Commit Graph

8328 Commits

Author SHA1 Message Date
Yevhen Fastiuk
491cf9a3f8 [Mellanox] Fix uninitialized variable on module plug event (#17011)
- Why I did it
To fix uninitialized variable

- How I did it
Add initial value

Signed-off-by: Yevhen Fastiuk <yfastiuk@nvidia.com>
2024-02-17 12:34:35 +08:00
dbarashinvd
b967cf0b99 [Mellanox] fix sysfs reading that gets garbage end of line using strip (#17830)
- Why I did it
when reading sysfs fd upon python poller events, there's end of line garbage like "# 012" (without space between the 2 parts) trailing the real value of 1 or 0

- How I did it
using python strip() to remove end of line

- How to verify it
run the CMIS host management feature on a switch
wait few minutes until switch completes boot up sequence including CMIS host manager
then disconnect or reconnect a port to create a poller event
2024-02-17 12:34:31 +08:00
mssonicbld
e54c5b4b98
[submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (#18103)
#### Why I did it
src/sonic-platform-daemons
```
* 121b338 - (HEAD -> 202311, origin/202311) Unable to retrieve media settings with just Vendor name (#419) (10 hours ago) [mihirpat1]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-16 16:33:06 +08:00
dbarashinvd
dcc5a162ec [Mellanox] fix code for warm reboot to work with FW controlled ports (#18065)
- Why I did it
Fix the code to work also after warm reboot to work with FW controlled ports.
In warm reboot the control state sysfs of each port does not change unlike reboot or fast boot.

- How I did it
1. Check procfs cmdline if warm reboot done this is due to the fact pmon don't recognize warm reboot when it's taking place since pmon is loaded after warm reboot is finished.
2. If warm reboot done, check in static detection part for each port if it's FW controlled. If so, leave it this way and stop the state machine flow (set it to final state).

- How to verify it
1. Boot a switch with CMIS host management with at least one FW controlled port (non active cables or non cmis cables) then run warm reboot.
2. Verify no errors of sysfs reading appears for control sysfs
2024-02-16 09:29:06 +08:00
mssonicbld
71014b28e7
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#18075)
#### Why I did it
src/sonic-swss
```
* 2910b0e3 - (HEAD -> 202311, origin/202311) Fix the Orchagent crash seen during Port channel OC test cases. (#3042) (7 days ago) [saksarav-nokia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-15 16:33:13 +08:00
mssonicbld
8cd9463de0
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#18081)
#### Why I did it
src/sonic-utilities
```
* b2125761 - (HEAD -> 202311, origin/202311) [chassis] fix show bgp summary when no neighbors are present on one ASIC (#3158) (2 days ago) [Arvindsrinivasan Lakshmi Narasimhan]
* 54595c1e - [202311]Fix the sfputil treats page number as decimal instead of hexadecimal (#3153) (#3160) (5 days ago) [Sudharsan Dhamal Gopalarathnam]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-15 16:33:04 +08:00
mssonicbld
fb3f683282
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#18083)
#### Why I did it
src/sonic-sairedis
```
* 23481f0 - (HEAD -> 202311, origin/202311) Skip FABRIC PORT Attributes from sairedis logging (#1339) (2 days ago) [saksarav-nokia]
* 682e860 - Revert "add if statement for module control mode support" (#1341) (4 days ago) [dbarashinvd]
* 3621a18 - SAI submodule update to pick the sai-thrift support added to read VOQ counters (#1332) (4 days ago) [saksarav-nokia]
* 52cd15b - Fix code coverage and ASAN not being enabled (#1338) (5 days ago) [Saikrishna Arcot]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-15 16:33:00 +08:00
snider-nokia
a7daae67e3 [Nokia-IXR7250E][Devicedata] Update the device data for Nokia IXR7250E platform (thermal logging thresholds) (#18063)
These changes adjust Nokia IXR7250 thermal sensor logging thresholds.

Why I did it
To modify the thermal sensor logging thresholds used on LC and Supervisor.

How I did it
Modified the JSON based thermal logging thresholds used to determine when to log current high sensor temperature and hottest sensor margin fluctuations.

How to verify it
Verify that syslog messages indicating current (high) temperature and margin values are only logged when these respective values fluctuate by at least 5 degrees.
2024-02-15 14:33:43 +08:00
Hua Liu
f4b1eb0a5b
Fix IPV6 forced-mgmt-route not work issue (#17299) (#18045)
Fix IPV6 forced-mgmt-route not work issue

Why I did it
IPV6 forced-mgmt-route not work

When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table.

Also this PR depends on #17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. 

Microsoft ADO (number only):24719238
2024-02-07 06:50:57 -08:00
mssonicbld
d8149a1435
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#18059)
#### Why I did it
src/sonic-utilities
```
* 31a6584c - (HEAD -> 202311, origin/202311) Fix `sudo config load_mgmt_config` fails with error "File /var/run/dhclient.eth0.pid does not exist" (#3149) (16 hours ago) [Mai Bui]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-07 18:32:27 +08:00
mssonicbld
a7af5b4a11
fix the compile issue for slim image (#18015) (#18057)
Why I did it
The PR introduced a bug for slim image build, #17905, by which the sonic_asic_platform is missing when build docker image for slim image.

[ building ] [ target/docker-dhcp-relay.gz ]
/sonic/dockers/docker-dhcp-relay/cli-plugin-tests /sonic
/sonic
Traceback (most recent call last):
  File "/usr/local/bin/j2", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.9/dist-packages/j2cli/cli.py", line 202, in main
    output = render_command(
  File "/usr/local/lib/python3.9/dist-packages/j2cli/cli.py", line 186, in render_command
    result = renderer.render(args.template, context)
  File "/usr/local/lib/python3.9/dist-packages/j2cli/cli.py", line 85, in render
    return self._env \
  File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 1090, in render
    self.environment.handle_exception()
  File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 832, in handle_exception
    reraise(*rewrite_traceback_stack(source=source))
  File "/usr/lib/python3/dist-packages/jinja2/_compat.py", line 28, in reraise
    raise value.with_traceback(tb)
  File "/sonic/dockers/docker-dhcp-relay/Dockerfile.j2", line 48, in top-level template code
    {% if build_reduce_image_size != "y" or sonic_asic_platform != "broadcom" %}
jinja2.exceptions.UndefinedError: 'sonic_asic_platform' is undefined
make: *** [slave.mk:1072: target/docker-dhcp-relay.gz] Error 1
make: *** Waiting for unfinished jobs....
[ finished ] [ target/docker-swss-layer-bullseye.gz ]
[ finished ] [ target/docker-syncd-brcm-dnx.gz ]
make[1]: *** [Makefile.work:608: target/sonic-broadcom.bin] Error 2
make[1]: Leaving directory '/data/work/1/s'
make: *** [Makefile:41: target/sonic-broadcom.bin] Error 2
And why it slipped the PR test? PR test doesn't compile with slim option, it won't check sonic_asic_platform != "broadcom" for PR build.

Work item tracking
Microsoft ADO (number only):
How I did it
Export sonic_asic_platform for docker build in slave.mk

How to verify it
build with slim image option.

Co-authored-by: StormLiangMS <89824293+StormLiangMS@users.noreply.github.com>
2024-02-06 23:58:46 -08:00
zitingguo-ms
05ae1fa285
upgrade xgs SAI version to 10.1.6.0 (#18055)
Signed-off-by: zitingguo-ms <zitingguo@microsoft.com>
2024-02-06 23:11:58 -08:00
Volodymyr Samotiy
e13ef9d9b2
[202311] [Mellanox] Disable SSD NCQ on Mellanox platforms (#18040)
Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
2024-02-06 16:31:50 -08:00
Yaqiang Zhu
0611bdfb39
[202311][dhcp_server][yang] Update supported option type to string (#18029) (#18043) 2024-02-06 16:31:19 -08:00
Ye Jianquan
5352135776
[202311, PR] deprecate DPU (#18035) 2024-02-05 10:07:20 -08:00
mssonicbld
627d9cb3bb
[submodule] Update submodule linkmgrd to the latest HEAD automatically (#18016)
#### Why I did it
src/linkmgrd
```
* 70b6d15 - (HEAD -> 202311, origin/202311) [active-standby] Fix `show mux status` inconsistency introduced by orchagent rollback  (#225) (3 days ago) [Jing Zhang]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-05 16:33:00 +08:00
mssonicbld
0155096300
[submodule] Update submodule sonic-host-services to the latest HEAD automatically (#18018)
#### Why I did it
src/sonic-host-services
```
* 054aa7a - (HEAD -> 202311, origin/202311) Fixed ip6table internal_docker_ip_traffic rule command for multi-asic (#94) (3 days ago) [anamehra]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-05 16:32:57 +08:00
mssonicbld
36ba782dfa
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#18020)
#### Why I did it
src/sonic-platform-common
```
* 9bf5a17 - (HEAD -> 202311, origin/202311) Implementing set_optoe_write_timeout API (#422) (3 days ago) [mihirpat1]
* c8617b8 - APIs to help in finding NPU SI settings (#410) (3 days ago) [mihirpat1]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-05 16:32:50 +08:00
mssonicbld
dae74cc7de
[submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (#18022)
#### Why I did it
src/sonic-platform-daemons
```
* dbaa079 - (HEAD -> 202311, origin/202311) Support 800G ifname in xcvrd (#416) (2 days ago) [Anoop Kamath]
* e4272c1 - 400ZR not linking up with latest SONiC master image (#410) (3 days ago) [mihirpat1]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-05 16:32:47 +08:00
mssonicbld
ae59ff2ef7
[submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (#18023)
#### Why I did it
src/sonic-snmpagent
```
* 5d5cfe5 - (HEAD -> 202311, origin/202311) Set the execute bit on sysDescr_pass.py (#306) (3 days ago) [Andre Kostur]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-05 16:32:43 +08:00
mssonicbld
de6ad3fd71
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#18024)
#### Why I did it
src/sonic-swss
```
* 55d53b79 - (HEAD -> 202311, origin/202311) [copporch] Add safeguard during policer attribute update (#2977) (3 days ago) [Vivek]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-05 16:32:40 +08:00
mssonicbld
59c378da10
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#18025)
#### Why I did it
src/sonic-utilities
```
* 2046e66c - (HEAD -> 202311, origin/202311) Reduce generate_dump mem usage for cores (#3052) (3 days ago) [davidm-arista]
* fbd6c916 - Disable Key Validation feature during sonic-installation for Cisco Platforms (#3115) (3 days ago) [selvipal]
* 88c027f0 - [Techsupport]Adding more FRR and BGP dumps (#3118) (3 days ago) [Sudharsan Dhamal Gopalarathnam]
* 555ecf64 - [chassis]: Support show ip bgp summary to display without error when no external neighbors are configured on chassis LC (#3099) (3 days ago) [Arvindsrinivasan Lakshmi Narasimhan]
* 1515edcb - [db_migrator]Remove route migration (#3068) (3 days ago) [Sudharsan Dhamal Gopalarathnam]
* 8862c114 - Modify teamd retry count script to base BGP status on default BGP status (#3069) (3 days ago) [Saikrishna Arcot]
* f4b5ef21 - Add all SKUs to the generic config update list (#3131) (3 days ago) [Stephen Sun]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-05 16:32:37 +08:00
mssonicbld
0aa67d4670
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#18011)
#### Why I did it
src/sonic-utilities
```
* be6224a3 - (HEAD -> 202311, origin/202311) [202311] Migrate GNMI table (#3138) (10 hours ago) [ganglv]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-03 10:32:41 +08:00
Liping Xu
36028893a3 handle json load exception in bgpmon (#17856)
Why I did it
ICM reported due to "BGPMon Process exited" which was caused by json load exception.

Work item tracking
Microsoft ADO (number only):
25916773
How I did it
Add an exception handle during json load.

How to verify it
Verified locally, add debug log to modify the output string of cmd to make it not with json formation, then check the syslog.
2024-02-03 09:27:18 +08:00
Ze Gan
2b08a783f6 [Azp]: Add dash-api dependencies on building Azp ubuntu20.04 (#17507)
Signed-off-by: Ze Gan <ganze718@gmail.com>
2024-02-03 04:32:21 +08:00
xumia
66b469249e [Security] Fix the krb5 vulnerability issue (#17914)
### Why I did it
Fix the krb5 vulnerable issue
CVE-2021-36222  allows remote attackers to cause a NULL pointer dereference and daemon crash
CVE-2021-37750  NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field
DSA 5286-1  remote code execution

##### Work item tracking
- Microsoft ADO **(number only)**: 26577929

#### How I did it
Upgrade the krb5 version to 1.18.3-6+deb11u14+fips.
2024-02-03 04:32:18 +08:00
Yaqiang Zhu
f97b53322f [dhcp_server] Add field not exist checks in dhcp_cfggen (#17645)
* [dhcp_server] Add field not exist checks in dhcp_cfggen
2024-02-03 02:32:40 +08:00
kellyyeh
a110e625a2 Only add to DHCP_RELAY if dhcpv6 servers exist (#17770) 2024-02-03 02:32:36 +08:00
mssonicbld
5cd18eeda7
[ci/build]: Upgrade SONiC package versions (#17956) 2024-02-02 08:15:51 -08:00
Stepan Blyshchak
1672ce81fc [config-topology] use cached variables (#17343)
- Why I did it
Improve  boot performance mostly needed for fast and warmboot

- How I did it
Use cached variable.

- How to verify it
Boot the system. Simply do "systemd-analyze blame" and look at service start time.

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
2024-02-02 18:32:29 +08:00
Ze Gan
9f1bebbdba [ci]: Enable daily building for ubuntu20.04 to every branch (#17520)
- The ubuntu 2004 is needed by 202311
- Because the artifacts of ubuntu2004 are used by other repos, a daily building is needed without an updating of this repo for a long time.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2024-02-02 18:32:19 +08:00
Hua Liu
009b0dd7ec Change orchagent stuck message from ERR to WARNING (#17872)
Change orchagent stuck message from ERR to WARNING

#### Why I did it
During switch initialization, sometime Orchagent will busy for more than 40seconds and will trigger process stuck workdog error.
To improve this issue, change watchdog error message to warning message.

##### Work item tracking
- Microsoft ADO: 26517622

#### How I did it
Change orchagent stuck message from ERR to WARNING.

#### How to verify it
Pass all UT.

### Description for the changelog
Change orchagent stuck message from ERR to WARNING.
2024-02-02 18:32:16 +08:00
mssonicbld
a467ff71a2
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#18008)
#### Why I did it
src/sonic-platform-common
```
* 7c2ad66 - (HEAD -> 202311, origin/202311) Tx/Rx power values should be rounded up to 3 decimal places (#432) (4 hours ago) [mihirpat1]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-02-02 18:32:12 +08:00
Feng-msft
69478a6b85 Fix dialout build flag issue. (#17715)
### Why I did it
Fix ENABLE_DIALOUT flag issue.

##### Work item tracking
- Microsoft ADO **(number only)**: 21326000

#### How I did it
Update Makefile.work and add debug string.

#### How to verify it
![image](https://github.com/sonic-net/sonic-buildimage/assets/97083744/960d75d1-618c-4734-acb5-7a32a28c262b)
2024-02-02 16:32:34 +08:00
Zain Budhwani
fe07450a26 Disable eventd and rsyslog plugin in slim images (#17905)
### Why I did it

Disable eventd at buildtime for slim images

##### Work item tracking
- Microsoft ADO **(number only)**:26386286

#### How I did it

Add flags for disabling eventd and only copy rsyslog conf files when eventd is included and not slim image

#### How to verify it

Manual testing
2024-02-02 16:32:26 +08:00
abdosi
c83f81ea0f [chassis] Added support of isolating given LC in Chassis with TSA mode (#16732)
What I did:
Added support when TSA is done on Line Card make sure it's completely
isolated from all e-BGP peer devices from this LC or remote LC

Why I did:
Currently when TSA is executed on LC routes are withdrawn from it's connected e-BGP peers only. e-BGP peers on remote LC can/will (via i-BGP) still have route pointing/attracting traffic towards this isolated LC.

How I did:

When TSA is applied on LC all the routes that are advertised via i-BGP are set with community tag of no-export so that when remote LC received these routes it does not send over to it's connected e-BGP peers.

Also once we receive the route with no-export  over iBGP match on it and and set the local preference of that route to lower value (80) so that we remove that route from the forwarding database. Below scenario explains why we do this:

- LC1 advertise R1 to LC3
- LC2 advertise R1 to LC3
- On LC3 we have multi-path/ECMP over both LC1 and LC2
- On LC3 R1 received from LC1 is consider best route over R1 over received from LC2 and is send to LC3 e-BGP peers
- Now we do TSA on LC2
- LC3 will receive R1 from LC2 with community no-export and from LC1 same as earlier (no change)
- LC3 will still get traffic for R1 since it is still advertised to e-BGP peers (since R1 from LC1 is best route)
- LC3 will forward to both LC1 and LC2 (ecmp) and this causes issue as LC2 is in TSA mode and should not receive traffic

To fix above scenario we change the preference to lower value of R1 received from LC2 so that it is removed from Multi-path/ECMP group.

How I verfiy:

UT has been added to make sure Template generation is correct
Manual Verification of the functionality
sonic-mgmt test case will be updated accordingly.
Please note this PR is on top of this :#16714 which needs to be merged first.

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2024-02-02 14:33:18 +08:00
spilkey-cisco
3b982c073c Fix system-health hardware_checker to consume fan tolerance details (#16689)
Why I did it

Fan tolerance checking is done through new APIs, is_under_speed and is_over_speed, which populate corresponding fields into the database. speed_tolerance is no longer used and was removed, but system-health was not updated and indicates failures:

ADO: 25279165

root@sonic/# show system-health summary
System status summary

  System status LED  red_blink
  Services:
    Status: OK
  Hardware:
    Status: Not OK
    Reasons: Failed to get speed tolerance for fantray5.fan1
	     Failed to get speed tolerance for fantray5.fan0
	     Failed to get speed tolerance for fantray4.fan1
	     Failed to get speed tolerance for fantray4.fan0
	     Failed to get speed tolerance for fantray3.fan1
	     Failed to get speed tolerance for fantray3.fan0
	     Failed to get speed tolerance for fantray2.fan1
	     Failed to get speed tolerance for fantray2.fan0
	     Failed to get speed tolerance for fantray1.fan1
	     Failed to get speed tolerance for fantray1.fan0
	     Failed to get speed tolerance for fantray0.fan1
	     Failed to get speed tolerance for fantray0.fan0
	     Failed to get speed tolerance for PSU1.fan0
	     Failed to get speed tolerance for PSU0.fan0

How I did it
Updated hardware_checker.py in system-health to consume new is_under_speed and is_over_speed database entries instead of speed_tolerance and hard-coded calculations.

How to verify it
root@sonic:/# show system-health summary
System status summary

  System status LED  green
  Services:
    Status: OK
  Hardware:
    Status: OK
2024-02-02 14:33:14 +08:00
jingwenxie
93eaa3cac0 Update TELEMETRY_CLIENT YANG model (#16861)
### Why I did it
Github issue: https://github.com/sonic-net/sonic-buildimage/issues/16356. The YANG definition breaks GCU feature.

We can either update sonic_yang and GCU's search algorithm to enable the same key count case or simply update YANG model to solve the issue.

The pros for update YANG model are it could solve the issue directly and we don't need to handle the complicate search algorithm in sonic_yang and GCU. This is the only YANG model that has this issue.

### How I did it
Combine two list into one. The previous YANG validation unit tests are still applicable.
#### How to verify it
Unit test and E2E test
2024-02-02 14:33:11 +08:00
Baorong Liu
770ffb1ecd [staticroutebfd] fix an error in error logging (#17043)
Why I did it
Fix an error in the log_err call.
this error can be triggered by an invalid static route key. usually the code cannot go here with normal config file. but hit this issue with an invalid key by manual testing with redis-cli directly. the file is scanned by Python lint to prevent such errors.

Work item tracking
Microsoft ADO ():26250268

How I did it
fix the format error.

How to verify it
1, ran pylint to check the design, make sure no such error in the design file.
2, wrote a separate python program to verify the log call.
In the current logging related testing, usually use patch/mock for logging. for this specific error, could not trigger it if we call mock function instead the real function in the design. so need to do lint checking for code change.
2024-02-02 14:33:08 +08:00
SuvarnaMeenakshi
6905ab74dc [SNMP]: Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG table (#17045)
#### Why I did it
SNMP query over IPv6 does not work due to issue in net-snmp where IPv6 query does not work on multi-nic environment.
To get around this, if snmpd listens on specific ipv4 or ipv6 address, then the issue is not seen.
We plan to configure Management IP and Loopback IP configured in minigraph.xml as SNMP_AGENT_ADDRESS in config_db., based on changes discussed in https://github.com/sonic-net/SONiC/pull/1457.

##### Work item tracking
- Microsoft ADO **(number only)**:26091228

#### How I did it
Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG with management and Loopback0 IP addresses.
Modify snmpd.conf.j2 to use SNMP_AGENT_ADDRESS_CONFIG table if it is present in config_db, if not listen on any IP.
Main change:
1. if minigraph.xml is used to configure the device, then snmpd will listen on mgmt and loopback IP addresses,
2. if config_db is used to configure the device, snmpd will listen IP present in SNMP_AGENT_ADDRESS_CONFIG  if that table is present, if table is not present snmpd will listen on any IP.
#### How to verify it
config_db.json created from minigraph.xml for single asic VS image with mgmt and Loopback IP addresses.
```
    "SNMP_AGENT_ADDRESS_CONFIG": {
        "10.1.0.32|161|": {},
        "10.250.0.101|161|": {},
        "FC00:1::32|161|": {},
        "fec0::ffff:afa:1|161|": {}
    },
 .....
 
 snmpd listening on the above IP addresses:
 admin@vlab-01:~$ sudo netstat -tulnp | grep 161
tcp        0      0 127.0.0.1:3161          0.0.0.0:*               LISTEN      71522/snmpd         
udp        0      0 10.250.0.101:161        0.0.0.0:*                           71522/snmpd         
udp        0      0 10.1.0.32:161           0.0.0.0:*                           71522/snmpd         
udp6       0      0 fec0::ffff:afa:1:161    :::*                                71522/snmpd         
udp6       0      0 fc00:1::32:161          :::*                                71522/snmpd  
```
2024-02-02 14:33:04 +08:00
byu343
c469359cef [Arista] Use port_config.ini for Arista-7050QX-32S-S4Q31 (#17253)
This change of removing hwsku.json is to correct the port index for
sfp ports (Ethernet0, Ethernet1, Ethernet2, Ethernet3) by using
port_config.ini, which should be '1, 2, 3, 4'. We could not do it
with hwsku.json, as it is defined as '5, 5, 5, 5' by platform.json
for the breakout_mode 1x40G[10G].
2024-02-02 14:33:01 +08:00
Liping Xu
1e4dcbc75d disable restapi for leafRouter in slim image (#17713)
Why I did it
For some devices with small memory, after upgrading to the latest image, the available memory is not enough.

Work item tracking
Microsoft ADO (number only):
26324242
How I did it
Disable restapi feature for LeafRouter which with slim image.

How to verify it
verified on 7050qx T1 (slim image), restapi disabled
verified on 7050qx T0 (slim image), restapi enabled
verified on 7260 T1 (normal image), restapi enabled
2024-02-02 14:32:57 +08:00
Liu Shilong
015ce751a4 [build] Fix a bash script some times called by sh issue. (#17761)
Why I did it
Fix a bug that sometimes the script runs in sh not bash.

Work item tracking
Microsoft ADO (number only): 26297955
How I did it
2024-02-02 14:32:53 +08:00
Hua Liu
b84e3f9e8a Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. (#17281)
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.

#### Why I did it
When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.

After investigation, I found the IPV6 'default' route table does not add to route lookup:

admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
admin@vlab-01:~$

As compare:
admin@vlab-01:~$ ip -4 rule list
1001:   from all lookup local
32764:  from all to 172.17.0.1/24 lookup default
32765:  from 10.250.0.101 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table exist in IPV4 route lookup

Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default
admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$

##### Work item tracking
- Microsoft ADO: 25798732

#### How I did it
When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.

#### How to verify it
Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:

### Tested branch (Please provide the tested image version)

- [x]  master-17281.417570-2133d58fa

#### Description for the changelog
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
2024-02-02 14:32:50 +08:00
Yaqiang Zhu
8f9e58c033 [dhcp_relay] Optimize j2 file in dhcp_relay container (#17506) 2024-02-02 14:32:46 +08:00
Yaqiang Zhu
0b84b8fc30 [dhcp_server] Remove dependency in port-name-alias-map.txt.j2 (#17858)
* [dhcp_server] Remove dependency in port-name-alias-map.txt.j2
2024-02-02 14:32:41 +08:00
vdahiya12
9eef01d7a7 [Arista] Update config.bcm of 7060_cx32s for handling 40g optics with unreliable los settings (#17768)
For 40G optics there is SAI handling of T0 facing ports to be set with SR4 type and unreliable los set for a fixed set of ports. For this property to be invoked the requirement is set
phy_unlos_msft=1 in config.bcm.
This change is to meet the requirement and once this property is set, the los/interface type settings is applied by SAI on the required ports.

Why I did it
For Arista-7060CX-32S-Q32 T1, 40G ports RX_ERR minimalization during connected device reboot
can be achieved by turning on Unreliable LOS and SR4 media_type for all ports which are connected to T0.

The property phy_unlos_msft=1 is to exclusively enable this property.

Microsoft ADO: 25941176

How I did it
Changes in SAI and turning on property

How to verify it
Ran the changes on a testbed and verified configurations are as intended.

with property

admin@sonic2:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS"
Brdfe_on                    = 0
Media Type                  = 2
Unreliable LOS              = 1
Scrambling Disable          = 0
Lane Config from PCS        = 0

without property

admin@sonic:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS"
Brdfe_on                    = 0
Media Type                  = 0
Unreliable LOS              = 0
Scrambling Disable          = 0
Lane Config from PCS        = 0

Signed-off-by: vaibhav-dahiya <vdahiya@microsoft.com>
2024-02-02 14:32:38 +08:00
davidpil2002
765377ac81 password-hardening: Add support to disable expiration date like in Linux (PAM) (#17426)
- Why I did it
Enhance the feature to support disabling password hardening as Linux support.
-1: expiration will never occur
0: expiration will expired immediately

Opened bug:
#17427

- How I did it
Added the -1 value to be supported in hostcfgd and this value will propagate to the relevant Linux files

- How to verify it
Pls see the details in the bug description that link attached above
2024-02-02 14:32:34 +08:00
Hua Liu
f35512ef0a [TACACS] Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue. (#17749)
Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue.

#### Why I did it
When set TACACS to "tacacs+, local", user still can run a blocked command with local permission.

##### Work item tracking
- Microsoft ADO: 26399545

#### How I did it
Fix code to reject command when authorized failed from TACACS server side.

#### How to verify it
Pass all UT.

### Description for the changelog
Fix when set TACACS to "tacacs+, local" user can run blocked command with local permission issue.
2024-02-02 14:32:29 +08:00
Ze Gan
34a86bd8f9 [Azp]: Fix azp on building ubuntu20.04 and sonic-mgmt (#17439)
The Azp failed on ubuntu20.04 and sonic-mgmt building due to sonic-dash-api updating.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2024-02-02 14:32:23 +08:00