Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate interface name length #25

Closed
wants to merge 55 commits into from

Conversation

arfeigin
Copy link
Owner

@arfeigin arfeigin commented Apr 3, 2024

What I did

Validate interface name length does not exceed the limitation of IFNAMSIZ to align to kernel restrictions.

How I did it

Add validation checks in the relevant config functions for the following interface types:

  • vxlan
  • vlan
  • vrf
  • loopback
  • subinterface
  • portchannel

How to verify it

UT tests added

Previous command output (if the output of a command-line utility has changed)

New command output (if the output of a command-line utility has changed)

config/main.py Outdated Show resolved Hide resolved
config/main.py Outdated Show resolved Hide resolved
config/main.py Outdated Show resolved Hide resolved
utilities_common/helper.py Show resolved Hide resolved
tests/subintf_test.py Show resolved Hide resolved
tests/subintf_test.py Show resolved Hide resolved
config/vxlan.py Show resolved Hide resolved
config/main.py Outdated Show resolved Hide resolved
config/main.py Show resolved Hide resolved
utilities_common/helper.py Show resolved Hide resolved
@@ -35,19 +37,28 @@ def get_port_acl_binding(db_wrap, port, ns):
return acl_tables


def validate_interface_name_length(iface_name):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arfeigin why do we need this part? Isn't it was moved to swss common lib?

arfeigin and others added 22 commits June 16, 2024 16:04
What I did
Semgrep's default ruleset (p/default) somehow lost some important rules
How I did it
Keep use p/default and add another rule
How to verify it
Added test code to this PR and Semgrep CI failed
Failed result: https://github.com/sonic-net/sonic-utilities/actions/runs/8559846841/job/23457508614?pr=3259
Signed-off-by: Mai Bui <[email protected]>
### What I did
Fixing mellanox related warnings in sonic-net/sonic-buildimage#18401
Fix syntax warnings when config platform mlnx command is executed
```
dmin@sonic:~$ sudo config /usr/local/lib/python3.11/dist-packages/config/aaa.py:120: SyntaxWarning: "is" with a literal. Did you mean "=="?
  if len(auth_protocol) is 0:
/usr/local/lib/python3.11/dist-packages/config/plugins/mlnx.py:219: SyntaxWarning: "is not" with a literal. Did you mean "!="?
  if err is not 0:
/usr/local/lib/python3.11/dist-packages/config/plugins/mlnx.py:232: SyntaxWarning: "is not" with a literal. Did you mean "!="?
  if err is not 0:
/usr/local/lib/python3.11/dist-packages/config/aaa.py:120: SyntaxWarning: "is" with a literal. Did you mean "=="?
  if len(auth_protocol) is 0:
/usr/local/lib/python3.11/dist-packages/config/plugins/mlnx.py:219: SyntaxWarning: "is not" with a literal. Did you mean "!="?
  if err is not 0:
/usr/local/lib/python3.11/dist-packages/config/plugins/mlnx.py:232: SyntaxWarning: "is not" with a literal. Did you mean "!="?
  if err is not 0:
```
#### How I did it

Replaced is not with !=

#### How to verify it
Run the command as well as added UT
Added get component versions to techsupport
get_component_versions.py is a script that output a table that gathers the versions of all the Nvidia-related components in SONiC.
* Add multi ASIC support for syslog rate limit feature

* Update command ref
sonic-net#3272)

- What I did
Add support for a new platform x86_64-nvidia_sn5400-r0

- How to verify it
Manual and unit test
In the previous commit with hash a3cf5c that aimed to address the issue
where sfputil incorrectly interpreted page numbers as decimal instead of
hexadecimal, there was an inadvertent double conversion from hexadecimal
to decimal. For instance, inputting 11 resulted in conversion to 17 and
then further to 23. To rectify this, the second conversion would be
removed.

A related ut has also been added.

Signed-off-by: Yuanzhe, Liu <[email protected]>
…enabled"" (sonic-net#3270)

* Revert "Revert "route_check: Skip route checks if bgp feature is not enabled"…"

This reverts commit 01ee98e.
…sonic-net#3240)

* [fast/warm-reboot] Retain TRANSCEIVER_INFO/STATUS tables on reboot

Signed-off-by: Stepan Blyschak <[email protected]>

* Remove TRANSCEIVER_STATUS

---------

Signed-off-by: Stepan Blyschak <[email protected]>
What I did
Add a force option for config fabric port unisolate command.

Add a show command to display if a up link is get isolated or not . Example output is :

# show fabric isolation
asic0
  Local Link    Auto Isolated    Manual Isolated    Isolated
------------  ---------------  -----------------  ----------
           0                0                  0           0
           1                0                  0           0
           2                0                  0           0
....
Add test for the new commands.
The test is failed now as it needs this sonic-net/sonic-swss#3089 merged in first.
* Add Multi ASIC support for apply-patch

* Add more test cases.

* Ignore mock diff exception

* Address comments.

* Fix errors

* Add empty case handle

* Refactor extract scope

* Fix UT

* Fix extract for single asic

* Adding localhost into log if scope is empty

* Fix format in log

* Fix log

* Fix log

* Fix variable
…on on Linecard (sonic-net#3257)

Fix db_migrate.py show error and back trace while loading configuration on Linecard

#### Why I did it
    Fix [issue @](sonic-net/sonic-buildimage#18389)

#### How I did it
    Revert code change by sonic-net#3100
    Check DB config initialize state and ignore when initialized.

#### How to verify it
    Pass all UT.
    Manually test.

##### Work item tracking
- Microsoft ADO **(number only)**: 27384235

#### Which release branch to backport (provide reason below if selected)
    N/A

#### Description for the changelog
    Fix db_migrate.py show error and back trace while loading configuration on Linecard

#### A picture of a cute animal (not mandatory but encouraged)
What I did
Added fabric capacity monitoring related commands and the tests.

To config the warning threshold

~# config fabric
Usage: config fabric [OPTIONS] COMMAND [ARGS]...

  FABRIC-related configuration tasks

Options:
  -h, -?, --help  Show this message and exit.

Commands:
  monitor  FABRIC MONITOR configuration tasks
  port     FABRIC PORT configuration tasks
~# config fabric monitor
Usage: config fabric monitor [OPTIONS] COMMAND [ARGS]...

  FABRIC MONITOR configuration tasks

Options:
  -h, -?, --help  Show this message and exit.

Commands:
  capacity  FABRIC MONITOR CAPACITY configuration tasks
~# config fabric monitor capacity 
Usage: config fabric monitor capacity [OPTIONS] COMMAND [ARGS]...

  FABRIC MONITOR CAPACITY configuration tasks

Options:
  -?, -h, --help  Show this message and exit.

Commands:
  threshold  FABRIC CAPACITY MONITOR THRESHOLD configuration tasks
~# config fabric monitor capacity threshold 90
~#
To show the capacity :

~# show fabric 
Usage: show fabric [OPTIONS] COMMAND [ARGS]...

  Show fabric information

Options:
  -h, -?, --help  Show this message and exit.

Commands:
  counters      Show fabric port counters
  isolation     Show fabric isolation status
  monitor       Show fabric monitor
  reachability  Show fabric reachability
~# show fabric  monitor 
Usage: show fabric monitor [OPTIONS] COMMAND [ARGS]...

  Show fabric monitor

Options:
  -?, -h, --help  Show this message and exit.

Commands:
  capacity  Show fabric capacity
~# show fabric  monitor capacity
Monitored fabric capacity threshold:  90%

  ASIC    Operating     Total #        %    Last Event    Last Time
              Links    of Links
------  -----------  ----------  -------  ------------  -----------
 asic0           32         144  22.2222         Lower  0:19:17 ago
 asic1           28         144  19.4444         Lower  0:19:17 ago
 asic2           32         144  22.2222         Lower  0:19:17 ago
 asic3           28         144  19.4444         Lower  0:19:17 ago
 asic4           32         144  22.2222         Lower  0:19:17 ago
 asic5           28         144  19.4444         Lower  0:19:17 ago
 asic6           32         144  22.2222         Lower  0:19:19 ago
 asic7           28         144  19.4444         Lower  0:19:16 ago
 asic8           32         144  22.2222         Lower  0:19:16 ago
 asic9           28         144  19.4444         Lower  0:19:20 ago
asic10           31         144  21.5278         Lower  0:19:16 ago
asic11           28         144  19.4444         Lower  0:19:17 ago
~#
~# config fabric monitor capacity threshold 10
~# show fabric  monitor capacity
Monitored fabric capacity threshold:  10%

  ASIC    Operating     Total #        %    Last Event    Last Time
              Links    of Links
------  -----------  ----------  -------  ------------  -----------
 asic0           32         144  22.2222        Higher  0:00:03 ago
 asic1           28         144  19.4444        Higher  0:00:03 ago
 asic2           32         144  22.2222        Higher  0:00:03 ago
 asic3           28         144  19.4444        Higher  0:00:03 ago
 asic4           32         144  22.2222        Higher  0:00:03 ago
 asic5           28         144  19.4444        Higher  0:00:03 ago
 asic6           32         144  22.2222        Higher  0:00:05 ago
 asic7           28         144  19.4444        Higher  0:00:02 ago
 asic8           32         144  22.2222        Higher  0:00:02 ago
 asic9           28         144  19.4444        Higher  0:00:06 ago
asic10           31         144  21.5278        Higher  0:00:02 ago
asic11
Migrate AAA table in db_migrator

#### Why I did it
    per-command AAA need enable in warm-upgrade case

#### How I did it
    Add db_migrator code to migrate AAA table

#### How to verify it
    Pass all test case.
    Add new test case.

#### Which release branch to backport (provide reason below if selected)
    N/A

#### Description for the changelog
    Migrate AAA table in db_migrator

#### A picture of a cute animal (not mandatory but encouraged)
…-net#3236)

### What I did

Update sonic-utilities to support new SKU Mellanox-SN5600-O128

1. Add the SKU to the generic configuration updater
2. Simplify the logic of the buffer migrator to support the new SKU

### How to verify it

Manual and unit tests
### What I did
add precommit and flake8 to prevent syntax warning in python, e.g. sonic-net/sonic-buildimage#18401
#### How I did it
- initially, this check will be optional to verify its functionality, allowing developers to proceed even if it fails.
- if it performs as expected, this check will become mandatory in the future.
- use flake8 v4.0.1 in order to use diff only for PRs (flake8 with diff only is deprecated in v6.0.0 PyCQA/flake8#1749
#### How to verify it
https://dev.azure.com/mssonic/build/_build/results?buildId=530004&view=logs&jobId=0cb31af1-9c12-5e3c-148e-856fdcff3a02
sonic-net#3281)

* Ignore any error returned from `ip neigh flush`

In the test_po_update test case, one of the things done there is to
remove an IP address from a port channel interface. As part of that, the
current handling for that issues a `ip neigh flush dev ...` command,
added in sonic-net#606, presumably to remove old
neighbor entries that would no longer be valid. I would think that
the kernel would automatically do this, but maybe it didn't back then;
I'm not sure if there's been a behavior change here since then.

In some cases, this command is returning an error, saying "Failed to
send flush request: No such file or directory". I'm not sure why this
is; maybe when iproute2 is going through the list of neighbors, some
neighbor entry was there, but then by the time it issued the deletion
request, that neighbor entry was removed by the kernel since the IP
address was removed. Either way, I don't believe a failure here is
critical.

Therefore, ignore any failures from running this command.

Signed-off-by: Saikrishna Arcot <[email protected]>

* Move the IP neighbor flush to be before the IP address removal

This should make sure that the IP neighbor flush should always work.
This also requires the tests to be updated, to mock out the flush
command call since that interface won't exist.

Signed-off-by: Saikrishna Arcot <[email protected]>

---------

Signed-off-by: Saikrishna Arcot <[email protected]>
- What I did
Change the target path for SDK Sniffer from "/var/log/mellanox/sniffer/" To: "/var/log/sdk_dbg"

- How I did it
Change the default for SDK_SNIFFER_TARGET_PATH

- How to verify it
Run SDK sniffer and make sure the sniffer output file kept in the new location
This PR is Fixture for sonic-net#3108 The PR was reverted due to backward compatibility issues. As per new suggestions, removed db migrator changes from this new change along with vlan.py & switchport.py changes

To Fix issues as per suggestions removed default mode from YANG model and removed minigraph changes:

       1. Removed Db migrator changes from code.
       2. Modified Vlan.py & Switchport.py changes

New commands have been added in Command-Reference.md  All the syntax and examples have been added there and they can be verified by running the specific command
#### What I did

Support ASIC/SDK health event
1. config asic-sdk-health-event suppress
2. show asic-sdk-health-event [received|suppress]
3. sonic-clear asic-sdk-health-event

Depends on sonic-net/sonic-buildimage#17879

#### How to verify it

Unit test
sg893052 and others added 28 commits June 16, 2024 17:36
…#2815)

ThirdPartyContainerManagement(TPCM) support in SonicPackageManager allows third party dockers to be installed on the sonic system. The Manifest file is generated from a custom local default file. The Manifest file could be updated through "sonic-package-manager manifests update" command and later the running package could be updated with the new manifest file through "sonic-package-manager update"

#### What I did
There are many Third Party application dockers, that can be used in SONiC to provision, manage and monitor SONiC devices. The dockers need not be compatible with SONiC, but can almost work independently with minimal SONiC interfaces. These are extensions to SONiC and require additional capabilities to seamlessly integrate with SONiC. These are related to installation, upgrade, and configuration. This change is an enhancement to the SONiC Application Extension Infrastructure to enable integrating a Third Party Application in the form of dockers with SONiC. 
Moreover, the process of downloading image tarballs for the dockers (packages) supports SCP, SFTP, and URL before installing them.

#### How I did it
The Sonic-package-manager framework has been enhanced to support ThirdPartyContainerManagement (TPCM). In case no manifest is found in the image labels, the framework treats it as a TPCM package and creates a default manifest for it. During installation, a new manifest file is created with a specified name using the --name option. Users can use the "sonic-package-manager manifests create/update/delete" commands to modify or delete the manifest file. The location for custom local package manifest files is set to "/var/lib/sonic-package-manager/manifests/". Finally, the "sonic-package-manager update" command can be used to apply the updated manifest file to the running TPCM docker.


#### How to verify it

sonic-package-manager install --from-repository <package without manifest, say httpd> --name mytpcm 

sonic-package manager install --from-tarball <local tar/scp tar/sftp tar/http tar> --name <> 												--use-local-manifest
											

Manifests Commands(tpcm):
sonic-package-manager manifests create <> --from-json <>
sonic-package-manager manifests update <>  --from-json <>	
sonic-package-manager manifests list
sonic-package-manager manifests show <>
sonic-package-manager manifests delete <>


sonic-package manager update <package>
- What I did
Add LDAP CLI

- How I did it
created the CLI by using YANG model generator, the YANG model can be found in the LDAP HLD:
sonic-net/SONiC#1487

- How to verify it
Manually:
you can use configurations command like"config ldap global " or
"show ldap global" (more examples in the HLD.)
Auto:
1.There are unitest of each policy including good & bad flow in this commit, that should pass.
…l reboot (sonic-net#3292)

* [chassis][midplane] Add notification to Supervisor when LC is graceful reboot

* Address review comment by adding log message when failed to create wentry in CHASSIS_STATE_DB

Signed-off-by: mlok <[email protected]>
#### What I did

Added a new CLI command to add secondary subnet value. 

#### How I did it

In the config class, added a snippet of code where the code to validate the secondary field and set the appropriate flag.

#### How to verify it

Added a test to validate the added flag
What I did
Modify show run all to display rest config when bgp is down

How I did it
Add param in bgp_util's run_bgp_show_command to not exit when bgp down

How to verify it
unit test
#### What I did

Before apply the json patch, we will precheck and simulate-patch the payload in entire box level.

#### How I did it

1. Add Duplication check
2. JSON patch structure validating
3. Simulating patch to full configuration
4. Verifying simulating result match YANG validation.

#### How to verify it

1. Single ASIC

```
admin@str2-msn2700-spy-2:~/gcu$ cat empty.json 
[]
admin@str2-msn2700-spy-2:~/gcu$ sudo config apply-patch empty.json 
Patch Applier: localhost: Patch application starting.
Patch Applier: localhost: Patch: []
Patch Applier: localhost getting current config db.
Patch Applier: localhost: simulating the target full config after applying the patch.
Patch Applier: localhost: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: localhost: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: localhost: sorting patch updates.
Patch Applier: The localhost patch was converted into 0 changes.
Patch Applier: localhost: applying 0 changes in order.
Patch Applier: localhost: verifying patch updates are reflected on ConfigDB.
Patch Applier: localhost patch application completed.
Patch applied successfully.
```

2. Multi ASIC

```
stli@str2-7250-2-lc01:~/gcu$ cat empty.json 
[]
stli@str2-7250-2-lc01:~/gcu$ sudo config apply-patch empty.json 
sonic_yang(6):Note: Below table(s) have no YANG models: DHCP_SERVER, KUBERNETES_MASTER
sonic_yang(6):Note: Below table(s) have no YANG models: KUBERNETES_MASTER
sonic_yang(6):Note: Below table(s) have no YANG models: KUBERNETES_MASTER
Patch Applier: localhost: Patch application starting.
Patch Applier: localhost: Patch: []
Patch Applier: localhost getting current config db.
Patch Applier: localhost: simulating the target full config after applying the patch.
Patch Applier: localhost: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: localhost: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: localhost: sorting patch updates.
Patch Applier: The localhost patch was converted into 0 changes.
Patch Applier: localhost: applying 0 changes in order.
Patch Applier: localhost: verifying patch updates are reflected on ConfigDB.
Patch Applier: localhost patch application completed.
Patch Applier: asic0: Patch application starting.
Patch Applier: asic0: Patch: []
Patch Applier: asic0 getting current config db.
Patch Applier: asic0: simulating the target full config after applying the patch.
Patch Applier: asic0: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: asic0: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: asic0: sorting patch updates.
Patch Applier: The asic0 patch was converted into 0 changes.
Patch Applier: asic0: applying 0 changes in order.
Patch Applier: asic0: verifying patch updates are reflected on ConfigDB.
Patch Applier: asic0 patch application completed.
Patch Applier: asic1: Patch application starting.
Patch Applier: asic1: Patch: []
Patch Applier: asic1 getting current config db.
Patch Applier: asic1: simulating the target full config after applying the patch.
Patch Applier: asic1: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: asic1: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: asic1: sorting patch updates.
Patch Applier: The asic1 patch was converted into 0 changes.
Patch Applier: asic1: applying 0 changes in order.
Patch Applier: asic1: verifying patch updates are reflected on ConfigDB.
Patch Applier: asic1 patch application completed.
Patch applied successfully.
```
…nic-net#3288)

HLD design : sonic-net/SONiC#1684

#### What I did
Add support for config save to one file for multi-aisc.
#### How I did it
Extend support for one file save for multiasic using the below format:
```
{
  "localhost": {/*host config*/},
  "asic0": {/*asic0 config*/},
  ...
  "asicN": {/*asicN config*/}
}
```
#### How to verify it
Unit test and manual test on multiasic platform.
Example running multi:
```
admin@str2-8800-sup-2:~$ sudo config save -y tmp.json
Integrate each ASIC's config into a single JSON file tmp.json.
admin@str2-8800-sup-2:~$ cat tmp.json |more
{
    "localhost": {
        "ACL_TABLE": {
            "NTP_ACL": {
                "policy_desc": "NTP_ACL",
                "services": [
                    "NTP"
...
    "asic0": {
        "AUTO_TECHSUPPORT": {
            "GLOBAL": {
                "available_mem_threshold": "10.0",
```
What I did
Added "show fabric counters rate mbps" command.

The output of the command is

  ASIC    Link ID    Rx Data Mbps    Tx Data Mbps
------  ---------  --------------  --------------
 asic0          0               0            19.8
 asic0          1               0            19.8
 asic0          2               0            39.8
 asic0          3               0            39.8
...

  ASIC    Link ID    Rx Data Mbps    Tx Data Mbps
------  ---------  --------------  --------------
 asic1          0               0               0
 asic1          1               0               0
 asic1          2               0               0
 asic1          3               0               0
...

The HLD is at here

https://github.com/sonic-net/SONiC/blob/master/doc/voq/fabric.md
Amendment is at sonic-net/SONiC#1656
…evel reboot (sonic-net#3171)

* Added a script to sync FS I/O reads/writes just before reboot; renamed ssdutil import to match corresponding change in sonic-platform-common

* Added FSIO RW sync to all reboot scripts

* Reverted changes to setup.py and ssdutil

* Standardized invocation point of the FSIO sync script in all 3 scripts

* Modified code such that FSIO sync is initiated from stormon daemon.
…V256 (sonic-net#3312)

- What I did
Update sonic-utilities to support new SKU Mellanox-SN5600-V256
Add the SKU to the generic configuration updater

- How I did it

- How to verify it
Manual and unit tests
…onic-net#3305)

- What I did
Added code to remove leftover symlinks and directories created by featured. Featured creates a symlink to /dev/null when unit is masked and an auto restart configuration is left under corresponding service.d/ directory.

- How I did it
Added necessary changes and UT to cover it.

- How to verify it
Uninstall an extension and verify no leftovers from featured.

Signed-off-by: Stepan Blyschak <[email protected]>
…en urllib3 and requests packages (sonic-net#3328)

* [build] Fix base OS compilation issue caused by incompatibility between urllib3 and requests packages

* [pipeline] Pin request package to v2.31.0
…ule(SFM) by using "config chassis modules shutdown/startup" commands (sonic-net#3283)

sudo config chassis modules shutdown/startup <module name>

The HLD for Shutdown and Startup of the Fabric Module is below:
sonic-net/SONiC#1694
* Backup STATE_DB PORT_TABLE during warm-reboot

Signed-off-by: Mihir Patel <[email protected]>

* Backing up selected fields from STATE_DB PORT_TABLE|Ethernet* and deleting unwanted fields during warm-reboot

---------

Signed-off-by: Mihir Patel <[email protected]>
What I did
This change puts contents originally in pfc/main.py into a class, to support the usage of the multi-asic helper in a future change. This change is required, as multi-asic helper being used expects members self.config_db and self.db to exist when a function with the decorator run_on_multi_asic is called. The multi-asic class helper will be used to add multi-asic support to pfc commands in a following pull request.

This is a part of the set of changes being pushed for sonic-net/sonic-buildimage#15148

How I did it
Moved contents of PFC commands into a class. There are no functional changes.

Co-authored-by: rdjeric <[email protected]>
Co-authored-by: Kenneth Cheung <[email protected]>
…rm-common change (sonic-net#3334)

* Renamed sonic_ssd to sonic_storage matching corresponding sonic-platform-common change

* Added ssdutil UT

* Flake8 test recommendations fixed

* Workaround for circular dependency

* Made ssdutil UT backwards compatible

* Flake8 test fixes

* More flake8 fixes

* Test failure fix

* Filled out init files in mocked libs to prevent unintentional module hiding

* Revert "Filled out init files in mocked libs to prevent unintentional module hiding"

This reverts commit 28db41d.

* Forced mock of sonic_storage

* Removed unused files and code

* Dialed back the aggressive mocking of argparse module

* Fixed flake8 test issues

* Cleaned up ssdutil code and UT
…onic-net#3333)

Description
Add a check for ensuring mirror session ACLs are programmed to ASIC

What is the issue?
This fix is to address an issue where an ACL is added to CONFIG_DB, but before it could be programmed to ASIC, Orchagent is paused.
This leads to APPLY_VIEW failure when base image OA could not process this ACL entry and target image's OA still creates it.
The issue has an image fix available at sonic-net/sonic-sairedis#1240
This issue is very rare, and has been caught by upgrade path tests only once in thousands of iterations.

What is this fix?
A new logic is added to check if mirror session ACLs for arp and nd are added to ASIC..
ACLs are looked into ASIC_DB and matched using SAI_ACL_ENTRY_ATTR_PRIORITY attribute.
SAI_ACL_ENTRY_ATTR_PRIORITY for arp ACL is 8888 and for nd is 8887
If one of the ACLs is found missing then warmboot is aborted.

Tested on physical testbed running 202311 and master
…et#3353)

There's a difference in behavior when an external command is run under
the default mode vs when it is run under the alias mode. In the default
mode, execution control returns to the caller unless the command had a
non-zero exit code. In the alias mode, regardless of exit code, the
Python script exits. This may result in some tasks not completing.

Fix this by not unconditionally exiting if running a command in the
alias mode. Note that there are other differences still present, but
this fixes at least this one.

Signed-off-by: Saikrishna Arcot <[email protected]>
…INTEGRITY_DROP,SAI_QUEUE_STAT_CREDIT_WD_DELETED_PACKETS) for Voq/Fabric switches (sonic-net#3322)

What I did
Added cli support to show SAI_SWITCH_STAT_PACKET_INTEGRITY_DROP counter in show dropcounter counts command and show SAI_QUEUE_STAT_CREDIT_WD_DELETED_PACKETS counters in show queue counter --voq command.

How I did it
 Modified the dropstat and queuestat cli commands to show these new counters 
How to verify it
Simulated the Packet integrity (CRC, RQP errors) and Credit Watchdog delete drops (disabled the TX for the ports and simulated the credit watchdog deletes) and verified that the show commands are showing the correct output from COUNTERS_DB.

Previous command output (if the output of a command-line utility has changed)
New command output (if the output of a command-line utility has changed)
1)show dropcounter counts
2)show queue counter --voq

Signed-off-by: saksarav <[email protected]>
* [wcmp]: Add WCMP CLI.

Signed-off-by: Nazarii Hnydyn <[email protected]>
**What I did?**
1. Bugfix for console CLI (This is introduced by [consutil] replace shell=True sonic-net#2725, * cannot be treated as wildcard correctly).
```
admin@sonic:~$ show line
ls: cannot access '/dev/C0-*': No such file or directory
```
2. Enhance UT to avoid regression mentioned in 1.
3. Fix incorrect statement in UT.
4. Fix critical Flake8 error.

**How to verify it**
1. Verified on Nokia-7215 MC0 device.
2. Verified by UT

Sign-Off By: Zhijian Li <[email protected]>
#### What I did

Add `config` `checkpoint`, `rollback`, `replace`, `list-checkpoints`, `delete-checkpoint` support of Multi ASIC

#### How I did it
Add namespace for each of operation to support Multi ASIC.

#### How to verify it
1. Single ASIC
```admin@str2-msn2700-spy-1:~/gcu$ sudo config checkpoint 20240522-xincun
Config Rollbacker: Config checkpoint starting.
Config Rollbacker: Checkpoint name: 20240522-xincun.
Config Rollbacker: Getting current config db.
Config Rollbacker: Getting checkpoint full-path.
Config Rollbacker: Ensuring checkpoint directory exist.
Config Rollbacker: Saving config db content to /etc/sonic/checkpoints/20240522-xincun.cp.json.
Config Rollbacker: Config checkpoint completed.
Checkpoint created successfully.

admin@str2-msn2700-spy-1:~/gcu$ sudo config list-checkpoints 
[
    "20240522-xincun"
]

admin@str2-msn2700-spy-1:~/gcu$ sudo config rollback 20240522-xincun
Config Rollbacker: Config rollbacking starting.
Config Rollbacker: Checkpoint name: 20240522-xincun.
Config Rollbacker: Verifying '20240522-xincun' exists.
Config Rollbacker: Loading checkpoint into memory.
Config Rollbacker: Replacing config using 'Config Replacer'.
Config Replacer: Config replacement starting.
Config Replacer: Target config length: 71214.
Config Replacer: Getting current config db.
Config Replacer: Generating patch between target config and current config db.
Config Replacer: Applying patch using 'Patch Applier'.
Patch Applier: localhost: Patch application starting.
Patch Applier: localhost: Patch: []
Patch Applier: localhost getting current config db.
Patch Applier: localhost: simulating the target full config after applying the patch.
Patch Applier: localhost: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: localhost: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: localhost: sorting patch updates.
Patch Applier: The localhost patch was converted into 0 changes.
Patch Applier: localhost: applying 0 changes in order.
Patch Applier: localhost: verifying patch updates are reflected on ConfigDB.
Patch Applier: localhost patch application completed.
Config Replacer: Verifying config replacement is reflected on ConfigDB.
Config Replacer: Config replacement completed.
Config Rollbacker: Config rollbacking completed.
Config rolled back successfully.

admin@str2-msn2700-spy-1:~/gcu$ sudo config delete-checkpoint 20240522-xincun
Config Rollbacker: Deleting checkpoint starting.
Config Rollbacker: Checkpoint name: 20240522-xincun.
Config Rollbacker: Checking checkpoint exists.
Config Rollbacker: Deleting checkpoint.
Config Rollbacker: Deleting checkpoint completed.
Checkpoint deleted successfully.

admin@str2-msn2700-spy-1:~/gcu$ sudo config list-checkpoints 
[]
```

2. Multi ASIC
```
stli@str2-7250-2-lc01:~/gcu$ sudo config checkpoint 20240522-xincun
MultiASICConfigRollbacker: Config checkpoint starting.
MultiASICConfigRollbacker: Checkpoint name: 20240522-xincun.
MultiASICConfigRollbacker: Getting current  config db.
MultiASICConfigRollbacker: Getting current asic0 config db.
MultiASICConfigRollbacker: Getting current asic1 config db.
MultiASICConfigRollbacker: Getting checkpoint full-path.
MultiASICConfigRollbacker: Ensuring checkpoint directory exist.
MultiASICConfigRollbacker: Saving config db content to /etc/sonic/checkpoints/20240522-xincun.cp.json.
MultiASICConfigRollbacker: Config checkpoint completed.
Checkpoint created successfully.
stli@str2-7250-2-lc01:~/gcu$ sudo config list-checkpoints 
[
    "20240522-xincun"
]

stli@str2-7250-2-lc01:~/gcu$ sudo config rollback 20240522-xincun
MultiASICConfigRollbacker: Config rollbacking starting.
MultiASICConfigRollbacker: Checkpoint name: 20240522-xincun.
MultiASICConfigRollbacker: Verifying '20240522-xincun' exists.
MultiASICConfigRollbacker: Loading checkpoint '20240522-xincun' into memory.
MultiASICConfigRollbacker: Replacing config '20240522-xincun' using 'Config Replacer'.
Config Replacer: Config replacement starting.
Config Replacer: Target config length: 38147.
Config Replacer: Getting current config db.
Config Replacer: Generating patch between target config and current config db.
Config Replacer: Applying patch using 'Patch Applier'.
Patch Applier: localhost: Patch application starting.
Patch Applier: localhost: Patch: []
Patch Applier: localhost getting current config db.
Patch Applier: localhost: simulating the target full config after applying the patch.
Patch Applier: localhost: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: localhost: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: localhost: sorting patch updates.
Patch Applier: The localhost patch was converted into 0 changes.
Patch Applier: localhost: applying 0 changes in order.
Patch Applier: localhost: verifying patch updates are reflected on ConfigDB.
Patch Applier: localhost patch application completed.
Config Replacer: Verifying config replacement is reflected on ConfigDB.
Config Replacer: Config replacement completed.
Config Replacer: Config replacement starting.
Config Replacer: Target config length: 97546.
Config Replacer: Getting current config db.
Config Replacer: Generating patch between target config and current config db.
Config Replacer: Applying patch using 'Patch Applier'.
Patch Applier: asic0: Patch application starting.
Patch Applier: asic0: Patch: []
Patch Applier: asic0 getting current config db.
Patch Applier: asic0: simulating the target full config after applying the patch.
Patch Applier: asic0: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: asic0: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: asic0: sorting patch updates.
Patch Applier: The asic0 patch was converted into 0 changes.
Patch Applier: asic0: applying 0 changes in order.
Patch Applier: asic0: verifying patch updates are reflected on ConfigDB.
Patch Applier: asic0 patch application completed.
Config Replacer: Verifying config replacement is reflected on ConfigDB.
Config Replacer: Config replacement completed.
Config Replacer: Config replacement starting.
Config Replacer: Target config length: 97713.
Config Replacer: Getting current config db.
Config Replacer: Generating patch between target config and current config db.
Config Replacer: Applying patch using 'Patch Applier'.
Patch Applier: asic1: Patch application starting.
Patch Applier: asic1: Patch: []
Patch Applier: asic1 getting current config db.
Patch Applier: asic1: simulating the target full config after applying the patch.
Patch Applier: asic1: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: asic1: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: asic1: sorting patch updates.
Patch Applier: The asic1 patch was converted into 0 changes.
Patch Applier: asic1: applying 0 changes in order.
Patch Applier: asic1: verifying patch updates are reflected on ConfigDB.
Patch Applier: asic1 patch application completed.
Config Replacer: Verifying config replacement is reflected on ConfigDB.
Config Replacer: Config replacement completed.
MultiASICConfigRollbacker: Config rollbacking completed.
Config rolled back successfully.

stli@str2-7250-2-lc01:~/gcu$ sudo config delete-checkpoint 20240522-xincun
MultiASICConfigRollbacker: Deleting checkpoint starting.
MultiASICConfigRollbacker: Checkpoint name: 20240522-xincun.
MultiASICConfigRollbacker: Checking checkpoint: 20240522-xincun exists.
MultiASICConfigRollbacker: Deleting checkpoint: 20240522-xincun.
MultiASICConfigRollbacker: Deleting checkpoint: 20240522-xincun completed.
Checkpoint deleted successfully.
stli@str2-7250-2-lc01:~/gcu$ sudo config list-checkpoints 
[]

stli@str2-7250-2-lc01:~/gcu$ sudo config replace 20240522-xincun.cp.json 
Config Replacer: Config replacement starting.
Config Replacer: Target config length: 38147.
Config Replacer: Getting current config db.
Config Replacer: Generating patch between target config and current config db.
Config Replacer: Applying patch using 'Patch Applier'.
Patch Applier: localhost: Patch application starting.
Patch Applier: localhost: Patch: []
Patch Applier: localhost getting current config db.
Patch Applier: localhost: simulating the target full config after applying the patch.
Patch Applier: localhost: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: localhost: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: localhost: sorting patch updates.
Patch Applier: The localhost patch was converted into 0 changes.
Patch Applier: localhost: applying 0 changes in order.
Patch Applier: localhost: verifying patch updates are reflected on ConfigDB.
Patch Applier: localhost patch application completed.
Config Replacer: Verifying config replacement is reflected on ConfigDB.
Config Replacer: Config replacement completed.
Config Replacer: Config replacement starting.
Config Replacer: Target config length: 97546.
Config Replacer: Getting current config db.
Config Replacer: Generating patch between target config and current config db.
Config Replacer: Applying patch using 'Patch Applier'.
Patch Applier: asic0: Patch application starting.
Patch Applier: asic0: Patch: []
Patch Applier: asic0 getting current config db.
Patch Applier: asic0: simulating the target full config after applying the patch.
Patch Applier: asic0: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: asic0: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: asic0: sorting patch updates.
Patch Applier: The asic0 patch was converted into 0 changes.
Patch Applier: asic0: applying 0 changes in order.
Patch Applier: asic0: verifying patch updates are reflected on ConfigDB.
Patch Applier: asic0 patch application completed.
Config Replacer: Verifying config replacement is reflected on ConfigDB.
Config Replacer: Config replacement completed.
Config Replacer: Config replacement starting.
Config Replacer: Target config length: 97713.
Config Replacer: Getting current config db.
Config Replacer: Generating patch between target config and current config db.
Config Replacer: Applying patch using 'Patch Applier'.
Patch Applier: asic1: Patch application starting.
Patch Applier: asic1: Patch: []
Patch Applier: asic1 getting current config db.
Patch Applier: asic1: simulating the target full config after applying the patch.
Patch Applier: asic1: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: asic1: validating target config does not have empty tables,
                               since they do not show up in ConfigDb.
Patch Applier: asic1: sorting patch updates.
Patch Applier: The asic1 patch was converted into 0 changes.
Patch Applier: asic1: applying 0 changes in order.
Patch Applier: asic1: verifying patch updates are reflected on ConfigDB.
Patch Applier: asic1 patch application completed.
Config Replacer: Verifying config replacement is reflected on ConfigDB.
Config Replacer: Config replacement completed.
Config replaced successfully.
```
@arfeigin
Copy link
Owner Author

Sorry for the mess once again, resolve conflicts caused real mess so I created new branch and PR.

@arfeigin arfeigin closed this Jun 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.