Commit Graph

3822 Commits

Author SHA1 Message Date
xumia
31849a5f02 Fix CVE-2017-1000487 security alert (#7173)
#### Why I did it
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

#### How I did it
Upgrade to 3.0.16
2021-04-07 18:09:56 -07:00
Nazarii Hnydyn
8eb26cf18c [install.sh] Fix CPU cstates configuration. (#7222)
The motivation of these changes is to fix (#6051):

- Why I did it
To fix CPU cstates configuration

- How I did it
Updated code to be POSIX compatible

- How to verify it
root@sonic:/home/admin# sonic_installer install sonic-mellanox.bin

Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
2021-04-07 18:08:41 -07:00
Sumukha Tumkur Vani
b70e47f2c8 [submodule]: Update restapi (#7213)
Feb 17 Fix tests failing due to duplicate vxlan tunnel creation (#75)
Mar 11 Update route api to specify limitation (#77)
Apr 01 Add host_ifname field while adding entry in VLAN table (#80)
2021-04-07 18:07:23 -07:00
Volodymyr Samotiy
d35c31b8fc [Mellanox] Update SDK to 4.4.2508 and FW to xx.2008.2508 (#7141)
Fix the following issues:

Spectrum-2, Spectrum-3 | Port | Fix link issue when using 25 GbE rate between two ports while one is on Spectrum-2-based system and the other is on Spectrum-3-based system
All | warmboot | fail to upgrade from earlier SONiC versions with official SDK/FW 4.4.2306 (was on SONiC 201911)
All | What-Just-Happened | When enabling or disabling WJH under high traffic load to the host CPU, in very specific and low probability conditions, an error could occur, that may result in loss of data, channel failure or in extreme cases SW failure

Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
2021-04-07 18:06:46 -07:00
abdosi
16b97f1859 [multi-asic] Make sure Everflow tables always gets classified as Mirror table (#7241)
Make sure Everflow always gets classified as Mirror table and not as Control Plane on multi-asic platforms.

Why I did:
In Multi-asic platforms we generate Everflow acl table data from minigraph for both host and namespace.
It is possible in multi-asic minigraph if there are no external port-channel (Only Router Port IP Interface) then Everflow table will have no binded interface in host and will gets classified as Control Plane ACL while in namespace gets classified as Mirror Table.
For ACL Rule generation we read global db as source of truth for acl table information and so for everflow rule generation if tables gets classified as Control plane we can generate rules with invalid action causing orchagent to throw runtime error.

How I did:
If the table is attach to erspan interface in minigraph then it always gets classified as mirror table.
2021-04-07 15:16:02 -07:00
roman_savchuk
840f19af18
[BFN] Updated SAI/SDK packages to 20210405 (#7229)
Updated SDE due to issue in driver part
2021-04-07 14:18:49 -07:00
Qi Luo
5bcd280b16
[submodule] Update submodule of sonic-utilities (#7235)
b39dbbc 2021-04-06 | [fast-reboot] Fix dump script to support PortChannels in a VLAN group [201911] (#1547) [shlomibitton]
2021-04-06 19:07:05 -07:00
Abhishek Dosi
b121b939dd [Submodule update] sonic-utilities
ecc1f9b1bb0ad18843e0f969fe8564cf37bf2080 (HEAD -> 201911, origin/201911)
[acl_loader]: add iptype match to the rules for dataplane acl

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2021-04-05 18:58:59 -07:00
abdosi
e94bc63057 [multi-asic] optimize api that checks port/port-channel/bgp is internal (#7232)
Optimize the API's is_port_internal() , is_portchannel_internal() and is_bgp_internal ()to call get_entry(Redis hget) instead of get_table (Redis keys *)
2021-04-05 18:58:59 -07:00
Qi Luo
ad37f61fdf
[sonic-slave-stretch]: Add deepdiff python package for sonic-utilities test (#7231)
Add this package to help Azure/sonic-utilities#1547

Only needed on 201911 branch because future branchs build sonic-utilities in sonic-slave-buster.
2021-04-05 18:01:32 -07:00
Abhishek Dosi
9143cca45f [Submodule update] sonic-utilities
ad9022ebf9c13b59ef8dc47aaa1f89628e64315e (HEAD -> 201911, origin/201911) Reduce time taken by show commands on multi-asic platforms (#1544)
4993a3644bff689701aac2ee2b10c351a9d241ef [fast-reboot]: Fix fail to execute fast-reboot problem (#1047)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2021-04-04 12:18:54 -07:00
rkdevi27
47011a8e2c
[201911][DellEMC] Fix abrupt reboot in S6000 (#6909)
The S6000 devices, the cold reboot is abrupt and it is likely to cause issues which will cause the device to land into EFI shell. Hence the platform reboot will happen after graceful unmount of all the filesystems as in S6100.
2021-03-30 16:14:45 -07:00
pra-moh
e1eb1bda59
[201911][procdockerstatsd] fix typo for variable name (#7183) 2021-03-29 19:22:03 -07:00
Joe LeVeque
72b32a96fc
[201911][dockers][supervisor] Increase event buffer size for process exit listener (#7106)
Backport of https://github.com/Azure/sonic-buildimage/pull/7083 to the 201911 branch.

#### Why I did it

To prevent error [messages](https://dev.azure.com/mssonic/build/_build/results?buildId=2254&view=logs&j=9a13fbcd-e92d-583c-2f89-d81f90cac1fd&t=739db6ba-1b35-5485-5697-de102068d650&l=802) like the following from being logged:

```
Mar 17 02:33:48.523153 vlab-01 INFO swss#supervisord 2021-03-17 02:33:48,518 ERRO pool supervisor-proc-exit-listener event buffer overflowed, discarding event 46
```

This is basically an addendum to https://github.com/Azure/sonic-buildimage/pull/5247, which increased the event buffer size for dependent-startup. While supervisor-proc-exit-listener doesn't subscribe to as many events as dependent-startup, there is still a chance some containers (like swss, as in the example above) have enough processes running to cause an overflow of the default buffer size of 10.

This is especially important for preventing erroneous log_analyzer failures in the sonic-mgmt repo regression tests, which have started occasionally causing PR check builds to fail. Example [here](https://dev.azure.com/mssonic/build/_build/results?buildId=2254&view=logs&j=9a13fbcd-e92d-583c-2f89-d81f90cac1fd&t=739db6ba-1b35-5485-5697-de102068d650&l=802).

I set all supervisor-proc-exit-listener event buffer sizes to 1024, and also updated all dependent-startup event buffer sizes to 1024, as well, to keep things simple, unified, and allow headroom so that we will not need to adjust these values frequently, if at all.
2021-03-29 10:07:43 -07:00
Guohan Lu
4e48a67144 [submodule]: update sonic-utilities
* fc80eeb 2021-03-28 | [acl-loader]: do not add default deny rule for egress acl (#1531) (HEAD, origin/201911) [lguohan]

Signed-off-by: Guohan Lu <lguohan@gmail.com>
2021-03-28 23:27:42 -07:00
Stephen Sun
746a64e483
[mellanox]: Integrate hw-mgmt V.7.0010.1002 (#7149)
Bug fixes

-Removing critical thermal zones to prevent unexpected software system shutdown:
   Kernel 4.9 -0071-mlxsw-core-Remove-critical-trip-point-from-thermal-z.patch
   Kernel 4.19 -076-mlxsw-core-Remove-critical-trip-point-from-thermal-z.patch

- hw-mgmt: thermal: Add hardcoded critical trip point

- Removing redundant link for cpld3 for fixed systems (SN2100, SN2010).

- Fix an issue with a missed attribute for cpld3 (port CPLD) for SN2700, SN2410.

Signed-off-by: Stephen Sun <stephens@nvidia.com>
2021-03-28 19:23:02 -07:00
Abhishek Dosi
6f67599c38 [Submodule update] sonic-utilities
Copy missing values from INIT_CFG to config_db during db_migration (#1522)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2021-03-27 09:35:05 -07:00
Qi Luo
6761ac0aa1
[sonic-linux-kernel] Update submodule (#7170)
Includes below commits
```
be45d3e 2021-03-27 | Integrate kernel patch for hw-mgmt.v.7.0010.1000-bf1 (#202) [Stephen Sun]
```
2021-03-27 09:28:50 -07:00
pra-moh
afe548b61a
[201911][procdockerstatsd] Add missing unit conversion (#7157)
Fixing same issue in 201911 as mention here #7151
2021-03-26 10:24:02 -07:00
Volodymyr Samotiy
fd22b3bcee
[monit] Periodically monitor VNET route consistency (#7078)
To run VNET route consistency check periodically.

For any failure, the monit will raise alert based on return code.
The tool will log required details.
2021-03-25 07:24:59 -07:00
roman_savchuk
e8965e3584
[BFN] Updated SAI/SDK packages to 20210317 (#7082)
Fix for vlan-id ACL filter introduced in SONiC 201911 #234

Signed-off-by: Roman Savchuk <romanx.savchuk@intel.com>
2021-03-24 20:03:03 -07:00
Qi Luo
f609c6a536
[submodule] update sonic-snmpagent (#7123)
Includes commits:
```
8f1526f 2021-03-22 | Temporarily lower the logging level for invalid FDB, which is a known issue on Mellanox (#206) [Qi Luo]
```
2021-03-23 14:38:56 -07:00
Volodymyr Samotiy
88de361f96 [Mellanox] Update FW to xx.2008.2424 (#7118)
Fixed issues:
* Mellanox SN-2700 breakout port not linking up with QSA

Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
2021-03-22 19:35:32 -07:00
shlomibitton
ac7f831357
Fix for all SPC1 devices sai profile speed configurations (#7120)
#### Why I did it
SAI profile files speed configuration have wrong bitmap value for 10/50G speed option.

#### How I did it
Fix to the correct value for all SPC1 devices.

#### How to verify it
Configure on these platforms ports with 10/50G speed using this fix.
2021-03-22 14:36:55 -07:00
Qi Luo
d0b4239f1c
[submodule] Update submodule of sonic-utilities (#7101)
Included commits:
```
b5aedfb 2021-03-18 | [show] Fix show arp in case with FDB entries, linked to default VLAN (#1517) [Qi Luo]
```
2021-03-19 11:32:38 -07:00
Joe LeVeque
2777e982ff
[201911][sonic-config-engine] Parse AutoNegotiation element from LinkMetadata section of minigraph file (#7047)
Backport of https://github.com/Azure/sonic-buildimage/pull/7031 to the 201911 branch

#### Why I did it

To enable parsing the `AutoNegotiation` element from the LinkMetadata section of minigraph file

#### How I did it

Parse the value `AutoNegotiation` element from the `LinkMetadata` section of minigraph file. If the element is present, an `autoneg` key will be added to the port in the `PORT` table of Config DB with a value of either `0` or `1`

If an `autoneg` value is present in port_config.ini, the value from the minigraph will take precedence, overriding that value.

Also remove `AutoNegotiation` and `EnableAutoNegotiation` elements from the `DeviceInfo` section, as we will use this data in the `LinkMetadata` section to determine whether to enable auto-negotiation for a port.
2021-03-18 13:18:15 -07:00
judyjoseph
c15b5ea339 To decrease the Connect Retry Timer from default value which is 120sec to 10 sec. (#7087)
Why I did it
It was observed that on a multi-asic DUT bootup, the BGP internal sessions between ASIC's was taking more time to get ESTABLISHED than external BGP sessions. The internal sessions was coming up almost exactly 120 secs later.

In multi-asic platform the bgp dockers ( which is per ASIC ) on switch start are bring brought up around the same time and they try to make the bgp sessions with neighbors (in peer ASIC's) which may be not be completely up. This results in BGP connect fail and the retry happens after 120sec which is the default Connect Retry Timer

How I did it
Add the command to set the bgp neighboring session retry timer to 10sec for internal bgp neighbors.
2021-03-17 23:16:44 -07:00
Abhishek Dosi
b5e12d9970 [Submodule update] sonic-utilities
ad8eb74cf9b705b914227588b5c8af1ad1af02da (HEAD -> 201911, origin/201911)
[route_check]: Dropped redundant code. (#1463)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2021-03-17 16:45:53 -07:00
Qi Luo
a70ab9ec47
[submodule] Update submodule of sonic-utilities (#7070)
Included commits:
```
0d5fb48 2021-03-16 | [show] Fix 'show mac' output, when FDB entry with Vlan 1 is present (#1507) [maksymbelei95]
```
2021-03-16 21:34:20 -07:00
pra-moh
5f5644bb93
[201911][procdockerstatsd] Fix bug in procdockerstatsd (#7073)
Fix incorrect variable name
2021-03-16 18:41:45 -07:00
pra-moh
bd07256bfd
[201911][procdockerstatsd] Fix unit conversion for docker stats (#7063)
Bug exists in 201911 branch where unit conversion for docker stats is incorrect. Both MiB/GiB to byes conversion is incorrect
Example:
admin@str-s6000-acs-10:/usr/bin$ docker stats --no-stream -a
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
e958c81d27a8 mgmt-framework 0.00% 0B / 0B 0.00% 0B / 0B 0B / 0B 0
9b6b7b4361d5 telemetry 3.13% 86.31MiB / 7.785GiB 1.08% 0B / 0B 0B / 106kB 30
e7fee0b617fe snmp 70.28% 57.03MiB / 7.785GiB 0.72% 0B / 0B 0B / 102kB 9

admin@str-s6000-acs-10:/usr/bin$ redis-cli -n 6 hgetall "DOCKER_STATS|e7fee0b617fe"

"MEM%"
"0.72"
"MEM_LIMIT_BYTES"
"8359080099840"
"NAME"
"snmp"
"NET_OUT_BYTES"
"0"
"MEM_BYTES"
"5980028928"
"BLOCK_OUT_BYTES"
"102000"
"NET_IN_BYTES"
"0"
"BLOCK_IN_BYTES"
"0"
"PIDS"
"9"
"CPU%"
"5.96"
2021-03-16 05:54:19 -07:00
Qi Luo
385e7265ce
[submodule] update sonic-py-swsssdk and sonic-snmpagent (#7061)
Included commits in sonic-py-swsssdk
```
63c75c1 2021-03-14 | Workaround Mellanox default vlan has no SAI_VLAN_ATTR_VLAN_ID attribute (#103) [Qi Luo]
```

Included commits in sonic-snmpagent
```
a8c6e36 2021-03-15 | Implement rfc4363 FdbUpdater for lag inside vlan (#204) [Qi Luo]
```
2021-03-16 04:49:40 -07:00
Tamer Ahmed
7c5f0ff316
Start DHCP Relay When Helpers IPs Are Available (#6961) (#7059)
It is possible to have DHCP relay configuration with no servers/
helpers which result in DHCP container to crash. This PR fixes this
issue by not starting DHCP relay for vlans with no DHCP helpers.

resolves: #6931
closes: #6931
Do not add program group for dhcp relay with not dhcp helpers

Unit test
2021-03-15 14:43:50 -07:00
Abhishek Dosi
50a56f6dd2 [Submodule update] sonic-snmpagent
d81828c6740f2d4fca59fe3ec1d0adb1088a9dbb (HEAD -> 201911, origin/201911) Updated lldpRemManAddrTable to use all the management ip address associated with interface. (#201)
093a3c2c5bc688ddc5e5362dc657f19175e12ce8 Fix fdb_vlanmac() on corner cases (#193)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2021-03-15 12:29:49 -07:00
trzhang-msft
139fcf500c
[dhcp-relay]: add option -si to support using src intf ip in relay (#7055) 2021-03-15 09:23:06 -07:00
trzhang-msft
a0b824f83e
[docker-dhcp-relay]: add -si support in dhcp docker template (#7054) 2021-03-15 09:21:32 -07:00
Abhishek Dosi
de5c664b56 [submodule update] sonic-utilities.
650a68b7f1048530593e27a97536b52aa284a236 (HEAD -> 201911, origin/201911)
[201911 SKU creator] fix wrong speed in case breakout of 2x50
(#1352)
517cdb41febacc04c5ffd3ee326dd45dab33185c [201911] platform pre-check
for reboot (#1472)
d86af49a882095bf05f2e72d128e6103238a8943 [201911] Add soft-reboot
reboot type (#1449)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2021-03-14 19:25:43 -07:00
Kebo Liu
f2cd1ee2db
update SDK/FW and SAI to new version (#7040)
- Why I did it
To pick up new features and fix from SDK/FW and SAI

SDK/FW new Feature:

All | Added support for multiple modules and cable types. For full list contact Nvidia networking support
Spectrum-3 | SN46000C | Added support for up to 5W on ports 49 to 64 .
SDK/FW bugs' fix:

All | fast reboot | fast boot failure from latest 201811 to 201911 and above
Spectrum | 10GbE/1GbE Transceiver (FTLX8574D3BCV) stopped working after firmware upgrade
Spectrum-2 | When device is rebooted with locked Optical Transceivers in split mode, the firmware may get stuck
Spectrum-2 | SN3700 | When connecting at 200GbE to Ixia K400, Ixia receives CRC errors
Spectrum-2 | SN3800 | On rare occasions packets loss may be experienced due to signal integrity issues
Spectrum-2 | When the port is a member of a LAG, after a warmboot and port toggle on the peer-side, the port remains down
Spectrum-3 | SN4700 | While using Optic cable in Split 4x1 mode in PAM4, when two first ports are toggled, the other 2 ports go down
Spectrum-3 | SN4700 | When working in 400GbE, deleting the headroom configuration (changing buffer size to zero) on the fly may cause continual packet drops
SAI

All | Counters | Update tunnel decap counter to capture VNI miss
- How I did it
Update the related version number in the make files and update the submodule pointer accordingly.

- How to verify it
Run regression test and everything works good.
2021-03-14 08:36:03 +02:00
Qi Luo
c8e78a9e34
[201911][submodule] Update sonic-py-swsssdk and sonic-snmpagent submodules (#7046)
Included commits in sonic-py-swsssdk repo
```
4e0c561 2019-11-19 | read portchannel name from LAG_NAME_MAP_TABLE in COUNTERS_DB (#51) [anilkpandey]
```

Included commits in sonic-snmpagent repo
```
02dc2ce 2021-03-12 | add mock tables for LAG_NAME_MAP_TABLE in COUNTERS_DB (#202) [Qi Luo]
```
2021-03-12 21:48:01 -08:00
Santhosh Kumar T
140576ddbb
[201911] DellEMC S6100 SSD Monitor (#6934)
Why I did it
To monitor the SSD health condition in DellEMC S6100 platform post upgrade.

A daemon is introduced to monitor the SSD every one hour.

To check for SSD status at boot time and at the time of cold-reboot.

All these changes are supported only for newer SSD firmware.

Added a platform_reboot_pre_check script to prevent cold-reboot based on SSD status.
Depends on Azure/sonic-utilities#1472
DO NOT MERGE UNTIL ABOVE PR IS MERGED
2021-03-12 17:02:17 -08:00
abdosi
9b553d905d
Fix bgpmon.py sylog for exception handling. (#7030)
[201911] Fix bgpmon.py syslog message during exception handling.
2021-03-12 11:11:59 -08:00
Kebo Liu
c2806eb756
Pickup latest change in sonic-platform-daemon (#7014)
Pick up the latest change in sonic-platform-daemons submodule: Azure/sonic-platform-daemons@f59480d

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2021-03-11 12:00:37 +02:00
judyjoseph
b20e67819f [sonic-cfggen]: Use unix socket when reading from DB only if we are using sudo. (#7002)
Closes issue #6982.
The issue was root caused as we were using the unix_socket for reading from DB as a default mechanism (#5250). The redis unix socket is created as follows.

admin@str--acs-1:~$ ls -lrt /var/run/redis/redis.sock 
srwxrw---- 1 root redis 0 Mar  6 01:57 /var/run/redis/redis.sock
So it used to work fine for the user "root" or if user is part of redis group ( admin was made part of redis group by default )

Check if the user is with sudo permissions then use the redis unix socket, else fallback to tcp socket.
2021-03-10 12:47:20 -08:00
Ze Gan
b73d5a659e [docker-ptf]: Add teamd dependency to ptf (#6994)
Signed-off-by: Ze Gan <ganze718@gmail.com>
2021-03-10 10:50:17 -08:00
Qi Luo
b12383013f [build]: Fix get-pip 2.7 url according to upstream announcement (#6999)
ref: https://bootstrap.pypa.io/2.7/get-pip.py

The URL you are using to fetch this script has changed, and this one will no
longer work. Please use get-pip.py from the following URL instead:

    https://bootstrap.pypa.io/pip/2.7/get-pip.py
2021-03-10 09:51:31 -08:00
Abhishek Dosi
38fbd98cd7 [submodule update] sonic-utilities
9e740759c370645b4367acf22856aebcfb7fce45 (HEAD -> 201911, origin/201911) [201911][multi asic] show ip bgp summary changes for bgp mon (#1483)
fa07245786df11e6df902c33fcd9c7115a7c5380 [CLI][techsupport] Merge 'show techsupport' changes from master (#1468)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2021-03-06 21:25:34 -08:00
abdosi
ab05a2f58a
Add support for BGP Monitors on multi asic SONiC platforms. (#6977)
This PR is cherry-pick of master
https://github.com/Azure/sonic-buildimage/pull/6920

Why I did it
Add support for BGP Monitors on multi asic SONiC platforms.

How I did it
On multi ASIC SONiC platforms, BGP monitor session will be established from Backend ASIC.
To achieve this following changes are done

Add BGP monitor configuration on the backend ASIC.
The BGP monitor configuration is present in the DPG of the device in minigraph.xml of multi-ASIC device, so this configuration will be added to the config_db of the host, when the minigraph is loaded.
To add configuration for this in the Backend ASIC, a new class MultiAsicBgpMonCfg is added to the hostcfgd service to update the config_db of the backend ASIC when the BGP_MONITOR table of the host config_db is updated.
This way incremental BGP_MONITOR configuration can also be handled.

Changes to establish BGP session with bgp monitor.

Add route in host main routing table to go to one of pre-define backend asic
Add IP table rule on front asic to mark the BGP packets with destination as IPv4 Loopback.
Add IP rule in front asic namespace to match mark BGP packet and lookup default table
Program the default route in FrontEnd asic name space docker default table as part of start.sh of the BGP container.
It need to be done as part of start.sh otherwise FRR default route will get over-written.
How to verify it

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
Co-authored-by: Arvind <arlakshm@microsoft.com>
2021-03-06 21:21:52 -08:00
Qi Luo
32e3cd9454
Revert "[monit] Periodically monitor VNET route consistency (#6819)" (#6975)
This reverts commit 2c6be7e0f5.
Reverts #6819
2021-03-06 06:56:26 -08:00
Volodymyr Samotiy
2c6be7e0f5
[monit] Periodically monitor VNET route consistency (#6819)
To run VNET route consistency check periodically.

For any failure, the monit will raise alert based on return code.
The tool will log required details.
2021-03-05 13:15:19 -08:00
Danny Allen
603767d94a
[201911][submodule] Update sonic-utilities submodule (#6966)
- [201911][acl] Expand VLAN into VLAN members when creating an ACL table (#1477)
- [201911][acl-loader] Add support for matching on ICMP and VLAN info (#1476)
- [201911][acl-loader] Improve input validation for acl_loader (#1481)

Signed-off-by: Danny Allen <daall@microsoft.com>
2021-03-05 07:26:10 -08:00