Commit Graph

7815 Commits

Author SHA1 Message Date
iavraham
72021fdb0f
Add remote syslog configuration (#14513)
* Add an ability to configure remote syslog servers
* Add an initial configuration for remote syslog
* Extend YANG module and add unit tests

#### Why I did it
Adding the following functionality to rsyslog feature:

- Configure remote syslog servers: protocol, filter, severity level
- Update global syslog configuration: severity level, message format

#### How I did it
added parameters to syslog server and global configuration.

#### How to verify it
create syslog server using CLI/adding to Redis-DB
verify server is added to file /etc/rsyslog.conf and server is functional.

#### Description for the changelog
extend rsyslog capabilities, added server and global configuration parameters.

#### Link to config_db schema for YANG module changes
https://github.com/iavraham/sonic-buildimage/blob/master/src/sonic-yang-models/yang-models/sonic-syslog.yang
2023-07-10 11:40:08 -07:00
ycoheNvidia
7639df0868
Added ssh configurations to YANG model (#13338)
- Why I did it
Implemented ssh configurations

- How I did it
Added ssh config table in configDB, once changed - hostcfgd will change the relevant OS files (sshd_config)

- How to verify it
Tests in sonic-host-services. Change relevant configs in configDB such as ports, and see sshd port was modified
2023-07-10 21:27:41 +03:00
Baorong Liu
430330800e
[staticroutebfd] fix ipv6 letter case issue (#15765)
*use lower case for IPv6 address as internal key and bfd session key. fixes #15764

Why I did it
*staticroutebfd uses the IPv6 address string as a key to create bfd session and cache the bfd sessions using it as a key.
When the IPv6 address string has uppercase letter in the static route nexthop list, the string with uppercase letter key is stored in the cache, but the BFD STATE_DB uses lowercase for IPv6 address, so when the staticroutebfd get the bfd state event, it cannot find the bfd session in its local cache because of the letter case.
2023-07-10 10:14:11 -07:00
ganglv
cb3ee6571d
Remove DNS configuration from minigraph schema (#15727)
#### Why I did it
We should not modify minigraph schema.

#### How I did it
Update minigraph.py and remove unit test.

#### How to verify it
Run sonic-config-engine unit test.
2023-07-09 20:42:11 -07:00
Chun'ang Li
c07447ae61
Refine PR test template format (#15636)
Why I did it
Refine PR test template format.

How I did it
Refine PR test template format.

How to verify it
PR test executed normally.

Signed-off-by: Chun'ang Li <chunangli@microsoft.com>
2023-07-10 10:47:40 +08:00
mssonicbld
9321c97731
[submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (#15755) 2023-07-09 15:16:10 +08:00
mssonicbld
e57692c30d
[ci/build]: Upgrade SONiC package versions (#15757) 2023-07-08 19:34:00 +08:00
mssonicbld
cd3cdee221
[submodule] Update submodule sonic-mgmt-common to the latest HEAD automatically (#15521)
#### Why I did it
src/sonic-mgmt-common
```
* 341fd73 - (HEAD -> master, origin/master, origin/HEAD) Remove invalid db type definitions: ERROR_DB, USER_DB (#94) (3 days ago) [Sachin Holla]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-08 16:34:46 +08:00
mssonicbld
f6282b8259
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#15756) 2023-07-08 15:57:02 +08:00
abdosi
87066abcf8
Enable BFD for Static Route for chassis-packet. (#15383)
*What I did:
Enable BFD for Static Route for chassis-packet. This will trigger the use of the feature as defined in here: #13789

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2023-07-07 11:10:35 -07:00
Baorong Liu
a86a0264e0
[staticroutebfd] fix static route uninstall issue when all nexthops are not reachable (#15575)
fix static route uninstall issue when all nexthops are not reachable.
the feature was working but the bug was introduced when support dynamic bfd enable/disable. Added UT testcase to guard this.
2023-07-07 10:12:20 -07:00
mssonicbld
74e3917eae
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#15739) 2023-07-07 15:57:10 +08:00
Vaibhav Hemant Dixit
ddb3086620
Revert "Revert "Fix for fast/cold-boot: call db_migrator only after old config is loaded (#14933)" (#15464)" (#15684)
This reverts commit 9649a44470.
2023-07-06 17:34:35 -07:00
Stepan Blyshchak
6f6218a920
[FRR]Fixing the advertisement of static ipv6 route (#15688)
Co-authored-by: dgsudharsan <sudharsand@nvidia.com>
Co-authored-by: Liat Grozovik <44433539+liat-grozovik@users.noreply.github.com>
2023-07-06 16:29:24 -07:00
Saikrishna Arcot
e46be54f14
Update the docker daemon to 24.0.2 (#15652)
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-07-06 14:44:29 -07:00
Sachin Holla
39cb2545e6
Submodule update for sonic-mgmt-common and sonic-gnmi (#15519) 2023-07-06 12:39:57 -07:00
mssonicbld
673b8b86ff
[submodule] Update submodule sonic-dash-api/sonic-dash-api to the latest HEAD automatically (#15725)
#### Why I did it
src/sonic-dash-api/sonic-dash-api
```
* 3f728d1 - (HEAD -> master, origin/master, origin/HEAD) Update vnet_direct in route.proto (#4) (11 days ago) [Ze Gan]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-06 16:39:13 +08:00
lixiaoyuner
ca29197184
Move k8s script to docker-config-engine (#14788)
Why I did it
To reduce the container's dependency from host system

Work item tracking
Microsoft ADO (number only):
17713469
How I did it
Move the k8s container startup script to config engine container, other than mount it from host.

How to verify it
Check file path(/usr/share/sonic/scripts/container_startup.py) inside config engine container.

Signed-off-by: Yun Li <yunli1@microsoft.com>
Co-authored-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2023-07-05 14:44:48 -07:00
Eric Seifert
4e78f58b53
Use execle instead of popen in tacas nss to avoid shell escape exploits (#15284)
Why I did it
Tacacs nss library uses popen to execute useradd and usermod commands. Popen executes using a shell (/bin/sh) which is passed the command string with "-c". This means that if untrusted user input is supplied, unexpected shell escapes can occur. In this case the username supplied can be untrusted user input when logging in via ssh or other methods when tacacs is enabled. Debian has very little limitation on usernames and as such characters such as quotes, braces, $, >, | etc are all allowed. Since the nss library is run by root, any shell escape will be ran as root.

In the current community version of tacacs nss library, the issue is mitigated by the fact that the useradd command is only ran if the user is found to exist on the tacacs server, so the bad username would have to already exists there which is unlikely. However, internally (at Dell) we had to modify this behavior to support other tacacs servers that do not allow authorization messages to verify user existence prior to a successful authentication. These servers include Cisco ISE and Aruba ClearPass. In order to support these tacacs+ servers, we have to create a temporary user immediately, which means this would be a much bigger issue.

I also plan to supply the patch to support ISE and ClearPass and as such, I would suggest taking this patch to remediate this issue first.

How I did it
Replace call to popen with fork/execl of the useradd/usermod binary directly.

How to verify it
Install patched version of libnss-tacplus and verify that tacacs+ user login still works as expected.
2023-07-05 14:41:44 -07:00
leo lin
c6dbfa988e
[Ufispace][PDDF] Add support for S9300-32D platform (#14922) 2023-07-05 14:39:01 -07:00
Arvindsrinivasan Lakshmi Narasimhan
eaa795deb8
Revert "[gearbox] use credo sai v0.9.0 (#14149)" (#15708)
Reverts #14149

This SAI libsaicredo_0.9.0_amd64.deb causing packet forwarding issues on Linecards aristanetworks/sonic#92

This reverts commit c4c621c614.
2023-07-05 10:42:46 -07:00
Ze Gan
2f8994999b
[dash-api]: Add dash-api and related protobuf library (#14515)
Why I did it
For the DASH scenario, the APP_DB will be optimized by protobuf message for less memory consumption.

How I did it
Download the Debian package of protobuf 3.21.12 and create a corresponding rule for building it.
Add a submodule of sonic-dash-api and generated its Debian package which includes C++ library and Python library

How to verify it
Check artifacts of Azp that the protobuf-related and dash-api deb packages should be generated.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2023-07-05 09:59:35 -07:00
mssonicbld
de65640633
[ci/build]: Upgrade SONiC package versions (#15715) 2023-07-05 18:37:13 +08:00
kenneth-arista
1dfe35cadb
Add YANG model for FABRIC_PORT (#15629)
#### Why I did it

Introduce YANG model for FABRIC in CONFIG_DB, which was added in https://github.com/sonic-net/sonic-buildimage/pull/14170.

#### How I did it

This is a clone of @jfeng-arista's PR https://github.com/sonic-net/sonic-buildimage/pull/14282 to resolve conflicts with upstream changes. 

#### How to verify it

Passing pipeline build is sufficient.
2023-07-03 13:57:26 -07:00
mssonicbld
7ef59d556b
[ci/build]: Upgrade SONiC package versions (#15706) 2023-07-03 19:18:54 +08:00
mssonicbld
aa5164ef09
[ci/build]: Upgrade SONiC package versions (#15647) 2023-07-01 18:39:31 +08:00
mssonicbld
91fb7836fd
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#15697)
#### Why I did it
src/sonic-platform-common
```
* 10af810 - (HEAD -> master, origin/master, origin/HEAD) More prevention of fatal exception caused by VDM dictionary missing fields when a transceiver has just been pulled (#376) (5 hours ago) [snider-nokia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-01 16:34:13 +08:00
mssonicbld
eb9639edba
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#15699) 2023-07-01 15:20:46 +08:00
Andrew Sapronov
c190a8f795
[Netberg][Barefoot] Added support for Aurora 710 (#15298)
* [202012][platform/barefoot] (#8543)

Why I did it
Pcied running by python 2.

How I did it
dropped python2 support and add python3 support for pcied in file docker-pmon.supervisord.conf.j2

How to verify it
docker exec pmon supervisorctl status

* [Netberg][nba710] Added initial support for Aurora 710

Signed-off-by: Andrew Sapronov <andrew.sapronov@gmail.com>

---------

Signed-off-by: Andrew Sapronov <andrew.sapronov@gmail.com>
Co-authored-by: Kostiantyn Yarovyi <kostiantynx.yarovyi@intel.com>
2023-06-30 17:30:07 -07:00
Lawrence Lee
b4a3711a95
[arp_update]: Fix IPv6 neighbor race condition (#15583)
* [arp_update]: Fix IPv6 neighbor race condition on dualtors
Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2023-06-30 14:06:25 -07:00
Hua Liu
c91707ff31
Migrate flush_unused_database from py-redis to sonic-swss-common (#15511)
Migrate flush_unused_database from py-redis to sonic-swss-common

#### Why I did it
flush_unused_database using py-redis, but sonic-swss-common already support flushdb, so we need migrate to sonic-swss-common

##### Work item tracking
- Microsoft ADO **(number only)**: 24292565

#### How I did it
Migrate flush_unused_database from py-redis to sonic-swss-common

#### How to verify it
Pass all UT and E2E test

#### Description for the changelog
Migrate flush_unused_database from py-redis to sonic-swss-common
2023-06-29 15:08:54 -07:00
snider-nokia
aa46167fdd
[Nokia][sonic-platform] Update Nokia sonic-platform submodule (#15239)
Why I did it
To support dynamic swapping of module types/speeds (400G/100G/40G)
To optimize CMIS ZR optics operation
How I did it
Reinitialize xcvr_api at module removal/insertion time, and also optimize cache for ZR optics.

How to verify it
Verify that different (supported) module types can be dynamically swapped (removed/inserted) and that each is properly provisioned by Xcvrd and has its EEPROM information accurately reported in Redis DB (using "show transceiver eeprom") as well as "sfputil show eeprom" direct access.

Also verify that Xcvrd initialization and operation with 400G CMIS ZR optics is both efficient and functional.
** edit 6/14/23: pushed enhanced caching (full memory map) support and elimination of base class APIs override.
2023-06-29 11:05:45 -07:00
mssonicbld
874390a14e
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#15658) 2023-06-29 16:29:45 +08:00
mssonicbld
5aaa65db6c
[submodule] Update submodule sonic-restapi to the latest HEAD automatically (#15657) 2023-06-29 15:06:03 +08:00
Stepan Blyshchak
1ebdcda9e3
[nvidia] make sure shared storage with syncd is cleared on restarts (#14547)
Why I did it
Sharing the storage of syncd with other proprietary application extensions allows them to communicate with syncd in differnt ways.
If one container wants to pass some information to syncd then shared storage can be used. However, today the shared storage isn't cleaned on restarts making it possible for syncd to read out-of-date information generated in the past.

NOTE: No plans to use it for standard SONIC dockers and we are working on removing the SDK dependency from PMON docker

How I did it
Implemented new service to clean the shared storage.

How to verify it
Do reboot/fast-reboot/warm-reboot/config-reload/systemctl restart swss and verify /tmp/ is cleaned after each restart in syncd container.

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
2023-06-28 15:26:49 -07:00
mssonicbld
a06ffc9f0c
[submodule] Update submodule sonic-host-services to the latest HEAD automatically (#15645)
#### Why I did it
src/sonic-host-services
```
* bc08806 - (HEAD -> master, origin/master, origin/HEAD) Implemented ssh configurations (#32) (14 hours ago) [ycoheNvidia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-06-28 16:37:28 +08:00
mssonicbld
42671e75b6
[submodule] Update submodule sonic-restapi to the latest HEAD automatically (#15646) 2023-06-28 15:21:50 +08:00
xumia
f0617c7f9a
[Ci] Support to build sonic-swss-common for test (#15566)
#### Why I did it
[Ci] Support to build sonic-swss-common for test

##### Work item tracking
- Microsoft ADO **(number only)**: 24341479
2023-06-27 14:40:20 -07:00
prabhataravind
d4de62d155
[docker-sonic-vs]: dd NPU SKU for docker-sonic-vs (#15604)
Define a generic 2-port NPU SKU for docker-sonic-vs to 
enable DASH vstests to pass on azure pipelines

Work item tracking
Microsoft ADO 24375371:

How I did it
Define a generic 2-port NPU hwsku that is used only for DASH-specific vstests.

Signed-off-by: Prabhat Aravind <paravind@microsoft.com>
2023-06-27 14:10:53 -07:00
siqbal1986
bf5b72a356
Vnet monitor table cleanup (#15399)
* Added  VNET_MONITOR_TABLE, BFD_SESSION_TABLE, to the listof tables to be cleaned up after swss restart.
* Added  VNET_ROUTE* table in cleanup. This should cover VNET_ROUTE_TUNNEL_TABLE as well.
2023-06-27 12:53:56 -07:00
Clark Lee
8b21b612ae
[sonic-pit] Add PIT(Platform Integration Test) feature, second part, … (#12530)
* [sonic-pit] Add PIT(Platform Integration Test) feature, second part, add 6 test cases.

Signed-off-by: Li Hua <guizhao.lh@alibaba-inc.com>

* Add missing test case configuration and platform configuration.

Signed-off-by: Li Hua <guizhao.lh@alibaba-inc.com>

* Remove unsed comment, replace duplicated function with import from other moduls.

---------

Signed-off-by: Li Hua <guizhao.lh@alibaba-inc.com>
2023-06-27 07:09:23 -07:00
mssonicbld
2047e5c6ed
[submodule] Update submodule dhcpmon to the latest HEAD automatically (#15634)
#### Why I did it
src/dhcpmon
```
* 824a144 - (HEAD -> master, origin/master, origin/HEAD) replace atoi with strtol (#6) (3 hours ago) [Mai Bui]
* 32c0c3f - Fix libswsscommon package installation for non-amd64 (#7) (6 hours ago) [Saikrishna Arcot]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-06-27 16:37:44 +08:00
mssonicbld
bacba1f988
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#15635)
#### Why I did it
src/sonic-swss
```
* a67f684f - (HEAD -> master, origin/master, origin/HEAD) [hash]: Implement GH backend (#2598) (3 hours ago) [Nazarii Hnydyn]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-06-27 16:37:39 +08:00
Ye Jianquan
4449d473ae
[CI/CD] Refine t0 sonic and remove SPECIFIED_PARAMS (#15625)
Why I did it
t0-sonic's specific params has been set on sonic-mgmt repo, remove useless SPECIFIED_PARAMS usage
2023-06-27 11:01:41 +08:00
Prince George
05f326eed9
Move /var/log to RAM for Mellanox SN2700, Nokia 7215 and Dell S6100 (#15077)
* add ONIE_PLATFORM_EXTRA_CMDLINE_LINUX to kernel bootparam
2023-06-26 10:58:39 -07:00
Samuel Angebault
4e43484f1d
[Arista] Update platform library submodules (#15405)
- fix pcied leak on chassis
- fix fan status led setting on fixed systems
- misc fixes
2023-06-26 10:57:08 -07:00
Rajkumar-Marvell
ec6723d4a3
[Marvell] Update arm64 sai debian (#15602)
- SAI-1.12.0 support

Signed-off-by: rajkumar38 <rpennadamram@marvell.com>
2023-06-26 10:53:37 -07:00
xumia
f154ff0a1c
Add the release 202211/202203 in the README.md (#15593) 2023-06-26 10:23:49 -07:00
mssonicbld
aa11acdddd [ci/build]: Upgrade SONiC package versions 2023-06-26 20:55:55 +08:00
ycoheNvidia
ccf1cd57ca
Add support for secure upgrade (#11862)
- What I did
Added support for secure upgrade.

- How I did it
During sonic_installer install, added secure upgrade image verification.
HLD can be found in the following PR: sonic-net/SONiC#1024

- Why I did it
Feature is used to allow image was not modified since built from vendor. During installation, image can be verified with a signature attached to it.

- How I did it
Feature includes image signing during build (in sonic buildimage repo) and verification during image install (in sonic-utilities).

- How to verify it
In order for image verification - image must be signed - need to provide signing key and certificate (paths in SECURE_UPGRADE_DEV_SIGNING_KEY and SECURE_UPGRADE_DEV_SIGNING_CERT in rules/config) during build , and during image install, need to enable secure boot flag in bios, and signing_certificate should be available in bios.

- Feature dependencies
In order for this feature to work smoothly, need to have secure boot feature implemented as well.
The Secure boot feature will be merged in the near future.
2023-06-26 12:04:40 +03:00