- Add INCLUDE_PINS to config to enable/disable container
- Add Docker files and supporting resources
- Add sonic-pins submodule and associated make files
Submission containing materials of a third party:
Copyright Google LLC; Licensed under Apache 2.0
#### Why I did it
Adds P4RT container to SONiC for PINS
The P4RT app is covered by this HLD:
https://github.com/pins/SONiC/blob/master/doc/pins/p4rt_app_hld.md
#### How I did it
Followed the pattern and templates used for other SONiC applications
#### How to verify it
Build SONiC with INCLUDE_P4RT set to "y".
Verify that the resulting build has a container called "p4rt" running.
You can verify that the service is up by running the following command on the SONiC switch:
```bash
sudo netstat -lpnt | grep p4rt
```
You should see the service listening on TCP port 9559.
#### Which release branch to backport (provide reason below if selected)
None
#### Description for the changelog
Build P4RT container for PINS
6f2d8d2110967d813053bcfcd8b34c42c5d0cda2 (HEAD -> 202111, origin/202111) [Voq][Inband] Support the Ethernet-IB port (#228
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
f81043b1f9ff02196629655f4735b33afd7f0ae1 (HEAD -> 202111, origin/202111) [port2alias]: Fix to get right number of return values (#1906)
bbbf65943ec46e9330eadaed8bcdf1612cb8bd55 [CLI][show bgp] On chassis don't show internal BGP sessions by default (#1927)
e12de7e7bf6cff3ec127f261bf88e4d29776d27b [port] Fix port speed set (#1952)
cae7af752d484956d7fe40e4c3a849ddad460976 Fix invalid output of syslog IPv6 servers (#1933)
6009341ddf790094166be5f0a81b4c114f00220b Routed subinterface enhancements (#1821)
6ab9d67ca6550c592b97afb513804be474f84eb0 Enhance sfputil for CMIS QSFP (#1949)
76cc67ba4f81c69b20efb3341808037c9db8f703 [debug dump] Refactoring Modules and Unit Tests (#1943)
cff58a8171423e4012bc8caf9748996a1e98b7e2 Add command reference for trap flow counters (#1876)
71cf3ee43524d56ad57dd90b937cfbf4bf63ba6a [Reclaim buffer] [Mellanox] Db migrator support reclaiming reserved buffer for unused ports (#1822)
e699b49fb722e6d6fe5a1d2dacd2d39eb085c1e4 Add show command for BFD sessions (#1942)
bb6c5774c843dbfad5f1ba00ee76dae7720902d1 [warm-reboot] Fix failures of warm reboot on disconnect of ssh session (#1529)
2e8bbb308477862a76d2327fcf696875e8f08650 Add trap flow counter support (#1868)
58407c1386ef13772a9a9320a795e380f162ab2c [load_minigraph] Delay pfcwd start until the buffer templates are rendered (#1937)
eb388e0584ba1fe8d8dba58f1c5a148036ffe047 [sonic-package-manager] support sonic-cli-gen and packages with YANG model (#1650)
2371d84e7d281bdb9988b5a1a012498dbbfb89ec generic_config_updater: Filename changed & VLAN validator added (#1919)
7c0718dfaf23289d4ecc3ada9332e465c9a4e56b [config reload] Update command reference (#1941)
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
c2aac75 [SFP-Refactor] Fix LP mode API issue (#247)
dba17c8 Firmware upgrade CLI support for QSFP-DD transceivers (#244)
cd69212 [SFP-Refactor] Implement CMIS Low Power mode (#237)
9cea07f Fix RegGroupField decode (#245)
6ae1909 Add CMIS QSFP support (#246)
c1f317d Gracefully handle CMIS APIs for passive modules (#238)
ec7335d fix for firmware functions (#243)
cf2ebe9 Fix RegBitField decode/encode (#242)
ef4f2c6 Fix SFP_CABLE_TECH_FIELD (#240)
e118644 remove time counting message in functions because function running time could be difficult to predict in unit tests (#241)
Signed-off-by: Prince George <prgeor@microsoft.com>
Bring in the following commit:
405f1df Use build profiles instead of distro version for Python 2 binding build (#558)
This change requires a corresponding change in this repo to set a build
profile to not build the python 2 bindings on Bullseye.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This pull request integrate audisp-tacplus to SONiC for per-command accounting.
#### Why I did it
To support TACACS per-command accounting, we integrate audisp-tacplus project to sonic.
#### How I did it
1. Add auditd service to SONiC
2. Port and patch audisp-tacplus to SONiC
#### How to verify it
UT with CUnit to cover all new code in usersecret-filter.c
Also pass all current UT.
#### Which release branch to backport (provide reason below if selected)
N/A
#### Description for the changelog
Add audisp-tacplus for per-command accounting.
#### A picture of a cute animal (not mandatory but encouraged)
The BGP_VOQ_CHASSIS_NEIGHBOR keepalive and holdtime timers are
configured similar to general neighbors. Changes are done to configure
BGP_VOQ_CHASSIS_NEIGHBOR timers similar to BGP_INTENAL_NEIGBOR since voq
chassis bgp neighbors are similar to bgp internal neighbors in
multi-asic. As it is done for bgp internal neighbors, the keepalive and
holdtime timers are set to 3 and 10 seconds respectively. Also similar
to bgp internal neighbors, connection retry timer is also configured for
voq chassis bgp neighbors.
Signed-off-by: vedganes <vedavinayagam.ganesan@nokia.com>
Why I did it
Add bgpcfgd support to advertise routes.
How I did it
Make bgpcfgd subscribe to the ADVERTISE_NETWORK table in STATE_DB and configure route advertisement accordingly.
How to verify it
Added unit tests in bgpcfgd and verify on KVM about route advertisement.
* Routed subinterfae enhancements HLD #833
* Adding python API support to get routed subinterface long name to get correct parent interface for the routed subinterface.
Signed-off-by: Stephen Sun stephens@nvidia.com
Why I did it
Support zero buffer profiles
Add buffer profiles and pool definition for zero buffer profiles
Support applying zero profiles on INACTIVE PORTS
Enable dynamic buffer manager to load zero pools and profiles from a JSON file
Dependency: It depends on Azure/sonic-swss#1910 and submodule advancing PR once the former merged.
How I did it
Add buffer profiles and pool definition for zero buffer profiles
If the buffer model is static:
Apply normal buffer profiles to admin-up ports
Apply zero buffer profiles to admin-down ports
If the buffer model is dynamic:
Apply normal buffer profiles to all ports
buffer manager will take care when a port is shut down
Update buffers_config.j2 to support INACTIVE PORTS by extending the existing macros to generate the various buffer objects, including PGs, queues, ingress/egress profile lists
Originally, all the macros to generate the above buffer objects took active ports only as an argument
Now that buffer items need to be generated on inactive ports as well, an extra argument representing the inactive ports need to be added
To be backward compatible, a new series of macros are introduced to take both active and inactive ports as arguments
The original version (with active ports only) will be checked first. If it is not defined, then the extended version will be called
Only vendors who support zero profiles need to change their buffer templates
Enable buffer manager to load zero pools and profiles from a JSON file:
The JSON file is provided on a per-platform basis
It is copied from platform/<vendor> folder to /usr/share/sonic/temlates folder in compiling time and rendered when the swss container is being created.
To make code clean and reduce redundant code, extract common macros from buffer_defaults_t{0,1}.j2 of all SKUs to two common files:
One in Mellanox-SN2700-D48C8 for single ingress pool mode
The other in ACS-MSN2700 for double ingress pool mode
Those files of all other SKUs will be symbol link to the above files
Update sonic-cfggen test accordingly:
Adjust example output file of JSON template for unit test
Add unit test in for Mellanox's new buffer templates.
How to verify it
Regression test.
Unit test in sonic-cfggen
Run regression test and manually test.
* Add macsec-xpn-support iproute2 in syncd
Signed-off-by: Ze Gan <ganze718@gmail.com>
* Polish code
Signed-off-by: Ze Gan <ganze718@gmail.com>
* Remove useless files
Signed-off-by: Ze Gan <ganze718@gmail.com>
* Add self-compiled iproute2 to docker sonic vs
Signed-off-by: Ze Gan <ganze718@gmail.com>
* Enhance apt install for iproute2 dependencies
Signed-off-by: Ze Gan <ganze718@gmail.com>
Why I did it
resolves#8979 and #9055
How I did it
Remove the file static.conf.j2,which adds the default route on eth0 from bgp docker
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
a0bff26a [acl-loader] modify acl-loader with change in STATE DB ACL capability table (#1896)
a395e284 [debug dump util] Changes for EVPN and VxLAN dump module (#1892)
02a98ef1 [debug dump util] Route Module added (#1913)
ac8382fd [generic-config-updater] Logging change just before applying it (#1934)
9ab6c515 [flex counter] Flex counter threads consume too much CPU resources. #9202 (#1925)
2ec47a59 [generic-config-updater] Handling empty tables while sorting a patch (#1923)
fdedcbf6 [fdbshow]: Handle FDB cleanup gracefully. (#1926)
e7535ae3 [sonic-cli-gen] first phase implementation of the SONiC CLI Auto-generation tool (#1644)
Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
What I did:
Added option 'advertise':'true'/'false' to STATIC_TALE to control whether given route need to be advertise into BGP.
How I did:
Add a route in FRR with tag (1 for advertise and 2 for not advertise)
Create Route Map to match on tag as 1 and permit
Attach route-map to redistribute static.
Minigraph option to parse advertise option of Static Route.
bb0733aa [aclorch] Add ACL_TABLE_TYPE configuration (#1982)
59cab5d9 Support for setting switch level DSCP to TC QoS map (#2023)
da21172e [aclorch] add generic AclOrch::updateAclRule() method (#1993)
4f6cb055 [Reclaiming buffer] Support reclaiming buffer in traditional model (#2011)
32d7a69e [Reclaiming buffer] Common code update (#1996)
b91d8ba7 [swss] L2 Forwarding Enhancements (#1716)
797dab41 [muxorch] Bind all ports to drop ACL table (#2027)
99929cd7 [lgtm.yml] add libgmock-dev (#2035)
8727ae5c [flex counter] Flex counter threads consume too much CPU resources #9202 (#2031)
103fdf05 Remove redundant calls to get child scheduler group during initialization (#1965)
18ea8404 [macsec]: MACsec statistics support (#1867)
0c462420 [orchagent] Flush pipeline every 1 second, not only when select will timeout (#2003)
339101cf [cbf] Add class-based forwarding support (#1963)
24a615bd Fix issue: accumulative headroom can exceed limit in rare scenario (#2020)
708e232a Test divide by zero processing path (#2028)
8f1d035c [macsecmgr]: Wait for port up before enabling macsec (#2032)
4912a770 Remove buffer drop counter when port is removed (#1860)
f9462c49 [Dynamic buffer] [Mellanox] Calculate the peer response time according to the speed (#1930)
8b5a401e Routed subinterface enhancements (#2017)
cdea5e9b Fix next hop compilation (#2025)
37c197d0 [SRV6] Sonic-swss changes for SRV6 (#1964)
f502c320 [vnetorch] Add ECMP support for vnet tunnel routes (#1960)
Signed-off-by: Stephen Sun <stephens@nvidia.com>
HLD updated here: https://github.com/Azure/SONiC/pull/887
#### Why I did it
Command `monit summary -B` can no longer display the status for each critical process, system-health should not depend on it and need find a way to monitor the status of critical processes. The PR is to address that. monit is still used by system-health to do file system check as well as customize check.
#### How I did it
1. Get container names from FEATURE table
2. For each container, collect critical process names from file critical_processes
3. Use “docker exec -it <container_name> bash -c ‘supervisorctl status’” to get processes status inside container, parse the output and check if any critical processes exit
#### How to verify it
1. Add unit test case to cover it
2. Adjust sonic-mgmt cases to cover it
3. Manual test
* [yang_models]: Update extension yang and types yang with new yang extensions and types respectively.
* [YANG] Added CVL specific type and moved sonic-types to j2 template.
* [sonic-acl] add ACL_TABLE_TYPE table
I implemented ACL table type concept. Till this change, there are predefined ACL table types orchagent knows about (L3, L3V6, etc.) and if other orch requires a custom table a new table type needs to be defined in aclorch.
This PR addresses this limitation by introducing AclTableType which can be constructed from a set of matches, actions and bpoint types user needs. There is also a new handler for ACL_TABLE_TYPE table which is used for user to define table types.
Currently, some of built-in ACL table types that requires special handling are distinguished from others by their names (TABLE_TYPE_MIRROR, TABLE_TYPE_MIRRORV6) and a special handling is performed by an AclOrch.
Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
When we update the a sai package downing from a remote server, we need to update the version file as well currently, but the reproducible build feature is not enabled in master, it can only be detected when merging the code into the release branches, such as 202106, 202012, etc.
The reproducible feature is to reduce the build failure, not need to break the build when the version not specified. If version not specified, the best choice is to accept the version from remote server.
Co-authored-by: Ubuntu <xumia@xumia-vm1.jqzc3g5pdlluxln0vevsg3s20h.xx.internal.cloudapp.net>
a3e34e30 [Auto Techsupport] Event driven Techsupport Changes (#1796)
efa2ff62 [show][platform summary] Add chassis type in the platform summary output(#1922)
a39350c6 [aclshow] enhance ACL counters to work with FC infrastructure (#1858)
ed880131 [sonic-package-manager] fix registry requests failing when no service field in Bearer fields (#1921)
00b60455 [VS test] Increase test timeout (#1924)
Previously the Yang model unit tests pulled directly from the Yang model source code for their models. This worked up to a point where we had jinja templates which needed to be rendered before they could be tested on. Now we need to reference the install location of the rendered templates for the unit tests.
Additionally, PBH yang was never added to the list of models to install onto a switch so I have resolved that (another example why pulling directly from the source was not correct)
My best explanation for why we only saw this failing on mellanox was that these tests could not have possibly been running on the broadcom build (I have not investigated this specifically). There was no way for these tests to pass recently given they were referencing Yang models which did not exist in the source (ACL).
Signed-off-by: pettershao-ragilenetworks pettershao@ragilenetworks.com
What I did it
Add new platform x86_64-ragile_ra-b6510-32c-r0 (Trident 3)
ASIC Vendor: Broadcom
Switch ASIC: Trident 3
Port Config: 32x100G
Add new platform x86_64-ragile_ra-b6920-4s-r0 (Tomahawk 3)
ASIC Vendor: Broadcom
Switch ASIC: Tomahawk 3
Port Config: 128x100G
-How I did it
Provide device and platform related files.
-How to verify it
show platform fan
show platform ssdhealth
show platform psustatus
show platform summary
show platform syseeprom
show platform temperature
show interface status
c8eceec 400zr initial support (#228)
ef55364 SSD Health: Retrieve SSD health and temperature values from generic SSD info (#229)
26c8346 Fix cmis cable length issue (#225)
671927d Fix typo in the simulated y_cable driver (#226)
51a9aca [sfp-refactor] Add initial support for CMIS in sonic_xcvr (#220)
Signed-off-by: Prince George <prgeor@microsoft.com>
#### Why I did it
Changes required for feature "Event Driven TechSupport Invocation & CoreDump Mgmt". [HLD](https://github.com/Azure/SONiC/pull/818 )
Requires: https://github.com/Azure/sonic-utilities/pull/1796.
Merging in any order would be fine.
Summary of the changes:
- Added the YANG Models for the new tables introduces as a part of this feature.
- Enhanced init_cfg.json with the default config required
- Added a compile Time flag which enables/disables the config required for this feature inside the init_cfg.json
- Enhanced the supervisor-proc-exit-listener script to populate `<feature>:<critical_proc> = <comm>:<pid>` info in the STATE_DB when it observes an proc exit notification for the critical processes running inside the docker.
6f1a0ea (HEAD, origin/master, origin/HEAD, master) [FlexCounter] Add support for ACL counters (#953)
67b3136 [vslib] fill aclcapability.is_action_list_mandatory field (#957)
eba6a1b [ci]: use native armhf and arm64 pool (#965)
04793b1 [az] Set diff coverage threshold to 50% (#963)
6092d50 [syncd] Add workaround for warm boot new objects (#960)
88b62ce Added Flex Counters support for tunnel counters (#886)
a718226 [Counters] Query Counters Stats Capabilities (#952)
This commit fixes/avoids the following errors encountered during the
marvell-armhf build for bullseye
- Fix Marvell prestera DMA driver build failure due to kallsyms_lookup_name()
no longer being exported by the updated bullseye kernel. This is a temporary
fix that will be replaced by a future version of the DMA driver.
- Update qemu-user-static version to align with the new glibc version included
in bullseye
- Skip systemd-sonic-generator unit tests to avoid test failures. Root cause is
still TBD
#### Why I did it
Fix the following build errors observed when building marvell-armhf for bullseye
1. Marvell Prestera DMA driver uses kernel API no longer exported
ERROR: modpost: "kallsyms_lookup_name" [/sonic/platform/marvell-armhf/prestera/mrvl-prestera/cpssEnabler/linuxNoKernelModule/drivers//mvDmaDrv.ko] undefined!
2. Old qemu-user-static version does not support semop() leading to following build failure
semop(1): encountered an error: Function not implemented
3. systemd-sonic-generator unit test failure
ssg-test.cc:217: Failure
Expected equality of these values:
find_string_in_file(str_t, target, num_asics)
Which is: false
expected_result
Which is: true
Error validating Before=single_inst.service in test.service
[ FAILED ] SsgMainTest.ssg_main_40_npu (20 ms)
[----------] 4 tests from SsgMainTest (36 ms total)
[----------] Global test environment tear-down
[==========] 10 tests from 3 test suites ran. (54 ms total)
[ PASSED ] 7 tests.
[ FAILED ] 3 tests, listed below:
[ FAILED ] SsgMainTest.ssg_main_single_npu
[ FAILED ] SsgMainTest.ssg_main_10_npu
[ FAILED ] SsgMainTest.ssg_main_40_npu
3 FAILED TESTS
This pull request add a bash plugin for TACACS+ per-command authorization
#### Why I did it
1. To support TACACS per command authorization, we check user command before execute it.
2. Fix libtacsupport.so can't parse tacplus_nss.conf correctly issue:
Support debug=on setting.
Support put server address and secret in same row.
3. Fix the parse_config_file method not reset server list before parse config file issue.
#### How I did it
The bash plugin will be called before every user command, and check user command with remote TACACS+ server for per-command authorization.
#### How to verify it
UT with CUnit cover all code in this plugin.
Also pass all current UT.
#### Which release branch to backport (provide reason below if selected)
N/A
#### Description for the changelog
Add Bash TACACS+ plugin.
#### A picture of a cute animal (not mandatory but encouraged)
Fix support for DHCPV6 Relay multi vlan functionality. Make sure the relayed packet is received at correct interface.
How I did it
Bind a socket to each vlan interface's global and link-local address.
Socket binded to global address is used for relaying data from client to server and receiving data from servers.
Socket binded to link-local address is used for relaying data received from server back to the client.
When sshd realizes that this login can't succeed due to internal device state
or configuration, instead of failing right there, it proceeds to prompt for
password, so as the user does not get any clue on where is the failure point.
Yet to ensure that this login does not proceed, sshd replaces user provided password
with a specific pattern of characters matching length of user provided password.
This pattern is "INCORRECT", which is bound to fail.
If user provided length is smaller/equal, the substring of pattern is overwritten.
If user provided length is greater, the pattern is repeated until length is exhausted.
But if the PAM-tacacs plugin would send this password to AAA, the user could get
locked out by AAA, for providing incorrect value.
How I did it
Hence this fix, matches obtained password against the pattern. If match, fail just before
reaching AAA server.
Why I did it
To add ACL FC to the YANG model.
How I did it
Added to the YANG model and added a UT.
How to verify it
Together with depends PRs. Run ACL/Everflow test suite.
Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
* [ACL] enable ACL FC when genereting config from minigraph but disable by default
Why I did it
To support ACL counters on Flex Counter Infrastructure.
How I did it
Enable ACL FC in init_cfg and minigraph. Disable when genereting configuration from preset.
How to verify it
Together with depends PRs. Run ACL/Everflow test suite.
Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
In the build in Bullseye, there are no png files available in the
specified installation source directory. For now, don't bother
installing those files.
This may end up being reverted later if there are indeed png files that
need to be installed for documentation.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Debian actually did a binNMU for snmpd, so to match the package version
we're building with the version in the offiical repos, that version
needs to be manually specified in the changelog.
Buster still needs 5.7.3, because there's a ABI change between 5.7.3 and
5.9 for libsnmp, so for Buster, make sure that 5.7.3 is built, and for
Bullseye, make sure that 5.9 is built.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Remove Python 2 package installation from the base image. For container
builds, reference Python 2 packages only if we're not building for
Bullseye.
For libyang, don't build Python 2 bindings at all, since they don't seem
to be used.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Why I did it
Include validation of chassis dict in platform.json unit test
Based on: Azure/SONiC#768
How I did it
Update platform_json_checker to validate fields in chassis dict.
How to verify it
Verified that the unit test reports success for correct values of existing and capabilities fields in platform.json
Why I did it
Added Buffer yang files derived from sonic/mgmt-cvl/testdata/schema from sonic-mgmt-common, used by mgmt-framework.
Updated BUFFER_PG|({ifname},)*|{pg_num} to BUFFER_PG|{ifname}|{pg_num} in sonic-buffer-pg.yang.
This change is required for configuration migration for dynamic port breakout operation.
Added sonic-buffer-queue.yang for BUFFER_QUEUE
Tables: BUFFER_POOL, BUFFER_PROFILE, BUFFER_PG, BUFFER_QUEUE.
How I did it
Defined Yang models for BUFFER tables based on Guideline doc:
https://github.com/Azure/SONiC/blob/master/doc/mgmt/SONiC_YANG_Model_Guidelines.md
and
https://github.com/Azure/sonic-utilities/blob/master/doc/Command-Reference.md
How to verify it
sonic_yang_models package build.
Description for the changelog
MMU Buffer yang files (BUFFER_POOL/BUFFER_PROFILE/BUFFER_PG/BUFFER_QUEUE)
Updating sonic-utilities sub module with the following commits
63a5257 [TACACS+] Add config command for AAA authorization and accounting. (#1889)
8a8577b [dump] [copp] Fixed the NameError Exception for copp dump module (#1911)
84be8b4 Dump media_settings from appDB during fast-reboot (#1910)
563c416 Allow interface type value none (#1902)
095bf54 generic_updater: Fix service validator related issues (#1901)
efbe1f4 [chassis][supervisor][show][interfaces]show interfaces command warning on Supervisor card (#1771)
487b3b7 Add CRM CLIs for SRV6 nexthop and my_sid_entry (#1883)
52b7a47 (HEAD, origin/master, origin/HEAD) [schema]: MACsec statistics support (#520)
48d7d8a [ci]: use native arm64 and armhf pool to build (#552)
Signed-off-by: Ze Gan <ganze718@gmail.com>
This PR allow user to set none value to interface type. So there is a way to achieve the goal via CLI:
config interface type XXX none
config interface speed XXX 10000
config interface type XXX CR
Including the below commits to update swss submodule
8448a60 [vs tests]Migrating sonic-swss tests to use hwsku instead of fakeplatform (#1978)
faa26db Fix random failure in PR/CI build. (#2006)
e03edb6 Allow interface type value none (#1991)
71b9650 [orchagent] Fix group name of port-buffer-drop in flexcounterorch.cpp (#1967)
facdef5 [VS test] Skip flaky virtual chassis test (#2004)
8261c1f [pytest]: Increase timeout when checking services (#2000)
67278be [teammgrd]: Handle LAGs cleanup gracefully on Warm/Fast reboot. (#1934)
e92c1df Enable FEC statistics collection for Ethernet ports (#1994)
9f30ca1 VxLAN Tunnel Counters and Rates implementation (#1859)
Signed-off-by: Sudharsan Dhamal Gopalarathnam <sudharsand@nvidia.com>
[TACACS+] Add Config DB schema and HostCfg Enforcer plugin to support TACACS+ per-command authorization&accounting. (#9029)
#### Why I did it
Support TACACS per-command authorization&accounting.
#### How I did it
Change ConfigDB schema and HostCfg enforcer.
Add UT to cover changed code.
#### How to verify it
Build following project and pass all UTs:
make target/python-wheels/sonic_host_services-1.0-py3-none-any.whl
#### Which release branch to backport (provide reason below if selected)
N/A
#### Description for the changelog
Add Config DB schema and HostCfg Enforcer plugin to support TACACS+ per-command authorization&accounting.
#### A picture of a cute animal (not mandatory but encouraged)
Added get_system_mac support for cisco-8000 device
Why I did it
This is required to assign unique MACs to namespaces on Backend and Frontend asics
for cisco-8000 platforms
How I did it
Add vendor specific hook in get_system_mac. The MAC address are read from /profile.ini
file
How to verify it
config load_minigraph on a multi-asic system
config save
check mac addresses in DEVICE_METADATA section in each config_db json file
The submodule update includes the following commits
ac3103a Add missing neighbor resolution for MPLS route programming (#1968)
bfba0ad [vlanmgr]Fix for STATE_DB port check logic (#1980)
9ef2ba4 Update VLAN removal code to work with 5.10 kernel and new
41fb26c Handle setting unknown mux state (#1984)
ac09bde Increase timeout for VS tests (#1988)
da8a43e Check if appl DB exists before deleting (#1983)
553d75a Change tunnel orch order (#1977)
7444e96 Add rekey period in macsec mgr (#1958)
d95823d [Buffermgr]Graceful handling of buffer model change (#1956)
b0aa6a0 EVPN VxLAN enhancement to support P2MP tunnel based programming for L
85bdf54 Fix the option missing in kernel config issue (#1973)
6b15584 Orchagent validates mirror session queue parameter against maximum va
fc9ffb9 [copp] Add ISIS, LDP and micro-BFD trap types to CoPP manager (#1890)
452cbc1 [macsecorch]: Add IPG adjusting for MACsec gearbox model (#1925)
Signed-off-by: Sudharsan Dhamal Gopalarathnam <sudharsand@nvidia.com>
What I did:
Fix the typo in Internal Peer Group template for Packet-based Chassis.
Address Review comments of PR: [chassis-packet] minigraph parsing and BGP template changes #8966
- Static Route Parsing for Host
- Formatting of chassis port_config.ini
#### Why I did it
Includes below commits
```
c2d4945 2021-09-17 | [snmp] Allow system with no ports in config db run without errors (#221) [Lior Avramov]
fccb21b 2021-08-30 | [RFC1213]: Initialize lag oid map in reinit_data instead of (#232) [SuvarnaMeenakshi]
```
#### Why I did it
Fixes https://github.com/Azure/sonic-buildimage/issues/8619
#### How I did it
1) Listening to CFG_DB notifications was migrated from ConfigDBConnector to SubscriberStateTable & Select
2) This change in design helped me to remove `update_all_features_config` which was roughly taking a 5-10 sec time to execute and thus the reason for blackout
3) Edited FeatureHandler, Feature & NtpCfgd classes to suit this design
4) Added corresponding mocks and UT's
**Changes made to classes other than HostConfigDaemon:**
With the previous design, the initially read data from the config db was applied by using hardcoded methods even before the config_db.listen() was called. For Eg: `update_all_features_config` for FeatureHandler and load() named methods for NtpCfgd etc
But with this design, since the existing data is read and given out as a notification by SubscriberStateTable, i've pretty much removed these hardcoded methods. Thus changes made to these class will be around adapting them to the new design and no change in the actual functionality .
#### How to verify it
UT's:
```
tests/determine-reboot-cause_test.py ......... [ 29%]
tests/procdockerstatsd_test.py . [ 32%]
tests/caclmgrd/caclmgrd_dhcp_test.py ...... [ 51%]
tests/hostcfgd/hostcfgd_radius_test.py .. [ 58%]
tests/hostcfgd/hostcfgd_test.py ............. [100%]
```
Verified manually,
```
Sep 10 22:53:25.662621 sonic INFO systemd[1]: hostcfgd.service: Succeeded.
Sep 10 22:55:04.127719 sonic INFO /hostcfgd: ConfigDB connect success
Sep 10 22:55:04.128108 sonic INFO /hostcfgd: KdumpCfg init ...
Sep 10 22:55:04.148819 sonic INFO /hostcfgd: Waiting for systemctl to finish initialization
Sep 10 22:55:04.163452 sonic INFO /hostcfgd: systemctl has finished initialization -- proceeding ...
Sep 10 22:55:04.163834 sonic INFO /hostcfgd: Kdump handler...
Sep 10 22:55:04.164019 sonic INFO /hostcfgd: Kdump global configuration update
Sep 10 22:55:04.758784 sonic INFO hostcfgd[184471]: kdump is already disabled
Sep 10 22:55:04.758876 sonic INFO hostcfgd[184471]: Kdump is already disabled
Sep 10 22:55:05.182021 sonic INFO hostcfgd[184511]: Kdump configuration has been updated in the startup configuration
Sep 10 22:55:05.596919 sonic INFO hostcfgd[184528]: Kdump configuration has been updated in the startup configuration
Sep 10 22:55:06.140627 sonic INFO /hostcfgd: Feature nat is stopped and disabled
Sep 10 22:55:06.642629 sonic INFO /hostcfgd: Feature telemetry is enabled and started
Sep 10 22:55:07.101297 sonic INFO /hostcfgd: Feature pmon is enabled and started
Sep 10 22:55:07.554366 sonic INFO /hostcfgd: Feature database is enabled and started
Sep 10 22:55:08.009329 sonic INFO /hostcfgd: Feature mgmt-framework is enabled and started
Sep 10 22:55:08.394952 sonic INFO /hostcfgd: Feature macsec is stopped and disabled
Sep 10 22:55:08.782853 sonic INFO /hostcfgd: Feature snmp is enabled and started
Sep 10 22:55:09.205381 sonic INFO /hostcfgd: Feature teamd is enabled and started
Sep 10 22:55:09.224877 sonic INFO /hostcfgd: Feature what-just-happened is enabled and started
Sep 10 22:55:09.627929 sonic INFO /hostcfgd: Feature lldp is enabled and started
Sep 10 22:55:10.086993 sonic INFO /hostcfgd: Feature swss is enabled and started
Sep 10 22:55:10.170312 sonic INFO /hostcfgd: cmd - service aaastatsd stop
Sep 10 22:55:11.012236 sonic INFO /hostcfgd: cmd - service aaastatsd stop
Sep 10 22:55:12.225946 sonic INFO /hostcfgd: Feature bgp is enabled and started
Sep 10 22:55:12.712792 sonic INFO /hostcfgd: Feature dhcp_relay is enabled and started
Sep 10 22:55:13.166656 sonic INFO /hostcfgd: Feature sflow is stopped and disabled
Sep 10 22:55:13.593639 sonic INFO /hostcfgd: Feature radv is enabled and started
Sep 10 22:55:14.034106 sonic INFO /hostcfgd: Feature syncd is enabled and started
Sep 10 22:55:14.113064 sonic INFO /hostcfgd: cmd - service aaastatsd stop
Sep 10 22:55:14.863601 sonic INFO /hostcfgd: RADIUS_SERVER update: key: 10.10.10.1, op: SET, data: {'auth_type': 'pap', 'passkey': 'p*****', 'retransmit': '1', 'timeout': '1'}
Sep 10 22:55:14.938605 sonic INFO /hostcfgd: cmd - service aaastatsd stop
Sep 10 22:55:15.667545 sonic INFO /hostcfgd: RADIUS_SERVER update: key: 10.10.10.3, op: SET, data: {'auth_type': 'chap', 'passkey': 'p*****', 'retransmit': '2', 'timeout': '2'}
Sep 10 22:55:15.667801 sonic INFO /hostcfgd: RADIUS (NAS) IP change - key:eth0, current global info {}
Sep 10 22:55:15.746531 sonic INFO /hostcfgd: cmd - service aaastatsd stop
Sep 10 23:04:47.435340 sonic INFO /hostcfgd: ntp server update key 0.debian.pool.ntp.org
Sep 10 23:04:47.435661 sonic INFO /hostcfgd: ntp server update, restarting ntp-config, ntp servers configured {'0.debian.pool.ntp.org'}
Sep 10 23:04:47.866394 sonic INFO /hostcfgd: NTP GLOBAL Update
Sep 10 23:04:47.866557 sonic INFO /hostcfgd: ntp global update for source intf old {''} new {'eth0', 'Loopback0'}, restarting ntp-config
Sep 10 23:16:25.157600 sonic INFO /hostcfgd: Running cmd: 'sudo systemctl unmask sflow.service'
Sep 10 23:16:25.178472 sonic INFO hostcfgd[192106]: Removed /etc/systemd/system/sflow.service.
Sep 10 23:16:25.582018 sonic INFO /hostcfgd: Running cmd: 'sudo systemctl enable sflow.service'
Sep 10 23:16:25.604534 sonic INFO hostcfgd[192123]: Created symlink /etc/systemd/system/sonic.target.wants/sflow.service → /lib/systemd/system/sflow.service.
Sep 10 23:16:26.029416 sonic INFO /hostcfgd: Running cmd: 'sudo systemctl start sflow.service'
Sep 10 23:16:26.691927 sonic INFO /hostcfgd: Feature sflow is enabled and started
```
Signed-off-by: Neetha John <nejo@microsoft.com>
Why I did it
Storage T0's have all vlan members as tagged
How I did it
Since currently minigraph does not have a unique way to identify if a vlan member is tagged/untagged and to ensure other scenarios are not broken, the logic used is to just update the vlan member type as 'tagged' when we determine that it is a storage backend device. This change will apply only to storage backend T0's since storage backend T1's will not have vlan member information
How to verify it
Updated the storage backend T0 testcases to check for tagged vlan members
Added testcase to check if a T1 and backend T1 device generates an empty vlan member table
Existing vlan member testcases are good enough for checking if any regression has been caused for regular T0's
Build sonic_config_engine-1.0-py3-none-any.whl successfully
#### Why I did it
Fix a recent build error introduced by a pre-release redis-py. This is a general issue because `python setup.py install` (ie `easy_instal`) does not ignore pre-release versions. The fix is suggested by https://github.com/pypa/setuptools/issues/855#issuecomment-583803959
8ea834b [sonic_installer] Change sonic_installer check ASIC mismatch by platforms list (#1836)
9017d99 Fix the option missing in kernel config issue (#1888)
6595ad4 [mlag] fix log print sequence (#1730)
e600e1c CLI command to load config in Yang format (#1781)
00948d0 Fix the target db version of portchannel-key test (#1842)
6412fea [sonic-package-manager] remove make_python_identifier (#1801)
f738818 [sonic-package-manager] stop service explicitelly before uninstalling package (#1805)
d8ee5e9 Remove exec from platform_reboot_plugin call to handle any hang issue. (#1879)
827fcee [chassis][routecheck]filter out the chassis internal interfaces (#1798)
4d732c6 [generic_config_updater] Logging (#1864)
25bb184 [config]: Add loopback interfaces to interface name checker (#1869)
c950a55 Validate input of config mirror_session add (#1825)
9ab20fd [show][config] fix the muxcable commands for interface naming mode (#1862)
476b3a4 [multi-asic][cli][chassis-db] Avoid connecting to chassis db for cli commands executed from linecard (#1707)
8bb9c5a (HEAD -> master, origin/master, origin/HEAD) Add retry reading/setting mux status to simulated y-cable driver (#221)
2ebd786 [sfp-refactor] Add initial support for SFF-8636 in sonic_xcvr (#218)
221fb8a Fix QSFP-DD power class mask (#212)
4598d40 [Y-Cable][Broadcom] upgrade to support Broadcom Y-Cable API to release 1.2 (#217)
0fdd198 [sfp-refactor] Add initial support for SFF-8436 in sonic_xcvr (#215)
a09f5a3 [sfp-refactor] Add new sonic_xcvr package for common transceiver logic (#201)
7ca4f51 Update SFP index definition (#214)
Signed-off-by: vaibhav-dahiya <vdahiya@microsoft.com>
This pull request will fix bash build break issue when re-build bash.
#### Why I did it
src/bash project using quilt to manage patches, and quilt can't apply patch correctly when cache folder '.pc' is not clean.
#### How I did it
Add command in make file to remove quilt cache folder before apply patches.
#### How to verify it
Re-build bash target target/debs/buster/bash_5.1-2_amd64.deb to validate this fix work.
Pass all UT.
#### Which release branch to backport (provide reason below if selected)
N/A
#### Description for the changelog
Fix bash build break issue when re-build bash.
#### A picture of a cute animal (not mandatory but encouraged)
It is required by stretch/sonic-device-data_1.0-1_all.deb, which is required by docker-sonic-mgmt.gz.
Stretch distribution has old Python 3.5.3.
scandir.close() is new in Python version 3.6.
ref: https://docs.python.org/3/library/os.html#os.scandir.close
Fix the check used to wait for interfaces to come up. The group name in
the supervisor config files has changed from isc-dhcp-relay to
dhcp-relay.
Also, in the wait script, wait 10 additional seconds after the vlans,
port channels, and any interfaces are up. This is because dhcrelay
listens on all interfaces (in addition to port channels and vlans), and
to ensure that it stays in a clean state during runtime, wait some extra
time to make sure that those interfaces are created as well.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This makes it possible to install the debug symbols if needed. Also install
the package into the debug version of sonic-dhcp-relay container.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Why I did it
With current code the delay will take place even if simple 'config reload' command executed and this is not desired.
This delay should be used only when fast-rebooting.
How I did it
Change the type of delay to OnBootSec instead of OnActiveSec.
How to verify it
Fast-reboot with this PR and observe the delay.
Run 'config-reload' command and observe no delay is running.
