Commit Graph

6979 Commits

Author SHA1 Message Date
Yutong Zhang
dc0ceaa500
[TestbedV2] Add dualtor test using TestbedV2. (#12601)
Add dualtor test using TestbedV2 in buildimage repo.

Why I did it
Add dualtor test using TestbedV2 in buildimage repo.

How I did it
Add dualtor test using TestbedV2 in buildimage repo.

Signed-off-by: Yutong Zhang <yutongzhang@microsoft.com>
2022-11-07 19:48:06 +08:00
lixiaoyuner
c3a51b2d0d
Fix code irregular issues (#12595)
* Fix code irregular issues

Signed-off-by: Yun Li <yunli1@microsoft.com>
2022-11-07 13:06:19 +08:00
xumia
61246b62c8
[Build] Fix the docker-sync not found issue (#12593)
Why I did it
[Build] Fix the docker-sync not found issue

How I did it
When SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD not enabled, not to remove the docker-sync tag.
2022-11-07 10:04:43 +08:00
StormLiangMS
661c467858
Revert "[sonic-config-engine] Replace os.system, replace yaml.load, remove subprocess with shell=True (#12533)" (#12616)
This reverts commit 934871cce1. 

Unblocking sync from github to internal
2022-11-07 09:32:42 +08:00
Mai Bui
61a085e55e
Replace os.system and remove subprocess with shell=True (#12177)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
remove `shell=True`, use `shell=False`
Replace `os` by `subprocess`
2022-11-04 10:48:51 -04:00
Mai Bui
b522b7762f
[sonic-py-common] Remove subprocess with shell=True (#12562)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
#### How to verify it
Manual test
Pass UT
2022-11-04 10:25:17 -04:00
jerseyang
7fb8bf7012
Fix the pddf_custom_wdt driver rarely reports kernel dump issue while reboot in belgite platform (#12322)
Why I did it
SONiC will report the kernel dump while system reboot in Belgite platform as the following shows:

How I did it
Cause:

Invalid cdev container pointer from the inode is being accessing in misc
device open, which causes a memory corruption in the slub.
Because of the slub corruption, random crash is seen during reboot.
Fix: - Instead of cdev pointer from the inode, mdev container pointer is
used from the file->privdate_data member.

Action: update the pddf_custom_wdt driver,

How to verify it
Do the reboot stress test to check whether there is kernel dump during reboot progress
2022-11-04 19:26:18 +08:00
xumia
d7a9f18d18
[ci] Upload the debian packages (#12582)
Why I did it
[ci] Upload the debian packages
2022-11-04 15:40:16 +08:00
Hua Liu
7b813a90b0
Update sonic-swss-common submodule (#12578)
#### Why I did it
Submodule update for sonic-swss-common with following change:
```
276f47c [sonic-db-cli] Fix sonic-db-cli crash when database config file not ready issue. (#639)
```

#### How I did it

#### How to verify it

#### Which release branch to backport (provide reason below if selected)

<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106

#### Description for the changelog
Submodule update for sonic-swss-common with following change:
276f47c [sonic-db-cli] Fix sonic-db-cli crash when database config file not ready issue. (#639)


#### A picture of a cute animal (not mandatory but encouraged)
2022-11-04 10:55:16 +08:00
bingwang-ms
6169ae3ee3
Add lossy scheduler for queue 7 (#12596)
* Add lossy scheduler for queue 7
2022-11-04 08:12:00 +08:00
Junchao-Mellanox
830b7d8cb4
[Mellanox] Use sdk sysfs instead of ethtool (#12480) 2022-11-03 11:17:44 -07:00
tjchadaga
763d3dc29d
Allow TSA on ibgp sessions between linecards on packet chassis (#12589) 2022-11-03 08:54:33 -07:00
Hua Liu
1f88a3ee0a
[openssh] Export remote address to environment variable for TACACS authorization. (#12447)
Export remote address to environment variable for TACACS authorization.

#### Why I did it
When remote user login, nss-tacplus need user remove address for TACACSS authorization.

#### How I did it
Export remote address to environment variable "SSH_REMOTE_IP"

#### How to verify it
Pass all E2E test.

#### Which release branch to backport (provide reason below if selected)

<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205

#### Description for the changelog
Export remote address to environment variable for TACACS authorization.

#### Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.

#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->

#### A picture of a cute animal (not mandatory but encouraged)
2022-11-03 17:31:13 +08:00
Mai Bui
b3a8167968
[system-health] Remove subprocess with shell=True (#12572)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
#### How to verify it
Pass UT
Manual test
2022-11-02 10:16:48 -04:00
lixiaoyuner
e1440f0044
Improve feature mode switch process (#12188)
* Fix kube mode to local mode long duration issue

* Remove IPV6 parameters which is not necessary

* Fix read node labels bug

* Tag the running image to latest if it's stable

* Disable image_version_higher check

* Change image_version_higher checker test case

Signed-off-by: Yun Li <yunli1@microsoft.com>
2022-11-02 17:24:32 +08:00
roman_savchuk
a31a4e7f82
Revert "[Barefoot] Add xon_offset to pg_profile_lookup.ini (#12073)" (#12568)
Why I did it
This changes should go with updated SDE for BFN. Without update we do see orchagent core dump.

How I did it
Revert changes

How to verify it
Deploy topology. No core dump appears
2022-11-02 09:10:07 +08:00
Hua Liu
2626573223
[TACACS] Send remote address in TACACS+ authorization message. (#12190)
Send remote address in TACACS+ authorization message.

#### Why I did it
TACACS+ authorization message not send remote address to server side.

#### How I did it
Send remote address in TACACS+ authorization message.

#### How to verify it
Pass all E2E test.
Create new test case to validate remote address been send to server side.

#### Which release branch to backport (provide reason below if selected)

<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205

#### Description for the changelog
Send remote address in TACACS+ authorization message.

#### Ensure to add label/tag for the feature raised. example - [PR#2174](https://github.com/sonic-net/sonic-utilities/pull/2174) where, Generic Config and Update feature has been labelled as GCU.

#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->

#### A picture of a cute animal (not mandatory but encouraged)
2022-11-01 08:42:55 +08:00
Praveen Chaudhary
2b7a3ac6c0
[yang-models]: Change name-space from Azure to sonic-net. (#12416)
Changes:
-- Change name-space from Azure to sonic-net.
-- Sort yang list in setup.py for yang-models list.

#### Why I did it
Sonic repo has moved to Linux-foundation.

#### How I did it
[yang-models]: Change name-space from Azure to sonic-net.

#### How to verify it
PR Tests are good enough to verify.
2022-10-31 16:37:25 -07:00
ntoorchi
45d174663a
Enable P4RT at build time and disable at startup (#10499)
#### Why I did it
Currently at the Azure build system, the P4RT container is disabled by default at the build time. Here the goal is to include the P4RT container at the build time while disabling it at the runtime. The user can enable/disable the p4rt app through the config based on the preference. 

#### How I did it
Changed the config in rules/config and init-cfg.json.j2
2022-10-31 16:18:42 -07:00
Saikrishna Arcot
0dd4d5dda9
[openssh]: Restore behavior of ClientAliveCountMax=0 (#12549)
* [openssh]: Restore behavior of ClientAliveCountMax=0

OpenSSH 8.2 changed the behavior of ClientAliveCountMax=0 such that
setting it to 0 disables connection-killing entirely when the connection
is idle. Revert that change.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

* Remove build-dep command that should not be there

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-10-31 16:00:05 -07:00
Vivek
5d83d424b1
Added BUILD flags to provision for building the kernel with non-upstream patches (#12428)
* Added ENV vars for non-upstream patches

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

* Made MLNX_PATCH_LOC an absolute path

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

* Added non-upstream-patches dir

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

* Update README.md

* Addressed comments

* Env vars updated

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

* Readme updated

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
2022-10-31 12:16:05 -07:00
Mai Bui
0fcd219c3b
[sonic-ctrmgrd] Replace os.system and remove subprocess with shell=True (#12534)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess.Popen()` and `subprocess.run()` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
Replace `os` by `subprocess`, remove `shell=True`
#### How to verify it
Passed UT
Tested in DUT
2022-10-31 11:12:03 -04:00
Mai Bui
a0055abb5d
[sonic-yang-mgmt] Replace subprocess using with shell=True (#12537)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
#### How to verify it
Pass UT
2022-10-31 10:44:54 -04:00
Mai Bui
934871cce1
[sonic-config-engine] Replace os.system, replace yaml.load, remove subprocess with shell=True (#12533)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
`yaml.load` can create arbitrary Python objects
#### How I did it
Replace `os` by `subprocess`, remove `shell=True`
Use `yaml.safe_load()`
#### How to verify it
Pass UT
2022-10-31 10:43:46 -04:00
zitingguo-ms
a60ebd387c
Update BRCM SAI version to 7.1.17.4 (#12546)
Signed-off-by: zitingguo-ms <zitingguo@microsoft.com>

Signed-off-by: zitingguo-ms <zitingguo@microsoft.com>
2022-10-31 20:08:45 +08:00
EdenGri
6bed69af6d
Add a yang model for the new "Logger" table in the CONFIG DB (#12067)
- Why I did it
Add the ability to the user to save the loglevel and make it persistent to reboot.

- How I did it
Move the logger tables from the LOGLEVEL DB to the CONFIG DB. Add new yang model to verify the new config schema.

- How to verify it
1. change the orchagent loglevel (for example) -> swssloglevel -c orchagent -l DEBUG
2. save the loglevel -> run config save
3. reboot
4. verify that the orchagent log level is still DEBUG ->run run redis-cli -n 4 hgetall "LOGGER|orchagent"
2022-10-31 10:42:12 +02:00
Dror Prital
d1df2843fa
[submodule] Advance sonic-utilities pointer (#12544)
Update sonic-utilities submodule pointer to include the following:
4a3d49d Fix exception in adding mirror_session when gre_type is absent (#2458)
7e7d05c Update the DBmigrator to support persistent loglevel during warm-upgrade (#2370)
c2841b8 [doc]: Update Command-Reference.md (#2444)
254cafc Event Counters CLI (#2449)
2dab0d0 [techsupport] Adding FRR EVPN dumps (#2442)
3c0aece [show][muxcable] add support for show mux firmware version all (#2441)

Signed-off-by: dprital <drorp@nvidia.com>
2022-10-31 10:41:25 +02:00
Dror Prital
b841e95824
[submodule] Advance sonic-swss-common pointer (#12553)
Update sonic-swss-common submodule pointer to include the following:
* abda263 Make the loglevel persistent by moving the LOGGER table from the LOGLEVEL DB to the CONFIG DB ([#687](https://github.com/sonic-net/sonic-swss-common/pull/687))

Signed-off-by: dprital <drorp@nvidia.com>
2022-10-31 10:40:43 +02:00
Junchao-Mellanox
4216f34453
[submodule] Advance sonic-swss-common pointer (#12510)
d0fdf62 Check whether a pointer created by dynamic_cast is null before using it. (#689)
2cae742 [Fast/Warm restart] Implement helper class for waiting restart done (#691)
2022-10-30 09:54:48 +02:00
Dror Prital
917ad1ffe0
[Mellanox] Update SDK/FW to version 4.5.3186/2010.3186 (#12542)
- Why I did it
Update SDK/FW version - 4.5.3186/2010_3186 in order to have the following changes:

New functionality:
1. Added support for 6.5W (Class 8) in ports 49-50, 53-54, 57-58, and 61-62 on SN4600 system

Fix the following issues:
1. On very rare occasion (~1/100K), during I2C transaction with MMS1V50-WM and MMS1V90-WR modules on SN4700 system, the module may send unexpected stop which violate the I2C specification, possibly affecting the link up flow
2. When running 1GbE speeds on SN4600 system, the port remained active while peer side was closed
3. While toggling the cable with ‘sfputil lpmode on/off’, error msg like “ERR pmon#xcvrd: Receive PMPE error event on module 1: status {X} error type {y}” could be received
4. When toggling many ports of the Spectrum devices while raising 10GbE link up and link maintenance is enabled, the switch may get stuck and may need to be rebooted
5. When trying to reconfigure the Flex Parser header and Flex transition parameters after ISSU, the switch will returned an error even if the configuration was identical to that done before performing the ISSU
6. While moving from lossless to lossy mode while shared headroom was used, reduction of the shared headroom can only be done prior to pool type change and when shared headroom is not utilized
7. SLL configuration is missing in SDK dump
8. If TTL_CMD_COPY is used in Encap direction for a packet with no TTL, then the value passed in the ttl data structure will be used if non-zero (default 255 if zero)
9. PCI calibration changes from a static to a dynamic mechanism
10. Layer 4 port information is not initialized for BFD packet event. To address the issue, remote peer UDP port information was added in BFD packet event
11. SDK returned error when FEC mode is set on twisted pair, when FEC was set to None

- How I did it
Update pointer for the SDK/FW

- How to verify it
Run regression tests

Signed-off-by: dprital <drorp@nvidia.com>
2022-10-30 09:31:09 +02:00
arlakshm
a85b34fd36
update notify-keyspace-events in redis.conf (#12540)
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan arlakshm@microsoft.com

Why I did it
closes #12343

Today in SONiC the notify-keyspace-events is from DbInterface class when application try do any configdb set.
In Chassis the chassis_db may not get any configdb set operations, so there is chance this configuration will never be set.
So the chassis_db updates from one line card will not be propogated to other linecards, which are doing a psubscribe to get these event.

How I did it
update the redis.conf to set notify-keyspace-events AKE so that the notify-keyspace-events are set when the redis instance is started

How to verify it
Test on chassis
2022-10-28 18:28:57 -07:00
Mai Bui
f34ca2b6a6
[sonic-eventd] Replace subprocess with shell=True (#12536)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`subprocess` is used with `shell=True`, which is very dangerous for shell injection.
#### How I did it
remove `shell=True`, use `shell=False`
2022-10-28 15:50:04 -04:00
Mai Bui
57e333e40a
[sonic-bgpcfgd] Replace getstatusoutput function (#12535)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`getstatusoutput()` function from `subprocess` module has shell injection issue because it includes `shell=True` in the implementation
#### How I did it
Use `getstatusoutput_noshell()` from sonic_py_common library
#### How to verify it
Tested in DUT
2022-10-28 15:37:51 -04:00
isabelmsft
db7459787c
Add yang_config_validation to minigraph.py (#12504) 2022-10-27 20:57:06 -05:00
Prince Sunny
538e4c0a97
[Restapi Yang] Fix issue with multiple certs (#12495)
*[Restapi Yang] Fix issue with multiple certs (#12495)
2022-10-27 14:18:37 -07:00
tjchadaga
89f76829fc
Update BRCM SAI version to 7.1.16.4 (#12515) 2022-10-27 13:31:34 -07:00
xumia
a771a26d99
[Build] Add the missing debian source bullseye-updates/buster-updates (#12522)
Why I did it
Add the missing debian source bullseye-updates/buster-updates

The build failure as below, it is caused by the docker image debian:bullseye used the version 2.31-13+deb11u5, but the version only available in bullseye-update.
2022-10-27 10:15:14 -07:00
Liu Shilong
3df031c9b1
[ci] Add azp trigger for future release branches. (#12508) 2022-10-27 17:36:43 +08:00
Liu Shilong
844f83171b
[action] Use pull_request_target trigger instead to avoid codeQL check approval (#12509) 2022-10-27 17:36:04 +08:00
Dmytro Lytvynenko
a4fe681b08
fix missing import error (#12511)
Why I did it
syseepromd in pmon crashes because of missing import in python script and doesn't get in running state

How I did it
Fix missing import issue to avoid python script failing

How to verify it
Boot system and wait till syseepromd gets into running state
2022-10-27 16:08:57 +08:00
DavidZagury
558c904021
Fix CVE-2022-37032 on FRR submodule (#12435)
* Fix CVE-2022-37032 on FRR submodule

Patch was cherry picked from FRRouting/frr repo - d8d77d3733bc299ed5dd7b44c4d464ba2bfed288

* Fix CVE-2022-37032 on FRR submodule

Patch was cherry picked from FRRouting/frr repo - d8d77d3733bc299ed5dd7b44c4d464ba2bfed288

* Update patch version number
2022-10-26 15:54:44 -07:00
Mai Bui
80a7762ff9
[netberg] Replace os.system (#12104)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content
#### How I did it
Replace `os` by `subprocess`
2022-10-26 18:26:48 -04:00
isabelmsft
3d9a6e46bc
Add yang_config_validation to DEVICE_METADATA yang model (#12497)
* Add yang_config_validation to DEVICE_METADATA yang model
2022-10-26 15:11:42 -05:00
Vivek
3058fb62e6
Loc moved to prev consolidation change (#12427)
Why I did it
Issue was caused by this #11341

*.bin image structure in 202205:

vkarri@19d5638dde2d:/sonic$ ls -l /tmp/tmp.9ibWSipeRw/installer/x86_64/
total 12
drwxr-xr-x 2 vkarri dip 12288 Oct 14 13:16 platforms
However install.sh which runs on ONiE parition expects the platform specific kernel cmd line conf file under platform/$onie_platform_string file https://github.com/sonic-net/sonic-buildimage/blob/master/installer/install.sh#L102

Thus, any platform which defines and depends on these params might be broken on master label.

How I did it
Since we are already filtering the conf files based on TARGET_PLATFORM in build_image.sh, i've just updated the location to installer/platforms instead of installer/$arch/platforms

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
2022-10-26 17:03:29 +08:00
Junhua Zhai
198b629884
[submodule]: Update sonic-sairedis (#12475)
2022-10-21 b7c85ca: [gbsyncd] Add asic db prefix for channel NOTIFICATIONS (sonic-net/sonic-sairedis#1129) (Junhua Zhai)
2022-10-26 15:58:08 +08:00
Sumukha Tumkur Vani
dad3f61b88
[Restapi] Update submodule (#12006)
Update with following commits:

Fix missing dependencies and improve dependency management sonic-restapi#123
[Static Route Expiry] Update API contract sonic-restapi#125
[Static Route Expiry] Feature support sonic-restapi#124
Handle IPv6 VNET routes sonic-restapi#127
2022-10-25 15:44:13 -07:00
Devesh Pathak
85e3a81f47
Fix to improve hostname handling (#12064)
* Fix to improve hostname handling
If config_db.json is missing hostname entry, hostname-config.sh ends
up deleting existing entry too and hostname changes to default 'localhost'

* default hostname to 'sonic` if missing in config file
2022-10-25 14:51:02 -07:00
Liu Shilong
81ee9488e8
[action] Use github code scan instead of LGTM. (#12402)
* [action] Add code scan for python
2022-10-25 16:34:07 +08:00
xumia
158371de38
[Ci] clean up the old artifacts in the agent before downloading the new artifacts (#12391)
Ci] clean up the old artifacts in the agent before downloading the new artifacts
2022-10-25 15:45:01 +08:00
xumia
078608e7f0
Add the original docker tag without username (#12472)
Why I did it
Add the original docker tag without username to support some of the docker file not changed build broken issue.
The username suffix only required when the native build feature enabled, but if not enabled, the docker file not necessary to change, the build should be succeeded.
It is to support cisco 202205 build.
2022-10-25 15:31:18 +08:00