[TACACS] Fix TACACS config revert to old config when device reboot issue. (sonic-net#22342)

liuh-80 · web-flow · commit 3cb1ce090d29 · 2025-04-30T11:00:45.000-07:00
Fix TACACS config revert to old config when device reboot issue. #### Why I did it Fix following bug: 1. When SONiC OS upgrade, old TACACS config will save to /etc/sonic/old_config/tacacs.json 2. After device reboot, TACACS config service (https://github.com/sonic-net/sonic-buildimage/blob/master/files/build_templates/tacacs-config.service) will restore TACACS config from /etc/sonic/old_config/tacacs.json, but this file will keep no change after restore TACACS config. 3. If TACACS service changed by user, because of #2, if device reboot again, the TACACS config been reverted back to old config in /etc/sonic/old_config/tacacs.json Note: the TACACS config does not revert immediately after reboot, it will delay 5min 30sec: https://github.com/sonic-net/sonic-buildimage/blob/master/files/build_templates/tacacs-config.timer ##### Work item tracking - Microsoft ADO **(number only)**:32338799 #### How I did it Move /etc/sonic/old_config/tacacs.json to /etc/sonic/old_config/tacacs.json_backup #### How to verify it Pass all test case. Manually verify with following steps: admin@vlab-01:~$ show tacacs TACPLUS global auth_type login TACPLUS global timeout 5 (default) TACPLUS global passkey testing123 TACPLUS_SERVER address 10.250.0.102 priority 1 tcp_port 49 admin@vlab-01:~$ echo ' > { > "TACPLUS": {"global": { "auth_type": "login", "passkey": "12345" } } > }' > /etc/sonic/old_config/tacacs.json admin@vlab-01:~$ cat /etc/sonic/old_config/tacacs.json { "TACPLUS": {"global": { "auth_type": "login", "passkey": "12345" } } } // then reboot device and wait for 6 minutes, because the TACACS config service will delay 5min 30sec after reboot: https://github.com/sonic-net/sonic-buildimage/blob/master/files/build_templates/tacacs-config.timer admin@vlab-01:~$ ls /etc/sonic/old_config/tacacs.json ls: cannot access '/etc/sonic/old_config/tacacs.json': No such file or directory admin@vlab-01:~$ show tacacs TACPLUS global auth_type login TACPLUS global timeout 5 (default) TACPLUS global passkey 12345 TACPLUS_SERVER address 10.250.0.102 priority 1 tcp_port 49 #### Description for the changelog Fix TACACS config revert to old config when device reboot issue.
diff --git a/files/image_config/config-setup/config-setup b/files/image_config/config-setup/config-setup
@@ -139,6 +139,9 @@ apply_tacacs()
         sonic-cfggen -j /etc/sonic/old_config/${TACACS_JSON_BACKUP} --write-to-db
         echo "Applied tacacs json to restore tacacs credentials"
         config save -y
+
+        # Change tacacs config file name, so tacacs config will not be revert when device reboot.
+        mv /etc/sonic/old_config/${TACACS_JSON_BACKUP} /etc/sonic/old_config/${TACACS_JSON_BACKUP}_backup
     else
         echo "Missing tacacs json to restore tacacs credentials"
     fi
