diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 2bf752fc31..93e6ac35eb 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -527,6 +527,13 @@ sudo cp $IMAGE_CONFIGS/config-setup/config-setup $FILESYSTEM_ROOT/usr/bin/config echo "config-setup.service" | sudo tee -a $GENERATED_SERVICE_FILE sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable config-setup.service +# Add delayed tacacs application service +sudo cp files/build_templates/tacacs-config.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ +echo "tacacs-config.timer" | sudo tee -a $GENERATED_SERVICE_FILE + +sudo cp files/build_templates/tacacs-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/ +echo "tacacs-config.service" | sudo tee -a $GENERATED_SERVICE_FILE + # Copy config-chassisdb script and service file j2 files/build_templates/config-chassisdb.service.j2 | sudo tee $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/config-chassisdb.service sudo cp $IMAGE_CONFIGS/config-chassisdb/config-chassisdb $FILESYSTEM_ROOT/usr/bin/config-chassisdb diff --git a/files/build_templates/tacacs-config.service b/files/build_templates/tacacs-config.service new file mode 100644 index 0000000000..27e0e6891e --- /dev/null +++ b/files/build_templates/tacacs-config.service @@ -0,0 +1,12 @@ +[Unit] +Description=TACACS application +Requires=updategraph.service +After=updategraph.service +BindsTo=sonic.target +After=sonic.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/config-setup apply_tacacs +RemainAfterExit=yes + diff --git a/files/build_templates/tacacs-config.timer b/files/build_templates/tacacs-config.timer new file mode 100644 index 0000000000..28314e06f4 --- /dev/null +++ b/files/build_templates/tacacs-config.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Delays tacacs apply until SONiC has started +PartOf=tacacs-config.service +After=updategraph.service + +[Timer] +OnUnitActiveSec=0 sec +OnBootSec=5min 30 sec +Unit=tacacs-config.service + +[Install] +WantedBy=timers.target updategraph.service diff --git a/files/image_config/config-setup/config-setup b/files/image_config/config-setup/config-setup index 61e0887817..aacbdff000 100755 --- a/files/image_config/config-setup/config-setup +++ b/files/image_config/config-setup/config-setup @@ -110,12 +110,19 @@ reload_minigraph() { echo "Reloading minigraph..." config load_minigraph -y -n + config save -y +} + +# Apply tacacs config +apply_tacacs() +{ if [ -r /etc/sonic/old_config/${TACACS_JSON_BACKUP} ]; then sonic-cfggen -j /etc/sonic/old_config/${TACACS_JSON_BACKUP} --write-to-db + echo "Applied tacacs json to restore tacacs credentials" + config save -y else echo "Missing tacacs json to restore tacacs credentials" fi - config save -y } # Reload existing config db file on disk @@ -423,4 +430,9 @@ if [ "$CMD" = "backup" ]; then do_config_backup fi +# Apply tacacs from old configuration +if [ "$CMD" = "apply_tacacs" ]; then + apply_tacacs +fi + exit 0