diff --git a/rules/sonic-host-services-data.dep b/rules/sonic-host-services-data.dep index 2b208317f1..9b2e5b32ef 100644 --- a/rules/sonic-host-services-data.dep +++ b/rules/sonic-host-services-data.dep @@ -1,7 +1,7 @@ SPATH := $($(SONIC_HOST_SERVICES_DATA)_SRC_PATH) DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/sonic-host-services-data.mk rules/sonic-host-services-data.dep DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST) -DEP_FILES += $(shell git ls-files $(SPATH)) +DEP_FILES += $(addprefix $(SPATH)/,$(shell git -C $(SPATH) ls-files)) $(SONIC_HOST_SERVICES_DATA)_CACHE_MODE := GIT_CONTENT_SHA $(SONIC_HOST_SERVICES_DATA)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST) diff --git a/rules/sonic-host-services-data.mk b/rules/sonic-host-services-data.mk index 64a6590482..ddccd82d44 100644 --- a/rules/sonic-host-services-data.mk +++ b/rules/sonic-host-services-data.mk @@ -1,5 +1,5 @@ # SONiC host services data package SONIC_HOST_SERVICES_DATA = sonic-host-services-data_1.0-1_all.deb -$(SONIC_HOST_SERVICES_DATA)_SRC_PATH = $(SRC_PATH)/sonic-host-services-data +$(SONIC_HOST_SERVICES_DATA)_SRC_PATH = $(SRC_PATH)/sonic-host-services/data SONIC_DPKG_DEBS += $(SONIC_HOST_SERVICES_DATA) diff --git a/rules/sonic-host-services.dep b/rules/sonic-host-services.dep index 0e68ccb035..905ec3c3ca 100644 --- a/rules/sonic-host-services.dep +++ b/rules/sonic-host-services.dep @@ -1,7 +1,7 @@ SPATH := $($(SONIC_HOST_SERVICES_PY3)_SRC_PATH) DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/sonic-host-services.mk rules/sonic-host-services.dep DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST) -SMDEP_FILES := $(addprefix $(SPATH)/,$(shell cd $(SPATH) && git ls-files)) +SMDEP_FILES := $(addprefix $(SPATH)/,$(shell git -C $(SPATH) ls-files | grep -v ^data)) $(SONIC_HOST_SERVICES_PY3)_CACHE_MODE := GIT_CONTENT_SHA $(SONIC_HOST_SERVICES_PY3)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST) diff --git a/src/sonic-host-services b/src/sonic-host-services index beb8bbe9f4..d5f76f75d1 160000 --- a/src/sonic-host-services +++ b/src/sonic-host-services @@ -1 +1 @@ -Subproject commit beb8bbe9f40dae3e3af27de989b8a4ab899ba801 +Subproject commit d5f76f75d157db0b28f5b68a0ed6bd333faee619 diff --git a/src/sonic-host-services-data/.gitignore b/src/sonic-host-services-data/.gitignore deleted file mode 100644 index b941ede4c3..0000000000 --- a/src/sonic-host-services-data/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -debian/*.debhelper -debian/debhelper-build-stamp -debian/sonic-host-services-data/ -sonic-host-services-data_*.buildinfo -sonic-host-services-data_*.changes -sonic-host-services-data_*.deb diff --git a/src/sonic-host-services-data/MAINTAINERS b/src/sonic-host-services-data/MAINTAINERS deleted file mode 100644 index 09c497897e..0000000000 --- a/src/sonic-host-services-data/MAINTAINERS +++ /dev/null @@ -1,7 +0,0 @@ -# This file describes the maintainers for sonic-host-services-data -# See the SONiC project governance document for more information - -Name = "Joe LeVeque" -Email = "jolevequ@microsoft.com" -Github = jleveque -Mailinglist = sonicproject@googlegroups.com diff --git a/src/sonic-host-services-data/README.md b/src/sonic-host-services-data/README.md deleted file mode 100644 index 0b9e714932..0000000000 --- a/src/sonic-host-services-data/README.md +++ /dev/null @@ -1,19 +0,0 @@ -# sonic-host-services-data -Data files required for SONiC host services - - -## To build - -``` -dpkg-buildpackage -rfakeroot -b -us -uc -``` - -## To clean - -``` -dpkg-buildpackage -rfakeroot -Tclean -``` - ---- - -See the [SONiC Website](https://sonic-net.github.io/SONiC/) for more information about the SONiC project. diff --git a/src/sonic-host-services-data/debian/changelog b/src/sonic-host-services-data/debian/changelog deleted file mode 100644 index 89e14bad24..0000000000 --- a/src/sonic-host-services-data/debian/changelog +++ /dev/null @@ -1,5 +0,0 @@ -sonic-host-services-data (1.0-1) UNRELEASED; urgency=low - - * Initial release - - -- Joe LeVeque Tue, 20 Oct 2020 02:35:43 +0000 diff --git a/src/sonic-host-services-data/debian/compat b/src/sonic-host-services-data/debian/compat deleted file mode 100644 index b4de394767..0000000000 --- a/src/sonic-host-services-data/debian/compat +++ /dev/null @@ -1 +0,0 @@ -11 diff --git a/src/sonic-host-services-data/debian/control b/src/sonic-host-services-data/debian/control deleted file mode 100644 index ebb495e3d3..0000000000 --- a/src/sonic-host-services-data/debian/control +++ /dev/null @@ -1,11 +0,0 @@ -Source: sonic-host-services-data -Maintainer: Joe LeVeque -Section: misc -Priority: optional -Standards-Version: 0.1 -Build-Depends: debhelper (>=11) - -Package: sonic-host-services-data -Architecture: all -Depends: ${misc:Depends} -Description: Data files required for SONiC host services diff --git a/src/sonic-host-services-data/debian/copyright b/src/sonic-host-services-data/debian/copyright deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/src/sonic-host-services-data/debian/install b/src/sonic-host-services-data/debian/install deleted file mode 100644 index 91edbd1c04..0000000000 --- a/src/sonic-host-services-data/debian/install +++ /dev/null @@ -1,2 +0,0 @@ -templates/*.j2 /usr/share/sonic/templates/ -org.sonic.hostservice.conf /etc/dbus-1/system.d diff --git a/src/sonic-host-services-data/debian/rules b/src/sonic-host-services-data/debian/rules deleted file mode 100755 index 47d26ccbc1..0000000000 --- a/src/sonic-host-services-data/debian/rules +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/make -f - -ifeq (${ENABLE_HOST_SERVICE_ON_START}, y) - HOST_SERVICE_OPTS := --no-start -else - HOST_SERVICE_OPTS := --no-start --no-enable -endif - - -build: - -%: - dh $@ - -override_dh_installsystemd: - dh_installsystemd --no-start --name=caclmgrd - dh_installsystemd --no-start --name=hostcfgd - dh_installsystemd --no-start --name=featured - dh_installsystemd --no-start --name=aaastatsd - dh_installsystemd --no-start --name=procdockerstatsd - dh_installsystemd --no-start --name=determine-reboot-cause - dh_installsystemd --no-start --name=process-reboot-cause - dh_installsystemd $(HOST_SERVICE_OPTS) --name=sonic-hostservice - diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.aaastatsd.service b/src/sonic-host-services-data/debian/sonic-host-services-data.aaastatsd.service deleted file mode 100644 index b93fe92c04..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.aaastatsd.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=AAA Statistics Collection daemon -Requires=hostcfgd.service -After=hostcfgd.service updategraph.service -BindsTo=sonic.target -After=sonic.target - -[Service] -Type=simple -ExecStart=/usr/local/bin/aaastatsd -Restart=on-failure -RestartSec=10 -TimeoutStopSec=3 - diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.aaastatsd.timer b/src/sonic-host-services-data/debian/sonic-host-services-data.aaastatsd.timer deleted file mode 100644 index 8b6426db18..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.aaastatsd.timer +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Delays aaastatsd daemon until SONiC has started -PartOf=aaastatsd.service - -[Timer] -OnUnitActiveSec=0 sec -OnBootSec=1min 30 sec -Unit=aaastatsd.service - -[Install] -WantedBy=timers.target sonic.target - diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.caclmgrd.service b/src/sonic-host-services-data/debian/sonic-host-services-data.caclmgrd.service deleted file mode 100644 index e24ed10bb3..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.caclmgrd.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Control Plane ACL configuration daemon -Requires=updategraph.service -After=updategraph.service -BindsTo=sonic.target -After=sonic.target - -[Service] -Type=simple -ExecStart=/usr/local/bin/caclmgrd -Restart=always -RestartSec=30 - -[Install] -WantedBy=sonic.target diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.determine-reboot-cause.service b/src/sonic-host-services-data/debian/sonic-host-services-data.determine-reboot-cause.service deleted file mode 100644 index e834b93373..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.determine-reboot-cause.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Reboot cause determination service -Requires=rc-local.service database.service -After=rc-local.service database.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/local/bin/determine-reboot-cause - -[Install] -WantedBy=multi-user.target diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.featured.service b/src/sonic-host-services-data/debian/sonic-host-services-data.featured.service deleted file mode 100644 index 0913e9458c..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.featured.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Feature configuration daemon -Requires=updategraph.service -After=updategraph.service -BindsTo=sonic.target -After=sonic.target - -[Service] -Type=simple -ExecStart=/usr/local/bin/featured diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.featured.timer b/src/sonic-host-services-data/debian/sonic-host-services-data.featured.timer deleted file mode 100644 index 12fbbe10f2..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.featured.timer +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Delays feature daemon until SONiC has started -PartOf=featured.service - -[Timer] -OnUnitActiveSec=0 sec -OnBootSec=1min 30 sec -Unit=featured.service - -[Install] -WantedBy=timers.target sonic.target - diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.hostcfgd.service b/src/sonic-host-services-data/debian/sonic-host-services-data.hostcfgd.service deleted file mode 100644 index 5e24345271..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.hostcfgd.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Host config enforcer daemon -Requires=updategraph.service -After=updategraph.service -BindsTo=sonic.target -After=sonic.target - -[Service] -Type=simple -ExecStart=/usr/local/bin/hostcfgd - diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.hostcfgd.timer b/src/sonic-host-services-data/debian/sonic-host-services-data.hostcfgd.timer deleted file mode 100644 index b45fd4b22f..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.hostcfgd.timer +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Delays hostcfgd daemon until SONiC has started -PartOf=hostcfgd.service - -[Timer] -OnUnitActiveSec=0 sec -OnBootSec=1min 30 sec -Unit=hostcfgd.service - -[Install] -WantedBy=timers.target sonic.target - diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.procdockerstatsd.service b/src/sonic-host-services-data/debian/sonic-host-services-data.procdockerstatsd.service deleted file mode 100644 index 68b9e61b62..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.procdockerstatsd.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Process and docker CPU/memory utilization data export daemon -Requires=database.service updategraph.service -After=database.service updategraph.service -BindsTo=sonic.target -After=sonic.target - -[Service] -Type=simple -ExecStart=/usr/local/bin/procdockerstatsd -Restart=always - -[Install] -WantedBy=sonic.target diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.process-reboot-cause.service b/src/sonic-host-services-data/debian/sonic-host-services-data.process-reboot-cause.service deleted file mode 100644 index 14af8868e1..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.process-reboot-cause.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Retrieve the reboot cause from the history files and save them to StateDB -Requires=database.service determine-reboot-cause.service -After=database.service determine-reboot-cause.service - -[Service] -Type=simple -ExecStart=/usr/local/bin/process-reboot-cause diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.process-reboot-cause.timer b/src/sonic-host-services-data/debian/sonic-host-services-data.process-reboot-cause.timer deleted file mode 100644 index 222c51a79a..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.process-reboot-cause.timer +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Delays process-reboot-cause until network is stably connected - -[Timer] -OnBootSec=1min 30 sec -Unit=process-reboot-cause.service - -[Install] -WantedBy=timers.target diff --git a/src/sonic-host-services-data/debian/sonic-host-services-data.sonic-hostservice.service b/src/sonic-host-services-data/debian/sonic-host-services-data.sonic-hostservice.service deleted file mode 100644 index 799f3511e7..0000000000 --- a/src/sonic-host-services-data/debian/sonic-host-services-data.sonic-hostservice.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=SONiC Host Service - -[Service] -Type=dbus -BusName=org.SONiC.HostService - -ExecStart=/usr/bin/python3 -u /usr/local/bin/sonic-host-server - -Restart=on-failure -RestartSec=10 -TimeoutStopSec=3 - -[Install] -WantedBy=mgmt-framework.service telemetry.service - diff --git a/src/sonic-host-services-data/org.sonic.hostservice.conf b/src/sonic-host-services-data/org.sonic.hostservice.conf deleted file mode 100644 index 08599007d9..0000000000 --- a/src/sonic-host-services-data/org.sonic.hostservice.conf +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/src/sonic-host-services-data/templates/common-auth-sonic.j2 b/src/sonic-host-services-data/templates/common-auth-sonic.j2 deleted file mode 100644 index b20c9f4eeb..0000000000 --- a/src/sonic-host-services-data/templates/common-auth-sonic.j2 +++ /dev/null @@ -1,83 +0,0 @@ -#THIS IS AN AUTO-GENERATED FILE -# -# /etc/pam.d/common-auth- authentication settings common to all services -# This file is included from other service-specific PAM config files, -# and should contain a list of the authentication modules that define -# the central authentication scheme for use on the system -# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the -# traditional Unix authentication mechanisms. -# -# here are the per-package modules (the "Primary" block) - -{% if auth['login'] == 'local' %} -auth [success=1 default=ignore] pam_unix.so nullok try_first_pass - -{% elif auth['login'] == 'local,tacacs+' %} -auth [success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die' if not auth['failthrough'] }}] pam_unix.so nullok try_first_pass -{% for server in servers | sub(0, -1) %} -auth [success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die' if not auth['failthrough'] }}] pam_tacplus.so server={{ server.ip }}:{{ server.tcp_port }} secret={{ server.passkey }} login={{ server.auth_type }} timeout={{ server.timeout }} {% if server.vrf %} vrf={{ server.vrf }} {% endif %} {{ 'source_ip=%s' % src_ip if src_ip }} try_first_pass -{% endfor %} -{% if servers | count %} -{% set last_server = servers | last %} -auth [success=1 default=ignore] pam_tacplus.so server={{ last_server.ip }}:{{ last_server.tcp_port }} secret={{ last_server.passkey }} login={{ last_server.auth_type }} timeout={{ last_server.timeout }} {% if last_server.vrf %} vrf={{ last_server.vrf }} {% endif %} {{ 'source_ip=%s' % src_ip if src_ip }} try_first_pass - -{% endif %} -{% elif auth['login'] == 'tacacs+' or auth['login'] == 'tacacs+,local' %} -{% for server in servers %} -auth [success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die' if not auth['failthrough'] }}] pam_tacplus.so server={{ server.ip }}:{{ server.tcp_port }} secret={{ server.passkey }} login={{ server.auth_type }} timeout={{ server.timeout }} {%if server.vrf %} vrf={{ server.vrf }} {% endif %} {{ 'source_ip=%s' % src_ip if src_ip }} try_first_pass -{% endfor %} -auth [success=1 default=ignore] pam_unix.so nullok try_first_pass - -{% elif auth['login'] == 'local,radius' %} -auth [success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die maxtries=die' if not auth['failthrough'] }}] pam_unix.so nullok try_first_pass -# For the RADIUS servers, on success jump to the cacheing the MPL(Privilege) -{% for server in servers %} -auth [success={{ (servers | count) - loop.index0 }} new_authtok_reqd=done default=ignore{{ ' auth_err=die' if not auth['failthrough'] }}] pam_radius_auth.so conf=/etc/pam_radius_auth.d/{{ server.ip }}_{{ server.auth_port }}.conf privilege_level protocol={{ server.auth_type }} retry={{ server.retransmit }}{% if server.nas_ip is defined %} nas_ip_address={{ server.nas_ip }}{% endif %}{% if server.nas_id is defined %} client_id={{ server.nas_id }}{% endif %}{% if debug %} debug{% endif %}{% if trace %} trace{% endif %}{% if server.statistics %} statistics={{ server.ip }}{% endif %} try_first_pass -{% endfor %} -auth requisite pam_deny.so -# Cache MPL(Privilege) -auth [success=1 default=ignore] pam_exec.so /usr/sbin/cache_radius - -{% elif auth['login'] == 'radius,local' %} -# root user can only be authenticated locally. Jump to local. -{% if servers | count %} -auth [success={{ (servers | count) }} default=ignore] pam_succeed_if.so user = root -{% else %} -auth [success=ok default=ignore] pam_succeed_if.so user = root -{% endif %} -# For the RADIUS servers, on success jump to the cache the MPL(Privilege) -{% for server in servers %} -auth [success={{ (servers | count) + 1 - loop.index0 }} new_authtok_reqd=done default=ignore{{ ' auth_err=die' if not auth['failthrough'] }}] pam_radius_auth.so conf=/etc/pam_radius_auth.d/{{ server.ip }}_{{ server.auth_port }}.conf privilege_level protocol={{ server.auth_type }} retry={{ server.retransmit }}{% if server.nas_ip is defined %} nas_ip_address={{ server.nas_ip }}{% endif %}{% if server.nas_id is defined %} client_id={{ server.nas_id }}{% endif %}{% if debug %} debug{% endif %}{% if trace %} trace{% endif %}{% if server.statistics %} statistics={{ server.ip }}{% endif %} try_first_pass -{% endfor %} -# Local -auth [success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die maxtries=die' if not auth['failthrough'] }}] pam_unix.so nullok try_first_pass -auth requisite pam_deny.so -# Cache MPL(Privilege) -auth [success=1 default=ignore] pam_exec.so /usr/sbin/cache_radius - -{% elif auth['login'] == 'radius' %} -# root user can only be authenticated locally. Jump to local. -auth [success={{ (servers | count) + 2 }} default=ignore] pam_succeed_if.so user = root -# For the RADIUS servers, on success jump to the cache the MPL(Privilege) -{% for server in servers %} -auth [success={{ (servers | count) - loop.index0 }} new_authtok_reqd=done default=ignore{{ ' auth_err=die' if not auth['failthrough'] }}] pam_radius_auth.so conf=/etc/pam_radius_auth.d/{{ server.ip }}_{{ server.auth_port }}.conf privilege_level protocol={{ server.auth_type }} retry={{ server.retransmit }}{% if server.nas_ip is defined %} nas_ip_address={{ server.nas_ip }}{% endif %}{% if server.nas_id is defined %} client_id={{ server.nas_id }}{% endif %}{% if debug %} debug{% endif %}{% if trace %} trace{% endif %}{% if server.statistics %} statistics={{ server.ip }}{% endif %} try_first_pass -{% endfor %} -auth requisite pam_deny.so -# Cache MPL(Privilege) -auth [success=2 default=ignore] pam_exec.so /usr/sbin/cache_radius -# Local -auth [success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die maxtries=die' if not auth['failthrough'] }}] pam_unix.so nullok try_first_pass - -{% else %} -auth [success=1 default=ignore] pam_unix.so nullok try_first_pass - -{% endif %} -# -# here's the fallback if no module succeeds -auth requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -auth required pam_permit.so -# and here are more per-package modules (the "Additional" block) - diff --git a/src/sonic-host-services-data/templates/common-password.j2 b/src/sonic-host-services-data/templates/common-password.j2 deleted file mode 100644 index c5fd3f889c..0000000000 --- a/src/sonic-host-services-data/templates/common-password.j2 +++ /dev/null @@ -1,43 +0,0 @@ -#THIS IS AN AUTO-GENERATED FILE -# -# /etc/pam.d/common-password - password-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define the services to be -# used to change user passwords. The default is pam_unix. - -# Explanation of pam_unix options: -# The "yescrypt" option enables -#hashed passwords using the yescrypt algorithm, introduced in Debian -#11. Without this option, the default is Unix crypt. Prior releases -#used the option "sha512"; if a shadow password hash will be shared -#between Debian 11 and older releases replace "yescrypt" with "sha512" -#for compatibility . The "obscure" option replaces the old -#`OBSCURE_CHECKS_ENAB' option in login.defs. See the pam_unix manpage -#for other options. - -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) - -{% if passw_policies %} -{% if passw_policies['state'] == 'enabled' %} -password requisite pam_cracklib.so retry=3 maxrepeat=0 {% if passw_policies['len_min'] %}minlen={{passw_policies['len_min']}}{% endif %} {% if passw_policies['upper_class'] %}ucredit=-1{% else %}ucredit=0{% endif %} {% if passw_policies['lower_class'] %}lcredit=-1{% else %}lcredit=0{% endif %} {% if passw_policies['digits_class'] %}dcredit=-1{% else %}dcredit=0{% endif %} {% if passw_policies['special_class'] %}ocredit=-1{% else %}ocredit=0{% endif %} {% if passw_policies['reject_user_passw_match'] %}reject_username{% endif %} enforce_for_root - -password required pam_pwhistory.so {% if passw_policies['history_cnt'] %}remember={{passw_policies['history_cnt']}}{% endif %} use_authtok enforce_for_root -{% endif %} -{% endif %} - -password [success=1 default=ignore] pam_unix.so obscure yescrypt -# here's the fallback if no module succeeds -password requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -password required pam_permit.so -# and here are more per-package modules (the "Additional" block) -# end of pam-auth-update config diff --git a/src/sonic-host-services-data/templates/limits.conf.j2 b/src/sonic-host-services-data/templates/limits.conf.j2 deleted file mode 100755 index 41b37221e4..0000000000 --- a/src/sonic-host-services-data/templates/limits.conf.j2 +++ /dev/null @@ -1,69 +0,0 @@ -# /etc/security/limits.conf -# -# This file generate by j2 template file: src/sonic-host-services-data/templates/limits.conf.j2 -# -# Each line describes a limit for a user in the form: -# -# -# -# Where: -# can be: -# - a user name -# - a group name, with @group syntax -# - the wildcard *, for default entry -# - the wildcard %, can be also used with %group syntax, -# for maxlogin limit -# - NOTE: group and wildcard limits are not applied to root. -# To apply a limit to the root user, must be -# the literal username root. -# -# can have the two values: -# - "soft" for enforcing the soft limits -# - "hard" for enforcing hard limits -# -# can be one of the following: -# - core - limits the core file size (KB) -# - data - max data size (KB) -# - fsize - maximum filesize (KB) -# - memlock - max locked-in-memory address space (KB) -# - nofile - max number of open file descriptors -# - rss - max resident set size (KB) -# - stack - max stack size (KB) -# - cpu - max CPU time (MIN) -# - nproc - max number of processes -# - as - address space limit (KB) -# - maxlogins - max number of logins for this user -# - maxsyslogins - max number of logins on the system -# - priority - the priority to run user process with -# - locks - max number of file locks the user can hold -# - sigpending - max number of pending signals -# - msgqueue - max memory used by POSIX message queues (bytes) -# - nice - max nice priority allowed to raise to values: [-20, 19] -# - rtprio - max realtime priority -# - chroot - change root to directory (Debian-specific) -# -# -# is related with : -# All items support the values -1, unlimited or infinity indicating -# no limit, except for priority and nice. -# -# If a hard limit or soft limit of a resource is set to a valid value, -# but outside of the supported range of the local system, the system -# may reject the new limit or unexpected behavior may occur. If the -# control value required is used, the module will reject the login if -# a limit could not be set. -# -# -# - -# * soft core 0 -# root hard core 100000 -# * hard rss 10000 -# @student hard nproc 20 -# @faculty soft nproc 20 -# @faculty hard nproc 50 -# ftp hard nproc 0 -# ftp - chroot /ftp -# @student - maxlogins 4 - -# End of file diff --git a/src/sonic-host-services-data/templates/pam_limits.j2 b/src/sonic-host-services-data/templates/pam_limits.j2 deleted file mode 100755 index f87906932f..0000000000 --- a/src/sonic-host-services-data/templates/pam_limits.j2 +++ /dev/null @@ -1,12 +0,0 @@ -#THIS IS AN AUTO-GENERATED FILE -# -# This file generate by j2 template file: src/sonic-host-services-data/templates/pam_limits.j2 -# -# /etc/pam.d/pam-limits settings common to all services -# This file is included from other service-specific PAM config files, -# and should contain a list of the authentication modules that define -# the central authentication scheme for use on the system -# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the -# traditional Unix authentication mechanisms. -# -# here are the per-package modules (the "Primary" block) \ No newline at end of file diff --git a/src/sonic-host-services-data/templates/pam_radius_auth.conf.j2 b/src/sonic-host-services-data/templates/pam_radius_auth.conf.j2 deleted file mode 100644 index 7d3c73e1ca..0000000000 --- a/src/sonic-host-services-data/templates/pam_radius_auth.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# server[:port] shared_secret timeout(s) source_ip vrf -[{{ server.ip }}]:{{ server.auth_port }} {{ server.passkey }} {{ server.timeout }} {% if server.src_ip %} {{ server.src_ip }} {% endif %} {% if server.vrf %} {% if not server.src_ip %} - {% endif %} {{ server.vrf }}{% endif %} - diff --git a/src/sonic-host-services-data/templates/radius_nss.conf.j2 b/src/sonic-host-services-data/templates/radius_nss.conf.j2 deleted file mode 100644 index a0da68d399..0000000000 --- a/src/sonic-host-services-data/templates/radius_nss.conf.j2 +++ /dev/null @@ -1,58 +0,0 @@ -#THIS IS AN AUTO-GENERATED FILE -# Generated from: /usr/share/sonic/templates/radius_nss.conf.j2 -# RADIUS NSS Configuration File -# -# Debug: on|off|trace -# Default: off -# -# debug=on -{% if debug %} -debug=on -{% endif %} - -# -# User Privilege: -# Default: -# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/usr/bin/sonic-launch-shell -# user_priv=1;pw_info=remote_user;gid=999;group=docker;shell=/usr/bin/sonic-launch-shell - -# Eg: -# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/usr/bin/sonic-launch-shell -# user_priv=7;pw_info=netops;gid=999;group=docker;shell=/usr/bin/sonic-launch-shell -# user_priv=1;pw_info=operator;gid=100;group=docker;shell=/usr/bin/sonic-launch-shell -# - -# many_to_one: -# y: Map RADIUS users to one local user per privilege. -# n: Create local user account on first successful authentication. -# Default: n -# - -# Eg: -# many_to_one=y -# - -# unconfirmed_disallow: -# y: Do not allow unconfirmed users (users created before authentication) -# n: Allow unconfirmed users. -# Default: n - -# Eg: -# unconfirmed_disallow=y -# - -# unconfirmed_ageout: -# : Wait time before purging unconfirmed users -# Default: 600 -# - -# Eg: -# unconfirmed_ageout=900 -# - -# unconfirmed_regexp: -# : The RE to match the command line of processes for which the -# creation of unconfirmed users are to be allowed. -# Default: (.*: \[priv\])|(.*: \[accepted\]) -# where: is the unconfirmed user. -# diff --git a/src/sonic-host-services-data/templates/tacplus_nss.conf.j2 b/src/sonic-host-services-data/templates/tacplus_nss.conf.j2 deleted file mode 100644 index 812b47bfc1..0000000000 --- a/src/sonic-host-services-data/templates/tacplus_nss.conf.j2 +++ /dev/null @@ -1,60 +0,0 @@ -# Configuration for libnss-tacplus - -# debug - If you want to open debug log, set it on -# Default: off -# debug=on -{% if debug %} -debug=on -{% endif %} - -# local_accounting - If you want to local accounting, set it -# Default: None -# local_accounting -{% if local_accounting %} -local_accounting -{% endif %} - -# tacacs_accounting - If you want to tacacs+ accounting, set it -# Default: None -# tacacs_accounting -{% if tacacs_accounting %} -tacacs_accounting -{% endif %} - -# local_authorization - If you want to local authorization, set it -# Default: None -# local_authorization -{% if local_authorization %} -local_authorization -{% endif %} - -# tacacs_authorization - If you want to tacacs+ authorization, set it -# Default: None -# tacacs_authorization -{% if tacacs_authorization %} -tacacs_authorization -{% endif %} - -# src_ip - set source address of TACACS+ protocol packets -# Default: None (auto source ip address) -# src_ip=2.2.2.2 -{% if src_ip %} -src_ip={{ src_ip }} -{% endif %} - -# server - set ip address, tcp port, secret string and timeout for TACACS+ servers -# Default: None (no TACACS+ server) -# server=1.1.1.1:49,secret=test,timeout=3 -{% for server in servers %} -server={{ server.ip }}:{{ server.tcp_port }},secret={{ server.passkey }},timeout={{ server.timeout }}{% if server.vrf %},vrf={{ server.vrf }}{% endif %}{{''}} -{% endfor %} - -# user_priv - set the map between TACACS+ user privilege and local user's passwd -# Default: -# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/bin/bash -# user_priv=1;pw_info=remote_user;gid=999;group=docker;shell=/bin/bash - -# many_to_one - create one local user for many TACACS+ users which has the same privilege -# Default: many_to_one=n -# many_to_one=y -