Commit Graph

7681 Commits

Author SHA1 Message Date
mssonicbld
b3e59106a1
[submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (#15810)
#### Why I did it
src/sonic-platform-daemons
```
* d73808c - (HEAD -> master, origin/master, origin/HEAD) Added PCIe transaction check for all peripherals on the bus (#331) (9 hours ago) [Ashwin Srinivasan]
* 432602a - Update active application selected code in transceiver_info table aft… (#381) (13 hours ago) [Michael Wang - TW]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-13 20:57:15 +08:00
mssonicbld
25defcfa46
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#15811)
#### Why I did it
src/sonic-swss
```
* c7e1308e - (HEAD -> master, origin/master, origin/HEAD) Remove redundant updateFabricPortState (#2850) (2 hours ago) [kenneth-arista]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-13 20:57:10 +08:00
xumia
dc5258eed5
[Build] Fix the python module importlib.metadata not found issue (#15800)
Why I did it
It is to fix the docker-ptf-sai build failure.
https://dev.azure.com/mssonic/build/_build/results?buildId=311315&view=logs&j=cef3d8a9-152e-5193-620b-567dc18af272&t=cf595088-5c84-5cf1-9d7e-03331f31d795

2023-07-09T13:53:19.9025355Z �[91mTraceback (most recent call last):
2023-07-09T13:53:19.9025715Z   File "/root/ptf/.eggs/setuptools_scm-7.1.0-py3.7.egg/setuptools_scm/_entrypoints.py", line 74, in <module>
2023-07-09T13:53:19.9025933Z     from importlib.metadata import entry_points  # type: ignore
2023-07-09T13:53:19.9026167Z ModuleNotFoundError: No module named 'importlib.metadata'
Work item tracking
Microsoft ADO (number only): 24513583
How I did it
How to verify it
2023-07-13 10:38:46 +08:00
SuvarnaMeenakshi
9864dfeaa1
[SNMP][IPv6]: Fix SNMP IPv6 reachability issue in certain scenarios (#15487)
Modify snmpd.conf to start snmpd to listen on specific management and loopback ips instead of listening on any ip.

#### Why I did it
SNMP over IPv6 is not working for all scenarios for a single asic platforms.
The expectation is that SNMP query over IPv6 should work over Management or Loopback0 addresses.
**Specific scenario where this issue is seen**
In case of Lab T0 device,  when SNMP request is sent from a directly connected T1 neighbor over Loopback IP, SNMP response was not received.
This was because the SRC IP address in SNMP response was not Loopback IP, it was the PortChannel IP connected to the neighboring device.
```
23:18:51.620897  In 22:26:27:e6:e0:07 ethertype IPv6 (0x86dd), length 105: fc00::72.41725 > **fc00:1::32**.161:  C="msft" **GetRequest**(28)  .1.3.6.1.2.1.1.1.0
23:18:51.621441 Out 28:99:3a:a0:97:30 ethertype IPv6 (0x86dd), length 241: **fc00::71**.161 > fc00::72.41725:  C="msft" **GetResponse**(162)  .1.3.6.1.2.1.1.1.0="SONiC Software Version: SONiC.xxx - HwSku: xx - Distribution: Debian 10.13 - Kernel: 4.19.0-12-2-amd64"
```
In case of IPv4, the SRC IP in SNMP response was correctly set to Loopback IP.
```
23:25:32.769712  In 22:26:27:e6:e0:07 ethertype IPv4 (0x0800), length 85: 10.0.0.57.56701 > **10.1.0.32**.161:  C="msft" **GetRequest**(28)  .1.3.6.1.2.1.1.1.0
23:25:32.975967 Out 28:99:3a:a0:97:30 ethertype IPv4 (0x0800), length 221: **10.1.0.32**.161 > 10.0.0.57.56701:  C="msft" **GetResponse**(162)  .1.3.6.1.2.1.1.1.0="SONiC Software Version: SONiC.xxx - HwSku: xx - Distribution: Debian 10.13 - Kernel: 4.19.0-12-2-amd64"
```

**Sequence of SNMP request and response**
1. SNMP request will be sent with SRC IP fc00::72 DST IP fc00:1::32
2. SNMP request is received at SONiC device is sent to snmpd which is listening on port 161 :::161/
3. snmpd process will parse the request create a response and sent to DST IP fc00::72. 
snmpd process does not track the DST IP on which the SNMP request was received, which in this case is Loopback IP.
snmpd process will only keep track what is tht IP to which the response should be sent to.
4. snmpd process will send the response packet.
5. Kernel will do a route look up on destination IP and find the best path.
ip -6 route get fc00::72
fc00::72 from :: dev PortChannel101 proto kernel src fc00::71 metric 256 pref medium
5. Using the "src" ip from about, the response is sent out. This SRC ip is that of the PortChannel and not the device Loopback IP.

The same issue is seen when SNMP query is sent from a remote server over Management IP.
SONiC device eth0 --------- Remote server
SNMP request comes with SRC IP <Remote_server> DST IP <Mgmt IP>
If kernel finds best route to Remote_server_IP is via BGP neighbors, then it will send the response via front-panel interface with SRC IP as Loopback IP instead of Management IP.

Main issue is that in case of IPv6, snmpd ignores the IP address to which SNMP request was sent, in case of IPv6.
In case of IPv4, snmpd keeps track of DST IP of SNMP request, it will keep track if the SNMP request was sent to mgmt IP or Loopback IP.
Later, this IP is used in ipi_spec_dst as SRC IP which helps kernel to find the route based on DST IP using the right SRC IP.
https://github.com/net-snmp/net-snmp/blob/master/snmplib/transports/snmpUDPBaseDomain.c#L300 
ipi.ipi_spec_dst.s_addr = srcip->s_addr
Reference: https://man7.org/linux/man-pages/man7/ip.7.html
```
If IP_PKTINFO is passed to sendmsg(2)
              and ipi_spec_dst is not zero, then it is used as the local
              source address for the routing table lookup and for
              setting up IP source route options.  When ipi_ifindex is
              not zero, the primary local address of the interface
              specified by the index overwrites ipi_spec_dst for the
              routing table lookup.
```

**This issue is not seen on multi-asic platform, why?**
on multi-asic platform, there exists different network namespaces.
SNMP docker with snmpd process runs on host namespace.
Management interface belongs to host namespace.
Loopback0 is configured on asic namespaces.
Additional inforamtion on how the packet coming over Loopback IP reaches snmpd process running on host namespace: https://github.com/sonic-net/sonic-buildimage/pull/5420
Because of this separation of network namespaces, the route lookup of destination IP is confined to routing table of specific namespace where packet is received.
if packet is received over management interface, SNMP response also is sent out of management interface. Same goes with packet received over Loopback Ip.

##### Work item tracking
- Microsoft ADO **17537063**:

#### How I did it
Have snmpd listen on specific Management and Loopback IPs specifically instead of listening on any IP for single-asic platform.

Before Fix
```
admin@xx:~$ sudo netstat -tulnp | grep 161   
udp        0      0 0.0.0.0:161             0.0.0.0:*                           15631/snmpd         
udp6       0      0 :::161                  :::*                                15631/snmpd  
```
After fix
```
admin@device:~$ sudo netstat -tulnp | grep 161
udp        0      0 10.1.0.32:161           0.0.0.0:*                           215899/snmpd        
udp        0      0 10.3.1.1:161             0.0.0.0:*                           215899/snmpd        
udp6       0      0 fc00:1::32:161          :::*                                215899/snmpd        
udp6       0      0 fc00:2::32:161          :::*                                215899/snmpd  
``` 

**How this change helps with the issue?**
To see snmpd trace logs, modify snmpd to start using the below parameters, in supervisord.conf file
```
/usr/sbin/snmpd -f -LS0-7i -Lf /var/log/snmpd.log
```
When snmpd listens on any IP, snmpd binds to IPv4 and IPv6 sockets as below:
```
netsnmp_udpbase: binding socket: 7 to UDP: [0.0.0.0]:0->[0.0.0.0]:161
trace: netsnmp_udp6_transport_bind(): transports/snmpUDPIPv6Domain.c, 303:
netsnmp_udpbase: binding socket: 8 to UDP/IPv6: [::]:161
```

When IPv4 response is sent, it goes out of fd 7 and IPv6 response goes out of fd 8.
When IPv6 response is sent, it does not have the right SRC IP and it can lead to the issue described.

When snmpd listens on specific Loopback/Management IPs, snmpd binds to different sockets:
```
trace: netsnmp_udpipv4base_transport_bind(): transports/snmpUDPIPv4BaseDomain.c, 207:
netsnmp_udpbase: binding socket: 7 to UDP: [0.0.0.0]:0->[10.250.0.101]:161
trace: netsnmp_udpipv4base_transport_bind(): transports/snmpUDPIPv4BaseDomain.c, 207:
netsnmp_udpbase: binding socket: 8 to UDP: [0.0.0.0]:0->[10.1.0.32]:161
trace: netsnmp_register_agent_nsap(): snmp_agent.c, 1261:
netsnmp_register_agent_nsap: fd 8
netsnmp_udpbase: binding socket: 10 to UDP/IPv6: [fc00:1::32]:161
trace: netsnmp_register_agent_nsap(): snmp_agent.c, 1261:
netsnmp_register_agent_nsap: fd 10
netsnmp_ipv6: fmtaddr: t = (nil), data = 0x7fffed4c85d0, len = 28
trace: netsnmp_udp6_transport_bind(): transports/snmpUDPIPv6Domain.c, 303:
netsnmp_udpbase: binding socket: 9 to UDP/IPv6: [fc00:2::32]:161
```
When SNMP request comes in via Loopback IPv4, SNMP response is sent out of fd 8
```
trace: netsnmp_udpbase_send(): transports/snmpUDPBaseDomain.c, 511:
netsnmp_udp: send 170 bytes from 0x5581f2fbe30a to UDP: [10.0.0.33]:46089->[10.1.0.32]:161 on fd 8
```
When SNMP request comes in via Loopback IPv6, SNMP response is sent out of fd 10
```
netsnmp_ipv6: fmtaddr: t = (nil), data = 0x5581f2fc2ff0, len = 28
trace: netsnmp_udp6_send(): transports/snmpUDPIPv6Domain.c, 164:
netsnmp_udp6: send 170 bytes from 0x5581f2fbe30a to UDP/IPv6: [fc00::42]:43750 on fd 10
```

#### How to verify it
Verified on single asic and multi-asic devices.
Single asic SNMP query with Loopback 
```
ARISTA01T1#bash snmpget -v2c -c xxx 10.1.0.32 1.3.6.1.2.1.1.1.0
SNMPv2-MIB::sysDescr.0 = STRING: SONiC Software Version: SONiC.xx - HwSku: Arista-7260xx - Distribution: Debian 10.13 - Kernel: 4.19.0-12-2-amd64
ARISTA01T1#bash snmpget -v2c -c xxx fc00:1::32 1.3.6.1.2.1.1.1.0
SNMPv2-MIB::sysDescr.0 = STRING: SONiC Software Version: SONiC.xx - HwSku: Arista-7260xxx - Distribution: Debian 10.13 - Kernel: 4.19.0-12-2-amd64
```

On multi-asic -- no change.
```
sudo netstat -tulnp | grep 161
udp        0      0 0.0.0.0:161             0.0.0.0:*                           17978/snmpd         
udp6       0      0 :::161                  :::*                                17978/snmpd 
```
Query result using Loopback IP from a directly connected BGP neighbor
```
ARISTA01T2#bash snmpget -v2c -c xxx 10.1.0.32 1.3.6.1.2.1.1.1.0
SNMPv2-MIB::sysDescr.0 = STRING: SONiC Software Version: SONiC.xx - HwSku: xx - Distribution: Debian 9.13 - Kernel: 4.9.0-14-2-amd64
ARISTA01T2#bash snmpget -v2c -c xxx fc00:1::32 1.3.6.1.2.1.1.1.0
SNMPv2-MIB::sysDescr.0 = STRING: SONiC Software Version: SONiC.xx - HwSku: xx - Distribution: Debian 9.13 - Kernel: 4.9.0-14-2-amd64  
```
<!--
If PR needs to be backported, then the PR must be tested against the base branch and the earliest backport release branch and provide tested image version on these two branches. For example, if the PR is requested for master, 202211 and 202012, then the requester needs to provide test results on master and 202012.
-->
2023-07-12 09:52:06 -07:00
mssonicbld
4f4559cf15
[submodule] Update submodule sonic-linux-kernel to the latest HEAD automatically (#15782)
#### Why I did it
src/sonic-linux-kernel
```
* d070cae - (HEAD -> master, origin/master, origin/HEAD) arm64: dts: marvell: Add Nokia 7215-IXS-A1 board (#321) (34 hours ago) [Pavan-Nokia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-12 16:37:25 +08:00
mssonicbld
e3fc93d069
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#15797)
#### Why I did it
src/sonic-platform-common
```
* 465f95e - (HEAD -> master, origin/master, origin/HEAD) Default implementation of under/over speed checks (#382) (9 hours ago) [spilkey-cisco]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-12 16:37:20 +08:00
mssonicbld
3b9e8fffb8
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#15798)
#### Why I did it
src/sonic-utilities
```
* 7ca31477 - (HEAD -> master, origin/master, origin/HEAD) [db_migrator] Set docker_routing_config_mode to the value obtained from minigraph parser (#2890) (10 hours ago) [Vaibhav Hemant Dixit]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-12 16:37:15 +08:00
Mohammedz93
28b9299445
Support Reset factory (#14105)
#### Why I did it
Support reset factory in Sonic OS
[Reset Factory HLD](https://github.com/sonic-net/SONiC/pull/1231)
[Sonic-mgmt tests](https://github.com/sonic-net/sonic-mgmt/pull/7652)

#### How I did it
- Added new script "/usr/bin/reset-factory"
   * It generates a new config_db.json files with factory configurations
   * It clears system files and logs
   * It removes all docker containers on system except database
   * It clears non-default users and restores default users password
- Dump the default users info to a new file during build "/etc/sonic/default_users.json"
- Supported new type "Keep-basic" in "config-setup factory"
- Add new conf file for config-setup "/etc/config-setup/config-setup.conf

#### How to verify it
- Run reset-factory script with all types: < none | keep-all-config | only-config | keep-basic >
- Run config-setup factory with parameters < none | keep-basic >

#### Description for the changelog
Support reset factory in Sonic OS

#### Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.
2023-07-11 16:14:17 -07:00
Masaru OKI
51b50087fa
Pick dependency files in submodules. (#15142)
#### Why I did it

Failed to build sonic-dhcp6relay_1.0.0-0_amd64.deb

#### How I did it

src/dhcprelay has git submodule.
Dependency files by "git ls-files" are not picked files in submodules.
Add --recurse-submodules, work again.

#### How to verify it

make all
2023-07-11 14:32:08 -07:00
prabhataravind
114f276dd4
[docker-sonic-vs]: More changes to support DPU-2P HWKSU (#15695)
Why I did it
port_config.ini and hwsku.json are needed to generate the default config
switch_type needs to be "dpu" to spawn the right set of processes during dvs initialization and to make sure that DASH APIs can be handled properly

Work item tracking
Microsoft ADO 24375371:

How I did it
Use the same hwsku.json and port_config.ini for DPU-2P as the ones used for Nvidia-MBF2H536C SKU in nvidia-sonic sonic-buildimage repo.
Set switch_type to "dpu" in DEVICE_METADATA configuration to make sure DASH specific APIs are handled properly

Signed-off-by: Prabhat Aravind <paravind@microsoft.com>
2023-07-11 09:57:50 -07:00
mssonicbld
75a1fd9558
[submodule] Update submodule sonic-utilities to the latest HEAD automatically (#15456)
#### Why I did it
src/sonic-utilities
```
* ff380e04 - (HEAD -> master, origin/master, origin/HEAD) [hash]: Implement GH frontend (#2580) (13 hours ago) [Nazarii Hnydyn]
* 61bad064 - [db_migrator] Set correct CURRENT_VERSION, extend UT (#2895) (4 days ago) [Vadym Hlushko]
* 6b8ee47c - [CLI][Show][BGP] Show BGP Change for no neighbor scenario (#2885) (6 days ago) [Dev Ojha]
* 73d8d633 - [doc] Update Command-Reference.md, change "show bgp peer" command to "show bfd peer" (#2750) (11 days ago) [PinghaoQu]
* 7bc08c28 - [db_migrator] Remove hardcoded config and migrate config from minigraph (#2887) (11 days ago) [Vaibhav Hemant Dixit]
* b1aa9426 - [generate_dump]: Enhance show techsupport for Marvell platform (#2676) (11 days ago) [pavannaregundi]
* 316b14c0 - Add support for secure upgrade (#2698) (2 weeks ago) [ycoheNvidia]
* dc2945bc - [dns] Implement config and show commands for static DNS. (#2737) (2 weeks ago) [Oleksandr Ivantsiv]
* 8414a709 - [chassis][multi asic] change acl_loader to use tcp socket for db communication (#2525) (2 weeks ago) [Arvindsrinivasan Lakshmi Narasimhan]
* 0b629ba1 - Revert "[chassis][voq] Clear fabric counters queue/port (#2789)" (#2882) (3 weeks ago) [RoRonoa]
* 3ba8241a - [db_migtrator] Add migration of FLEX_COUNTER_DELAY_STATUS during 1911->master upgrade + fast-reboot. Add UT. (#2839) (4 weeks ago) [Vadym Hlushko]
* fceef2ed - [chassis][voq] Clear fabric counters queue/port (#2789) (4 weeks ago) [jfeng-arista]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-11 16:37:55 +08:00
mssonicbld
5eaa0d2842
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#15785)
#### Why I did it
src/sonic-swss
```
* 776af62c - (HEAD -> master, origin/master, origin/HEAD) [CodeQL]: Use dependencies with relevant versions in azp template. (#2845) (4 hours ago) [Nazarii Hnydyn]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-11 16:37:40 +08:00
Sudharsan Dhamal Gopalarathnam
5cbae46635
[submodule] Advance sonic-utilities pointer (#15779)
Update sonic-utilities submodule pointer to include the following:
* ff380e04 [hash]: Implement GH frontend ([#2580](https://github.com/sonic-net/sonic-utilities/pull/2580))
* 61bad064 [db_migrator] Set correct CURRENT_VERSION, extend UT ([#2895](https://github.com/sonic-net/sonic-utilities/pull/2895))
* 6b8ee47c [CLI][Show][BGP] Show BGP Change for no neighbor scenario ([#2885](https://github.com/sonic-net/sonic-utilities/pull/2885))
* 73d8d633 [doc] Update Command-Reference.md, change show bgp peer command to show bfd peer ([#2750](https://github.com/sonic-net/sonic-utilities/pull/2750))
* 7bc08c28 [db_migrator] Remove hardcoded config and migrate config from minigraph ([#2887](https://github.com/sonic-net/sonic-utilities/pull/2887))
* b1aa9426 [generate_dump]: Enhance show techsupport for Marvell platform ([#2676](https://github.com/sonic-net/sonic-utilities/pull/2676))
* 316b14c0 Add support for secure upgrade ([#2698](https://github.com/sonic-net/sonic-utilities/pull/2698))
* dc2945bc [dns] Implement config and show commands for static DNS. ([#2737](https://github.com/sonic-net/sonic-utilities/pull/2737))
* 8414a709 [chassis][multi asic] change acl_loader to use tcp socket for db communication ([#2525](https://github.com/sonic-net/sonic-utilities/pull/2525))
* 0b629ba1 Revert [chassis][voq] Clear fabric counters queue/port (2789) ([#2882](https://github.com/sonic-net/sonic-utilities/pull/2882))
* 3ba8241a [db_migtrator] Add migration of FLEX_COUNTER_DELAY_STATUS during 1911->master upgrade + fast-reboot. Add UT. ([#2839](https://github.com/sonic-net/sonic-utilities/pull/2839))
* fceef2ed [chassis][voq] Clear fabric counters queue/port ([#2789](https://github.com/sonic-net/sonic-utilities/pull/2789))

Signed-off-by: dgsudharsan <sudharsand@nvidia.com>
2023-07-11 10:13:57 +03:00
mssonicbld
d1c0fae124
[submodule] Update submodule sonic-gnmi to the latest HEAD automatically (#15520)
#### Why I did it
src/sonic-gnmi
```
*   01fe667 - (HEAD -> master, origin/master, origin/HEAD) Merge pull request #134 from FengPan-Frank/fenpan_dialout_rename (3 days ago) [Feng-msft]
|\  
| * 994c69c - Rename --enable-dialout option into ENABLE_DIALOUT to follow the convention. (3 days ago) [Feng Pan]
|/  
* a9126da - Update makefile to support armhf (#132) (3 days ago) [ganglv]
* 0d80c0d -  prevent potential panic: return immediately if there exists error (#113) (7 days ago) [Mai Bui]
*   3c0fca3 - Merge pull request #131 from FengPan-Frank/fenpan_dialout (7 days ago) [Feng-msft]
|\  
| * c3d3266 - Add build flag into gnmi as --enable-dialout. (8 days ago) [Feng Pan]
|/  
* fd78c42 - add semgrep (#126) (2 weeks ago) [Mai Bui]
* 214fa1c - TranslClient: Use new translib subscription APIs (#122) (3 weeks ago) [Sachin Holla]
* 87d8eb3 - (origin/202305) TranslClient: use PathValidator to sanitize the request paths (#112) (3 weeks ago) [Sachin Holla]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-11 14:38:16 +08:00
lixiaoyuner
c470b7dfd1
Add health check probe for k8s upgrade containers. (#15223)
#### Why I did it
After k8s upgrade a container, k8s can only know the container is running, don't know the service's status inside container. So we need a probe inside container, k8s will call the probe to check whether the container is really ready.
##### Work item tracking
- Microsoft ADO **(number only)**: 22453004
#### How I did it
Add a health check probe inside config engine container, the probe will check whether the start service exit normally or not if the start service exists and call the python script to do container self-related specific checks if the script is there. The python script should be implemented by feature owner if it's needed.

more details: [design doc](https://github.com/sonic-net/SONiC/blob/master/doc/kubernetes/health-check.md)
#### How to verify it
Check path /usr/bin/readiness_probe.sh inside container.

#### Which release branch to backport (provide reason below if selected)

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [x] 202205
- [x] 202211

#### Tested branch (Please provide the tested image version)
- [x] 20220531.28
2023-07-10 22:16:29 -07:00
ShiyanWangMS
c58923053a
Add Python3 packages to sonic-mgmt-docker (#15726)
Why I did it
This is part of sonic-mgmt-docker Python3 migration project.
Currently Python3 packages are in the Python3 virtual environment. This PR will add Python3 packages to real file system.
After we migrate all script to use Python3 in real file system, the Python3 venv will be deleted.

After this PR, in sonic-mgmt-docker,
Directly run cmd - pytest will use Python2's version.
python3 -m pytest will use Python3's version.

How I did it
Modify sonic-mgmt-docker j2 script.

How to verify it
Build a private sonic-mgmt-docker and run basic test case with Python3.
2023-07-11 09:54:10 +08:00
iavraham
72021fdb0f
Add remote syslog configuration (#14513)
* Add an ability to configure remote syslog servers
* Add an initial configuration for remote syslog
* Extend YANG module and add unit tests

#### Why I did it
Adding the following functionality to rsyslog feature:

- Configure remote syslog servers: protocol, filter, severity level
- Update global syslog configuration: severity level, message format

#### How I did it
added parameters to syslog server and global configuration.

#### How to verify it
create syslog server using CLI/adding to Redis-DB
verify server is added to file /etc/rsyslog.conf and server is functional.

#### Description for the changelog
extend rsyslog capabilities, added server and global configuration parameters.

#### Link to config_db schema for YANG module changes
https://github.com/iavraham/sonic-buildimage/blob/master/src/sonic-yang-models/yang-models/sonic-syslog.yang
2023-07-10 11:40:08 -07:00
ycoheNvidia
7639df0868
Added ssh configurations to YANG model (#13338)
- Why I did it
Implemented ssh configurations

- How I did it
Added ssh config table in configDB, once changed - hostcfgd will change the relevant OS files (sshd_config)

- How to verify it
Tests in sonic-host-services. Change relevant configs in configDB such as ports, and see sshd port was modified
2023-07-10 21:27:41 +03:00
Baorong Liu
430330800e
[staticroutebfd] fix ipv6 letter case issue (#15765)
*use lower case for IPv6 address as internal key and bfd session key. fixes #15764

Why I did it
*staticroutebfd uses the IPv6 address string as a key to create bfd session and cache the bfd sessions using it as a key.
When the IPv6 address string has uppercase letter in the static route nexthop list, the string with uppercase letter key is stored in the cache, but the BFD STATE_DB uses lowercase for IPv6 address, so when the staticroutebfd get the bfd state event, it cannot find the bfd session in its local cache because of the letter case.
2023-07-10 10:14:11 -07:00
ganglv
cb3ee6571d
Remove DNS configuration from minigraph schema (#15727)
#### Why I did it
We should not modify minigraph schema.

#### How I did it
Update minigraph.py and remove unit test.

#### How to verify it
Run sonic-config-engine unit test.
2023-07-09 20:42:11 -07:00
Chun'ang Li
c07447ae61
Refine PR test template format (#15636)
Why I did it
Refine PR test template format.

How I did it
Refine PR test template format.

How to verify it
PR test executed normally.

Signed-off-by: Chun'ang Li <chunangli@microsoft.com>
2023-07-10 10:47:40 +08:00
mssonicbld
9321c97731
[submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (#15755) 2023-07-09 15:16:10 +08:00
mssonicbld
e57692c30d
[ci/build]: Upgrade SONiC package versions (#15757) 2023-07-08 19:34:00 +08:00
mssonicbld
cd3cdee221
[submodule] Update submodule sonic-mgmt-common to the latest HEAD automatically (#15521)
#### Why I did it
src/sonic-mgmt-common
```
* 341fd73 - (HEAD -> master, origin/master, origin/HEAD) Remove invalid db type definitions: ERROR_DB, USER_DB (#94) (3 days ago) [Sachin Holla]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-08 16:34:46 +08:00
mssonicbld
f6282b8259
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#15756) 2023-07-08 15:57:02 +08:00
abdosi
87066abcf8
Enable BFD for Static Route for chassis-packet. (#15383)
*What I did:
Enable BFD for Static Route for chassis-packet. This will trigger the use of the feature as defined in here: #13789

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
2023-07-07 11:10:35 -07:00
Baorong Liu
a86a0264e0
[staticroutebfd] fix static route uninstall issue when all nexthops are not reachable (#15575)
fix static route uninstall issue when all nexthops are not reachable.
the feature was working but the bug was introduced when support dynamic bfd enable/disable. Added UT testcase to guard this.
2023-07-07 10:12:20 -07:00
mssonicbld
74e3917eae
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#15739) 2023-07-07 15:57:10 +08:00
Vaibhav Hemant Dixit
ddb3086620
Revert "Revert "Fix for fast/cold-boot: call db_migrator only after old config is loaded (#14933)" (#15464)" (#15684)
This reverts commit 9649a44470.
2023-07-06 17:34:35 -07:00
Stepan Blyshchak
6f6218a920
[FRR]Fixing the advertisement of static ipv6 route (#15688)
Co-authored-by: dgsudharsan <sudharsand@nvidia.com>
Co-authored-by: Liat Grozovik <44433539+liat-grozovik@users.noreply.github.com>
2023-07-06 16:29:24 -07:00
Saikrishna Arcot
e46be54f14
Update the docker daemon to 24.0.2 (#15652)
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-07-06 14:44:29 -07:00
Sachin Holla
39cb2545e6
Submodule update for sonic-mgmt-common and sonic-gnmi (#15519) 2023-07-06 12:39:57 -07:00
mssonicbld
673b8b86ff
[submodule] Update submodule sonic-dash-api/sonic-dash-api to the latest HEAD automatically (#15725)
#### Why I did it
src/sonic-dash-api/sonic-dash-api
```
* 3f728d1 - (HEAD -> master, origin/master, origin/HEAD) Update vnet_direct in route.proto (#4) (11 days ago) [Ze Gan]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-06 16:39:13 +08:00
lixiaoyuner
ca29197184
Move k8s script to docker-config-engine (#14788)
Why I did it
To reduce the container's dependency from host system

Work item tracking
Microsoft ADO (number only):
17713469
How I did it
Move the k8s container startup script to config engine container, other than mount it from host.

How to verify it
Check file path(/usr/share/sonic/scripts/container_startup.py) inside config engine container.

Signed-off-by: Yun Li <yunli1@microsoft.com>
Co-authored-by: Qi Luo <qiluo-msft@users.noreply.github.com>
2023-07-05 14:44:48 -07:00
Eric Seifert
4e78f58b53
Use execle instead of popen in tacas nss to avoid shell escape exploits (#15284)
Why I did it
Tacacs nss library uses popen to execute useradd and usermod commands. Popen executes using a shell (/bin/sh) which is passed the command string with "-c". This means that if untrusted user input is supplied, unexpected shell escapes can occur. In this case the username supplied can be untrusted user input when logging in via ssh or other methods when tacacs is enabled. Debian has very little limitation on usernames and as such characters such as quotes, braces, $, >, | etc are all allowed. Since the nss library is run by root, any shell escape will be ran as root.

In the current community version of tacacs nss library, the issue is mitigated by the fact that the useradd command is only ran if the user is found to exist on the tacacs server, so the bad username would have to already exists there which is unlikely. However, internally (at Dell) we had to modify this behavior to support other tacacs servers that do not allow authorization messages to verify user existence prior to a successful authentication. These servers include Cisco ISE and Aruba ClearPass. In order to support these tacacs+ servers, we have to create a temporary user immediately, which means this would be a much bigger issue.

I also plan to supply the patch to support ISE and ClearPass and as such, I would suggest taking this patch to remediate this issue first.

How I did it
Replace call to popen with fork/execl of the useradd/usermod binary directly.

How to verify it
Install patched version of libnss-tacplus and verify that tacacs+ user login still works as expected.
2023-07-05 14:41:44 -07:00
leo lin
c6dbfa988e
[Ufispace][PDDF] Add support for S9300-32D platform (#14922) 2023-07-05 14:39:01 -07:00
Arvindsrinivasan Lakshmi Narasimhan
eaa795deb8
Revert "[gearbox] use credo sai v0.9.0 (#14149)" (#15708)
Reverts #14149

This SAI libsaicredo_0.9.0_amd64.deb causing packet forwarding issues on Linecards aristanetworks/sonic#92

This reverts commit c4c621c614.
2023-07-05 10:42:46 -07:00
Ze Gan
2f8994999b
[dash-api]: Add dash-api and related protobuf library (#14515)
Why I did it
For the DASH scenario, the APP_DB will be optimized by protobuf message for less memory consumption.

How I did it
Download the Debian package of protobuf 3.21.12 and create a corresponding rule for building it.
Add a submodule of sonic-dash-api and generated its Debian package which includes C++ library and Python library

How to verify it
Check artifacts of Azp that the protobuf-related and dash-api deb packages should be generated.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2023-07-05 09:59:35 -07:00
mssonicbld
de65640633
[ci/build]: Upgrade SONiC package versions (#15715) 2023-07-05 18:37:13 +08:00
kenneth-arista
1dfe35cadb
Add YANG model for FABRIC_PORT (#15629)
#### Why I did it

Introduce YANG model for FABRIC in CONFIG_DB, which was added in https://github.com/sonic-net/sonic-buildimage/pull/14170.

#### How I did it

This is a clone of @jfeng-arista's PR https://github.com/sonic-net/sonic-buildimage/pull/14282 to resolve conflicts with upstream changes. 

#### How to verify it

Passing pipeline build is sufficient.
2023-07-03 13:57:26 -07:00
mssonicbld
7ef59d556b
[ci/build]: Upgrade SONiC package versions (#15706) 2023-07-03 19:18:54 +08:00
mssonicbld
aa5164ef09
[ci/build]: Upgrade SONiC package versions (#15647) 2023-07-01 18:39:31 +08:00
mssonicbld
91fb7836fd
[submodule] Update submodule sonic-platform-common to the latest HEAD automatically (#15697)
#### Why I did it
src/sonic-platform-common
```
* 10af810 - (HEAD -> master, origin/master, origin/HEAD) More prevention of fatal exception caused by VDM dictionary missing fields when a transceiver has just been pulled (#376) (5 hours ago) [snider-nokia]
```
#### How I did it
#### How to verify it
#### Description for the changelog
2023-07-01 16:34:13 +08:00
mssonicbld
eb9639edba
[submodule] Update submodule sonic-swss to the latest HEAD automatically (#15699) 2023-07-01 15:20:46 +08:00
Andrew Sapronov
c190a8f795
[Netberg][Barefoot] Added support for Aurora 710 (#15298)
* [202012][platform/barefoot] (#8543)

Why I did it
Pcied running by python 2.

How I did it
dropped python2 support and add python3 support for pcied in file docker-pmon.supervisord.conf.j2

How to verify it
docker exec pmon supervisorctl status

* [Netberg][nba710] Added initial support for Aurora 710

Signed-off-by: Andrew Sapronov <andrew.sapronov@gmail.com>

---------

Signed-off-by: Andrew Sapronov <andrew.sapronov@gmail.com>
Co-authored-by: Kostiantyn Yarovyi <kostiantynx.yarovyi@intel.com>
2023-06-30 17:30:07 -07:00
Lawrence Lee
b4a3711a95
[arp_update]: Fix IPv6 neighbor race condition (#15583)
* [arp_update]: Fix IPv6 neighbor race condition on dualtors
Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2023-06-30 14:06:25 -07:00
Hua Liu
c91707ff31
Migrate flush_unused_database from py-redis to sonic-swss-common (#15511)
Migrate flush_unused_database from py-redis to sonic-swss-common

#### Why I did it
flush_unused_database using py-redis, but sonic-swss-common already support flushdb, so we need migrate to sonic-swss-common

##### Work item tracking
- Microsoft ADO **(number only)**: 24292565

#### How I did it
Migrate flush_unused_database from py-redis to sonic-swss-common

#### How to verify it
Pass all UT and E2E test

#### Description for the changelog
Migrate flush_unused_database from py-redis to sonic-swss-common
2023-06-29 15:08:54 -07:00
snider-nokia
aa46167fdd
[Nokia][sonic-platform] Update Nokia sonic-platform submodule (#15239)
Why I did it
To support dynamic swapping of module types/speeds (400G/100G/40G)
To optimize CMIS ZR optics operation
How I did it
Reinitialize xcvr_api at module removal/insertion time, and also optimize cache for ZR optics.

How to verify it
Verify that different (supported) module types can be dynamically swapped (removed/inserted) and that each is properly provisioned by Xcvrd and has its EEPROM information accurately reported in Redis DB (using "show transceiver eeprom") as well as "sfputil show eeprom" direct access.

Also verify that Xcvrd initialization and operation with 400G CMIS ZR optics is both efficient and functional.
** edit 6/14/23: pushed enhanced caching (full memory map) support and elimination of base class APIs override.
2023-06-29 11:05:45 -07:00
mssonicbld
874390a14e
[submodule] Update submodule sonic-swss-common to the latest HEAD automatically (#15658) 2023-06-29 16:29:45 +08:00
mssonicbld
5aaa65db6c
[submodule] Update submodule sonic-restapi to the latest HEAD automatically (#15657) 2023-06-29 15:06:03 +08:00