Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[aaa] Fix common-auth-sonic.j2 template issue #2613

Conversation

ramachandrareddygaddam
Copy link
Contributor

@ramachandrareddygaddam ramachandrareddygaddam commented Feb 27, 2019

- What I did
To select AAA authentication as local and tacacs+ executed the below CLI command.
"config aaa authentication login local tacacs+"
After executing the command, the common-auth-sonic file is not updated with list of authentication modules.
Also with the above selection, hostcfgd enforcer is closed due to UndefinedError exception.
The crash logs are shown below.

Feb 24 10:34:41.563298 sonic INFO hostcfgd[1382]:   File "/usr/bin/hostcfgd", line 155, in aaa_handler
Feb 24 10:34:41.564132 sonic INFO hostcfgd[1382]:     self.aaacfg.aaa_update(key, data)
Feb 24 10:34:41.564872 sonic INFO hostcfgd[1382]:   File "/usr/bin/hostcfgd", line 78, in aaa_update
Feb 24 10:34:41.565641 sonic INFO hostcfgd[1382]:     self.modify_conf_file()
Feb 24 10:34:41.566395 sonic INFO hostcfgd[1382]:   File "/usr/bin/hostcfgd", line 115, in modify_conf_file
Feb 24 10:34:41.567131 sonic INFO hostcfgd[1382]:     pam_conf = template.render(auth=auth, servers=servers_conf)
Feb 24 10:34:41.567969 sonic INFO hostcfgd[1382]:   File "/usr/local/lib/python2.7/dist-packages/jinja2/environment.py", line 1008, in render
Feb 24 10:34:41.568747 sonic INFO hostcfgd[1382]:     return self.environment.handle_exception(exc_info, True)
Feb 24 10:34:41.569478 sonic INFO hostcfgd[1382]:   File "/usr/local/lib/python2.7/dist-packages/jinja2/environment.py", line 780, in handle_exception
Feb 24 10:34:41.570227 sonic INFO hostcfgd[1382]:     reraise(exc_type, exc_value, tb)
Feb 24 10:34:41.570945 sonic INFO hostcfgd[1382]:   File "/usr/share/sonic/templates/common-auth-sonic.j2", line 22, in top-level template code
Feb 24 10:34:41.571683 sonic INFO hostcfgd[1382]:     auth#011[success=1 default=ignore]#011pam_tacplus.so server={{ last_server.ip }}:{{ last_server.tcp_port }} secret={{ last_server.passkey }} login={{ last_server.auth_type }} timeout={{ last_server.timeout }} {% if server.vrf %} vrf={{ last_server.vrf }} {% endif %} try_first_pass
Feb 24 10:34:41.572397 sonic INFO hostcfgd[1382]:   File "/usr/local/lib/python2.7/dist-packages/jinja2/environment.py", line 430, in getattr
Feb 24 10:34:41.573128 sonic INFO hostcfgd[1382]:     return getattr(obj, attribute)
Feb 24 10:34:41.573860 sonic INFO hostcfgd[1382]: jinja2.exceptions.UndefinedError: 'server' is undefined
Feb 24 10:34:41.580348 sonic NOTICE systemd[1]: hostcfgd.service: Main process exited, code=exited, status=1/FAILURE
Feb 24 10:34:41.582178 sonic NOTICE systemd[1]: hostcfgd.service: Unit entered failed state.
Feb 24 10:34:41.582921 sonic WARNING systemd[1]: hostcfgd.service: Failed with result 'exit-code'.

- How I did it

Fixed the UndefinedError exception. User the last_server as server for VRF configuration.
The variable name server is changed to last_server in the below file
files/image_config/hostcfgd/common-auth-sonic.j2

- How to verify it
Configure AAA login authentication methods as local and tacacs+.
Check the /etc/pam.d/common-auth-sonic is updated correctly.
Check AAA authentication works as expected.

…hentication settings in '/etc/pam.d/common-auth-sonic' file.
Copy link
Contributor

@renukamanavalan renukamanavalan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thanks for catching this bug and fixing it.

@jleveque
Copy link
Contributor

Retest this please

@jleveque jleveque changed the title AAA login authentication configuration not correctly updating the authentication settings in '/etc/pam.d/common-auth-sonic' file. [aaa] Fix common-auth-sonic.j2 template issue Mar 1, 2019
@lguohan lguohan merged commit b9edb71 into sonic-net:master Mar 2, 2019
@ramachandrareddygaddam ramachandrareddygaddam deleted the bugfix_configure_aaa_authentication_login_local_tacacs branch March 3, 2019 09:16
Pterosaur added a commit to Pterosaur/sonic-buildimage that referenced this pull request Sep 19, 2023
… latest HEAD

sonic-swss:
```
* 13ef25bf - (HEAD -> master, origin/master, origin/HEAD) [teamd]: Clean teamd process if LAG creation fails (sonic-net#2888) (5 days ago) [Lawrence Lee]
* ae010bfa - Support type7 encoded CAK key for macsec in config_db (sonic-net#2892) (13 days ago) [judyjoseph]
* e6f134fb - [orchagent]: admin-disable port before setPortSerdesAttribute() (sonic-net#2831) (4 weeks ago) [Aman Singhal]
* a67d4a77 - Change default branch to build_branch (sonic-net#2885) (4 weeks ago) [Ze Gan]
* d44761cc - Make sure new binaries replace existing binaries in docker-sonic-vs (sonic-net#2870) (4 weeks ago) [Saikrishna Arcot]
* 7102220a - [Fixbug]: Fix vnet attribute miss if route action is vnet_direct and vnet test cases (sonic-net#2873) (sonic-net#2877) (4 weeks ago) [Ze Gan]
*   873455b7 - Merge pull request sonic-net#2878 from Pterosaur/enable_dash_vstest (4 weeks ago) [Guohan Lu]
|\
| * 44457c86 - Simplify test task and remove duplicated artifacts (4 weeks ago) [Ze Gan]
| * 8bca4ed2 - Trigger Azp (4 weeks ago) [Ze Gan]
| *   6de56ee1 - Merge branch 'master' into enable_dash_vstest (4 weeks ago) [Ze Gan]
| |\
| * | aad88a36 - Disable test_dash_crm (5 weeks ago) [Ze Gan]
| * | 61126eb0 - Enable Dash test in Pipeline (5 weeks ago) [Ze Gan]
* | | ecd88108 - update portStatIds for cisco (sonic-net#2876) (4 weeks ago) [Zhixin Zhu]
* | | f1294999 - [ppi] Relax port attributes validation (sonic-net#2872) (4 weeks ago) [Nazarii Hnydyn]
| |/
|/|
* | b4fcfc9f - Remove fabric queue counters. (sonic-net#2862) (5 weeks ago) [jfeng-arista]
|/
*   bb99f418 - Merge pull request sonic-net#2856 from theasianpianist/master-dash-merge (5 weeks ago) [Guohan Lu]
|\
| *   84b32af2 - Merge branch 'master' into master-dash-merge (5 weeks ago) [Lawrence Lee]
| |\
| |/
|/|
* | ca728200 - [FEC] Adding support of override based on attribute query of SAI_PORT_ATTR_AUTO_NEG_FEC_MODE_OVERRIDE  (sonic-net#2874) (5 weeks ago) [Sudharsan Dhamal Gopalarathnam]
 /
* 3bb71809 - Merge branch 'master' into master-dash-merge (5 weeks ago) [Lawrence Lee]
* 574940dd - Merge branch 'master' into master-dash-merge (6 weeks ago) [Lawrence Lee]
* 660e5e4c - Merge branch 'master' into master-dash-merge (6 weeks ago) [Lawrence Lee]
* 6d941746 - Merge branch 'master' into master-dash-merge (6 weeks ago) [Lawrence Lee]
* c87c86e6 - [dash]: Refactor DASH orch by protobuf format (sonic-net#2722) (8 weeks ago) [Ze Gan]
* c999ea32 - [tests]: Change DVS ENV HWKSU to DPU-2P for DASH vstest (sonic-net#2847) (8 weeks ago) [prabhataravind]
* b2c25dcd - (conflict)[dash] Improve dash orchagent ZMQ code. (sonic-net#2836) (8 weeks ago) [Hua Liu]
* 409b3833 - [tests]: Set HWSKU to NPU-2P for dash vstests (sonic-net#2833) (8 weeks ago) [prabhataravind]
* f2365af9 - (conflict)Enable/disable Zmq by parameter (sonic-net#2828) (8 weeks ago) [Hua Liu]
* 3ade5fc3 - (conflict)[dash] Change dash orchagent from Redis consumer state table to ZMQ consumer state table. (sonic-net#2779) (8 weeks ago) [Hua Liu]
* eaf1bb85 - [crm]: Remove NOT_IMPLEMENTED checks (8 weeks ago) [Lawrence Lee]
* 916d2f10 - [azp]: Don't run DASH tests for regular test runs (8 weeks ago) [Lawrence Lee]
* 208e80bd - update azp to use public pipeline artifacts (8 weeks ago) [Lawrence Lee]
* 2168554d - [dash][ci] fix build pipeline (8 weeks ago) [Yakiv Huryk]
* b6036635 - [dash][ci] update build pipeline to build with bullseye (8 weeks ago) [Yakiv Huryk]
* 37a61ddb - (conflict)[azp] Add DASH to PR trigger for non-DASH VS tests (sonic-net#2813) (8 weeks ago) [Lawrence Lee]
* 37d27b01 - Fix Dash orchagent build issue. (sonic-net#2788) (8 weeks ago) [Hua Liu]
* 07cce313 - (conflict)[CRM][DASH] Extend CrmOrch to support DASH resources. (sonic-net#2739) (8 weeks ago) [Oleksandr Ivantsiv]
* 7c435d1e - [DASH]: Miscellaneous bug fixes and adding vstests (sonic-net#2745) (8 weeks ago) [prabhataravind]
* 6613dd4f - [dash]: Check if overlay IP is specified (sonic-net#2741) (8 weeks ago) [Lawrence Lee]
* c863d48b - [dash] Do not use an action drop with the inbound routing table. (sonic-net#2710) (8 weeks ago) [Oleksandr Ivantsiv]
* 89ce4e0c - [dash]: Don't attempt to bind empty ACL groups (sonic-net#2613) (8 weeks ago) [Lawrence Lee]
* 8ec36a6f - (conflict)[dash]: ACL orchagent (sonic-net#2470) (8 weeks ago) [Ze Gan]
* 29c23b12 - [DASH] Fix compilation issue caused by merge from the master branch. (sonic-net#2594) (8 weeks ago) [Oleksandr Ivantsiv]
* fd3539e5 - [DASH] Add retry logic for VNET mapping table (sonic-net#2583) (8 weeks ago) [Lawrence Lee]
* 9b179c07 - [dash] add USE_DST_VNET_VNI attribute to CA-to-PA entry (sonic-net#2533) (8 weeks ago) [Yakiv Huryk]
* f7fe55fa - Add SAI_ENI_ATTR_VM_UNDERLAY_DIP and SAI_ENI_ATTR_VM_VNI attributes to ENI entry (sonic-net#2514) (8 weeks ago) [prabhataravind]
* aa2a02c5 - (conflict)[Azp]: Add Azp for DASH (sonic-net#2501) (8 weeks ago) [Ze Gan]
* 2d1972f2 - (conflict)orchagent: DASH changes (sonic-net#2459) (8 weeks ago) [prabhataravind]
* acf0fe42 - [DPU] Fix unit tests compilation after merge from master branch. (sonic-net#2478) (8 weeks ago) [Oleksandr Ivantsiv]
* 22c62f63 - (conflict)[DPU] Simplify SWSS initialization to meet DPU requirements. (sonic-net#2440) (8 weeks ago) [Oleksandr Ivantsiv]
```

sonic-sairedis
```
* cfa8da4 - (HEAD -> master, origin/master, origin/HEAD) Add extra parameter to pass vendor LDFLAGS for libsai.so (sonic-net#1291) (3 days ago) [Kamil Cudnik]
* 8046908 - [CRM][DASH] Add the possibility of querying availability for OIDs. (sonic-net#1245) (5 days ago) [Oleksandr Ivantsiv]
* 9547060 - Install nlohmann-json3-dev package for codeql (sonic-net#1290) (10 days ago) [Saikrishna Arcot]
* f3b4dd5 - Use json.hpp from nlohmann-json-dev instead of swss-common (sonic-net#1289) (11 days ago) [Saikrishna Arcot]
* 40c9d13 - [azp] Update az pipeline for swss docker to add syslog (sonic-net#1287) (2 weeks ago) [Kamil Cudnik]
* 4c2527f - port counter support on sonic-vs (sonic-net#1275) (3 weeks ago) [Vishnu Shetty]
* 92c58cf - [Azp]: Change default branch to build_branch (sonic-net#1279) (4 weeks ago) [Ze Gan]
* 7178fb6 - [submodule] Update SAI to latest v1.12 branch (sonic-net#1284) (4 weeks ago) [Oleksandr Ivantsiv]
* 52247b9 - [syncd] Fix missing comma (sonic-net#1278) (4 weeks ago) [Kamil Cudnik]
* 44cd8c4 - [azp] Attempt to fix swss missing libs (sonic-net#1277) (4 weeks ago) [Ze Gan]
* ee308bb - [submodule] Update SAI to latest v1.12 branch (sonic-net#1272) (5 weeks ago) [Kamil Cudnik]
```

Signed-off-by: Ze Gan <[email protected]>
qiluo-msft pushed a commit that referenced this pull request Sep 26, 2023
… latest HEAD (#16599)

sonic-swss:
```
* 13ef25bf - (HEAD -> master, origin/master, origin/HEAD) [teamd]: Clean teamd process if LAG creation fails (#2888) (5 days ago) [Lawrence Lee]
* ae010bfa - Support type7 encoded CAK key for macsec in config_db (#2892) (13 days ago) [judyjoseph]
* e6f134fb - [orchagent]: admin-disable port before setPortSerdesAttribute() (#2831) (4 weeks ago) [Aman Singhal]
* a67d4a77 - Change default branch to build_branch (#2885) (4 weeks ago) [Ze Gan]
* d44761cc - Make sure new binaries replace existing binaries in docker-sonic-vs (#2870) (4 weeks ago) [Saikrishna Arcot]
* 7102220a - [Fixbug]: Fix vnet attribute miss if route action is vnet_direct and vnet test cases (#2873) (#2877) (4 weeks ago) [Ze Gan]
*   873455b7 - Merge pull request #2878 from Pterosaur/enable_dash_vstest (4 weeks ago) [Guohan Lu]
|\
| * 44457c86 - Simplify test task and remove duplicated artifacts (4 weeks ago) [Ze Gan]
| * 8bca4ed2 - Trigger Azp (4 weeks ago) [Ze Gan]
| *   6de56ee1 - Merge branch 'master' into enable_dash_vstest (4 weeks ago) [Ze Gan]
| |\
| * | aad88a36 - Disable test_dash_crm (5 weeks ago) [Ze Gan]
| * | 61126eb0 - Enable Dash test in Pipeline (5 weeks ago) [Ze Gan]
* | | ecd88108 - update portStatIds for cisco (#2876) (4 weeks ago) [Zhixin Zhu]
* | | f1294999 - [ppi] Relax port attributes validation (#2872) (4 weeks ago) [Nazarii Hnydyn]
| |/
|/|
* | b4fcfc9f - Remove fabric queue counters. (#2862) (5 weeks ago) [jfeng-arista]
|/
*   bb99f418 - Merge pull request #2856 from theasianpianist/master-dash-merge (5 weeks ago) [Guohan Lu]
|\
| *   84b32af2 - Merge branch 'master' into master-dash-merge (5 weeks ago) [Lawrence Lee]
| |\
| |/
|/|
* | ca728200 - [FEC] Adding support of override based on attribute query of SAI_PORT_ATTR_AUTO_NEG_FEC_MODE_OVERRIDE  (#2874) (5 weeks ago) [Sudharsan Dhamal Gopalarathnam]
 /
* 3bb71809 - Merge branch 'master' into master-dash-merge (5 weeks ago) [Lawrence Lee]
* 574940dd - Merge branch 'master' into master-dash-merge (6 weeks ago) [Lawrence Lee]
* 660e5e4c - Merge branch 'master' into master-dash-merge (6 weeks ago) [Lawrence Lee]
* 6d941746 - Merge branch 'master' into master-dash-merge (6 weeks ago) [Lawrence Lee]
* c87c86e6 - [dash]: Refactor DASH orch by protobuf format (#2722) (8 weeks ago) [Ze Gan]
* c999ea32 - [tests]: Change DVS ENV HWKSU to DPU-2P for DASH vstest (#2847) (8 weeks ago) [prabhataravind]
* b2c25dcd - (conflict)[dash] Improve dash orchagent ZMQ code. (#2836) (8 weeks ago) [Hua Liu]
* 409b3833 - [tests]: Set HWSKU to NPU-2P for dash vstests (#2833) (8 weeks ago) [prabhataravind]
* f2365af9 - (conflict)Enable/disable Zmq by parameter (#2828) (8 weeks ago) [Hua Liu]
* 3ade5fc3 - (conflict)[dash] Change dash orchagent from Redis consumer state table to ZMQ consumer state table. (#2779) (8 weeks ago) [Hua Liu]
* eaf1bb85 - [crm]: Remove NOT_IMPLEMENTED checks (8 weeks ago) [Lawrence Lee]
* 916d2f10 - [azp]: Don't run DASH tests for regular test runs (8 weeks ago) [Lawrence Lee]
* 208e80bd - update azp to use public pipeline artifacts (8 weeks ago) [Lawrence Lee]
* 2168554d - [dash][ci] fix build pipeline (8 weeks ago) [Yakiv Huryk]
* b6036635 - [dash][ci] update build pipeline to build with bullseye (8 weeks ago) [Yakiv Huryk]
* 37a61ddb - (conflict)[azp] Add DASH to PR trigger for non-DASH VS tests (#2813) (8 weeks ago) [Lawrence Lee]
* 37d27b01 - Fix Dash orchagent build issue. (#2788) (8 weeks ago) [Hua Liu]
* 07cce313 - (conflict)[CRM][DASH] Extend CrmOrch to support DASH resources. (#2739) (8 weeks ago) [Oleksandr Ivantsiv]
* 7c435d1e - [DASH]: Miscellaneous bug fixes and adding vstests (#2745) (8 weeks ago) [prabhataravind]
* 6613dd4f - [dash]: Check if overlay IP is specified (#2741) (8 weeks ago) [Lawrence Lee]
* c863d48b - [dash] Do not use an action drop with the inbound routing table. (#2710) (8 weeks ago) [Oleksandr Ivantsiv]
* 89ce4e0c - [dash]: Don't attempt to bind empty ACL groups (#2613) (8 weeks ago) [Lawrence Lee]
* 8ec36a6f - (conflict)[dash]: ACL orchagent (#2470) (8 weeks ago) [Ze Gan]
* 29c23b12 - [DASH] Fix compilation issue caused by merge from the master branch. (#2594) (8 weeks ago) [Oleksandr Ivantsiv]
* fd3539e5 - [DASH] Add retry logic for VNET mapping table (#2583) (8 weeks ago) [Lawrence Lee]
* 9b179c07 - [dash] add USE_DST_VNET_VNI attribute to CA-to-PA entry (#2533) (8 weeks ago) [Yakiv Huryk]
* f7fe55fa - Add SAI_ENI_ATTR_VM_UNDERLAY_DIP and SAI_ENI_ATTR_VM_VNI attributes to ENI entry (#2514) (8 weeks ago) [prabhataravind]
* aa2a02c5 - (conflict)[Azp]: Add Azp for DASH (#2501) (8 weeks ago) [Ze Gan]
* 2d1972f2 - (conflict)orchagent: DASH changes (#2459) (8 weeks ago) [prabhataravind]
* acf0fe42 - [DPU] Fix unit tests compilation after merge from master branch. (#2478) (8 weeks ago) [Oleksandr Ivantsiv]
* 22c62f63 - (conflict)[DPU] Simplify SWSS initialization to meet DPU requirements. (#2440) (8 weeks ago) [Oleksandr Ivantsiv]
```

sonic-sairedis
```
* cfa8da4 - (HEAD -> master, origin/master, origin/HEAD) Add extra parameter to pass vendor LDFLAGS for libsai.so (#1291) (3 days ago) [Kamil Cudnik]
* 8046908 - [CRM][DASH] Add the possibility of querying availability for OIDs. (#1245) (5 days ago) [Oleksandr Ivantsiv]
* 9547060 - Install nlohmann-json3-dev package for codeql (#1290) (10 days ago) [Saikrishna Arcot]
* f3b4dd5 - Use json.hpp from nlohmann-json-dev instead of swss-common (#1289) (11 days ago) [Saikrishna Arcot]
* 40c9d13 - [azp] Update az pipeline for swss docker to add syslog (#1287) (2 weeks ago) [Kamil Cudnik]
* 4c2527f - port counter support on sonic-vs (#1275) (3 weeks ago) [Vishnu Shetty]
* 92c58cf - [Azp]: Change default branch to build_branch (#1279) (4 weeks ago) [Ze Gan]
* 7178fb6 - [submodule] Update SAI to latest v1.12 branch (#1284) (4 weeks ago) [Oleksandr Ivantsiv]
* 52247b9 - [syncd] Fix missing comma (#1278) (4 weeks ago) [Kamil Cudnik]
* 44cd8c4 - [azp] Attempt to fix swss missing libs (#1277) (4 weeks ago) [Ze Gan]
* ee308bb - [submodule] Update SAI to latest v1.12 branch (#1272) (5 weeks ago) [Kamil Cudnik]
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants