Validate config_db.json in reload path. by dypet · Pull Request #4521 · sonic-net/sonic-utilities

dypet · 2026-05-06T15:14:06Z

What I did

Fix for sonic-net/sonic-buildimage#27178 . /etc/sonic/config_db.json was not validated in the config reload path before loading. If a config that did not conform to schema was partially loaded, the system could end up in a bad unrecoverable state.

How I did it

added a config_file_yang_validation check to config_db.json in config reload path.

How to verify it

'config reload -y' after copying an invalid config to /etc/sonic/config_db.json.

Previous command output

:~$ sudo config reload -y
Acquired lock on /etc/sonic/reload.lock
Disabling container and routeCheck monitoring ...
Stopping SONiC target ...
Running command: /usr/local/bin/sonic-cfggen -j /etc/sonic/init_cfg.json -j /etc/sonic/config_db.json --write-to-db
Traceback (most recent call last):
  File "/usr/local/bin/sonic-cfggen", line 542, in <module>
    main()
    ~~~~^^
  File "/usr/local/bin/sonic-cfggen", line 531, in main
    configdb.mod_config(FormatConverter.output_to_db(data))
    ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/swsscommon/swsscommon.py", line 2862, in mod_config
    raw_data = self.typed_to_raw(data)
  File "/usr/lib/python3/dist-packages/swsscommon/swsscommon.py", line 2797, in typed_to_raw
    elif len(typed_data) == 0:
         ~~~^^^^^^^^^^^^
TypeError: object of type 'int' has no len()
Released lock on /etc/sonic/reload.lock

Config is partially loaded in this case, leaving system in state that needs to be recovered with

sudo cp config_db.json_working /etc/sonic/config_db.json
sudo sonic-db-cli CONFIG_DB SET CONFIG_DB_INITIALIZED 1
sudo config reload -y -f

New command output

:~$ sudo config reload -y
Acquired lock on /etc/sonic/reload.lock
sonic_yang(3):All Keys are not parsed in DASH_HA_GLOBAL_CONFIG
dict_keys(['cp_data_channel_port', 'dp_channel_dst_port', 'dp_channel_src_port_min', 'dp_channel_src_port_max', 'dp_channel_probe_interval_ms', 'dp_channel_probe_fail_threshold', 'dpu_bfd_probe_interval_in_ms', 'dpu_bfd_probe_multiplier', 'dpu_vnet', 'dpu_vlan'])
sonic_yang(3):exceptionList:[]
sonic_yang(3):Data Loading Failed:All Keys are not parsed in DASH_HA_GLOBAL_CONFIG
dict_keys(['cp_data_channel_port', 'dp_channel_dst_port', 'dp_channel_src_port_min', 'dp_channel_src_port_max', 'dp_channel_probe_interval_ms', 'dp_channel_probe_fail_threshold', 'dpu_bfd_probe_interval_in_ms', 'dpu_bfd_probe_multiplier', 'dpu_vnet', 'dpu_vlan'])
exceptionList:[]
/etc/sonic/config_db.json fails YANG validation! Error: Data Loading Failed
All Keys are not parsed in DASH_HA_GLOBAL_CONFIG
dict_keys(['cp_data_channel_port', 'dp_channel_dst_port', 'dp_channel_src_port_min', 'dp_channel_src_port_max', 'dp_channel_probe_interval_ms', 'dp_channel_probe_fail_threshold', 'dpu_bfd_probe_interval_in_ms', 'dpu_bfd_probe_multiplier', 'dpu_vnet', 'dpu_vlan'])
exceptionList:[]
Released lock on /etc/sonic/reload.lock
Aborted!

The incorrect config is not loaded in this case and system stays up.

Signed-off-by: dypet <dypeters@cisco.com>

mssonicbld · 2026-05-06T15:14:15Z

/azp run

azure-pipelines · 2026-05-06T15:14:26Z

Azure Pipelines successfully started running 1 pipeline(s).

Signed-off-by: dypet <dypeters@cisco.com>

mssonicbld · 2026-05-06T16:04:23Z

/azp run

azure-pipelines · 2026-05-06T16:04:35Z

Azure Pipelines successfully started running 1 pipeline(s).

zjswhhh · 2026-05-08T18:34:46Z

Hi @qiluo-msft - please help review and merge.

Copilot

Pull request overview

This PR adds YANG validation for the default /etc/sonic/config_db.json during the config reload path to prevent invalid config loads from partially applying and leaving the system in an unrecoverable state (per sonic-buildimage#27178).

Changes:

Validate the default CONFIG_DB JSON (DEFAULT_CONFIG_DB_FILE) during config reload when no filename is provided.
Extend unit tests to assert that validation is invoked and that reload aborts early when validation fails.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
`config/main.py`	Adds a default-config validation step in the reload path before stopping services / flushing CONFIG_DB.
`tests/config_test.py`	Updates reload tests to assert validation is called; adds a failure-path test to ensure reload aborts before executing commands.

dypet · 2026-05-21T16:59:21Z

+    if filename is None and file_format == 'config_db':
+        # Validate the default config before stopping services and flushing CONFIG_DB.
+        config_file_yang_validation(DEFAULT_CONFIG_DB_FILE)
+    elif filename is not None and filename != "/dev/stdin":


qiluo-msft · 2026-05-21T01:06:58Z

+        # Validate the default config before stopping services and flushing CONFIG_DB.
+        config_file_yang_validation(DEFAULT_CONFIG_DB_FILE)


agree that multi-ASIC mode fix is missing. @dypet could you check?

qiluo-msft · 2026-05-21T01:07:36Z

+    if filename is None and file_format == 'config_db':
+        # Validate the default config before stopping services and flushing CONFIG_DB.
+        config_file_yang_validation(DEFAULT_CONFIG_DB_FILE)


agree with this finding.

Added check for file existence

qiluo-msft · 2026-05-21T01:09:16Z

A design question: should we skip yang validation if config reload -f? If today it is not validating yang, we may still keep it for one release branch, and enforce it later.

Signed-off-by: dypet <dypeters@cisco.com>

mssonicbld · 2026-05-21T16:59:18Z

/azp run

azure-pipelines · 2026-05-21T16:59:29Z

Azure Pipelines successfully started running 1 pipeline(s).

Signed-off-by: dypet <dypeters@cisco.com>

mssonicbld · 2026-05-21T18:32:08Z

/azp run

azure-pipelines · 2026-05-21T18:32:20Z

Azure Pipelines successfully started running 1 pipeline(s).

Signed-off-by: dypet <dypeters@cisco.com>

mssonicbld · 2026-05-21T21:10:10Z

/azp run

azure-pipelines · 2026-05-21T21:10:23Z

Azure Pipelines successfully started running 1 pipeline(s).

zjswhhh

lgtm

dypet · 2026-06-02T16:10:52Z

Hi @qiluo-msft , please help merge

zjswhhh · 2026-06-11T20:56:35Z

Hi @qiluo-msft - please help merge.

Validate config_db.json in reload path.

f6a93a4

Signed-off-by: dypet <dypeters@cisco.com>

dypet requested a review from zjswhhh May 6, 2026 15:14

Fix formatting.

20467dc

Signed-off-by: dypet <dypeters@cisco.com>

dypet marked this pull request as ready for review May 6, 2026 16:46

dypet mentioned this pull request May 6, 2026

BUG: config reload default path skips YANG validation, allowing bad config to render system unrecoverable sonic-net/sonic-buildimage#27178

Open

zjswhhh previously approved these changes May 7, 2026

View reviewed changes

qiluo-msft requested a review from Copilot May 21, 2026 00:51

Copilot started reviewing on behalf of qiluo-msft May 21, 2026 00:51 View session

Copilot AI reviewed May 21, 2026

View reviewed changes

Handle multi-asic cases.

a73a0a3

Signed-off-by: dypet <dypeters@cisco.com>

dypet dismissed zjswhhh’s stale review via a73a0a3 May 21, 2026 16:59

Fix flake8.

85cb787

Signed-off-by: dypet <dypeters@cisco.com>

Fix ut.

1f7dd65

Signed-off-by: dypet <dypeters@cisco.com>

dypet requested review from qiluo-msft and zjswhhh May 22, 2026 14:01

zjswhhh approved these changes May 22, 2026

View reviewed changes

		# Validate the default config before stopping services and flushing CONFIG_DB.
		config_file_yang_validation(DEFAULT_CONFIG_DB_FILE)

Conversation

dypet commented May 6, 2026

What I did

How I did it

How to verify it

Previous command output

New command output

Uh oh!

mssonicbld commented May 6, 2026

Uh oh!

azure-pipelines Bot commented May 6, 2026

Uh oh!

mssonicbld commented May 6, 2026

Uh oh!

azure-pipelines Bot commented May 6, 2026

Uh oh!

zjswhhh commented May 8, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

dypet May 21, 2026

Choose a reason for hiding this comment

Uh oh!

qiluo-msft May 21, 2026

Choose a reason for hiding this comment

Uh oh!

dypet May 21, 2026

Choose a reason for hiding this comment

Uh oh!

qiluo-msft May 21, 2026

Choose a reason for hiding this comment

Uh oh!

dypet May 21, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

qiluo-msft commented May 21, 2026

Uh oh!

mssonicbld commented May 21, 2026

Uh oh!

azure-pipelines Bot commented May 21, 2026

Uh oh!

mssonicbld commented May 21, 2026

Uh oh!

azure-pipelines Bot commented May 21, 2026

Uh oh!

mssonicbld commented May 21, 2026

Uh oh!

azure-pipelines Bot commented May 21, 2026

Uh oh!

zjswhhh left a comment

Choose a reason for hiding this comment

Uh oh!

dypet commented Jun 2, 2026

Uh oh!

zjswhhh commented Jun 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants