#### Why I did it
Mellanox builds were failing intermittently due to the `issue_version` file and MFT package not building correctly in the Azure pipeline environment (both of these packages were patched to build correctly with bullseye running on the host and buster running on the dockers)
#### How I did it
Fixed two problems:
1. BLDENV is not passed to the Makefiles so the references to this were replaced with correct logic
2. `issue_version` was not defined as a target for bullseye and as such was not cached. Altered the build such that it is defined as a target for bullseye (in the case of buster it builds the file, in the case of bullseye it copies from buster)
The previous PR fixing this was reverted as it is no longer necessary for a passing build and was not a long-term fix. https://github.com/Azure/sonic-buildimage/pull/9235
#### How to verify it
Build on AZP and verify success.
c8eceec 400zr initial support (#228)
ef55364 SSD Health: Retrieve SSD health and temperature values from generic SSD info (#229)
26c8346 Fix cmis cable length issue (#225)
671927d Fix typo in the simulated y_cable driver (#226)
51a9aca [sfp-refactor] Add initial support for CMIS in sonic_xcvr (#220)
Signed-off-by: Prince George <prgeor@microsoft.com>
#### Why I did it
Changes required for feature "Event Driven TechSupport Invocation & CoreDump Mgmt". [HLD](https://github.com/Azure/SONiC/pull/818 )
Requires: https://github.com/Azure/sonic-utilities/pull/1796.
Merging in any order would be fine.
Summary of the changes:
- Added the YANG Models for the new tables introduces as a part of this feature.
- Enhanced init_cfg.json with the default config required
- Added a compile Time flag which enables/disables the config required for this feature inside the init_cfg.json
- Enhanced the supervisor-proc-exit-listener script to populate `<feature>:<critical_proc> = <comm>:<pid>` info in the STATE_DB when it observes an proc exit notification for the critical processes running inside the docker.
Remove the "4.19..." specific code to add "-unsigned" suffix and just do so for any linux version.
For the syseeprom API part, have the Arista syseeprom class inherit from a class that can populate db.
Co-authored-by: Zhi Yuan (Carl) Zhao <zyzhao@arista.com>
Why I did it
For sonic-mgmt Platform API tests to have data to compare with
How I did it
updated platform info for device x86_64-accton_wedge100bf_32x-r0
How to verify it
Run sonic-mgmt Platform API tests get_name fo:
chassis
fans
fan_drawers
psus
thermals
6f1a0ea (HEAD, origin/master, origin/HEAD, master) [FlexCounter] Add support for ACL counters (#953)
67b3136 [vslib] fill aclcapability.is_action_list_mandatory field (#957)
eba6a1b [ci]: use native armhf and arm64 pool (#965)
04793b1 [az] Set diff coverage threshold to 50% (#963)
6092d50 [syncd] Add workaround for warm boot new objects (#960)
88b62ce Added Flex Counters support for tunnel counters (#886)
a718226 [Counters] Query Counters Stats Capabilities (#952)
Why I did it
To include capabilities fields in platform.json of DellEMC S6000, S6100, Z9332f platforms.
How I did it
Add the capabilities fields in each platform's respective platform.json.
How to verify it
Ran sonic-mgmt platform api test cases that use capabilities fields and verified that the results are as expected.
This commit fixes/avoids the following errors encountered during the
marvell-armhf build for bullseye
- Fix Marvell prestera DMA driver build failure due to kallsyms_lookup_name()
no longer being exported by the updated bullseye kernel. This is a temporary
fix that will be replaced by a future version of the DMA driver.
- Update qemu-user-static version to align with the new glibc version included
in bullseye
- Skip systemd-sonic-generator unit tests to avoid test failures. Root cause is
still TBD
#### Why I did it
Fix the following build errors observed when building marvell-armhf for bullseye
1. Marvell Prestera DMA driver uses kernel API no longer exported
ERROR: modpost: "kallsyms_lookup_name" [/sonic/platform/marvell-armhf/prestera/mrvl-prestera/cpssEnabler/linuxNoKernelModule/drivers//mvDmaDrv.ko] undefined!
2. Old qemu-user-static version does not support semop() leading to following build failure
semop(1): encountered an error: Function not implemented
3. systemd-sonic-generator unit test failure
ssg-test.cc:217: Failure
Expected equality of these values:
find_string_in_file(str_t, target, num_asics)
Which is: false
expected_result
Which is: true
Error validating Before=single_inst.service in test.service
[ FAILED ] SsgMainTest.ssg_main_40_npu (20 ms)
[----------] 4 tests from SsgMainTest (36 ms total)
[----------] Global test environment tear-down
[==========] 10 tests from 3 test suites ran. (54 ms total)
[ PASSED ] 7 tests.
[ FAILED ] 3 tests, listed below:
[ FAILED ] SsgMainTest.ssg_main_single_npu
[ FAILED ] SsgMainTest.ssg_main_10_npu
[ FAILED ] SsgMainTest.ssg_main_40_npu
3 FAILED TESTS
BRCM SAI missed implementing the SAI API "sai_query_stats_capability()" which is causing build issue.
The build issue is impacting PR(s) that need to use this API.
This PR is to stubbed BRCM SAI to add this SAI API and return not implemented so that it will fix build issue that it is causing.
No other functional changes were made.
This pull request add a bash plugin for TACACS+ per-command authorization
#### Why I did it
1. To support TACACS per command authorization, we check user command before execute it.
2. Fix libtacsupport.so can't parse tacplus_nss.conf correctly issue:
Support debug=on setting.
Support put server address and secret in same row.
3. Fix the parse_config_file method not reset server list before parse config file issue.
#### How I did it
The bash plugin will be called before every user command, and check user command with remote TACACS+ server for per-command authorization.
#### How to verify it
UT with CUnit cover all code in this plugin.
Also pass all current UT.
#### Which release branch to backport (provide reason below if selected)
N/A
#### Description for the changelog
Add Bash TACACS+ plugin.
#### A picture of a cute animal (not mandatory but encouraged)
The issu-version file for Mellanox is generated from the Mellanox SDK
libraries. The SDK is installed into a Buster docker container, but the
issu-version file goes onto the base OS, which is Bullseye. To work
around this, the issu-version build rules explicitly copies the
issu-version file to target/files/bullseye/ during the Buster build.
Because of our build infra, if caching is enabled and a cache is being
used, then for issu-version, since it is technically built as part of
Buster, then only target/files/buster/issu-version is saved into the
cache, and target/files/bullseye/issu-version isn't cached. If this
cache gets used, then target/files/bullseye/issu-version is missing, and
the final image build fails.
This is to work around the current build issue where Mellanox builds are
failing. This is so that issu-version is always "built", so that copy is
made into the bullseye directory.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Fix support for DHCPV6 Relay multi vlan functionality. Make sure the relayed packet is received at correct interface.
How I did it
Bind a socket to each vlan interface's global and link-local address.
Socket binded to global address is used for relaying data from client to server and receiving data from servers.
Socket binded to link-local address is used for relaying data received from server back to the client.
When sshd realizes that this login can't succeed due to internal device state
or configuration, instead of failing right there, it proceeds to prompt for
password, so as the user does not get any clue on where is the failure point.
Yet to ensure that this login does not proceed, sshd replaces user provided password
with a specific pattern of characters matching length of user provided password.
This pattern is "INCORRECT", which is bound to fail.
If user provided length is smaller/equal, the substring of pattern is overwritten.
If user provided length is greater, the pattern is repeated until length is exhausted.
But if the PAM-tacacs plugin would send this password to AAA, the user could get
locked out by AAA, for providing incorrect value.
How I did it
Hence this fix, matches obtained password against the pattern. If match, fail just before
reaching AAA server.
Why I did it
To add ACL FC to the YANG model.
How I did it
Added to the YANG model and added a UT.
How to verify it
Together with depends PRs. Run ACL/Everflow test suite.
Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
* [ACL] enable ACL FC when genereting config from minigraph but disable by default
Why I did it
To support ACL counters on Flex Counter Infrastructure.
How I did it
Enable ACL FC in init_cfg and minigraph. Disable when genereting configuration from preset.
How to verify it
Together with depends PRs. Run ACL/Everflow test suite.
Signed-off-by: Stepan Blyshchak <stepanb@nvidia.com>
ipmihelper files are repeated for few DellEMC platforms. Removed the
files in sonic_platform since as part of debian rules,ipmihelper will be
copied to necessary directory.
* Make neccesary changed to mellanox platform code to build on Debian 11
* Revert use of backported kernel to build mft and elect to only build kernel module under bullseye
Allow mellanox platform to build and successfully switch packets in
Debian 11
Upgraded
* Mellanox SDK
* Mellanox Hardware Management
* Mellanox Firmware
* Mellanox Kernel Patches
Adjusted build system to support host system running bullseye and
dockers running buster.
Also add out of tree pca9548 mux driver to use platform data to mapping i2c bus with front panel port.
Signed-off-by: Jakkapan Jangmuang <jjangmua@celestica.com>
Co-authored-by: Saikrishna Arcot <sarcot@microsoft.com>
1. Fix build for armhf and arm64
2. upgrade centec tsingma bsp support to 5.10 kernel
3. modify centec platform driver for linux 5.10
Co-authored-by: Shi Lei <shil@centecnetworks.com>
Add an include in saibcm-modules and saibcm-modules-dnx that are now
needed due to Mellanox kernel patches.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
