Commit Graph

8598 Commits

Author SHA1 Message Date
Liu Shilong
fb2c3cdf14
[ci] Use correct branch when downloading SONiC vs image in elastic test. (#17873)
Why I did it
Use dynamic variable for branch reference.

Work item tracking
Microsoft ADO (number only): 26563706
How I did it
How to verify it
2024-01-25 19:00:04 +08:00
mssonicbld
001668e34a
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17889)
#### Why I did it
src/sonic-swss
```
* 41330abf - (HEAD -> master, origin/master, origin/HEAD) [Build] Support to collect the test coverage in cobertura format (#3019) (33 hours ago) [xumia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-25 16:34:58 +08:00
mssonicbld
1a838dda2f
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#17896)
#### Why I did it
src/sonic-gnmi
```
* 2c862b8 - (HEAD -> master, origin/master, origin/HEAD) Merge pull request #184 from abdosi/master (9 hours ago) [Rita Hui]
* 1d7f24c - Fix (4 days ago) [Abhishek Dosi]
* eda628c - Fix (4 days ago) [Abhishek Dosi]
* e37da40 - Fix Compile Error (4 days ago) [Abhishek Dosi]
* 22d0d0f - Update db_client.go (5 days ago) [abdosi]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-25 16:34:54 +08:00
mssonicbld
1fb9732f41 [ci/build]: Upgrade SONiC package versions 2024-01-25 14:35:40 +08:00
Xichen96
caefe1d17b
[Dhcp_server] add config dhcp_server bind/unbind (#17811)
* add dhcp_server bind/unbind
2024-01-24 19:38:29 -08:00
abdosi
24f8f8b966
[chassis] update service_checker module to handle database-chassis service (#17836)
* Update service_checker.py

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2024-01-24 10:36:01 -08:00
Oleksandr Ivantsiv
c693e75f0f
[dns] Do not apply dynamic DNS configuration when MGMT interface has static IP address. (#17769)
### Why I did it
Fix the issue detected by[ TestStaticMgmtPortIP::test_dynamic_dns_not_working_when_static_ip_configured ](https://github.com/sonic-net/sonic-mgmt/blob/master/tests/dns/static_dns/test_static_dns.py#L105C9-L105C63) test.

### How I did it
Query MGMT interface configuration. Do not apply dynamic DNS configuration when MGMT interface has static IP address.

#### How to verify it
Run `tests/dns/static_dns/test_static_dns.py` sonic-mgmt tests.
2024-01-23 16:29:55 -08:00
Mai Bui
ff7c993060
[docker-p4rt limit privileged flag for p4rt container (#17796)
### Why I did it
HLD implementation: Container Hardening (https://github.com/sonic-net/SONiC/pull/1364)
##### Work item tracking
- Microsoft ADO **(number only)**: 14807420
#### How I did it
Reduce linux capabilities in privileged flag

#### How to verify it
Check container's settings: Privileged is false and container only has default Linux caps, does not have extended caps.
```
admin@vlab-01:~$ docker inspect p4rt | grep Privi
            "Privileged": false,


admin@vlab-01:~$ docker exec -it p4rt bash
root@vlab-01:/# capsh --print
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
```
2024-01-23 11:02:54 -08:00
Liu Shilong
2d96186091
[ci] Update reproducible build pipeline, disable barefoot build. (#17857)
Fix reproducible build Upgrade version pipeline.

Remove barefoot build. Because it failed on sai package.
add marvell-arm64/pensando build.

Microsoft ADO (number only): 26515265
2024-01-23 09:01:14 -08:00
Yaqiang Zhu
2c08e90203
[dhcp_server] Update dhcp_server container to bookworm (#17647) 2024-01-23 08:33:00 -08:00
Hua Liu
b1750b7cee
Improve SSHD config to use more secure settings (#17798)
Improve SSHD config to use more secure settings

Why I did it
According to Sonic OS review result, SSHD config file /etc/ssh/sshd_config using insecure settings.

Work item tracking
Microsoft ADO: 15022083
How I did it
Change build_debian.sh script to set following settings to /etc/ssh/sshd_config:
ClientAliveInterval is set to 300
MaxAuthTries is set to default of 3
Banner set to /etc/issue

How to verify it
Pass all E2E test case.
2024-01-23 13:49:47 +08:00
Hua Liu
a2e57d849b
[TACACS] Ignore TACACS accounting trace log when debug disabled. (#16482)
Ignore TACACS accounting trace log when debug disabled.

#### Why I did it
TACACS accounting trace log is only for debug, improve code to not generate trace log when debug disabled.

##### Work item tracking
- Microsoft ADO: 25270078

#### How I did it
Ignore TACACS accounting trace log when debug disabled.

#### How to verify it
Pass all UT.
Manually verified the auditd-tacplus not generate trace log when debug disabled. 

### Description for the changelog
Ignore TACACS accounting trace log when debug disabled.
2024-01-22 20:13:48 -08:00
Yaqiang Zhu
27edaf7857
[dhcp_server] Remove dependency in port-name-alias-map.txt.j2 (#17858)
* [dhcp_server] Remove dependency in port-name-alias-map.txt.j2
2024-01-22 15:21:16 -08:00
Yaqiang Zhu
ec31420329
[dhcp_server] Fix parse_dpus error (#17870) 2024-01-22 15:20:20 -08:00
dbarashinvd
927dde73f1
fix low polarity wrong value for hw_reset deassert and seek(0) before reading sysfs upon poll event (#17627)
* fix hw_reset low polarity (reverse values)

* move seek to beginning of sysfs fd before reading to resolve power_good
sysfs returns empty upon plug out cable
2024-01-22 10:53:55 -08:00
Hua Liu
c274be2e59
Fix IPV6 forced-mgmt-route not work issue (#17299)
ix IPV6 forced-mgmt-route not work issue

Why I did it
IPV6 forced-mgmt-route not work

When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table.

Also this PR depends on #17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. 

Microsoft ADO (number only):24719238
2024-01-22 09:59:12 -08:00
Junchao-Mellanox
91d77fe7ae
Fix error log while creating PSU thermal object (#17789)
- Why I did it
If a PSU is not present, there could be error log while restarting psud or thermalctld:

Jan  8 17:15:52.689616 sonic ERR pmon#psud: Thermal sysfs /run/hw-management/thermal/psu2_temp1_max does not exist

Jan  8 17:15:57.747723 sonic ERR pmon#thermalctld: Thermal sysfs /run/hw-management/thermal/psu2_temp1 does not exist

- How I did it
if a PSU is not present, we should not check the PSU temperature sysfs.
2024-01-22 16:22:07 +02:00
mssonicbld
da0f4ace7a
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#17864)
#### Why I did it
src/sonic-swss-common
```
* ad4d386 - (HEAD -> master, origin/master, origin/HEAD) Add support of 'with' statement to ConfigDBConnector (#838) (19 hours ago) [Hua Liu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-20 16:32:41 +08:00
Nazarii Hnydyn
ac09abd72a
[sonic-cfggen]: Optimize template rendering and database access. (#17740)
#### Why I did it
* Improved switch init time

### How I did it
* Replaced: `sonic-cfggen` -> `sonic-db-cli`
* Aggregated template list for `sonic-cfggen`

#### How to verify it
1. Run `warm-reboot`
2024-01-19 21:52:30 -08:00
Saikrishna Arcot
96ae68fedf
Fix docker-base-bookworm build (#17795)
* Add missing pip.conf for docker-base-bookworm

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2024-01-19 17:25:31 -08:00
Mai Bui
3da08d340c
[docker-iccpd] limit privileged flag for iccpd container (#17835)
### Why I did it
HLD implementation: Container Hardening (https://github.com/sonic-net/SONiC/pull/1364)
##### Work item tracking
- Microsoft ADO **(number only)**: 14807420
#### How I did it
Reduce linux capabilities in privileged flag

#### How to verify it
Check container's settings: Privileged is false and container only has default Linux caps, does not have extended caps.
```
admin@vlab-01:~$ docker inspect iccpd | grep Privi
            "Privileged": false,


admin@vlab-01:~$ docker exec -it iccpd bash
root@vlab-01:/# capsh --print
Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
```
2024-01-19 10:49:44 -08:00
Zhijian Li
6a8aea8d50
[docker-sonic-mgmt] Upgrade scapy to 2.5.0 (#17738) 2024-01-19 09:11:52 -08:00
mssonicbld
fcceb3fceb
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#17854)
#### Why I did it
src/sonic-swss
```
* 09ffb25d - (HEAD -> master, origin/master, origin/HEAD) [RouteOrch] Publish route state for route to Loopback interface (#3013) (58 minutes ago) [Stepan Blyshchak]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-19 18:35:57 +08:00
mssonicbld
fd08edf82f
[submodule] Update submodule sonic-dash-api to the latest HEAD automatically (#17847)
#### Why I did it
src/sonic-dash-api
```
* 8f481de - (HEAD -> master, origin/master, origin/HEAD) [misc]: Add utils CLI (#12) (24 hours ago) [Ze Gan]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-19 16:35:07 +08:00
mssonicbld
c014eec627
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#17848)
#### Why I did it
src/sonic-gnmi
```
* 07a64ab - (HEAD -> master, origin/master, origin/HEAD) Azp: install sonic yangs during pipline build (8 hours ago) [Sachin Holla]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-19 16:35:03 +08:00
mssonicbld
4b57845f86
[submodule] Update submodule sonic-host-services to the latest HEAD automatically (#17850)
#### Why I did it
src/sonic-host-services
```
* 970e7b3 - (HEAD -> master, origin/master, origin/HEAD) Fix sonic host service (#101) (5 hours ago) [ganglv]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-19 16:34:59 +08:00
mssonicbld
9516c67be0
[submodule] Update submodule sonic-mgmt-framework to the latest HEAD automatically (#17852)
#### Why I did it
src/sonic-mgmt-framework
```
* 796eb59 - (HEAD -> master, origin/master, origin/HEAD) OpenAPI 3.0 upgrade, swagger tool chain update (8 hours ago) [Mohammed Faraaz]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-19 16:34:51 +08:00
Longxiang Lyu
9a9ab183c8
[dualtor] Disable zebra link-detect for vlan interfaces (#17784)
* [dualtor] Disable zebra link-detect for vlan interfaces

Signed-off-by: Longxiang Lyu <lolv@microsoft.com>
2024-01-18 08:36:06 -08:00
Nazarii Hnydyn
e173987a56
[swss/syncd]: Remove dependency on interfaces-config.service (#17739)
Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
Co-authored-by: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com>
2024-01-18 08:04:00 -08:00
mssonicbld
ed7a5d15d4
[submodule] Update submodule sonic-mgmt-common to the latest HEAD automatically (#17801)
#### Why I did it
src/sonic-mgmt-common
```
* 1e84a49 - (HEAD -> master, origin/master, origin/HEAD) Remove Duplicates in topsort results (25 hours ago) [Mohammed Faraaz]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-18 16:34:10 +08:00
mssonicbld
fc2c319c3d
[submodule] Update submodule linkmgrd to the latest HEAD automatically (#17820)
#### Why I did it
src/linkmgrd
```
* 74c33ea - (HEAD -> master, origin/master, origin/HEAD) [active-standby] Probe the link in suspend timeout (#235) (12 hours ago) [Longxiang Lyu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-18 16:34:04 +08:00
mssonicbld
ee72c068b2
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#17822)
#### Why I did it
src/sonic-platform-common
```
* 65e3cc3 - (HEAD -> master, origin/master, origin/HEAD) Fix memory map parsing issue (#427) (18 minutes ago) [Stephen Sun]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-18 16:33:56 +08:00
mssonicbld
080bbd5492
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17823)
#### Why I did it
src/sonic-sairedis
```
* b26ce7a - (HEAD -> master, origin/master, origin/HEAD) Skip FABRIC PORT Attributes from sairedis logging (#1339) (2 hours ago) [saksarav-nokia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-18 16:33:52 +08:00
Oleksandr Ivantsiv
c94a233f67
[smartswitch] Align the smart switch config generator with the YANG model. (#17636)
- Why I did it
Align the smart switch config generator with the YANG model.

- How I did it
Change MID_PLANE_BRIDGE table field name in the generated config from address to ip_prefix.

- How to verify it
Run UT. The tests are aligned with the changes.

Signed-off-by: Oleksandr Ivantsiv <oivantsiv@nvidia.com>
2024-01-18 10:00:05 +02:00
mssonicbld
07a43b96b7
[submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (#17824)
#### Why I did it
src/sonic-snmpagent
```
* 4a6de8b - (HEAD -> master, origin/master, origin/HEAD) Set the execute bit on sysDescr_pass.py (#306) (6 hours ago) [Andre Kostur]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-18 14:35:59 +08:00
Saikrishna Arcot
d9517c77f1
dhcrelay: Don't look up the ifindex for the fallback interface (#17797)
Currently, whenever isc-dhcp-relay forwards a packet upstream,
internally, it will try to send it on a "fallback" interface. My
understanding is that this isn't meant to be a real interface, but
instead is basically saying to use Linux's regular routing stack to
route the packet appropriately (rather than having isc-dhcp-relay
specify specifically which interface to use).

The problem is that on systems with a weak CPU, a large number of
interfaces, and many upstream servers specified, this can introduce a
noticeable delay in packets getting sent. The delay comes from trying to
get the ifindex of the fallback interface. In one test case, it got to
the point that only 2 packets could be processed per second. Because of
this, dhcrelay will easily get backlogged and likely get to a point
where packets get dropped in the kernel.

Fix this by adding a check saying if we're using the fallback interface,
then don't try to get the ifindex of this interface. We're never going
to have an interface named this in SONiC.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2024-01-18 10:50:22 +08:00
mssonicbld
774cd910a0
[submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (#17802)
#### Why I did it
src/sonic-platform-daemons
```
* d8977f3 - (HEAD -> master, origin/master, origin/HEAD) Unable to retrieve media settings with just Vendor name (#419) (8 hours ago) [mihirpat1]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-17 18:36:07 +08:00
mssonicbld
c8707dc78e
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#17800)
#### Why I did it
src/sonic-gnmi
```
* c44d154 - (HEAD -> master, origin/master, origin/HEAD) Account for GLOBAL key in PFC_WD (#178) (6 hours ago) [Zain Budhwani]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-17 16:34:55 +08:00
mssonicbld
0fb13590c0
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#17803)
#### Why I did it
src/sonic-swss-common
```
* 2711f6f - (HEAD -> master, origin/master, origin/HEAD) Use selectable event to terminate logger thread (#848) (15 hours ago) [Junchao-Mellanox]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-17 16:34:49 +08:00
Xichen96
a100f15ba2
[dhcp_server] add config dhcp server range (#17741)
* add range related function and ut
2024-01-16 19:24:57 -08:00
Saikrishna Arcot
00fa56760f
Fix building the SONiC slave container for QEMU-based build (#17571)
Why I did it
The existing source of multiarch/debian-debootstrap doesn't appear to have Bookworm-based images available. Because of this, slave containers for cross-compilation of SONiC (with QEMU) cannot be built.

Work item tracking
Microsoft ADO (number only): 26214341
How I did it
Since those images don't do anything to the Debian container besides add QEMU to it (which we overwrite anyways with the latest version of QEMU available from multiarch/qemu-user-static, just take the platform-specific version of the official Debian image and add QEMU to it.

How to verify it
2024-01-17 10:27:06 +08:00
vdahiya12
9f18587234
[Arista] Update config.bcm of 7060_cx32s for handling 40g optics with unreliable los settings (#17768)
For 40G optics there is SAI handling of T0 facing ports to be set with SR4 type and unreliable los set for a fixed set of ports. For this property to be invoked the requirement is set
phy_unlos_msft=1 in config.bcm.
This change is to meet the requirement and once this property is set, the los/interface type settings is applied by SAI on the required ports.

Why I did it
For Arista-7060CX-32S-Q32 T1, 40G ports RX_ERR minimalization during connected device reboot
can be achieved by turning on Unreliable LOS and SR4 media_type for all ports which are connected to T0.

The property phy_unlos_msft=1 is to exclusively enable this property.

Microsoft ADO: 25941176

How I did it
Changes in SAI and turning on property

How to verify it
Ran the changes on a testbed and verified configurations are as intended.

with property

admin@sonic2:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS"
Brdfe_on                    = 0
Media Type                  = 2
Unreliable LOS              = 1
Scrambling Disable          = 0
Lane Config from PCS        = 0

without property

admin@sonic:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS"
Brdfe_on                    = 0
Media Type                  = 0
Unreliable LOS              = 0
Scrambling Disable          = 0
Lane Config from PCS        = 0

Signed-off-by: vaibhav-dahiya <vdahiya@microsoft.com>
2024-01-16 11:34:19 -08:00
Yaqiang Zhu
36e111af80
[dhcp_server] Add support for smart switch in dhcprelayd (#17779)
* [dhcp_server] Add support for smart switch in dhcprelayd
2024-01-16 09:52:50 -08:00
mssonicbld
6107b5151f
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#17573)
#### Why I did it
src/sonic-utilities
```
* 942a7c9e - (HEAD -> master, origin/master, origin/HEAD) Revert "Enhanced route_check.py for multi_asic platforms" (#3122) (2 minutes ago) [Ying Xie]
* 01ee98ec - Revert "route_check: Skip route checks if bgp feature is not enabled" (#3121) (3 minutes ago) [Ying Xie]
* 1489c727 - [Techsupport]Adding more FRR and BGP dumps (#3118) (2 days ago) [Sudharsan Dhamal Gopalarathnam]
* 359e6925 - Disable Key Validation feature during sonic-installation for Cisco Platforms (#3115) (4 days ago) [selvipal]
* 9515c642 - [chassis]: Support show ip bgp summary to display without error when no external neighbors are configured on chassis LC (#3099) (10 days ago) [Arvindsrinivasan Lakshmi Narasimhan]
* 9400691c - Fix database initialization for db_migrator (#3100) (3 weeks ago) [ganglv]
* 56dafb07 - Support disable/enable syslog rate limit feature (#3072) (3 weeks ago) [Junchao-Mellanox]
* 529bb96b - route_check: Skip route checks if bgp feature is not enabled (#3075) (3 weeks ago) [anamehra]
* bcb10f18 - Support golden config in db migrator (#3076) (3 weeks ago) [ganglv]
* 20d1495b - [db_migrator] add db migrator version space for 202305/202311 branch (#3081) (4 weeks ago) [Ying Xie]
* a68d3d3a - Collect module EEPROM data in dump (#3009) (4 weeks ago) [Junchao-Mellanox]
* e7a8def6 - Enhanced route_check.py for multi_asic platforms (#3077) (4 weeks ago) [Deepak Singhal]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-15 16:35:37 +08:00
Liu Shilong
90485126e1
[build] Fix a bash script some times called by sh issue. (#17761)
Why I did it
Fix a bug that sometimes the script runs in sh not bash.

Work item tracking
Microsoft ADO (number only): 26297955
How I did it
2024-01-15 14:59:21 +08:00
mssonicbld
8c1653605b
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#17773)
#### Why I did it
src/sonic-linux-kernel
```
* e17e31c - (HEAD -> master, origin/master, origin/HEAD) Add Kernel config diff script between different kernel versions (#375) (9 hours ago) [Vivek]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-13 16:32:38 +08:00
mssonicbld
17045addb7
[submodule] Update submodule sonic-sairedis to the latest HEAD automatically (#17774)
#### Why I did it
src/sonic-sairedis
```
* 4f4c6d1 - (HEAD -> master, origin/master, origin/HEAD) Fix code coverage and ASAN not being enabled (#1338) (9 hours ago) [Saikrishna Arcot]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-13 16:32:34 +08:00
Saikrishna Arcot
3e3c7aa09d
Add Bookworm base and config-engine layers (#17742)
The layers compile for amd64; however, functionality has not been
tested.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2024-01-12 09:48:26 -08:00
mssonicbld
62eeaa43ba
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#17758)
#### Why I did it
src/sonic-linux-kernel
```
* ee073d9 - (HEAD -> master, origin/master, origin/HEAD) [Marvell-arm64] Enable CONFIG_ARM_SMC_WATCHDOG (#374) (2 hours ago) [Pavan Naregundi]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-12 18:35:33 +08:00
mssonicbld
bc0b122f7b
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#17760)
#### Why I did it
src/sonic-swss-common
```
* b563580 - (HEAD -> master, origin/master, origin/HEAD) Add redisreply.h to swsscommon.i for generate SWIG wrapper (#820) (20 hours ago) [Hua Liu]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2024-01-12 16:34:30 +08:00