sonic-buildimage/sonic-slave-stretch/Dockerfile.j2
Hua Liu 4df2bc9b44
[202012] [TACACS+] Add audisp-tacplus for per-command accounting. (#8750) (#15788)
This pull request integrate audisp-tacplus to SONiC for per-command accounting.

##### Work item tracking
- Microsoft ADO **(number only)**: 24433713

#### Why I did it
To support TACACS per-command accounting, we integrate audisp-tacplus project to sonic.

#### How I did it
1. Add auditd service to SONiC
2. Port and patch audisp-tacplus to SONiC

#### How to verify it
UT with CUnit to cover all new code in usersecret-filter.c
Also pass all current UT.

#### Tested branch (Please provide the tested image version)
Extract tacacs support functions into library, this will share TACACS config file parse code with other project.
Also fix memory leak issue in parse config code.

- [ ]  SONiC.202012-15723.312602-e230e2d3e

#### Description for the changelog
Add audisp-tacplus for per-command accounting.
2023-07-12 18:46:47 -07:00

421 lines
12 KiB
Django/Jinja
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{% set prefix = DEFAULT_CONTAINER_REGISTRY %}
{%- if CONFIGURED_ARCH == "armhf" and MULTIARCH_QEMU_ENVIRON == "y" %}
FROM {{ prefix }}multiarch/debian-debootstrap:armhf-stretch
{%- elif CONFIGURED_ARCH == "arm64" and MULTIARCH_QEMU_ENVIRON == "y" %}
FROM {{ prefix }}multiarch/debian-debootstrap:arm64-stretch
{%- else -%}
FROM {{ prefix }}debian:stretch
{%- endif %}
MAINTAINER gulv@microsoft.com
COPY ["no-check-valid-until", "/etc/apt/apt.conf.d/"]
COPY ["sources.list.{{ CONFIGURED_ARCH }}", "/etc/apt/sources.list"]
## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y \
apt-utils \
default-jre-headless \
openssh-server \
curl \
wget \
unzip \
git \
build-essential \
libtool \
lintian \
sudo \
dh-make \
dh-exec \
kmod \
libtinyxml2-4 \
libboost-program-options1.62-dev \
libtinyxml2-dev \
python \
python-pip \
python3-pip \
libncurses5-dev \
texinfo \
dh-autoreconf \
doxygen \
devscripts \
git-buildpackage \
perl-modules \
libswitch-perl \
dh-systemd \
libzmq5 \
libzmq3-dev \
# For quagga build
libreadline-dev \
texlive-latex-base \
texlive-generic-recommended \
texlive-fonts-recommended \
libpam0g-dev \
libpam-dev \
libcap-dev \
imagemagick \
ghostscript \
groff \
libpcre3-dev \
gawk \
chrpath \
# For frr build
libc-ares-dev \
libsnmp-dev \
libjson-c3 \
libjson-c-dev \
libsystemd-dev \
python-ipaddr \
libcmocka-dev \
python3-all-dev \
python3-all-dbg \
install-info \
logrotate \
# For libnl3 (local) build
cdbs \
# For SAI meta build
libxml-simple-perl \
graphviz \
aspell \
# For linux build
bc \
fakeroot \
build-essential \
devscripts \
quilt \
stgit \
# For platform-modules build
module-assistant \
# For thrift build\
gem2deb \
libboost-all-dev \
libevent-dev \
libglib2.0-dev \
libqt4-dev \
python-all-dev \
python-twisted \
phpunit \
libbit-vector-perl \
openjdk-8-jdk \
javahelper \
maven-debian-helper \
ant \
libmaven-ant-tasks-java \
libhttpclient-java \
libslf4j-java \
libservlet3.1-java \
qt5-default \
pkg-php-tools \
# For mellanox sdk build
libpcre3 \
libpcre3-dev \
byacc \
flex \
libglib2.0-dev \
bison \
expat \
libexpat1-dev \
dpatch \
libdb-dev \
iptables-dev \
ctags \
# For mellanox sai build
libtool-bin \
libxml2-dev \
# For BFN sdk build
libusb-1.0-0-dev \
libcurl3-nss-dev \
libunwind8-dev \
telnet \
libc-ares2 \
libgoogle-perftools4 \
# For build image
cpio \
squashfs-tools \
zip \
# For broadcom sdk build
{%- if CONFIGURED_ARCH == "amd64" %}
linux-compiler-gcc-6-x86 \
{%- endif %}
{%- if CONFIGURED_ARCH == "armhf" %}
linux-compiler-gcc-6-arm \
{%- endif %}
linux-kbuild-4.9 \
# teamd build
libdaemon-dev \
libdbus-1-dev \
libjansson-dev \
# For cavium sdk build
libpcap-dev \
dnsutils \
libusb-dev \
# For debian image reconfiguration
augeas-tools \
# For p4 build
libyaml-dev \
libevent-dev \
libjudy-dev \
libedit-dev \
libnanomsg-dev \
python-stdeb \
# For redis build
libjemalloc-dev \
liblua5.1-0-dev \
lua-bitop-dev \
lua-cjson-dev \
# For mft kernel module build
dkms \
# For Jenkins static analysis, unit testing and code coverage
cppcheck \
clang \
pylint \
python-pytest \
gcovr \
python-pytest-cov \
python-parse \
# For snmpd
default-libmysqlclient-dev \
libssl1.0-dev \
libperl-dev \
libpci-dev \
libpci3 \
libsensors4 \
libsensors4-dev \
libwrap0-dev \
# For lldpd
debhelper \
autotools-dev \
libbsd-dev \
pkg-config \
check \
# For mpdecimal
docutils-common \
libjs-sphinxdoc \
libjs-underscore \
python-docutils \
python-jinja2 \
python-markupsafe \
python-pygments \
python-roman \
python-sphinx \
sphinx-common \
python3-sphinx \
# For sonic config engine testing
python-dev \
{%- if CONFIGURED_ARCH == "armhf" or CONFIGURED_ARCH == "arm64" %}
libxslt-dev \
{%- endif %}
# For lockfile
procmail \
# For pam_tacplus build
autoconf-archive \
# For iproute2
cm-super-minimal \
libatm1-dev \
libelf-dev \
libmnl-dev \
libselinux1-dev \
linuxdoc-tools \
lynx \
texlive-latex-extra \
texlive-latex-recommended \
iproute2 \
# For bash
texi2html \
# For initramfs
bash-completion \
{%- if CONFIGURED_ARCH == "amd64" %}
# For sonic vs image build
dosfstools \
qemu-kvm \
libvirt-clients \
{%- endif %}
# For lm-sensors
librrd8 \
librrd-dev \
rrdtool \
# For smartmontools 6.6-1
automake1.11 \
libselinux1-dev \
# For kdump-tools
liblzo2-dev \
# For iptables
libnetfilter-conntrack-dev \
libnftnl-dev \
# For SAI3.7
protobuf-compiler \
libprotobuf-dev \
xxd \
# For DHCP Monitor tool
libexplain-dev \
libevent-dev \
# For libyang
swig \
# For sonic-mgmt-framework
autoconf \
m4 \
libxml2-utils \
xsltproc \
python-lxml \
libexpat1-dev \
# For audisp-tacplus
libauparse-dev \
auditd
## Config dpkg
## install the configuration file if its currently missing
RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confmiss"
## combined with confold: overwrite configuration files that you have not modified
RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confdef"
## do not modify the current configuration file, the new version is installed with a .dpkg-dist suffix
RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confold"
# For smartmontools 6.6-1
RUN apt-get -t stretch-backports install -y debhelper
# For linux build
RUN apt-get -y build-dep linux
# For gobgp and telemetry build
RUN export VERSION=1.14.2 \
{%- if CONFIGURED_ARCH == "armhf" %}
&& wget https://storage.googleapis.com/golang/go$VERSION.linux-armv6l.tar.gz \
&& tar -C /usr/local -xzf go$VERSION.linux-armv6l.tar.gz \
{%- elif CONFIGURED_ARCH == "arm64" %}
&& wget https://storage.googleapis.com/golang/go$VERSION.linux-arm64.tar.gz \
&& tar -C /usr/local -xzf go$VERSION.linux-arm64.tar.gz \
{%- else %}
&& wget https://storage.googleapis.com/golang/go$VERSION.linux-amd64.tar.gz \
&& tar -C /usr/local -xzf go$VERSION.linux-amd64.tar.gz \
{%- endif %}
&& echo 'export GOROOT=/usr/local/go' >> /etc/bash.bashrc \
&& echo 'export PATH=$PATH:$GOROOT/bin' >> /etc/bash.bashrc \
&& rm go$VERSION.linux-*.tar.gz
RUN pip3 install --upgrade pip
RUN pip2 install --upgrade 'pip<21'
RUN apt-get purge -y python-pip python3-pip
# For p4 build
RUN pip2 install \
ctypesgen==0.r125 \
crc16
# Note: Stick with Jinja2 2.x branch as the 3.x dropped support for Python 2.7
RUN pip2 install --force-reinstall --upgrade "Jinja2<3.0.0"
# For sonic config engine testing
# Install pyangbind here, outside sonic-config-engine dependencies, as pyangbind causes enum34 to be installed.
# enum34 causes Python 're' package to not work properly as it redefines an incompatible enum.py module
# https://github.com/robshakir/pyangbind/issues/232
RUN pip3 install pyangbind==0.8.1
RUN pip3 uninstall -y enum34
# For templating
RUN pip2 install j2cli==0.3.10
# For sonic snmpagent mock testing
RUN pip3 install nose==1.3.7
RUN pip3 install mockredispy==2.9.3
# For sonic-mgmt-framework
RUN pip2 install "PyYAML==5.3.1"
RUN pip3 install "PyYAML==5.3.1"
RUN pip2 install "lxml==4.6.5"
RUN pip3 install "lxml==4.6.5"
# For sonic-platform-common testing
RUN pip3 install redis==3.5.3
# For vs image build
RUN pip2 install pexpect==4.6.0
# For sonic-utilities build
RUN pip2 install nose==1.3.7
RUN pip2 install mockredispy==2.9.3
RUN pip2 install pytest-runner==4.4
RUN pip2 install setuptools==40.8.0
# For sonic-swss-common testing
RUN pip2 install Pympler==0.8
# For sonic_yang_model build
RUN pip3 install pyang==2.4.0
# For mgmt-framework build
RUN pip2 install mmh3==2.5.1
# Install dependencies for isc-dhcp-relay build
RUN apt-get -y build-dep isc-dhcp
# Install vim
RUN apt-get install -y vim
# Install rsyslog
RUN apt-get install -y rsyslog
RUN apt-get install -y libgtest-dev
RUN apt-get install -y libarchive13 librhash0
RUN apt-get -t stretch-backports install -y libuv1
# Install cmake/cmake-data 3.13.2-1_bpo9+1
# latest cmake 3.16.3 break the build libyang 1.0.73
RUN wget -O cmake-data_3.13.2-1_bpo9+1_all.deb "https://sonicstorage.blob.core.windows.net/packages/cmake/cmake-data_3.13.2-1_bpo9%2B1_all.deb?st=2020-03-27T02%3A22%3A24Z&se=2100-03-26T19%3A00%3A00Z&sp=rl&sv=2018-03-28&sr=b&sig=Xby%2Bm3OZOjPB%2FSlDbHD65yDcPzAgoys%2FA3vK8RB4BzA%3D"
RUN dpkg -i cmake-data_3.13.2-1_bpo9+1_all.deb || apt-get install -f
{% if CONFIGURED_ARCH == "armhf" %}
RUN wget -O cmake_3.13.2-1_bpo9+1_armhf.deb "https://sonicstorage.blob.core.windows.net/packages/cmake/cmake_3.13.2-1_bpo9%2B1_armhf.deb?st=2020-03-27T02%3A29%3A41Z&se=2100-03-26T19%3A00%3A00Z&sp=rl&sv=2018-03-28&sr=b&sig=sWt7kxrFumn020d2GeutGJ716cuQsFwmAmgU%2BJ0kqnk%3D"
RUN dpkg -i cmake_3.13.2-1_bpo9+1_armhf.deb || apt-get install -f
{% elif CONFIGURED_ARCH == "arm64" %}
RUN wget -O cmake_3.13.2-1_bpo9+1_arm64.deb "https://sonicstorage.blob.core.windows.net/packages/cmake/cmake_3.13.2-1_bpo9%2B1_arm64.deb?st=2020-03-27T02%3A28%3A38Z&se=2100-03-26T19%3A00%3A00Z&sp=rl&sv=2018-03-28&sr=b&sig=rrHMkLi29aI8yH6s52ILCY8VcEbNFrzYT2DmC5RwOgs%3D"
RUN dpkg -i cmake_3.13.2-1_bpo9+1_arm64.deb || apt-get install -f
{% else %}
RUN wget -O cmake_3.13.2-1_bpo9+1_amd64.deb "https://sonicstorage.blob.core.windows.net/packages/cmake/cmake_3.13.2-1_bpo9%2B1_amd64.deb?st=2020-03-27T02%3A27%3A21Z&se=2100-03-26T19%3A00%3A00Z&sp=rl&sv=2018-03-28&sr=b&sig=4MvmmDBQuicFEJYakLm7xCNU19yJ8GIP4ankFSnITKY%3D"
RUN dpkg -i cmake_3.13.2-1_bpo9+1_amd64.deb || apt-get install -f
{% endif %}
RUN cd /usr/src/gtest && cmake . && make -C /usr/src/gtest
RUN mkdir /var/run/sshd
EXPOSE 22
# Install depot-tools (for git-retry)
RUN git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git /usr/share/depot_tools
ENV PATH /usr/share/depot_tools:$PATH
# Install docker engine 17.03.2~ce-0 inside docker and enable experimental feature
RUN apt-get update
RUN apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
RUN add-apt-repository \
"deb [arch={{ CONFIGURED_ARCH }}] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
RUN apt-get update
{%- if CONFIGURED_ARCH == "amd64" %}
RUN apt-get install -y docker-ce=5:18.09.5~3-0~debian-stretch docker-ce-cli=5:18.09.5~3-0~debian-stretch
{%- else %}
RUN apt-get install -y docker-ce=18.06.3~ce~3-0~debian
{%- endif %}
RUN echo "DOCKER_OPTS=\"--experimental --storage-driver=vfs {{ DOCKER_EXTRA_OPTS }}\"" >> /etc/default/docker
# Install m2crypto package, needed by SWI tools
RUN pip install m2crypto==0.36.0
# Install swi tools
RUN pip2 install git+https://github.com/aristanetworks/swi-tools.git@d51761ec0bb93c73039233f3c01ed48235ffad00
{% if CONFIGURED_ARCH != "amd64" -%}
# Install node.js for azure pipeline
RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
RUN apt-get install -y nodejs
# Tell azure pipeline to use node.js in the docker
LABEL "com.azure.dev.pipelines.agent.handler.node.path"="/usr/bin/node"
{% endif -%}