Commit Graph

445 Commits

Author SHA1 Message Date
Stepan Blyshchak
a10f1f22de [SONiC Application Extension] support warm/fast reboot for extension packages (#7286)
#### Why I did it

I made this change to support warm/fast reboot for SONiC extension packages as per HLD Azure/SONiC#682.

#### How I did it

I extended manifest.json.j2 with new warm/fast reboot related fields and also extended sonic_debian_extension.j2 script template to generate the shutdown order files for warm and fast reboot.
2021-08-06 17:29:12 -07:00
Stepan Blyshchak
790bdded96 [dhcp-relay] make DHCP relay an extension (#6531)
- Why I did it
Make DHCP relay docker an extension. DHCP relay now carries dhcp relay commands CLI plugin and has a complete manifest.
It is installed as extension if INCLUDE_DHCP_REALY is set to y.

DEPENDS on #5939

- How I did it
Modify DHCP relay docker makefile and dockerfile. Make changes to sonic_debian_extension.j2 to install sonic packages.
I moved DHCP related CLI tests from sonic-utilities to DHCP relay docker.
This PR introduces a way to write a plugin as part of docker image and run the tests from cli-plugin-tests directory under docker directory.
The test result is available in target/docker-dhcp-relay.gz.log:

[ REASON ] :      target/docker-dhcp-relay.gz does not exist   NON-EXISTENT PREREQUISITES: docker-start target/docker-config-engine-buster.gz-load target/python-wheels/sonic_utilities-1.2-py3-none-any.whl-in
stall target/debs/buster/python3-swsscommon_1.0.0_amd64.deb-install
[ FLAGS  FILE    ] : []
[ FLAGS  DEPENDS ] : []
[ FLAGS  DIFF    ] : []
============================= test session starts ==============================
platform linux -- Python 3.7.3, pytest-3.10.1, py-1.7.0, pluggy-0.8.0 -- /usr/bin/python3
cachedir: .pytest_cache
rootdir: /sonic/dockers/docker-dhcp-relay/cli-plugin-tests, inifile:
plugins: cov-2.6.0
collecting ... collected 10 items

test_config_dhcp_relay.py::TestConfigVlanDhcpRelay::test_plugin_registration PASSED [ 10%]
test_config_dhcp_relay.py::TestConfigVlanDhcpRelay::test_config_vlan_add_dhcp_relay_with_nonexist_vlanid PASSED [ 20%]
test_config_dhcp_relay.py::TestConfigVlanDhcpRelay::test_config_vlan_add_dhcp_relay_with_invalid_vlanid PASSED [ 30%]
test_config_dhcp_relay.py::TestConfigVlanDhcpRelay::test_config_vlan_add_dhcp_relay_with_invalid_ip PASSED [ 40%]
test_config_dhcp_relay.py::TestConfigVlanDhcpRelay::test_config_vlan_add_dhcp_relay_with_exist_ip PASSED [ 50%]
test_config_dhcp_relay.py::TestConfigVlanDhcpRelay::test_config_vlan_add_del_dhcp_relay_dest PASSED [ 60%]
test_config_dhcp_relay.py::TestConfigVlanDhcpRelay::test_config_vlan_remove_nonexist_dhcp_relay_dest PASSED [ 70%]
test_config_dhcp_relay.py::TestConfigVlanDhcpRelay::test_config_vlan_remove_dhcp_relay_dest_with_nonexist_vlanid PASSED [ 80%]
test_show_dhcp_relay.py::TestVlanDhcpRelay::test_plugin_registration PASSED [ 90%]
test_show_dhcp_relay.py::TestVlanDhcpRelay::test_dhcp_relay_column_output PASSED [100%]

=============================== warnings summary ===============================
/usr/local/lib/python3.7/dist-packages/tabulate.py:7
  /usr/local/lib/python3.7/dist-packages/tabulate.py:7: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
    from collections import namedtuple, Iterable

-- Docs: https://docs.pytest.org/en/latest/warnings.html
==================== 10 passed, 1 warnings in 0.35 seconds =====================
2021-08-06 17:28:55 -07:00
jusherma
fd564b05fa [build]: Allow build-time specification of alternative docker registries (#8134)
Why I did it
Allows users to host their own local docker registries and utilize them via the REGISTRY_SERVER and REGISTRY_PORT environmental variables

How I did it
Only set REGISTRY_SERVER and REGISTRY_PORT in rules/config if they are unset.

How to verify it
Export environmental variables REGISTRY_SERVER and REGISTRY_PORT to an alternative docker registry. Export the environmental variable ENABLE_DOCKER_BASE_PULL to y.
Ensure the required sonic-slave docker images are not present locally, but are available in the docker registry
Execute make init and make configure
Confirm that the appropriate docker images were pulled from the appropriate docker registry, and not built locally
2021-08-03 23:37:24 -07:00
Ying Xie
7236fa98e8
Revert "[Kubernetes]: The kube server could be used as http-proxy for docker (#7469)" (#8023)
This change causes nightly test to fail due to the fake proxy IP is not reachable.

Reverts #7469

This reverts commit f7ed82f44a.
2021-06-29 18:43:53 -07:00
Stepan Blyshchak
9de7e6860b
[sonic-app-ext] support app extensions installation during build (#7593)
Signed-off-by: Stepan Blyschak stepanb@mellanox.com

Why I did it
To support building DHCP relay as extension and installing it during build time.

How I did it
Created infrastructure. Users need to define their packages in rules/sonic-packages.mk

How to verify it
Together with #6531
2021-06-29 09:07:33 -07:00
Myron Sosyak
d6d7cb7006
Fix build with INSTALL_DEBUG_TOOLS=y (#7940)
Why I did it
To Fix SONiC build with INSTALL_DEBUG_TOOLS=y

How I did it
Fixed generate_manifest function to use version prefix in file names

How to verify it
Build SONiC with INSTALL_DEBUG_TOOLS=y
2021-06-24 14:59:40 +08:00
Shi Su
f52ba3b496
Remove quagga-related code (#7898)
Why I did it
Quagga is no longer being used. Remove quagga-related code (e.g., docker-fpm-quagga, sonic-quagga, etc.).

How I did it
Remove quagga-related code.
2021-06-23 09:15:56 -07:00
Santhosh Kumar T
f8eb5b0958
Flashrom refactoring for broadcom platforms (#7693)
#### Why I did it
- To build flashrom properly with dependency tracking.

#### How I did it
- Moved flashrom code from platform/broadcom/sonic-platform-modules-dell/tools directory to src/flashrom directory.
- At the end, flashrom_0.9.7_amd64.deb package is build which will be installed in the devices.
- Currently flashrom builds only for Dell S6100 platforms.
2021-06-22 15:29:21 -07:00
judyjoseph
3ad830eb49
New sonic-buildimage images for Broadcom DNX ASIC family. (#7598)
Introduce new sonic-buildimage images for Broadcom DNX ASIC family.

sonic-broadcom-dnx.bin
sonic-aboot-broadcom-dnx.swi

How I did it

NO CHANGE to existing make commands

make init; make configure PLATFORM=broadcom;  make target/sonic-aboot-broadcom.swi; make  target/sonic-broadcom.bin

The difference now is that it will result in new broadcom images for DNX asic family as well. 

sonic-broadcom.bin, sonic-broadcom-dnx.bin
sonic-aboot-broadcom.swi, sonic-aboot-broadcom-dnx.swi

Note: This PR also adds support for Broadcom SAI 5.0 (based on 1.8 SAI ) for DNX based platform + changes in platform x86_64-arista_7280cr3_32p4 bcm config files and platform_env.conf files
2021-06-22 11:12:22 -07:00
Renuka Manavalan
f7ed82f44a
[Kubernetes]: The kube server could be used as http-proxy for docker (#7469)
Why I did it
The SONiC switches get their docker images from local repo, populated during install with container images pre-built into SONiC FW. With the introduction of kubernetes, new docker images available in remote repo could be deployed. This requires dockerd to be able to pull images from remote repo.

Depending on the Switch network domain & config, it may or may not be able to reach the remote repo. In the case where remote repo is unreachable, we could potentially make Kubernetes server to also act as http-proxy.

How I did it
When admin explicitly enables, the kubernetes-server could be configured as docker-proxy. But any update to docker-proxy has to be via service-conf file environment variable, implying a "service restart docker" is required. But restart of dockerd is vey expensive, as it would restarts all dockers, including database docker.

To avoid dockerd restart, pre-configure an http_proxy using an unused IP. When k8s server is enabled to act as http-proxy, an IP table entry would be created to direct all traffic to the configured-unused-proxy-ip to the kubernetes-master IP. This way any update to Kubernetes master config would be just manipulating IPTables, which will be transparent to all modules, until dockerd needs to download from remote repo.

How to verify it
Configure a switch such that image repo is unreachable
Pre-configure dockerd with http_proxy.conf using an unused IP (e.g. 172.16.1.1)
Update ctrmgrd.service to invoke ctrmgrd.py with "-p" option.
Configure a k8s server, and deploy an image for feature with set_owner="kube"
Check if switch could successfully download the image or not.
2021-06-16 07:46:01 -07:00
xumia
f6098c8c6d
[build]: Fix missing the depended files of dpkg cache in config engine (#7840)
#### Why I did it
The PR checkers do not re-run the sonic-config-engine test cases, caused by some of the config files changes not detected.

https://sonic-jenkins.westus2.cloudapp.azure.com/job/mellanox/job/buildimage-mlnx-all/660/console
…
07:13:24  ======================================================================
07:13:24  ERROR: test_bgpd_quagga (tests.test_j2files.TestJ2Files)
07:13:24  ----------------------------------------------------------------------
…
07:13:24  ======================================================================
07:13:24  ERROR: test_zebra_quagga (tests.test_j2files.TestJ2Files)
07:13:24  ----------------------------------------------------------------------
…
07:13:24  error: Test failed: <unittest.runner.TextTestResult run=161 errors=2 failures=0>
07:13:24  [  FAIL LOG END  ] [ target/python-wheels/sonic_config_engine-1.0-py2-none-any.whl ]
07:13:24  make: *** [slave.mk:603: target/python-wheels/sonic_config_engine-1.0-py2-none-any.whl] Error 1
07:13:24  Makefile.work:292: recipe for target 'target/sonic-mellanox.bin' failed
07:13:24  make[1]: *** [target/sonic-mellanox.bin] Error 2
07:13:24  make[1]: Leaving directory '/data2/johnar/workspace/mellanox/buildimage-mlnx-all'
07:13:24  Makefile:7: recipe for target 'target/sonic-mellanox.bin' failed
07:13:24  make: *** [target/sonic-mellanox.bin] Error 2

See PR: https://github.com/Azure/sonic-buildimage/pull/7476


#### How I did it
Add the depended files.
See src/sonic-config-engine/tests/test_j2files.py
2021-06-15 19:09:29 -07:00
arlakshm
4d07bbbec6
[Yang][cfggen] update sonic-cfggen to generate config_db from Yang data (#7712)
Why I did it
This PR adds changes in sonic-config-engine to consume configuration data in SONiC Yang schema and generate config_db entries

How I did it
Add a new file sonic_yang_cfg_generator .
This file has the functions to

parse yang data json and convert them in config_db json format.
Validate the converted config_db entries to make sure all the dependencies and constraints are met.
Add a new option -Y to the sonic-cfggen command for this purpose

Add unit tests

This capability is support only in sonic-config-engine Python3 package only
2021-06-10 12:03:33 -07:00
Qi Luo
658ed4fd37
Revert "Remove quagga related code (#7476)" (#7831)
Reverts Azure/sonic-buildimage#7476
It remove bgpd.conf.j2 and zebra.conf.j2, which is still used by sonic-config-engine unit test.
2021-06-09 18:52:45 -07:00
Shi Su
62a4603eef
Remove quagga related code (#7476)
Why I did it
Quagga is no longer being used. Remove quagga-related code (e.g., docker-fpm-quagga, sonic-quagga, etc.).

How I did it
Remove quagga-related code.
2021-06-07 16:44:54 -07:00
yozhao101
1a3cab43ac
[Monit] Deprecate the feature of monitoring the critical processes by Monit (#7676)
Signed-off-by: Yong Zhao yozhao@microsoft.com

Why I did it
Currently we leveraged the Supervisor to monitor the running status of critical processes in each container and it is more reliable and flexible than doing the monitoring by Monit. So we removed the functionality of monitoring the critical processes by Monit.

How I did it
I removed the script process_checker and corresponding Monit configuration entries of critical processes.

How to verify it
I verified this on the device str-7260cx3-acs-1.
2021-06-04 10:16:53 -07:00
Stepan Blyshchak
d7b96dfdf1
[sonic-sdk] add sonic sdk and sonic sdk buildenv (#6712)
- Why I did it

To give SONiC Application Extension developers an environment to run and develop their apps.

- How I did it
Created sonic-sdk and sonic-sdk-buildenv dockers and their dbg versions.

- How to verify it
Build:

$ make -f slave target/sonic-sdk.gz target/sonic-sdk-buildenv.gz
2021-05-28 10:16:02 -07:00
pra-moh
b64a6402d0
Revert "[Telemetry docker] add memory and memory swap limits (#7062)" (#7582)
This reverts commit 0c59278168.
2021-05-11 17:11:54 -07:00
pra-moh
0c59278168
[Telemetry docker] add memory and memory swap limits (#7062)
#### Why I did it
Fix https://github.com/Azure/sonic-telemetry/issues/71

#### How I did it
Added memory limit for telemetry docker.
Historical docker memory usage shows telemetry docker consuming 150-200MB memory. Adding some extra buffer.
2021-05-11 14:51:56 -07:00
Samuel Angebault
e7c26fb0c9
[Arista] Update platform configurations and library (#7527)
Platform library changes
 - Fix the use of /proc/modules during testing, fixes #7463
 - Add `libsfp-eeprom.so` build to read/write xcvr eeproms in C
 - Add some more reboot-cause information
 - Write down temperature hw thresholds to the sensors
 - Report software thresholds through platform api
 - Writ `port_name sysfs` file of optoe`
 - Tests enhancements
 - Fix dependency issues for chassis provisioning

Platform configuration changes
 - Add `pcie.yaml` configuration for a few platforms
 - Mount `libsfp-eeprom.so` inside `pmon`
 - Fix `Arista-7050SX3-48C8` and `Arista-7050SX3-48YC8' platform and hwsku
 - Miscellaneous fixes

Co-authored-by: Boyang Yu <byu@arista.com>
Co-authored-by: Zhi Yuan Carl Zhao <zyzhao@arista.com>
2021-05-06 10:59:22 -07:00
LuiSzee
7c79b2654e
[build]: fix bug for compile sonic-platform-common caused by enable pytest (#7431)
Co-authored-by: Shi Lei <shil@centecnetworks.com>
2021-04-28 01:30:47 -07:00
Stepan Blyshchak
cd2c86eab6
[dockers] label SONiC Docker with manifest (#5939)
Signed-off-by: Stepan Blyschak stepanb@nvidia.com

This PR is part of SONiC Application Extension

Depends on #5938

- Why I did it
To provide an infrastructure change in order to support SONiC Application Extension feature.

- How I did it
Label every installable SONiC Docker with a minimal required manifest and auto-generate packages.json file based on
installed SONiC images.

- How to verify it
Build an image, execute the following command:

admin@sonic:~$ docker inspect docker-snmp:1.0.0 | jq '.[0].Config.Labels["com.azure.sonic.manifest"]' -r | jq
Cat /var/lib/sonic-package-manager/packages.json file to verify all dockers are listed there.
2021-04-26 13:51:50 -07:00
Guohan Lu
27a635a15a Revert "Flashrom refactoring (#6922)"
This reverts commit 7dd9d1f3f2.
2021-04-25 11:51:35 -07:00
xumia
56bdd750ab
Support readonly vtysh for sudoers (#7383)
Why I did it
Support readonly version of the command vtysh

How I did it
Check if the command starting with "show", and verify only contains single command in script.
2021-04-25 16:32:02 +08:00
lguohan
1d81c382a7
[build]: fix build break on armhf for radius (#7416)
regression introduced in #7284

Signed-off-by: Guohan Lu <lguohan@gmail.com>
2021-04-24 19:44:27 -07:00
a-barboza
ec9101f9c5
RADIUS Management User Authentication Feature (#7284)
Why I did it
HLD: https://github.com/Azure/SONiC/blob/master/doc/aaa/radius_authentication.md
CLI: In a separate PR.

How I did it
How to verify it
UT: src/sonic-host-services/tests/hostcfgd/hostcfgd_radius_test.py
2021-04-23 19:09:41 -07:00
Santhosh Kumar T
7dd9d1f3f2
Flashrom refactoring (#6922)
#### Why I did it
To build flashrom properly with dependency tracking.

#### How I did it
Moved flashrom code from platform/broadcom/sonic-platform-modules-dell/tools directory to src/flashrom directory.
At the end, flashrom_0.9.7_amd64.deb package is build which will be installed in the devices.
2021-04-20 15:24:44 -07:00
Joe LeVeque
e30a7eb6aa
[sonic-syseepromd] Depend on sonic-platform-common (#7279)
Unit tests for syseepromd depend on sonic-platform-common as of Azure/sonic-platform-daemons#156
2021-04-09 16:58:53 -07:00
Vivek Reddy
69b03fc01f
[ethtool]: disable unit test when building ethtool on armhf/arm64 (#7226)
Compiling ethtool from source is causing ethtool unit tests to fail on ARM Platforms.

These tests are failing: (By default netlink-interface is enabled while compiling ethtool)
Link: ([Test File Link](https://salsa.debian.org/kernel-team/ethtool/-/blob/debian/1%255.9-1/test-cmdline.c#L28))
```
FAIL: test-cmdline
==================

E: ethtool 16_char_devname! returns 1
E: ethtool 
127_char_devname0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde returns 1
E: ethtool --change devname xcvr external returns 0
E: ethtool --change devname speed 100 duplex half port tp autoneg on advertise 0x1 phyad 1 xcvr external wol p sopass 01:23:45:67:89:ab msglvl 1 returns 0

FAIL test-cmdline (exit status: 1)
```
Tested this on Local ARM Emulated Container:

```
(Docker Container Emulating ARM)
vkarri@3a03c70eed35:/tmp/ethtool$ ./ethtool 16_char_devname!
netlink interface initialization failed, device name longer than 15 not supported
vkarri@3a03c70eed35:/tmp/ethtool$ echo $?
1 (Expected 0)
vkarri@3a03c70eed35:~/ethtool$ ./ethtool 16_char_devnameee
netlink interface initialization failed, device name longer than 15 not supported

Checked for dependencies: (all are present)
vkarri@3a03c70eed35:~/ethtool$ apt-cache policy libmnl0
libmnl0:
  Installed: 1.0.4-2
  Candidate: 1.0.4-2
  Version table:
 *** 1.0.4-2 500
        500 http://deb.debian.org/debian buster/main armhf Packages
        500 http://packages.trafficmanager.net/debian/debian buster/main armhf Packages
        100 /var/lib/dpkg/status

vkarri@3a03c70eed35:~/ethtool$ apt-cache policy libc6  
libc6:
  Installed: 2.28-10
  Candidate: 2.28-10
  Version table:
 *** 2.28-10 500
        500 http://deb.debian.org/debian buster/main armhf Packages
        500 http://packages.trafficmanager.net/debian/debian buster/main armhf Packages
        100 /var/lib/dpkg/status
```

#### How I did it
Disabled netlink-interface for ethtool. 

Even though Netlink is not available, it doesn't seem to impact what ethtool was supposed to do. In fact the older version which was in use before this PR [#5725](https://github.com/Azure/sonic-buildimage/pull/5725) did not have netlink support and everything seemed to work well

Article on Netlink-Support for ethtool: https://lwn.net/Articles/783633/

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2021-04-08 09:08:22 -07:00
Joe LeVeque
9dd45da854
[sonic-psud] Depend on sonic-platform-common (#7182)
Unit tests for psud depend on sonic-platform-common as of Azure/sonic-platform-daemons#154
2021-03-30 08:32:07 -07:00
Joe LeVeque
67c57990f6
[sonic-thermalctld] Depend on sonic-platform-common (#7181)
Unit tests for thermalctld depend on sonic-platform-common as of https://github.com/Azure/sonic-platform-daemons/pull/157
2021-03-29 23:39:47 -07:00
maksymbelei95
aefe1455af
[sflow] Update version of hsflowd (#7137)
* Updating version of hsflow daemon to apply
  fix, which resolves problem of switching
  between IPv4 and IPv6, in case when the
  IPv4 has deleted for the interface.


The new release of hsflowd contains the fix for the issue: sflow/host-sflow@2703ecb

How I did it
HSFLOWD_VERSION env variable has changed in the rules to be pointed to the latest release of hsflowd.

How to verify it

sudo config sflow enable
sudo config loopback add Loopback1
sudo config int ip add Loopback1 a84f:97ff:fea7:33a5::fe80/64
sudo config int ip add Loopback1 192.168.101.1/24
sudo config sflow agent-id add Loopback1
sudo config sflow collector add Collector1 192.168.101.1
sudo config sflow collector add Collector2 a84f:97ff:fea7:33a5::fe80
use sudo sflowtool -p 6343 -l for checking sflow data
remove and add again the ipv4 entry of Loopback1.

hsflowd should change agent ip from IPv4 to IPv6 and wise versa, depending on IPv4 entry present or not.
Switching between IPs is being performed by hsflowd, based on IP address priority ranking.

Signed-off-by: Maksym Belei <Maksym_Belei@jabil.com>
2021-03-27 21:09:57 -07:00
shlomibitton
43d4d45645
Backport ethtool to support QSFP-DD (#5725)
Backport ethtool debian package version 5.9 to support QSFP-DD cable parsing.

Signed-off-by: Shlomi Bitton <shlomibi@nvidia.com>
2021-03-16 09:56:53 -07:00
Shi Su
ac7eb460e5
[frr]: upgrade frr to frr-7.5.1 (#7003)
Update FRR to 7.5.1. The following is a list of new commits.
```
df7ab485b FRRouting Release 7.5.1
f4ed841b8 Merge pull request #8187 from opensourcerouting/rpmfixes-75
86d5a20e3 Merge pull request #8193 from mjstapp/fix_signals_7_5
b339cc149 lib: avoid signal-handling race with event loop poll call
0f7b432c3 lib: add debug output for signal mask
c0290c86d lib: add sigevent_check api
7a5348665 doc: Fix CentOS 7 Documentation
2a8e69f48 Merge pull request #8064 from donaldsharp/foo
cf4d1a744 redhat: Fix changelog incorrect date format
b78dcb209 Merge pull request #8181 from idryzhov/7.5-zebra-blackhole
2032e7e72 zebra: don't use kernel nexthops for blackhole routes
e52003567 bgpd: When deleting a neighbor from a peer-group the PGNAME is optional
aa86a6a6f Merge pull request #8161 from mjstapp/fix_sa_7_5_backports
13a8efb4b Merge pull request #8156 from idryzhov/7.5-backports-2021-02-26
58911c6ed lib: Free memory leak in error path in clippy
556dfd211 lib: use right type for wconv() return val
bd9caa8f1 lib: fix some misc SA warnings
683b3fe3f lib: register dependency between control plane protocol and vrf nb nodes
b45248fb6 lib: add definitions for vrf xpaths
7b9f10d04 lib: add ability to register dependencies between northbound nodes
9c240815c bgpd: Bgp peer group issue
d1b43634b bgpd: upon bgp deletion, do not systematically ask to remove main bgp
f5d1dc55e bgpd: Fix crash when we don't have a nexthop
c2e463478 frr-reload: rpki context exiting uses exit and not end
f11db1698 bgpd: Blackhole nexthops are not reachable
c628e94ff staticd: fix vrf enabling
49b079ef1 staticd: fix nexthop creation and installation
0077038e9 staticd: fix nexthop validation
be3dfbbc7 zebra: use AF_INET for protocol family
```
2021-03-10 12:50:54 -08:00
Samuel Angebault
14d7d16bb9
[Arista] Update phy-credo gearbox code (#6973)
This package was outdated and did not properly install on buster due to dependency changes.
This version should work on all DCS-7280CR3*-32[PD]4 platforms.

Signed-off-by: Samuel Angebault <staphylo@arista.com>
2021-03-09 20:38:59 -08:00
fk410167
20f0f069c1
Making PDDF 2.0 base classes python3 compliant (#6924)
- Made python2 to python3 changes
- Removed ord() func as python3 return int instead of str
- Had to change chr(..) to bytes([..]) function while using ctypes class methods
2021-03-01 09:48:59 -08:00
Ze Gan
4068944202
[MACsec]: Set MACsec feature to be auto-start (#6678)
1. Add supervisord as the entrypoint of docker-macsec
2. Add wpa_supplicant conf into docker-macsec
3. Set the macsecmgrd as the critical_process
4. Configure supervisor to monitor macsecmgrd
5. Set macsec in the features list
6. Add config variable `INCLUDE_MACSEC`
7. Add macsec.service

**- How to verify it**

Change the `/etc/sonic/config_db.json` as follow
```
{
    "PORT": {
        "Ethernet0": {
            ...
            "macsec": "test"
         }
    }
    ...
    "MACSEC_PROFILE": {
        "test": {
            "priority": 64,
            "cipher_suite": "GCM-AES-128",
            "primary_cak": "0123456789ABCDEF0123456789ABCDEF",
            "primary_ckn": "6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435",
            "policy": "security"
        }
    }
}
```
To execute `sudo config reload -y`, We should find the following new items were inserted in app_db of redis
```
127.0.0.1:6379> keys *MAC*
1) "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538"
2) "MACSEC_PORT_TABLE:Ethernet0"
127.0.0.1:6379> hgetall "MACSEC_EGRESS_SC_TABLE:Ethernet0:72152375678227538"
1) "ssci"
2) ""
3) "encoding_an"
4) "0"
127.0.0.1:6379> hgetall "MACSEC_PORT_TABLE:Ethernet0"
 1) "enable"
 2) "false"
 3) "cipher_suite"
 4) "GCM-AES-128"
 5) "enable_protect"
 6) "true"
 7) "enable_encrypt"
 8) "true"
 9) "enable_replay_protect"
10) "false"
11) "replay_window"
12) "0"
```

Signed-off-by: Ze Gan <ganze718@gmail.com>
2021-02-23 13:22:45 -08:00
Shi Su
951ce675f1
[frr]: upgrade frr to frr-7.5-s3 tag (#6807)
Update FRR 7.5 head. The following is a list of new commits.

```
e2f17ae47ad047e66923c2ff1e84c9ba10d4ad38 Merge pull request #8096 from idryzhov/7.5-backports-2021-02-16
380341362ced8e317c18b7395acb012de1f23acd ospf6d: Don't send hellos on loopback interface
7fa78b659f8e720466e0df62689327ea4b9ff867 bgpd: send correct BMP down message when nht fails
385faf6c079a41def1e6eb882cbfd50047559644 [filter]: change return code for errors
d9a0e9a2934f2f75c64496fe4c724a18aa581fcb bfdd: fix session lookup
08afa0a75311a4e8cb2a18116384b603f7f2d751 ospf6d : fix issue in ecmp inter area  route
2299afa1a9128d87d5169742b993c0ada575eb83 ospfd:  Prevent duplicate packet read in certain vrf situations
ff42a28af659ee61c0efb877b10738a5812f4bc2 vrf: use wrappers to change VRF_CONFIGURED flag
2bdc59ca21da2d67b77ec70a2fadffbca60690cd vrf: mark vrf as configured when entering vrf node
b9611f65a71adc0b8fa14a5a4d1a8f44e04dcd85 ospf6d: Fix LSA formatting out-of-bounds access
610ebf56913fa56167b0a2a127b07afe020a1efe bfdd: Prevent use after free ( again )
35b0cd5d753dda9aa70ea1c06db61a8d4b8671e3 *: Fix usage of bfd_adj_event
95b8915d0f4de3eae5438632ecd0827061ef48e8 ospf6d: Fix LSA formatting inconsistent retvals
49d73d8be84dbd23d767697474019165e511786c pimd: SGRpt prune received during prune didn't override holdtime
1d0d19afa9bb7cd4bc476d00c887876bc04eee95 eigrpd: Correctly set the mtu for eigrp packets sent
bbb08db69f8eb554d23b4920c1c1e3982d8d2a91 zebra: Prevent sending of unininted data
0813d650a8120458ab7d9317061f3864dbc6f2f7 ospf6d: prevent use after free
2f2e981d967b36b240fca82fea8a961d927ef43c lib: Prevent unininted usage of data
6171becdb391ea5b88916a3a28b04b555e1fc518 bfdd: Prevent storage of ifp pointer that has been deleted
9ebb41cf4bb51e0872796530bf8c7a4d819053db bfdd: Prevent unininited data transmittal
72e16db6fea3629111537f9eb10c86f2d275adcb eigrpd: Prevent uninitialized value from being used
72b61a5bb09d59c3cc0d1d401d51de96949dff52 zebra: disallow resolution to duplicate nexthops
1083bae40b00c0ed2c9f3521ae1ab9675a87202e bgpd: Initialize bgp_notify.raw_data before passing to bgp_notify_receive()
31df7314310416f10c133dcfe9c4586edadf3fbb doc: ebgp-requires-policy requires manuall session clearing
ecc8ec678d2d8a1c3d1d50a22732f9fc4bad689c watchfrr: fix SA warning
9d9365d161979a031de817c1fbcab6508dfee013 watchfrr: fix crash on missing optional argument
907e600d63c1c5b6bda40b0a08344a72533b1787 pimd: Prevent use after free
b47374f0e95d99c93bfe2d14afe55219a9fda455 doc: Update bgp doc for more rfc-8212 talk
4fbeef60cc8dc5362ff84fc91d1a4e343e4e32c7 docker: centos 7, 8 yang bump and repo fixes
808e6d731f330df4a91fdfd6df6a3c8dce1651a6 docker: prefer alpine:latest for building
91b3c471f1c48818370a0f218add917f0d46aa47 Merge pull request #8092 from donaldsharp/7.5_track
60be43c0bf63c16ca42008fa802d0a2050f3fce2 Merge pull request #8090 from ton31337/fix/static_network_vrf_7.5
1f6785aa60cc57a5c8d5de98c9c09a344a0c9262 ospf6d: Track wait_timer and disable when needed
c89e326be91312bed066eb2447ea8944e25a225e bgpd: Check for peer->su_remote if not NULL when handling IPv6 nexthop
15e070f6448870c98c030b6b5013ad8750d8918b Merge pull request #8047 from pguibert6WIND/nhrp_shortcut_routes_75
912994efec94082ae7d8c5e014c410964bea19f4 Merge pull request #8034 from qlyoung/fix-gnu-readline-bracketed-paste-7.5.1
9f50536993f1eb900fbfbe98d21b8c072bbd9c15 nhrpd: replace nhrp route nexthop with onlink route when prefix=nh
8c185008246db31c34574d7b79358001ac411f84 nhrpd: shortcut routes installed with nexthop.
c46c87d19758040bc3f3902ab8e4a0f1bb908721 vtysh: disable bracketed paste in readline
20b35e4c3386de798f3b0cb9f2a7e6b04d995485 Merge pull request #8018 from ton31337/fix/drop_aggregate_as_attribute_if_malformed_7.5
fa25d7327fd64613cc7530aba2edfcde038da074 bgpd: Unset only aggregator flag when AGGREGATOR_AS is 0
3ee9a3726fe1a526d946c1978487a4509fe98f29 bgpd: Drop aggregator_as attribute if malformed in case of BGP_AS_ZERO
be88595c6a2011f0e882bfa663baa61c86ede14e Merge pull request #8005 from opensourcerouting/snap-libyang1-fix-75
fd840ad37f2e836b210c6e60fc6325a4c3e495ce snapcraft: Update rtrlib to 0.7.0
3d00552fa9aedb96acd7ea773bc14fd2b77e7e0f snapcraft: Fix passthrough path for Libyang 1.x
```
2021-02-17 23:03:19 -08:00
judyjoseph
ad88700912
[docker-fpm-frr]: TSA/B/C changes for multi-asic (#6510)
- Introduced TS common file in docker as well and moved common functions.
- TSA/B/C scripts run only in BGP instances for front end ASICs.
       In addition skip enforcing it on route maps used between internal BGP sessions.

admin@str--acs-1:~$ sudo /usr/bin/TSA
System Mode: Normal -> Maintenance

and in case of Multi-ASIC
admin@str--acs-1:~$ sudo /usr/bin/TSA
BGP0 : System Mode: Normal -> Maintenance
BGP1 : System Mode: Normal -> Maintenance
BGP2 : System Mode: Normal -> Maintenance
2021-02-12 10:56:44 -08:00
lguohan
a24235bd26
[linux-kernel]: correct kernel package name for armhf (#6751)
armhf kernel package name does not have `unsigned` string

Signed-off-by: Guohan Lu <lguohan@gmail.com>
2021-02-10 23:07:22 -08:00
Sumukha Tumkur Vani
c427e72b49
Disable port 8090 (#6764) 2021-02-10 22:10:19 -08:00
Arun Saravanan Balachandran
3015de1dd0
[sonic-host-service] Move to sonic-host-services package (#6273)
- Why I did it

To move ‘sonic-host-service’ which is currently built as a separate package to ‘sonic-host-services' package. 

- How I did it

- Moved 'sonic-host-server' to 'src/sonic-host-services' and included it as part of the python3 wheel.
- Other files were moved to 'src/sonic-host-services-data' and included as part of the deb package.
- Changed build option ‘INCLUDE_HOST_SERVICE’ to ‘ENABLE_HOST_SERVICE_ON_START’ for enabling sonic-hostservice at boot-up by default.
2021-02-08 19:35:08 -08:00
lguohan
834347b8f7
[sonic-linux-kernel]: security update to kernel 4.19.152 (#6490)
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2021-02-06 21:02:06 -08:00
Joe LeVeque
10324d0998
[sonic-utilities] Depend on sonic-platform-common (#6703)
sonic-utilities will become dependent upon sonic-platform-common as of Azure/sonic-utilities#1386.
2021-02-06 13:35:19 -08:00
abdosi
d2b8b94a64
Remove makefile and dependency for python2 of dbsyncd. (#6702)
* Remove makefile and 
As part of #6046 we have moved to python3 of dbsyncd.
Cleanup the python2 makefile and dependency.
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

* Revert "Remove makefile and dependency for python2 of dbsyncd."

This reverts commit ceaa4f8dd9.

* Fix

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2021-02-06 10:28:05 -08:00
Garrick He
bb5b77ba39
[sFlow] - Fix memory leak (#6662)
* Bump version number to 2.0.32-1 to include a fix for a memory-leak
  found during testing. A wrong API is used to free the cJSON
  data-structure, which only frees the first pointed-to structure.
  The proper API should recursively free all structures.

Signed-off-by: Garrick He <garrick_he@dell.com>
2021-02-03 20:32:13 -08:00
Qi Luo
9bf01cb65b
[build]: Fix dependency: asyncsnmp should not depend on PYTHON_SWSSCOMMON (#6672)
Add dependency: dbsyncd will depend on PYTHON3_SWSSCOMMON
2021-02-03 20:17:34 -08:00
lguohan
5c8b70eace
[frr]: upgrade frr to frr-7.5-s2 tag (#6628)
pick-up upstream fixes. important ones

- bgpd: Removing "neighbor <peer-group> allowas-in"

complete lists

*   6b2b5cce3 2021-01-29 | Merge pull request #7977 from ton31337/fix/allowas_in_reset_value_7.5 (HEAD -> frr/7.5, tag: frr-7.5-s2, upstream/stable/7.5, origin/frr/7.5, stable/7.5) [Donald Sharp]
|\
| * f403534df 2021-01-28 | bgpd: Removing "neighbor <peer-group> allowas-in" [Kishore Kunal]
* |   86e2f106c 2021-01-28 | Merge pull request #7962 from ton31337/fix/bgpd_validate_community_7.5 [Donald Sharp]
|\ \
| |/
|/|
| * e182af45c 2021-01-05 | bgpd: separate lcommunity validation from tokenizer [Wesley Coakley]
| * 2cf37d594 2020-12-30 | bgpd: Validate community list if they are not malformed [Donatas Abraitis]
|/
*   a4af08a19 2021-01-22 | Merge pull request #7912 from idryzhov/7.5-backports-2021-01 [Donald Sharp]
|\
| * 160021013 2021-01-12 | bgpd : multiple memory leak fixes in show commands [Sarita Patra]
| * 46a2b560f 2021-01-19 | tools: fix frr-reload BFD profile support [Rafael Zalamena]
| * 7f6c81fca 2020-12-02 | ospfd: fix area removal at interface level [ckishimo]
| * f7db4dfb1 2021-01-08 | bfdd: update vrf of received packet [Philippe Guibert]
| * 4d470f3ef 2021-01-08 | bfdd: enable bfd session if vrf interface available [Philippe Guibert]
| * c656985fb 2021-01-08 | bfdd: socket should be bound to vrf interface by default [Philippe Guibert]
| * f30c002b8 2021-01-15 | bgpd: Allow peer-groups to have `ttl-security hops` configured [Donald Sharp]
| * 85ff76513 2021-01-15 | configure.ac: Correct library name for sysrepo [Bo Zhang]
| * d00c543f1 2020-12-04 | bgpd: Handle IPv6 prefixes with IPv4 nexthops for zebra [Donatas Abraitis]
| * 87b9b2973 2021-01-06 | zebra: zebra route-map delay-timer is global not per vrf [Donald Sharp]
| * 91e1adec9 2021-01-05 | bgpd: Fix default-originate clearing from peer-groups. [zyxwvu Shi]
| * 0f2f32fa1 2021-01-05 | isisd: When last area address is removed, resign if we were DR [Karen Schoener]
| * 842e99d49 2021-01-02 | vrrpd.yang bug fix: modify augment path to comply with rfc 7950 [Bo Zhang]
| * 9616ef937 2020-12-24 | ospfd: fix no show database output when selecting vrf [Louis Scalbert]
| * 4c4764e36 2020-11-30 | ospf6d: ospfv3 disable on the interface, but interface prefix still shown in the output [Yash Ranjan]
| * 1870dbd86 2020-12-14 | ospf6d: Link LSA is not updated when router priority is modified [Mobashshera Rasool]
| * 4883a06c3 2020-12-10 | bgpd: fix evpn route-map vni filter at origin [Chirag Shah]
|/
*   9c087052a 2021-01-15 | Merge pull request #7877 from vishaldhingra/static_7_5 [Mark Stapp]
|\
| * a687b6b27 2021-01-15 | staticd: Backend cofiguration code to fix table-id problem [vdhingra]
| * 52370b494 2021-01-15 | staticd: autogenerated code modifications due to yang changes [vdhingra]
| * f9d6511f2 2021-01-15 | staticd: make table-id as the key for path-list [vdhingra]
|/

Signed-off-by: Guohan Lu <lguohan@gmail.com>
2021-02-01 12:02:37 -08:00
Qi Luo
e623c903bb
Revert "[build]: disable unit tests for sonic-utilities" (#6598)
This reverts commit 470ed18a6b.
2021-01-29 02:08:56 -08:00
Qi Luo
0e7287856c
[build]: stop prompt during build (#6585)
Some commands used during build will prompt user interactively, but this is not expected during build. Since most output is collected into log file, user could not see the prompt and feel the build process hangs.

- How I did it

Use mv command in non interactive mode
Redirect stdin to null if command output is collected into log file.
2021-01-28 02:21:38 -08:00
dflynn-Nokia
1f2797a56d
[docker-config-engine-stretch]: Fix dependency typo PYTHON2_SWSSCOMMON (#6568)
This commit fixes a typo in the fix delivered in PR #6538

syncd fails on the armhf platform within sonic-config-engine/portconfig.py when importing the following
'from swsscommon.swsscommon import ConfigDBConnector'
2021-01-27 12:27:41 -08:00