Commit Graph

8243 Commits

Author SHA1 Message Date
mssonicbld
6f9011c5d4
[submodule] Update submodule sonic-host-services to the latest HEAD automatically (#17174)
#### Why I did it
src/sonic-host-services
```
* 586b1e9 - (HEAD -> master, origin/master, origin/HEAD) Disable systemd auto-restart of dependent services for spineRouters (#83) (5 hours ago) [Deepak Singhal]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-15 16:34:13 +08:00
mssonicbld
493724ce62
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17177) 2023-11-15 14:56:14 +08:00
Kebo Liu
8b62e7a5b2
[Mellanox] fix new MSN2700-A1 platform name (#17151)
- Why I did it
New introduced MSN2700 platform has a different platform name compared to the old one, it should be "MSN2700-A1".

- How I did it
Update the name to the new one in platform.json and platform_components.json.

- How to verify it
run platform-related sonic-mgmt test cases on the new platform.

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2023-11-15 08:29:11 +02:00
mssonicbld
b33c38112c
[submodule] Update submodule sonic-host-services to the latest HEAD automatically (#17160) 2023-11-15 10:10:40 +08:00
ganglv
240853b7dd
Disable telemetry feature (#17166)
- Why I did it
PR checker is blocked by container_checker.

- How I did it
Disable telemetry in minigraph parser.

- How to verify it
Run pipeline and sanity check.
2023-11-14 15:25:03 +02:00
mssonicbld
1e93efaf93
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17142)
#### Why I did it
src/sonic-swss
```
* 644b227a - (HEAD -> master, origin/master, origin/HEAD) [portsorch]: Implement port PFC asym capability check (#2942) (3 days ago) [Nazarii Hnydyn]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-14 16:33:10 +08:00
mssonicbld
fa05bf183a
[submodule] Update submodule sonic-mgmt-framework to the latest HEAD automatically (#16792)
#### Why I did it
src/sonic-mgmt-framework
```
* dfac87c - (HEAD -> master, origin/master, origin/HEAD) Query parameters enhancements in rest-server.  (#119) (5 weeks ago) [ranjinidn]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-14 10:36:25 +08:00
ranjinidn
5567a79255
Update submodules mgmt-common and mgmt-framework (#17054) 2023-11-13 01:32:04 -08:00
mssonicbld
f3f0d403cb
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17147) 2023-11-13 15:56:49 +08:00
mssonicbld
73da758b84
[submodule] Update submodule dhcprelay to the latest HEAD automatically (#17140)
#### Why I did it
src/dhcprelay
```
* 40c6877 - (HEAD -> master, origin/master, origin/HEAD) [CodeQL] fix unmet dependency for `build-swss-common` (#44) (30 hours ago) [Jing Zhang]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-12 16:32:31 +08:00
Stepan Blyshchak
97db5f5b21
[FRR][patch] Add encap type when building packet for FPM (#17052)
Back port a patch from upstream FRR - FRRouting/frr#14675

Why I did it
The EVPN route is not treated correctly and thus leading to messages:

Oct 30 11:40:00.494083 r-tigris-22 INFO swss#orchagent: :- addRoute: Failed to get next hop 30.0.0.2@Vlan200 for 20.0.0.2/32, resolving neighbor
Oct 30 11:40:00.494083 r-tigris-22 INFO swss#orchagent: :- addRoute: Failed to get next hop 30.0.0.2@Vlan200 for 200.0.0.0/24, resolving neighbor
Oct 30 11:40:00.494083 r-tigris-22 INFO swss#orchagent: :- addRoute: Failed to get next hop ::ffff:30.0.0.2@Vlan200 for 200::/64, resolving neighbor
Oct 30 11:40:00.494083 r-tigris-22 INFO swss#orchagent: :- addRoute: Failed to get next hop ::ffff:30.0.0.2@Vlan200 for 20::/64, resolving neighbor
Oct 30 11:40:00.494083 r-tigris-22 INFO swss#orchagent: :- addRoute: Failed to get next hop ::ffff:30.0.0.2@Vlan200 for 20::2/128, resolving neighbor
This happens because fpmsyncd does not get encap type field in FPM message.

Work item tracking
Microsoft ADO (number only):
How I did it
Backport fix from FRR.

How to verify it
EVPN scenario.
2023-11-11 21:26:14 +08:00
mssonicbld
d69a736bee
[submodule] Update submodule wpasupplicant/sonic-wpa-supplicant to the latest HEAD automatically (#17143) 2023-11-11 15:48:11 +08:00
mssonicbld
19cd92601c
[submodule] Update submodule linkmgrd to the latest HEAD automatically (#17141) 2023-11-11 15:31:57 +08:00
Lawrence Lee
04b30fc378
[tph]: Detect LAG flaps from APPL_DB (#16879)
Why I did it
A race condition exists while the TPH is processing a netlink message - if a second netlink message arrives during processing it will be missed since TPH is not listening for other messages.
Another bug was found where TPH was unnecessarily restarting since it was checking admin status instead of operational status of portchannels.

How I did it
Subscribe to APPL_DB for updates on LAG operational state
Track currently sniffed interfaces

How to verify it
Send tunnel packets with destination IP of an unresolved neighbor, verify that ping commands are run
Shut down a portchannel interface, verify that sniffer does not restart
Send tunnel packets, verify ping commands are still run
Bring up portchannel interface, verify that sniffer restarts

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2023-11-09 16:01:59 -08:00
Junhua Zhai
4e3b2e5545
Upgrade libsaibroncos debian package to version 3.11 (#17127) 2023-11-09 10:15:02 -08:00
Stepan Blyshchak
113d7d8668
[YANG][ACL] Change LAG -> PORTCHANNEL in DB schema (#17062)
Orchagent uses PORTCHANNEL term when parsing this field. Change the YANG model to align to orchagent.

- Why I did it
When specifying PORTCHANNEL in ACL_TABLE_TYPE table YAGN model validation does not pass, when using term LAG orchagent does not accept such table type.
Fix it by aligning YANG model to orchagent.

- How I did it
Fix in YANG model.

- How to verify it
Create custom ACL table type.

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
2023-11-09 19:00:07 +02:00
xumia
7b6f7a6328
[Build] Deprecate the mirror packages.trafficmanager.net/debian (#17113)
Why I did it
Fix the issue: #17107

Work item tracking
Microsoft ADO (number only): 25746782
How I did it
Deprecate the no use and out of service mirrors.
http://packages.trafficmanager.net/debian/debian
http://packages.trafficmanager.net/debian/debian-security/
Enable the snapshot mirror by default if reproducible flag set.
How to verify it
2023-11-09 20:52:46 +08:00
mssonicbld
025d53c6d1
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17123)
#### Why I did it
src/sonic-sairedis
```
* 7acd028 - (HEAD -> master, origin/master, origin/HEAD) [gbsyncd] Add asic db prefix for channel RESTARTQUERY (#1302) (3 hours ago) [Junhua Zhai]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-09 16:32:51 +08:00
mssonicbld
4f04b95eeb
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17124)
#### Why I did it
src/sonic-swss
```
* 51bfb4c1 - (HEAD -> master, origin/master, origin/HEAD) [muxorch] Fixing updateRoute logic (#2952) (3 hours ago) [Nikola Dancejic]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-09 16:32:46 +08:00
JunhongMao
4da5099919
[VOQ][saidump] Install rdbtools into the docker base related containers. (#16466)
Fix #13561

The existing saidump use https://github.com/sonic-net/sonic-swss-common/blob/master/common/table_dump.lua script which loops the ASIC_DB more than 5 seconds and blocks other processes access.

This solution uses the Redis SAVE command to save the snapshot of DB each time and recover later, instead of looping through each entry in the table.

Related PRs:
sonic-net/sonic-utilities#2972
sonic-net/sonic-sairedis#1288
sonic-net/sonic-sairedis#1298

How did I do it?
To use the Redis-db SAVE option to save the snapshot of DB each time and recover later, instead of looping through each entry in the table and saving it.

1. Updated dockers/docker-base-bullseye/Dockerfile.j2, install Python library rdbtools into the all the docker-base-bullseye containers.

2. Updated sonic-buildimage/src/sonic-sairedis/saidump/saidump.cpp, add a new option -r, which updates the rdbtools's output-JSON files' format.

3. To add a new script file: syncd/scripts/saidump.sh into the sairedis repo. This shell script does the following steps:

  For each ASIC, such as ASIC0,

  3.1. Config Redis consistency directory. 
  redis-cli -h $hostname -p $port CONFIG SET dir $redis_dir > /dev/null

  3.2. Save the Redis data.
  redis-cli -h $hostname -p $port SAVE > /dev/null

  3.3. Run rdb command to convert the dump files into JSON files
    rdb --command json $redis_dir/dump.rdb | tee $redis_dir/dump.json > /dev/null

  3.4.  Run saidump -r to update the JSON files' format as same as the saidump before. 
       Then we can get the saidump's result in standard output."
       saidump -r $redis_dir/dump.json -m 100

  3.5. Clear the temporary files.
   rm -f $redis_dir/dump.rdb
   rm -f $redis_dir/dump.json

4. Update sonic-buildimage/src/sonic-utilities/scripts/generate_dump. To check the asic db size and if it is larger than ROUTE_TAB_LIMIT_DIRECT_ITERATION (with default value 24000) entries, then do with REDIS SAVE, otherwise, to do with old method: looping through each entry of Redis DB.

How to verify it
On T2 setup with more than 96K routes, execute CLI command -- generate_dump
No error should be shown
Download the generate_dump result and verify the saidump file after unpacking it.
2023-11-08 11:57:25 -08:00
mssonicbld
72a464d4e6
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17115)
#### Why I did it
src/sonic-swss
```
* 2b02c249 - (HEAD -> master, origin/master, origin/HEAD) Send hearbeat during warm reboot freese (#2923) (81 minutes ago) [Hua Liu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-08 18:33:59 +08:00
ganglv
c71fb3a30f
Share image for gnmi and telemetry (#16863)
Why I did it
Share docker image to support gnmi container and telemetry container

Work item tracking
Microsoft ADO 25423918:
How I did it
Create telemetry image from gnmi docker image.
Enable gnmi container and disable telemetry container by default.

How to verify it
Run end to end test.
2023-11-08 08:54:36 +08:00
Konstantin Vasin
f5c096056f
fix sources.list generation when SONIC_VERSION_CONTROL_COMPONENTS is set in rules/config (#17098)
Why I did it
Fix #17097
If I set SONIC_VERSION_CONTROL_COMPONENTS=all and MIRROR_SNAPSHOT=y in rules/config file then I get incorrect sources.list files (with latest available snapshots instead of snapshot from files/build/versions/default/versions-mirror).

Work item tracking
Microsoft ADO (number only):
How I did it
Pass directly make variable SONIC_VERSION_CONTROL_COMPONENTS to subshell.

How to verify it
Build and check generated sources.list files.
2023-11-08 07:13:56 +08:00
zitingguo-ms
b5b3f0a0b6
Fix device type and add cluster in DEVICE_NEIGHBOR_METADATA yang model (#17049)
Why I did it
The current DEVICE_NEIGHBOR_METADATA yang model has two issues that would block GCU operation when it checks if the current config aligns with the YANG model:

Missing cluster field in YANG
Incomplete set of device type. The device type in YANG model doesn't include all the device type.
Work item tracking
Microsoft ADO (number only): 25577813
How I did it
Add cluster field in DEVICE_NEIGHBOR_METADATA YANG model.
Change device type to string.
Fix the UT test accordingly.
How to verify it
Build the image and verify the unit tests passed.
2023-11-07 14:54:30 +08:00
mssonicbld
ae1b59fade
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#17106) 2023-11-07 14:46:21 +08:00
Sudharsan Dhamal Gopalarathnam
070d488e9d
[Mellanox] [SN5600] Removing 8x DPB mode from platform files (#17071)
- Why I did it
Removing 8x split DPB mode from platform files since it is not fully supported yet.

- How I did it
Updating platform file.

- How to verify it
Manual testing.
2023-11-07 08:45:23 +02:00
ShiyanWangMS
c75a662ac8
Add Azure pipeline to build legacy sonic-mgmt-docker (#17073)
Why I did it
This is part of Python3 migration project.
This pipeline will build sonic-mgmt-docker with both Python2 and Python3.

The main difference between legacy sonic-mgmt-docker and now is:
make LEGACY_SONIC_MGMT_DOCKER=y target/docker-sonic-mgmt.gz
docker tag docker-sonic-mgmt $REGISTRY_SERVER/docker-sonic-mgmt:legacy

Work item tracking
Microsoft ADO (number only): 25254349

How I did it
Add pipeline file.
2023-11-07 13:27:41 +08:00
mssonicbld
7eb4872766
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#17102) 2023-11-06 15:04:49 +08:00
mssonicbld
c0b0f2a690
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#17067) 2023-11-04 14:52:34 +08:00
mssonicbld
e895f5bbd0
[submodule] Update submodule sonic-host-services to the latest HEAD automatically (#17083)
#### Why I did it
src/sonic-host-services
```
* beb8bbe - (HEAD -> master, origin/master, origin/HEAD) [DualToR][caclmgrd] Fix IPtables rules for multiple vlan interfaces for DualToR config (#82) (3 hours ago) [vdahiya12]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-03 16:32:57 +08:00
SuvarnaMeenakshi
089c1153f9
[YANG]: Fix SNMP_AGENT_ADDRESS_CONFIG yang model (#17044)
fixes #16011

Why I did it
seeing below warning ,essage:
libyang[1]: Default value "" in the list key "port" is ignored. (/sonic-snmp:sonic-snmp/SNMP_AGENT_ADDRESS_CONFIG/SNMP_AGENT_ADDRESS_LIST)
libyang[1]: Default value "" in the list key "vrf_name" is ignored. (/sonic-snmp:sonic-snmp/SNMP_AGENT_ADDRESS_CONFIG/SNMP_AGENT_ADDRESS_LIST)

name of list is not <model_name>_LIST.

Work item tracking
Microsoft ADO 25646016:
How I did it
Remove default value provided to key in yang model to avoid seeing below error:
libyang[1]: Default value "" in the list key "port" is ignored. (/sonic-snmp:sonic-snmp/SNMP_AGENT_ADDRESS_CONFIG/SNMP_AGENT_ADDRESS_LIST)
libyang[1]: Default value "" in the list key "vrf_name" is ignored. (/sonic-snmp:sonic-snmp/SNMP_AGENT_ADDRESS_CONFIG/SNMP_AGENT_ADDRESS_LIST)

Modify the LIST name to have <model_name>_LIST as this was failing yang validation during unit-tests.

How to verify it
unit-tests passing.
Before fix

admin@vlab-01:~$ sudo sonic-package-manager list
libyang[1]: Default value "" in the list key "port" is ignored. (/sonic-snmp:sonic-snmp/SNMP_AGENT_ADDRESS_CONFIG/SNMP_AGENT_ADDRESS_LIST)
libyang[1]: Default value "" in the list key "vrf_name" is ignored. (/sonic-snmp:sonic-snmp/SNMP_AGENT_ADDRESS_CONFIG/SNMP_AGENT_ADDRESS_LIST)
Name            Repository                   Description                   Version    Status
--------------  ---------------------------  ----------------------------  ---------  ---------
database        docker-database              SONiC database package        1.0.0      Built-In
dhcp-relay      docker-dhcp-relay            N/A                           1.0.0      Installed
eventd          docker-eventd                SONiC eventd package          1.0.0      Built-In
fpm-frr         docker-fpm-frr               SONiC fpm-frr package         1.0.0      Built-In
gbsyncd         docker-gbsyncd-vs            SONiC gbsyncd package         1.0.0      Built-In
lldp            docker-lldp                  SONiC lldp package            1.0.0      Built-In
macsec          docker-macsec                N/A                           1.0.0      Installed
mgmt-framework  docker-sonic-mgmt-framework  SONiC mgmt-framework package  1.0.0      Built-In
mux             docker-mux                   SONiC mux package             1.0.0      Built-In
nat             docker-nat                   SONiC nat package             1.0.0      Built-In
pmon            docker-platform-monitor      SONiC pmon package            1.0.0      Built-In
radv            docker-router-advertiser     SONiC radv package            1.0.0      Built-In
sflow           docker-sflow                 SONiC sflow package           1.0.0      Built-In
snmp            docker-snmp                  SONiC snmp package            1.0.0      Built-In
swss            docker-orchagent             SONiC swss package            1.0.0      Built-In
syncd           docker-syncd-vs              SONiC syncd package           1.0.0      Built-In
teamd           docker-teamd                 SONiC teamd package           1.0.0      Built-In
telemetry       docker-sonic-telemetry       SONiC telemetry package       1.0.0      Built-In
After fix:

admin@vlab-01:~$ sudo sonic-package-manager list
Name            Repository                   Description                   Version    Status
--------------  ---------------------------  ----------------------------  ---------  ---------
database        docker-database              SONiC database package        1.0.0      Built-In
dhcp-relay      docker-dhcp-relay            N/A                           1.0.0      Installed
eventd          docker-eventd                SONiC eventd package          1.0.0      Built-In
fpm-frr         docker-fpm-frr               SONiC fpm-frr package         1.0.0      Built-In
gbsyncd         docker-gbsyncd-vs            SONiC gbsyncd package         1.0.0      Built-In
lldp            docker-lldp                  SONiC lldp package            1.0.0      Built-In
macsec          docker-macsec                N/A                           1.0.0      Installed
mgmt-framework  docker-sonic-mgmt-framework  SONiC mgmt-framework package  1.0.0      Built-In
mux             docker-mux                   SONiC mux package             1.0.0      Built-In
nat             docker-nat                   SONiC nat package             1.0.0      Built-In
pmon            docker-platform-monitor      SONiC pmon package            1.0.0      Built-In
radv            docker-router-advertiser     SONiC radv package            1.0.0      Built-In
sflow           docker-sflow                 SONiC sflow package           1.0.0      Built-In
snmp            docker-snmp                  SONiC snmp package            1.0.0      Built-In
swss            docker-orchagent             SONiC swss package            1.0.0      Built-In
syncd           docker-syncd-vs              SONiC syncd package           1.0.0      Built-In
teamd           docker-teamd                 SONiC teamd package           1.0.0      Built-In
telemetry       docker-sonic-telemetry       SONiC telemetry package       1.0.0      Built-In
2023-11-03 14:42:17 +08:00
Saikrishna Arcot
686678a407
Fix LAG going down after warm reboot with SONiC neighbors (#17040)
* Fix LAG going down after warm reboot with SONiC neighbors

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-02 22:05:09 -07:00
StormLiangMS
183ee7dfa0
enable fib suppress for leafrouter (#17072)
Why I did it
Enable the suppress fib feature by default.

Work item tracking
Microsoft ADO (25564723):
How I did it
In minigraph.py, to add the field suppress-fib-pending, and enable it for leafrouter.

How to verify it
Build / load image and check the config_db by show CLI.
admin@str-7260cx3-acs-2:~$ show suppress-fib-pending
Enabled

Need to modify the tests/bgp/test_bgp_suppress_fib.py in sonic-mgmt repo, to check the config before restore. Otherwise, after this test, it will turn off the suppress-fib-pending.
sonic-net/sonic-mgmt#10612
2023-11-03 10:28:10 +08:00
ShiyanWangMS
7013b05899
Add new docker-sonic-mgmt makefile flag: LEGACY_SONIC_MGMT_DOCKER (#17070)
Why I did it
This is part of Python3 migration project. This PR will add a new makefile flag: LEGACY_SONIC_MGMT_DOCKER
Now by default: LEGACY_SONIC_MGMT_DOCKER = y will build sonic-mgmt-docker with Python2 and Python3
If LEGACY_SONIC_MGMT_DOCKER = n will will sonic-mgmt-docker with Python3 only

Work item tracking
Microsoft ADO (number only): 25254349

How I did it
Add makefile flag: LEGACY_SONIC_MGMT_DOCKER

How to verify it
By default will build sonic-mgmt-docker with Python2 and Python3. No change compared to before.
Set LEGACY_SONIC_MGMT_DOCKER=n will build sonic-mgmt-docker with Python3 only
2023-11-03 09:04:01 +08:00
byu343
ed07dbad09
[knet]: Disable NETIF_F_HW_CSUM in KNET (#17080)
This is CSP CS00012280996.
The issue to fix is that the checksum was incorrect for all TCP packets leaving the system so that the BGP connection cannot be established. We found the issue on BCM56993, and it is possible to affect all platforms using linux_ngknet.
2023-11-02 16:17:06 -07:00
Yaqiang Zhu
274d320443
[dhcp_server] Add dhcprelayd for dhcp_server feature (#16947)
Add support in dhcp_relay container for dhcp_server_ipv4 feature. HLD: sonic-net/SONiC#1282
2023-11-02 08:09:01 -07:00
mssonicbld
c85c12bc75
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#17068)
#### Why I did it
src/sonic-swss-common
```
* a57cf9e - (HEAD -> master, origin/master, origin/HEAD) Add batch support in ZmqProducerStateTable. (#803) (10 hours ago) [mint570]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-02 16:32:43 +08:00
Nazarii Hnydyn
845bb80a3c
[ppi]: Enable global port late create for all Mellanox HWSKUs. (#16945)
HLD: sonic-net/SONiC#1084

To improve FAST reboot dataplane downtime

Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
2023-11-01 21:50:14 -07:00
mssonicbld
d8f9f232e6
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#17056)
#### Why I did it
src/sonic-linux-kernel
```
* a75a3df - (HEAD -> master, origin/master, origin/HEAD) arm64: Kconfig inclusions to fix PCI hang and MTD detection (#350) (3 hours ago) [Pavan Naregundi]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-01 16:32:34 +08:00
mssonicbld
f61590d5e2
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#17057) 2023-11-01 14:54:43 +08:00
mssonicbld
3bacbc94ad
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17048)
#### Why I did it
src/sonic-swss
```
* 917c21e0 - (HEAD -> master, origin/master, origin/HEAD) Add more debug information when PFC WD is triggered (#2858) (10 hours ago) [Stephen Sun]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-01 10:37:01 +08:00
Sudharsan Dhamal Gopalarathnam
ca15c6ff93
[eventd]: Disabling eventd tests (#17053)
Disabling eventd unit tests until #16996 is addressed
2023-10-31 15:51:48 -07:00
mssonicbld
bf1333bc2f
[submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (#17047) 2023-10-31 14:43:20 +08:00
ShiyanWangMS
fe735e35c6
Upgrade Ansible to 6.7.0 and make Python3 as the default interpreter in sonic-mgmt-docker (#17021)
Why I did it
This PR is part of sonic-mgmt-docker Python3 migration project.

Work item tracking
Microsoft ADO (number only): 24397943

How I did it
Upgrade Ansible to 6.7.0
Make Python3 as the default interpreter. python is a soft link to python3. If you want to use python2, use the command python2 explicitly.
Upgrade some pip packages to higher version in order to meet security requirement.

How to verify it
Build a private sonic-mgmt-docker successfully.
Verify python is python3.
Verify python2 is working with 202012 and 202205 branch.
Verify python3 is working with master branch.
Verify with github PR test.
2023-10-31 09:44:55 +08:00
mssonicbld
a5ee9867da
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17038) 2023-10-29 14:50:57 +08:00
Dev Ojha
f844992369
Update sonic-device_neighbor_metadata.yang (#16974)
### Why I did it
We use `EdgeZoneAggregator` in `db_migrator`, but we don't support this pattern in sonic yang models. Hence, we update this in the sonic-yang model.

##### Work item tracking
- Microsoft ADO **(number only)**:  25574132

#### How I did it
Update the device pattern list.
2023-10-27 14:23:45 -07:00
Mai Bui
753fa0d26e
[docker-sflow] limit privileged flag for sflow container (#16973)
#### Why I did it
HLD implementation: Container Hardening (https://github.com/sonic-net/SONiC/pull/1364)
##### Work item tracking
- Microsoft ADO **(number only)**: 14807420
#### How I did it
Reduce linux capabilities in privileged flag

#### How to verify it
Run sflow sonic-mgmt tests
Check container's settings: Privileged is false and container only has default Linux caps, does not have extended caps.
```
admin@vlab-01:~$ docker inspect sflow | grep Privi
            "Privileged": false,


admin@vlab-01:~$ docker exec -it sflow bash
root@vlab-01:/# capsh --print
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
```
2023-10-27 11:30:30 -07:00
Saikrishna Arcot
b256396b48
sonic-eventd: Use json.hpp from nlohmann-json3-dev instead of swss-common (#16818)
#### Why I did it

This header file comes from an external package, and a very old version of the header file has been checked into swss-common. This will cause problems for the upcoming Bookworm upgrade.

##### Work item tracking
- Microsoft ADO **(number only)**: 25411155

#### How I did it

Change references to the header file to use the Debian package nlohmann-json-dev, instead of from swss-common.

### Tested branch (Please provide the tested image version)

- [ ] <!-- image version 1 -->
- [ ] VS image from pipeline build

Verified that eventd was running
2023-10-26 09:45:58 -07:00
Zhijian Li
1fd7746855
[minigraph-parser] Disable unsupported counters on management devices (#16937)
Why I did it
To avoid orchagent crash issue like sonic-net/sonic-swss#2935, disable unsupported counters on SONiC management devices.

Work item tracking
Microsoft ADO (number only): 25437720
How I did it
Update the minigraph parser to disable unsupported counters on management devices.

How to verify it
Verified by unittest.
Manually apply patch to DUT and do config load_minigraph
2023-10-26 08:05:06 -07:00
zitingguo-ms
2c0f4e57d7
Upgrade XGS saibcm-modules to 8.4 (#16246)
Why I did it
XGS saibcm-modules 8.4 is needed. #14471

Work item tracking
Microsoft ADO (number only): 24917414
How I did it
Copy files from xgs SDK 8.4 repo and modify makefiles to build the image.
Upgrade version to 8.4.0.2 in saibcm-modules.mk.

How to verify it
Build a private image and run full qualification with it: https://elastictest.org/scheduler/testplan/650419cb71f60aa92c456a2b
2023-10-26 18:58:34 +08:00