Commit Graph

1167 Commits

Author SHA1 Message Date
wumiao_nokia
0c44d3ddff
Make macsec container to build with bookworm (#18148)
Why I did it
We Nokia took the task to make macsec container to work with bookworm.

This PR requires another PR for sonic-wpa-supplicant(sonic-net/sonic-wpa-supplicant#80) to be in first. Otherwise sonic build will fail for bookworm wpasupplicant debian package.

How I did it
How to verify it
After build and boot up system with new image, macsec container should run with bookworm. Corresponding mgmt macsec suite will work here.

Which release branch to backport (provide reason below if selected)
Tested branch (Please provide the tested image version)
Tested with latest master of sonic-buildimage. Built vs image and loaded into vs testing environment. Code pass with macsec test suites.

Description for the changelog
Make macsec container to build with bookworm
2024-03-05 07:47:07 +08:00
Liu Shilong
5e23a6bc93
[build] Use public storage for public resources. (#18038) 2024-02-27 17:45:49 -08:00
Mridul Bajpai
54c1a49634
Sensormond support (#16089)
Enable Sensormon daemon in PMON container.
Pls see HLD : sonic-net/SONiC#1394
2024-02-23 22:25:48 -08:00
Xichen96
2244aa2d7b
[dhcp_server] add config dhcp server option (#18013)
* add dhcp server option cli
2024-02-21 16:52:51 -08:00
Saikrishna Arcot
8506826348
Update the database, teamd, and radv containers to Bookworm (#18108)
* Update Redis DB start options for multi-asic and chassis cases

Starting with Redis 7.0 (specifically, redis/redis#9034), setting a
custom `--bind` address on the command line no longer disables protected
mode (which blocks connections from non-localhost IP addresses unless a
password is set). For multi-asic and chassis database DBs, we currently
specify a non-localhost IP address and do not specify any password,
which means this change would break things there.

To work around this, if we are specifying a non-localhost IP address on
the command line, then disable protected mode.

* Clean up debug pacakge list for docker-teamd

The debug pacakges for swss and libswsscommon are already installed by
docker-swss-layer-bookworm and docker-config-engine-bookworm, so they
don't need to be specified here again.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2024-02-21 13:22:07 -08:00
ShiyanWangMS
df70bd304b
Remove Python3 venv from sonic-mgmt-docker build file (#18130)
Why I did it
This is sonic-mgmt-docker Python3 migration.

How I did it
Remove Python3 venv from sonic-mgmt-docker

How to verify it
Compile docker and verify the Python3 venv is NOT there.
2024-02-21 16:39:17 +08:00
Saikrishna Arcot
fe0a5e1285
Install netaddr 0.10.1 in the Python 2 part of sonic-mgmt (#18094)
Recently, netaddr 1.0.0 was released, which dropped Python 2 support
entirely. Because of this, an empty netaddr package is installed for
Python 2. Ansible still uses Python 2, so this needs to remain
functional. The Python 3 part of sonic-mgmt is fine.

Pin the version of netaddr installed in Python 2 to 0.10.1, the last
supported version.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2024-02-13 20:40:25 -08:00
Saikrishna Arcot
34bdfc8b39
Add Bookworm swss-layer (#18062)
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2024-02-09 15:56:26 -08:00
jfeng-arista
5a20589415
Start fabric mgr daemon in swss container. (#17473)
The fabricmgr daemon started in vs environment for testing from #16791, we now start the daemon in product code.
2024-02-07 23:45:10 -08:00
Oleksandr Ivantsiv
ea02734b8d
[dhcp-server] Change the kea-dhcp4 PID file directory to tmpfs. (#17974) 2024-02-05 10:26:46 -08:00
Ze Gan
1c901b8f12
[docker-database]: Install sonic-dash-api CLI in database container (#17479)
Add sonic-dash-api CLI in database container for decoding the dash objects from protobuf to readable json.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2024-02-01 11:13:51 -08:00
Zain Budhwani
c8439cdd4b
Disable eventd and rsyslog plugin in slim images (#17905)
### Why I did it

Disable eventd at buildtime for slim images

##### Work item tracking
- Microsoft ADO **(number only)**:26386286

#### How I did it

Add flags for disabling eventd and only copy rsyslog conf files when eventd is included and not slim image

#### How to verify it

Manual testing
2024-01-30 22:14:23 -08:00
Xichen96
caefe1d17b
[Dhcp_server] add config dhcp_server bind/unbind (#17811)
* add dhcp_server bind/unbind
2024-01-24 19:38:29 -08:00
Yaqiang Zhu
2c08e90203
[dhcp_server] Update dhcp_server container to bookworm (#17647) 2024-01-23 08:33:00 -08:00
Yaqiang Zhu
27edaf7857
[dhcp_server] Remove dependency in port-name-alias-map.txt.j2 (#17858)
* [dhcp_server] Remove dependency in port-name-alias-map.txt.j2
2024-01-22 15:21:16 -08:00
Nazarii Hnydyn
ac09abd72a
[sonic-cfggen]: Optimize template rendering and database access. (#17740)
#### Why I did it
* Improved switch init time

### How I did it
* Replaced: `sonic-cfggen` -> `sonic-db-cli`
* Aggregated template list for `sonic-cfggen`

#### How to verify it
1. Run `warm-reboot`
2024-01-19 21:52:30 -08:00
Saikrishna Arcot
96ae68fedf
Fix docker-base-bookworm build (#17795)
* Add missing pip.conf for docker-base-bookworm

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2024-01-19 17:25:31 -08:00
Zhijian Li
6a8aea8d50
[docker-sonic-mgmt] Upgrade scapy to 2.5.0 (#17738) 2024-01-19 09:11:52 -08:00
Longxiang Lyu
9a9ab183c8
[dualtor] Disable zebra link-detect for vlan interfaces (#17784)
* [dualtor] Disable zebra link-detect for vlan interfaces

Signed-off-by: Longxiang Lyu <lolv@microsoft.com>
2024-01-18 08:36:06 -08:00
Xichen96
a100f15ba2
[dhcp_server] add config dhcp server range (#17741)
* add range related function and ut
2024-01-16 19:24:57 -08:00
Saikrishna Arcot
3e3c7aa09d
Add Bookworm base and config-engine layers (#17742)
The layers compile for amd64; however, functionality has not been
tested.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2024-01-12 09:48:26 -08:00
Xichen96
24e995024b
[dhcp_server] improve show dhcp server output (#17734)
* fix show dhcp_server semantics
* show dhcp_server table format
2024-01-10 10:34:22 -08:00
Xichen96
0ecab6cfbc
[dhcp_server] add config dhcp_server update (#17736)
* add config dhcp_server update
2024-01-10 10:33:05 -08:00
Xichen96
6ceec9a78b
[dhcp_server] add show dhcp server port (#17491)
* add show dhcp_server port
2024-01-09 21:00:01 -08:00
Xichen96
5987dcf59e
add config dhcp_server disable (#17689) 2024-01-09 20:59:13 -08:00
abdosi
acb2e94475
[chassis] Added support of isolating given LC in Chassis with TSA mode (#16732)
What I did:
Added support when TSA is done on Line Card make sure it's completely
isolated from all e-BGP peer devices from this LC or remote LC

Why I did:
Currently when TSA is executed on LC routes are withdrawn from it's connected e-BGP peers only. e-BGP peers on remote LC can/will (via i-BGP) still have route pointing/attracting traffic towards this isolated LC.

How I did:

When TSA is applied on LC all the routes that are advertised via i-BGP are set with community tag of no-export so that when remote LC received these routes it does not send over to it's connected e-BGP peers.

Also once we receive the route with no-export  over iBGP match on it and and set the local preference of that route to lower value (80) so that we remove that route from the forwarding database. Below scenario explains why we do this:

- LC1 advertise R1 to LC3
- LC2 advertise R1 to LC3
- On LC3 we have multi-path/ECMP over both LC1 and LC2
- On LC3 R1 received from LC1 is consider best route over R1 over received from LC2 and is send to LC3 e-BGP peers
- Now we do TSA on LC2
- LC3 will receive R1 from LC2 with community no-export and from LC1 same as earlier (no change)
- LC3 will still get traffic for R1 since it is still advertised to e-BGP peers (since R1 from LC1 is best route)
- LC3 will forward to both LC1 and LC2 (ecmp) and this causes issue as LC2 is in TSA mode and should not receive traffic

To fix above scenario we change the preference to lower value of R1 received from LC2 so that it is removed from Multi-path/ECMP group.

How I verfiy:

UT has been added to make sure Template generation is correct
Manual Verification of the functionality
sonic-mgmt test case will be updated accordingly.
Please note this PR is on top of this :#16714 which needs to be merged first.

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2024-01-05 12:24:31 -08:00
Dev Ojha
a0e2082efd
Update Dockerfile.j2 (#17663) 2024-01-04 09:05:42 -08:00
Xichen96
ffe292a021
[dhcp_server] add config dhcp server enable (#17605)
* add config dhcp_server enable

* fix bug

* fix bug

* fix bug

* fix bug
2024-01-03 13:39:39 -08:00
Xichen96
7011e00eba
[dhcp_server] add dhcp server show option (#17469)
* add show dhcp_server option

* Option to option id
2024-01-03 13:39:03 -08:00
Ze Gan
0e58512353
[docker-databse]: Revise database_global schema for dpu (#17443)
### Why I did it
Revise DPU's database_global.json schema to achieve a more general design

### How I did it
1. Remove databse_type
2. Add a new field databse_name
2023-12-29 14:20:52 -08:00
Xichen96
08666100fc
[dhcp_server] add config dhcp server del (#17603)
* add config dhcp server del
2023-12-22 09:07:24 -08:00
Xichen96
13a16cf87f
[dhcp_server] add config dhcp_server add (#17489)
* dhcp_server add
* add test dup gw nm
2023-12-20 09:09:46 -08:00
Xichen96
1e92ba24ec
[dhcp_server] add show dhcp server info (#17468)
* add show dhcp server info
2023-12-20 09:07:32 -08:00
Junchao-Mellanox
f3f2972512
Optimize syslog rate limit feature for fast and warm boot (#17458)
- Why I did it
Optimize syslog rate limit feature for fast and warm boot

- How I did it
Optimize redis start time
Don't render rsyslog.conf in container startup script
Disable containercfgd by default. There is a new CLI to enable it (in another PR)

- How to verify it
Manual test
Regression test
2023-12-20 09:12:03 +02:00
Yaqiang Zhu
728df4e89d
[dhcp_relay] Optimize j2 file in dhcp_relay container (#17506) 2023-12-15 15:47:40 -08:00
Ze Gan
b21f33b8b1
[Azp]: Fix azp on building ubuntu20.04 and sonic-mgmt (#17439)
The Azp failed on ubuntu20.04 and sonic-mgmt building due to sonic-dash-api updating.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2023-12-13 22:49:04 -08:00
Xichen96
5992765d94
[dhcp_server] add show range cli (#17262)
* add show range

* add support for single ip
2023-12-07 14:50:38 -08:00
Ying Xie
2e072beb41
Revert "[pmon] update gRPC version to 1.57.0 (#16257)" (#17401)
This reverts commit 45a852233b.
2023-12-07 11:01:47 -08:00
SuvarnaMeenakshi
90dc254656
[SNMP]: Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG table (#17045)
#### Why I did it
SNMP query over IPv6 does not work due to issue in net-snmp where IPv6 query does not work on multi-nic environment.
To get around this, if snmpd listens on specific ipv4 or ipv6 address, then the issue is not seen.
We plan to configure Management IP and Loopback IP configured in minigraph.xml as SNMP_AGENT_ADDRESS in config_db., based on changes discussed in https://github.com/sonic-net/SONiC/pull/1457.

##### Work item tracking
- Microsoft ADO **(number only)**:26091228

#### How I did it
Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG with management and Loopback0 IP addresses.
Modify snmpd.conf.j2 to use SNMP_AGENT_ADDRESS_CONFIG table if it is present in config_db, if not listen on any IP.
Main change:
1. if minigraph.xml is used to configure the device, then snmpd will listen on mgmt and loopback IP addresses,
2. if config_db is used to configure the device, snmpd will listen IP present in SNMP_AGENT_ADDRESS_CONFIG  if that table is present, if table is not present snmpd will listen on any IP.
#### How to verify it
config_db.json created from minigraph.xml for single asic VS image with mgmt and Loopback IP addresses.
```
    "SNMP_AGENT_ADDRESS_CONFIG": {
        "10.1.0.32|161|": {},
        "10.250.0.101|161|": {},
        "FC00:1::32|161|": {},
        "fec0::ffff:afa:1|161|": {}
    },
 .....
 
 snmpd listening on the above IP addresses:
 admin@vlab-01:~$ sudo netstat -tulnp | grep 161
tcp        0      0 127.0.0.1:3161          0.0.0.0:*               LISTEN      71522/snmpd         
udp        0      0 10.250.0.101:161        0.0.0.0:*                           71522/snmpd         
udp        0      0 10.1.0.32:161           0.0.0.0:*                           71522/snmpd         
udp6       0      0 fec0::ffff:afa:1:161    :::*                                71522/snmpd         
udp6       0      0 fc00:1::32:161          :::*                                71522/snmpd  
```
2023-12-06 13:23:02 -08:00
Nazarii Hnydyn
1ff27db42f
[frr]: Force disable next hop group support. (#17344)
Signed-off-by: Nazarii Hnydyn nazariig@nvidia.com

Closes #17345

This W/A was proposed by Nvidia FRR team before the long term solution is ready.

Why I did it
A W/A to fix default route installation during LAG member flap
Work item tracking
N/A
How I did it
Disabled FRR next hop group support
How to verify it
Do LAG member flap
2023-12-06 11:09:54 +08:00
Ashwin Hiranniah
ada7c6a72e
Add pensando platform (#15978)
This commit adds support for pensando asic called ELBA. ELBA is used in pci based cards and in smartswitches.

#### Why I did it
This commit introduces pensando platform which is based on ELBA ASIC.
##### Work item tracking
- Microsoft ADO **(number only)**:

#### How I did it
Created platform/pensando folder and created makefiles specific to pensando.
This mainly creates pensando docker (which OEM's need to download before building an image) which has all the userspace to initialize and use the DPU (ELBA ASIC).
Output of the build process creates two images which can be used from ONIE and goldfw.
Recommendation is use to use ONIE.
#### How to verify it
Load the SONiC image via ONIE or goldfw and make sure the interfaces are UP.

##### Description for the changelog
Add pensando platform support.
2023-12-04 14:41:52 -08:00
Dev Ojha
19b216457e
[Snappi] Update snappi module on sonic-mgmt docker (#17269)
* Update snappi module on Dockerfile.j2

* Update snappi module on Dockerfile.j2

* Update snappi module for py2 and venv
2023-11-30 21:33:00 -08:00
ShiyanWangMS
eba6ef0aa9
Remove Python3 venv in Python3-only sonic-mgmt-docker (#17337)
How I did it
Remove Python3 venv in Python3-only sonic-mgmt-docker

How to verify it
There is no impact to sonic-mgmt-docker:latest tag.
Build sonic-mgmt-docker with LEGACY_SONIC_MGMT_DOCKER=y, see python3 venv is there.
Build sonic-mgmt-docker with LEGACY_SONIC_MGMT_DOCKER=n, see python3 venv is NOT included.
2023-11-30 09:23:25 +08:00
Yaqiang Zhu
da80593ecb
[dhcp_relay] Use dhcprelayd to manage critical processes (#17236)
Modify j2 template files in docker-dhcp-relay. Add dhcprelayd to group dhcp-relay instead of isc-dhcp-relay-VlanXXX, which would make dhcprelayd to become critical process.
In dhcprelayd, subscribe FEATURE table to check whether dhcp_server feature is enabled.
2.1 If dhcp_server feature is disabled, means we need original dhcp_relay functionality, dhcprelayd would do nothing. Because dhcrelay/dhcpmon configuration is generated in supervisord configuration, they will automatically run.
2.2 If dhcp_server feature is enabled, dhcprelayd will stop dhcpmon/dhcrelay processes started by supervisord and subscribe dhcp_server related tables in config_db to start dhcpmon/dhcrelay processes.
2.3 While dhcprelayd running, it will regularly check feature status (by default per 5s) and would encounter below 4 state change about dhcp_server feature:
A) disabled -> enabled
In this scenario, dhcprelayd will subscribe dhcp_server related tables and stop dhcpmon/dhcrelay processes started by supervisord and start new pair of dhcpmon/dhcrelay processes. After this, dhcpmon/dhcrelay processes are totally managed by dhcprelayd.
B) enabled -> enabled
In this scenaro, dhcprelayd will monitor db changes in dhcp_server related tables to determine whether to restart dhcpmon/dhrelay processes.
C) enabled -> disabled
In this scenario, dhcprelayd would unsubscribe dhcp_server related tables and kill dhcpmon/dhcrelay processes started by itself. And then dhcprelayd will start dhcpmon/dhcrelay processes via supervisorctl.
D) disabled -> disabled
dhcprelayd will check whether dhcrelay processes running status consistent with supervisord configuration file. If they are not consistent, dhcprelayd will kill itself, then dhcp_relay container will stop because dhcprelayd is critical process.
2023-11-27 09:30:01 -08:00
Shashanka Balakuntala
8b192a1151
[dhcp-relay]: Modify dhcp relay to pick primary address (#17012)
This is change taken as part of the HLD: sonic-net/SONiC#1470 and this is a follow up on the PR #16827 where in the docker-dhcp we pick the value of primary gateway of the interface from the VLAN_Interface table which has "secondary" flag set in the config_db

Microsoft ADO (number only): 16784946

How did I do it
-  Changes in the j2 file to add a new "-pg" parameter in the dhcpv4-relay.agents.j2, the ip would be retrieved from the config db's vlan_interface table such that the interface which are picked will have secondary field set.

- Changes in isc-dhcp to re-order the addresses of the discovered interface and which has the ip which has the passed parameter.
2023-11-22 15:05:32 -08:00
Saikrishna Arcot
730faa152a Fix docker-sonic-mgmt-framework for armhf
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-11-21 18:53:15 -08:00
Ze Gan
a87cddc6c9
[docker-database-init.sh]: Fix wrong creating of database_global.json in multi asic platform (#17221)
Fix bug: #17161 (comment)
multi-asic platforms it will never go to the else part as DATABASE_TYPE is always ""


Microsoft ADO (number only): 25072889

Move the checker NAMESPACE_ID == "" back

Signed-off-by: Ze Gan <ganze718@gmail.com>
2023-11-21 09:41:20 -08:00
Xichen96
ee38e2447d
[dhcp_server] Add show dhcp_server ipv4 lease (#17125)
* Add show dhcp_server ipv4 lease
* add ut for show dhcp_server ipv4 lease
2023-11-21 08:42:07 -08:00
abdosi
4a7aa2634f
[chassis] Support advertisement of Loopback0 of all LC's across all e-BGP peers in TSA mode (#16714)
What I did:
In Chassis TSA mode Loopback0 Ip's of each LC's should be advertise through e-BGP peers of each remote LC's

How I did:

- Route-map policy to Advertise own/self Loopback IP to other internal iBGP peers with a community internal_community as define in constants.yml
- Route-map policy to match on above internal_community when route is received from internal iBGP peers and set a internal tag as define in constants.yml and also delete the internal_community so we don't send to any of e-BGP peers
- In TSA new route-map match on above internal tag and permit the route (Loopback0 IP's of remote LC's) and set the community to traffic_shift_community.
- In TSB delete the above new route-map.

How I verify:

Manual Verification

UT updated.
sonic-mgmt PR: sonic-net/sonic-mgmt#10239


Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2023-11-20 09:42:02 -08:00
abdosi
e37b4f3cfa
Revert iBGP GTSM feature for VOQ Chassis (#17037)
What I did:

Revert the GTSM feature for VOQ iBGP session done as part of #16777.

Why I did:
On VOQ chassis BGP packets go over Recycle Port and then for Ingress Pipeline Routing making ttl as 254 and failing single hop check.

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2023-11-17 17:03:37 -08:00