Commit Graph

6637 Commits

Author SHA1 Message Date
shilongliu
74138fb3d5 fix 2022-10-14 18:09:26 +08:00
shilongliu
f7ed595bc8 fix 2022-10-14 18:03:11 +08:00
shilongliu
2c141e3817 fix 2022-10-14 16:45:15 +08:00
shilongliu
3fc9869e66 TEST 2022-10-14 16:02:48 +08:00
shilongliu
79b97c3ac1 REVERT 2022-10-14 16:00:50 +08:00
shilongliu
f920142146 fix 2022-10-14 15:58:51 +08:00
shilongliu
e7e04b09e9 fix 2022-10-14 15:54:20 +08:00
shilongliu
58f090c4e5 [action] Add code scan for python 2022-10-14 15:37:43 +08:00
Saikrishna Arcot
7087763af4
Revert "[Yang model] add Restapi yang file (#12287)" (#12374)
This is causing a build failure for all builds. The PR build was incorrectly marked as passing due to a different build issue.

libyang[0]: Regular expression "(/[a-zA-Z0-9_-.]+)*/([a-zA-Z0-9_-.]+)./[a-z]{3}" is not valid (".]+)*/([a-zA-Z0-9_-.]+)./[a-z]{3})$": range out of order in character class).
libyang[0]: Module "sonic-restapi" parsing failed.
ERROR:YANG-TEST: Exception >Module "sonic-restapi" parsing failed.< in /sonic/src/sonic-yang-models/tests/yang_model_tests/test_yang_model.py:114
ERROR:YANG-TEST: Exception >Module "sonic-restapi" parsing failed.< in /sonic/src/sonic-yang-models/tests/yang_model_test

This reverts commit e1765121b2.
2022-10-12 08:44:50 -07:00
Vivek
34f9a642dd
[DHCP_RELAY] Updated wait_for_intf.sh to wait for ipv6 global and link local addr (#12273)
- Why I did it
Fixes #11431

- How I did it
dhcp6relay binds to ipv6 addresses configured on these vlan interfaces
Thus check if they are ready before launching dhcp6relay

- How to verify it
Unit Tests
Tested on a live device

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2022-10-12 11:46:20 +03:00
Hua Liu
257cc96d7c
Remove swsssdk from sonic OS image and docker container image (#12323)
Remove swsssdk from sonic OS image and docker image

#### Why I did it
swsssdk is deprecated, so need remove from image.

#### How I did it
Update config file to remove swsssdk from image.

#### How to verify it
Pass all test case.

#### Which release branch to backport (provide reason below if selected)

<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205

#### Description for the changelog
Remove swsssdk from sonic OS image and docker image

#### Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.

#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->

#### A picture of a cute animal (not mandatory but encouraged)
2022-10-12 13:04:14 +08:00
Renuka Manavalan
aee1466a83
sonic-swss-common submodule update (#12356)
| * cb707b7 fixed nokia platform m0 asic mismatch (fixed nokia platform m0 asic mismatch #12148)
| * c75dfe8 [build] Fix dpkg front lock issue with apt-get ([build] Fix dpkg front lock issue caused by apt-get install #12332)
| * 247bd78 [action] Fix PR pre-cherry-pick action wrong author issue. ([action] Fix PR pre-cherry-pick action wrong author issue. #12339)
| * fc99265 [Nokia] Update the nokia platform submodule for Nokia-IXR7250E platform ([Nokia] Update the nokia platform submodule for Nokia-IXR7250E platform #12305)
| * 9d37b63 [Nokia] Update Nokia platform IXR7250E device data ([Nokia] Update Nokia platform IXR7250E device data #11611)
| * 304c6c8 [BFN] Reworked BFN platform thermals plugin ([BFN] Reworked BFN platform thermals plugin #11723)
| * df93a1b [Build][Bug] Fix apt-get remove version not lock issue ([Build][Bug] Fix apt-get remove version not locked issue #12193)
| * 9b2b8e3 Add gearbox taps to vs gearbox_config.json (Add gearbox taps to vs gearbox_config.json #11480)
2022-10-11 20:35:42 -07:00
Prince Sunny
e1765121b2
[Yang model] add Restapi yang file (#12287)
* add Restapi Yang model
2022-10-11 10:53:52 -07:00
Mai Bui
f1826586b0
Replace eval (#12103)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`eval()` - not secure against maliciously constructed input, can be dangerous if used to evaluate dynamic content. This may be a code injection vulnerability.
#### How I did it
`eval()` - use `literal_eval()`
2022-10-11 10:17:09 -04:00
henry huang
cb707b7969
fixed nokia platform m0 asic mismatch (#12148)
changed the platform device name under nokia directory; we now need to specify marvell armhf/arm64 to provide more accurate platform identity. otherwise onie discovery won't recognize the asic being installed.

Why I did it
when we load images using onie discovery, the process was failing because of marvell ASIC mismatch

How I did it
replace the platform asic with marvell-armhf under 7215

How to verify it
load a new image using http server and verify that the image can be loaded successfully
2022-10-11 15:04:07 +08:00
Liu Shilong
c75dfe84ed
[build] Fix dpkg front lock issue with apt-get (#12332) 2022-10-11 11:00:51 +08:00
Liu Shilong
247bd78da3
[action] Fix PR pre-cherry-pick action wrong author issue. (#12339) 2022-10-11 09:56:48 +08:00
Marty Y. Lok
fc99265fd2
[Nokia] Update the nokia platform submodule for Nokia-IXR7250E platform (#12305)
Signed-off-by: mlok <marty.lok@nokia.com>
2022-10-10 18:49:51 -07:00
Marty Y. Lok
9d37b63824
[Nokia] Update Nokia platform IXR7250E device data (#11611)
Signed-off-by: mlok <marty.lok@nokia.com>
2022-10-10 18:49:26 -07:00
Andriy Kokhan
304c6c80c4
[BFN] Reworked BFN platform thermals plugin (#11723)
* [BFN] Updated platform.json for wedge100bf_65x

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>

* Reworked BFN platform thermal logic

* Implemented PSU thermal APIs

* Updated platform.json for accton_wedge100bf_32x

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>

* Updated BFN platform plugins initialization flow

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>

Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>
2022-10-11 09:12:28 +08:00
xumia
df93a1be54
[Build][Bug] Fix apt-get remove version not lock issue (#12193)
Why I did it
Fix apt-get remove/purge version not locked issue when the apt-get options not specified.

How I did it
Add a space character before and after the command line parameters.
2022-10-11 07:59:14 +08:00
byu343
9b2b8e3e86
Add gearbox taps to vs gearbox_config.json (#11480)
Why I did it
For the change to support gearbox taps by gearbox_config.json (sonic-net/sonic-swss#2158), I need to add tests to sonic-swss/tests/test_gearbox.py to satisfy the test coverage of the change. The existing code in test_gearbox.py has already used brcm_gearbox_vs and here is to add some gearbox tap value to its gearbox_config.json, for the added tests in sonic-swss/tests/test_gearbox.py.

How I did it
How to verify it
This change itself will not affect existing code.
2022-10-10 13:35:06 -07:00
Mai Bui
94c998965c
[broadcom] Replace popen function (#12106)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
#### How I did it
`os` - use with `subprocess`
#### How to verify it
2022-10-10 10:12:26 -04:00
Liu Shilong
09d4d3e6e7
[action] Fix trigger issue in PR pre-cherry-pick action. (#12333) 2022-10-10 17:11:31 +08:00
Liu Shilong
019e0acd51
[actions] Add auto cherry-pick actions to release branch (#11496)
* [actions] Add github actions to auto cherry-pick prs to release branches

* Add README, fix workflow
2022-10-10 16:55:00 +08:00
Ye Jianquan
62692f4228
Add storage blob related packages (#12220)
Why I did it
TestbedV2 relies on storage blob related python package to upload logs.

How I did it
Install storage blob related packages
2022-10-10 11:29:26 +08:00
Zain Budhwani
09fe3f467f
Add Structured Events w/ YANG Models (#12270)
Add events for dhcp-relay, bgp, syncd, & kernel.
2022-10-09 20:23:31 -07:00
jingwenxie
7e0346c613
[master] update sonic-utilities (#12307)
ac71d745d [VxLAN]Fix Vxlan delete command to throw error when there are references (#2404)
7419c6731 Added cisco config platform commands (#2242)
8760bbe80 Add UT to check sonic installer does not depend on database (#2401)
6bef65260 [doc] add documentation on automatic techsupport based on memory (#2411)
4a783745f [doc] update "config feature" section with "--block" option (#2409)
dd6210fcc [Vxlanmgrd] [CPA] Update the vxlan_tunnel name len to be under IFNAMIZ to overcome netdev creation failure (#2398)
bdc4a8a60 Fix broken pipeline build URL (#2363)
b31681b43 Fix display disorder problem of show vrf (#2392)
123504a85 YANG validation for ConfigDB Updates: portchannel add/remove, loopback interface, VLAN
28f6820c6 [link-local]Modify RIF check to include link-local enabled interfaces (#2394)
2022-10-10 11:03:37 +08:00
Neetha John
615f277701
[minigraph] Remove SLB and bgp monitor peers for storage backend (#12251)
Signed-off-by: Neetha John nejo@microsoft.com

Why I did it
slb and bgp mon peers are not needed for storage backend. These neighbor are present in the minigraph.

How I did it
After minigraph parsing, remove these neighbors if it is a storage backend device

How to verify it
Unit tests
Verified on the device that once these tables are removed, these peers don't show up in "show runningconfig bgp" output
2022-10-07 09:37:53 -07:00
Mai Bui
3cd9b2e1b5
[device/centec] Replace os.system and remove subprocess with shell=True (#12024)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess.Popen()` and `subprocess.run()` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
Replace `os` by `subprocess`, remove `shell=True`
Remove unused functions
2022-10-07 10:48:25 -04:00
Saikrishna Arcot
d5a3613ce2
Update debootstrap to 1.0.123+deb11u1 (#12294)
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-10-06 20:23:37 -07:00
Zain Budhwani
fa2f7cd502
Update gnmi pointer (#12293) 2022-10-06 20:13:54 -07:00
Lawrence Lee
a45a455853
[swss]: Submodule update (#12286)
Include:

df92fb72 Improve verbosity level and provide more info in the log (#2472)
e81ed20b [intfmgr]: Enable `accept_untracked_na` kernel param (#2436)
24d29f18 [orchdaemon]: Fixed sairedis record file rotation (#2299)
b8ee07d7 [build] add missing package libyang-dev in lgtm.yml (#2475)
e46dd294 [crm] Fix issue with continues EXCEEDED and CLEAR logs for ACL group/table counters (#2463)
b61d24cd [doc]: Update README.md (#2456)
b9ade5d2 [orchagent] Fix issue: ip prefix shall be inited even if VRF/VNET is not ready (#2461)
f0f1eb47 Revert "[counters] Improve performance by polling only configured ports buffer queue/pg counters (#2360)" (#2458)
3d757a83 [ci][asan] add DVS tests run with ASAN (#2441)
04fbc8e3 [ci] Only when test stage succeeded or succeededwithissues, PR run Gcov (#2460)
7cc035f9 [orchagent]: Publish identified events via structured-events channel (#2446)
efa0f01d [QoS] Enforce drop probability only for colors whose WRED are enabled (#2422)
05c5c2f6 [swss] Replace memset functions (#2423)
9ff993db Modified the test file to remove click commands and do the REDIS-DB u… (#2264)
9e376af3 Install libyang in azure pipeline. (#2445)
c1eb99a7 check state_db for po before sending ARP/ND pkts (#2444)
43cc4869 [portmgr] Fixed the orchagent crash due to late arrival of notif (#2431)
b62c7162 Enhance orchagent and buffer manager in error handling (#2414)
13bda3c6 [Everflow/ERSPAN] Set correct destination port and mac address when the nexthop is updated for ERSPAN mirror destination (#2392)
0ccb315c Revert "[VS Test] Skip failing subport tests (#2370)" (#2421)
ac8a83f0 [UT] [Portsyncd] Added Unit Tests for portsyncd (#2297)
83a186a9 Change the log messages in addKernelNeigh/Route from ERROR to INFO (#2437)
9c23389b [BFD]Clean up state_db BFD entries on swss restart (#2434)
d41aebfd EntityBulker SIGSEGV when create_entry attr_count 0 (#2224)
f52a7b1c Fix the Fec Mode Setting of gbsyncd (#2430)
8cc0a451 [neighsyncd] Enabling ipv4 link local entries for non-dualtor (#2427)
5624e875 Revert "[ci][asan] add DVS tests run with ASAN (#2363)" (#2433)
a26b26ac Dynamic port configuration - add port buffer cfg to the port ref counter (#2194)
486939a9 tlm_teamd: Filter portchannel subinterface events from STATE_DB LAG_TABLE (#2408)
a4b89925 [counters] Improve performance by polling only configured ports buffer queue/pg counters (#2360)
4aaeec91 added support for Xsight platform (#2426)
ca9edcad [ci][asan] add DVS tests run with ASAN (#2363)
dec4570c Handle dual ToR neighbor miss scenario (#2151)
9eb44220 Upstream new development on p4orch (#2237)
e9be2c0e [lgtm] Fix dependency (#2419)
c0168f35 [muxorch] Returning true if nbr in skip_neighbor_ in isNeighborActive() (#2415)
cfcf3d87 [macsec]: Set MTU for MACsec (#2398)
8346034b Delete Invalid if condition in intfsorch.cpp (#2411)

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2022-10-06 19:01:09 -07:00
Mai Bui
648ca075c7
[device/mellanox] Mitigation for security vulnerability (#11877)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [PR (#12065)](https://github.com/sonic-net/sonic-buildimage/pull/12065) needs to merge first.
#### Why I did it
`subprocess.Popen()` and `subprocess.check_output()` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
Disable `shell=True`, enable `shell=False`
#### How to verify it
Tested on DUT, compare and verify the output between the original behavior and the new changes' behavior.
[testresults.zip](https://github.com/sonic-net/sonic-buildimage/files/9550867/testresults.zip)
2022-10-06 17:51:31 -04:00
Ying Xie
1ad1e19733
[RDMA] create split profiles for Arista-7050CX3-32S (#12228)
Moving buffer configuration files to sub folders to enable multiple buffer profiles. Otherwise, non-functional change.

Signed-off-by: Ying Xie ying.xie@microsoft.com
2022-10-06 14:15:23 -07:00
Adam Yeung
80c1210a6f
iccpd bullseye migration (#12097) 2022-10-06 11:28:53 -07:00
Marty Y. Lok
1073a47ad6
[armhf][sonic-installer] Fix the sonic-installer install images on armhf platform issue (#12284)
Signed-off-by: mlok <marty.lok@nokia.com>

Signed-off-by: mlok <marty.lok@nokia.com>
2022-10-06 08:29:21 -07:00
Prince George
ac1d392d4c
Disable brackted-paste mode off by default (#12285)
* Disable brackted-paste mode off by default

* address review comment
2022-10-06 07:55:09 -07:00
Saikrishna Arcot
9251d4ba8b
[docker-wait-any]: Exit worker thread if main thread is expected to exit (#12255)
There's an odd crash that intermittently happens after the teamd container
exits, and a signal is raised to the main thread to exit. This thread (watching
teamd) continues execution because it's in a `while True`. The subsequent wait
call on the teamd container very likely returns immediately, and it calls
`is_warm_restart_enabled` and `is_fast_reboot_enabled`. In either of these
cases, sometimes, there is a crash in the transition from C code to Python code
(after the function gets executed).  Python sees that this thread got a signal
to exit, because the main thread is exiting, and tells pthread to exit the
thread.  However, during the stack unwinding, _something_ is telling the
unwinder to call `std::terminate`.  The reason is unknown.

This then results in a python3 SIGABRT, and systemd then doesn't call the stop
script to actually stop the container (possibly because the main process exited
with a SIGABRT, so it's a hard crash). This means that the container doesn't
actually get stopped or restarted, resulting in an inconsistent state
afterwards.

The workaround appears to be that if we know the main thread needs to exit,
just return here, and don't continue execution. This at least tries to avoid it
from getting into the problematic code path. However, it's still feasible to
get a SIGABRT, depending on thread/process timings (i.e. teamd exits, signals
the main thread to exit, and then syncd exits, and syncd calls one of the two C
functions, potentially hitting the issue).

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-10-05 18:14:10 -07:00
kannankvs
3686454c6e
Updated the template with comment recieved (#12276)
Updated the PR template with comment received on removing the reference link on GCU. Hence added text to show reference for GCU PR.
2022-10-05 17:51:42 -07:00
xumia
1f0699f51e
Fix sonic-config low dpkg hit rate issue (#12244)
Why I did it
When sending a PR only CI change, as expected, the target target/python-wheels/buster/sonic_config_engine-1.0-py2-none-any.whl should be from the cache, because the depended files were not changed, but it rebuilt.

How I did it
Sort the files by name.
2022-10-05 08:10:54 +08:00
Kalimuthu-Velappan
c691b73959
01.Version-cache - restructuring of Makefile.work (#12000)
- The Makefile.work becomes complex and it is very difficult to manage the changes across branches.
- Restructured the Makefile.work and it becomes more readable.
- Added $(QUIET) option to turn on command echo mode through command line option.
- Exported the SONIC_BUILD_VARS variable, through which make options can be set dynamically.
	Eg: make SONIC_BUILD_VARS='INCLUDE_NAT=y'
2022-10-04 14:13:40 -07:00
Mai Bui
95f4af3407
[actions] Support Semgrep by Github Actions (#12249)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
[Semgrep](https://github.com/returntocorp/semgrep) is a static analysis tool to find security vulnerabilities.
When opening a PR or commtting to PR, Semgrep performs a diff-aware scanning, which scans changed files in PRs.
When merging PR, Semgrep performs a full scan on master branch and report all findings.
Ref: - [Supported Language](https://semgrep.dev/docs/supported-languages/#language-maturity) - [Semgrep Rules](https://registry.semgrep.dev/rule)
#### How I did it
Integrate Semgrep into this repository by committing a job configuration file
#### How to verify it
PR: https://github.com/maipbui/sonic-buildimage/pull/2
Master branch full scan findings: [Master branch findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160181876/jobs/5144332404)
PR https://github.com/maipbui/sonic-buildimage/pull/2 scan findings: [Pull request findings results](https://github.com/maipbui/sonic-buildimage/actions/runs/3160193505/jobs/5144357859)
2022-10-03 14:38:55 -04:00
andywongarista
2f46689a05
[Arista] Add components for 720DT-48S (#12217)
Why I did it
Add components data for sonic-mgmt testing

How I did it
Update platform.json and add platform_components.json

How to verify it
Ran sonic-mgmt tests (test_chassis and test_component)
2022-10-03 13:53:34 +08:00
Dror Prital
44356fa8d7
[Mellanox] Add NVIDIA copyright header for NVIDIA added files (#12130)
- Why I did it
Add NVIDIA Copyright header for new "NVIDIA" files

- How I did it
Add the copyright header as remark at the head of the file
2022-10-02 11:34:24 +03:00
Muhammad Danish
8c10851c2a
Update azure.github.io links to sonic-net.github.io (#12209)
Why I did it
azure.github.io/SONiC/ no longer works and returns 404 Not Found. Updated it to the correct sonic-net.github.io/SONiC/
2022-10-02 14:02:10 +08:00
jingwenxie
0a2743d5e4
[submodule] update sonic-utilities (#12138)
0a7557bd9 [minigraph] add option to specify golden path in load_minigraph (#2350)
322aefc37 [GCU]Remove GCU unique lane check for duplicate lanes platforms (#2343)
7099fffa7 [fastboot] fastboot enhancement: Use warm-boot infrastructure for fast-boot (#2286)
09026edbb [warm-reboot] fix warm-reboot when /tmp/cache is missing (#2367)
a3c404c74 Fix typo in platform_sfputil_helper.is_rj45_port (#2374)
637d834ce Vnet_route_check Vxlan tunnel route update. (#2281)
29a3e5180 Added support for tunnel route status in show vnet routes all. (#2341)
1ac584bb3 Use 'default' VRF when VRF name is not provided (#2368)
4d377a620 [subinterface]Added additional checks in portchannel and subinterface commands (#2345)
bbcdf2ed7 disk_check: Publish event  for RO state (#2320)
3fd537b0a Support the bandit check by GitHub Action (#2358)
491d3d380 [generate dump]Added error message when saisdkdump fails (#2356)
6830e01ec [counterpoll]Fixing counterpoll show for tunnel and acl stats (#2355)
3be2ad7de [fast-reboot]Avoid stopping masked services during fast-reboot (#2335)
0e1b0cf20 [GCU] Fix missing backend in dry run (#2347)
676c31bd0 Add verification for override (#2305)
48997c266 Add Password Hardening CLI support (#2338)
414e239ea update unit tests for swap allocator
a91a4922f consider swap checking memory in installer
f0ce58635 [route_check]: Ignore standalone tunnel routes (#2325)
2022-10-01 11:36:55 -07:00
Samuel Angebault
18850e4e28
[Arista] Update platform submodules (#12225)
Implement input power psu API
Report DC power output via API
Add bootloader Component in API
Fix issue where naming was not unique for Component
2022-09-30 16:03:40 +08:00
Hua Liu
004a8b6eae
[AzurePipeline] Fix vstest step failed by libyang missing. (#12240)
Why I did it
Fix PR merge failed because 'vstest' step does not install libyang.

How I did it
Install libyang in azure pipeline.

How to verify it
Pass vstest step.
2022-09-30 15:56:46 +08:00
Volodymyr Samotiy
eea8ebd0a9
[Mellanox] Update MFT to v4.21.0-100 (#11758)
- Why I did it
To update MFT package to the latest version.

- How I did it
Updated MFT_VERSION & MFT_REVISION in platform/mellanox/mft.mk.

- How to verify it
Build an image and deploy to the switch
Check MFT version by dpkg -l | grep mft
Verify that all the SONiC services up and running
Run regression testing using tests from sonic-mgmt

Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
2022-09-30 09:48:40 +03:00