#### Why I did it
The test plan described in the `How to verify it` section caused an issue when 3 images (instead of 2) were present when executing `show boot` or `sonic-installer list` commands:
```
root@sonic:/home/admin# show boot
Current: SONiC-OS-master.0-dirty-20220118.165941
Next: SONiC-OS-master.0-dirty-20220118.165941
Available:
SONiC-OS-master.0-dirty-20220118.165941
SONiC-OS-202012.201-a0376a6e5_Internal
SONiC-OS-202012.201-a0376a6e5_Internal_RPC
```
#### How I did it
Fixed the `sed` pattern to match the current image revision in the `install.sh` script.
#### How to verify it
Test plan:
1. Install the `imageA` by using ONIE
2. Install the `imageA-rpc` by using `sonic-installer`
3. Reboot the switch
4. Swap to the `imageA` - `sonic-installer set-default imageA`
5. Reboot the switch
6. Install the `imageB` by using `sonic-installer`
7. Check an installed images - `show boot`
8. Reboot the switch
9. Check an installed images - `show boot`
Why I did it
To sign SONiC kernel image and allow secure boot based system to verify SONiC image before loading into the system.
How I did it
Pass following parameter to rules/config.user
Ex:
SONIC_ENABLE_SECUREBOOT_SIGNATURE := y
SIGNING_KEY := /path/to/key/private.key
SIGNING_CERT := /path/to/public/public.cert
How to verify it
Secure boot enabled system enrolled with right public key of the, image in the platform UEFI database will able to verify image before load.
Alternatively one can verify with offline sbsign tool as below.
export SBSIGN_KEY=/abc/bcd/xyz/
sbverify --cert $SBSIGN_KEY/public_cert.cert fsroot-platform-XYZ/boot/vmlinuz-5.10.0-8-2-amd64 mage
O/P:
Signature verification OK
* [CG-Fix-CVE-2021-44906] Patching on thrift.0.14.1 for package minimist
Signed-off-by: richardyu-ms <richard.yu@microsoft.com>
* add more information in patch
Signed-off-by: richardyu-ms <richard.yu@microsoft.com>
* Update 0003-Remove-minimist-packages.patch
* change the thrift 0.14.1 to package download
Signed-off-by: richardyu-ms <richard.yu@microsoft.com>
* use the series file for patching
* fix a code defect
Co-authored-by: Richard.Yu <richard.yu@microsoft.com>
Why I did it
Minigraph parser added a new field 'cluster' to device_metadata, and then yang validation is blocked.
How I did it
Add 'cluster' to device_metadata yang models.
How to verify it
Run UT for sonc-yang-models.
Use minigraph parser to generate ConfigDB schema and run yang validation.
Signed-off-by: Gang Lv ganglv@microsoft.com
Why I did it
dhcp_server is introduced, and need to update yang model.
How I did it
Update yang models and add unit test.
How to verify it
Run unit test for sonic-yang-models.
Signed-off-by: Gang Lv ganglv@microsoft.com
The interface renaming logic fails if one interface is missing.
Because of the `set -e` the whole initramfs hook would abort early on
error.
This change fixes the current behavior to make sure missing interfaces
are properly skipped and ensure existing interface are renamed.
On some products the pci enumeration adds randomness into which nic gets
initialized first.
Because SONiC doesn't use deterministic interface naming but instead old
style interface naming, this leads to eth0 not always being the
management port.
To make sure eth0 is always the management port (SONiC expectation)
rename the interfaces in the initramfs for Arista products.
- Why I did it
There is a hardware bug that PSU voltage threshold sysfs returns incorrect value. The workaround is to call "sensor -s" to refresh it.
- How I did it
Call "sensor -s" when the threshold value is not incorrect and PSU is "DELTA 1100"
- How to verify it
Unit test and Manual test
Why I did it
minigraph parser has introduced new type.
How I did it
Update yang models to support BmcMgmtToRRouter.
How to verify it
Run unit test for sonic-yang-models
Signed-off-by: Gang Lv ganglv@microsoft.com
Why I did it
Need to run yang validation for sonic-cfggen unit test, and many unit test does not provide speed for port table.
How I did it
Update minigraph xml.
How to verify it
Run sonic-cfggen unit test.
Signed-off-by: Gang Lv ganglv@microsoft.com
Why I did it
ASN range is from 1 to 4294967295, need to remove invalid ASN.
How I did it
Update unit test and replace ASN 0.
How to verify it
Run unit test for sonic-config-engine.
Signed-off-by: Gang Lv ganglv@microsoft.com
Why I did it
sonic-config-engine unit test is using invalid switch_type
How I did it
Update xml with correct switch_type
How to verify it
Run UT for sonic-config-engine
Signed-off-by: Gang Lv ganglv@microsoft.com
Why I did it
Need to run yang validation for sonic-cfggen unit test, and many unit test does not provide lanes for port table.
How I did it
Update port config file.
How to verify it
Run sonic-cfggen unit test,
Use below PR to verify
#10228
Signed-off-by: Gang Lv ganglv@microsoft.com
Why I did it
Config db schema generated by minigraph can’t pass yang validation, deployment_id can’t be none for yang validation.
How I did it
Update minigraph.py, skip deployment_id with None value
How to verify it
Run UT for sonic-config-enginue.
Run command 'sonic-cfggen -m tests/multi_npu_data/sample-minigraph-noportchannel.xml -p tests/multi_npu_data/sample_port_config-3.ini -n asic3 --print-data'.
Signed-off-by: Gang Lv ganglv@microsoft.com
Why I did it
Multi-asic platform add aisc_port_name and role to PORT table, and port_index range is changed.
How I did it
Update sonic-port.yang, add asic_port_name and role, and remove range limitation.
How to verify it
Run UT for sonic-yang-models.
Signed-off-by: Gang Lv ganglv@microsoft.com
Why I did it
end2end test is blocked by Yang model for BGP_PEER_RANGE.
How I did it
Add new yang models.
How to verify it
Run UT for sonc-yang-models.
Signed-off-by: Gang Lv ganglv@microsoft.com
Signed-off-by: Gang Lv ganglv@microsoft.com
<!--
Please make sure you've read and understood our contributing guidelines:
https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md
** Make sure all your commits include a signature generated with `git commit -s` **
If this is a bug fix, make sure your description includes "fixes #xxxx", or
"closes #xxxx" or "resolves #xxxx"
Please provide the following information:
-->
#### Why I did it
end2end test is blocked by Yang model for AAA login pattern.
#### How I did it
Add pattern to AAA yang models.
#### How to verify it
Run UT for sonc-yang-models.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->
Fix#9713
#### A picture of a cute animal (not mandatory but encouraged)
* Ported platform from master
Signed-off-by: Petro Bratash <petrox.bratash@intel.com>
* [BFN] Updated x86_64-accton_as9516_32d-r0/platform.json
* [BFN] Refactoring and adding some functions of Thermal class (set and
get thresholds and etc.)
* [BFN] Fix exception when fwutil run without sudo
* Revert "[BFN] syncd-rpc build with thrift 0.14.1 (#9884)"
This reverts commit bec35267cb.
* [BFN] Updated SDK to 20220127_sai_1.9.1 (#9870)
Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>
* [BFN] updated SDE packages for BFN platforms (#10512)
Updated SDE packages for bfn platform
- introduced X6 profile
- fixes for drop counters
- fixes for platform part
Co-authored-by: Andriy Kokhan <AndriyX.Kokhan@intel.com>
Co-authored-by: roman_savchuk <romanx.savchuk@intel.com>
* Bump Thrift version from 0.13.0 to 0.14.1 (#9881)
#### Why I did it
To bump the Thrift version to 0.14.1
- To avoid [CVE-2020-13949](https://nvd.nist.gov/vuln/detail/CVE-2020-13949)
- to fix some dependencies issues
#### How I did it
- rename `src/thrfit_0_13_0` to `src/thrift_2` to remove version number in the path. (`src/thrift` contains rules to build thrift 0.11.0 )
- Add thrift sources as submodule as there are no prepared debian packages for version >0.13.0 on [debian.org](https://packages.debian.org/search?searchon=sourcenames&keywords=thrift)
- Added patches with fixes for original thrift debian rules:(remove unneeded packages, fix multi job build)
#### How to verify it
```
BLDENV=buster make -f Makefile.work target/debs/buster/libthrift-dev_0.14.1_amd64.deb
```
* Correct thrift 0141 typo fix (#10199)
Correct libsaithrift dependency package name from
LIBTHRIFT_DEV_0_14_1 THRIFT_COMPILER_0_14_1 to
LIBTHRIFT_0_14_1_DEV THRIFT_0_14_1_COMPILER
How I did it
How to verify it
Test Done:
make BLDENV=buster SAITHRIFT_V2=y -f Makefile.work target/debs/buster/saiserverv2_0.9.4_amd64.deb
Co-authored-by: Myron Sosyak <myronx.sosyak@intel.com>
89d0e92 (HEAD -> 202111, origin/202111) [scripts/fast-reboot] cleanup (#2132)
e0baa93 [config/config_mgmt.py]: Fix dpb issue with upper case mac in (#2066)
2135269 (HEAD -> 202111, origin/202111) [SSD]Enhance ssd_generic with more error handling to avoid python crash #271
393fbee [SSD Generic] Add support for parsing nvme ssd model, health and temperature (#265)
b67d479 Fixed the sfp refactor issue
827c5a6 Added nokia_cmd command nokia_common grpc support for power down/up SFM module
aeb7f56 Added the nokia cli commands for midplane
c57d083 Fix the get_my_module issue and the thermal_infos exception issue.
0536293 Change the output of "show chassis module status"
63212d7 Enhance the help display for nokia_cmd command
e8d2599 Fix the sonic_install_ndk_service script issue
d52bdcf Add command nokia_cmd show sfm-eeprom support
Signed-off-by: mlok <marty.lok@nokia.com>
Why I did it
Running warm-reboot in a loop for 500 times leads to this error on 318-th iteration:
Apr 2 15:56:27.346747 sonic INFO swss#/supervisord: restore_neighbors Traceback (most recent call last):
Apr 2 15:56:27.346747 sonic INFO swss#/supervisord: restore_neighbors File "/usr/bin/restore_neighbors.py", line 24, in <module>
Apr 2 15:56:27.346747 sonic INFO swss#/supervisord: restore_neighbors from scapy.all import conf, in6_getnsma, inet_pton, inet_ntop, in6_getnsmac, get_if_hwaddr, Ether, ARP, IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr
Apr 2 15:56:27.346795 sonic INFO swss#/supervisord: restore_neighbors File "/usr/local/lib/python3.7/dist-packages/scapy/all.py", line 25, in <module>
Apr 2 15:56:27.346956 sonic INFO swss#/supervisord: restore_neighbors from scapy.route import *
Apr 2 15:56:27.346995 sonic INFO swss#/supervisord: restore_neighbors File "/usr/local/lib/python3.7/dist-packages/scapy/route.py", line 205, in <module>
Apr 2 15:56:27.347089 sonic INFO swss#/supervisord: restore_neighbors conf.iface = get_working_if()
Apr 2 15:56:27.347129 sonic INFO swss#/supervisord: restore_neighbors File "/usr/local/lib/python3.7/dist-packages/scapy/arch/linux.py", line 128, in get_working_if
Apr 2 15:56:27.347213 sonic INFO swss#/supervisord: restore_neighbors ifflags = struct.unpack("16xH14x", get_if(i, SIOCGIFFLAGS))[0]
Apr 2 15:56:27.347250 sonic INFO swss#/supervisord: restore_neighbors File "/usr/local/lib/python3.7/dist-packages/scapy/arch/common.py", line 31, in get_if
Apr 2 15:56:27.347345 sonic INFO swss#/supervisord: restore_neighbors return ioctl(sck, cmd, struct.pack("16s16x", iff.encode("utf8")))
Apr 2 15:56:27.347365 sonic INFO swss#/supervisord: restore_neighbors OSError: [Errno 19] No such device
The issue was reported to scapy devs secdev/scapy#3369, the fix is secdev/scapy#3371, however there is no released scapy version with this fix right now, thus decided to build scapy v2.4.5 from sources and apply the fix in a form of a patch.
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
- Why I did it
Fixes#9628
During bootup, this error log is seen
Dec 22 04:26:29 sonic interfaces-config.sh[2546]: error: main exception: cannot find interfaces: eth0 (interface was probably never up ?)
This is of non-functional nature and doesn't affect the flow.
- How I did it
Dont take the ifdown if not needed
- How to verify it
Verified during reboot. Log did not appear and IP was acquired on eth0 as expected
Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
Cherry-pick #10108
- Why I did it
Fixing issue #9991
The ACL RULE table field ETHER_TYPE can accept both hex as well as decimal values. However yang model didn't allow decimal values. Fixed it to allow decimal values (same pattern as in hex (1536-65535)
- How I did it
Updated yang model to handle decimal values
- How to verify it
Added UT to verify it.
bd97dfe Fix urllib3 CVE-2021-33503 issue (#104)
f159bfa Upgrade the containers to be based on Debian Buster (#103)
a1830c1 Fix OpenAPI spec to be readable by autorest (#101)
94805a3 Identify and report Vnet GUID for conflicting VNI (#99)
4832dfd Static route expiry if not specified as persistent (#98)
5cc4358 Add support for overlay ECMP (#96)
6822a46 [CI] Set diff cover threshold to 50% (#97)
dcc826a Add PR diff coverage (#95)
This PR is to backport #10401 to 202111
- Why I did it
Take new hw-mgmt release to SONiC, including:
new features:
hw-mgmt: add to PSU FW upgrade tool command to show current FW version
hw-mgmt: add to PSU FW upgrade tool support for single-PSU-in-the-system FW upgrade
hw-mgmt: add attribute “/firmware” to show FW version of restricted upgradable PSUs only
hw-mgmt: Add NVME temperature reports attributes (_alarm/_crit/_min/_max)
bug fix:
psu: redundant i2c_addr attributes being created for psu 3 & 4 in system having only 2 psus.
hw-mgmt: in SPC1/2 i2c driver removal is too slow vs. ASIC reset causing non-functional log errors
PSU thresholds sysfs changed in 5.10 to “read only” preventing modification (modification required due PSU HW bug)
CPLD3 sysfs attribute missing after chip down/up flow
sysfs attributes missing when hw-mgmt is restarted (stop/start) within systemd
release notes can be found from link https://github.com/Mellanox/hw-mgmt/blob/V.7.0020.2004/debian/Release.txt
- How I did it
Update hw-mgmt make file with new version number
Update hw-mgmt submodule pointer
- How to verify it
Run platform regression on all Mellanox platform
Signed-off-by: Kebo Liu <kebol@nvidia.com>
Why I did it
Exclude the innovium build in upgrading version build, currently, the builds are always failed, exclude the build temporarily.
Increase the broadcom build timeout.
- Why I did it
Fastboot will delay all counters in CONFIG DB, it relies on enable_counters.py to recover the delayed counters. However, enable_counters.py does not recover those non-default counters.
- How I did it
For non-default counters, if it is in CONFIG DB, put delay status to false after the waiting.
- How to verify it
Manual test
c5c105f (HEAD -> 202111, origin/202111) [PBH] Implement Edit Flows (#2093)
7050581 [techsupport] Handle minor fixes of TS Lock and update auto-TS (#2114)
3602f99 Fix issues in clear_qos (#2122)
4f96d3b Fixing get port speed when oper status is down (#2123)
5bb99c7 Validate LAG has members before mirror session create (#2130)
ec6c8af [vxlan] Remove tunnel map objects on VNET tunnel removal (#2150)
7e7db19 [BFD]Registering BFD state change callback during session creation (#2202)
618fe07 [VNET]Fixing nexthop group delete during route change (#2198)
91b66df [portsorch]: Prevent LAG member configuration when port has active ACL binding (#2165)
29de9d0 Remove redundant and problematic code to skip "pool" field in buffer profile handling (#2197)
ded0b45 [PBH] Implement Edit Flows (#2169)
2ee0f49 [neighsyncd] increase neighsyncd timeout (#2209)
a0160c0 [QosOrch] The notifications cannot be drained in QosOrch in case the first one needs to retry (#2206)
