Why I did it
[Bookworm] Update platform-modules-dell for Bookworm #16735
How I did it
Modified platform driver to comply with bookworm kernel.
Removed MODULE_SUPPORTED_DEVICE wherever used.
Modified python build commands for building whl packages.
How to verify it
Verify whether all the platform bookworm debs are built.
make target/debs/bookworm/platform-modules-z9100_1.1_amd64.deb
Load the platform debian into the device and install it in bookworm image.
Verify the platform related CLI and the functionality
Why I did it
Update SDK/SAI and FW for Mellanox Platform
How I did it
Update SDK/FW to v4.6.2104/v2012.2104
Fixed Issues:
Some of the Warmboot related files which were created by SDK during switch create are now generated during pre shutdown flow
New Features:
Debian 12 and kernel 6.1 support
Update SAI
New Features:
Auto Fec Support
FDB entries are now restored after warmboot to prevent temporary system flooding.
Minor Enhancement and Bug Fix in integrate-mlnx-sdk
How to verify it
Build Image and run tests
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
Why I did it
Add platform support for Debian 12 (Bookworm) on Mellanox Platform
How I did it
Update hw-management to v7.0030.2008
Deprecate the sfp_count == module_count approach in favour of asic init completion
Ref: Mellanox/hw-mgmt@bf4f593
Add xxd package to base image which is required by hw-management scripts
Add the non-upstream flag into linux kernel cache options
Update the thermalctl logic based on new sysfs attributes
Fix the integrate-mlnx-hw-mgmt script to not populate the arm64 Kconfig
How to verify it
Build kernel and run platform tests
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
Co-authored-by: Junchao-Mellanox <junchao@nvidia.com>
Co-authored-by: Junchao-Mellanox <57339448+Junchao-Mellanox@users.noreply.github.com>
Add a note saying if running on a recent kernel, then Docker 20.10.10 or
newer needs to be used. This is because in Bookworm, glibc will use the
`clone3` syscall, which is not properly handled by Docker's seccomp
filter in versions older than 20.10.10.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Debian changed the defaults of the sudo package to never lecture the
user when using an unauthorized sudo command, which breaks our use case
of lecturing once. Add a line to lecture once, which is the old
defaults.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
systemd changed the log message syntax for a container going down.
Update the regex for the new format.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This fixes lldpcli hitting some error related to being unable to get a
lock on /var/run/lldpd.socket. This version is the version in Debian
Bookworm, even though lldpd is in the lldp container, and that is on
Bullseye. This is because there is a change that went into 1.0.12 that
uses a separate lock file for the lldpd socket instead of locking the
socket file itself. This appears to cause problems in an unprivileged
docker container for unknown reasons (privileged docker container is
fine). Bullseye is on 1.0.11, which isn't new enough to have this
change.
I can't see any specific system capability that might address this.
Rather than debugging this further, just upgrade to the Bookworm
version.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
pam-auth-update doesn't store local configuration, and it's meant to be
used by packages only. Because libpam-systemd was getting uninstalled
afterwards, this caused tacplus to get re-enabled.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
[Nvidia] Enable iproute2 & fix mft build (#16)
* Enable iproute2 as the SDK is also built
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
* [Nvidia] Dont use mkbmdeb method of dkms to build the package
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
* Added linux image to the Depends section of mft
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
[Nvidia] [Bookworm] Separate KERNEL_MFT into a new target (#16782)
* [Nvidia] Seperate KERNEL_MFT into a new target because of kernel header dependency
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
* Update linux-kernel submodule
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
* Fix paralell build problem
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
---------
Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
* sonic-platform-modules-cel: broadcom: adapt for kernel 6.1 and bookworm
The i2c_driver->remove API declaration has been updated to return void instead
of int, as part of cleanup patches in 6.1. More details can be referred from
here: [1]. Update the remove API definition in the modules accordingly and
cleanup variables that go unused from the remove API.
Update python build commands for bookworm. The packaging based on calling
setup.py is deprecated and using build module/pip utility is the recommended
method for python packaging/installation. Further details can be referred to
from here: [2], [3]. The build module is picky about the package information file,
which needs to be either setup.py or pyproject.toml.
Additionally, fix formatting inconsistencies in debian/changelog reported by
`dh_installchangelogs` during the build.
Tested the changes by compiling the changes as below:
make sonic-slave-bash NOBUSTER=1 NOBULLSEYE=1
sudo dpkg -i target/debs/bookworm/linux-headers-6.1.0-11-2-*.deb
cd platform/broadcom/sonic-platform-modules-cel
KVERSION=6.1.0-11-2-amd64 dpkg-buildpackage
Also verified the python scripts under the sonic-platform-modules-cel with
pyflakes to ensure no new errors are flagged (with exception of unused modules).
References:
[1] - https://github.com/torvalds/linux/commit/ed5c2f5f
[2] - https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.htm
[3] - 0b20a4863 (Update Python build commands for Bookworm, 2023-09-07)
Signed-off-by: Ramasamy Chandramouli <rachandr@celestica.com>
* platform/pddf: i2c: adapt for kernel 6.1 and bookworm
* Fixup i2c_driver->remove API due to changes in the function
prototype (ref: [1]).
* Cleanup `MODULE_SUPPORTED_DEVICE` macros that were cleaned up in
the upstream (ref: [2]).
* Sanitize python packaging and installation using the `build` module
instead of calling the setup.py directly (ref: [3]. [4]).
Tested the changes by compiling pddf module as below:
make sonic-slave-bash NOBUSTER=1 NOBULLSEYE=1
sudo dpkg -i target/debs/bookworm/linux-headers-6.1.0-11-2-*.deb
cd platform/pddf/i2c
KVERSION=6.1.0-11-2-amd64 dpkg-buildpackage
References:
[1] - https://github.com/torvalds/linux/commit/ed5c2f5f
[2] - https://github.com/torvalds/linux/commit/6417f031
[2] - https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.htm
[3] - 0b20a4863 (Update Python build commands for Bookworm, 2023-09-07)
Signed-off-by: Ramasamy Chandramouli <rachandr@celestica.com>
* platform/broadcom: include platform-modules-cel in builds
With pddf modules patched for 6.1, platform-modules-cel can be compiled
and included in the final image.
Testing by building sonic-broadcom.bin/sonic-broadcom-dnx.bin.
Signed-off-by: Ramasamy Chandramouli <rachandr@celestica.com>
* pddf/i2c: revert correct rootdir for pip install
The pip install directory has been set to test-pkg1/ for testing the build and
incorrectly retained as is. Revert this to the correct path $(PACKAGE_PRE_NAME).
Signed-off-by: Ramasamy Chandramouli <rachandr@celestica.com>
* platform/broadcom: include pddf/modules-cel in the base package
Without this change, the modules were built but not packaged in the final .bin.
The final sonic-broadcom.bin has been tested for bootup on Celestica's
Silverstone platform.
admin@sonic:~$ uname -a
Linux sonic 6.1.0-11-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-4 (2023-08-08) x86_64 GNU/Linux
admin@sonic:~$ show platform summary
Platform: x86_64-cel_silverstone-r0
HwSKU: Silverstone
ASIC: broadcom
ASIC Count: 1
Serial Number: R4009B2F062504LK200024
Model Number: N/A
Hardware Revision: N/A
admin@sonic:~$ show version | head
SONiC Software Version: SONiC.g0aad6c67c-rachandr
SONiC OS Version: 12
Distribution: Debian 12.2
Kernel: 6.1.0-11-2-amd64
Build commit: 0aad6c67c
Build date: Thu Oct 26 07:13:47 UTC 2023
Built by: rachandr@AZUHPS14
Platform: x86_64-cel_silverstone-r0
Signed-off-by: Ramasamy Chandramouli <rachandr@celestica.com>
---------
Signed-off-by: Ramasamy Chandramouli <rachandr@celestica.com>
Starting with Bookworm, Debian moved the non-free Linux firmware blobs
into a new non-free-firmware component, since they are frequently needed
by users and since they need to be updated frequently. Since the only
thing we currently install from the non-free component (that I can think
of) is the Linux firmware, have Bookworm use non-free-firmware instead
of non-free.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Notable changes:
* Use j2cli from Debian repos instead of pip
* Use setuptools from Debian repos instead of pip
* Use wheel from Debian repos instead of pip
* Update grpcio and grpcio-tools python packages to match version in
Bookworm
* Use m2crypto from Debian repos instead of pip
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This fixes 3 issues:
* Specify test dependencies under extra_requires
* Update the PAM configuration for Bookworm
* Break a cyclical dependency between sonic-host-services and
sonic-buildimage by moving the contents of
src/sonic-host-services-data into sonic-host-services submodule
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This fixes 4 issues:
* Update tabulate to 0.9.0 and deepdiff to 6.2.2
* Specify test dependencies under extra_requires
* Add check_output parameter to the setup function due to the patch
* Fix error about having a mutable default for field headers in
dataclass
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Update test_cfggen_from_yang.py and test_yang_data.json to the current
config_db format, and allow tests for sonic-config-engine to run for
Bookworm.
Also update pyangbind to 0.8.2 for Bookworm to fix an issue with some
classes being moved into a different package.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
The help text printed for sonic-yang-mgmt has slight differences
depending on the package versions. Loosen this check to only check the
options themselves, rather than the surrounding text.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This ordering dependency causes FRR to get built for Bookworm, which we
don't need currently. Skip this by having it apply only to Bookworm.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Newer versions of pip/setuptools don't support test_requires, and the
current standard is to specify any extra dependencies (such as those
required for testing) under extra_requires.
Therefore, specify the testing dependencies under extra_requires. These
can be installed via pip using `pip install '.[testing]'`.
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
In Bookworm's version of setuptools, direct calls to setup.py are
deprecated and no longer guaranteed to work. One of the recommended
commands is to use the `build` python package to build packages, and
call it with `python -m build`. This, by default, builds the packages in
a virtualenv to ensure that only the specified dependencies in setup.py
are needed to build the package. This also extends to running tests,
where directly calling `setup.py test` may not work, and the recommended
alternatives are to either call `pytest` directly, or call `tox` or
`nox.` More details are available at [1].
For SONiC's use case, for building python packages, we cannot build all
Python packages in a virtualenv since there are dependencies that we
would have built earlier, and these packages are not pushed to pypi or
any package registry. (There may be a cleaner approach to this, though,
but I'm not aware of it.) For this reason, the `-n` flag is added to not
build the package in a virtualenv.
For testing, `pytest` is now called instead of `setup.py test`.
[1] https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Changes from Bullseye slave container:
* Python 2 is no longer available at all
* Python 3.11 (instead of Python 3.9)
* GCC 12 (instead of GCC 10)
* Python ipaddr package is no longer available
* OpenJDK 17 (instead of OpenJDK 11)
* Remove doxygen armhf manual compilation (no longer needed)
* Disable FIPS, as the FIPS binaries are currently not yet available
* Install Python setuptools through Debian instead of pip
* Install Python wheel through Debian instead of pip
* Install Python nose through Debian instead of pip
* Install Python j2cli through Debian instead of pip
* Install Python pexpect through Debian instead of pip
* Install Python parameterized through Debian instead of pip
* Install Python pyyaml through Debian instead of pip
* Install Python pyfakefs through Debian instead of pip
* Install Python m2crypto through Debian instead of pip
* Python pympler 1.0 (instead of 0.8)
* Install Python build (as a replacement to setup.py)
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
Fix bug: #17161 (comment)
multi-asic platforms it will never go to the else part as DATABASE_TYPE is always ""
Microsoft ADO (number only): 25072889
Move the checker NAMESPACE_ID == "" back
Signed-off-by: Ze Gan <ganze718@gmail.com>
#### Why I did it
src/sonic-host-services
```
* 50db9d3 - (HEAD -> master, origin/master, origin/HEAD) Move sonic-host-services-data from sonic-buildimage into this repo (3 hours ago) [Saikrishna Arcot]
* 1a9442f - Replace libpam-cracklib with libpam-pwquality (3 hours ago) [Saikrishna Arcot]
* 31590a1 - Fix diff output in test for Python 3 (3 hours ago) [Saikrishna Arcot]
* cc3e330 - Specify test dependencies under extra_requires (3 hours ago) [Saikrishna Arcot]
```
#### How I did it
#### How to verify it
#### Description for the changelog
- Why I did it
Fix the issue with configuration generation from the minigrapth:
- How I did it
Change the default breakout mode for internal ports to the mode that corresponds platfom.json configuration.
- How to verify it
1. Deploy minigraph
2. Run config load_minigraph -y command
Why I did it
HLD implementation: Container Hardening (sonic-net/SONiC#1364)
Work item tracking
Microsoft ADO (number only): 14807420
How I did it
Reduce linux capabilities in privileged flag
How to verify it
Run restapi sonic-mgmt tests on sn4600c
Check container's settings: Privileged is false and container only has default Linux caps, does not have extended caps.
* [Marvell-arm64] Add platform support for rd98DX35xx
This change adds following two variants of rd98DX35xx board to arm64
build.
Board with CPU integrated into the 98DX35xx switching chip:
Platform: arm64-marvell_rd98DX35xx-r0
HwSKU: rd98DX35xx
ASIC: marvell
Port Config: 32x1G + 16x2.5G + 6x25G
Board with external CN9131 CPU connected over PCI to 98DX35xx
switching chip:
Platform: arm64-marvell_rd98DX35xx_cn9131-r0
HwSKU: rd98DX35xx_cn9131
ASIC: marvell
Port Config: 32x1G + 16x2.5G + 6x25G
Change-Id: I21dc9fe972417daaabb20a5bddf7779d72b7972e
Signed-off-by: Pavan Naregundi <pnaregundi@marvell.com>
* Add HWSKU for rd98DX35xx and rd98DX35xx_cn9131
This patch adds new HWSKU's for Marvell arm64 platforms rd98DX35xx
and rd98DX35xx_cn9131.
Change-Id: Id7c14f49f0e304335cc4ca73dcae52362c49d231
Signed-off-by: Pavan Naregundi <pnaregundi@marvell.com>
---------
Signed-off-by: Pavan Naregundi <pnaregundi@marvell.com>
What I did:
In Chassis TSA mode Loopback0 Ip's of each LC's should be advertise through e-BGP peers of each remote LC's
How I did:
- Route-map policy to Advertise own/self Loopback IP to other internal iBGP peers with a community internal_community as define in constants.yml
- Route-map policy to match on above internal_community when route is received from internal iBGP peers and set a internal tag as define in constants.yml and also delete the internal_community so we don't send to any of e-BGP peers
- In TSA new route-map match on above internal tag and permit the route (Loopback0 IP's of remote LC's) and set the community to traffic_shift_community.
- In TSB delete the above new route-map.
How I verify:
Manual Verification
UT updated.
sonic-mgmt PR: sonic-net/sonic-mgmt#10239
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>