Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BFN] Fixed ipv6 settings for BMC interface #12

Closed
wants to merge 6,116 commits into from

Conversation

taras-keryk
Copy link
Owner

Signed-off-by: Taras Keryk tarasx.keryk@intel.com

Why I did it

In some situations, the connection to the BMC may be lost when the ipv6 settings differ on the BMC and CPU (SONiC) sides

How I did it

I changed ipv6 neighbor base_reachable_time_ms on the CPU (SONiC). Currently, base_reachable_time_ms on the CPU and BMC sides will be the same.

How to verify it

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

FuzailBrcm and others added 30 commits March 16, 2022 06:35
* Using SFP refactoring framework in PDDF sfp class

* Fixing a typo error
# Why I did it

Reduce the disk space taken up during bootup and runtime.

# How I did it

1. Remove python package cache from the base image and from the containers.
2. During bootup, if logs are to be stored in memory, then don't create the `var-log.ext4` file just to delete it later during bootup.
3. For the partition containing `/host`, don't reserve any blocks for just the root user. This just makes sure all disk space is available for all users, if needed during upgrades (for example).


* Remove pip2 and pip3 caches from some containers

Only containers which appeared to have a significant pip cache size are
included here.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

* Don't create var-log.ext4 if we're storing logs in memory

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

* Run tune2fs on the device containing /host to not reserve any blocks for just the root user

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
…ocker container (sonic-net#10234)

Why I did it
Migration of sonic-mgmt codebase from Python 2 to Python 3

How I did it
Added scapy dependencies to the env-python3 virtual environment.

How to verify it
Run test case:
py.test --testbed=testbed-t0 --inventory=../ansible/lab --testbed_file=../ansible/testbed.csv --host-pattern=testbed-t0 -- module-path=../ansible/library lldp

Signed-off-by: Oleksandr Kozodoi <oleksandrx.kozodoi@intel.com>
#### Why I did it
```
Update submodule sonic-restapi
bd97dfe Fix urllib3 CVE-2021-33503 issue (sonic-net#104)
f159bfa Upgrade the containers to be based on Debian Buster (sonic-net#103)
a1830c1 (origin/201911) Fix OpenAPI spec to be readable by autorest (sonic-net#101)
```
…l values (sonic-net#10108)

#### Why I did it
Fixing issue sonic-net#9991
The ACL RULE table field ETHER_TYPE can accept both hex as well as decimal values. However yang model didn't allow decimal values. Fixed it to allow decimal values (same pattern as in hex (1536-65535)


#### How I did it
Updated yang model to handle decimal values

#### How to verify it
Added UT to verify it.
* Initial pass of EdgeCore platform changes.

* Remove libevent dependency from lldpd.

* Remove python2 dependencies python3.7 force from platform install script.

* Include usbmount support changes.

* Add missing 4630 install file.

* Update a few file permissions.  Add umask line to Makefile.  Specify python3.9 in install script.

* Misc platform updates:
- Add missing fan drawer component to sonic_platform
- Remove kernel version specification from Makefile
- Update to 4630 utility

* - Fix file permissions on source files
- Fix compile issue with 4630 driver modules (set_fs, get_fs, no longer supported in kernel 5.10)

* Fix missing/extra parens in 4630 util script.

* Fix indentation in fanutil.py.

* Integrate deltas from Edgecore to ec_platform branch.

* Installer update from Edgecore to resolve smbus serial console errors.

* Update stable_size for warm boot.

* Fix SFP dictionary key to match xcvrd.

* - Add missing define in event.py files needed for xcvrd
- Fix SFP info dict key for 7xxx switches

* 5835 platform file updates including installer and 5835 utility.

* 5835 fix for DMAR errors on serial console.

* Don't skip starting thermalctld in the pmon container.

* Revert several changes that were not related to platform.

* Run thermalctld in pmon container.

* Don't disable thermalctld in the pmon container.

* Fix prints/parens in 7816 install utility.

* - Incorporate 7816 changes from Edgecore
- Fix 7326 driver file using old kernel function

* Update kernel modules to use kernel_read().

* Fix compile errors with 7816 and 7326 driver modules.

* Fix some indents preventing platform files from loading.

* Update 7816 platform sfp dictionary to match field names in xcvrd.

* Add missing service and util files for 7816.

* Update file names, etc. based on full SKU for 7816.

* Delete pddf files not needed.  These were causing conflicts with API2.0
implementation.

* Remove pddf files suggested by Edgecore that were preventing API2.0 support from starting.

* Install API2.0 file instead of pddf.

* Update 7326 mac service file to not use pddf.  Fix syntax errors in 7326 utility script.

* Fix sonic_platform setup file for 7326.

* Fix syntax errors in python scripts.

* Updates to 7326 platform files.

* Fix some tab errors pulled down from master merge.

* Remove pddf files that were added from previous merge.

* Updates for 5835.

* Fix missing command byte for 5835 psu status.

* Fix permission bits on 4630 service files.

* Update platforms to use new SFP refactoring.

* Fix unused var warnings.
…PIs (sonic-net#10213)

Why I did it
fan_drawer support was missing in PDDF common platform APIs. This resulted in 'thermalctld' not working and 'show platform fan' and 'show platfomr temperature' commands not working.
_thermal_list array inside PSU class was not initialized. Made changes to attach the PSU related thermal sensors in the PSU instance.
How I did it
Added a common class pddf_fan_drawer.py. This class uses the PDDF JSON to fetch the platform specific data. A platform which uses PDDF would follow the below hierarchy.

fan_drawer_base.py ---> pddf_fan_drawer.py ---> fan_drawer.py

How to verify it
Run the 'show platform fan' and 'show platform temperature' commands and check the o/p.

o/p on AS7326:

root@sonic:/home/admin# show platform fan
s  Drawer    LED         FAN    Speed    Direction    Presence    Status          Timestamp
--------  -----  ----------  -------  -----------  ----------  --------  -----------------
Fantray1  green  Fantray1_1      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray1  green  Fantray1_2      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray2  green  Fantray2_1      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray2  green  Fantray2_2      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray3  green  Fantray3_1      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray3  green  Fantray3_2      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray4  green  Fantray4_1      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray4  green  Fantray4_2      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray5  green  Fantray5_1      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray5  green  Fantray5_2      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray6  green  Fantray6_1      38%      EXHAUST     Present        OK  20220311 04:15:03
Fantray6  green  Fantray6_2      38%      EXHAUST     Present        OK  20220311 04:15:03
     N/A    off   PSU1_FAN1       0%                  Present    Not OK  20220311 04:15:05
     N/A  green   PSU2_FAN1      34%      EXHAUST     Present        OK  20220311 04:15:05
hroot@sonic:/home/admin# show platform temperature
    Sensor    Temperature    High TH    Low TH    Crit High TH    Crit Low TH    Warning          Timestamp
----------  -------------  ---------  --------  --------------  -------------  ---------  -----------------
PSU1_TEMP1            0          N/A       N/A             N/A            N/A      False  20220311 04:15:05
PSU2_TEMP1           37          N/A       N/A             N/A            N/A      False  20220311 04:15:05
     TEMP1           37         80.0       N/A             N/A            N/A      False  20220311 04:15:05
     TEMP2           27         80.0       N/A             N/A            N/A      False  20220311 04:15:05
     TEMP3           28.5       80.0       N/A             N/A            N/A      False  20220311 04:15:05
     TEMP4           30.5       80.0       N/A             N/A            N/A      False  20220311 04:15:05
root@sonic:/home/admin#
root@sonic:/home/admin#
root@sonic:/home/admin#
o/p on AS7726:

root@as7726-32x-2:~# show platform fan
  Drawer    LED         FAN    Speed    Direction    Presence    Status          Timestamp
--------  -----  ----------  -------  -----------  ----------  --------  -----------------
Fantray1  green  Fantray1_1      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray1  green  Fantray1_2      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray2  green  Fantray2_1      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray2  green  Fantray2_2      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray3  green  Fantray3_1      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray3  green  Fantray3_2      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray4  green  Fantray4_1      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray4  green  Fantray4_2      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray5  green  Fantray5_1      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray5  green  Fantray5_2      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray6  green  Fantray6_1      38%      EXHAUST     Present        OK  20220311 08:13:04
Fantray6  green  Fantray6_2      38%      EXHAUST     Present        OK  20220311 08:13:04
     N/A  green   PSU1_FAN1      23%      EXHAUST     Present        OK  20220311 08:13:04
     N/A  green   PSU2_FAN1      22%      EXHAUST     Present        OK  20220311 08:13:04
root@as7726-32x-2:~# show platform temp
    Sensor    Temperature    High TH    Low TH    Crit High TH    Crit Low TH    Warning          Timestamp
----------  -------------  ---------  --------  --------------  -------------  ---------  -----------------
PSU1_TEMP1           28          N/A       N/A             N/A            N/A      False  20220311 08:13:04
PSU2_TEMP1           25          N/A       N/A             N/A            N/A      False  20220311 08:13:04
     TEMP1           23.5       80.0       N/A             N/A            N/A      False  20220311 08:13:04
     TEMP2           27         80.0       N/A             N/A            N/A      False  20220311 08:13:04
     TEMP3           24         80.0       N/A             N/A            N/A      False  20220311 08:13:04
     TEMP4           27         80.0       N/A             N/A            N/A      False  20220311 08:13:04
     TEMP5           24         80.0       N/A             N/A            N/A      False  20220311 08:13:04
f00efef Longxiang Lyu Wed Mar 16 09:12:46 2022 +0800 Add a command line option to store logs into a separate file (sonic-net#41)
ff2e67d Longxiang Lyu Tue Mar 15 09:10:59 2022 +0800 Add default port cable type (sonic-net#39)
ebbb4d8 Jing Zhang Mon Mar 14 15:41:11 2022 -0700 Prevent switching MUX to "Unknown" (sonic-net#36)
c779b8f Longxiang Lyu Thu Mar 10 21:35:11 2022 +0800 [nonfunctional] Use LinkProberStateMachineBase (sonic-net#38)
b9fedd0 Longxiang Lyu Wed Mar 9 13:03:58 2022 +0800 [NONFUNCTIONAL] Add LinkProberStateMachineBase (sonic-net#37)
bedd42b Longxiang Lyu Wed Mar 9 10:03:00 2022 +0800 Add .clang-format file to format code (sonic-net#28)
9fe4fc6 Guohan Lu Thu Mar 3 17:51:43 2022 -0800 [doc]: add lgtm badge in README.md
c1249d9 Longxiang Lyu Wed Mar 2 18:05:18 2022 +0800 Enable lgtm (sonic-net#33)
b8514c6 Longxiang Lyu Wed Mar 2 13:34:39 2022 +0800 Collect port cable type to use corresponding state machine (sonic-net#31)
9b59ef9 Longxiang Lyu Wed Mar 2 07:19:33 2022 +0800 Improve make clean (sonic-net#32)
 - Fix i2c bus on crow cpu
 - Fix exception handling in logs
 - Improve linecard mgmt interface configuration
 - Add new PSU models for chassis
 - Misc fixes
)

Update device-specific files for new platform SN2201, including:

device/mellanox/x86_64-nvidia_sn2201-r0/ACS-SN2201/buffers_defaults_objects.j2
device/mellanox/x86_64-nvidia_sn2201-r0/ACS-SN2201/hwsku.json
device/mellanox/x86_64-nvidia_sn2201-r0/default_sku
device/mellanox/x86_64-nvidia_sn2201-r0/pcie.yaml
device/mellanox/x86_64-nvidia_sn2201-r0/platform.json
device/mellanox/x86_64-nvidia_sn2201-r0/platform_components.json
device/mellanox/x86_64-nvidia_sn2201-r0/sensors.conf

Signed-off-by: Kebo Liu <kebol@nvidia.com>
Co-authored-by: Stephen Sun <stephens@nvidia.com>
…for GRE type (sonic-net#10140)

#### Why I did it
PR  sonic-net/sonic-utilities#1825 added validation for the input of `config mirror session add`, and only decimal value is accepted.
An issue sonic-net#10096 was raised to suggest accepting HEX value as well, and the suggestion makes sense to me.

To accept HEX value for GRE type, and keep backward compatibility as well, I updated the YANG model to support both decimal and hexadecimal input for GRE type.

#### How I did it
Update the regex for GRE type.

#### How to verify it
Verified by UT
```
platform linux -- Python 3.9.2, pytest-6.0.2, py-1.10.0, pluggy-0.13.0
rootdir: /sonic/src/sonic-yang-models
plugins: pyfakefs-4.5.4, cov-2.10.1
collected 3 items                                                                                                                                                                                     

tests/test_sonic_yang_models.py ..                                                                                                                                                              [ 66%]
tests/yang_model_tests/test_yang_model.py .                                                                                                                                                     [100%]

========================================================================================== 3 passed in 2.53s ==========================================================================================
```

#### Description for the changelog
Update YANG model for mirror session to support decimal value for GRE type.
…invalid voltage value (sonic-net#10231)

- Why I did it
Fix issue: psu might use wrong voltage sysfs which causes invalid voltage value. The flow is like:

1. User power off a PSU
2. All sysfs files related to this PSU are removed
3. User did a reboot/config reload
4. PSU will use wrong sysfs as voltage node

- How I did it
Always try find an existing sysfs.

- How to verify it
Manual test
Updating sonic-utilities sub module with the following commits

    b00b870 [build] stop vstest in the Azure pipeline 
    2c56e92 [GCU] Marking fields under BGP_PEER_RANGE, BGP_MONITORS as create-only
    6289987 Fix sonic-installer failure due to missing import 
    45e6ac1 [show] add support for hwstatus in show muxcable status
    93384ed Try get port operational speed from STATE DB
    483fc6e [techsupport] Added a lock to avoid running techsupport in parallel
    398da58 Validation check correction while adding a member to PortChannel
    a8a7edb [generate_dump] exclude mft and mlx folders from /etc
    1cf1d03 Fix UT failed cause by change pycommon to use swsscommon
[Build]: Support to set jobFilters
Updating sonic-snmpagent submodule with the following commits

        dae8146 [ci]: Support code diff coverage
        6bd51c4 Fix: LAG counters, if LAG don't have L3 interface
        2654f4a Fix snmp agent Initialize config DB multiple times issue

#### Why I did it
    When change pycommon to use swsscommon UT failed in sonic-snmpagent, need submodule update with UT issue fix.

#### How I did it

#### How to verify it

#### Which release branch to backport (provide reason below if selected)

#### Description for the changelog

        [ci]: Support code diff coverage
        Fix: LAG counters, if LAG don't have L3 interface
        Fix snmp agent Initialize config DB multiple times issue

#### A picture of a cute animal (not mandatory but encouraged)
Why I did it
Use one debian mirror config.
The empty config in https://github.com/Azure/sonic-buildimage/blob/master/files/image_config/apt/sources.list overrides the file https://github.com/Azure/sonic-buildimage/blob/master/files/apt/sources.list.amd64 (armhf/arm64), it does not make sense.
All the content in files/image_config/apt is no use, any one wants to add mirror config, please add in files/apt.

How I did it
Remove files/image_config/apt and the reference.
…c-net#10287)

Why I did it
support to collect version when purging debian package
Support to collect version multiple times

How I did it
Add the collection action before purging.
On some products the pci enumeration adds randomness into which nic gets
initialized first.
Because SONiC doesn't use deterministic interface naming but instead old
style interface naming, this leads to eth0 not always being the
management port.
To make sure eth0 is always the management port (SONiC expectation)
rename the interfaces in the initramfs for Arista products.
…ic-net#10276)

Why I did it
The current code assumes that the value part does not have whitespace. So everything after the whitespace will be ignored. The syseeprom values returned from platform API do not match the output of "show platform syseeprom" on dx010 and e1031 device.

How I did it
This change improved the regular expression for parsing syseeprom values to accommodate whitespaces in the value.
PR 10021 provides the solution, but committed to the wrong place for dx010 and e1031.

How to verify it
Compile the sonic_platform wheel for dx010, then upload to device and install the wheel, verify the platform eeprom API.

Signed-off-by: Eric Zhu <erzhu@celestica.com>
)

Why I did it
Add CPU thermal control for Nvidia platforms which will be enabled for platforms that have heavy CPU load. Now it is only enabled on 4800, and it will be enabled on future platforms.

How I did it
Check CPU pack temperature and update cooling level accordingly

How to verify it
Manual test
Added sonic-mgmt test case, PR link will update later
…h which communication takes place between Sonic and openBMC (sonic-net#9941)

Why I did it
improvement of starting barefoot SDK

How I did it
restart of the interface for cleaning txquee through which communication takes place between Sonic and openBMC

How to verify it
run sonic autorestart tests
- Why I did it
With the previous MFT 4.18.1-16 there is a bug in mstdump tool accessing wrong address. it is confirmed this issue does not exist in official 4.18.0-106.

- How I did it
Update the MFT version to 4.18.0-106

- How to verify it
Run regression on Mellanox platforms
…nic-net#10224)

#### Why I did it
To fix sonic-net#9643

#### How I did it
Instead of ast.literal_eval added python2 compat code for json strings unicode -> str convertion.

We need python2 compatibility since py2 sonic config engine (buster/sonic_config_engine-1.0-py2-none-any.whl target) is still included into the build (ENABLE_PY2_MODULES flag is set for buster). Once we abandon buster and python2, this compat and ast.literal_eval could be cleaned up all through the code base.

#### How to verify it
run steps from the linked issue
Why I did it
[Build]: Fix armhf mirrors not existing issue
The mirror endpoint debian-archive.trafficmanager.net does not support armhf, change to use deb.debian.org and security.debian.org.
before: [ finished ] target/docker-base-buster.gz
after: [ cached ] target/docker-base-buster.gz
…ANE ACLs (sonic-net#10248)

#### Why I did it
Fixes sonic-net/sonic-utilities#2049

from caclmgr:
- PRIORITY is a required field [code](https://github.com/Azure/sonic-buildimage/blob/3fa18d18d4c06fe38164ebfefdc3187820fc7496/src/sonic-host-services/scripts/caclmgrd#L548)
- PACKET_ACTION is a required field [code](https://github.com/Azure/sonic-buildimage/blob/3fa18d18d4c06fe38164ebfefdc3187820fc7496/src/sonic-host-services/scripts/caclmgrd#L581)

I think PRIORITY is a required field for ACLs not only CTRLPLANE ACLs

#### How I did it
Check code.

#### How to verify it
Unit-test

#### Which release branch to backport (provide reason below if selected)

<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111

#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->

#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/SONiC/wiki/Configuration.
-->

#### A picture of a cute animal (not mandatory but encouraged)
Pterosaur and others added 24 commits May 12, 2022 13:21
Signed-off-by: Ze Gan <ganze718@gmail.com>

Existing pools cannot test MACsec scenario, So I add sonictest-sonic-t0 pool that can run MACsec testcases.
Why I did it
To upgrade SSD firmware in initramfs while rebooting from SONiC to SONiC and during NOS to SONiC migration.

How I did it
New option 'ssd-upgrader-part’ is introduced in grub command line, to indicate the partition and its filesystem type in which the SSD firmware updater is present. ‘ssd-upgrader-part’ syntax is ssd-upgrader-part=<partition>,<filesystem type>. Example: ssd-upgrader-part=/dev/sda8,ext4

A new initramfs script ‘ssd-upgrade’ is included in init-premount and it invokes the SSD firmware updater (ssd-fw-upgrade) present in the partition indicated by the boot option 'ssd-upgrader-part'

How to verify it
In SONiC, the SSD firmware updater is copied to “/host/” directory.
Fast-reboot is to be initiated with the ‘-u’ option ([scripts/fast-reboot] Add option to include ssd-upgrader-part boot option with SONiC partition sonic-utilities#2150)
After reboot, while booting into SONiC the SSD firmware updater will be executed in initramfs.
…are status' (sonic-net#10493)

Why I did it
To include ONIE version in show platform firmware status command output in DellEMC S6100 and Z9332f platforms.

How I did it
Include ‘ONIE’ in the list of components provided by platform APIs in DellEMC S6100 and Z9332f.
Unmount ONIE-BOOT if mounted using fast/soft/warm-reboot plugins in DellEMC S6100.
Why I did it
Fixes sonic-net#10793

How I did it
Removed the switch_type validation from the Yang model.

How to verify it
compile sonic_yang_mgmt-1.0-py3-none-any.whl and sonic_yang_mgmt-1.0-py3-none-any.whl

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
…onic-net#10806)

- Why I did it
Platform_reboot files for simx doesn't do aything different apart from calling /sbin/reboot. which is anyway done in the /usr/local/bin/reboot script i.e. the parent script which calls the platform specific reboot scripts if present.

Moreover, /sbin/reboot invoked in the platform specific reboot script is a non-blocking call and thus it returns back to the original script (although /sbin/reboot does it job in the background) and we see messages like this.

Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
…net#10792)

Why I did it
Previous subport unit tests uses port channel names like PortChannel01, so for subport name generated PortChannel01.10, it exceeds Linux network interface name 15 char limit.

Signed-off-by: Longxiang Lyu lolv@microsoft.com

How I did it
Modify PortChannel01 to PortChannel1.
This is part of HLD  sonic-net/SONiC#925

#### Why I did it
Add link-training support

#### How I did it
Update SONiC YANG for port link-training support

#### Description for the changelog
Add "link_training" to sonic-port.yang

#### Link to config_db schema for YANG module changes

https://github.com/sonic-net/SONiC/wiki/Configuration#port
…to storage (sonic-net#10820)

Why I did it
Support to trigger a pipeline to download and publish artifacts to storage and container registry.
Support to specify the patterns which docker images to upload.

How I did it
Pass the pipeline information and the artifact information by pipeline parameters to the pipeline which will be triggered a new build. It is to decouple the artifacts generation and the publish logic, how and where the artifacts/docker images will be published, depends on the triggered pipeline.

How to verify it
Why I did it
Config db schema generated by minigraph should run yang validation.

How I did it
Modify run_script to add yang validation.

How to verify it
Run sonic-config-engine unit test.

Signed-off-by: Gang Lv ganglv@microsoft.com
)

Update Configuration doc: fix separator and indentation
* [swss]: Convert swss docker to bullseye

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
… file removal issue (sonic-net#10751)" (sonic-net#10849)

This reverts commit dee7655.

Co-authored-by: Ubuntu <lizhuhua@lh-dev-vm-01.ziurp3vhri5utcxng1kcl2l1qa.xx.internal.cloudapp.net>
Apply scapy fix (secdev/scapy#3240) since it is not available in release yet

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
Why I did it
https://github.com/Azure/SONiC/blob/master/doc/vxlan/Overlay%20ECMP%20with%20BFD.md
From the design, need to advertise the route with community string, the PR is to implement this.

How I did it
To use the route-map as the profile for the community string, all advertised routes can be associated with one route-map.
Add one file, mangers_rm.py, which is to add/update/del the route-map. Modified the managers_advertise_rt.py file to associate profile with IP route.

The route-map usage is very flexible, by this PR, we only support one fixed usage to add community string for route to simplify this design.

How to verify it
Implement new unit tests for mangers_rm.py and updated unit test for managers_advertise_rt.py.
Manually verified the test case in the test plan section, will add testcase in sonic-mgmt later. sonic-net/sonic-mgmt#5581
#### Why I did it
To provide MACsec config and show CLI for manipulating MACsec

#### How I did it
Add `config macsec` and `show macsec`.

#### How to verify it

This PR includes unittest for MACsec CLI, check Azp status.
- Add MACsec profile
```
admin@sonic:~$ sudo config macsec profile add --help
Usage: config macsec profile add [OPTIONS] <profile_name>

  Add MACsec profile

Options:
  --priority <priority>           For Key server election. In 0-255 range with
                                  0 being the highest priority.  [default:
                                  255]
  --cipher_suite <cipher_suite>   The cipher suite for MACsec.  [default: GCM-
                                  AES-128]
  --primary_cak <primary_cak>     Primary Connectivity Association Key.
                                  [required]
  --primary_ckn <primary_cak>     Primary CAK Name.  [required]
  --policy <policy>               MACsec policy. INTEGRITY_ONLY: All traffic,
                                  except EAPOL, will be converted to MACsec
                                  packets without encryption.  SECURITY: All
                                  traffic, except EAPOL, will be encrypted by
                                  SecY.  [default: security]
  --enable_replay_protect / --disable_replay_protect
                                  Whether enable replay protect.  [default:
                                  False]
  --replay_window <enable_replay_protect>
                                  Replay window size that is the number of
                                  packets that could be out of order. This
                                  field works only if ENABLE_REPLAY_PROTECT is
                                  true.  [default: 0]
  --send_sci / --no_send_sci      Send SCI in SecTAG field of MACsec header.
                                  [default: True]
  --rekey_period <rekey_period>   The period of proactively refresh (Unit
                                  second).  [default: 0]
  -?, -h, --help                  Show this message and exit.
```
- Delete MACsec profile
```
admin@sonic:~$ sudo config macsec profile del --help
Usage: config macsec profile del [OPTIONS] <profile_name>

  Delete MACsec profile

Options:
  -?, -h, --help  Show this message and exit.
```
- Enable MACsec on the port
```
admin@sonic:~$ sudo config macsec port add --help
Usage: config macsec port add [OPTIONS] <port_name> <profile_name>

  Add MACsec port

Options:
  -?, -h, --help  Show this message and exit.
```
- Disable MACsec on the port
```
admin@sonic:~$ sudo config macsec port del --help
Usage: config macsec port del [OPTIONS] <port_name>

  Delete MACsec port

Options:
  -?, -h, --help  Show this message and exit.

```
Show MACsec
```
MACsec port(Ethernet0)
---------------------  -----------
cipher_suite           GCM-AES-256
enable                 true
enable_encrypt         true
enable_protect         true
enable_replay_protect  false
replay_window          0
send_sci               true
---------------------  -----------
	MACsec Egress SC (5254008f4f1c0001)
	-----------  -
	encoding_an  2
	-----------  -
		MACsec Egress SA (1)
		-------------------------------------  ----------------------------------------------------------------
		auth_key                               849B69D363E2B0AA154BEBBD7C1D9487
		next_pn                                1
		sak                                    AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E
		salt                                   000000000000000000000000
		ssci                                   0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN         179
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
		SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  0
		SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
		-------------------------------------  ----------------------------------------------------------------
		MACsec Egress SA (2)
		-------------------------------------  ----------------------------------------------------------------
		auth_key                               5A8B8912139551D3678B43DD0F10FFA5
		next_pn                                1
		sak                                    7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6
		salt                                   000000000000000000000000
		ssci                                   0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN         87185
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
		SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  0
		SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
		-------------------------------------  ----------------------------------------------------------------
	MACsec Ingress SC (525400edac5b0001)
		MACsec Ingress SA (1)
		---------------------------------------  ----------------------------------------------------------------
		active                                   true
		auth_key                                 849B69D363E2B0AA154BEBBD7C1D9487
		lowest_acceptable_pn                     1
		sak                                      AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E
		salt                                     000000000000000000000000
		ssci                                     0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN           103
		SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
		SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
		SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
		SAI_MACSEC_SA_STAT_IN_PKTS_OK            0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
		---------------------------------------  ----------------------------------------------------------------
		MACsec Ingress SA (2)
		---------------------------------------  ----------------------------------------------------------------
		active                                   true
		auth_key                                 5A8B8912139551D3678B43DD0F10FFA5
		lowest_acceptable_pn                     1
		sak                                      7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6
		salt                                     000000000000000000000000
		ssci                                     0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN           91824
		SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
		SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
		SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
		SAI_MACSEC_SA_STAT_IN_PKTS_OK            0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
		---------------------------------------  ----------------------------------------------------------------
MACsec port(Ethernet1)
---------------------  -----------
cipher_suite           GCM-AES-256
enable                 true
enable_encrypt         true
enable_protect         true
enable_replay_protect  false
replay_window          0
send_sci               true
---------------------  -----------
	MACsec Egress SC (5254008f4f1c0001)
	-----------  -
	encoding_an  1
	-----------  -
		MACsec Egress SA (1)
		-------------------------------------  ----------------------------------------------------------------
		auth_key                               35FC8F2C81BCA28A95845A4D2A1EE6EF
		next_pn                                1
		sak                                    1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B
		salt                                   000000000000000000000000
		ssci                                   0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN         4809
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED    0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED    0
		SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED  0
		SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED  0
		-------------------------------------  ----------------------------------------------------------------
	MACsec Ingress SC (525400edac5b0001)
		MACsec Ingress SA (1)
		---------------------------------------  ----------------------------------------------------------------
		active                                   true
		auth_key                                 35FC8F2C81BCA28A95845A4D2A1EE6EF
		lowest_acceptable_pn                     1
		sak                                      1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B
		salt                                     000000000000000000000000
		ssci                                     0
		SAI_MACSEC_SA_ATTR_CURRENT_XPN           5033
		SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED       0
		SAI_MACSEC_SA_STAT_IN_PKTS_INVALID       0
		SAI_MACSEC_SA_STAT_IN_PKTS_LATE          0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA  0
		SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID     0
		SAI_MACSEC_SA_STAT_IN_PKTS_OK            0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED     0
		SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA     0
		SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED      0
		SAI_MACSEC_SA_STAT_OCTETS_PROTECTED      0
		---------------------------------------  ----------------------------------------------------------------
```
…essage (sonic-net#10779)

- Why I did it
Script fails when there is an exception while reading

- How I did it
Add more logs and checks. Fix wrong variable naming and messages.

- How to verify it
Provoke exception while read_eeprom() and check that it is handled properly
Updated libsaibcm to fix libsaithrift compile issue on BRCM image
…setting tag (sonic-net#10731)

What I did:
Added support to create route-map action set tag <user define value>
when the the allow prefix list matches. The tag can ben define by user in
constants.yml.

Why I did:
Since for Allow List feature we call from base route-map allow-list route-map having set tag option provides way for base route-map to do match tag and take any further action if needed. Adding tag provide metadata that can used by base route-map
…ic-net#10847)

Why I did it
It is not necessary to trigger the publish pipeline when build is failed.

How I did it
Remove the condition in the azp task, change to use template condition.
Why I did it
At present, there is no mechanism in an event driven model to know that the system is up with all the essential sonic services and also, all the docker apps are ready along with port ready status to start the network traffic. With the asynchronous architecture of SONiC, we will not be able to verify if the config has been applied all the way down to the HW. But we can get the closest up status of each app and arrive at the system readiness.

How I did it
A new python based system monitor tool is introduced under system-health framework to monitor all the essential system host services including docker wrapper services on an event based model and declare the system is ready. This framework gives provision for docker apps to notify its closest up status. CLIs are provided to fetch the current system status and also service running status and its app ready status along with failure reason if any.

How to verify it
"show system-health sysready-status" click CLI
Syslogs for system ready
Add support for WolverineQCpu, WolverineQCpuMs, WolverineQCpuBk, WolverineQCpuBkMs

Co-authored-by: Maxime Lorrillere <mlorrillere@arista.com>
* [ci] Add arm artifacts in common lib azure pipeline
@taras-keryk taras-keryk force-pushed the tkeryk/bmc_iface_setts4 branch from d7045a6 to eb4e8b8 Compare May 27, 2022 07:07
Signed-off-by: Taras Keryk <tarasx.keryk@intel.com>
@taras-keryk taras-keryk force-pushed the tkeryk/bmc_iface_setts4 branch from eb4e8b8 to e3866df Compare May 27, 2022 08:10
Signed-off-by: Taras Keryk <tarasx.keryk@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.