Skip to content

Commit b5dc5d4

Browse files
sdszhangvrajeshe
authored andcommitted
add authtype for consoleserver (sonic-net#22679)
Summary: support specifying authentication credential choice for console server (e.g. TACACS or AAD), With the following device: Hostname,ManagementIp,HwSku,Type,Protocol,Os,AuthType console-1,192.168.10.1/23,Cisco,ConsoleServer,ssh,sonic,, console-2,192.168.10.2/23,Cisco,ConsoleServer,ssh,sonic,,tacacs console-1 will use the default credentials in secrets.yaml "console_login". console-2 will use more specific credentials in secrets.yaml "console_login_options['tacacs']" What is the motivation for this PR? user can use different credential for console server. How did you do it? introduced new console_type, CONSOLE_SSH_TACACS How did you verify/test it? Verified locally. Signed-off-by: Dashuai Zhang <[email protected]> Signed-off-by: Venkata Gouri Rajesh Etla <[email protected]>
1 parent 1efb946 commit b5dc5d4

6 files changed

Lines changed: 47 additions & 8 deletions

File tree

.azure-pipelines/recover_testbed/dut_connection.py

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
from tests.common.connections.console_host import ConsoleHost
1515
from paramiko.ssh_exception import AuthenticationException
1616
from constants import RC_SSH_FAILED, RC_PASSWORD_FAILED
17+
from tests.common.utilities import update_console_creds
1718

1819
_self_dir = os.path.dirname(os.path.abspath(__file__))
1920
base_path = os.path.realpath(os.path.join(_self_dir, "../.."))
@@ -71,6 +72,8 @@ def creds_on_dut(sonichost):
7172
if cred_var in creds:
7273
creds[cred_var] = jinja2.Template(creds[cred_var]).render(**hostvars)
7374

75+
creds["console_login_options"] = hostvars.get("console_login_options", {})
76+
7477
if "console_login" not in list(hostvars.keys()):
7578
console_login_creds = {}
7679
else:
@@ -86,10 +89,11 @@ def creds_on_dut(sonichost):
8689

8790
def get_console_info(sonichost, conn_graph_facts):
8891
console_host = conn_graph_facts['device_console_info'][sonichost.hostname]['ManagementIp']
92+
auth_type = conn_graph_facts['device_console_info'][sonichost.hostname].get('AuthType', "")
8993
console_port = conn_graph_facts['device_console_link'][sonichost.hostname]['ConsolePort']['peerport']
9094
console_type = conn_graph_facts['device_console_link'][sonichost.hostname]['ConsolePort']['type']
9195

92-
return console_host, console_port, console_type
96+
return console_host, console_port, console_type, auth_type
9397

9498

9599
def get_ssh_info(sonichost):
@@ -103,7 +107,7 @@ def get_ssh_info(sonichost):
103107

104108

105109
def duthost_console(sonichost, conn_graph_facts):
106-
console_host, console_port, console_type = get_console_info(sonichost, conn_graph_facts)
110+
console_host, console_port, console_type, auth_type = get_console_info(sonichost, conn_graph_facts)
107111
console_type = "console_" + console_type
108112
if "/" in console_host:
109113
console_host = console_host.split("/")[0]
@@ -112,6 +116,7 @@ def duthost_console(sonichost, conn_graph_facts):
112116
sonicadmin_alt_password = sonichost.vm.get_vars(
113117
host=sonichost.im.get_hosts(pattern='sonic')[0]).get("ansible_altpassword")
114118
creds = creds_on_dut(sonichost)
119+
update_console_creds(creds, auth_type)
115120

116121
host = ConsoleHost(console_type=console_type,
117122
console_host=console_host,

ansible/devutils

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ sys.path.append("..")
1818

1919
from tests.common.plugins.pdu_controller.pdu_manager import pdu_manager_factory # noqa: E402
2020
from tests.common.connections.console_host import ConsoleHost # noqa: E402
21+
from tests.common.utilities import update_console_creds # noqa: E402
2122

2223
g_inv_mgr = None
2324
g_task_runner = None
@@ -161,6 +162,7 @@ def get_console_info_from_conn_graph(hostname):
161162
console_info = {}
162163
if hostname in g_conn_graph_facts['device_console_info'] and g_conn_graph_facts['device_console_info'][hostname]:
163164
console_info['console_type'] = g_conn_graph_facts['device_console_info'][hostname]['Protocol']
165+
console_info['auth_type'] = g_conn_graph_facts['device_console_info'][hostname].get('AuthType', '')
164166
console_info['console_host'] = g_conn_graph_facts['device_console_info'][hostname]['ManagementIp']
165167
console_info['console_port'] = g_conn_graph_facts['device_console_link'][hostname]['ConsolePort']['peerport']
166168
return console_info
@@ -171,7 +173,7 @@ def get_console_info_from_inventory(attrs):
171173
Read console info from inventory file. This should be a fallback of get_console_info_from_conn_graph.
172174
"""
173175
console_info = {}
174-
keys = ['console_type', 'console_host', 'console_port']
176+
keys = ['console_type', 'console_host', 'console_port', 'auth_type']
175177
for k in keys:
176178
if k in attrs:
177179
console_info[k] = attrs[k]
@@ -270,6 +272,7 @@ def action_console(parameters):
270272
hosts = parameters['hosts']
271273
for hostname, vars in hosts.items():
272274
console_info = get_console_info(hostname, vars)
275+
update_console_creds(vars['creds'], console_info.get('auth_type', ''))
273276
if not console_info:
274277
continue
275278
console_host = ConsoleHost(console_type=console_info['console_type'],
Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,10 @@
1-
Hostname,ManagementIp,HwSku,Type,Protocol,Os
1+
Hostname,ManagementIp,HwSku,Type,Protocol,Os,AuthType
22
str-msn2700-01,10.251.0.188/23,Mellanox-2700,DevSonic,,sonic
33
str-7260-10,10.251.0.13/23,Arista-7260QX-64,FanoutLeaf,,sonic
44
str-7260-11,10.251.0.234/23,Arista-7260QX-64,FanoutRoot,,eos
55
str-acs-serv-01,10.251.0.245/23,TestServ,Server,,ubuntu
66
pdu-1,192.168.9.2,Apc,Pdu,snmp,
77
pdu-2,192.168.9.3,Sentry,Pdu,snmp,
8-
console-1,192.168.10.1/23,Cisco,ConsoleServer,ssh,sonic
9-
console-2,192.168.10.2/23,Sonic,ConsoleServer,ssh,cisco
8+
console-1,192.168.10.1/23,Cisco,ConsoleServer,ssh,sonic,tacacs
9+
console-2,192.168.10.2/23,Sonic,ConsoleServer,ssh,cisco,
1010
management-1,192.168.10.3/23,Sonic,MgmtTsToRRouter,,sonic

ansible/group_vars/lab/secrets.yml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,3 +19,18 @@ console_login:
1919
console_conserver:
2020
user: "root"
2121
passwd: ["password1", "password2"]
22+
23+
console_login_options:
24+
'tacacs':
25+
console_telnet:
26+
user: "root"
27+
passwd: ["password1", "password2"]
28+
console_ssh:
29+
user: "root"
30+
passwd: ["password1", "password2"]
31+
console_ssh_menu_ports:
32+
user: "root"
33+
passwd: ["password1", "password2"]
34+
console_conserver:
35+
user: "root"
36+
passwd: ["password1", "password2"]

tests/common/helpers/dut_utils.py

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
from collections import defaultdict
1414
from tests.common.connections.console_host import ConsoleHost, CONSOLE_LINECARD
1515
from tests.common.connections.linecard_console_conn import UnsupportedPlatformError
16-
from tests.common.utilities import get_dut_current_passwd
16+
from tests.common.utilities import get_dut_current_passwd, update_console_creds
1717
from tests.common.connections.base_console_conn import (
1818
CONSOLE_SSH_CISCO_CONFIG,
1919
CONSOLE_SSH_DIGI_CONFIG,
@@ -559,11 +559,13 @@ def create_duthost_console(duthost, localhost, conn_graph_facts, creds): # noqa
559559
console_host = console_host.split("/")[0]
560560
console_port = conn_graph_facts['device_console_link'][dut_hostname]['ConsolePort']['peerport']
561561
console_type = conn_graph_facts['device_console_link'][dut_hostname]['ConsolePort']['type']
562+
console_auth_type = conn_graph_facts['device_console_info'][dut_hostname].get('AuthType', "")
562563
console_menu_type = conn_graph_facts['device_console_link'][dut_hostname]['ConsolePort']['menu_type']
563564
console_username = conn_graph_facts['device_console_link'][dut_hostname]['ConsolePort']['proxy']
564565
console_device = conn_graph_facts['device_console_link'][dut_hostname]['ConsolePort']['peerdevice']
565566

566567
console_type = f"console_{console_type}"
568+
update_console_creds(creds, console_auth_type)
567569

568570
if console_menu_type and console_menu_type.lower() != "n/a":
569571
console_menu_type = f"{console_type}_{console_menu_type}"
@@ -655,7 +657,10 @@ def creds_on_dut(duthost):
655657
for cred_var in cred_vars:
656658
if cred_var in creds:
657659
creds[cred_var] = jinja2.Template(creds[cred_var]).render(**hostvars)
658-
# load creds for console
660+
661+
creds["console_login_options"] = hostvars.get("console_login_options", {})
662+
663+
# load default creds for console
659664
if "console_login" not in list(hostvars.keys()):
660665
console_login_creds = {}
661666
else:

tests/common/utilities.py

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1362,6 +1362,17 @@ def get_dut_current_passwd(ipv4_address, ipv6_address, username, passwords):
13621362
return passwd
13631363

13641364

1365+
def update_console_creds(creds, console_auth_type):
1366+
# Load creds for console based on auth type (e.g. tacacs, xpme)
1367+
if console_auth_type and console_auth_type in creds.get("console_login_options", {}):
1368+
console_login_creds = creds["console_login_options"][console_auth_type]
1369+
creds["console_user"] = {}
1370+
creds["console_password"] = {}
1371+
for k, v in list(console_login_creds.items()):
1372+
creds["console_user"][k] = v["user"]
1373+
creds["console_password"][k] = v["passwd"]
1374+
1375+
13651376
def check_msg_in_syslog(duthost, log_msg):
13661377
"""
13671378
Checks for a given log message after the last start-LogAnalyzer message in syslog

0 commit comments

Comments
 (0)