Commit Graph

3840 Commits

Author SHA1 Message Date
lguohan
b41944a93d [build]: fix dpkg admindir corruption issue in parallel build (#6408)
Fix #119

when parallel build is enable, multiple dpkg-buildpackage
instances are running at the same time. /var/lib/dpkg is shared
by all instances and the /var/lib/dpkg/updates could be corrupted
and cause the build failure.

the fix is to use overlay fs to mount separate /var/lib/dpkg
for each dpkg-buildpackage instance so that they are not affecting
each other.

Signed-off-by: Guohan Lu <lguohan@gmail.com>
2021-01-25 09:45:31 -08:00
lguohan
50550c1637 [build]: change user name to lower case when used in sonic-slave tag (#6319)
sonic-slave tag only allows all lower case. In case the user
name is mixed case, we need to change user name to all lower case.

Signed-off-by: Guohan Lu <lguohan@gmail.com>
2021-01-25 09:45:31 -08:00
abdosi
01871c46dc
[baseimage]: pin down pip to 20.3.3 (#6539)
With the release of pip21.0 (https://pypi.org/project/pip/#history) on branch 201911 stretch build is failing with below error logs:
As per https://pypi.org/project/pip/ pip21.0 does not not support python2 from Jan 2021. To fix this tag the pip to 20.3.3 version which was being used last and is working fine.

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2021-01-23 16:34:39 -08:00
abdosi
a87f56cce9 Updated BBR to use peer group name as prefix. (#6515)
To make BBR configured for peer-group if it's name starts with (prefixed) with the string define in constants.yml instead of exact string match.
2021-01-22 14:26:04 -08:00
pavel-shirshov
beaaf3316d [docker-frr]: Use egrep with regexp to match correct TSA rules (#6403)
**- Why I did it**
Earlier today we found a bug in the SONiC TSA implementation.
TSC shows incorrect output (see below) in case we have a route-map which contains TSA route-map as a prefix.
```
admin@str-s6100-acs-1:~$ TSC
Traffic Shift Check:
System Mode: Not consistent
```
The reason is that TSC implementation has too loose regexps in TSA utilities, which match wrong route-map entries:
For example, current TSC matches following
```
route-map TO_BGP_PEER_V4 permit 200
route-map TO_BGP_PEER_V6 permit 200
```
But it should match only
```
route-map TO_BGP_PEER_V4 permit 20
route-map TO_BGP_PEER_V4 deny 30
route-map TO_BGP_PEER_V6 permit 20
route-map TO_BGP_PEER_V6 deny 30
```

**- How I did it**
I fixed it by using egrep with `^` and `$` regexp markers which match begin and end of the line.

**- How to verify it**
1. Add follwing entry to FRR config:
```
str-s6100-acs-1# 
str-s6100-acs-1# conf t
str-s6100-acs-1(config)# route-map TO_BGP_PEER_V4 permit 200 
str-s6100-acs-1(config-route-map)# end
```
2. Use the TSC command and check output. It should show normal.
```
admin@str-s6100-acs-1:~$ TSC
Traffic Shift Check:
System Mode: Normal```
2021-01-20 10:37:10 -08:00
Abhishek Dosi
c9e91105fa [submodule update] sonic-py-swsssdk
[configdb] Remove call to "bgsave" from table update (#86)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2021-01-20 10:30:56 -08:00
Stephen Sun
9e90fac18b
[201911] Advance submodule head for sonic-utilities (#6379)
[Submodule update] sonic-utilities
- [db_migrator][201911] Support shared headroom in db_migrator on Mellanox platform (#1261)
- Multi-ASIC support show ip/v6 route additional parameters (#1333)

Signed-off-by: Stephen Sun <stephens@nvidia.com>
2021-01-15 08:29:11 -08:00
Kebo Liu
4c17298d74
[sonic-linux-kernel]: Update sonic-linux-kernel repo to pick up new patches (#6434)
To pick up new commits from sonic-linux-kernel repo:

[201911] Backport patches to increase critical threshold for ASIC and validate transceiver temperature 2f173b45da29f3643212d6c9111db321797453ec Azure/sonic-linux-kernel@2f173b4

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2021-01-13 10:29:37 -08:00
Junchao-Mellanox
88c9bec14a
[submodule][201911] Update sonic-snmpagent (#6354)
b8f0c3a [snmpagent] [201911] Fix hardcoded qsfp lane count by reading sensor status from DB (#183)

**- Why I did it**

Update submodule pointer for snmpagent to include fix for hardcoded qsfp lane count

**- How I did it**

Update snmpagent submodule

**- How to verify it**

Run build.
2021-01-12 13:15:25 -08:00
Renuka Manavalan
b346a3a699 Take a copy of existing TACACS credentials and restore it during upgrade (#6285)
In scenario where upgrade gets config from minigraph, it could miss tacacs credentials as they are not in minigraph. Hence restore explicitly upon load-minigraph, if present.

- Why I did it
Upon boot, when config migration is required, the switch could load config from minigraph. The config-load from minigraph would wipe off TACACS key and disable login via TACACS, which would disable all remote user access. This change, would re-configure the TACACS if there is a saved copy available.

- How I did it
When config is loaded from minigraph, look for a TACACS credentials back up (tacacs.json) under /etc/sonic/old_config. If present, load the credentials into running config, before config-save is called.

- How to verify it
Remove /etc/sonic/config_db.json and do an image update. Upon reboot, w/o this change, you would not be able ssh in as remote user. You may login as admin and check out, "show tacacs" & "show aaa" to verify that tacacs-key is missing and login is not enabled for tacacs.
With this change applied, remove /etc/sonic/config_db.json, but save tacacs & aaa credentials as tacacs.json in /etc/sonic/. Upon reboot, you should see remote user access possible.
2021-01-09 08:13:52 -08:00
pavel-shirshov
f4245fb18d [bgpcfgd]: Support default action for "Allow prefix" feature (#6370)
* Use 20 and 30 route-map entries instead of 2 and 3 for TSA

* Added support for dynamic "Allow list" default action.

Co-authored-by: Pavel Shirshov <pavel.contrib@gmail.com>
2021-01-08 15:12:52 -08:00
Stephen Sun
386f4e190a
[Mellanox] [201911] Support shared headroom pool (#5908) 2021-01-07 09:20:22 +02:00
abdosi
a3d093a82a Updated imfile configuration for supervisord logs (#6368)
Updated imfile configuration for supervisord logs for stretch and buster.
2021-01-06 18:48:24 -08:00
judyjoseph
c80a7c837c
Update the correct SAI version in the sai bcm debian package. (#6369)
[201911] Update the version of the SAI debian package to reflect the actual version 3.7.5.2-1
2021-01-06 18:29:51 -08:00
madhanmellanox
a7f21204f8
updating submodule changes (#6372)
Updating submodule for sonic-swss to get the changes to Azure 201911. The following were the commits that were part of this submodule.
[201911-SWSS]flushing FDB entries per VLAN when deleting VLAN (PR#Azure/sonic-swss#1575) 9519fead3fc63972131de9cb8963a5aeacf7b23d
2021-01-06 18:28:09 -08:00
Myron Sosyak
64acd48012
[Barefoot] [201911] Fix default profile for Newport (#6307)
Fix default profile for Newport platform

Signed-off-by: Volodymyr Boyko <volodymyrx.boiko@intel.com>
2021-01-05 10:08:52 -08:00
Kebo Liu
dea38d1558
Update Mellanox SDK to 4.4.2208 FW to *.2008.2208 (#6342) 2021-01-04 14:10:37 +02:00
abdosi
6e48839cae Enable the notify mode of rsyslogd imfile module used for supervisord (#6298)
Enable the notify mode of rsyslogd imfile module used for supervisord logs in docker container
2020-12-31 17:04:00 -08:00
Stepan Blyshchak
d43e8e16a3
[fpm-frr] fix start.sh template paths (#6329)
There is no /usr/share/sonic/templates/supervisord/ folder
and no supervisord.conf.j2 template.

Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
2020-12-31 17:01:24 -08:00
judyjoseph
e6b9c74ee0
Update SAI 3.7 brcm package (#6324)
Release new SAI bcm package with the new patches merged into SUG INT_3.7 release branch and fix provided for CS00011619081
2020-12-31 08:32:12 -08:00
Abhishek Dosi
bc4e97da6f [submodule update] sonic-snmpagent
a4f39ac580cdc4bc816b829adefa56626332b6d6 (HEAD -> 201911, origin/201911) [RouteUpdater]: Fix multi_asic mock function implementation and multi_asic variable name (#186)
583265e521df440549d29fd2ef403c09f9e907ab [LLDP]: Update init_db to load global database config (#166)
005cf2e14005220699b57b0165b00914d009a852 Fix: correctly handle that lldp_loc_man_addr contains only IPv6 address without IPv4 address (#164)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2020-12-30 17:35:14 -08:00
shlomibitton
6d38654034
[Mellanox] PSU led platform API fixes (#6214)
- Why I did it
Fix setting PSU led to 'green' or 'red' states.
Fix return False if unsupported color request.
Remove 'off' option for PSU led API since it is not supported in Mellanox.

- How I did it
Fix import missing information.
Return 'False' when unsupported led color is requested, preventing an exception.

- How to verify it
Try to set PSU LED to different status with Mellanox platform device.
Try to set PSU LED color to unsupported color with Mellanox platform device.
2020-12-24 01:11:48 -08:00
Joe LeVeque
7d4eadee01 [sonic-config-engine] Ensure all test output files are ignored (#5197)
Also align the naming and cleanup of generated output files in test_cfggen.py with the rest of the tests.
2020-12-22 10:54:11 -08:00
judyjoseph
1e4f09c860 Move frr logs from syslog to /var/log/frr/*.log (#5988)
- Why I did it
Move frr logs from syslog from the directory /var/log/quagga/.log to /var/log/frr/log

- How I did it
Updated the rsyslog config files.

- How to verify it
Verified the logs come into the file zebra.log and bgpd.log in the DIR /var/log/frr/log
2020-12-22 10:53:16 -08:00
Junchao-Mellanox
547ec0a905 Add a configuration to delay start xcvrd for fast-reboot (#5643) 2020-12-22 09:51:54 -08:00
Tamer Ahmed
31389aa778 [cfggen] Remove NatSorted (#5601)
Natural sorting of SONiC config gen output consumes lot of CPU cycles.
The sole use of natsorted was to make test comparison easier and so,
the natsorting logic is now relocated to the test suite. As a result
sonic-cfggen gained nearly 1 sec per call since we no longer import
natsorted module!

singed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
aa2d39c7e0 [cfggen] Allow Write To Redis DB With Template/Batch Mode (#5203)
Argument to write to config-db is not allowed when using template.
This PR allows cfggen to write to redis db when using template
mode.

signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
b61621c5f0 [cfggen] Extend Template Argument to Support Batch Mode (#4941) (#5200)
Calls to cfggen take considerable time. With batch mode, we will have the ability
to reduce number of calls from services.

Example of the batch mode command:
sonic-cfggen -t template-1.j2 -t template-2.j2,config-db -t template-3.j2,config-db -t template-4.j2,file1 -t template-5.j2,file2 --write-to-db.

template-1.j2 will be rendered to stdout since it is missing the dest part. stdout is default
config-db is a special keyword that will inject the rendered template into internal data structure. The internal data structure gets written to redis-db with --write-to-db switch. In the case the user would like to write to a file named config-db, it could be given as /config-db or ./config-db

signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
afc952535e [mgmt-framework] Call sonic-cfggen Once (#4937)
Optimizing number of calls made to sonic-cfggen during service
start up as it adds to total system boot up time.

***-Test 1***
there is an average saving of 1 to 1.5 sec between old script and new script
```
root@str-s6000-acs-14:/# time /usr/bin/rest-server-old.sh
Generating temporary TLS server certificate ...
2020/07/09 19:03:33 wrote cert.pem
2020/07/09 19:03:33 wrote key.pem
REST_SERVER_ARGS = -ui /rest_ui -logtostderr -cert /tmp/cert.pem -key /tmp/key.pem
/usr/sbin/rest_server -ui /rest_ui -logtostderr -cert /tmp/cert.pem -key /tmp/key.pem

real	0m8.790s
user	0m7.993s
sys	0m0.584s
root@str-s6000-acs-14:/# time /usr/bin/rest-server-new.sh
Generating temporary TLS server certificate ...
2020/07/09 19:03:45 wrote cert.pem
2020/07/09 19:03:45 wrote key.pem
REST_SERVER_ARGS = -ui /rest_ui -logtostderr -cert /tmp/cert.pem -key /tmp/key.pem
/usr/sbin/rest_server -ui /rest_ui -logtostderr -cert /tmp/cert.pem -key /tmp/key.pem

real	0m6.940s
user	0m5.670s
sys	0m0.386s
```
***-Test 2***
Built an image with this change and rest server is running with params as described in test 1 above
```
admin@str-s6000-acs-14:~$ ps -ef | grep rest_server
root      3301  2866  2 02:09 pts/0    00:00:10 /usr/sbin/rest_server -ui /rest_ui -logtostderr -cert /tmp/cert.pem -key /tmp/key.pem

```

signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
2b3e18c0cc [swss] Reduce Calls to SONiC Cfggen (#5177)
Calls to sonic-cfggen is CPU expensive. This PR reduces calls to
sonic-cfggen to one call during startup when starting swss service.

singed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Abhishek Dosi
0c1b686ced [Submodule Update] sonic-py-swsssdk
[configdb] Add Ability to Query/Update Redis Using
Pipelines

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
fd3e0b4c58 [frr] Reduce Calls to SONiC Cfggen (#5176)
Calls to sonic-cfggen is CPU expensive. This PR reduces calls to
sonic-cfggen to two calls during startup when starting frr service.

singed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
c5f53f50b2 [radv] Reduce Calls to SONiC Cfggen (#5178)
Calls to sonic-cfggen is CPU expensive. This PR reduces calls to
sonic-cfggen to one call during startup when starting radv service.

singed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
687c971a52 [dhcp-relay] Reduce Calls to SONiC Cfggen (#5175)
Calls to sonic-cfggen is CPU expensive. This PR reduces calls to
sonic-cfggen to one call during startup when starting dhcp-relay
service.

singed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
b5bf5e3bce [interfaces] Reduce Calls to SONiC Cfggen (#5174)
Calls to sonic-cfggen is CPU expensive. This PR reduces calls to
sonic-cfggen to one call during startup when running interfaces-
config.

singed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
066a0b3b2b [snmp]: Reduce Calls to SONiC Cfggen (#5166)
Calls to sonic-cfggen is CPU expensive. This PR reduces calls to
sonic-cfggen to once calle during snmp startup

singed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
018d007750 [cfggen] Use Redis Pipeline (#5250)
This PR enables cfggen to readr/write from Redis DB using pipelines.
Pipelines enables batch read/write from/to Redis DB.

signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Tamer Ahmed
fae4c4bfcc [swss] Enhance ARP Update to Call Sonic Cfggen Once (#5398)
This PR limited the number of calls to sonic-cfggen to one call
per iteration instead of current 3 calls per iteration.

The PR also installs jq on host for future scripts if needed.

signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com>
2020-12-22 09:51:54 -08:00
Abhishek Dosi
2140daa680 [submodule update] sonic-swss
Support ACL Table type Mirrorv6 for Innovium (#1528)
Enable v6 ACL rule based Mirroring for Innovium Platform

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2020-12-22 09:44:32 -08:00
Samuel Angebault
e75c15bfda
[aboot]: Better handle tmpfs management in boot0 (#6268)
To limit IO and space usage on the flash device the boot0 script makes sure the SWI is in memory.
Because SONiC maps /tmp on the flash, some logic is required to make sure of it.
However it is possible for some provisioning mechanism to already download the swi in a memory file system.
This was not properly handled by the boot0 script.
It now properly detect if the image is on a tmpfs or a ramfs and keep it there if that is the case.

- How I did it

Check the filesystem on which the SWI pointed by swipath lies.
If this filesystem is a ramfs or a tmpfs the move_swi_to_tmpfs becomes a no-op.
Made sure the cleanup logic would not behave unexpectedly.

- How to verify it

In SONiC:

Download the swi under /tmp and makes sure it gets moved to /tmp/tmp-swi which gets mounted for that purpose.
Make sure /tmp/tmp-swi gets unmounted once the install process is done.

Create a new mountpoint under /ram using either ramfs or tmpfs and download the swi there.
Install the swi using sonic-installer and makes sure the image doesn't get moved by looking at the logs.
2020-12-22 00:07:10 -08:00
Abhishek Dosi
c70b4cd63d [submodule update] sonic-utilities
fd3e0174971599fa7f9d73ff1a997583eb090fd5 (HEAD -> 201911, origin/201911) [Multi-asic] Enhanced Feature Table configuration for multi-asic platforms (#1152)
12f03b195609c07762d8c8efd80dc548ddd4fe78 Add FW dump with new SAI implementation (#1298)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2020-12-20 16:47:53 -08:00
abdosi
35fc12c373 Telemetry Certificate Copy Across Image Upgrade. (#6252)
To copy telemetry certificate during image upgrade from previous image to new image
2020-12-19 08:24:41 -08:00
Abhishek Dosi
eb688c876b [Submodule update] sonic-swss
cea4468c91c448fb33fc8dda0dc44ec7c9b8f897 (HEAD -> 201911, origin/201911) [crm]: Typecast to unit64_t to avoid divide by 0 during overflow (#1550)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2020-12-18 18:56:05 -08:00
Lawrence Lee
024330cb4b [minigraph.py]: Prefer parsing device type from <ElementType> (#6184)
* Parse device type from <ElementType> first in <PngDec>
* Fall back to <Device> type attribute if no <ElementType> is found

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2020-12-18 18:56:05 -08:00
Prince Sunny
8d5cf6a8c3 [Submodule] Update for sonic-restapi (#6231)
b002455 - 2020-12-16 : Validate IP only if nexthop attribute is not null (#66) [Prince Sunny]
76592a9 - 2020-12-03 : Add License file (#62) [Prince Sunny]
2020-12-18 18:56:05 -08:00
arlakshm
7f76698b7d
[201911][hostcfgd]:wait updating the feature table till system init is done (#6234)
- Why I did it
The change is done to make sure the system initialization is done before the hostcfgd sets the feature states.

- How I did it
This is port of the PR #6232.
Since the systemctl version in 201911 doesn't support "--wait".
Added a function to check the output of systemctl is-system-running every second, till the command system is done booting up.

For now this change is only applicable to multi asic platforms based on the testing this change will be extended to all platforms in the future PR.

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2020-12-18 12:31:35 -08:00
Volodymyr Samotiy
78c44d1808
[Mellanox] Update SAI submodule (#6235)
To add VNET route diff tool (SAI/SDK part) to 201911 release

Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
2020-12-17 09:11:50 -08:00
Lawrence Lee
dae5c4c930 [build_templates]: Start SNMP timer after SWSS service (#6195)
Fixes #5663

- Why I did it
It's currently possible for the SNMP timer to conflict with config reload (specifically if the timer triggers while config reload is stopping the SWSS service). config reload triggers SWSS to shutdown, which causes SNMP to shutdown, which conflicts with the SNMP timer causing SNMP to startup. See the linked issue for more details.

- How I did it
Including the After ordering dependency forces the SNMP timer to wait until SWSS finishes stopping, preventing the conflict. If there is an ordering dependency between two units (e.g. one unit is ordered After another), if one unit is shutting down while the other is starting up, the shutdown will always be ordered before the startup. In this case, that means that the SNMP timer is forced to wait for the SWSS shutdown to complete. Only then can the SNMP timer proceed. See here for more details.

It's important to note that the After dependency will not cause SWSS to be started when the SNMP timer fires (assuming that SWSS has not yet been started). The existing Requisite dependency in the SNMP service will also not cause SWSS to be started, instead it will cause the SNMP service to fail if SWSS is not active.

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2020-12-16 19:28:31 -08:00
Abhishek Dosi
70c6c0d9a0 [submodule update] sonic-swss
[201911] Fixes for NAT lgtm alerts (#1391)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2020-12-16 14:25:21 -08:00
Shi Su
ff1a60fbc3 [L2 switch mode] Update l2switch.j2 template (#5981)
- Why I did it
The l2switch.j2 template does not include all fields for PORT. This could be incompatible with the 201911 image or later.

- How I did it
Update l2switch.j2 template and add a unit test.
2020-12-16 14:24:06 -08:00