* [TACACS+]: Add configDB enforcer for TACACS+
* hostcfgd - configDB enforcer for TACACS+, listen configDB to
modify the pam configuration for Authentication in host
* Add a service script for hostcfgd
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
* [TACACS+]: Generate conf file by template file
* Generate common-auth-sonic and tacplus_nss.conf by jinja2 template
Signed-off-by: Chenchen Qi <chenchen.qcc@alibaba-inc.com>
If device MAC is added to init_cfg.json, it has to be done using
intermediate file. We cannot redirect to same file while trying to read
from it because it will be truncated first.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
* [init]: save the initial switch mac to config db
Save the initial switch mac to config db DEVICE_METADATA|localhost entry.
* update sonic-swss submodule
* Add support for vlanconfd and intfconfd
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Change name to vlanmgrd and intfmgrd
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Add missing vlan_members for parse_dpg result
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Remove cfgmgr debug CLI from image
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Update swss and swss-common submodules for VLAN trunk support
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
When updategraph service is enabled, a special value 'default'
from DHCP response will now initialize the system with an empty
configuration instead of existing minigraph.
A DHCP response without option 224 will remain the current behavior
of skipping graph update and use existing default minigraph.
Modify minigraph parser output format so it fit DB schema
Modify configuration templates to fit new schema
Systemd services dependencies are modified so database starts before any configuration consumer
* [rsyslog]: Use timegenerated instead of timestamp
This is useful when rsyslog is used to put markers generated on other machines.
This way all messages will have a timestamp from a single system.
* [rsyslog] Use subseconds from local machine
1. "make target/sonic-broadcom.raw" will create the compressed dd'able image.
2. This will also update the grub config files (device/dell/*/nos_to_sonic_grub.cfg) with the image versions.
- Force log rotation at size thresholds only (no longer also rotating logs daily), allowing for more consistent archived log size
- Eliminate remaining duplicate log messages
- Cron facility now only logs to cron.log (was also logging to syslog)
- Debug, mail, news and user log facilities only log to syslog; no longer creating separate log files for these facilities
- Cron job that calls logrotate every minute now uses the main /etc/logrotate.conf file so as to check/rotate all logs every minute, not just the logs specified in the rsyslog file. Also redirecting output of this command to /dev/null to prevent "(CRON) info (No MTA installed, discarding output)" messages in cron.log due to lack of a mail service
- Delete archive files based on remaining /var/log partition space. Note that this solution currently requires a minimum /var/log partition size of 32MB to function correctly
- Update sonic-sairedis and sonic-swss submodules to incorporate recording file name changes
- Add .screen file to .gitignore (unrelated)
If routes are inserted in main table, they wont' be overwritten
by the routes learned via BGP. Then the routes will be missing
from the ASIC.
Thus a default table is used so that control plane and data plane
routes are isolated and could be configured independently.
- Now that logrotate is a cron job that runs every minute, it was polluting syslog
- Also shrink max size of less-important logs to 50MB and rotate them daily by default
* [rc.local]: Copy saved minigraph if available.
In case of sonic-to-sonic update old image stores minigraph under /host
directory. Upon first boot this minigraph will be used by new image to
save configuration.
Signed-off-by: marian-pritsak <marianp@mellanox.com>
- rsyslog logs were being rotated regardless of whether they exceeded their maixmum size. This was due to "-f" flag passed to logrotate in cron job.
- After rotation, /var/log/syslog was never written to again. Instead, logs were written to /var/log/syslog.1. This was due to rsyslog not properly closing the file descriptor to the pre-rotated log.
- Also brought back time-related rotation via the new(er) maxsize option, which performs a boolean OR operation. If the log exceeds the maxsize OR the log hasn't been rotated in the specified, it will be rotated. Using the older size option, the time-based rotation was ignored.
- Also addresses issue #528
