Why I did it
Fix CVE-2017-1000487 alert in thrift 0.14.1.
See https://nvd.nist.gov/vuln/detail/CVE-2017-1000487
How I did it
Change the version of org.codehaus.plexus:plexus-utils from 3.0.14 to 3.0.16.
24f505148 [eloop.c]: Increase timeout of signal termination (#62)
2b2c1ad72 [driver_macsec_sonic.c]: Fixbug: a wrong db_wait in delete sa (#61)
Signed-off-by: Ze Gan <ganze718@gmail.com>
#### Why I did it
The default stable version of rsyslog on bullseye has a bug about rate limit. It causes rate limit not work. The bug has been fixed on backport version 8.2206.0-1~bpo11+1.
Buster has no such issue.
#### How I did it
Upgrade rsyslog from 8.2110.0 to 8.2206.0-1~bpo11+1
#### How to verify it
Manual test
*The initial commit for the P4RT docker hard coded all the flags which makes it difficult to configure at runtime. Reading them from the CONFIG_DB allows for more flexibility.
Why I did it
Building docker-sonic-vs requires dependencies installed in sonic-slave-buster
How I did it
Add libs to sonic-slave-buster and sonic-slave-bullseye
How to verify it
Check files
*Preventing ebtables rules to be applied on KVM image. The ebtables rules in SONiC are added to prevent ARP as well as L2 forwarding to be blocked in linux kernel since the hardware will take care of the actual L2 forward. However this is not the case with KVM where linux needs to forward even L2 packets
Why I did it
Upgrade sonic fips packages to version 0.2
Upgrade openssl version from 1.1.1k-1+deb11u1+fips to 1.1.1n-0+deb11u3+fips
Upgrade openssh version from 8.4p1-5+fips to 8.4p1-5+deb11u1+fips
How I did it
Change the makefile.
ping command is not working inside PMON docker (bullseye)
Use case: chassisd checks for module reachability inside PMON for "show chassis modules midplane-status" CLI, and on Cisco chassis, this uses ping command to check network reachability
#### Why I did it
Fix docker-database flush_unused_database failed issue: https://github.com/Azure/sonic-buildimage/issues/11597
When change flush_unused_database from use swsssdk to use swsscommon, get_instancelist() and get_dblist() name changed but not update.
#### How I did it
Change flush_unused_database code to use swsscommon API:
Change get_instancelist to getInstanceList.
Change get_dblist to getDbList.
#### How to verify it
Pass all E2E test.
Manually check syslog make sure error log not exist and swss, syncd, bgp service started.
Search code in Azure make sure there all similer case are fixed in this PR.
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Fix docker-database flush_unused_database failed issue: https://github.com/Azure/sonic-buildimage/issues/11597
When change flush_unused_database from use swsssdk to use swsscommon, get_instancelist() and get_dblist() name changed but not update.
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
#### Why I did it
Update bgpmon.py from py-swsssdk to swsscommon
#### How I did it
Change bgpmon.py to use swsscommon.
#### How to verify it
Pass all E2E test case
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111
- [ ] 202205
#### Description for the changelog
Update bgpmon.py from py-swsssdk to swsscommon
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
To reduce rc.local script execution time. Porting changes from [DellEMC] S6100 Platform Service optimization #10989
Changes:
Moving platform-modules-s6100.service and s6100-lpc-monitor.service asynchronous to rc.local script.
#### Why I did it
Submodule update for sonic-swss-common with following change:
```
2247dbe 2022-08-01 | Fix memory leak issue in ConfigDBConnector. (#655) [Hua Liu]
4af97d6 2022-07-27 | Add new table schemas for DASH (#654) [prabhataravind]
d72e5ea 2022-07-23 | Fix epoll and socket resource leak issue. (#651) [Hua Liu]
dda857b 2022-07-21 | Microsoft mandatory file (#620) [microsoft-github-policy-service[bot]]
4132d14 2022-07-21 | Fix PING database command not backward compatible with python version issue. (#650) [Hua Liu]
```
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
#### Description for the changelog
Submodule update for sonic-swss-common with following change:
```
2247dbe 2022-08-01 | Fix memory leak issue in ConfigDBConnector. (#655) [Hua Liu]
4af97d6 2022-07-27 | Add new table schemas for DASH (#654) [prabhataravind]
d72e5ea 2022-07-23 | Fix epoll and socket resource leak issue. (#651) [Hua Liu]
dda857b 2022-07-21 | Microsoft mandatory file (#620) [microsoft-github-policy-service[bot]]
4132d14 2022-07-21 | Fix PING database command not backward compatible with python version issue. (#650) [Hua Liu]
```
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
#### Why I did it
The %%EXTRA_CMDLINE_LINUX%% is not replaced to the real value, it has impact on the kernel parameter settings.
See the log sonic-vs.img.gz.log in the latest master build. In the grub.cfg, the %%EXTRA_CMDLINE_LINUX%% is set in the linux command line.
```
Installing for i386-pc platform.
Installation finished. No error reported.
Switch CPU vendor is: GenuineIntel
Switch CPU cstates are: disabled
EXTRA_CMDLINE_LINUX=%%EXTRA_CMDLINE_LINUX%%
Installed SONiC base image SONiC-OS successfully
ONIE: NOS install successful: file://dev/vdb/onie-installer.bin
```
#### Why I did it
To support Yang models for SRV6 CM
#### How I did it
Added yang models for SRV6 MY_SID_ENTRY and Nexthop
#### How to verify it
Added SRV6 CRM yang tests.
#### Which release branch to backport (provide reason below if selected)
202111
#### Why I did it
Submodule update for sonic-dbsyncd with following change:
```
0d67faf 2022-07-28 | Replace pyswsssdk with sonic-py-common (#45) [Hua Liu]
265c833 2022-01-11 | Updated the Azure pipeline for Code Coverage (#44) [abdosi]
6548116 2021-04-04 | [ci]: add proper azp [Guohan Lu]
43b9dab 2021-04-04 | [pytest]: add pytest.ini [Guohan Lu]
```
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
#### Description for the changelog
Submodule update for sonic-dbsyncd with following change:
```
0d67faf 2022-07-28 | Replace pyswsssdk with sonic-py-common (#45) [Hua Liu]
265c833 2022-01-11 | Updated the Azure pipeline for Code Coverage (#44) [abdosi]
6548116 2021-04-04 | [ci]: add proper azp [Guohan Lu]
43b9dab 2021-04-04 | [pytest]: add pytest.ini [Guohan Lu]
```
#### A picture of a cute animal (not mandatory but encouraged)
Co-authored-by: liuh-80 <azureuser@liuh-dev-vm-02.5fg3zjdzj2xezlx1yazx5oxkzd.hx.internal.cloudapp.net>
What I did:
Added bgp as a dependent of swss
Why I did it:
bgp container was not restarting on swss crash. When swss crashes, linkmgrd
doesn't initate a switchover because it cannot access the default route from
orchagent. Bringing down bgp with swss will isolate the ToR, causing linkmgrd
to initiate a switchover to the peer ToR avoiding significant packet loss.
How I did it:
Added bgp to DEPENDENT
Signed-off-by: Nikola Dancejic <ndancejic@microsoft.com>
Why I did it
The bgpcfgd doesn't support deletion of 'zebra set src', if an interface is deleted, the bgpcfgd will drop a warning message. In current implementation, we only care about the loopback0 interface but not others.
To improve the log print to have the key info, which will give the name of the deleted interface. We can ignore it if it is not the loopback0 interface. The application layer should be aware of that update and deletion is not supported, delete or update with a new address of loopback0 could cause issue, this log can give enough info to root cause the issue.
How I did it
How to verify it
this upgrade contains two changes:
1. Add the following MacSec Initialization Condition:
- When MacSec feature is not included MacSec block should not be brought out of reset irrespective of the value of the newly added config variable.
- When included its initialization is controlled by the newly added config variable.
2. DNX buf fix: increase _BRCM_SAI_MAX_ACL_TABLES to 128
Signed-off-by: zitingguo <zitingguo@microsoft.com>
Upgrade submodule sairedis to take the fix for saithrift build
Upgrade SAI to latest for building in bullseye (#1093)
involve other changes in sairedis:
[sairedis] Fix reopen recoding file (#1087)
Update PN with XPN support (#1081)
[syncd] Remove error message when tryTranslateVidToRid fails (#1048)
Signed-off-by: richardyu-ms <richard.yu@microsoft.com>
Spanning from sonic-net/sonic-linkmgrd#76, this PR is to update warm restart finalizer to wait for linkmgrd to be reconciled.
sign-off: Jing Zhang zhangjing@microsoft.com
Why I did it
To make sure finalizer save config after linkmgrd's reconciliation.
How I did it
Add linkmgrd to the reconciliation wait list of warmboot finalizer.
How to verify it
Verified on lab device, linkmgrd reconciled as expected.
A change in sonic-utilities makes all cache files be saved into a
/tmp/cache. On swss restart this cache has to be removed in case swss
starts in cold or fast mode. A related cache restoration in the warmboot
finalizer script is also updated to use new location.
- Why I did it
To fix#9817. Clear the cache directory on swss.sh except for warm start.
Also, adopted finalize-warmboot script to take the cache directory.
- How I did it
A change in sonic-utilities makes all cache files be saved into a /tmp/cache. On swss restart this cache has to be removed in case swss starts in cold or fast mode. A related cache restoration in the warmboot finalizer script is also updated to use new location.
- How to verify it
Run togather with Azure/sonic-utilities#2232. Verify counters cache is removed on config reload, cold/fast reboots, swss restart.
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
feeac84 [counters] Keep counters cache in a single directory (#2232)
cd7909e Updated the CLI file for Radius and Linux kernel commands (#2276)
cd6898b Update db_migrator to support `PORT_QOS_MAP|global` (#2205)
8f4fc62 Revert "Revert "[scripts/fast-reboot] Shutdown remaining containers through systemd (#2133)" (#2161)" (#2184)
27667cf Fix test for pfcwd_sw_enable in db_migrator_test (#2253)
e1866e3 [MultiAsic] sudo reboot command doesn't gracefully stop Asic syncd# on multiasic platform (#2258)
9e3ba82 Change db_migrator major version on master branch from version 2 to 3 (#2272)
65346ce Microsoft mandatory file (#2177)
308e25f portconfig option to configure Tx power and laser frequency of ZR transceiver module (#2197)
e49b1e8 [vnet_route_check] Align DB data parse logic with format used by swsscommon API (#2268)
Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
Why I did it:
To fix hlx platform sfp+ module tx disable issue
How I did it:
Fix sfp+ tx disable function according SFF-8472 specification
Co-authored-by: Eric Zhu <erzhu@celestica.com>
Fix in Monit memory_checker plugin. Skip fetching running containers if docker engine is down (can happen in deinit).
This PR fixes issue #11472.
Signed-off-by: liora liora@nvidia.com
Why I did it
In the case where Monit runs during deinit flow, memory_checker plugin is fetching the running containers without checking if Docker service is still running. I added this check.
How I did it
Use systemctl is-active to check if Docker engine is still running.
How to verify it
Use systemctl to stop docker engine and reload Monit, no errors in log and relevant print appears in log.
Which release branch to backport (provide reason below if selected)
The fix is required in 202205 and 202012 since the PR that introduced the issue was cherry picked to those branches (#11129).
Why I did it
Require multi-asic VS tests to be run during PR checks and merges in master branch.
How I did it
Add job to run multi-asic VS tests in sonic-buildimage pipeline. Currently pipeline will run basic bgp fact test to ensure the testbed comes up, load minigraph works and bgp sessions are up.
Use new multi-asic VS agent pool sonictest-ma in official-multi-asic-vs pipeline
Make multi-asic VS test optional for now. There are two known issues:
Announce route failure during refresh-dut in setup testbed stage.
bgp sessions not getting established.
How to verify it
Tested using test azure pipelines.
Why I did it
Enable syncd container autorestart for Innovium platforms
How I did it
Add critical_process file and sypervisord.conf entry
How to verify it
Tested with autorestart/test_container_autorestart.py::test_containers_autorestart
PASSED autorestart/test_container_autorestart.py::test_containers_autorestart[sonic-xxx-dut-sonic-xxx-dut|syncd]
Signed-off-by: rck-innovium rck@innovium.com
What I did:
Following changes done for packet based chassis:-
1> Run arp_update on LC's to resolve static route nexthops over backend
port-channel interfaces.
2> On Supervisor make sure arp_update exit gracefully
Why I did it
Not all build environments have passwordless sudo enabled for all users
How I did it
Instead of using sudo to delete fsroot directories, mount them in a small, temporary docker container and delete them from there
How to verify it
Build in an environment where the build user does not have passwordless sudo enabled and confirm that no sudo password prompts are seen
Why I did it
This PR is to backport PR #11056 and PR #11045 into master branch.
This PR is to enable tunnel_qos_remap on T1 and T0 in DualToR deployment.
On T1, we check the property DownstreamRedundancyTypes. On T0, we check the property RedundancyType.
tunnel_qos_remap is set to enabled if gemini is in DownstreamRedundancyTypes (on T1) or RedundancyType (on T0).
How I did it
The change is implemented in minigraph.py.
How to verify it
Verified by test_minigraph_case.py and 'test_j2files.py`.
sonic-platform-daemon submodule update
005ec30 [ycabled] remove some redundant logging for active-active cable type (#274)
e889625 [ycabled][grpc] Fix some time interval,options for grpc keep alive to work (#271)
1651050 [ycabled] add some retry logic for gRPC channel setup;fix no channel gRPC notification (#269)
7c0be24 [CMIS]Improved 400G link bring up sequence (#254)
df447b4 [ycabled] Fix the init values for active-active ports (#266)
ec84af4 [sonic-ycabled] fix grpc logic for timeout,cli HWSTATUS value retrival logic for active-active cable (#264)
Co-authored-by: Jaganathan Anbalagan <jaganbal@cisco.com>