Commit Graph

7384 Commits

Author SHA1 Message Date
Hua Liu
0537a48d1f Fix per-command authorization failed issue when a command with wildcard match more than hundred files. (#14787)
Fix per-command authorization failed issue when a command with wildcard match more than hundred files.


#### Why I did it
When user enable TACACS per-command authorization, and run a command with wildcard , if the command match more than hundreds of files, the per-command authorization will failed with following message:
  *** authorize failed by TACACS+ with given arguments, not executing

The root cause of this issue is because bash will match files with wildcard and replace with wildcard args with matched files. when there are too many files, TACACS plugin will generate a big authorization request, which will be reject by server side. 

##### Work item tracking
- Microsoft ADO **(number only)**: 18074861

#### How I did it
Fix bash patch file, use original user inputs as authorization parameters.

#### How to verify it
Pass all UT.
Create new UT to validate the TACACS authorization request are using original command arguments.
UT PR: https://github.com/sonic-net/sonic-mgmt/pull/8115

#### Which release branch to backport (provide reason below if selected)

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [X] 202205
- [X] 202211

#### Tested branch (Please provide the tested image version)

- [x] 202205.258490-412b83d0f
- [x] 202211.71966120-1b971c54b5


#### Description for the changelog
Fix per-command authorization failed issue when a command with wildcard match more than hundred files.
2023-05-16 16:27:05 +08:00
Cédric Ollivier
4507026435 [build]: Force xz as compression type when building sonic-build-hooks debs (#12823)
Ubuntu 22.04 leverages Zstandard compression to dpkg by default.
Debian doesn't support it yet
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892664

Fix #12822

Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
2023-05-16 16:27:00 +08:00
xumia
f6d8d908ab [Ci] Support marvell/marvell-arm64 build (#14875)
Why I did it
Support marvell/marvell-arm64 build

Work item tracking
Microsoft ADO (number only): 19995559
How I did it
2023-05-16 16:26:56 +08:00
mssonicbld
4ee8224488
[Build] update python package docker in host image to 6.1.1 (#14993) (#15050)
Fix #14974
Refs: https://github.com/docker/docker-py/pull/3116

Co-authored-by: Konstantin Vasin <126960927+k-v1@users.noreply.github.com>
2023-05-15 10:02:02 -07:00
Ying Xie
1496d1d28c
yang model table DEVICE_NEIGHBOR_METADATA creation (#11894) (#15026)
* yang mode support for neighbor metadata

* add description in leaf node

* modify description

Co-authored-by: jcaiMR <111116206+jcaiMR@users.noreply.github.com>
2023-05-12 09:54:21 -07:00
Dror Prital
e9a2e1b6a5
Add ability to navigate to specific path inside registry server (#14946)
Why I did it
Backport PR #14907 to 202205 branch

In order to reduce sonic build time, there is an option to acquire sonic slave docker(s) from artifact server (reduce sonic make configure time).
Current implementation supports only convention of:

<REGISTRY_SERVER>:<REGISTRY_PORT>/<SLAVE_BASE_IMAGE>:<SLAVE_BASE_TAG>

In case the SLAVE_BASE_IMAGE appear in internal path inside the server, the convention should be like that:

<REGISTRY_SERVER>:<REGISTRY_PORT><REGISTRY_SERVER_PATH>/<SLAVE_BASE_IMAGE>:<SLAVE_BASE_TAG>

When REGISTRY_SERVER_PATH (that is set on rules/config) will have to start with "/".

If REGISTRY_SERVER_PATH will not be set, the behavior will remain the same it works today.

Work item tracking
Microsoft ADO (number only):
How I did it
Add ability to set REGISTRY_SERVER_PATH and update the code for docker image tag and docker image pull accordingly

How to verify it
Use sonic slave docker image from artifact server in which the image is kept in internal folder and make sure it consume it.
2023-05-10 10:56:12 -07:00
vdahiya12
3ef3593132
[minigraph] add support for changing T1 ports speed from 400G to 100G and vice-versa (#14505) (#14977)
* [minigraph] add support for changing T1 ports speed from 400G to 100G and vice-versa (#14505)

 Open
[minigraph] add support for changing T1 ports speed from 400G to 100G and vice-versa
vdahiya12 wants to merge 9 commits into sonic-net:master from vdahiya12:dev/vdahiya/minigraph_parser
Conversation 10
Commits 9
Checks 18
Files changed 5
Conversation
vdahiya12
@vdahiya12 vdahiya12 commented 2 weeks ago •
On SONiC T1 cisco 8101 HwSku, the speed changes are done from 400G to 100G needs to be supported on 400G ports.
To enable this, along with speed change the port lanes need to be changed. This PR has the changes to update the port lanes when such speed change happens.
Basically if Banwidth in minigraph.xml intends to enable a 100G speed on a 400G port, then the appropriate lane change and speed change needs to be invoked in mingraph parser
Example if port_config.ini dicatates the speed to be 400G and minigraph has 100G speed, then this changeneeds to be accommodated

Ethernet96     1536,1537,1538,1539,1540,1541,1542,1543    etp12    12       400000     0
 <DeviceLinkBase>
        <ElementType>DeviceInterfaceLink</ElementType>
        <EndDevice>ARISTA01T2</EndDevice>
        <EndPort>Ethernet1</EndPort>
        <StartDevice>Device-8101-01</StartDevice>
        <StartPort>etp12</StartPort>
        <Bandwidth>100000</Bandwidth>
      </DeviceLinkBase>
These platforms today have 400g port with 8 serdes lines, and 100g will operate with 4 serdes lane. When the port speed changes from 400G to 100G the first 4 lanes will be used for 100G port.

Signed-off-by: vaibhav-dahiya <vdahiya@microsoft.com>

* add all

Signed-off-by: vaibhav-dahiya <vdahiya@microsoft.com>

* fix unit

Signed-off-by: vaibhav-dahiya <vdahiya@microsoft.com>

---------

Signed-off-by: vaibhav-dahiya <vdahiya@microsoft.com>
2023-05-09 15:07:21 -07:00
Justin Sherman
b8d44e6fb8
[build] SONIC_ONLINE_DEBS no longer overwrites local build outputs (#14822)
Manual double commit of #14698
2023-05-08 08:33:58 -07:00
Ye Jianquan
83ee249e9f
Refine test job definition and assert logic (#14960)
Why I did it
Remove 'kvmtest-t0' and 'kvmtest-t1-lag' test jobs since all the test jobs are required (continueOnError: false) already, and will only enable one of classical and testbedV2 tests, no need to do an unnecessary 'or' compute test job.
Change agent pool to reduce cost and avoid congestion
Work item tracking
Microsoft ADO (number only): 21199881
2023-05-08 08:33:04 -07:00
mssonicbld
7ff5fdfcff
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#14968)
src/sonic-utilities

* f6359bcc - (HEAD -> 202205, origin/202205) [acl-loader] Only add default deny rule when table is L3 or L3V6 (#2796) (#2826) (3 days ago) [Zhijian Li]
2023-05-08 08:32:04 -07:00
mssonicbld
9397d06dc8
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#14945)
src/sonic-platform-common

* c97af3c - (HEAD -> 202205, origin/202205) Modify sfputil show fwversion to include build version for active/inactive FW version fields (#367) (2 days ago) [mihirpat1]
* 7705a20 - Adding electrical for 800G and 100G (#365) (2 days ago) [mihirpat1]
* d0038fc - SFF-8472: Fix tx_disable_channel to avoid write to read-only bit (#364) (2 days ago) [mihirpat1]
* 518a471 - fix get module hardware minor revision (#361) (2 days ago) [Qingxiao Ren]
2023-05-06 12:54:51 -07:00
mssonicbld
9e6a6d84d2
[submodule] Update submodule linkmgrd to the latest HEAD automatically (#14939)
src/linkmgrd

* 700939c - (HEAD -> 202205, origin/202205) [codeql] remove hard coded line numbers in sed commands (#203) (27 hours ago) [Jing Zhang]
* 71a2a3c - [active-standby][bsl] fix no mux probe issue (#201) (27 hours ago) [Jing Zhang]
* 32720cf - Support linking to swss logger (#182) (27 hours ago) [Longxiang Lyu]
2023-05-05 12:56:16 -07:00
mssonicbld
9bfce31ccb
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#14943)
src/sonic-utilities

* b49d78c4 - (HEAD -> 202205, origin/202205) Change default CDB run mode to non-hitless (#2817) (2 hours ago) [mihirpat1]
* 2e9c99e8 - [show][muxcable] fix `show mux hwmode muxdirection` RC (#2812) (2 hours ago) [Jing Zhang]
* 6b5bf990 - [config]config reload should generate sysinfo if missing (#2778) (2 hours ago) [jingwenxie]
* a8455fd3 - Fix bug in GCU vlanintf_validator (#2765) (2 hours ago) [jingwenxie]
* 79c99718 - [GCU] Add vlanintf-validator (#2697) (2 hours ago) [jingwenxie]
2023-05-05 07:48:56 -07:00
mssonicbld
b1f73ff05a
[submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (#14940)
src/sonic-platform-daemons

* f913e9c - (HEAD -> 202205, origin/202205) [CMIS] Add power up duration for power up timeout (#345) (2 hours ago) [ChiouRung Haung]
2023-05-04 23:45:29 -07:00
mssonicbld
441b5ad3fc
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#14942)
src/sonic-swss

* f977724 - (HEAD -> 202205, origin/202205) [bugfix] vnet ping missing with secondary endpoints empty in priority routes. (#2736) (2 hours ago) [siqbal1986]
* a723a99 - Fix orchagent missing request when logrotate happens. (#2712) (2 hours ago) [mint570]
* 24db6da - Handle duplicate routes in a graceful manner (#2688) (2 hours ago) [prabhataravind]
2023-05-05 06:35:52 +00:00
mssonicbld
055c4d37e3
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#14796)
src/sonic-swss

* 113cadd - (HEAD -> 202205, origin/202205) [portsorch]: Set default hostif TX queue (#2697) (11 days ago) [prabhataravind]
2023-05-03 19:07:07 -07:00
mssonicbld
1c3cab115a
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#14835)
src/sonic-sairedis

* 7f6abdd - (HEAD -> 202205, origin/202205) Revert "Ignore removing switch for mellanox platform due to known limitation (#1216)" (#1231) (8 days ago) [Junchao-Mellanox]
2023-05-04 02:06:26 +00:00
mssonicbld
a06a9dcaac
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#14848)
src/sonic-utilities

* 6c400c48 - (HEAD -> 202205, origin/202205) [GCU] protect loopback0 from deletion (#2638) (#2813) (35 hours ago) [jingwenxie]
* 506dd7a2 - [GCU] Add PFC_WD RDMA validator (#2810) (6 days ago) [isabelmsft]
* 47f84994 - [202205][DBMigrator] Update db_migrator to support EdgeZoneAggregator Buffer Config for T0s (#2769) (7 days a
2023-05-04 01:20:14 +00:00
Liu Shilong
0e70aba6ce
[build] Fix reproducible build version issue when failed to download web file (#14587) (#14780)
Why I did it
refine reproducible build.

How I did it
Fix reset map variable in bash.
Ignore empty web file md5sum value.
If web file didn't backup in azure storage, use file on web.
How to verify i
2023-05-03 17:16:07 -07:00
Tejaswini Chadaga
a3a041a3cd
Revert "Add load_minigraph option to include traffic-shift-away during config migration (#11403)" (#14881)
This reverts commit 0c7f0aa9b7.
2023-05-03 17:10:15 -07:00
Samuel Angebault
2e26d965b9
[202205][Arista] Update platform library submodules (#14829)
Fix watchdog reboot cause for wolverine linecard
Fix PSU fan speed of 0% by adding max RPM to most psu descriptions
Add product DCS-7060DX5-64
Add product DCS-7060DX5-32
2023-05-03 17:08:55 -07:00
abdosi
9ca6b9cb6c
Added changes for chassis: (#14816)
What/Why I did:

Allow traffic with source and destination as chassis eth1-midplane ip. Needed for Supervisor Redis-db connection (Redis packet has source and destination ip as eth1-midpane) after we load acl.json that has catch-all drop rule. Changes are generic and not specific to supervisor and applies on LC also.

Made multi_asic_ns_to_host_fwd as False for ACL service for External Client. This flag is needed for service SSH and SNMP where traffic can come in namespace over front-panel ports and we need to send the traffic in host where corresponding docker/service are running. There is no use-case of External client service for multi-asic as of now. Having flag as True creates failure when we try to load acl.json.
2023-05-02 10:55:17 -07:00
mssonicbld
0ed0df6ddb
[ci/build]: Upgrade SONiC package versions (#14913) 2023-05-02 20:20:59 +08:00
Ying Xie
9ac9908321
Revert "Clear DNS configuration received from DHCP during networking reconfiguration in Linux. (#13516) (#13695)" (#14900)
This reverts commit d1fa414f1b.
2023-05-01 16:48:56 -07:00
mssonicbld
5d9658f503
[ci/build]: Upgrade SONiC package versions (#14839) 2023-04-29 20:49:34 +08:00
James An
f2a687b337
Update cisco-8000.ini (#14833)
Why I did it
Release Notes for Cisco 8101-32FH-O:
· Enable CMIS
· Enable Subport for Static Breakout

How I did it
Update platform version to 202205.2.2.2 (equivalent to 202205-v0.16)
2023-04-25 15:59:25 -07:00
mssonicbld
36b6d5824c
[ci/build]: Upgrade SONiC package versions (#14812) 2023-04-23 20:52:29 +08:00
mssonicbld
412b83d0f1
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#14752)
src/sonic-utilities

* ece22b7d - (HEAD -> 202205, origin/202205) Revert "[GCU] Add PFC_WD RDMA validator  (#2781)" (4 minutes ago) [Ying Xie]
* 7d16b184 - Remove the no use new line in show version (#2792) (21 hours ago) [xumia]
* 3a880a2b - Support to display the SONiC OS Version in the command show version (#2787) (21 hours ago) [xumia]
* a5199f75 - [voq][chassis][generate_dump] [BCM] Dump only the relevant BCM commands for fabric cards (#2606) (21 hours ago) [saksarav-nokia]
* 2410d364 - Fixed a bug in "show vnet routes all" causing screen overrun. (#2644) (#2801) (
2023-04-20 13:20:31 -07:00
mssonicbld
54470b6e0f
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#14748)
src/sonic-platform-common

* 4080df6 - (HEAD -> 202205, origin/202205) Update host electrical interface for 2x400G breakout cable (#363) (21 hours ago) [mihirpat1]
* edcde3a - [CMIS] Add API to get module power up duration (#354) (21 hours ago) [ChiouRung Haung]
2023-04-20 13:20:08 -07:00
mssonicbld
ec6524e28c
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#14751)
src/sonic-swss-common

* 9569f3a - (HEAD -> 202205, origin/202205) [Azp]: Add a new job for bullseye (#675) (11 hours ago) [Ze Gan]
2023-04-20 08:01:37 -07:00
mssonicbld
70caf151b9
[submodule] Update submodule sonic-py-swsssdk to the latest HEAD automatically (#14749)
src/sonic-py-swsssdk

* a79fa67 - (HEAD -> 202205, origin/202205) [Security] Fix the redis security issue CVE-2023-28858 and  CVE-2023-28859 (#136) (11 hours ago) [xumia]
2023-04-20 07:34:05 -07:00
mssonicbld
ec687d1c8c
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#14750)
src/sonic-swss

* 96407be - (HEAD -> 202205, origin/202205) sonic-swss: Sync and program remote lag member status. (#2730) (11 hours ago) [Sambath Kumar Balasubramanian]
* 6051d33 - Fix race condition in sub-interface handling (#2723) (11 hours ago) [Stephen Sun]
* 7b95ec5 - [muxorch] handling multiple mux nexthops for route (#2656) (11 hours ago) [Nikola Dancejic]
2023-04-20 07:33:20 -07:00
mssonicbld
443561b8ca
[submodule] Update submodule linkmgrd to the latest HEAD automatically (#14746)
src/linkmgrd

* aa1d55f - (HEAD -> 202205, origin/202205) [202205] cherry-pick `azure-pipeline.yml` updates (#200) (8 hours ago) [Jing Zhang]
* 2efc130 - Enable debug symbols (#199) (9 hours ago) [Longxiang Lyu]
2023-04-20 07:31:31 -07:00
mssonicbld
4cdcda43b8
[devices/arista] Update asic_port_name in Arista LCs (#14234) (#14732)
Updated asic_port_names for all Arista LC SKUs to follow latest naming
conventions to remove redundant ASICx suffix. For
Arista-7800R3-48CQ2-C48, added the asic_port_name mapping.

Co-authored-by: kenneth-arista <93353051+kenneth-arista@users.noreply.github.com>
2023-04-19 23:08:03 -07:00
mssonicbld
a0da21f35e
Update golang version for telemetry build in sonic-slave-buster to fix (#14636) (#14735) 2023-04-20 08:45:13 +08:00
mssonicbld
d2f5317c02
[yang]: Modify yang model to handle subport in PORT table (#14519) (#14727) 2023-04-20 06:43:37 +08:00
mssonicbld
4b7bd90e47
Fix backend port channels and routes being displayed (#14479) (#14734) 2023-04-20 06:07:16 +08:00
mssonicbld
4a6322d0dd
[Ci] Fix the wrong SONIC_BUILD_JOBS build variable used issue in Azp (#14071) (#14729)
Why I did it
[Ci] Fix the no parallel jobs in some of the platforms issue
We observed some of the pipelines running more time than expected. The issue is the SONIC_BUILD_JOBS using the wrong value 1. It is caused by the runtime variable issue, there is additional single quota mark character added in the make command line.

make 'SONIC_BUILD_JOBS=$(nproc)' targe/xxxx
Need to change to

make SONIC_BUILD_JOBS=$(nproc) targe/xxxx
It is to improve the build performance for some of the platforms using the variable SONIC_BUILD_JOBS=1.
Good one vs: https://dev.azure.com/mssonic/build/_build/results?buildId=227986&view=logs&j=cef3d8a9-152e-5193-620b-567dc18af272&t=cf595088-5c84-5cf1-9d7e-03331f31d795

"SONIC_BUILD_JOBS"                : "8"
Bad one barefoot: https://dev.azure.com/mssonic/build/_build/results?buildId=227379&view=logs&j=993d6e22-aeec-5c03-fa19-35ecba587dd9&t=7be0d2ec-661f-5569-462c-2d9b7ca4ca5d

"SONIC_BUILD_JOBS"                : "1"
How I did it
Expand the BUILD_OPTIONS variable for all platforms.

Co-authored-by: xumia <59720581+xumia@users.noreply.github.com>
2023-04-19 15:06:21 -07:00
mssonicbld
b41fe29a84
[Build] Support to use the snapshot mirror for debian base image (#14474) (#14728)
Why I did it
[Build] Support to use the snapshot mirror for debian base image

How I did it
If the MIRROR_SNAPSHOT=n, then use the default mirror http://deb.debian.org/debian
If the MIRROR_SNAPSHOT=y, then use the snapshot mirror, for instance http://packages.trafficmanager.net/snapshot/debian/20230330T000330Z/.

How to verify it
+ scripts/build_debian_base_system.sh amd64 bullseye ./fsroot-vs
I: Target architecture can be executed
I: Retrieving InRelease 
I: Checking Release signature
I: Valid Release signature (key id A4285295FC7B1A81600062A9605C66F00D6C9793)
I: Retrieving Packages 
I: Validating Packages 
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Checking component main on http://packages.trafficmanager.net/snapshot/debian/20230331T000125Z...
I: Retrieving libacl1 2.2.53-10

Co-authored-by: xumia <59720581+xumia@users.noreply.github.com>
2023-04-19 15:05:31 -07:00
mssonicbld
01311046ca
[devices/arista]: Added recycle ports required for egress mirroring (#13967) (#14731) 2023-04-20 05:56:32 +08:00
mssonicbld
7cc8c76f0f
Increase wait_for_tunnel() timeout to 90s (#14279) (#14733) 2023-04-20 05:47:12 +08:00
mssonicbld
96affcc0df
Add monit_snmp file to monitor memory usage (#14464) (#14730) 2023-04-20 05:21:17 +08:00
jcaiMR
2cad50372a
[cherry-pick] 202205 advance dhcprelay to 67a3bdf (#14507)
* advance dhcprelay to 67a3bdf

* checkout dhcprelay version to 67a3bdf
2023-04-19 13:17:15 -07:00
mssonicbld
735e35f179
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#14713)
src/sonic-utilities

* fdea806d - (HEAD -> 202205, origin/202205) [route_check] fix IPv6 address handling (#2799) (9 hours ago) [Stepan Blyshc
2023-04-19 11:10:54 -07:00
jcaiMR
f409b3dc16 change static rt expiry timer max value (#14397)
Why I did it
Change static route expiry timer max timeout value from 1800 to 172800.
To keep same value range as defined in sonic-restapi/sonic_api.yaml

How I did it
How to verify it
apply change to bgpcfd, restart bgp container see if the value take action.
2023-04-19 18:05:17 +00:00
Lior Avramov
59aac9a83e Add teamd patches to solve traffic loss issue when removing port from LAG (#14002)
#### Why I did it
When removing port from LAG while traffic is running thorough LAG there is traffic disruption of 60 seconds.
Fix issue https://github.com/sonic-net/sonic-buildimage/issues/14381

#### How I did it
The patch I added introduces "port_removing" op and call it right before Kernel is asked to remove the port. 
Implement the op in LACP runner to disable the port which leads to proper LACPDU send.

#### How to verify it
Set LAG between 2 switches.
Set LAGs to be router port and set ip address.
In switch A send ping to ip address of LAG in switch B.
In switch B, while ping is running remove port from LAG.
Verify ping is not stopping.
2023-04-19 18:33:28 +08:00
Gokulnath-Raja
60f9602095
[sflow] Exception handling for if_nametoindex (#11437) (#14456)
catch system error and log as warning level instead of
     error level in case interface was already deleted

Signed-off-by: Gokulnath-Raja <Gokulnath_R@dell.com>
2023-04-18 11:57:44 -07:00
mssonicbld
2b3b85bac8
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#14694)
src/sonic-platform-common

* 24009de - (HEAD -> 202205, origin/202205) Fix issue: should always check return value of a function if the function may return None (#350) (#356) (3 hours ago) [Junchao-Mellanox]
2023-04-18 08:21:16 -07:00
mssonicbld
20bb5daa6a [ci/build]: Upgrade SONiC package versions 2023-04-18 22:39:02 +08:00
mssonicbld
94ba969676
[write standby] force DB connections to use unix socket to connect (#14524) (#14553) 2023-04-18 17:11:59 +08:00