Add service to restore TACACS from old config (#7560)

Why I did it
In upgrade scenarios, where config_db.json is not carry forwarded to new image, it could be left w/o TACACS credentials.
Added a service to trigger 5 minutes after boot and restore TACACS, if /etc/sonic/old_config/tacacs.json is present.

How I did it
By adding a service, that would fire 5 mins after boot.
This service apply tacacs if available.

How to verify it
Upgrade and watch status of tacacs.timer & tacacs.service
You may create /etc/sonic/old_config/tacacs.json, with updated credentials
(before 5mins after boot) and see that appears in config & persisted too.

Which release branch to backport (provide reason below if selected)
 201911
 202006
 202012

files/build_templates/sonic_debian_extension.j2

@@ -527,6 +527,13 @@ sudo cp $IMAGE_CONFIGS/config-setup/config-setup $FILESYSTEM_ROOT/usr/bin/config
 echo "config-setup.service" | sudo tee -a $GENERATED_SERVICE_FILE
 sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable config-setup.service
 
+# Add delayed tacacs application service
+sudo cp files/build_templates/tacacs-config.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/
+echo "tacacs-config.timer" | sudo tee -a $GENERATED_SERVICE_FILE
+
+sudo cp files/build_templates/tacacs-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/
+echo "tacacs-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
+
 # Copy config-chassisdb script and service file
 j2 files/build_templates/config-chassisdb.service.j2 | sudo tee $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/config-chassisdb.service
 sudo cp $IMAGE_CONFIGS/config-chassisdb/config-chassisdb $FILESYSTEM_ROOT/usr/bin/config-chassisdb

files/build_templates/tacacs-config.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=TACACS application
+Requires=updategraph.service
+After=updategraph.service
+BindsTo=sonic.target
+After=sonic.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/config-setup apply_tacacs
+RemainAfterExit=yes
+

files/build_templates/tacacs-config.timer

@@ -0,0 +1,12 @@
+[Unit]
+Description=Delays tacacs apply until SONiC has started
+PartOf=tacacs-config.service
+After=updategraph.service
+
+[Timer]
+OnUnitActiveSec=0 sec
+OnBootSec=5min 30 sec
+Unit=tacacs-config.service
+
+[Install]
+WantedBy=timers.target updategraph.service

files/image_config/config-setup/config-setup

@@ -110,12 +110,19 @@ reload_minigraph()
 {
     echo "Reloading minigraph..."
     config load_minigraph -y -n 
+    config save -y
+}
+
+# Apply tacacs config
+apply_tacacs()
+{
     if [ -r /etc/sonic/old_config/${TACACS_JSON_BACKUP} ]; then
         sonic-cfggen -j /etc/sonic/old_config/${TACACS_JSON_BACKUP} --write-to-db
+        echo "Applied tacacs json to restore tacacs credentials"
+        config save -y
     else
         echo "Missing tacacs json to restore tacacs credentials"
     fi
-    config save -y
 }
 
 # Reload existing config db file on disk
@@ -423,4 +430,9 @@ if [ "$CMD" = "backup" ]; then
     do_config_backup
 fi
 
+# Apply tacacs from old configuration
+if [ "$CMD" = "apply_tacacs" ]; then
+    apply_tacacs
+fi
+
 exit 0