Commit Graph

5730 Commits

Author SHA1 Message Date
xumia
a9d9258d40 [Build]: Support to set jobFilters (#10280)
[Build]: Support to set jobFilters
2022-03-21 02:28:14 +00:00
Judy Joseph
365d456aaf Update sonic-utilities
9968d60 (HEAD -> 202111, origin/202111) [sonic-package-manager] do not mod_config for whole config db when setting init_cfg (#2055)
4b3d53f [generate_dump] exclude mft and mlx folders from /etc (#2072)
51d92ae Validation check correction while adding a member to PortChannel (#2078)
6a43306 [techsupport] Added a lock to avoid running techsupport in parallel (#2065)
44cfdd9 Try get port operational speed from STATE DB (#2030)
45ea623 Fix sonic-installer failure due to missing import
2022-03-20 15:46:09 -07:00
Junchao-Mellanox
2773d29220 [Mellanox] Fix issue: psu might use wrong voltage sysfs which causes invalid voltage value (#10231)
- Why I did it
Fix issue: psu might use wrong voltage sysfs which causes invalid voltage value. The flow is like:

1. User power off a PSU
2. All sysfs files related to this PSU are removed
3. User did a reboot/config reload
4. PSU will use wrong sysfs as voltage node

- How I did it
Always try find an existing sysfs.

- How to verify it
Manual test
2022-03-20 15:27:00 -07:00
bingwang-ms
ef9df9edb5 [yang] Update YANG model for mirror session to support decimal value for GRE type (#10140)
#### Why I did it
PR  https://github.com/Azure/sonic-utilities/pull/1825 added validation for the input of `config mirror session add`, and only decimal value is accepted.
An issue https://github.com/Azure/sonic-buildimage/issues/10096 was raised to suggest accepting HEX value as well, and the suggestion makes sense to me.

To accept HEX value for GRE type, and keep backward compatibility as well, I updated the YANG model to support both decimal and hexadecimal input for GRE type.

#### How I did it
Update the regex for GRE type.

#### How to verify it
Verified by UT
```
platform linux -- Python 3.9.2, pytest-6.0.2, py-1.10.0, pluggy-0.13.0
rootdir: /sonic/src/sonic-yang-models
plugins: pyfakefs-4.5.4, cov-2.10.1
collected 3 items                                                                                                                                                                                     

tests/test_sonic_yang_models.py ..                                                                                                                                                              [ 66%]
tests/yang_model_tests/test_yang_model.py .                                                                                                                                                     [100%]

========================================================================================== 3 passed in 2.53s ==========================================================================================
```

#### Description for the changelog
Update YANG model for mirror session to support decimal value for GRE type.
2022-03-20 15:26:57 -07:00
Arun Saravanan Balachandran
e1051da81a DellEMC: Z9332f - Component API Fixes (#10187) 2022-03-20 15:26:30 -07:00
xumia
cab6ac6e19 [Build]: Fix /proc not mounted issue (#10164)
[Build]: Fix /proc not mounted issue
2022-03-20 15:26:27 -07:00
Stepan Blyshchak
f506751d28 [teamd.sh] kill teamd docker on warm shutdown for faster shutdown (#10219)
This can save 6 sec for teamd LAG restoration - the time between:

```
Mar  9 13:51:10.467757 r-panther-13 WARNING teamd#teamd_PortChannel1[28]: Got SIGUSR1.
Mar  9 13:52:33.310707 r-panther-13 INFO teamd#teamd_PortChannel1[27]: carrier changed to UP
```

- Why I did it
Optimize warm boot. Specifically reduce the time needed for LAG restoration.

- How I did it
Kill teamd docker after graceful shutdown of teamd processes.

- How to verify it
Run warm reboot.

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
2022-03-20 15:26:23 -07:00
xumia
d5bf0923d1 [Build]: Fix installing dpkg packages in parallel issue (#10175)
Why I did it
Fix the debian packages installing in parallel issue.
Add apt hook command to support apt to print no version control info.
2022-03-20 15:26:18 -07:00
Marty Y. Lok
f5226c7679 [Nokia][VoQ] The role of the Inband port should be "Inb" and recycle port (#9950)
Signed-off-by: mlok <marty.lok@nokia.com>
2022-03-20 15:26:13 -07:00
xumia
9999b9cf63 [build]: Fix marvell-armhf build hung issue (#10156) (#10229)
Why I did it
The marvel-armhf build is hung, it does not exit after waiting for a long time.
It is caused by the process /etc/entropy.py which is started by the postinst script in target/debs/buster/sonic-platform-nokia-7215_1.0_armhf.deb
2022-03-20 15:26:09 -07:00
Saikrishna Arcot
26079ac8f9 Specify the filesystem type when mounting to /host (#10169)
When mounting the partition that contains `/host` during initramfs, the
mount binary available there (coming from busybox) tries each filesystem
in `/proc/filesystems` and sees which one succeeds. During this time,
there may be some error messages logged into dmesg because some of the
incorrect filesystems failed to mount the partition.

Specify the filesystem type explicitly so that initramfs knows it's that
type, and we know what filesystem will always get used there.

Fixes #9998

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-03-20 15:26:06 -07:00
Stepan Blyshchak
cec403eec2 [hostcfgd] record feature state in STATE DB (#9842)
- Why I did it
To implement blocking feature state change.

- How I did it
Record the actual feature state in STATE DB from hostcfg.

- How to verify it
UT + verification by running on the switch and checking STATE DB.

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
2022-03-20 15:26:02 -07:00
xumia
7b84abc4d0 [Submodule]: Update submodule for sonic-telemetry (#10124)
e56e9b4 Fix CVE-2021-3121 warning (#96)
bf1be4f [ci]: Support code diff coverage threshold 50% (#94)
64e516c Ported Marvell armhf build on x86 for debian buster to use cross-compilation instead of qemu emulation (#80)
e426388 [ci]: Support azp code coverage (#87)
2022-03-20 15:25:58 -07:00
pavannaregundi
8650684523 Adding libubootenv-tool into bullseye image (#10146)
Why I did it
uboot env get and set commands fw_printenv/fw_setenv are not available in bullseye sonic image. Some platforms using them where failing. Ex: sonic-installer commands in marvell-armhf.

In case of buster, u-boot-tools was providing these commands.

How I did it
Added libubootenv-tool which provides these tools along with other uboot tools in build_debian.sh.

How to verify it
root@localhost:# fw_printenv serverip
serverip=10.4.50.39
root@localhost:# fw_setenv serverip 10.4.50.38
root@localhost:~# fw_printenv serverip
serverip=10.4.50.38

Change-Id: I558f8737f41d83d3e8527ce340391ae8f978b6d8
Signed-off-by: Pavan Naregundi <pnaregundi@marvell.com>
2022-03-20 15:25:53 -07:00
xumia
8ba35d3ba2 [Build]: Fix the bin image generated from raw image issue (#10083)
Why I did it
It is to fix the issue #10048
When building .raw image, for instance, target/sonic-broadcom.raw, it will generate a .bin image, target/sonic-broadcom.bin, as the intermediate file. The intermediate file is a build target which may contains different dependencies with the raw one.
2022-03-20 15:25:47 -07:00
Judy Joseph
62283df8cb Update sonic-swss
6a6b711 (HEAD -> 202111, origin/202111) Fix issue: sometimes PFC WD unable to create zero buffer pool (#2164)
459aee0 Use abort instead of exit in case calling SAI API failure (#2170)
e767137 Fix issue config qos reload causing orchagent aborted via tracking dependencies among QoS tables (#2116)
2022-03-20 14:50:08 -07:00
Judy Joseph
0adb44df50 Update sonic-platform-daemons
Modular chassis: Psud set master led on first run (#206)
2022-03-20 14:47:04 -07:00
Judy Joseph
f9ca376ead Update sonic-swss-common
[ConfigDBPipeConnector]: Added set_entry API (#586)
2022-03-20 14:40:23 -07:00
Shilong Liu
54f80a6127
Add a config variable to override default container registry instead of dockerhub. (#10166) (#10260)
* Add variable to reset default docker registry
* fix bug in docker version control
2022-03-19 00:09:42 +08:00
Yang Wang
ab7d6516d4
[Cherry-pick] Add ptf docker for PTF-SAI testing (#10249)
Why I did it
To enable PTF-SAI testing on 202111 branch, cherry-pick necessary PR from master

How I did it
Based on the current ptf docker create a new docker for sai-ptf(saiv2)
upgrade related package
use the latest ptf and install it

How to verify it
Tested on DUT

* [PTF-SAIv2]Add ptf docker for sai-ptf (saiv2) (#9729)

* [PTF-SAIv2]Add ptf dockre for sai-ptf (saiv2)

Base on current ptf docker create a new docker for sai-ptf(saiv2)
upgrade related package
use the latest ptf and install it

test done:
NOJESSIE=1 NOSTRETCH=1 NOBULLSEYE=1 ENABLE_SYNCD_RPC=y make target/docker-ptf-sai.gz
BLDENV=buster make -f Makefile.work target/docker-ptf-sai.gz

* upgrade the thrift to 014

* install xmlrunner python3 version (#10086)

Co-authored-by: Yang Wang <yangwang1@microsoft.com>
2022-03-17 10:34:44 +08:00
Yang Wang
6ce6b6d789
update sairedis submodule (#10200)
Why I did it
Move SAI submodule v1.9 pointer to the latest
2022-03-11 08:56:25 +08:00
Yang Wang
e8edbc21ca
[SAIServerV2] Build SAI Serverv2 docker (#9509) (#10188)
Support saiserver v2 with python3 and thrift 0.13.0

add variables to support the saiserverv2
build different thrift in saithrift depends on saiserver version
build differernt versions of saiserver
make the saiserver and saiserver docker with version number

test done:
build two different versions of sasiserver in local build environment

add saiserver to buster

Co-authored-by: Yang Wang <yangwang1@microsoft.comwq>
2022-03-10 14:12:36 +08:00
Yang Wang
66b865a83d
Generate sai.profile from j2 tempalte when saiserver start (#10022) (#10190)
Generate the sai.profile base on the brcm j2 file if the sai.profile
is not existing in the dut mounted folder.
Change the supervisor service configuration accordingly.

Testing done:
Add the script and config in dut
saiservice server can start automatically with [systemctl start saiserver]

Signed-off-by: richardyu-ms <richard.yu@microsoft.com>

Co-authored-by: yangwang <yangwang@microsoft.com>
2022-03-10 14:11:38 +08:00
Alexander Allen
714797af3a
[202111] [Mellanox] Fix DPB supported breakout modes (#10128)
Cherry pick of #10072

- Why I did it
Removing DPB breakout modes that require adjacent ports to be disabled as that is not supported by the current DPB infrastructure.

Correspondingly had to remove the hwsku.json file from any SKUs which utilized these removed modes such that the system will fall back to ports_config.ini and DPB will not be supported for those SKUs.

- How I did it
Modified the platform.json files of Mellanox devices.

- How to verify it
Execute show int break [Ethernet] on the affected platforms and ensure there are no modes present that would require an adjacent port to be disabled to function.
2022-03-08 10:03:46 +02:00
xumia
79805fc73c [Build][Ci]: Support to use the cisco sai packages built by azp (#10102)
Why I did it
Support to use the cisco sai packages built by azp
2022-03-08 02:19:53 +00:00
Judy Joseph
babd131e72 Update sonic-utilities
f19762b (HEAD -> 202111, origin/202111) Display the correct default poll interval for watermark counters (#2082)
2022-03-07 09:59:08 -08:00
Judy Joseph
32189d23ce Update sonic-swss submodule
91d7558 (HEAD -> 202111, origin/202111) Allow IPv4 link-local nexthops (#1903)
ceb5161 Fix for 2053, Fix IPv6 BGP multipath-relax peer-type. (#2062)
b3b279a [crm] Use sai_object_type_get_availability() API to get counters (#2098)
28955f4 Try get port operational speed from STATE DB (#2119)
2022-03-07 09:43:05 -08:00
Marty Y. Lok
76ee6448b5 [chassis][supervisor]monit container-checker failed due to unexpected "database-chassis" docker running #9042 (#9043)
Why I did it
Fixed the monit container_checker fails due to unexpected "database-chassis" docker running on Supervisor card in the VOQ chassis. fixes #9042

How I did it
Added database-chassis to the always running docker list if platform is supervisor card.

How to verify it
Execute the CLI command "sudo monit status container_checker"


Signed-off-by: mlok <marty.lok@nokia.com>
2022-03-07 09:21:32 -08:00
wenyiz2021
043fcfd099 Update container_checker for multi-asic devices when state is 'always_enabled' (#10067)
* Update container_checker for multi-asic devices 

Update container_checker for multi-asic devices to add database containers in always_running_containers. 
Previous change was made for single-asic, and that database containers were not considered as feature when writing to state_db.

* Update container_checker

Update an indent
2022-03-07 09:21:28 -08:00
Alexander Allen
8165b24ce2 [pmon] Clean up supervisord chassis_db_init entry and fix startsecs (#10071)
Why I did it
Code review was still in progress when #9858 was merged and upon further testing I have arrived at a better solution.

How I did it
Modified supervisord configuration j2 template for pmon to require no minimum uptime for chassisd_db_init and to remove the redundant exit_codes directive

How to verify it
Boot switch and verify in syslog that there are no errors related to chassis_db_init
2022-03-07 09:21:23 -08:00
Aravind Mani
0ab166a823 [sonic-cfggen]: Fix sonic-cfggen build failures for armhf (#10132)
Why I did it
amrhf build fails while building sonic-config-engine whl package
https://dev.azure.com/mssonic/be1b070f-be15-4154-aade-b1d3bfb17054/_apis/build/builds/77089/logs/9

The reason for the failure is due to the fact that there is a new line generated at the top of the file in buffer config test cases while building for broadcom based platform and this issue is not seen in Marvell based platforms.

How I did it
Removed the new line for all the buffer test cases as there is no need to add it and accordingly changed the buffer_config.j2 where the new line is generated.
2022-03-07 09:21:17 -08:00
gechiang
a187686c17 [BRCMSAI 6.0.0.13-1] Fix Cancun file directory at new location causing TD3 platform boot issue (#9922) 2022-03-07 09:21:12 -08:00
Sudharsan Dhamal Gopalarathnam
3b6bd5bffb [containerd]Fixing container commands when mode is local and state is disabled (#9986)
Why I did it
During warm-reboot and fast-reboot the below error logs appear
Feb 3 22:05:15.187408 r-lionfish-13 ERR container: docker cmd: kill for nat failed with 404 Client Error for http+docker://localhost/v1.41/containers/nat/json: Not Found ("No such container: nat")

The container command when called for local mode doesn't check if it is enabled before calling docker kill which throws the above errors.
b6ca76b482/scripts/fast-reboot (L699)

How I did it
Checking feature state if local mode and returning error exit code along with valid debug message.

How to verify it
Manually tested with warm-reboot and fast-reboot
Added UT to verify it.
2022-03-07 09:21:07 -08:00
Saikrishna Arcot
c437cad4f0 [build_debian.sh]: Fix /var/log having 0750 permissions instead of 0755 (#10031)
PR #9481 changed auditd's log directory to be /var/log instead of
/var/log/audit, because SONiC mounts a disk image at /var/log during
runtime, and so the /var/log/audit directory might not exist (since it
would've been created during package installation, mounting another
partition at /var/log will hide it). However, for security reasons,
auditd changes the log directory to have 0750 permissions, so that not
everyone knows about the audit logs or read them.

To fix this, revert the change to auditd's log directory, and tell
systemd to create the audit log directory at runtime if it doesn't
exist. Because the disk image gets mounted during initramfs (before
systemd starts), systemd will make sure that the /var/log/audit
directory will exist.

Fixes #9548 and #10015

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-03-07 09:21:03 -08:00
Alexander Allen
53be3f7623 [Mellanox] Add patch to hw-mgmt to prevent loading of non-existent kernel modules (#10073)
- Why I did it
The latest upgrade of Mellanox hw-mgmt V7.0020.1300 introduced a couple new kernel modules for new Mellanox platforms that have yet to be upstreamed to the linux kernel.

As these new platforms do not have SONiC support we elected not to upstream these new drivers to sonic-linux-kernel but hw-mgmt expects them to exist which is causing a non-functional error on switch boot.

Feb 15 00:09:55.374130 r-leopard-simx-74 ERR systemd-modules-load[269]: Failed to find module 'emc2305'
Feb 15 00:09:55.374141 r-leopard-simx-74 ERR systemd-modules-load[269]: Failed to find module 'ads1015'
To resolve this we can patch hw-mgmt to no longer attempt to load these modules by default.

- How I did it
Added a SONiC patch to Mellanox hw-mgmt in order to remove the unused kernel modules which were not upstreamed to sonic-linux-kernel

- How to verify it
Boot switch and verify there are no error logs regarding kernel modules failing to load.
2022-03-07 09:20:58 -08:00
Judy Joseph
04b3af36c6 Update sonic-swss
commit 6e5ed1c0c1920e429fa07cded6867dfcb098a705 [chassis][syncd][sai] Adjusting response timeout during syncd init (#2159)
2022-03-01 09:13:42 -08:00
Junchao-Mellanox
cabcb78024 Stop PMON before swss during warm reboot (#10046)
- Why I did it
Stopping swss and syncd causes some driver module unloading. Those driver modules are depended by PMON. This could trigger ERROR logs in syslog.

- How I did it
Adjust warmboot shutdown order in make file

- How to verify it
Manual test
2022-02-27 20:45:51 -08:00
saksarav-nokia
78371d99a1 [Nokia][platform]Modify BCM config & platform_reboot for Nokia-IXR7250E-36x400G (#9990)
Signed-off-by: Sakthivadivu Saravanaraj <sakthivadivu.saravanaraj@nokia.com>
2022-02-27 20:45:48 -08:00
Junchao-Mellanox
ba4da1597a [Mellanox] Fix issue: thermal zone threshold value 0 causes fan speed stuck at 100% (#10057)
- Why I did it
In SONiC thermal control algorithm, it compares thermal zone temperature with thermal zone threshold. Previously, a thermal zone with no thermal sensor can still get its threshold. However, a recently driver patch changes this behavior: a thermal zone with no thermal sensor will return 0 for threshold. We need to ignore such thermal zone.

- How I did it
Ignore thermal zones whose temperature is 0.

- How to verify it
Added unit test case and Manual test
2022-02-27 20:45:45 -08:00
Junchao-Mellanox
00940941b2 [system-health] Fix file handle leak (#10059)
- Why I did it
swsscommon.ConfigDBConnector does not automatically close connection when the instance is recycled by python. So, it should not create this instance each time calling check_services. It will cause error like Failed to read from file /var/run/hw-management/led/led_status_capability - OSError(24, 'Too many open files')

- How I did it
Only connect DB once in init

- How to verify it
Manual test
2022-02-27 20:45:41 -08:00
arlakshm
b58a42a8d4 [chassis][bgp] create v4 and v6 peer group for VoQ internal neighbors (#9693)
Why I did it
In the recent minigraph changes we add separate BGP session configuration for V4 and V6 internal VoQ neighbors.
This PR is adding different Peer groups for V4 and V6 neighbors

How I did it
Add VOQ_CHASSIS_V4_PEER and VOQ_CHASSIS_V6_PEER groups
Add extra Unit tests

How to verify it

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
2022-02-27 20:45:37 -08:00
Judy Joseph
c6774ad683 update sonic-sairedis
5331ecd [vslib]: Fix MACsec bug in SCI and XPN (#1003)
ac04509 Fix build issues on gcc-10 (#999)
1b8ce97 [pipeline] Download swss common artifact in a separated directory (#995)
7a2e096 Change sonic-buildimage.vs artifact source from CI build to official build. (#992)
d5866a3 [vslib]: fix create MACsec SA error (#986)
f36f7ce Added Support for enum query capability of Nexthop Group Type. (#989)
323b89b Support for MACsec statistics (#892)
26a8a12 Prevent other notification event storms to keep enqueue unchecked and drained all memory that leads to crashing the switch router (#968)
0cb253a Fix object availability conversion (#974)
2022-02-27 20:41:15 -08:00
Saikrishna Arcot
5b7e55dfac
Package debugging and hardening for dhcpmon and dhcp6relay (#9862) (#10063)
Enable dbgsym package for dhcpmon.

Allow CFLAGS and LDFLAGS from environment variables to be used
in the dhcp6relay build. This makes sure that the -O2 flag from
dpkg-buildflags gets used.

Finally, enable all hardening flags in dpkg-buildflags for
dhcp6relay and dhcpmon. The change from the default set of flags is that
during linking, immediate binding of symbols is done instead of lazy
binding.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-02-25 11:09:15 -08:00
xumia
5d19c74f1f [Security]: Upgrade urllib3 to fix CVE-2021-33503
See https://security.archlinux.org/CVE-2021-33503
2022-02-25 09:15:08 +00:00
Judy Joseph
38967a4ebd Update sonic-swss, sonic-utilites submodules
sonic-swss

1aa40f7 Remove port serdes object before removing port (#2152)
876d690 [doc] Updating Policer config in Configuration manual (#2144)

sonic-utilities
dfed952 show_platfom_info not run for simx (#2042)
71fdee7 [aclshow] fix aclshow when clear is called before counters are populated (#2037)
a48a027 [sonic-package-manager] implement blocking feature state change (#2035)
c51871d [ci] Fix python dependencies reference path. (#2060)
2022-02-21 23:53:01 -08:00
kellyyeh
5d4031918b [radv] Support multiple ipv6 prefixes per vlan interface (#9934)
Why I did it
Radvd.conf.j2 template creates two copies of the vlan interface when there are more than one ipv6 address assigned to a single vlan interface. Changed the format to add prefixes under the same vlan interface block.

How I did it
Modifies radvd.conf.j2 and added unit tests

How to verify it
Configure multiple ipv6 address to the same vlan, start radvd
Unit test will check if radvd.conf with multiple ipv6 addresses is formed correctly
2022-02-21 23:48:22 -08:00
Stepan Blyshchak
e5e1b70966 [rsyslog.j2] fix typo in VAR_LOG_SIZE_KB (#9954)
This issue causes negative threshold value and thus deleting log files even when there is enough space.

This issue causes negative threshold value and thus deleting log files even when there is enough space.

- Why I did it
To fix an issue when log files get deleted even if there is enough space.

- How I did it
Fixed an typo.

- How to verify it
Run the portion of the script that calculates threshold, see that the threshold is calculated correctly.

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
2022-02-21 23:48:19 -08:00
kellyyeh
a0bb7a0485 [dhcp_relay] Check payload size to prevent buffer overflow in dhcpv6 option (#9740) 2022-02-21 23:48:15 -08:00
Ying Xie
53a8d99baa [dhcp6relay] a couple memory access protections (#9851)
Why I did it
the strcpy and buffer allocation is not safe, it corrupts 1 byte on the stack. Depending on the memory layout, it may or may not cause issue immediately.
message type is not validated before updating the counter. Which could cause segment fault.

How I did it
Remove the unsafe strcpy, use config->interface.c_str() instead.
Check message type before updating counters.

How to verify it
The issue (1) caused segment fault on a specific platform. The fix was validated there. Issue (2) was precautionary. Added log in case it triggers.
2022-02-21 23:48:06 -08:00
kellyyeh
4df0aa348c [dhcp6relay] Support relaying Relay-Forward message (#9887) 2022-02-21 23:48:02 -08:00