-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade supervisord to 3.3.3 and fix supervisord.conf #1390
Conversation
RB= G=lnos-reviewers R=ntrianta,rjonnadu,rmolina,sfardeen,zxu A=
This reverts commit c9a2c92.
This reverts commit 45ab087.
Sync to master
Sync to master
Add config support for nhopself, keepalive and holdtime timers. Add route-map to prefer global nexthops for ebgp learned prefixes.
…ling to a more relevant place for this cmd. Add config support for nhopself, keepalive and holdtime timers. Add route-map to prefer global nexthops for ebgp learned prefixes.
…ling to a more relevant place for this cmd. Add config support for nhopself, keepalive and holdtime timers. Add route-map to prefer global nexthops for ebgp learned prefixes.
Sync to master
…tysh on host system. RB= G=lnos-reviewers R=ntrianta,rjonnadu,rmolina,sfardeen,zxu A=
Sync to master
Just to confirm: Do my clock-rollback patches still apply cleanly to v3.3.3? (https://github.com/Azure/sonic-buildimage/tree/master/src/supervisor/patch) |
@jleveque Yes no issues with the patches. They both patched cleanly. |
I remember joe also developed the unit test for his patches, are those unit test also passing for 3.3.3? |
@lguohan: The supervisor build should fail if any of the unit tests do not pass. Since the check builds all succeeded, I believe all the unit tests passed. |
@@ -17,6 +20,8 @@ supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface | |||
|
|||
[supervisorctl] | |||
serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket | |||
username=nobody | |||
password=nobody |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this mean we need to type username and password for supervisorctl command line? is that necessary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
from your commit message, you are trying to address http server accessing issue, so I am not sure if we need to add username/password for the supervisorctl command line as well. Since once you can get into the docker, you already have sudo privilege, adding extra user/pass protection does not seem necessary.
The username and password of supervisorctl need to be the same as those of supervisord server configuration for the port or UNIX domain socket. Given this expectation/requirement, I made the change accordingly. |
where does this requirement come from? "The username and password of supervisorctl need to be the same as those of supervisord server configuration for the port or UNIX domain socket" |
From supervisord's configuration file requirements (http://supervisord.org/configuration.html or https://github.com/Supervisor/supervisor/blob/master/docs/configuration.rst) |
ok. can you change both username and password to dummy, nobody seems to be related the nobody unix user. |
You sure you want that changed to dummy? I picked nobody because it's defined as a unix user account that has no access. If some dummy goes and defines dummy, they'll get an unwanted association :-) I don't mind either way but playing it safe is a better choice. |
I thought this is not related to unix account at all. |
It's not but not knowing what changes the future can bring, I made the choice to pick a username that can't be used to gain access to the box from a unix perspective (yes - once you're into the docker you have sudo privileges anyway). I'm fine with dummy/dummy. |
* src/sonic-swss d2bab10...c4949a2 (34): > [dvs] Add new common issues and TOC to DVS README (#1405) > Avoid adding loopback interface (ip link add) when setting nat zone on loopback interface (#1411) > [portsorch] add buffer drop FC group (#1368) > [dvs/chassis] Bring up SONiC interfaces in virtual chassis (#1410) > [chassis/dvs] Add support for virtual chassis to DVS testbed (#1345) > [sonic-swsss] Fix the issue of field "next_hop_ip" not getting updated in state DB in ERSPAN Mirror (#1375) > [intfmgr] Fix OA crash issue due to link local configurations (#1195) > Fix the issue when persistent DVS is used to run pytest which has number of front-panel ports < 32 (#1373) > [dvs] Refactor AsicDbValidator (#1402) > [fec] Get FEC mode when port is already admin down (#1403) > [fec] added logic that put port down before applying fec onfiguration (#1399) > [dvs] Add performance test for adding and deleting routes (#1392) > Ignore IPv6 link-local and multicast entries as Vnet routes (#1401) > [vlanmgr] Support Jumbo Frame By Default (#1393) > Fix log/syslog not being correct when last test fails for given module (#1395) > Get initial speed from ASIC DB (#1390) > [dvs] Add options to limit CPU usage (#1394) > [intfsorch] Retrieve Port object before setting NAT zone on router interfaces. (#1372) > [.gitignore] Ignore gearsyncd binary (#1381) > Added Max Nexthopgroup/ECMP Count supported by device into State DB. (#1383) > [dvs] Upload logs even if failure occurs during startup (#1389) > [rates] fix issue with rates init (#1387) > [dvs] Validate that SWSS is ready to receive input before starting tests (#1385) > [dvs] Convert sflow and speed tests to use dvslib (#1382) > [dvs_acl] Refactor and document dvs_acl library (#1378) > [dvs] Fix install instructions in README (#1379) > [dvs] Update README with new flags, options, and known issues (#1380) > swss: gearsyncd should return 0 on exit (#1376) > Remove 00-copp.config.json from swss debian package. (#1366) > fix undefined var in rates lua scripts (#1365) > [fdborch] Fixed Orchagent crash in FDB flush on port disable. (#1369) > [tlm_teamd]: Try to add LAG again, when teamd is not ready first time (#1347) > [vs] Incorporate python3 best practices into DVSLib (#1357) > [dvs] Mark unstable tests as xfail (#1356)
* [BFN] Add support pcied daemon for Montara and Newport (sonic-net#5199) Signed-off-by: Petro Bratash <petrox.bratash@intel.com> * [cfggen] Allow Write To Redis DB With Template/Batch Mode (sonic-net#5203) Argument to write to config-db is not allowed when using template. This PR allows cfggen to write to redis db when using template mode. signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com> * [submodule]: Advance sonic-snmpagent. (sonic-net#5213) Update sonic-snmpagent submodule to include below commits: 1a2b62a [Namespace]: Fix SAI_ID key used in cpfcIfTable and csqIfQosGroupStatsTable implementation (sonic-net#138) d06f00c [pytest/coverage]: add coverage support (sonic-net#156) 90e9f2e [Namespace]: Simplify sync_d functions to use higher order (sonic-net#154) b5815d9 [LLDP]: Modify OID index of LLDPRemTableUpdater MIB (sonic-net#155) d5f2b92 [Multiasic]: Provide namespace support for ipNetToMediaPhysAddress (sonic-net#129) 166c221 [Namespace]: Fix interface counters in RFC 1213 (sonic-net#145) Signed-off-by: SuvarnaMeenakshi <sumeenak@microsoft.com> * [cfggen] Conform With Python 3 Syntax (sonic-net#5154) Preparing sonic-cfggen for migration to Python 3. signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com> * [redis-dump-load] Update submodule (sonic-net#5215) * src/redis-dump-load 832a645...7585497 (2): > Merge pull request sonic-net#63 from jleveque/update_gitignore > Merge pull request sonic-net#59 from breser/redis-load-empty * [services] Fix Delay Start of SNMP And Telemetry (sonic-net#5211) SNMP and Telemetry services are not critical to switch startup. They also cause fast-reboot not to meet timing requirements. In order to delay start those service are associated with systemd timer units, however when hostcfgd initiate service start, it start the service and not the timer. This PR fixes this issue by starting the timer associated with systemd unit. signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com> * [sonic-py-common][multi ASIC] API to get a list of frontend ports (sonic-net#5221) * [sonic-py-common][multi ASIC] utility to get a list of frontend ports from a given list of ports * [sonic-config-engine] Update .gitignore (sonic-net#5223) - Ignore directories generated by building Python wheel package - Move all sonic-config-engine ignores from the root .gitignore to src/sonic-config-engine/.gitignore * Advance swss-common submodule. (sonic-net#5222) 9a7c9d Dbconnector namespace support (sonic-net#376) c32f0b5 add state db entry for fgnhg route entry (sonic-net#374) * [caclmgrd] Add support for multi-ASIC platforms (sonic-net#5022) * Support for Control Plane ACL's for Multi-asic Platforms. Following changes were done: 1) Moved from using blocking listen() on Config DB to the select() model via python-swsscommon since we have to wait on event from multiple config db's 2) Since python-swsscommon is not available on host added libswsscommon and python-swsscommon and dependent packages in the base image (host enviroment) 3) Made iptables programmed in all namespace using ip netns exec Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Address Review Comments Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Fix Review Comments * Fix Comments * Added Change for Multi-asic to have iptables rules to accept internal docker tcp/udp traffic needed for syslog and redis-tcp connection. Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Fix Review Comments * Added more comments on logic. * Fixed all warning/errors reported by http://pep8online.com/ other than line > 80 characters. * Fix Comment Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Verified with swsscommon package. Fix issue for single asic platforms. * Moved to new python package * Address Review Comments. Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Address Review Comments. * Add support to VS platform for platform.json and DPB CLI Tests (sonic-net#5192) - Reverts commit 457674c - Creates "platform.json" for vs docker - Adds test case for port breakout CLI - Explicitly sets admin status of all the VS interfaces to down to be compatible with SWSS test cases, specifically vnet tests and sflow tests Signed-off-by: Sangita Maity <sangitamaity0211@gmail.com> * [iccpd] Fix uninitialized variable. (sonic-net#5112) To declare *tb[] but do not initialize it, it might be very risky. We get iccpd exception during processing arp/nd event. Initialize it to {0}; * Fix unwanted python exception in syslog during database container (sonic-net#5227) startup when doing redis PING since database_config.json getting generated from jinja2 template is still not ready. Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * [hostcfgd] Handle Both Service And Timer Units (sonic-net#5228) Commit e484ae9 introduced systemd .timer unit to hostcfgd. However, when stopping service that has timer, there is possibility that timer is not running and the service would not be stopped. This PR address this situation by handling both .timer and .service units. signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com> * [arista] Update driver submodules (sonic-net#5147) - fix watchdog timeout units - fix import path for thermal_manager - remove arista bind mounts for docker-snmp - improve arista bind mounts for pmon * [docker-radv] Fix startup issues (sonic-net#5230) **- Why I did it** PR sonic-net#4599 introduced two bugs in the startup of the router advertiser container: 1. References to the `wait_for_intf.sh` script were changed to `wait_for_link.sh`, but the actual script was not renamed 2. The `ipv6_found` Jinja2 variable added to the supervisor config file goes out of scope before it is read. **- How I did it** 1. Rename the `wait_for_intf.sh` script to `wait_for_link.sh` 2. Use the Jinja2 "namespace" construct to fix the scope issue **- How to verify it** Ensure all processes in the radv container start properly under the correct conditions (i.e., whether or not there is at least one VLAN with an IPv6 address assigned). * [sonic-utilities] Update submodule (sonic-net#5233) * src/sonic-utilities d5fdd74...17fb378 (7): > [sonic-installer] Import re module (sonic-net#1061) > [fast-reboot]: Fix fail to execute fast-reboot problem (sonic-net#1047) > [config] Reduce Calls to SONiC Cfggen (sonic-net#1052) > [filter-fdb] Call Filter FDB Main From Within Test Code (sonic-net#1051) > [sflow_test.py]: Fix show sflow display. (sonic-net#1054) > Change fast-reboot script to use swss and radv service script (sonic-net#1036) > Common functions for show CLI support on multi ASIC (sonic-net#999) * [sonic-host-service]: Add SONiC Host Services infrastructure (sonic-net#4840) - Why I did it When SONiC is configured with the management framework and/or telemetry services, the applications running inside those containers need to access some functionality on the host system. The following is a non-exhaustive list of such functionality: Image management Configuration save and load ZTP enable/disable and status Show tech support - How I did it The host service is a Python process that listens for requests via D-Bus. It will then service those requests and send a response back to the requestor. This PR only introduces the host service infrastructure. Applications that need access to the host services must add applets that will register on D-Bus endpoints to service the appropriate functionality. - How to verify it - Description for the changelog Add SONiC Host Service for container to execute select commands in host Signed-off-by: Nirenjan Krishnan <Nirenjan.Krishnan@dell.com> * Add common functions applicable to single/multi asic platforms (sonic-net#5224) * Add common functions applicable to single/multi asic platforms * Raise exception if invalid namespace is given as input. * [sonic-swss] Update submodule (sonic-net#5231) * src/sonic-swss d2bab10...c4949a2 (34): > [dvs] Add new common issues and TOC to DVS README (sonic-net#1405) > Avoid adding loopback interface (ip link add) when setting nat zone on loopback interface (sonic-net#1411) > [portsorch] add buffer drop FC group (sonic-net#1368) > [dvs/chassis] Bring up SONiC interfaces in virtual chassis (sonic-net#1410) > [chassis/dvs] Add support for virtual chassis to DVS testbed (sonic-net#1345) > [sonic-swsss] Fix the issue of field "next_hop_ip" not getting updated in state DB in ERSPAN Mirror (sonic-net#1375) > [intfmgr] Fix OA crash issue due to link local configurations (sonic-net#1195) > Fix the issue when persistent DVS is used to run pytest which has number of front-panel ports < 32 (sonic-net#1373) > [dvs] Refactor AsicDbValidator (sonic-net#1402) > [fec] Get FEC mode when port is already admin down (sonic-net#1403) > [fec] added logic that put port down before applying fec onfiguration (sonic-net#1399) > [dvs] Add performance test for adding and deleting routes (sonic-net#1392) > Ignore IPv6 link-local and multicast entries as Vnet routes (sonic-net#1401) > [vlanmgr] Support Jumbo Frame By Default (sonic-net#1393) > Fix log/syslog not being correct when last test fails for given module (sonic-net#1395) > Get initial speed from ASIC DB (sonic-net#1390) > [dvs] Add options to limit CPU usage (sonic-net#1394) > [intfsorch] Retrieve Port object before setting NAT zone on router interfaces. (sonic-net#1372) > [.gitignore] Ignore gearsyncd binary (sonic-net#1381) > Added Max Nexthopgroup/ECMP Count supported by device into State DB. (sonic-net#1383) > [dvs] Upload logs even if failure occurs during startup (sonic-net#1389) > [rates] fix issue with rates init (sonic-net#1387) > [dvs] Validate that SWSS is ready to receive input before starting tests (sonic-net#1385) > [dvs] Convert sflow and speed tests to use dvslib (sonic-net#1382) > [dvs_acl] Refactor and document dvs_acl library (sonic-net#1378) > [dvs] Fix install instructions in README (sonic-net#1379) > [dvs] Update README with new flags, options, and known issues (sonic-net#1380) > swss: gearsyncd should return 0 on exit (sonic-net#1376) > Remove 00-copp.config.json from swss debian package. (sonic-net#1366) > fix undefined var in rates lua scripts (sonic-net#1365) > [fdborch] Fixed Orchagent crash in FDB flush on port disable. (sonic-net#1369) > [tlm_teamd]: Try to add LAG again, when teamd is not ready first time (sonic-net#1347) > [vs] Incorporate python3 best practices into DVSLib (sonic-net#1357) > [dvs] Mark unstable tests as xfail (sonic-net#1356) * [arista/aboot]: Zero out 1st MB before repartitioning (sonic-net#5220) The first partition starting point was changed to be 1M as part of this commit: 6ba2f97. On systems that are misaligned before conversion (partition start is the first sector), the relica partition that is left in the first MB can cause problems in Aboot and result in corruption of the filesystem on the new aligned partition. Zeroing this old relica makes sure that there is nothing left of the old partition lying around. There won't be any risk of having Aboot corrupt the new filesystem because of the old relica. Signed-off-by: Baptiste Covolato <baptiste@arista.com> * [sonic-py-common] Add unit test framework (sonic-net#5238) **- Why I did it** To install the framework for adding unit tests to the sonic-py-common package and report coverage. ** How I did it ** - Incorporate pytest and pytest-cov into sonic-py-common package build - Updgrade version of 'mock' installed to version 3.0.5, the last version which supports Python 2. This fixes a bug where the file object returned from `mock_open()` was not iterable (see https://bugs.python.org/issue32933) - Add support for Python 3 setuptools and pytest in sonic-slave-buster environment - Add tests for `device_info.get_machine_info()` and `device_info.get_platform()` functions - Also add a .gitignore in the root of the sonic-py-common directory, move all related ignores from main .gitignore file, and add ignores for files and dirs generated by pytest-cov * Add switch for synchronous mode (sonic-net#5237) Add a master switch so that the sync/async mode can be configured. Example usage of the switch: 1. Configure mode while building an image `make ENABLE_SYNCHRONOUS_MODE=y <target>` 2. Configure when the device is running Change CONFIG_DB with `sonic-cfggen -a '{"DEVICE_METADATA":{"localhost": {"synchronous_mode": "enable"}}}' --write-to-db` Restart swss with `systemctl restart swss` * [enable counters] Enable port buffer drops by default and update MLNX SAI submodule (sonic-net#5059) * Enable port buffer drops by default * [Mellanox] Update SAI_Implementation Signed-off-by: Mykola Faryma <mykolaf@mellanox.com> * Platform monitor changes in daemon_base for multi_asic (sonic-net#4932) Adding namespace support for db connect API. Co-authored-by: Petro Bratash <68950226+bratashX@users.noreply.github.com> Co-authored-by: Tamer Ahmed <tamer.ahmed@microsoft.com> Co-authored-by: SuvarnaMeenakshi <50386592+SuvarnaMeenakshi@users.noreply.github.com> Co-authored-by: Joe LeVeque <jleveque@users.noreply.github.com> Co-authored-by: Mahesh Maddikayala <10645050+smaheshm@users.noreply.github.com> Co-authored-by: judyjoseph <53951155+judyjoseph@users.noreply.github.com> Co-authored-by: abdosi <58047199+abdosi@users.noreply.github.com> Co-authored-by: Sangita Maity <sangitamaity0211@gmail.com> Co-authored-by: Kelly Chen <kelly_chen@edge-core.com> Co-authored-by: Samuel Angebault <staphylo@arista.com> Co-authored-by: nirenjan <nirenjan@users.noreply.github.com> Co-authored-by: Baptiste Covolato <b.covolato@gmail.com> Co-authored-by: shi-su <67605788+shi-su@users.noreply.github.com> Co-authored-by: Mykola F <37578614+mykolaf@users.noreply.github.com>
* [BFN] Add support pcied daemon for Montara and Newport (sonic-net#5199) Signed-off-by: Petro Bratash <petrox.bratash@intel.com> * [cfggen] Allow Write To Redis DB With Template/Batch Mode (sonic-net#5203) Argument to write to config-db is not allowed when using template. This PR allows cfggen to write to redis db when using template mode. signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com> * [submodule]: Advance sonic-snmpagent. (sonic-net#5213) Update sonic-snmpagent submodule to include below commits: 1a2b62a [Namespace]: Fix SAI_ID key used in cpfcIfTable and csqIfQosGroupStatsTable implementation (sonic-net#138) d06f00c [pytest/coverage]: add coverage support (sonic-net#156) 90e9f2e [Namespace]: Simplify sync_d functions to use higher order (sonic-net#154) b5815d9 [LLDP]: Modify OID index of LLDPRemTableUpdater MIB (sonic-net#155) d5f2b92 [Multiasic]: Provide namespace support for ipNetToMediaPhysAddress (sonic-net#129) 166c221 [Namespace]: Fix interface counters in RFC 1213 (sonic-net#145) Signed-off-by: SuvarnaMeenakshi <sumeenak@microsoft.com> * [cfggen] Conform With Python 3 Syntax (sonic-net#5154) Preparing sonic-cfggen for migration to Python 3. signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com> * [redis-dump-load] Update submodule (sonic-net#5215) * src/redis-dump-load 832a645...7585497 (2): > Merge pull request sonic-net#63 from jleveque/update_gitignore > Merge pull request sonic-net#59 from breser/redis-load-empty * [services] Fix Delay Start of SNMP And Telemetry (sonic-net#5211) SNMP and Telemetry services are not critical to switch startup. They also cause fast-reboot not to meet timing requirements. In order to delay start those service are associated with systemd timer units, however when hostcfgd initiate service start, it start the service and not the timer. This PR fixes this issue by starting the timer associated with systemd unit. signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com> * [sonic-py-common][multi ASIC] API to get a list of frontend ports (sonic-net#5221) * [sonic-py-common][multi ASIC] utility to get a list of frontend ports from a given list of ports * [sonic-config-engine] Update .gitignore (sonic-net#5223) - Ignore directories generated by building Python wheel package - Move all sonic-config-engine ignores from the root .gitignore to src/sonic-config-engine/.gitignore * Advance swss-common submodule. (sonic-net#5222) 9a7c9d Dbconnector namespace support (sonic-net#376) c32f0b5 add state db entry for fgnhg route entry (sonic-net#374) * [caclmgrd] Add support for multi-ASIC platforms (sonic-net#5022) * Support for Control Plane ACL's for Multi-asic Platforms. Following changes were done: 1) Moved from using blocking listen() on Config DB to the select() model via python-swsscommon since we have to wait on event from multiple config db's 2) Since python-swsscommon is not available on host added libswsscommon and python-swsscommon and dependent packages in the base image (host enviroment) 3) Made iptables programmed in all namespace using ip netns exec Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Address Review Comments Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Fix Review Comments * Fix Comments * Added Change for Multi-asic to have iptables rules to accept internal docker tcp/udp traffic needed for syslog and redis-tcp connection. Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Fix Review Comments * Added more comments on logic. * Fixed all warning/errors reported by http://pep8online.com/ other than line > 80 characters. * Fix Comment Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Verified with swsscommon package. Fix issue for single asic platforms. * Moved to new python package * Address Review Comments. Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * Address Review Comments. * Add support to VS platform for platform.json and DPB CLI Tests (sonic-net#5192) - Reverts commit 457674c - Creates "platform.json" for vs docker - Adds test case for port breakout CLI - Explicitly sets admin status of all the VS interfaces to down to be compatible with SWSS test cases, specifically vnet tests and sflow tests Signed-off-by: Sangita Maity <sangitamaity0211@gmail.com> * [iccpd] Fix uninitialized variable. (sonic-net#5112) To declare *tb[] but do not initialize it, it might be very risky. We get iccpd exception during processing arp/nd event. Initialize it to {0}; * Fix unwanted python exception in syslog during database container (sonic-net#5227) startup when doing redis PING since database_config.json getting generated from jinja2 template is still not ready. Signed-off-by: Abhishek Dosi <abdosi@microsoft.com> * [hostcfgd] Handle Both Service And Timer Units (sonic-net#5228) Commit e484ae9 introduced systemd .timer unit to hostcfgd. However, when stopping service that has timer, there is possibility that timer is not running and the service would not be stopped. This PR address this situation by handling both .timer and .service units. signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com> * [arista] Update driver submodules (sonic-net#5147) - fix watchdog timeout units - fix import path for thermal_manager - remove arista bind mounts for docker-snmp - improve arista bind mounts for pmon * [docker-radv] Fix startup issues (sonic-net#5230) **- Why I did it** PR sonic-net#4599 introduced two bugs in the startup of the router advertiser container: 1. References to the `wait_for_intf.sh` script were changed to `wait_for_link.sh`, but the actual script was not renamed 2. The `ipv6_found` Jinja2 variable added to the supervisor config file goes out of scope before it is read. **- How I did it** 1. Rename the `wait_for_intf.sh` script to `wait_for_link.sh` 2. Use the Jinja2 "namespace" construct to fix the scope issue **- How to verify it** Ensure all processes in the radv container start properly under the correct conditions (i.e., whether or not there is at least one VLAN with an IPv6 address assigned). * [sonic-utilities] Update submodule (sonic-net#5233) * src/sonic-utilities d5fdd74...17fb378 (7): > [sonic-installer] Import re module (sonic-net#1061) > [fast-reboot]: Fix fail to execute fast-reboot problem (sonic-net#1047) > [config] Reduce Calls to SONiC Cfggen (sonic-net#1052) > [filter-fdb] Call Filter FDB Main From Within Test Code (sonic-net#1051) > [sflow_test.py]: Fix show sflow display. (sonic-net#1054) > Change fast-reboot script to use swss and radv service script (sonic-net#1036) > Common functions for show CLI support on multi ASIC (sonic-net#999) * [sonic-host-service]: Add SONiC Host Services infrastructure (sonic-net#4840) - Why I did it When SONiC is configured with the management framework and/or telemetry services, the applications running inside those containers need to access some functionality on the host system. The following is a non-exhaustive list of such functionality: Image management Configuration save and load ZTP enable/disable and status Show tech support - How I did it The host service is a Python process that listens for requests via D-Bus. It will then service those requests and send a response back to the requestor. This PR only introduces the host service infrastructure. Applications that need access to the host services must add applets that will register on D-Bus endpoints to service the appropriate functionality. - How to verify it - Description for the changelog Add SONiC Host Service for container to execute select commands in host Signed-off-by: Nirenjan Krishnan <Nirenjan.Krishnan@dell.com> * Add common functions applicable to single/multi asic platforms (sonic-net#5224) * Add common functions applicable to single/multi asic platforms * Raise exception if invalid namespace is given as input. * [sonic-swss] Update submodule (sonic-net#5231) * src/sonic-swss d2bab10...c4949a2 (34): > [dvs] Add new common issues and TOC to DVS README (sonic-net#1405) > Avoid adding loopback interface (ip link add) when setting nat zone on loopback interface (sonic-net#1411) > [portsorch] add buffer drop FC group (sonic-net#1368) > [dvs/chassis] Bring up SONiC interfaces in virtual chassis (sonic-net#1410) > [chassis/dvs] Add support for virtual chassis to DVS testbed (sonic-net#1345) > [sonic-swsss] Fix the issue of field "next_hop_ip" not getting updated in state DB in ERSPAN Mirror (sonic-net#1375) > [intfmgr] Fix OA crash issue due to link local configurations (sonic-net#1195) > Fix the issue when persistent DVS is used to run pytest which has number of front-panel ports < 32 (sonic-net#1373) > [dvs] Refactor AsicDbValidator (sonic-net#1402) > [fec] Get FEC mode when port is already admin down (sonic-net#1403) > [fec] added logic that put port down before applying fec onfiguration (sonic-net#1399) > [dvs] Add performance test for adding and deleting routes (sonic-net#1392) > Ignore IPv6 link-local and multicast entries as Vnet routes (sonic-net#1401) > [vlanmgr] Support Jumbo Frame By Default (sonic-net#1393) > Fix log/syslog not being correct when last test fails for given module (sonic-net#1395) > Get initial speed from ASIC DB (sonic-net#1390) > [dvs] Add options to limit CPU usage (sonic-net#1394) > [intfsorch] Retrieve Port object before setting NAT zone on router interfaces. (sonic-net#1372) > [.gitignore] Ignore gearsyncd binary (sonic-net#1381) > Added Max Nexthopgroup/ECMP Count supported by device into State DB. (sonic-net#1383) > [dvs] Upload logs even if failure occurs during startup (sonic-net#1389) > [rates] fix issue with rates init (sonic-net#1387) > [dvs] Validate that SWSS is ready to receive input before starting tests (sonic-net#1385) > [dvs] Convert sflow and speed tests to use dvslib (sonic-net#1382) > [dvs_acl] Refactor and document dvs_acl library (sonic-net#1378) > [dvs] Fix install instructions in README (sonic-net#1379) > [dvs] Update README with new flags, options, and known issues (sonic-net#1380) > swss: gearsyncd should return 0 on exit (sonic-net#1376) > Remove 00-copp.config.json from swss debian package. (sonic-net#1366) > fix undefined var in rates lua scripts (sonic-net#1365) > [fdborch] Fixed Orchagent crash in FDB flush on port disable. (sonic-net#1369) > [tlm_teamd]: Try to add LAG again, when teamd is not ready first time (sonic-net#1347) > [vs] Incorporate python3 best practices into DVSLib (sonic-net#1357) > [dvs] Mark unstable tests as xfail (sonic-net#1356) * [arista/aboot]: Zero out 1st MB before repartitioning (sonic-net#5220) The first partition starting point was changed to be 1M as part of this commit: 6ba2f97. On systems that are misaligned before conversion (partition start is the first sector), the relica partition that is left in the first MB can cause problems in Aboot and result in corruption of the filesystem on the new aligned partition. Zeroing this old relica makes sure that there is nothing left of the old partition lying around. There won't be any risk of having Aboot corrupt the new filesystem because of the old relica. Signed-off-by: Baptiste Covolato <baptiste@arista.com> * [sonic-py-common] Add unit test framework (sonic-net#5238) **- Why I did it** To install the framework for adding unit tests to the sonic-py-common package and report coverage. ** How I did it ** - Incorporate pytest and pytest-cov into sonic-py-common package build - Updgrade version of 'mock' installed to version 3.0.5, the last version which supports Python 2. This fixes a bug where the file object returned from `mock_open()` was not iterable (see https://bugs.python.org/issue32933) - Add support for Python 3 setuptools and pytest in sonic-slave-buster environment - Add tests for `device_info.get_machine_info()` and `device_info.get_platform()` functions - Also add a .gitignore in the root of the sonic-py-common directory, move all related ignores from main .gitignore file, and add ignores for files and dirs generated by pytest-cov * Add switch for synchronous mode (sonic-net#5237) Add a master switch so that the sync/async mode can be configured. Example usage of the switch: 1. Configure mode while building an image `make ENABLE_SYNCHRONOUS_MODE=y <target>` 2. Configure when the device is running Change CONFIG_DB with `sonic-cfggen -a '{"DEVICE_METADATA":{"localhost": {"synchronous_mode": "enable"}}}' --write-to-db` Restart swss with `systemctl restart swss` * [enable counters] Enable port buffer drops by default and update MLNX SAI submodule (sonic-net#5059) * Enable port buffer drops by default * [Mellanox] Update SAI_Implementation Signed-off-by: Mykola Faryma <mykolaf@mellanox.com> * Platform monitor changes in daemon_base for multi_asic (sonic-net#4932) Adding namespace support for db connect API. * [py-swsssdk] Submodule Update (sonic-net#5249) Change: c25d492 Merge pull request sonic-net#83 from tahmed-dev/taahme/add-redis-pipeline-operation 198d143 review comments - part of [configdb] Add Ability to Query/Update Redis Using Pipelines 994851c review comments - part of [configdb] Add Ability to Query/Update Redis Using Pipelines 2d2b7e1 making lgtm happy - part of [configdb] Add Ability to Query/Update Redis Using Pipelines fa9093c [configdb] Add Ability to Query/Update Redis Using Pipelines signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com> * [cfggen] Use Redis Pipeline (sonic-net#5250) This PR enables cfggen to readr/write from Redis DB using pipelines. Pipelines enables batch read/write from/to Redis DB. signed-off-by: Tamer Ahmed <tamer.ahmed@microsoft.com> Co-authored-by: Petro Bratash <68950226+bratashX@users.noreply.github.com> Co-authored-by: Tamer Ahmed <tamer.ahmed@microsoft.com> Co-authored-by: SuvarnaMeenakshi <50386592+SuvarnaMeenakshi@users.noreply.github.com> Co-authored-by: Joe LeVeque <jleveque@users.noreply.github.com> Co-authored-by: Mahesh Maddikayala <10645050+smaheshm@users.noreply.github.com> Co-authored-by: judyjoseph <53951155+judyjoseph@users.noreply.github.com> Co-authored-by: abdosi <58047199+abdosi@users.noreply.github.com> Co-authored-by: Sangita Maity <sangitamaity0211@gmail.com> Co-authored-by: Kelly Chen <kelly_chen@edge-core.com> Co-authored-by: Samuel Angebault <staphylo@arista.com> Co-authored-by: nirenjan <nirenjan@users.noreply.github.com> Co-authored-by: Baptiste Covolato <b.covolato@gmail.com> Co-authored-by: shi-su <67605788+shi-su@users.noreply.github.com> Co-authored-by: Mykola F <37578614+mykolaf@users.noreply.github.com>
* c2fb282 2021-01-29 | [ecnconfig] Allow ecn unit test to run without sudo (sonic-net#1390) [Neetha John] * 6cc635b 2021-01-29 | [sonic-installer] Add information to syslog (sonic-net#1369) [Dmytro] * 7a8024a 2021-01-27 | Prevent user from adding more then a single untagged VLAN to an interface (sonic-net#1382) [Eran Dahan] * 41e62c6 2021-01-26 | [pcieutil] Add 'pcie-aer' sub-command to display AER stats (sonic-net#1169) [Arun Saravanan Balachandran] * 47f412b 2021-01-26 | Improve robustness of consutil plugin loading (sonic-net#1353) [Samuel Angebault] * 64aa1b8 2021-01-25 | [show] Fix warnings, related to gearbox, while show commands execution (sonic-net#1343) [maksymbelei95] * ff226d0 2021-01-25 | Prevent configuring IP interface on a port which is a member of VLAN (sonic-net#1374) [Eran Dahan] * f1522b9 2021-01-21 | [config_mgmt.py]: Set leaf-list to empty list while port breakout. (sonic-net#1268) [Praveen Chaudhary] * 99c05d5 2021-01-21 | add vlan_intf_object only if there are ipv4 or ipv6 mappings (sonic-net#1377) [Sumukha Tumkur Vani] * b082684 2021-01-21 | [ecn] Add tests for ecnconfig command (sonic-net#1372) [Neetha John] * 23e0920 2021-01-21 | [sfpshow] Enhance QSFP-DD DOM information (sonic-net#1207) [shlomibitton] * f4edba1 2021-01-20 | [ecnconfig] handle backend port names when extracting port I/F ID from the port name (sonic-net#1361) [Mahesh Maddikayala] Signed-off-by: Danny Allen <daall@microsoft.com>
* c2fb282 2021-01-29 | [ecnconfig] Allow ecn unit test to run without sudo (#1390) [Neetha John] * 6cc635b 2021-01-29 | [sonic-installer] Add information to syslog (#1369) [Dmytro] * 7a8024a 2021-01-27 | Prevent user from adding more then a single untagged VLAN to an interface (#1382) [Eran Dahan] * 41e62c6 2021-01-26 | [pcieutil] Add 'pcie-aer' sub-command to display AER stats (#1169) [Arun Saravanan Balachandran] * 47f412b 2021-01-26 | Improve robustness of consutil plugin loading (#1353) [Samuel Angebault] * 64aa1b8 2021-01-25 | [show] Fix warnings, related to gearbox, while show commands execution (#1343) [maksymbelei95] * ff226d0 2021-01-25 | Prevent configuring IP interface on a port which is a member of VLAN (#1374) [Eran Dahan] * f1522b9 2021-01-21 | [config_mgmt.py]: Set leaf-list to empty list while port breakout. (#1268) [Praveen Chaudhary] * 99c05d5 2021-01-21 | add vlan_intf_object only if there are ipv4 or ipv6 mappings (#1377) [Sumukha Tumkur Vani] * b082684 2021-01-21 | [ecn] Add tests for ecnconfig command (#1372) [Neetha John] * 23e0920 2021-01-21 | [sfpshow] Enhance QSFP-DD DOM information (#1207) [shlomibitton] * f4edba1 2021-01-20 | [ecnconfig] handle backend port names when extracting port I/F ID from the port name (#1361) [Mahesh Maddikayala] Signed-off-by: Danny Allen <daall@microsoft.com>
* 28d358f 2021-02-01 | [show] Run fwutil with sudo (sonic-net#1364) (HEAD) [Volodymyr Boiko] * a50b7a2 2021-01-29 | [ecnconfig] Allow ecn unit test to run without sudo (sonic-net#1390) [Neetha John] * 8a1109e 2021-01-29 | [sonic-installer] Add information to syslog (sonic-net#1369) [Dmytro] * c7c01e4 2021-01-27 | [show] fix "show interfaces breakout" command (sonic-net#1198) [Dmytro Shevchuk] * 7a8024a 2021-01-27 | Prevent user from adding more then a single untagged VLAN to an interface (sonic-net#1382) [Eran Dahan] * 41e62c6 2021-01-26 | [pcieutil] Add 'pcie-aer' sub-command to display AER stats (sonic-net#1169) [Arun Saravanan Balachandran] * 47f412b 2021-01-25 | Improve robustness of consutil plugin loading (sonic-net#1353) [Samuel Angebault] * 64aa1b8 2021-01-26 | [show] Fix warnings, related to gearbox, while show commands execution (sonic-net#1343) [maksymbelei95] * ff226d0 2021-01-25 | Prevent configuring IP interface on a port which is a member of VLAN (sonic-net#1374) [Eran Dahan] * f1522b9 2021-01-21 | [config_mgmt.py]: Set leaf-list to empty list while port breakout. (sonic-net#1268) [Praveen Chaudhary] lgh@p330:~/sonic/sonic-buildimage/src/sonic-utilities$ git hist -n 20 * 28d358f 2021-02-01 | [show] Run fwutil with sudo (sonic-net#1364) (HEAD) [Volodymyr Boiko] * a50b7a2 2021-01-29 | [ecnconfig] Allow ecn unit test to run without sudo (sonic-net#1390) [Neetha John] * 8a1109e 2021-01-29 | [sonic-installer] Add information to syslog (sonic-net#1369) [Dmytro] * c7c01e4 2021-01-27 | [show] fix "show interfaces breakout" command (sonic-net#1198) [Dmytro Shevchuk] * 7a8024a 2021-01-27 | Prevent user from adding more then a single untagged VLAN to an interface (sonic-net#1382) [Eran Dahan] * 41e62c6 2021-01-26 | [pcieutil] Add 'pcie-aer' sub-command to display AER stats (sonic-net#1169) [Arun Saravanan Balachandran] * 47f412b 2021-01-25 | Improve robustness of consutil plugin loading (sonic-net#1353) [Samuel Angebault] * 64aa1b8 2021-01-26 | [show] Fix warnings, related to gearbox, while show commands execution (sonic-net#1343) [maksymbelei95] * ff226d0 2021-01-25 | Prevent configuring IP interface on a port which is a member of VLAN (sonic-net#1374) [Eran Dahan] * f1522b9 2021-01-21 | [config_mgmt.py]: Set leaf-list to empty list while port breakout. (sonic-net#1268) [Praveen Chaudhary] * 99c05d5 2021-01-21 | add vlan_intf_object only if there are ipv4 or ipv6 mappings (sonic-net#1377) [Sumukha Tumkur Vani] * b082684 2021-01-21 | [ecn] Add tests for ecnconfig command (sonic-net#1372) [Neetha John] * 23e0920 2021-01-21 | [sfpshow] Enhance QSFP-DD DOM information (sonic-net#1207) [shlomibitton] * f4edba1 2021-01-20 | [ecnconfig] handle backend port names when extracting port I/F ID from the port name (sonic-net#1361) [Mahesh Maddikayala] Signed-off-by: Guohan Lu <lguohan@gmail.com>
* 28d358f 2021-02-01 | [show] Run fwutil with sudo (#1364) (HEAD) [Volodymyr Boiko] * a50b7a2 2021-01-29 | [ecnconfig] Allow ecn unit test to run without sudo (#1390) [Neetha John] * 8a1109e 2021-01-29 | [sonic-installer] Add information to syslog (#1369) [Dmytro] * c7c01e4 2021-01-27 | [show] fix "show interfaces breakout" command (#1198) [Dmytro Shevchuk] * 7a8024a 2021-01-27 | Prevent user from adding more then a single untagged VLAN to an interface (#1382) [Eran Dahan] * 41e62c6 2021-01-26 | [pcieutil] Add 'pcie-aer' sub-command to display AER stats (#1169) [Arun Saravanan Balachandran] * 47f412b 2021-01-25 | Improve robustness of consutil plugin loading (#1353) [Samuel Angebault] * 64aa1b8 2021-01-26 | [show] Fix warnings, related to gearbox, while show commands execution (#1343) [maksymbelei95] * ff226d0 2021-01-25 | Prevent configuring IP interface on a port which is a member of VLAN (#1374) [Eran Dahan] * f1522b9 2021-01-21 | [config_mgmt.py]: Set leaf-list to empty list while port breakout. (#1268) [Praveen Chaudhary] * 99c05d5 2021-01-21 | add vlan_intf_object only if there are ipv4 or ipv6 mappings (#1377) [Sumukha Tumkur Vani] * b082684 2021-01-21 | [ecn] Add tests for ecnconfig command (#1372) [Neetha John] * 23e0920 2021-01-21 | [sfpshow] Enhance QSFP-DD DOM information (#1207) [shlomibitton] * f4edba1 2021-01-20 | [ecnconfig] handle backend port names when extracting port I/F ID from the port name (#1361) [Mahesh Maddikayala] Signed-off-by: Guohan Lu <lguohan@gmail.com>
* src/sonic-swss d2bab10...c4949a2 (34): > [dvs] Add new common issues and TOC to DVS README (sonic-net#1405) > Avoid adding loopback interface (ip link add) when setting nat zone on loopback interface (sonic-net#1411) > [portsorch] add buffer drop FC group (sonic-net#1368) > [dvs/chassis] Bring up SONiC interfaces in virtual chassis (sonic-net#1410) > [chassis/dvs] Add support for virtual chassis to DVS testbed (sonic-net#1345) > [sonic-swsss] Fix the issue of field "next_hop_ip" not getting updated in state DB in ERSPAN Mirror (sonic-net#1375) > [intfmgr] Fix OA crash issue due to link local configurations (sonic-net#1195) > Fix the issue when persistent DVS is used to run pytest which has number of front-panel ports < 32 (sonic-net#1373) > [dvs] Refactor AsicDbValidator (sonic-net#1402) > [fec] Get FEC mode when port is already admin down (sonic-net#1403) > [fec] added logic that put port down before applying fec onfiguration (sonic-net#1399) > [dvs] Add performance test for adding and deleting routes (sonic-net#1392) > Ignore IPv6 link-local and multicast entries as Vnet routes (sonic-net#1401) > [vlanmgr] Support Jumbo Frame By Default (sonic-net#1393) > Fix log/syslog not being correct when last test fails for given module (sonic-net#1395) > Get initial speed from ASIC DB (sonic-net#1390) > [dvs] Add options to limit CPU usage (sonic-net#1394) > [intfsorch] Retrieve Port object before setting NAT zone on router interfaces. (sonic-net#1372) > [.gitignore] Ignore gearsyncd binary (sonic-net#1381) > Added Max Nexthopgroup/ECMP Count supported by device into State DB. (sonic-net#1383) > [dvs] Upload logs even if failure occurs during startup (sonic-net#1389) > [rates] fix issue with rates init (sonic-net#1387) > [dvs] Validate that SWSS is ready to receive input before starting tests (sonic-net#1385) > [dvs] Convert sflow and speed tests to use dvslib (sonic-net#1382) > [dvs_acl] Refactor and document dvs_acl library (sonic-net#1378) > [dvs] Fix install instructions in README (sonic-net#1379) > [dvs] Update README with new flags, options, and known issues (sonic-net#1380) > swss: gearsyncd should return 0 on exit (sonic-net#1376) > Remove 00-copp.config.json from swss debian package. (sonic-net#1366) > fix undefined var in rates lua scripts (sonic-net#1365) > [fdborch] Fixed Orchagent crash in FDB flush on port disable. (sonic-net#1369) > [tlm_teamd]: Try to add LAG again, when teamd is not ready first time (sonic-net#1347) > [vs] Incorporate python3 best practices into DVSLib (sonic-net#1357) > [dvs] Mark unstable tests as xfail (sonic-net#1356)
Allow ecn unit tests to run without root privileges **- How I did it** Included the UTILITIES_UNIT_TESTING' env variable also as one of the conditions to determine if the command needs root privileges for execution **- How to verify it** Ran utilities test using the command "python3 setup.py test" and ecn_test.py passed. Prior to the fix, most of the testcases were failing with the error 'Root privileged required for this operation'
Signed-off-by: Sangita Maity <sangitamaity0211@gmail.com> Co-authored-by: Vasant Patil <36455926+vasant17@users.noreply.github.com>
…tically (#19272) #### Why I did it src/sonic-sairedis ``` * a988dd1b - (HEAD -> master, origin/master, origin/HEAD) Sairedis support SAI api/object type extenstion range (#1390) (32 hours ago) [Kamil Cudnik] * fd8f890f - [saisubmodule] Update SAI submodule to latest master (#1395) (32 hours ago) [Kamil Cudnik] * 9574a3c6 - [proxy] Support notifications (#1393) (2 days ago) [Kamil Cudnik] * 4f0fcafe - [proxy] Support load profile map from file (#1389) (5 days ago) [Kamil Cudnik] ``` #### How I did it #### How to verify it #### Description for the changelog
…tically (sonic-net#19272) #### Why I did it src/sonic-sairedis ``` * a988dd1b - (HEAD -> master, origin/master, origin/HEAD) Sairedis support SAI api/object type extenstion range (sonic-net#1390) (32 hours ago) [Kamil Cudnik] * fd8f890f - [saisubmodule] Update SAI submodule to latest master (sonic-net#1395) (32 hours ago) [Kamil Cudnik] * 9574a3c6 - [proxy] Support notifications (sonic-net#1393) (2 days ago) [Kamil Cudnik] * 4f0fcafe - [proxy] Support load profile map from file (sonic-net#1389) (5 days ago) [Kamil Cudnik] ``` #### How I did it #### How to verify it #### Description for the changelog
Update supervisord to version 3.3.3 to address security vulnerability CVE-2017-11610 and fixing supervisord.conf to address the following critical warnings:
2018-01-19 06:59:08,289 CRIT Supervisor running as root (no user in config file)
2018-01-19 06:59:08,317 CRIT Server 'unix_http_server' running without any HTTP authentication checking
To test this I pulled a workspace, applied the changes, built the image, verified that version 3.3.3 of supervisord was pulled in and that it includes the fix for the security vulnerability, loaded the image and verified with the config changes that CRIT syslogs are now gone.