Commit Graph

8250 Commits

Author SHA1 Message Date
Saikrishna Arcot
5d3e5c0094
Re-enable DNX module compilation (#17310)
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-29 16:24:23 -08:00
mssonicbld
c4859ad1bc
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17335)
#### Why I did it
src/sonic-swss
```
* 14408ca3 - (HEAD -> master, origin/master, origin/HEAD) [Chassis][master][orchagent] : Added test case to verify WRED profile on system ports (#2954) (9 hours ago) [vmittal-msft]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-29 18:35:29 +08:00
mssonicbld
c6578fea43
[submodule] Update submodule sonic-mgmt-common to the latest HEAD automatically (#17331)
#### Why I did it
src/sonic-mgmt-common
```
* d96bfcd - (HEAD -> master, origin/master, origin/HEAD) YANG tree generator and linter (#113) (6 hours ago) [faraazbrcm]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-29 16:34:27 +08:00
mssonicbld
a1e6625279
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#17332)
#### Why I did it
src/sonic-platform-common
```
* 2efe97e - (HEAD -> master, origin/master, origin/HEAD) Fix VDM freeze and unfreeze needed for PM stats collection  (#402) (3 hours ago) [jaganbal-a]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-29 16:34:22 +08:00
mssonicbld
17e7ba40f0
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17334)
#### Why I did it
src/sonic-sairedis
```
* 9621316 - (HEAD -> master, origin/master, origin/HEAD) [syncd] Remove notify pointers manual handling (#1326) (19 hours ago) [Kamil Cudnik]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-29 16:34:17 +08:00
Saikrishna Arcot
7c5f616469
Fix sonic-mgmt docker build due to Bookworm changes (#17309)
* Fix sonic-mgmt docker build due to Bookworm changes

Because of the Bookworm upgrade, when some build target is specified on
the command line, the build system will try to build everything for
buster and bullseye distros, even if it's not needed by the target.

As a workaround, call the underlying Makefile.work script with
`BLDENV=bullseye` to have it only build packages related to sonic-mgmt.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

* Mark docker-sonic-mgmt as a Bullseye container

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

---------

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-28 16:41:13 -08:00
arista-nwolfe
865f33c62d
[Arista]: Disable SA_EQUALS_DA trap on DNX LC SKUs (#17206)
This change was submitted directly to 202205 but it's also needed in master and 202305 with SAI9.x
#13346

There has been a couple CSPs for this as well:
CS00012273013 - [7.1][J2, J2c+] Disable SA Equals DA trap on DNX
CS00012320965 - SAI9.2: iBGP doesn't work due to SA_EQUALS_DA trap

If SA_EQUALS_DA trap is enabled iBGP won't work as the Ethernet-IB0 ports are expected to get packets with SA==DA.

In the VOQ chassis design, for outgoing control plane packets, the packets goes the recycle port for routing, therefore the dmac of the packet should be the asic router mac. The source mac is assigned by the kernel, so it is also the asic router mac.
2023-11-28 16:25:43 -08:00
Yaqiang Zhu
59dddb14d4
[dhcp_server] Rename sonic_dhcp_server to sonic_dhcp_utilities (#17276)
Why I did it
sonic_dhcp_server.whl contains not only dhcp_server functionality but also part of dhcp_relay functionality, the existing naming is not appropriate.
2023-11-28 13:28:16 -08:00
mssonicbld
a8fc528045
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17314)
#### Why I did it
src/sonic-sairedis
```
* 4ee9c25 - (HEAD -> master, origin/master, origin/HEAD) Add TestSwitch missing attribute (#1327) (12 hours ago) [noaOrMlnx]
* 4cbbeed - Add SAI Notification support for host_tx_ready (#1307) (18 hours ago) [noaOrMlnx]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-28 18:35:49 +08:00
mssonicbld
c1f0355fa8
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#17316)
#### Why I did it
src/sonic-swss-common
```
* 8dc6218 - (HEAD -> master, origin/master, origin/HEAD) Add STATE_TRANSCEIVER_INFO_TABLE_NAME to shcema.h (#824) (12 hours ago) [noaOrMlnx]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-28 18:35:44 +08:00
mssonicbld
67e414f30f
[submodule] Update submodule sonic-mgmt-common to the latest HEAD automatically (#17313)
#### Why I did it
src/sonic-mgmt-common
```
* 268b67c - (HEAD -> master, origin/master, origin/HEAD) Integrating the transformer infra GET optimization, Request context cancel handling and other bug fixes (#111) (2 hours ago) [Balachandar Mani]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-28 16:34:27 +08:00
Mai Bui
80615f45db
[docker-sonic-mgmt-framework] limit privileged flag for mgmt-framework container (#17217)
Why I did it
HLD implementation: Container Hardening (sonic-net/SONiC#1364)

Work item tracking
Microsoft ADO (number only): 14807420
How I did it
Reduce linux capabilities in privileged flag

How to verify it
Check container's settings: Privileged is false and container only has default Linux caps, does not have extended caps.
2023-11-28 15:35:22 +08:00
Yaqiang Zhu
69f949671c
[dhcp_server] Mark dhcp_server docker as Bullseyse docker (#17290)
How I did it
Mark dhcp_server docker as Bullseyse docker

How to verify it
Set INCLUDE_DHCP_SERVER to y and build image, build successfully
2023-11-27 21:47:59 -08:00
Yaqiang Zhu
be95d49db6
[dhcp_server] Add support for only configures 1 ip in dhcp_server range (#17280)
How I did it
Add support for only configures 1 ip in dhcp_server range.
Treat range with value out of order as invalid range.
2023-11-27 21:44:41 -08:00
Pavan-Nokia
90ff72c885
[armhf][Nokia-7215] Remove platform reboot (#17010) 2023-11-27 11:00:12 -08:00
Vivek
4727185648
[lldp] Clean up service start logic owing to port init start optimization (#17268)
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
2023-11-27 09:56:54 -08:00
Yaqiang Zhu
da80593ecb
[dhcp_relay] Use dhcprelayd to manage critical processes (#17236)
Modify j2 template files in docker-dhcp-relay. Add dhcprelayd to group dhcp-relay instead of isc-dhcp-relay-VlanXXX, which would make dhcprelayd to become critical process.
In dhcprelayd, subscribe FEATURE table to check whether dhcp_server feature is enabled.
2.1 If dhcp_server feature is disabled, means we need original dhcp_relay functionality, dhcprelayd would do nothing. Because dhcrelay/dhcpmon configuration is generated in supervisord configuration, they will automatically run.
2.2 If dhcp_server feature is enabled, dhcprelayd will stop dhcpmon/dhcrelay processes started by supervisord and subscribe dhcp_server related tables in config_db to start dhcpmon/dhcrelay processes.
2.3 While dhcprelayd running, it will regularly check feature status (by default per 5s) and would encounter below 4 state change about dhcp_server feature:
A) disabled -> enabled
In this scenario, dhcprelayd will subscribe dhcp_server related tables and stop dhcpmon/dhcrelay processes started by supervisord and start new pair of dhcpmon/dhcrelay processes. After this, dhcpmon/dhcrelay processes are totally managed by dhcprelayd.
B) enabled -> enabled
In this scenaro, dhcprelayd will monitor db changes in dhcp_server related tables to determine whether to restart dhcpmon/dhrelay processes.
C) enabled -> disabled
In this scenario, dhcprelayd would unsubscribe dhcp_server related tables and kill dhcpmon/dhcrelay processes started by itself. And then dhcprelayd will start dhcpmon/dhcrelay processes via supervisorctl.
D) disabled -> disabled
dhcprelayd will check whether dhcrelay processes running status consistent with supervisord configuration file. If they are not consistent, dhcprelayd will kill itself, then dhcp_relay container will stop because dhcprelayd is critical process.
2023-11-27 09:30:01 -08:00
Sudharsan Dhamal Gopalarathnam
49dd425603
[FRR]Fixing CVEs CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235 (#17259)
Why I did it
Fixing CVEs CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235

Work item tracking
Microsoft ADO (number only):
How I did it
Porting the fixes in the below PRs

FRRouting/frr#14645
FRRouting/frr#14716

How to verify it
Running regression
2023-11-27 21:32:39 +08:00
Kebo Liu
bf4a2e3002
[Mellanox] Revert LPM implementation to the old way (#17096)
- Why I did it
The current low power mode setting implementation requests the user to set the port to admin down first before toggling LP mode, this is not backward compatible, now revert it to the old way so that the user can toggle the LP mode regardless of the port admin status.

- How I did it
Revert the recent changes related to LPM in PR #14130 and #16545

- How to verify it
Run all sfputil and SFP platform API related tests on all the Mellanox platforms.

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2023-11-27 13:23:04 +02:00
Sudharsan Dhamal Gopalarathnam
b86a1b352b
[yang]Fixing sonic-cfg-help to handle nested container (#17260)
Why I did it
Fixing sonic-cfg-help to handle nested container scenario. In case of nested container, the inner container name acts as key for the table. For e.g.

"AUTO_TECHSUPPORT": {
        "GLOBAL": {
         }
}
Previous output

AUTO_TECHSUPPORT
Description: AUTO_TECHSUPPORT part of config_db.json

+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| Field                   | Description                                        | Mandatory   | Default   | Reference   |
+=========================+====================================================+=============+===========+=============+
| state                   | Knob to make techsupport invocation event-driven   |             |           |             |
|                         | based on core-dump generation                      |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| rate_limit_interval     | Minimum time in seconds between two successive     |             |           |             |
|                         | techsupport invocations. Configure 0 to explicitly |             |           |             |
|                         | disable                                            |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_techsupport_limit   | Max Limit in percentage for the cummulative size   |             |           |             |
|                         | of ts dumps. No cleanup is performed if the value  |             |           |             |
|                         | isn't configured or is 0.0                         |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_core_limit          | Max Limit in percentage for the cummulative size   |             |           |             |
|                         | of core dumps. No cleanup is performed if the      |             |           |             |
|                         | value isn't congiured or is 0.0                    |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| available_mem_threshold | Memory threshold; 0 to disable techsupport         |             | 10.0      |             |
|                         | invocation on memory usage threshold crossing      |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| min_available_mem       | Minimum Free memory (in MB) that should be         |             | 200       |             |
|                         | available for the techsupport execution to start   |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| since                   | Only collect the logs & core-dumps generated since |             |           |             |
|                         | the time provided. A default value of '2 days ago' |             |           |             |
|                         | is used if this value is not set explicitly or a   |             |           |             |
|                         | non-valid string is provided                       |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+


New output

AUTO_TECHSUPPORT
Description: AUTO_TECHSUPPORT part of config_db.json

key - GLOBAL
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| Field                   | Description                                        | Mandatory   | Default   | Reference   |
+=========================+====================================================+=============+===========+=============+
| state                   | Knob to make techsupport invocation event-driven   |             |           |             |
|                         | based on core-dump generation                      |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| rate_limit_interval     | Minimum time in seconds between two successive     |             |           |             |
|                         | techsupport invocations. Configure 0 to explicitly |             |           |             |
|                         | disable                                            |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_techsupport_limit   | Max Limit in percentage for the cummulative size   |             |           |             |
|                         | of ts dumps. No cleanup is performed if the value  |             |           |             |
|                         | isn't configured or is 0.0                         |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| max_core_limit          | Max Limit in percentage for the cummulative size   |             |           |             |
|                         | of core dumps. No cleanup is performed if the      |             |           |             |
|                         | value isn't congiured or is 0.0                    |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| available_mem_threshold | Memory threshold; 0 to disable techsupport         |             | 10.0      |             |
|                         | invocation on memory usage threshold crossing      |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| min_available_mem       | Minimum Free memory (in MB) that should be         |             | 200       |             |
|                         | available for the techsupport execution to start   |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+
| since                   | Only collect the logs & core-dumps generated since |             |           |             |
|                         | the time provided. A default value of '2 days ago' |             |           |             |
|                         | is used if this value is not set explicitly or a   |             |           |             |
|                         | non-valid string is provided                       |             |           |             |
+-------------------------+----------------------------------------------------+-------------+-----------+-------------+


Work item tracking
Microsoft ADO (number only):
How I did it
Fixing sonic-cfg-help tool to handle nested container

How to verify it
Added UT to verify it.
2023-11-23 20:59:31 +08:00
mssonicbld
c568ecddf9
[submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (#17274)
#### Why I did it
src/sonic-snmpagent
```
* 3b6a4ad - (HEAD -> master, origin/master, origin/HEAD) Enable faulthandler to provide more fault information (#301) (22 hours ago) [Hua Liu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-23 18:35:45 +08:00
mssonicbld
6d8d42d075
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17257)
#### Why I did it
src/sonic-sairedis
```
* 9804bd7 - (HEAD -> master, origin/master, origin/HEAD) Fix compilation issue due to PORT_STATE_CHANGE_QUEUE_SIZE undefined (#1324) (2 days ago) [Ashish Singh]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-23 18:35:02 +08:00
mssonicbld
58d4f922c9
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17275)
#### Why I did it
src/sonic-swss
```
* 2ca3deb0 - (HEAD -> master, origin/master, origin/HEAD) [dash] fix DASH ACL Rule protocol use-after-free (#2958) (9 hours ago) [Yakiv Huryk]
* b8841ecb - [orchagent]: Extend the SRv6Orch to support the programming of the L3Adj (#2902) (24 hours ago) [Carmine Scarpitta]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-23 18:34:56 +08:00
mssonicbld
928d952089
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#17273)
#### Why I did it
src/sonic-platform-common
```
* cb80f17 - (HEAD -> master, origin/master, origin/HEAD) Fix issue: QSFP module with id 0x0d can be parsed using 8636 (#412) (20 hours ago) [Stephen Sun]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-23 16:33:33 +08:00
Sudharsan Dhamal Gopalarathnam
8aa6a742ca
[FRR] Fixing zebra to handle non notification of better admin won (#17184)
* [FRR]Fixing zebra to handle non notification of better admin won

* Updating the patch with latest changes from FRR
2023-11-23 15:01:13 +08:00
mssonicbld
4e20b34a9e
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#17249)
#### Why I did it
src/sonic-linux-kernel
```
* b2601c7 - (HEAD -> master, origin/master, origin/HEAD) [mellanox] Update Kernel patches and Kconfig for Linux 6.1.x (#359) (3 hours ago) [Vivek]
* ba37b4d - Ported Fullcone NAT changes are ported from 5.10 to 6.1 kernel. (#357) (3 hours ago) [Akhilesh Samineni]
* b899479 - Bookworm:AMD-Pensando ELBA SOC support (#353) (3 hours ago) [Shantanu Shrivastava]
* 07a6d64 - [marvell-arm64]: Update kernel patches for Linux 6.1.x (#352) (3 hours ago) [Keshav Gupta]
* 73abe79 - Set CONFIG_IGB to m for the build to work (#340) (3 hours ago) [Vivek]
* 0c12436 - Use bookworm-tagged slave container for now (3 hours ago) [Saikrishna Arcot]
* aca1572 - Use bookworm slave container (3 hours ago) [Saikrishna Arcot]
* bbf045a - Update kernel to 6.1.38 (3 hours ago) [Saikrishna Arcot]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-23 12:33:59 +08:00
Shashanka Balakuntala
418ed10ae1
[minigraph]: Adding new secondary field to VLAN_INTERFACE table (#16827)
This is change taken as part of the HLD: sonic-net/SONiC#1470.
In this PR we add the logic to parse the SecondarySubnets field in the minigraph and add a flag in "secondary" in the vlan_interface table of the config db.

Microsoft ADO (number only): 16784946

How I did it
Made changes in the minigraph.py to parse the xml entry and add the parsed value to the config db

How to verify it
Added python tests in the sonic-config-engine folder to test the config db entries.
2023-11-22 15:06:20 -08:00
Shashanka Balakuntala
8b192a1151
[dhcp-relay]: Modify dhcp relay to pick primary address (#17012)
This is change taken as part of the HLD: sonic-net/SONiC#1470 and this is a follow up on the PR #16827 where in the docker-dhcp we pick the value of primary gateway of the interface from the VLAN_Interface table which has "secondary" flag set in the config_db

Microsoft ADO (number only): 16784946

How did I do it
-  Changes in the j2 file to add a new "-pg" parameter in the dhcpv4-relay.agents.j2, the ip would be retrieved from the config db's vlan_interface table such that the interface which are picked will have secondary field set.

- Changes in isc-dhcp to re-order the addresses of the discovered interface and which has the ip which has the passed parameter.
2023-11-22 15:05:32 -08:00
prabhataravind
aea3c42f29
[image_config]: Update DHCP rate-limit (#17132)
Change DHCP rate limit in SONiC copp configuration to 100 PPS as this is
necessary to ensure that DHCP flood does not cause LACP/BGP flaps in all
scenarios

This is an extension to the change in image_config: copp: Enable rate limiting 
for bgp, lacp, dhcp, lldp, macsec and udld #14859 and sonic-mgmt change in 
[tests/copp]: Update copp mgmt tests to support new rate-limits sonic-mgmt#8199

Why I did it
300 PPS is not sufficient to prevent LACP/BGP flaps in all cases. 100 PPS seems to
provide better resiliency against DHCP traffic flood to CPU.

Microsoft ADO 25776614:

Send DHCP broadcast packets to DUT and verify that they are trapped to CPU at 100 PPS.

Signed-off-by: Prabhat Aravind <paravind@microsoft.com>
2023-11-22 15:02:17 -08:00
mssonicbld
e9b2929f49
[submodule] Update submodule sonic-host-services to the latest HEAD automatically (#17256)
#### Why I did it
src/sonic-host-services
```
* 5dcd1e5 - (HEAD -> master, origin/master, origin/HEAD) Add support to make determine/process reboot-cause services restartable (#86) (6 hours ago) [anamehra]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-22 18:36:53 +08:00
mssonicbld
c14a8c15c8
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17258)
#### Why I did it
src/sonic-swss
```
* 194566a7 - (HEAD -> master, origin/master, origin/HEAD) Fix the Orchagent Qos error messages reported in Issue #16787 (#2947) (6 hours ago) [saksarav-nokia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-11-22 18:36:47 +08:00
Konstantin Vasin
5f4132ad95 don't build debootstrap from source 2023-11-21 18:53:15 -08:00
Aravind Mani
c8fe65873f [Bookworm] Upgrade Dell platforms to Bookworm (#17003)
Why I did it
[Bookworm] Update platform-modules-dell for Bookworm #16735

How I did it
Modified platform driver to comply with bookworm kernel.
Removed MODULE_SUPPORTED_DEVICE wherever used.
Modified python build commands for building whl packages.

How to verify it
Verify whether all the platform bookworm debs are built.
make target/debs/bookworm/platform-modules-z9100_1.1_amd64.deb
Load the platform debian into the device and install it in bookworm image.
Verify the platform related CLI and the functionality
2023-11-21 18:53:15 -08:00
Vivek
b8548439b7 [mellanox] Update SAI to SAIBuild2311.25.0.36, SDK/FW to 4.6.2104/2012.2104 (#17131)
Why I did it
Update SDK/SAI and FW for Mellanox Platform

How I did it
Update SDK/FW to v4.6.2104/v2012.2104

Fixed Issues:

Some of the Warmboot related files which were created by SDK during switch create are now generated during pre shutdown flow
New Features:

Debian 12 and kernel 6.1 support
Update SAI

New Features:

Auto Fec Support
FDB entries are now restored after warmboot to prevent temporary system flooding.
Minor Enhancement and Bug Fix in integrate-mlnx-sdk

How to verify it
Build Image and run tests

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
2023-11-21 18:53:15 -08:00
Vivek
787dd7221d [Mellanox] Upgrade HW-MGMT to 7.0030.2008 and update platform-api (#17134)
Why I did it
Add platform support for Debian 12 (Bookworm) on Mellanox Platform

How I did it
Update hw-management to v7.0030.2008
Deprecate the sfp_count == module_count approach in favour of asic init completion
Ref: Mellanox/hw-mgmt@bf4f593
Add xxd package to base image which is required by hw-management scripts
Add the non-upstream flag into linux kernel cache options
Update the thermalctl logic based on new sysfs attributes
Fix the integrate-mlnx-hw-mgmt script to not populate the arm64 Kconfig
How to verify it
Build kernel and run platform tests

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
Co-authored-by: Junchao-Mellanox <junchao@nvidia.com>
Co-authored-by: Junchao-Mellanox <57339448+Junchao-Mellanox@users.noreply.github.com>
2023-11-21 18:53:15 -08:00
Vivek
bd3572ea17 [bookworm] Fix docker gid mismatch with host (#17158)
* [bookworm] Fix docker gid mismatch with host
* Use group-add arg instead of update sonic-slave user

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
2023-11-21 18:53:15 -08:00
Pavan Naregundi
a4cfe25d3d [marvell-armhf]: Enable SDK module for bookworm (#17110)
* Enable SDK modules for Bookworm
* Update SAI deb to 1.13.0-1



Signed-off-by: Pavan Naregundi <pnaregundi@marvell.com>
2023-11-21 18:53:15 -08:00
Vivek
c688020f6d [Bookworm] [Secure Boot] Fix the updated path for extract-cert binary (#17015)
extract-certs was moved from scripts/ to certs/ from kernel 5.17 340a02535e

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
2023-11-21 18:53:15 -08:00
Saikrishna Arcot
68b1971fee Add note about minimum Docker version due to clone3 syscall usage
Add a note saying if running on a recent kernel, then Docker 20.10.10 or
newer needs to be used. This is because in Bookworm, glibc will use the
`clone3` syscall, which is not properly handled by Docker's seccomp
filter in versions older than 20.10.10.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-21 18:53:15 -08:00
mssonicbld
52e304afcf [ci/build]: Upgrade SONiC package versions (#17035) 2023-11-21 18:53:15 -08:00
Saikrishna Arcot
730faa152a Fix docker-sonic-mgmt-framework for armhf
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-21 18:53:15 -08:00
Saikrishna Arcot
318f3945be Modify the sudoers file to lecture RO users once
Debian changed the defaults of the sudo package to never lecture the
user when using an unauthorized sudo command, which breaks our use case
of lecturing once. Add a line to lecture once, which is the old
defaults.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-21 18:53:15 -08:00
Saikrishna Arcot
862bd794ee Fix container down event not sending out a notification
systemd changed the log message syntax for a container going down.
Update the regex for the new format.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-21 18:53:15 -08:00
Saikrishna Arcot
3d0a0da24f Upgrade lldpd to 1.0.16
This fixes lldpcli hitting some error related to being unable to get a
lock on /var/run/lldpd.socket. This version is the version in Debian
Bookworm, even though lldpd is in the lldp container, and that is on
Bullseye. This is because there is a change that went into 1.0.12 that
uses a separate lock file for the lldpd socket instead of locking the
socket file itself. This appears to cause problems in an unprivileged
docker container for unknown reasons (privileged docker container is
fine). Bullseye is on 1.0.11, which isn't new enough to have this
change.

I can't see any specific system capability that might address this.
Rather than debugging this further, just upgrade to the Bookworm
version.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-21 18:53:15 -08:00
Saikrishna Arcot
cae42998dd Fix PAM module configuration issue
pam-auth-update doesn't store local configuration, and it's meant to be
used by packages only. Because libpam-systemd was getting uninstalled
afterwards, this caused tacplus to get re-enabled.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-21 18:53:15 -08:00
Vivek
1fccc97ee7 [Nvidia] Fix mlnx-sai build failure (#14)
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

[Nvidia] Enable iproute2 & fix mft build (#16)

* Enable iproute2 as the SDK is also built

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

* [Nvidia] Dont use mkbmdeb method of dkms to build the package

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

* Added linux image to the Depends section of mft

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

[Nvidia] [Bookworm] Separate KERNEL_MFT into a new target (#16782)

* [Nvidia] Seperate KERNEL_MFT into a new target because of kernel header dependency

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

* Update linux-kernel submodule

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

* Fix paralell build problem

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

---------

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
2023-11-21 18:53:15 -08:00
Saikrishna Arcot
73605a98ef Modify rasdaemon service on amd64 only
Rasdaemon is not installed on armhf or arm64

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-21 18:53:15 -08:00
Keshav Gupta
14b98705ed [marvell-arm64]: Enable SDK module for bookworm (#16909)
This patch enables compiling of Marvell platform
module and fixes sonic-platform-nokia compilation
issues for bookworm.
2023-11-21 18:53:15 -08:00
Saikrishna Arcot
79463e1b3a Update pyyaml in sonic-bgpcfgd and sonic-frr-mgmt-framework to 6.0
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-21 18:53:15 -08:00
jostar-yang
6ed491db74 [Edgecore][sonic-platform-modules-accton]Support kernel 6.1 and bookworm (#16982)
* [Edgecore][sonic-platform-modules-accton]Support kernel 6.1 and bookworm

* Modify pddf drv code for i2c_remove_callback function fail
2023-11-21 18:53:15 -08:00