add password hardening yang model, yang test, init_cfg.json.j2 files#2
Open
davidpil2002 wants to merge 19 commits intomasterfrom
Open
add password hardening yang model, yang test, init_cfg.json.j2 files#2davidpil2002 wants to merge 19 commits intomasterfrom
davidpil2002 wants to merge 19 commits intomasterfrom
Conversation
dgsudharsan
suggested changes
Mar 10, 2022
dgsudharsan
left a comment
dgsudharsan
left a comment
There was a problem hiding this comment.
Please add sample configuration here https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/tests/files/sample_config_db.json
src/sonic-yang-models/tests/yang_model_tests/tests/password_hardening.json
Outdated
Show resolved
Hide resolved
davidpil2002
force-pushed
the
dev-password-hardening-yang-model
branch
from
b7c3a2d to
d6e62e8
Compare
dgsudharsan
approved these changes
Mar 22, 2022
davidpil2002
pushed a commit
that referenced
this pull request
Nov 2, 2022
#### Why I did it Update sonic-host-services submodule to include below commits: ``` bc8698d Merge pull request sonic-net#21 from abdosi/feature 557a110 Fix the issue where if dest port is not specified in ACL rule than for multi-asic where we create NAT rule to forward traffic from Namespace to host fail with exception. 6e45acc (master) Merge pull request sonic-net#14 from abdosi/feature 4d6cad7 Merge remote-tracking branch 'upstream/master' into feature bceb13e Install libyang to azure pipeline (sonic-net#20) 82299f5 Merge pull request sonic-net#13 from SuvarnaMeenakshi/cacl_fabricns 15d3bf4 Merge branch 'master' into cacl_fabricns de54082 Merge pull request sonic-net#16 from ZhaohuiS/feature/caclmgrd_external_client_warning_log b4b368d Add warning log if destination port is not defined d4bb96d Merge branch 'master' into cacl_fabricns 35c76cb Add unit-test and fix typo. 17d44c2 Made Changes to be Python 3.7 compatible 978afb5 Aligning Code 1fbf8fb Merge remote-tracking branch 'upstream/master' into feature 7b8c7d1 Added UT for the changes 91c4c42 Merge pull request #9 from ZhaohuiS/feature/caclmgrd_external_client 7c0b56a Add 4 test cases for external_client_acl, including single port and port range for ipv4 and ipv6 b71e507 Merge remote-tracking branch 'origin/master' into HEAD d992dc0 Merge branch 'master' into feature/caclmgrd_external_client bd7b172 DST_PORT is configuralbe in json config file for EXTERNAL_CLIENT_ACL f9af7ae [CLI] Move hostname, mgmt interface/vrf config to hostcfgd (#2) 70ce6a3 Merge pull request sonic-net#10 from sujinmkang/cold_reset 29be8d2 Added Support to render Feature Table using Device running metadata. Also added support to render 'has_asic_scope' field of Feature Table. 3437e35 [caclmgrd][chassis]: Add ip tables rules to accept internal docker traffic from fabric asic namespaces. 8720561 Fix and add hardware reboot cause determination tests 0dcc7fe remove the empty bracket if no hardware reboot cause minor e47d831 fix the wrong expected result comparision ef86b53 Fix startswith Attribute error 8a630bb fix mock patch 8543ddf update the reboot cause logic and update the unit test 53ad7cd fix the mock patch function 7c8003d fix the reboot-cause regix for test 1ba611f fix typo 25379d3 Add unit test case a56133b Add hardware reboot cause as actual reboot cause for soft reboot failed c7d3833 Support Restapi/gnmi control plane acls f6ea036 caclmgrd: Don't block traffic to mgmt by default a712fc4 Update test cases adc058b caclmgrd: Don't block traffic to mgmt by default 06ff918 Merge pull request #7 from bluecmd/patch-1 e3e23bc ci: Rename sonic-buildimage repository e83a858 Merge pull request #4 from kamelnetworks/acl-ip2me-test f5a2e50 [caclmgrd]: Tests for IP2ME rules generation ```
davidpil2002
pushed a commit
that referenced
this pull request
May 8, 2025
…et#21095) Adding the below fix from FRR FRRouting/frr#17297 This is to fix the following crash which is a statistical issue [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/usr/lib/frr/zebra -A 127.0.0.1 -s 90000000 -M dplane_fpm_nl -M snmp'. Program terminated with signal SIGABRT, Aborted. #0 0x00007fccd7351e2c in ?? () from /lib/x86_64-linux-gnu/libc.so.6 [Current thread is 1 (Thread 0x7fccd6faf7c0 (LWP 36))] (gdb) bt #0 0x00007fccd7351e2c in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007fccd7302fb2 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #2 0x00007fccd72ed472 in abort () from /lib/x86_64-linux-gnu/libc.so.6 #3 0x00007fccd75bb3a9 in _zlog_assert_failed (xref=xref@entry=0x7fccd7652380 <_xref.16>, extra=extra@entry=0x0) at ../lib/zlog.c:678 #4 0x00007fccd759b2fe in route_node_delete (node=<optimized out>) at ../lib/table.c:352 #5 0x00007fccd759b445 in route_unlock_node (node=0x0) at ../lib/table.h:258 #6 route_next (node=<optimized out>) at ../lib/table.c:436 #7 route_next (node=node@entry=0x56029d89e560) at ../lib/table.c:410 #8 0x000056029b6b6b7a in if_lookup_by_name_per_ns (ns=ns@entry=0x56029d873d90, ifname=ifname@entry=0x7fccc0029340 "PortChannel1020") at ../zebra/interface.c:312 #9 0x000056029b6b8b36 in zebra_if_dplane_ifp_handling (ctx=0x7fccc0029310) at ../zebra/interface.c:1867 sonic-net#10 zebra_if_dplane_result (ctx=0x7fccc0029310) at ../zebra/interface.c:2221 sonic-net#11 0x000056029b7137a9 in rib_process_dplane_results (thread=<optimized out>) at ../zebra/zebra_rib.c:4810 sonic-net#12 0x00007fccd75a0e0d in thread_call (thread=thread@entry=0x7ffe8e553cc0) at ../lib/thread.c:1990 sonic-net#13 0x00007fccd7559368 in frr_run (master=0x56029d65a040) at ../lib/libfrr.c:1198 sonic-net#14 0x000056029b6ac317 in main (argc=9, argv=0x7ffe8e5540d8) at ../zebra/main.c:478
davidpil2002
pushed a commit
that referenced
this pull request
May 8, 2025
…sue. (sonic-net#22342) Fix TACACS config revert to old config when device reboot issue. #### Why I did it Fix following bug: 1. When SONiC OS upgrade, old TACACS config will save to /etc/sonic/old_config/tacacs.json 2. After device reboot, TACACS config service (https://github.com/sonic-net/sonic-buildimage/blob/master/files/build_templates/tacacs-config.service) will restore TACACS config from /etc/sonic/old_config/tacacs.json, but this file will keep no change after restore TACACS config. 3. If TACACS service changed by user, because of #2, if device reboot again, the TACACS config been reverted back to old config in /etc/sonic/old_config/tacacs.json Note: the TACACS config does not revert immediately after reboot, it will delay 5min 30sec: https://github.com/sonic-net/sonic-buildimage/blob/master/files/build_templates/tacacs-config.timer ##### Work item tracking - Microsoft ADO **(number only)**:32338799 #### How I did it Move /etc/sonic/old_config/tacacs.json to /etc/sonic/old_config/tacacs.json_backup #### How to verify it Pass all test case. Manually verify with following steps: admin@vlab-01:~$ show tacacs TACPLUS global auth_type login TACPLUS global timeout 5 (default) TACPLUS global passkey testing123 TACPLUS_SERVER address 10.250.0.102 priority 1 tcp_port 49 admin@vlab-01:~$ echo ' > { > "TACPLUS": {"global": { "auth_type": "login", "passkey": "12345" } } > }' > /etc/sonic/old_config/tacacs.json admin@vlab-01:~$ cat /etc/sonic/old_config/tacacs.json { "TACPLUS": {"global": { "auth_type": "login", "passkey": "12345" } } } // then reboot device and wait for 6 minutes, because the TACACS config service will delay 5min 30sec after reboot: https://github.com/sonic-net/sonic-buildimage/blob/master/files/build_templates/tacacs-config.timer admin@vlab-01:~$ ls /etc/sonic/old_config/tacacs.json ls: cannot access '/etc/sonic/old_config/tacacs.json': No such file or directory admin@vlab-01:~$ show tacacs TACPLUS global auth_type login TACPLUS global timeout 5 (default) TACPLUS global passkey 12345 TACPLUS_SERVER address 10.250.0.102 priority 1 tcp_port 49 #### Description for the changelog Fix TACACS config revert to old config when device reboot issue.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why I did it
How I did it
How to verify it
Which release branch to backport (provide reason below if selected)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)