dbc6718408
In scenario where upgrade gets config from minigraph, it could miss tacacs credentials as they are not in minigraph. Hence restore explicitly upon load-minigraph, if present. - Why I did it Upon boot, when config migration is required, the switch could load config from minigraph. The config-load from minigraph would wipe off TACACS key and disable login via TACACS, which would disable all remote user access. This change, would re-configure the TACACS if there is a saved copy available. - How I did it When config is loaded from minigraph, look for a TACACS credentials back up (tacacs.json) under /etc/sonic/old_config. If present, load the credentials into running config, before config-save is called. - How to verify it Remove /etc/sonic/config_db.json and do an image update. Upon reboot, w/o this change, you would not be able ssh in as remote user. You may login as admin and check out, "show tacacs" & "show aaa" to verify that tacacs-key is missing and login is not enabled for tacacs. With this change applied, remove /etc/sonic/config_db.json, but save tacacs & aaa credentials as tacacs.json in /etc/sonic/. Upon reboot, you should see remote user access possible. |
||
|---|---|---|
| .. | ||
| apt | ||
| bash | ||
| config-chassisdb | ||
| config-setup | ||
| constants | ||
| copp | ||
| corefile_uploader | ||
| cron.d | ||
| ebtables | ||
| environment | ||
| fstrim | ||
| hostname | ||
| interfaces | ||
| kdump | ||
| kubernetes | ||
| logrotate | ||
| misc | ||
| monit | ||
| ntp | ||
| pcie-check | ||
| platform | ||
| rsyslog | ||
| secureboot | ||
| snmp | ||
| sudoers | ||
| sysctl | ||
| syslog | ||
| system-health | ||
| systemd | ||
| topology | ||
| updategraph | ||
| warmboot-finalizer | ||
| watchdog-control | ||