Skip to content

[ansible] Consider tacacs when deploying fanout#7778

Merged
Blueve merged 5 commits intosonic-net:masterfrom
Xichen96:dev/xichenlin/consider_tacacs_for_fanout
Mar 20, 2023
Merged

[ansible] Consider tacacs when deploying fanout#7778
Blueve merged 5 commits intosonic-net:masterfrom
Xichen96:dev/xichenlin/consider_tacacs_for_fanout

Conversation

@Xichen96
Copy link
Contributor

@Xichen96 Xichen96 commented Mar 17, 2023
edited
Loading

Description of PR

Currently when deploying fanout, only the variable fanout_sonic_user/password, fanout_eos_user/password is considered. I add ansible_tacacs_user/password, ansible_tacacs_sonic/password that can override fanout_eos_user so current setup will not be broken.

Summary:
Fixes # (issue)

Type of change

  • Bug fix
  • Testbed and Framework(new/improvement)
  • Test case(new/improvement)

Back port request

  • 201911
  • 202012
  • 202205

Approach

What is the motivation for this PR?

There is a need to add tacacs account to fanout without affecting current fanout devices that still uses local credentials.

How did you do it?

Add fanout_tacacs_sonic_user/password that can override fanout_sonic_user/password, and also a fanout_tacacs_user/password that can override fanout_tacacs_sonic_user/password.

How did you verify/test it?

Verified in lab.

Any platform specific information?

Supported testbed topology if it's a new test case?

Documentation

Xichen96 added 4 commits March 17, 2023 10:44
@Xichen96
consider tacacs with deploying fanout
a40eb2f 
Signed-off-by: Xichen Lin <lukelin0907@gmail.com>
@Xichen96
consider tacacs in deploying fanout
5b32d60 
Signed-off-by: Xichen Lin <lukelin0907@gmail.com>
@Xichen96
fix bug
60f33bc 
Signed-off-by: Xichen Lin <lukelin0907@gmail.com>
@Xichen96
add comment
6479d0c 
Signed-off-by: Xichen Lin <lukelin0907@gmail.com>
@mssonicbld
Copy link
Collaborator

mssonicbld commented Mar 17, 2023

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Failed
- hook id: trailing-whitespace
- exit code: 1
- files were modified by this hook

Fixing ansible/roles/fanout/tasks/main.yml

fix end of files.........................................................Passed
check yaml...............................................................Passed
check for added large files..............................................Passed
check python ast.....................................(no files to check)Skipped
flake8...............................................(no files to check)Skipped

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

@Xichen96
fix bug
17f766a 
Signed-off-by: Xichen Lin <lukelin0907@gmail.com>
@mssonicbld
Copy link
Collaborator

mssonicbld commented Mar 17, 2023

The pre-commit check detected issues in the files touched by this pull request.
The detected issues may be old or new. For new issues, please try to fix them.

For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame
author of this pull request. But if you can take extra effort to fix the old issues as well, that would be great!

Detailed pre-commit check results:
trim trailing whitespace.................................................Failed
- hook id: trailing-whitespace
- exit code: 1
- files were modified by this hook

Fixing ansible/roles/fanout/tasks/main.yml

fix end of files.........................................................Passed
check yaml...............................................................Passed
check for added large files..............................................Passed
check python ast.....................................(no files to check)Skipped
flake8...............................................(no files to check)Skipped

To run the pre-commit checks locally, you can follow below steps:

  1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
    the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
    docker container.
  2. Ensure that the pre-commit package is installed:
sudo pip install pre-commit
  1. Go to repository root folder
  2. Install the pre-commit hooks:
pre-commit install
  1. Use pre-commit to check staged file:
pre-commit
  1. Alternatively, you can check committed files using:
pre-commit run --from-ref <commit_id> --to-ref <commit_id>

Blueve
Blueve reviewed Mar 20, 2023
View reviewed changes
@Blueve Blueve merged commit 6967063 into sonic-net:master Mar 20, 2023
wangxin pushed a commit that referenced this pull request Mar 24, 2023
@Xichen96 @wangxin
[ansible] Consider tacacs when deploying fanout (#7778)
8ccdbbd 
What is the motivation for this PR?
There is a need to add tacacs account to fanout without affecting current fanout devices that still uses local credentials.

How did you do it?
Add fanout_tacacs_sonic_user/password that can override fanout_sonic_user/password, and also a fanout_tacacs_user/password that can override fanout_tacacs_sonic_user/password.

How did you verify/test it?
Verified in lab.

Signed-off-by: Xichen Lin <lukelin0907@gmail.com>
wangxin pushed a commit that referenced this pull request Mar 24, 2023
@Xichen96 @wangxin
[ansible] Consider tacacs when deploying fanout (#7778)
3981f37 
What is the motivation for this PR?
There is a need to add tacacs account to fanout without affecting current fanout devices that still uses local credentials.

How did you do it?
Add fanout_tacacs_sonic_user/password that can override fanout_sonic_user/password, and also a fanout_tacacs_user/password that can override fanout_tacacs_sonic_user/password.

How did you verify/test it?
Verified in lab.

Signed-off-by: Xichen Lin <lukelin0907@gmail.com>
wangxin added a commit to wangxin/sonic-mgmt that referenced this pull request Apr 17, 2023
@wangxin
Fix fanout ssh authentication failed issue
937abbe 
PR sonic-net#7778 added support of SSH to fanout switch using TACACS account.
However, this PR introduced an issue. It mistakenly set SSH password
to variable  `ansible_ssh_password` instead of expected `ansible_ssh_pass`.
Consequently, deploy fanout switch failed with authentication failure.

This change corrected variable name `ansible_ssh_password` to `ansible_ssh_pass`
in the touched files.

Signed-off-by: Xin Wang <xiwang5@microsoft.com>
@wangxin wangxin mentioned this pull request Apr 17, 2023
Merged
6 tasks
wangxin added a commit that referenced this pull request Apr 18, 2023
@wangxin
Fix fanout ssh authentication failed issue (#8054)
061cfa2 
What is the motivation for this PR?
PR #7778 added support of SSH to fanout switch using TACACS account. However, this PR introduced an issue. It mistakenly set SSH password to variable ansible_ssh_password instead of expected ansible_ssh_pass. Consequently, deploy fanout switch failed with authentication failure.

How did you do it?
This change corrected variable name ansible_ssh_password to ansible_ssh_pass in the touched files.

How did you verify/test it?
Run playbook fanout.yml.

Signed-off-by: Xin Wang <xiwang5@microsoft.com>
wangxin added a commit that referenced this pull request Apr 20, 2023
@wangxin
Fix fanout ssh authentication failed issue (#8054)
e510dcc 
What is the motivation for this PR?
PR #7778 added support of SSH to fanout switch using TACACS account. However, this PR introduced an issue. It mistakenly set SSH password to variable ansible_ssh_password instead of expected ansible_ssh_pass. Consequently, deploy fanout switch failed with authentication failure.

How did you do it?
This change corrected variable name ansible_ssh_password to ansible_ssh_pass in the touched files.

How did you verify/test it?
Run playbook fanout.yml.

Signed-off-by: Xin Wang <xiwang5@microsoft.com>
wangxin added a commit that referenced this pull request Apr 20, 2023
@wangxin
Fix fanout ssh authentication failed issue (#8054)
566c7b1 
What is the motivation for this PR?
PR #7778 added support of SSH to fanout switch using TACACS account. However, this PR introduced an issue. It mistakenly set SSH password to variable ansible_ssh_password instead of expected ansible_ssh_pass. Consequently, deploy fanout switch failed with authentication failure.

How did you do it?
This change corrected variable name ansible_ssh_password to ansible_ssh_pass in the touched files.

How did you verify/test it?
Run playbook fanout.yml.

Signed-off-by: Xin Wang <xiwang5@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Blueve Blueve Blueve approved these changes

Assignees

No one assigned

Labels

Included in 202012 branch Included in 202205 branch Request for 202012 branch Request for 202205 branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Xichen96 @mssonicbld @Blueve @wangxin