Merge branch 'sonic-net:master' into master

.azure-pipelines/azure-pipelines-UpgrateVersion.yml

@@ -33,13 +33,14 @@ parameters:
   type: object
   default:
   - vs
-  - barefoot
   - broadcom
   - centec
   - centec-arm64
   - generic
   - marvell-armhf
+  - marvell-arm64
   - mellanox
+  - pensando
 
 stages:
 - stage: Prepare

build_debian.sh

@@ -484,10 +484,14 @@ rm /files/etc/ssh/sshd_config/ClientAliveInterval
 rm /files/etc/ssh/sshd_config/ClientAliveCountMax
 touch /files/etc/ssh/sshd_config/EmptyLineHack
 rename /files/etc/ssh/sshd_config/EmptyLineHack ""
-set /files/etc/ssh/sshd_config/ClientAliveInterval 900
+set /files/etc/ssh/sshd_config/ClientAliveInterval 300
 set /files/etc/ssh/sshd_config/ClientAliveCountMax 0
 ins #comment before /files/etc/ssh/sshd_config/ClientAliveInterval
-set /files/etc/ssh/sshd_config/#comment[following-sibling::*[1][self::ClientAliveInterval]] "Close inactive client sessions after 15 minutes"
+set /files/etc/ssh/sshd_config/#comment[following-sibling::*[1][self::ClientAliveInterval]] "Close inactive client sessions after 5 minutes"
+rm /files/etc/ssh/sshd_config/MaxAuthTries
+set /files/etc/ssh/sshd_config/MaxAuthTries 3
+rm /files/etc/ssh/sshd_config/Banner
+set /files/etc/ssh/sshd_config/Banner /etc/issue
 rm /files/etc/ssh/sshd_config/LogLevel
 set /files/etc/ssh/sshd_config/LogLevel VERBOSE
 save

device/arista/x86_64-arista_7060_cx32s/Arista-7060CX-32S-Q32/th-a7060-cx32s-32x40G-t1.config.bcm

@@ -449,3 +449,4 @@ serdes_preemphasis_109=0x145c00
 
 mmu_init_config="MSFT-TH-Tier1"
 phy_an_lt_msft=1
+phy_unlos_msft=1

dockers/docker-base-bookworm/Dockerfile.j2

@@ -1,9 +1,9 @@
 {% set prefix = DEFAULT_CONTAINER_REGISTRY %}
 {% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %}
 {% if CONFIGURED_ARCH == "armhf" and (MULTIARCH_QEMU_ENVIRON == "y" or CROSS_BUILD_ENVIRON == "y") %}
-FROM {{ prefix }}multiarch/debian-debootstrap:armhf-bookworm
+FROM --platform=linux/arm/v7 {{ prefix }}debian:bookworm
 {% elif CONFIGURED_ARCH == "arm64" and (MULTIARCH_QEMU_ENVIRON == "y" or CROSS_BUILD_ENVIRON == "y") %}
-FROM {{ prefix }}multiarch/debian-debootstrap:arm64-bookworm
+FROM --platform=linux/arm64 {{ prefix }}debian:bookworm
 {% else %}
 FROM {{ prefix }}{{DOCKER_BASE_ARCH}}/debian:bookworm
 {% endif %}
@@ -30,7 +30,6 @@ COPY ["dpkg_01_drop", "/etc/dpkg/dpkg.cfg.d/01_drop"]
 COPY ["sources.list.{{ CONFIGURED_ARCH }}", "/etc/apt/sources.list"]
 COPY ["no_install_recommend_suggest", "/etc/apt/apt.conf.d"]
 COPY ["no-check-valid-until", "/etc/apt/apt.conf.d"]
-COPY ["apt-multiple-retries", "/etc/apt/apt.conf.d"]
 
 # Update apt cache and
 # pre-install fundamental packages

dockers/docker-base-bookworm/pip.conf

@@ -0,0 +1,2 @@
+[global]
+break-system-packages = true

dockers/docker-database/docker-database-init.sh

@@ -63,8 +63,9 @@ if [[ $DATABASE_TYPE == "chassisdb" ]]; then
     echo "Init docker-database-chassis..."
     update_chassisdb_config -j $db_cfg_file_tmp -k -p $chassis_db_port
     # generate all redis server supervisord configuration file
-    sonic-cfggen -j $db_cfg_file_tmp -t /usr/share/sonic/templates/supervisord.conf.j2 > /etc/supervisor/conf.d/supervisord.conf
-    sonic-cfggen -j $db_cfg_file_tmp -t /usr/share/sonic/templates/critical_processes.j2 > /etc/supervisor/critical_processes
+    sonic-cfggen -j $db_cfg_file_tmp \
+    -t /usr/share/sonic/templates/supervisord.conf.j2,/etc/supervisor/conf.d/supervisord.conf \
+    -t /usr/share/sonic/templates/critical_processes.j2,/etc/supervisor/critical_processes
     rm $db_cfg_file_tmp
     exec /usr/local/bin/supervisord
     exit 0
@@ -81,8 +82,9 @@ then
 fi
 # delete chassisdb config to generate supervisord config
 update_chassisdb_config -j $db_cfg_file_tmp -d
-sonic-cfggen -j $db_cfg_file_tmp -t /usr/share/sonic/templates/supervisord.conf.j2 > /etc/supervisor/conf.d/supervisord.conf
-sonic-cfggen -j $db_cfg_file_tmp -t /usr/share/sonic/templates/critical_processes.j2 > /etc/supervisor/critical_processes
+sonic-cfggen -j $db_cfg_file_tmp \
+-t /usr/share/sonic/templates/supervisord.conf.j2,/etc/supervisor/conf.d/supervisord.conf \
+-t /usr/share/sonic/templates/critical_processes.j2,/etc/supervisor/critical_processes
 
 if [[ "$start_chassis_db" != "1" ]] && [[ -z "$chassis_db_address" ]]; then
      cp $db_cfg_file_tmp $db_cfg_file

dockers/docker-dhcp-server/Dockerfile.j2

@@ -1,5 +1,5 @@
 {% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %}
-FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}}
+FROM docker-config-engine-bookworm-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}}
 
 ARG docker_container_name
 ARG image_version
@@ -15,40 +15,11 @@ RUN apt-get update &&       \
     apt-get install -f -y   \
         tcpdump             \
         python3-dev         \
-# For kea build environment
-        automake            \
-        libtool             \
-        pkg-config          \
         build-essential     \
-        ccache              \
-# For kea dependancies
-        libboost-dev        \
-        libboost-system-dev \
-        liblog4cplus-dev    \
-        libssl-dev
+        kea-dhcp4-server
+
+RUN mkdir -p /var/run/kea
 
-# Install kea from source
-RUN apt-get install -f -y devscripts
-RUN mkdir kea && cd kea && dget -u http://deb.debian.org/debian/pool/main/i/isc-kea/isc-kea_2.2.0-6.dsc
-RUN cd /kea/isc-kea-2.2.0 && autoreconf --install && ./configure --disable-FEATURE \
-    --enable-static=no --disable-install-configurations --enable-pgsql-ssl=no --with-PACKAGE=no \
-    && make -j$(nproc) && make install
-# Create run folder for kea
-RUN mkdir -p /run/kea
-# Create config folder for kea
-RUN mkdir -p /etc/kea
-# Remove stuff we don't need to reduce image size
-RUN cd /usr/local/lib && rm -v *.la && rm -v kea/hooks/*.la
-# Strip debug symbols to reduce file size of binaries
-Run find /usr/local/sbin/ /usr/local/lib/ -type f -exec strip --strip-unneeded {} \;
-# Remove source code
-RUN rm -rf /kea
-RUN echo "/usr/local/lib/kea/hooks" > /etc/ld.so.conf.d/kea.conf && \
-    ldconfig
-# Remove sbin we don't need
-RUN cd /usr/local/sbin && rm -f kea-admin kea-ctrl-agent kea-dhcp-ddns kea-dhcp6 keactrl
-# Remove hook lib we don't need
-RUN cd /usr/local/lib/kea/hooks && rm -f libdhcp_bootp.so libdhcp_flex_option.so libdhcp_stat_cmds.so
 RUN pip3 install psutil
 # TODO issue on remote rsyslog server in non-host container
 RUN rm -f /etc/supervisor/conf.d/containercfgd.conf
@@ -70,13 +41,8 @@ RUN rm -f /etc/supervisor/conf.d/containercfgd.conf
 {% endif %}
 
 # Remove build stuff we don't need
-RUN apt-get remove -y devscripts    \
-                automake            \
-                libtool             \
-                pkg-config          \
-                build-essential     \
-                python3-dev         \
-                ccache
+RUN apt-get remove -y build-essential     \
+                      python3-dev
 
 RUN apt-get clean -y        && \
     apt-get autoclean -y    && \
@@ -86,7 +52,7 @@ RUN apt-get clean -y        && \
 COPY ["docker_init.sh", "start.sh", "/usr/bin/"]
 COPY ["supervisord.conf", "/etc/supervisor/conf.d/"]
 COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
-COPY ["port-name-alias-map.txt.j2", "rsyslog/rsyslog.conf.j2", "kea-dhcp4.conf.j2", "/usr/share/sonic/templates/"]
+COPY ["rsyslog/rsyslog.conf.j2", "kea-dhcp4.conf.j2", "/usr/share/sonic/templates/"]
 COPY ["critical_processes", "/etc/supervisor/"]
 COPY ["lease_update.sh", "/etc/kea/"]
 COPY ["kea-dhcp4-init.conf", "/etc/kea/kea-dhcp4.conf"]

dockers/docker-dhcp-server/cli-plugin-tests/mock_config_db.json

@@ -49,10 +49,10 @@
         "ips": "100.1.1.10,10.1.1.11"
     },
     "DHCP_SERVER_IPV4_PORT|Vlan100|Ethernet7": {
-        "ranges": "range1,range2"
+        "ranges": "range1,range3"
     },
     "DHCP_SERVER_IPV4_PORT|Vlan200|Ethernet8": {
-        "ranges": "range3,range4"
+        "ranges": "range1,range4"
     },
     "DHCP_SERVER_IPV4_PORT|Ethernet9": {
         "ranges": "range5,range6"

dockers/docker-dhcp-server/cli-plugin-tests/test_config_dhcp_server.py

@@ -240,3 +240,133 @@ def test_config_dhcp_server_ipv4_update_wrong_netmask(self, mock_db):
         result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["update"], ["Vlan100", "--netmask=255.255.254"], obj=db)
         assert result.exit_code == 2, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
 
+    def test_config_dhcp_server_ipv4_range_add(self, mock_db):
+        expected_value = {
+            "range": "10.10.10.10,10.10.10.11"
+        }
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["add"], \
+                ["range4", "10.10.10.10", "10.10.10.11"], obj=db)
+        assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+        assert mock_db.get_all("CONFIG_DB", "DHCP_SERVER_IPV4_RANGE|range4") == expected_value
+
+    def test_config_dhcp_server_ipv4_range_add_existing(self, mock_db):
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["add"], \
+                ["range1", "10.10.10.10", "10.10.10.11"], obj=db)
+        assert result.exit_code == 2, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+
+    def test_config_dhcp_server_ipv4_range_add_single_ip(self, mock_db):
+        expected_value = {
+            "range": "10.10.10.10,10.10.10.10"
+        }
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["add"], \
+                ["range4", "10.10.10.10"], obj=db)
+        assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+        assert mock_db.get_all("CONFIG_DB", "DHCP_SERVER_IPV4_RANGE|range4") == expected_value
+
+    def test_config_dhcp_server_ipv4_range_add_wrong_ip(self, mock_db):
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["add"], \
+                ["range4", "10.10.10"], obj=db)
+        assert result.exit_code == 2, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+
+    def test_config_dhcp_server_ipv4_range_add_wrong_order(self, mock_db):
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["add"], \
+                ["range4", "10.10.10.10", "10.10.10.9"], obj=db)
+        assert result.exit_code == 2, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+
+    def test_config_dhcp_server_ipv4_range_update(self, mock_db):
+        expected_value = {
+            "range": "10.10.10.10,10.10.10.11"
+        }
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["update"], \
+                ["range1", "10.10.10.10", "10.10.10.11"], obj=db)
+        assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+        assert mock_db.get_all("CONFIG_DB", "DHCP_SERVER_IPV4_RANGE|range1") == expected_value
+
+    def test_config_dhcp_server_ipv4_range_update_nonexisting(self, mock_db):
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["update"], \
+                ["range4", "10.10.10.10", "10.10.10.11"], obj=db)
+        assert result.exit_code == 2, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+
+    def test_config_dhcp_server_ipv4_range_update_single_ip(self, mock_db):
+        expected_value = {
+            "range": "10.10.10.10,10.10.10.10"
+        }
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["update"], \
+                ["range1", "10.10.10.10"], obj=db)
+        assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+        assert mock_db.get_all("CONFIG_DB", "DHCP_SERVER_IPV4_RANGE|range1") == expected_value
+
+    def test_config_dhcp_server_ipv4_range_update_wrong_ip(self, mock_db):
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["update"], \
+                ["range1", "10.10.10"], obj=db)
+        assert result.exit_code == 2, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+
+    def test_config_dhcp_server_ipv4_range_add_wrong_order(self, mock_db):
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["update"], \
+                ["range1", "10.10.10.10", "10.10.10.9"], obj=db)
+        assert result.exit_code == 2, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+
+    def test_config_dhcp_server_ipv4_range_delete(self, mock_db):
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["del"], \
+                ["range2"], obj=db)
+        assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+        assert mock_db.exists("CONFIG_DB", "DHCP_SERVER_IPV4_RANGE|range2") == False
+
+    def test_config_dhcp_server_ipv4_range_delete_nonexisting(self, mock_db):
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["del"], \
+                ["range4"], obj=db)
+        assert result.exit_code == 2, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+
+    def test_config_dhcp_server_ipv4_range_delete_referenced(self, mock_db):
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["del"], \
+                ["range1"], obj=db)
+        assert result.exit_code == 2, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+
+    def test_config_dhcp_server_ipv4_range_delete_referenced_force(self, mock_db):
+        runner = CliRunner()
+        db = clicommon.Db()
+        db.db = mock_db
+        result = runner.invoke(dhcp_server.dhcp_server.commands["ipv4"].commands["range"].commands["del"], \
+                ["range1", "--force"], obj=db)
+        assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info)
+        assert mock_db.exists("CONFIG_DB", "DHCP_SERVER_IPV4_RANGE|range1") == False
+

dockers/docker-dhcp-server/cli-plugin-tests/test_show_dhcp_server.py

@@ -215,9 +215,9 @@ def test_show_dhcp_server_ipv4_port_without_intf(self, mock_db):
 |                   | 10.1.1.11  |
 +-------------------+------------+
 | Vlan100|Ethernet7 | range1     |
-|                   | range2     |
+|                   | range3     |
 +-------------------+------------+
-| Vlan200|Ethernet8 | range3     |
+| Vlan200|Ethernet8 | range1     |
 |                   | range4     |
 +-------------------+------------+
 | Ethernet9         | range5     |
@@ -237,7 +237,7 @@ def test_show_dhcp_server_ipv4_port_with_port(self, mock_db):
 | Interface         | Bind   |
 +===================+========+
 | Vlan100|Ethernet7 | range1 |
-|                   | range2 |
+|                   | range3 |
 +-------------------+--------+
 """
         runner = CliRunner()
@@ -256,7 +256,7 @@ def test_show_dhcp_server_ipv4_port_with_vlan(self, mock_db):
 |                   | 10.1.1.11  |
 +-------------------+------------+
 | Vlan100|Ethernet7 | range1     |
-|                   | range2     |
+|                   | range3     |
 +-------------------+------------+
 """
         runner = CliRunner()
@@ -271,7 +271,7 @@ def test_show_dhcp_server_ipv4_port_with_port_and_vlan(self, mock_db):
 +-------------------+--------+
 | Interface         | Bind   |
 +===================+========+
-| Vlan200|Ethernet8 | range3 |
+| Vlan200|Ethernet8 | range1 |
 |                   | range4 |
 +-------------------+--------+
 """