Bringing changes from sonic-build image #41
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…automatically (sonic-net#15549) #### Why I did it src/sonic-mgmt-framework ``` * 4a2ff41 - (HEAD -> master, origin/master, origin/HEAD) [actions] Support Semgrep by Github Actions (sonic-net#116) (5 hours ago) [Mai Bui] ``` #### How I did it #### How to verify it #### Description for the changelog
…ically (sonic-net#15547) #### Why I did it src/sonic-dbsyncd ``` * e4ac906 - (HEAD -> master, origin/master, origin/HEAD) [actions] Support Semgrep by Github Actions (sonic-net#59) (7 hours ago) [Mai Bui] ``` #### How I did it #### How to verify it #### Description for the changelog
sonic-net#15546) #### Why I did it src/linkmgrd ``` * 4bda49b - (HEAD -> master, origin/master, origin/HEAD) [actions] Support Semgrep by Github Actions (sonic-net#210) (7 hours ago) [Mai Bui] ``` #### How I did it #### How to verify it #### Description for the changelog
…ly (sonic-net#15545) #### Why I did it src/dhcprelay ``` * c36b8e3 - (HEAD -> master, origin/master, origin/HEAD) [actions] Support Semgrep by Github Actions (sonic-net#39) (7 hours ago) [Mai Bui] ``` #### How I did it #### How to verify it #### Description for the changelog
- Why I did it To fix hiredis compilation - How I did it Changed package version: 0.14.0-3~bpo9+1 -> 0.14.1-1 - How to verify it make configure PLATFORM=mellanox make target/sonic-mellanox.bin Signed-off-by: Nazarii Hnydyn <[email protected]>
Why I did it Graceful restart is a key event for bgpd, related log print is debug level. To change it to info level to get more visibilities when this kind of event is triggered. Work item tracking Microsoft ADO (13875291): How I did it To create patch file to change from debug level to info level. How to verify it To run PR test and capture the print.
…e latest HEAD automatically (sonic-net#15556)
…utomatically (sonic-net#15548) #### Why I did it src/sonic-host-services ``` * 508d642 - (HEAD -> master, origin/master, origin/HEAD) [actions] Support Semgrep by Github Actions (sonic-net#67) (31 hours ago) [Mai Bui] ``` #### How I did it #### How to verify it #### Description for the changelog
#### Why I did it Need new changes that were added to gnxi inside ptf docker ##### Work item tracking - Microsoft ADO **(number only)**: 17747466 #### How I did it Update commit number #### How to verify it Pipeline
…tically (sonic-net#15565) #### Why I did it src/sonic-sairedis ``` * 14a863a - (HEAD -> master, origin/master, origin/HEAD) [warmboot] Add workaround for `INIT_VIEW` failure (sonic-net#1252) (5 hours ago) [Jing Zhang] * abb02a5 - [actions] Support Semgrep by Github Actions (sonic-net#1254) (2 days ago) [Mai Bui] ``` #### How I did it #### How to verify it #### Description for the changelog
…sion supported by py2 (sonic-net#15472) Why I did it Current docker-sonic-mgmt build is broken. So below are two fixes which can help in mitigating the same. PYAML - Download a specific version in python2 as after https://pypi.org/project/pyaml/23.5.5/ there was support only for python3. This update happened on May 5th. And consequently all daily builds after this changes https://dev.azure.com/mssonic/build/_build/results?buildId=266733&view=results (starting build to break) kept failing Azure-CLI - this can be downloaded by apt-get repository. So modify as an improvement. Work item tracking Microsoft ADO (number only): [Build] fix docker-sonic-mgmt build sonic-net#15567 How I did it By manually checking the release notes of pyaml and install azure-cli in newly installed docker container using apt-get How to verify it You can run below commands to validate: make configure PLATFORM=generic make target/docker-sonic-mgmt.gz Second line would fail without the commit.
…nic-net#15252) * [Arista][x86_64-arista_7050_qx32] Add Components to platform.json Signed-off-by: vaibhav dahiya <[email protected]> * fix comment Signed-off-by: vaibhav dahiya <[email protected]> * fix comment Signed-off-by: vaibhav dahiya <[email protected]> * reformat Signed-off-by: vaibhav dahiya <[email protected]> --------- Signed-off-by: vaibhav dahiya <[email protected]>
- Why I did it Add support for static DNS configuration. According to sonic-net/SONiC#1262 HLD. - How I did it Add a new resolv-config.service that is responsible for transferring configuration from Config DB into /etc/resolv.conf file that is consumed by various subsystems in Linux to resolve domain names into IP addresses. - How to verify it Run the image compilation. Each component related to the static DNS feature is covered with the unit tests. Run sonic-mgmt tests. Static DNS feature will be covered with the system tests. Install the image and run manual tests.
#### Why I did it Avoid 'sscanf()' for number conversions. Its use can lead to undefined behavior, slow processing, and integer overflows. Instead prefer the 'strto*()' family of functions. #### How I did it replace sscanf with strtol #### How to verify it Manual test
#### Why I did it Docker best practices prefer COPY to ADD https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy ##### Work item tracking - Microsoft ADO **(number only)**: 17418730 #### How I did it Use the COPY command as opposed to ADD unless working with a tar file.
… contain front panel ports (sonic-net#14814) * [chassis][lldp] Fix the lldp error log in host instance which doesn't contain front pannel ports --------- Signed-off-by: mlok <[email protected]>
Add yang model for MUX_LINKMGR|LINK_PROBER table. sign-off: [email protected]
…utomatically (sonic-net#15591) #### Why I did it src/sonic-host-services ``` * eab4a9e - (HEAD -> master, origin/master, origin/HEAD) [hostcfgd][dns] Subscribe to DNS_NAMESERVER table to react to static DNS configuration changes. (sonic-net#49) (2 days ago) [Oleksandr Ivantsiv] ``` #### How I did it #### How to verify it #### Description for the changelog
…ue (sonic-net#15621) Force merge to work around the az-cli installation issue.
#### Why I did it To fix the timezone sync issue between the containers and the host. If a certain timezone has been configured on the host (SONIC) then the expectation is to reflect the same across all the containers. This will fix [Issue:13046](sonic-net#13046). For instance, a PST timezone has been set on the host and if the user checks the link flap logs (inside the FRR), it shows the UTC timestamp. Ideally, it should be PST.
…lly (sonic-net#15520) #### Why I did it src/sonic-gnmi ``` * 01fe667 - (HEAD -> master, origin/master, origin/HEAD) Merge pull request sonic-net#134 from FengPan-Frank/fenpan_dialout_rename (3 days ago) [Feng-msft] |\ | * 994c69c - Rename --enable-dialout option into ENABLE_DIALOUT to follow the convention. (3 days ago) [Feng Pan] |/ * a9126da - Update makefile to support armhf (sonic-net#132) (3 days ago) [ganglv] * 0d80c0d - prevent potential panic: return immediately if there exists error (sonic-net#113) (7 days ago) [Mai Bui] * 3c0fca3 - Merge pull request sonic-net#131 from FengPan-Frank/fenpan_dialout (7 days ago) [Feng-msft] |\ | * c3d3266 - Add build flag into gnmi as --enable-dialout. (8 days ago) [Feng Pan] |/ * fd78c42 - add semgrep (sonic-net#126) (2 weeks ago) [Mai Bui] * 214fa1c - TranslClient: Use new translib subscription APIs (sonic-net#122) (3 weeks ago) [Sachin Holla] * 87d8eb3 - (origin/202305) TranslClient: use PathValidator to sanitize the request paths (sonic-net#112) (3 weeks ago) [Sachin Holla] ``` #### How I did it #### How to verify it #### Description for the changelog
Update sonic-utilities submodule pointer to include the following: * ff380e04 [hash]: Implement GH frontend ([sonic-net#2580](sonic-net/sonic-utilities#2580)) * 61bad064 [db_migrator] Set correct CURRENT_VERSION, extend UT ([sonic-net#2895](sonic-net/sonic-utilities#2895)) * 6b8ee47c [CLI][Show][BGP] Show BGP Change for no neighbor scenario ([sonic-net#2885](sonic-net/sonic-utilities#2885)) * 73d8d633 [doc] Update Command-Reference.md, change show bgp peer command to show bfd peer ([sonic-net#2750](sonic-net/sonic-utilities#2750)) * 7bc08c28 [db_migrator] Remove hardcoded config and migrate config from minigraph ([sonic-net#2887](sonic-net/sonic-utilities#2887)) * b1aa9426 [generate_dump]: Enhance show techsupport for Marvell platform ([sonic-net#2676](sonic-net/sonic-utilities#2676)) * 316b14c0 Add support for secure upgrade ([sonic-net#2698](sonic-net/sonic-utilities#2698)) * dc2945bc [dns] Implement config and show commands for static DNS. ([sonic-net#2737](sonic-net/sonic-utilities#2737)) * 8414a709 [chassis][multi asic] change acl_loader to use tcp socket for db communication ([sonic-net#2525](sonic-net/sonic-utilities#2525)) * 0b629ba1 Revert [chassis][voq] Clear fabric counters queue/port (2789) ([sonic-net#2882](sonic-net/sonic-utilities#2882)) * 3ba8241a [db_migtrator] Add migration of FLEX_COUNTER_DELAY_STATUS during 1911->master upgrade + fast-reboot. Add UT. ([sonic-net#2839](sonic-net/sonic-utilities#2839)) * fceef2ed [chassis][voq] Clear fabric counters queue/port ([sonic-net#2789](sonic-net/sonic-utilities#2789)) Signed-off-by: dgsudharsan <[email protected]>
…lly (sonic-net#15785) #### Why I did it src/sonic-swss ``` * 776af62c - (HEAD -> master, origin/master, origin/HEAD) [CodeQL]: Use dependencies with relevant versions in azp template. (sonic-net#2845) (4 hours ago) [Nazarii Hnydyn] ``` #### How I did it #### How to verify it #### Description for the changelog
…atically (sonic-net#15456) #### Why I did it src/sonic-utilities ``` * ff380e04 - (HEAD -> master, origin/master, origin/HEAD) [hash]: Implement GH frontend (sonic-net#2580) (13 hours ago) [Nazarii Hnydyn] * 61bad064 - [db_migrator] Set correct CURRENT_VERSION, extend UT (sonic-net#2895) (4 days ago) [Vadym Hlushko] * 6b8ee47c - [CLI][Show][BGP] Show BGP Change for no neighbor scenario (sonic-net#2885) (6 days ago) [Dev Ojha] * 73d8d633 - [doc] Update Command-Reference.md, change "show bgp peer" command to "show bfd peer" (sonic-net#2750) (11 days ago) [PinghaoQu] * 7bc08c28 - [db_migrator] Remove hardcoded config and migrate config from minigraph (sonic-net#2887) (11 days ago) [Vaibhav Hemant Dixit] * b1aa9426 - [generate_dump]: Enhance show techsupport for Marvell platform (sonic-net#2676) (11 days ago) [pavannaregundi] * 316b14c0 - Add support for secure upgrade (sonic-net#2698) (2 weeks ago) [ycoheNvidia] * dc2945bc - [dns] Implement config and show commands for static DNS. (sonic-net#2737) (2 weeks ago) [Oleksandr Ivantsiv] * 8414a709 - [chassis][multi asic] change acl_loader to use tcp socket for db communication (sonic-net#2525) (2 weeks ago) [Arvindsrinivasan Lakshmi Narasimhan] * 0b629ba1 - Revert "[chassis][voq] Clear fabric counters queue/port (sonic-net#2789)" (sonic-net#2882) (3 weeks ago) [RoRonoa] * 3ba8241a - [db_migtrator] Add migration of FLEX_COUNTER_DELAY_STATUS during 1911->master upgrade + fast-reboot. Add UT. (sonic-net#2839) (4 weeks ago) [Vadym Hlushko] * fceef2ed - [chassis][voq] Clear fabric counters queue/port (sonic-net#2789) (4 weeks ago) [jfeng-arista] ``` #### How I did it #### How to verify it #### Description for the changelog
) Why I did it port_config.ini and hwsku.json are needed to generate the default config switch_type needs to be "dpu" to spawn the right set of processes during dvs initialization and to make sure that DASH APIs can be handled properly Work item tracking Microsoft ADO 24375371: How I did it Use the same hwsku.json and port_config.ini for DPU-2P as the ones used for Nvidia-MBF2H536C SKU in nvidia-sonic sonic-buildimage repo. Set switch_type to "dpu" in DEVICE_METADATA configuration to make sure DASH specific APIs are handled properly Signed-off-by: Prabhat Aravind <[email protected]>
#### Why I did it Failed to build sonic-dhcp6relay_1.0.0-0_amd64.deb #### How I did it src/dhcprelay has git submodule. Dependency files by "git ls-files" are not picked files in submodules. Add --recurse-submodules, work again. #### How to verify it make all
#### Why I did it Support reset factory in Sonic OS [Reset Factory HLD](sonic-net/SONiC#1231) [Sonic-mgmt tests](sonic-net/sonic-mgmt#7652) #### How I did it - Added new script "/usr/bin/reset-factory" * It generates a new config_db.json files with factory configurations * It clears system files and logs * It removes all docker containers on system except database * It clears non-default users and restores default users password - Dump the default users info to a new file during build "/etc/sonic/default_users.json" - Supported new type "Keep-basic" in "config-setup factory" - Add new conf file for config-setup "/etc/config-setup/config-setup.conf #### How to verify it - Run reset-factory script with all types: < none | keep-all-config | only-config | keep-basic > - Run config-setup factory with parameters < none | keep-basic > #### Description for the changelog Support reset factory in Sonic OS #### Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.
…atically (sonic-net#15798) #### Why I did it src/sonic-utilities ``` * 7ca31477 - (HEAD -> master, origin/master, origin/HEAD) [db_migrator] Set docker_routing_config_mode to the value obtained from minigraph parser (sonic-net#2890) (10 hours ago) [Vaibhav Hemant Dixit] ``` #### How I did it #### How to verify it #### Description for the changelog
… automatically (sonic-net#15797) #### Why I did it src/sonic-platform-common ``` * 465f95e - (HEAD -> master, origin/master, origin/HEAD) Default implementation of under/over speed checks (sonic-net#382) (9 hours ago) [spilkey-cisco] ``` #### How I did it #### How to verify it #### Description for the changelog
…tomatically (sonic-net#15782) #### Why I did it src/sonic-linux-kernel ``` * d070cae - (HEAD -> master, origin/master, origin/HEAD) arm64: dts: marvell: Add Nokia 7215-IXS-A1 board (sonic-net#321) (34 hours ago) [Pavan-Nokia] ``` #### How I did it #### How to verify it #### Description for the changelog
…onic-net#15487) Modify snmpd.conf to start snmpd to listen on specific management and loopback ips instead of listening on any ip. #### Why I did it SNMP over IPv6 is not working for all scenarios for a single asic platforms. The expectation is that SNMP query over IPv6 should work over Management or Loopback0 addresses. **Specific scenario where this issue is seen** In case of Lab T0 device, when SNMP request is sent from a directly connected T1 neighbor over Loopback IP, SNMP response was not received. This was because the SRC IP address in SNMP response was not Loopback IP, it was the PortChannel IP connected to the neighboring device. ``` 23:18:51.620897 In 22:26:27:e6:e0:07 ethertype IPv6 (0x86dd), length 105: fc00::72.41725 > **fc00:1::32**.161: C="msft" **GetRequest**(28) .1.3.6.1.2.1.1.1.0 23:18:51.621441 Out 28:99:3a:a0:97:30 ethertype IPv6 (0x86dd), length 241: **fc00::71**.161 > fc00::72.41725: C="msft" **GetResponse**(162) .1.3.6.1.2.1.1.1.0="SONiC Software Version: SONiC.xxx - HwSku: xx - Distribution: Debian 10.13 - Kernel: 4.19.0-12-2-amd64" ``` In case of IPv4, the SRC IP in SNMP response was correctly set to Loopback IP. ``` 23:25:32.769712 In 22:26:27:e6:e0:07 ethertype IPv4 (0x0800), length 85: 10.0.0.57.56701 > **10.1.0.32**.161: C="msft" **GetRequest**(28) .1.3.6.1.2.1.1.1.0 23:25:32.975967 Out 28:99:3a:a0:97:30 ethertype IPv4 (0x0800), length 221: **10.1.0.32**.161 > 10.0.0.57.56701: C="msft" **GetResponse**(162) .1.3.6.1.2.1.1.1.0="SONiC Software Version: SONiC.xxx - HwSku: xx - Distribution: Debian 10.13 - Kernel: 4.19.0-12-2-amd64" ``` **Sequence of SNMP request and response** 1. SNMP request will be sent with SRC IP fc00::72 DST IP fc00:1::32 2. SNMP request is received at SONiC device is sent to snmpd which is listening on port 161 :::161/ 3. snmpd process will parse the request create a response and sent to DST IP fc00::72. snmpd process does not track the DST IP on which the SNMP request was received, which in this case is Loopback IP. snmpd process will only keep track what is tht IP to which the response should be sent to. 4. snmpd process will send the response packet. 5. Kernel will do a route look up on destination IP and find the best path. ip -6 route get fc00::72 fc00::72 from :: dev PortChannel101 proto kernel src fc00::71 metric 256 pref medium 5. Using the "src" ip from about, the response is sent out. This SRC ip is that of the PortChannel and not the device Loopback IP. The same issue is seen when SNMP query is sent from a remote server over Management IP. SONiC device eth0 --------- Remote server SNMP request comes with SRC IP <Remote_server> DST IP <Mgmt IP> If kernel finds best route to Remote_server_IP is via BGP neighbors, then it will send the response via front-panel interface with SRC IP as Loopback IP instead of Management IP. Main issue is that in case of IPv6, snmpd ignores the IP address to which SNMP request was sent, in case of IPv6. In case of IPv4, snmpd keeps track of DST IP of SNMP request, it will keep track if the SNMP request was sent to mgmt IP or Loopback IP. Later, this IP is used in ipi_spec_dst as SRC IP which helps kernel to find the route based on DST IP using the right SRC IP. https://github.com/net-snmp/net-snmp/blob/master/snmplib/transports/snmpUDPBaseDomain.c#L300 ipi.ipi_spec_dst.s_addr = srcip->s_addr Reference: https://man7.org/linux/man-pages/man7/ip.7.html ``` If IP_PKTINFO is passed to sendmsg(2) and ipi_spec_dst is not zero, then it is used as the local source address for the routing table lookup and for setting up IP source route options. When ipi_ifindex is not zero, the primary local address of the interface specified by the index overwrites ipi_spec_dst for the routing table lookup. ``` **This issue is not seen on multi-asic platform, why?** on multi-asic platform, there exists different network namespaces. SNMP docker with snmpd process runs on host namespace. Management interface belongs to host namespace. Loopback0 is configured on asic namespaces. Additional inforamtion on how the packet coming over Loopback IP reaches snmpd process running on host namespace: sonic-net#5420 Because of this separation of network namespaces, the route lookup of destination IP is confined to routing table of specific namespace where packet is received. if packet is received over management interface, SNMP response also is sent out of management interface. Same goes with packet received over Loopback Ip. ##### Work item tracking - Microsoft ADO **17537063**: #### How I did it Have snmpd listen on specific Management and Loopback IPs specifically instead of listening on any IP for single-asic platform. Before Fix ``` admin@xx:~$ sudo netstat -tulnp | grep 161 udp 0 0 0.0.0.0:161 0.0.0.0:* 15631/snmpd udp6 0 0 :::161 :::* 15631/snmpd ``` After fix ``` admin@device:~$ sudo netstat -tulnp | grep 161 udp 0 0 10.1.0.32:161 0.0.0.0:* 215899/snmpd udp 0 0 10.3.1.1:161 0.0.0.0:* 215899/snmpd udp6 0 0 fc00:1::32:161 :::* 215899/snmpd udp6 0 0 fc00:2::32:161 :::* 215899/snmpd ``` **How this change helps with the issue?** To see snmpd trace logs, modify snmpd to start using the below parameters, in supervisord.conf file ``` /usr/sbin/snmpd -f -LS0-7i -Lf /var/log/snmpd.log ``` When snmpd listens on any IP, snmpd binds to IPv4 and IPv6 sockets as below: ``` netsnmp_udpbase: binding socket: 7 to UDP: [0.0.0.0]:0->[0.0.0.0]:161 trace: netsnmp_udp6_transport_bind(): transports/snmpUDPIPv6Domain.c, 303: netsnmp_udpbase: binding socket: 8 to UDP/IPv6: [::]:161 ``` When IPv4 response is sent, it goes out of fd 7 and IPv6 response goes out of fd 8. When IPv6 response is sent, it does not have the right SRC IP and it can lead to the issue described. When snmpd listens on specific Loopback/Management IPs, snmpd binds to different sockets: ``` trace: netsnmp_udpipv4base_transport_bind(): transports/snmpUDPIPv4BaseDomain.c, 207: netsnmp_udpbase: binding socket: 7 to UDP: [0.0.0.0]:0->[10.250.0.101]:161 trace: netsnmp_udpipv4base_transport_bind(): transports/snmpUDPIPv4BaseDomain.c, 207: netsnmp_udpbase: binding socket: 8 to UDP: [0.0.0.0]:0->[10.1.0.32]:161 trace: netsnmp_register_agent_nsap(): snmp_agent.c, 1261: netsnmp_register_agent_nsap: fd 8 netsnmp_udpbase: binding socket: 10 to UDP/IPv6: [fc00:1::32]:161 trace: netsnmp_register_agent_nsap(): snmp_agent.c, 1261: netsnmp_register_agent_nsap: fd 10 netsnmp_ipv6: fmtaddr: t = (nil), data = 0x7fffed4c85d0, len = 28 trace: netsnmp_udp6_transport_bind(): transports/snmpUDPIPv6Domain.c, 303: netsnmp_udpbase: binding socket: 9 to UDP/IPv6: [fc00:2::32]:161 ``` When SNMP request comes in via Loopback IPv4, SNMP response is sent out of fd 8 ``` trace: netsnmp_udpbase_send(): transports/snmpUDPBaseDomain.c, 511: netsnmp_udp: send 170 bytes from 0x5581f2fbe30a to UDP: [10.0.0.33]:46089->[10.1.0.32]:161 on fd 8 ``` When SNMP request comes in via Loopback IPv6, SNMP response is sent out of fd 10 ``` netsnmp_ipv6: fmtaddr: t = (nil), data = 0x5581f2fc2ff0, len = 28 trace: netsnmp_udp6_send(): transports/snmpUDPIPv6Domain.c, 164: netsnmp_udp6: send 170 bytes from 0x5581f2fbe30a to UDP/IPv6: [fc00::42]:43750 on fd 10 ``` #### How to verify it Verified on single asic and multi-asic devices. Single asic SNMP query with Loopback ``` ARISTA01T1#bash snmpget -v2c -c xxx 10.1.0.32 1.3.6.1.2.1.1.1.0 SNMPv2-MIB::sysDescr.0 = STRING: SONiC Software Version: SONiC.xx - HwSku: Arista-7260xx - Distribution: Debian 10.13 - Kernel: 4.19.0-12-2-amd64 ARISTA01T1#bash snmpget -v2c -c xxx fc00:1::32 1.3.6.1.2.1.1.1.0 SNMPv2-MIB::sysDescr.0 = STRING: SONiC Software Version: SONiC.xx - HwSku: Arista-7260xxx - Distribution: Debian 10.13 - Kernel: 4.19.0-12-2-amd64 ``` On multi-asic -- no change. ``` sudo netstat -tulnp | grep 161 udp 0 0 0.0.0.0:161 0.0.0.0:* 17978/snmpd udp6 0 0 :::161 :::* 17978/snmpd ``` Query result using Loopback IP from a directly connected BGP neighbor ``` ARISTA01T2#bash snmpget -v2c -c xxx 10.1.0.32 1.3.6.1.2.1.1.1.0 SNMPv2-MIB::sysDescr.0 = STRING: SONiC Software Version: SONiC.xx - HwSku: xx - Distribution: Debian 9.13 - Kernel: 4.9.0-14-2-amd64 ARISTA01T2#bash snmpget -v2c -c xxx fc00:1::32 1.3.6.1.2.1.1.1.0 SNMPv2-MIB::sysDescr.0 = STRING: SONiC Software Version: SONiC.xx - HwSku: xx - Distribution: Debian 9.13 - Kernel: 4.9.0-14-2-amd64 ``` <!-- If PR needs to be backported, then the PR must be tested against the base branch and the earliest backport release branch and provide tested image version on these two branches. For example, if the PR is requested for master, 202211 and 202012, then the requester needs to provide test results on master and 202012. -->
…ic-net#15800) Why I did it It is to fix the docker-ptf-sai build failure. https://dev.azure.com/mssonic/build/_build/results?buildId=311315&view=logs&j=cef3d8a9-152e-5193-620b-567dc18af272&t=cf595088-5c84-5cf1-9d7e-03331f31d795 2023-07-09T13:53:19.9025355Z �[91mTraceback (most recent call last): 2023-07-09T13:53:19.9025715Z File "/root/ptf/.eggs/setuptools_scm-7.1.0-py3.7.egg/setuptools_scm/_entrypoints.py", line 74, in <module> 2023-07-09T13:53:19.9025933Z from importlib.metadata import entry_points # type: ignore 2023-07-09T13:53:19.9026167Z ModuleNotFoundError: No module named 'importlib.metadata' Work item tracking Microsoft ADO (number only): 24513583 How I did it How to verify it
…lly (sonic-net#15811) #### Why I did it src/sonic-swss ``` * c7e1308e - (HEAD -> master, origin/master, origin/HEAD) Remove redundant updateFabricPortState (sonic-net#2850) (2 hours ago) [kenneth-arista] ``` #### How I did it #### How to verify it #### Description for the changelog
…D automatically (sonic-net#15810) #### Why I did it src/sonic-platform-daemons ``` * d73808c - (HEAD -> master, origin/master, origin/HEAD) Added PCIe transaction check for all peripherals on the bus (sonic-net#331) (9 hours ago) [Ashwin Srinivasan] * 432602a - Update active application selected code in transceiver_info table aft… (sonic-net#381) (13 hours ago) [Michael Wang - TW] ``` #### How I did it #### How to verify it #### Description for the changelog
…IPS (sonic-net#15758) Why I did it [Build] Change the build option from ENABLE_FIPS_FEATURE to INCLUDE_FIPS Work item tracking Microsoft ADO (number only): 24485797 How I did it
Why I did it HLD implementation: Container Hardening (sonic-net/SONiC#1364) Work item tracking Microsoft ADO (number only): 14807420 How I did it Reduce linux capabilities in privileged flag, retain NET_ADMIN and SYS_ADMIN capabilities How to verify it Install new image to DUT, verify bgp container is up Run bgp sonic-mgmt kvmtest
…start when change to local mode (sonic-net#15432) Why I did it During the upgrade process via k8s, the feature's systemd service will restart as well, all of the feature systemd service has restart number limit, and the limit number is too small, only three times. if fallback happens when upgrade, the start count will be 2, just once again, the systemd service will be down. So, need to bypass this. This restart function will be called when do local -> kube, kube -> kube, kube ->local, each time call this function, we indeed need to restart successfully, so do reset-failed every time we do restart. When need to go back to local mode, we do systemd restart immediately without waiting the default restart interval time so that we can reduce the container down time. Work item tracking Microsoft ADO (number only): 24172368 How I did it Before every restart for upgrade, do reset feature's restart number. The restart number will be reset to 0 to bypass the restart limit. When need to go back to local mode, we do systemd restart immediately. How to verify it Feature's systemd service can be always restarted successfully during upgrade process via k8s.
Why I did it When do clean up container images, current code has two bugs need to be fixed. And some variables' name maybe cause confused, change the variables' name. Work item tracking Microsoft ADO (number only): 24502294 How I did it We do clean up after tag latest successfully. But currently tag latest function only return 0 and 1, 0 means succeed and 1 means failed, when we get 1, we will retry, when we get 0, we will do clean up. Actually the code 0 includes another case we don't need to do clean up. The case is that when we are doing tag latest, the container image we want to tag maybe not running, so we can not tag latest and don't need to cleanup, we need to separate this case from 0, return -1 now. When local mode(v1) -> kube mode(v2) happens, one problem is how to handle the local image, there are two cases. one case is that there was one kube v1 container dry-run(cause we don't relace the local if kube version = local version), we will remove the kube v1 image and tag the local version with ACR prefix and remove local v1 local tag. Another case is that there was no kube v1 container dry-run, we remove the local v1 image directly, cause the local v1 image should not be the last desire version. About the docker_id variable, it may cause confused, it's actually docker image id, so rename the variable. About the two dicts and the list, rename them to be more readable. How to verify it Check tag latest and image clean up result.
Why I did it For some devices whose log folder size is larger than 200M, for example, 256M, the LOG_FILE_ROTATE_SIZE_KB should be 16M. and THRESHOLD_KB=$((USABLE_SPACE_KB - (NUM_LOGS_TO_ROTATE * LOG_FILE_ROTATE_SIZE_KB * 2))) = $(( (VAR_LOG_SIZE_KB * 90 / 100) - RESERVED_SPACE_KB)) - (NUM_LOGS_TO_ROTATE * LOG_FILE_ROTATE_SIZE_KB * 2))) = $(( (256M * 90 / 100) - 4096)) - (8 * 16M * 2))) the result would be a negative value Work item tracking Microsoft ADO (number only): 24524827 How I did it Add a case for 400M, if the log folder size is between 200M and 400M, set the log file size to 2M How to verify it Do cmd "sudo logrotate -f /etc/logrotate.conf" on DUT which val/log folder size is 256M, and check the syslog.
…atically (sonic-net#15812) #### Why I did it src/sonic-utilities ``` * 51c7a43c - (HEAD -> master, origin/master, origin/HEAD) [show][muxcable] update `show mux config` to print out `soc_ipv6` as well (sonic-net#2909) (6 hours ago) [Jing Zhang] * fd497755 - [route_check][dualtor] Ignore vlan neighbor route miss (sonic-net#2888) (18 hours ago) [Longxiang Lyu] * 81c0ed4e - [show][muxcable] update `show mux tunnel-route` to check soc_ipv6 as well (33 hours ago) [Jing Zhang] * 1ee73668 - [db_migrator] Migrate DNS configuratuion (sonic-net#2893) (2 days ago) [ganglv] * 553a3432 - [dualtor][route_check] filter out `soc_ipv6` (sonic-net#2899) (2 days ago) [Jing Zhang] ``` #### How I did it #### How to verify it #### Description for the changelog
This is primarily to fix a bug in scapy hitting an error when trying to listen on multiple interfaces in a single `sniff` call. This also upgrades it to the current latest version. Signed-off-by: Saikrishna Arcot <[email protected]>
set CPU max_cstate to 0 Co-authored-by: Sumukha Tumkur Vani <[email protected]>
…ce is in kube mode (sonic-net#15642) Why I did it When sonic is managed by k8s, the sonic container is managed by k8s daemonset, daemonset identifies its members by labels. Currently when restarting a sonic service by systemctl, if the service's container is already managed by k8s, systemd script stops the container by removing the feature label to make it disjoin from k8s daemonset, and then starts it by adding the label to make it join k8s daemonset again. This behavior would cause problem during k8s container upgrade. Containers in daemonset are upgraded in a rolling fashion, that means the daemonset version is updated first, then rollout the new version to containers with precheck/postcheck one by one. However, if a sonic device joins a daemonset, k8s will directly deploy a pod with the current version of daemonset, it is expected when a device joins k8s cluster at first time. But for a device which has already joined k8s cluster, the re-joining daemonset will cause the container upgraded to new version without precheck, so if a systemd service is restarted during daemonset upgrade, the container may be upgraded without precheck and break rolling update policy. To fix it, we need to remove the logic about dropping k8s label in systemd service stop script for kube mode. Work item tracking Microsoft ADO (number only): 24304563 How I did it Don't drop label in systemd service stop script when feature's set_owner is kube. Only drop label when feature's set_owner is local. How to verify it The label feature_enabled should be always true if the feature's set owner is kube.
| @@ -10,7 +10,7 @@ libedit2==3.1-20191231-2+b1 | |||
| libfido2-1==1.6.0-2 | |||
| libglib2.0-0==2.66.8-1 | |||
| libgpm2==1.20.7-8 | |||
| libhiredis0.14-dbgsym==0.14.0-3~bpo9+1 | |||
There was a problem hiding this comment.
Do we need this for our docker entry for device-health?
renukamanavalan
approved these changes
Jul 26, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why I did it
How I did it
How to verify it
Which release branch to backport (provide reason below if selected)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)