250E device data (#11611)
Signed-off-by: mlok <marty.lok@nokia.com>
2022-10-10 18:49:26 -07:00
Andriy Kokhan
304c6c80c4
[BFN] Reworked BFN platform thermals plugin (#11723)
* [BFN] Updated platform.json for wedge100bf_65x

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>

* Reworked BFN platform thermal logic

* Implemented PSU thermal APIs

* Updated platform.json for accton_wedge100bf_32x

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>

* Updated BFN platform plugins initialization flow

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>
2022-10-11 09:12:28 +08:00
byu343
9b2b8e3e86
Add gearbox taps to vs gearbox_config.json (#11480)
Why I did it
For the change to support gearbox taps by gearbox_config.json (sonic-net/sonic-swss#2158), I need to add tests to sonic-swss/tests/test_gearbox.py to satisfy the test coverage of the change. The existing code in test_gearbox.py has already used brcm_gearbox_vs and here is to add some gearbox tap value to its gearbox_config.json, for the added tests in sonic-swss/tests/test_gearbox.py.

How I did it
How to verify it
This change itself will not affect existing code.
2022-10-10 13:35:06 -07:00
Mai Bui
3cd9b2e1b5
[device/centec] Replace os.system and remove subprocess with shell=True (#12024)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess.Popen()` and `subprocess.run()` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
Replace `os` by `subprocess`, remove `shell=True`
Remove unused functions
2022-10-07 10:48:25 -04:00
Mai Bui
648ca075c7
[device/mellanox] Mitigation for security vulnerability (#11877)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [PR (#12065)](https://github.com/sonic-net/sonic-buildimage/pull/12065) needs to merge first.
#### Why I did it
`subprocess.Popen()` and `subprocess.check_output()` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
Disable `shell=True`, enable `shell=False`
#### How to verify it
Tested on DUT, compare and verify the output between the original behavior and the new changes' behavior.
[testresults.zip](https://github.com/sonic-net/sonic-buildimage/files/9550867/testresults.zip)
2022-10-06 17:51:31 -04:00
Ying Xie
1ad1e19733
[RDMA] create split profiles for Arista-7050CX3-32S (#12228)
Moving buffer configuration files to sub folders to enable multiple buffer profiles. Otherwise, non-functional change.

Signed-off-by: Ying Xie ying.xie@microsoft.com
2022-10-06 14:15:23 -07:00
andywongarista
2f46689a05
[Arista] Add components for 720DT-48S (#12217)
Why I did it
Add components data for sonic-mgmt testing

How I did it
Update platform.json and add platform_components.json

How to verify it
Ran sonic-mgmt tests (test_chassis and test_component)
2022-10-03 13:53:34 +08:00
Dror Prital
44356fa8d7
[Mellanox] Add NVIDIA copyright header for NVIDIA added files (#12130)
- Why I did it
Add NVIDIA Copyright header for new "NVIDIA" files

- How I did it
Add the copyright header as remark at the head of the file
2022-10-02 11:34:24 +03:00
Samuel Angebault
5ff45c5846
Implement ssd_util plugin for Arista products (#11981)
Why I did it
Some Arista products do not have an SSD but use an eMMC instead.
The SsdUtil plugin is therefore extended to support both.

How I did it
Implemented ssd_util.py platform plugin loaded by ssdutil.
This plugin fallback to the default SONiC implementation if the arista one can't be found.

How to verify it
Run show platform ssdhealth on a product with an eMMC
2022-09-21 14:56:14 +08:00
Junhua Zhai
63c14d2e9e
[PikeZ] Update port alias in Arista-720DT-48S (#12086)
Fix #12037, by following HLD https://github.com/sonic-net/SONiC/blob/master/doc/sonic-port-name.md.
2022-09-20 20:04:14 +08:00