#### Why I did it
To address https://github.com/Azure/sonic-buildimage/issues/11110 - Add yang model unit test for check_up_status field type
#### How I did it
Add check_up_status with different values in sample_config_db.json and
the field with correct and incorrect values in feature.json
#### How to verify it
Build sonic_yang_models-1.0-py3-none-any.whl
Added initial set of config files to allow for booting and partial traffic testing in SONiC on the 720DT-48S.
How to verify it
- Switch boots
- show interfaces status shows links up on interfaces Ethernet24-51
- Traffic flows with no errors on interfaces Ethernet24-51
Why I did it
To return 'False' in update_firmware component API in DellEMC Z9332f platform, if the firmware image is not present in the provided image path.
How I did it
Updated 'update_firmware' in component.py to return False if image is not found in location provided by 'image_path'
How to verify it
Verified that the API returns False when an invalid image path is specified.
#### Why I did it
Revert PR '[Submodule] Update src/sonic-py-swsssdk #10996' which break UT in sonic-swss and sonic-swss-common
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Revert PR '[Submodule] Update src/sonic-py-swsssdk #10996'
#### Link to config_db schema for YANG module changes
#### A picture of a cute animal (not mandatory but encouraged)
- Why I did it
New security feature for enforcing strong passwords when login or changing passwords of existing users into the switch.
- How I did it
By using mainly Linux package named pam-cracklib that support the enforcement of user passwords, the daemon named hostcfgd, will support add/modify password policies that enforce and strengthen the user passwords.
- How to verify it
Manually Verification-
1. Enable the feature, using the new sonic-cli command passw-hardening or manually add the password hardening table like shown in HLD by using redis-cli command
2. Change password policies manually like in step 1.
Notes:
password hardening CLI can be found in sonic-utilities repo-
P.R: Add support for Password Hardening sonic-utilities#2121
code config path: config/plugins/sonic-passwh_yang.py
code show path: show/plugins/sonic-passwh_yang.py
3. Create a new user (using adduser command) or modify an existing password by using passwd command in the terminal. And it will now request a strong password instead of default linux policies.
Automatic Verification - Unitest:
This PR contained unitest that cover:
1. test default init values of the feature in PAM files
2. test all the types of classes policies supported by the feature in PAM files
3. test aging policy configuration in PAM files
- Why I did it
This is for the eventual support of multiple architectures for the mellanox platform.
- How I did it
Change the location of the binaries in Switch-SDK-drivers so that the path specifies the target architecture in addition to the target distribution that the debians are built for.
This is the most straightforward way to separate binaries built against different architectures and selectively target them for installation in the mellanox SONiC image.
- How to verify it
Build SONiC for mellanox and verify it compiles successfully.
Signed-off-by: bingwang <wang.bing@microsoft.com>
Why I did it
This PR brings two changes
Add lossy PG profile for PG2 and PG6 on T1 for ports between T1 and T2.
After PR Update qos config to clear queues for bounced back traffic #10176 , the DSCP_TO_TC_MAP and TC_TO_PG_MAP is updated when remapping is enable
DSCP_TO_TC_MAP
Before After Why do this change
"2" : "1" "2" : "2" Only change for leaf router to map DSCP 2 to TC 2 as TC 2 will be used for lossless TC
"6" : "1" "6" : "6" Only change for leaf router to map DSCP 6 to TC 6 as TC 6 will be used for lossless TC
TC_TO_PRIORITY_GROUP_MAP
Before After Why do this change
"2" : "0" "2" : "2" Only change for leaf router to map TC 2 to PG 2 as PG 2 will be used for lossless PG
"6" : "0" "6" : "6" Only change for leaf router to map TC 6 to PG 6 as PG 6 will be used for lossless PG
So, we have two new lossy PGs (2 and 6) for the T2 facing ports on T1, and two new lossless PGs (2 and 6) for the T0 facing port on T1.
However, there is no lossy PG profile for the T2 facing ports on T1. The lossless PGs for ports between T1 and T0 have been handled by buffermgrd .Therefore, We need to add lossy PG profiles for T2 facing ports on T1.
We don't have this issue on T0 because PG 2 and PG 6 are lossless PGs, and there is no lossy traffic mapped to PG 2 and PG 6
Map port level TC7 to PG0
Before the PCBB change, DSCP48 -> TC 6 -> PG 0.
After the PCBB change, DSCP48 -> TC 7 -> PG 7
Actually, we can map TC7 to PG0 to save a lossy PG.
How I did it
Update the qos and buffer template.
How to verify it
Verified by UT.
- Why I did it
While doing config reload, FEATURE table may be removed and re-add. During this process, updating FEATURE table is not atomic. It could be that the FEATURE table has entry, but each entry has no field. This PR introduces a retry mechanism to avoid this.
- How I did it
Introduces a retry mechanism to avoid this.
- How to verify it
New unit test added to verify the flow as well as running some manual test.
- Why I did it
To provide an ability to suppress ASAN false positives and have a clean ASAN report for docker-sonic-vs/mlnx-syncd/orchagent docker
- How I did it
Added the "print_suppressions=0" to ASAN configs.
- How to verify it
add a suppression to some ASAN-enabled component (the suppression should catch some leak)
build with ENABLE_ASAN=y
run a test and see that the ASAN report is empty instead of having the suppression summary
Signed-off-by: Yakiv Huryk <yhuryk@nvidia.com>
Swss commits:
93af69c [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (#2304)
37349cf [swssconfig] Optimize performance of swssconfig (#2336)
84e9b07 [fdborch] fix heap-use-after-free in clearFdbEntry() (#2353)
1b8bd94 Create ACL table fails due to incorrect check for supported ACL actions #11235 (#2351)
1ed0b4b [macsec] Refactor the logic of macsec name map (#2348)
f88f992 [mock_tests] Add Sflow Orch UTs (#2295)
ec57bf1 [macsec] Update macsec flex counter (#2338)
6e0fc85 [ACL] Support stage particular match fields (#2341)
efb4530 [orchagent, DTel]: report session support to set user vrf (#2326)
d82874d Fix for "orchagent crashed when trying to delete fdb static entry with swssconfig #11046" (#2332)
0c789e6 Fix qos map test in vs test (#2343)
1bb5070 Enhance mock test for dynamic buffer manager for port removing and qos reload flows (#2262)
700492f [aclorch] Fix and simplify DTel watchlist tables and entries (#2155)
Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2022-06-24 93af69c: [PFC_WD] Avoid applying ZeroBuffer Profiles to ingress PG when a PFC storm is detected (Azure/sonic-swss#2304)
2022-06-24 37349cf: [swssconfig] Optimize performance of swssconfig (Azure/sonic-swss#2336)
2022-06-24 84e9b07: [fdborch] fix heap-use-after-free in clearFdbEntry() (Azure/sonic-swss#2353)
2022-06-24 1b8bd94: Create ACL table fails due to incorrect check for supported ACL actions #11235 (Azure/sonic-swss#2351)
2022-06-24 1ed0b4b: [macsec] Refactor the logic of macsec name map (Azure/sonic-swss#2348)
2022-06-23 f88f992: [mock_tests] Add Sflow Orch UTs (Azure/sonic-swss#2295)
2022-06-23 ec57bf1: [macsec] Update macsec flex counter (Azure/sonic-swss#2338)
2022-06-22 6e0fc85: [ACL] Support stage particular match fields (Azure/sonic-swss#2341)
2022-06-22 efb4530: [orchagent, DTel]: report session support to set user vrf (Azure/sonic-swss#2326)
2022-06-22 d82874d: Fix for "orchagent crashed when trying to delete fdb static entry with swssconfig #11046" (Azure/sonic-swss#2332)
2022-06-22 0c789e6: Fix qos map test in vs test (Azure/sonic-swss#2343)
2022-06-17 1bb5070: Enhance mock test for dynamic buffer manager for port removing and qos reload flows (Azure/sonic-swss#2262)
2022-06-16 700492f: [aclorch] Fix and simplify DTel watchlist tables and entries (Azure/sonic-swss#2155)
Updating sonic-utilities submodule with the below commits
f64d280 [sfpshow/sfputil] Enhance sfpshow and sfputil to behavior correctly on RJ45 ports
2f6a547 Image-installer: Fix duplication of image prefix
cc775ab [generate dump] Move the Core/Log collection to the End of process Execution and removed default timeout
6dbb4bd Add an option in queue stat to display voq counters
248ddd5 Gives cisco-8000 more flexibility to easily add subcommnads under show platform
9f2607d [config reload] Fixing config reload when timer based services are disabled
#### Why I did it
Fix the build with updated sairedis
#### How I did it
Specify nopython2 for syncd and fixed a copy paste mistake for libsairedis
#### How to verify it
Run build with updated sairedis
This reverts commit 90a849ea85.
#### Why I did it
The interfaces unit test did not cover some of the conditions in interfaces.j2 that was changed in #11204. Therefore reverting the change and add the tests before making the change to interfaces.j2.
#### How I did it
Git revert.
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
#### Link to config_db schema for YANG module changes
#### A picture of a cute animal (not mandatory but encouraged)
Updating sonic-utilities sub module with the following commits
ca785a2 Remove sonic-db-cli
#### Why I did it
To fix sonic-db-cli high CPU usage on SONiC startup issue: https://github.com/Azure/sonic-buildimage/issues/10218
sonic-db-cli re-write with c++ and move to sonic-swss-common repo.
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
#### Description for the changelog
ca785a2 Remove sonic-db-cli
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
Updating sonic-utilities sub module with the following commits
40a685c [azp] Fix the 'make check' failure at the step 'Compile sonic sairedis'
ecf5bbc [sonic-cli] Fix sonic-db-cli output format not backward compatible with python version issue.
34c4b05 [portcounter] Check if counter ID exists before arithmetic operation
#### Why I did it
To fix sonic-db-cli output format not backward compatible with python version issue, need update sonic-swss-common submodule.
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
#### Description for the changelog
40a685c [azp] Fix the 'make check' failure at the step 'Compile sonic sairedis'
ecf5bbc [sonic-cli] Fix sonic-db-cli output format not backward compatible with python version issue.
34c4b05 [portcounter] Check if counter ID exists before arithmetic operation
#### A picture of a cute animal (not mandatory but encouraged)
To ensure that ASAN logs are always generated. Currently, the way to get the logs is to map the "/var/log/asan" outside of a container, which doesn't work for DVS test run with "--imgname" option.
Signed-off-by: Yakiv Huryk <yhuryk@nvidia.com>
- Why I did it
To implement Syslog Source IP feature based on HLD: https://github.com/sonic-net/SONiC/pull/1002
- How I did it
Added the relevant yang model
- How to verify it
Added unit test
Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
#### Why I did it
Support the following tables which were introduced during dynamic buffer calculation
- LOSSLESS_TRAFFIC_PATTERN
- DEFAULT_LOSSLESS_BUFFER_PARAMETER
#### How I did it
- LOSSLESS_TRAFFIC_PATTERN
|name|type|range|mandatory|description|
|---|---|---|---|---|
|mtu|uint16|64~10240|true|The maximum packet size of a lossless packet|
|small_packet_percentage|uint8|0~100|true|The percentage of small packet|
- DEFAULT_LOSSLESS_BUFFER_PARAMETER
|name|type|range|mandatory|description|
|---|---|---|---|---|
|default_dynamic_th|int8|-8~7|true|The default dynamic_th for all buffer profiles that are dynamically generated for lossless PG|
|over_subscribe_ratio|uint16|-|false|The oversubscribe ratio for shared headroom pool.|
|||||Semantically, the upper bound is the number of physical ports but it can not be represented in the yang module. So we keep the upper bound open. As the type is (signed) integer whose lower bound is 0 by nature, we do not need to specify the range.|
#### How to verify it
Run unit test
Update the bcm config file system_ref_core_clock_khz param to handlesystems with J2cplus linecards.
We need system_ref_core_clock_khz to be set to 1600000 for supporting j2 and j2cplus linecards on the same chassis.
#### Why I did it
There might be a case where service checker periodic operation determined that specific container is running but when it tries to perform an operation on it, it was already closed by the user. This is a valid flow and we should not log an error message, informative warning is enough.
#### How I did it
I reduce log severity.
#### How to verify it
I verified it manually.
The return statement does not end with a semicolon in function scheduler_csm_socket_cleanup, which generates a compilation warning and may cause unexpected problems.
Signed-off-by: ouxiaolong <ouxiaolong@asterfusion.com>
05c79ef Fix header for the output table following 'show ipv6 interface' command (#2219)
fc5633f increase coverage to 80% (#2214)
c0dffba [config][muxcable] fix minor config DB logic issue (#2210)
a50eca0 [generic-config-updater] Add NTP validator (#2212)
a3d1345 [gendump] Add Support to dump BCM-DNX commands (#1813)
bb185d5 [yang] remove mistakenly added parameter for 'get_module_name' (#2193)
2cccf26 [counters] skip showing counters that are not enabled (#2199)
ff05bc8 [config][muxcable] Add support for displaying soc_ipv4 and cable_type in config/show muxcable commands (#2189)
3197f39 Add check to not allow deleting PO if its member of vlan. (#2141)
2513da1 [dump] Optimized dump state cli and modified tests to not use common data (#2175)
9e310e5 Fix sonic-installer and 'show version' command crash when database docker not running issue. (#2183)
4ad70b9 [sonic-installer] use host docker startup arguments when running dockerd in chroot (#2179)
3d3c89b fix for non-coherent cmis modules (#2163)
2054680 [subinterface] Fix route add command to accept subinterface as dev (#2180)
5383e92 [subinterface]Avoid removing the subinterface when last configured ip is removed (#2181)
f5af780 [GCU] Handling type1 lists (#2171)
4516179 [yang] extend ConfigMgmt constructor to pass YANG options (#2118)
2f53bd4 [dump] implement ACL modules (#2153)
494dd62 show commands for SYSTEM READY (#1851)
4fc09b1 [GCU] Handling non-compliant leaf-list with string values (#2174)
675c7b6 Add sonic-delayed.target to Application Extension .timer file generator (#2176)
c587933 [portconfig] Allow to configure interface mtu for physical ports only
9881f3e Broadcast Unknown-multicast and Unknown-unicast Storm-control (#928)
88286cb sonic-utils: initial support for link-training (#2071)
- Why I did it
When LLDP is disabled through feature command, it gets spawned after reboot.
- How I did it
In syncd.sh check if the service is enabled before spawning automatically during cold reboot.
- How to verify it
Disable lldp feature. Perform cold reboot and verify its not spawned.
* [Interfaces] Modify template to support multiple management interfaces
* Modify minigraph to process interfaces in sorted order
Signed-off-by: Ubuntu <gechen@gechen-sonic-dev.d0r25nej54guppclip4gpy5b5a.jx.internal.cloudapp.net>
* Add UT minigraph
Signed-off-by: Ubuntu <gechen@gechen-sonic-dev.d0r25nej54guppclip4gpy5b5a.jx.internal.cloudapp.net>
* make case insensitve comparison
Signed-off-by: George Chen <gechen@microsoft.com>
* Use natural sort
Signed-off-by: George Chen <gechen@microsoft.com>
Co-authored-by: Ubuntu <gechen@gechen-sonic-dev.d0r25nej54guppclip4gpy5b5a.jx.internal.cloudapp.net>
Why I did it
The t0-sonic pool has been fixed, so add it back to azp checker.
How I did it
Remove continueOnError in run-test-template.yml.
Signed-off-by: Ze Gan <ganze718@gmail.com>
Why I did it
Support to use symbol links in platform folder to reduce the image size.
The current solution is to copy each lazy installation targets (xxx.deb files) to each of the folders in the platform folder. The size will keep growing when more and more packages added in the platform folder. For cisco-8000 as an example, the size will be up to 2G, while most of them are duplicate packages in the platform folder.
How I did it
Create a new folder in platform/common, all the deb packages are copied to the folder, any other folders where use the packages are the symbol links to the common folder.
Why platform.tar?
We have implemented a patch for it, see #10775, but the problem is the the onie use really old unzip version, cannot support the symbol links.
The current solution is similar to the PR 10775, but make the platform folder into a tar package, which can be supported by onie. During the installation, the package.tar will be extracted to the original folder and removed.
* Support new platform SN2201 and RJ45 port
Signed-off-by: Kebo Liu <kebol@nvidia.com>
* remove unused import and redundant function
Signed-off-by: Kebo Liu <kebol@nvidia.com>
* fix error introduced by rebase
Signed-off-by: Kebo Liu <kebol@nvidia.com>
* Revert the special handling of RJ45 ports (#56)
* Revert the special handling of RJ45 ports
sfp.py
sfp_event.py
chassis.py
Signed-off-by: Stephen Sun <stephens@nvidia.com>
* Remove deadcode
Signed-off-by: Stephen Sun <stephens@nvidia.com>
* Support CPLD update for SN2201
A new class is introduced, deriving from ComponentCPLD and overloading _install_firmware
Change _install_firmware from private (starting with __) to protected, making it overloadable
Signed-off-by: Stephen Sun <stephens@nvidia.com>
* Initialize component BIOS/CPLD
Signed-off-by: Stephen Sun <stephens@nvidia.com>
* Remove swb_amb which doesn't on DVT board any more
Signed-off-by: Stephen Sun <stephens@nvidia.com>
* Remove the unexisted sensor - switch board ambient - from platform.json
Signed-off-by: Stephen Sun <stephens@nvidia.com>
* Do not report error on receiving unknown status on RJ45 ports
Translate it to disconnect for RJ45 ports
Report error for xSFP ports
Signed-off-by: Stephen Sun <stephens@nvidia.com>
* Add reinit for RJ45 to avoid exception
Signed-off-by: Stephen Sun <stephens@nvidia.com>
Co-authored-by: Stephen Sun <5379172+stephenxs@users.noreply.github.com>
Co-authored-by: Stephen Sun <stephens@nvidia.com>
* [sflow + dropmon] added INCLUDE_SFLOW_DROPMON flag, added patches for hsflowd
*Added a capability of monitoring dropped packets for the sFlow daemon in order to improve network - monitoring, diagnostic, and troubleshooting. The drop monitor service allows the sFlow daemon to export another type of sample - dropped packets as Discard samples alongside Counter samples and Packet Flow samples.
Signed-off-by: Vadym Hlushko <vadymh@nvidia.com>
- Why I did it
Need to execute mlxreg inside pmon docker
- How I did it
Add MFT package to pmon Makefile
- How to verify it
Install image, go to pmon : docker exec -it pmon bash, exec mlxreg
Verifiy warm, fast and cold reboot while MFT is being called in pmon constantly
Signed-off-by: Andriy Yurkiv <ayurkiv@nvidia.com>
- Why I did it
An issue is encountered when a value "False" is written for a feature in "check_up_status" field, which does not pass YANG validation.
- How I did it
We usually use stypes::boolean_type for such fields, even in this YANG model. This custom type, supports "False" value.
- How to verify it
Write "False" in "check_up_status" field and see if YANG validation passes.
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>