Merge branch 'sonic-net:master' into jhli-exb

sonic-net · Nov 4, 2024 · 1db09f4 · 1db09f4
2 parents 9a88f2e + 13a5419
commit 1db09f4
Show file tree

Hide file tree

Showing 69 changed files with 2,486 additions and 149 deletions.
diff --git a/data/debian/sonic-host-services-data.aaastatsd.service b/data/debian/sonic-host-services-data.aaastatsd.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=AAA Statistics Collection daemon
 Requires=hostcfgd.service
-After=hostcfgd.service updategraph.service
+After=hostcfgd.service config-setup.service
 BindsTo=sonic.target
 After=sonic.target
 

diff --git a/data/debian/sonic-host-services-data.caclmgrd.service b/data/debian/sonic-host-services-data.caclmgrd.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Control Plane ACL configuration daemon
-Requires=updategraph.service
-After=updategraph.service
+Requires=config-setup.service
+After=config-setup.service
 BindsTo=sonic.target
 After=sonic.target
 

diff --git a/data/debian/sonic-host-services-data.determine-reboot-cause.service b/data/debian/sonic-host-services-data.determine-reboot-cause.service
@@ -1,7 +1,8 @@
 [Unit]
 Description=Reboot cause determination service
-Requires=rc-local.service database.service
-After=rc-local.service database.service
+Requires=rc-local.service
+After=rc-local.service
+Wants=process-reboot-cause.service
 
 [Service]
 Type=oneshot

diff --git a/data/debian/sonic-host-services-data.featured.service b/data/debian/sonic-host-services-data.featured.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Feature configuration daemon
-Requires=updategraph.service
-After=updategraph.service
+Requires=config-setup.service
+After=config-setup.service
 BindsTo=sonic.target
 After=sonic.target
 

diff --git a/data/debian/sonic-host-services-data.hostcfgd.service b/data/debian/sonic-host-services-data.hostcfgd.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Host config enforcer daemon
-Requires=updategraph.service
-After=updategraph.service
+Requires=config-setup.service
+After=config-setup.service
 BindsTo=sonic.target
 After=sonic.target
 

diff --git a/data/debian/sonic-host-services-data.procdockerstatsd.service b/data/debian/sonic-host-services-data.procdockerstatsd.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Process and docker CPU/memory utilization data export daemon
-Requires=database.service updategraph.service
-After=database.service updategraph.service
+Requires=database.service config-setup.service
+After=database.service config-setup.service
 BindsTo=sonic.target
 After=sonic.target
 

diff --git a/data/debian/sonic-host-services-data.process-reboot-cause.service b/data/debian/sonic-host-services-data.process-reboot-cause.service
@@ -1,8 +1,16 @@
 [Unit]
 Description=Retrieve the reboot cause from the history files and save them to StateDB
-Requires=database.service determine-reboot-cause.service
+PartOf=database.service
 After=database.service determine-reboot-cause.service
 
 [Service]
 Type=simple
+ExecStartPre=/usr/bin/systemctl is-active database
+ExecStartPre=/usr/bin/systemctl is-active determine-reboot-cause
+Restart=on-failure
+RestartSec=30
+RemainAfterExit=yes
 ExecStart=/usr/local/bin/process-reboot-cause
+
+[Install]
+WantedBy=multi-user.target
diff --git a/data/debian/sonic-host-services-data.process-reboot-cause.timer b/data/debian/sonic-host-services-data.process-reboot-cause.timer
diff --git a/data/debian/sonic-host-services-data.sonic-hostservice.service b/data/debian/sonic-host-services-data.sonic-hostservice.service
@@ -12,5 +12,5 @@ RestartSec=10
 TimeoutStopSec=3
 
 [Install]
-WantedBy=mgmt-framework.service telemetry.service
+WantedBy=mgmt-framework.service telemetry.service gnmi.service
 
diff --git a/data/templates/common-auth-sonic.j2 b/data/templates/common-auth-sonic.j2
@@ -68,6 +68,15 @@ auth	[success=2 default=ignore]	pam_exec.so /usr/sbin/cache_radius
 # Local
 auth	[success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die maxtries=die' if not auth['failthrough'] }}]	pam_unix.so nullok try_first_pass
 
+{% elif auth['login'] == 'ldap,local' %}
+auth    [success=2 default=ignore]      pam_ldap.so minimum_uid=1000 try_first_pass
+auth    [success=1 default=ignore]      pam_unix.so nullok try_first_pass
+{% elif auth['login'] == 'local,ldap' %}
+auth    [success=2 default=ignore]      pam_unix.so nullok try_first_pass
+auth    [success=1 default=ignore]      pam_ldap.so minimum_uid=1000 try_first_pass
+{% elif auth['login'] == 'ldap' %}
+auth    [success=1 default=ignore]      pam_ldap.so minimum_uid=1000 try_first_pass
+
 {% else %}
 auth	[success=1 default=ignore]	pam_unix.so nullok try_first_pass
 

diff --git a/data/templates/ldap.conf.j2 b/data/templates/ldap.conf.j2
@@ -0,0 +1,17 @@
+{{ ldap_cfg.cfg_servers(servers) }}
+
+base {{ ldap_cfg.cfg_base(servers) }}
+
+ldap_version {{ ldap_cfg.cfg_version(servers) }}
+
+binddn {{ ldap_cfg.cfg_bind(servers) }}
+
+bindpw {{ ldap_cfg.cfg_bindpw(servers) }}
+
+port {{ ldap_cfg.cfg_port(servers) }}
+
+scope {{ ldap_cfg.cfg_scope(servers) }}
+
+timelimit {{ ldap_cfg.cfg_timeout(servers) }}
+
+bind_timelimit {{ ldap_cfg.cfg_bind_timeout(servers) }}
diff --git a/data/templates/limits.conf.j2 b/data/templates/limits.conf.j2
@@ -66,4 +66,8 @@
 # ftp             -       chroot          /ftp
 # @student        -       maxlogins       4
 
+{% if max_sessions and max_sessions | int > 0 -%}
+* - maxsyslogins {{ max_sessions }}
+{% endif -%}
+
 # End of file
diff --git a/data/templates/nslcd.conf.j2 b/data/templates/nslcd.conf.j2
@@ -0,0 +1,41 @@
+# /etc/nslcd.conf
+# nslcd configuration file. See nslcd.conf(5)
+# for details.
+
+# The user and group nslcd should run as.
+uid nslcd
+gid nslcd
+
+# The location at which the LDAP server(s) should be reachable.
+{{ ldap_cfg.cfg_servers(servers) }}
+
+# The search base that will be used for all queries.
+base {{ ldap_cfg.cfg_base(servers) }}
+
+
+# The LDAP protocol version to use.
+ldap_version {{ ldap_cfg.cfg_version(servers) }}
+
+# The DN to bind with for normal lookups.
+binddn {{ ldap_cfg.cfg_bind(servers) }}
+bindpw {{ ldap_cfg.cfg_bindpw(servers) }}
+
+# The DN used for password modifications by root.
+#rootpwmoddn cn=admin,dc=example,dc=com
+
+# SSL options
+#ssl off
+#tls_reqcert never
+tls_cacertfile /etc/ssl/certs/ca-certificates.crt
+
+# The search scope.
+scope {{ ldap_cfg.cfg_scope(servers) }}
+
+timelimit {{ ldap_cfg.cfg_timeout(servers) }}
+
+bind_timelimit {{ ldap_cfg.cfg_bind_timeout(servers) }}
+
+nss_initgroups_ignoreusers ALLLOCAL
+
+nss_min_uid 1000
+
diff --git a/host_modules/file_service.py b/host_modules/file_service.py
@@ -0,0 +1,45 @@
+"""File stat handler"""
+
+from host_modules import host_service
+import subprocess
+
+MOD_NAME = 'file'
+EXIT_FAILURE = 1
+
+import os
+
+class FileService(host_service.HostModule):
+    """
+    Dbus endpoint that executes the file command
+    """
+    @host_service.method(host_service.bus_name(MOD_NAME), in_signature='s', out_signature='ia{ss}')
+    def get_file_stat(self, path):
+        if not path:
+            return EXIT_FAILURE, {'error': 'Dbus get_file_stat called with no path specified'}
+
+        try:
+            file_stat = os.stat(path)
+
+            # Get last modified time in nanoseconds since epoch
+            last_modified = int(file_stat.st_mtime * 1e9)  # Convert seconds to nanoseconds
+
+            # Get permissions in octal format
+            permissions = oct(file_stat.st_mode)[-3:]
+
+            # Get file size in bytes
+            size = file_stat.st_size
+
+            # Get current umask
+            current_umask = os.umask(0)
+            os.umask(current_umask)  # Reset umask to previous value
+
+            return 0, {
+                'path': path,
+                'last_modified': str(last_modified),  # Converting to string to maintain consistency
+                'permissions': permissions,
+                'size': str(size),  # Converting to string to maintain consistency
+                'umask': oct(current_umask)[-3:]
+            }
+
+        except Exception as e:
+            return EXIT_FAILURE, {'error': str(e)}
diff --git a/host_modules/gcu.py b/host_modules/gcu.py
@@ -39,6 +39,36 @@ def apply_patch_yang(self, patch_text):
                     break
         return result.returncode, msg
 
+    @host_service.method(host_service.bus_name(MOD_NAME), in_signature='s', out_signature='is')
+    def replace_db(self, patch_text):
+        input_bytes = (patch_text + '\n').encode('utf-8')
+        cmd = ['/usr/local/bin/config', 'replace', '-f', 'CONFIGDB', '/dev/stdin']
+
+        result = subprocess.run(cmd, input=input_bytes, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        msg = ''
+        if result.returncode:
+            lines = result.stderr.decode().split('\n')
+            for line in lines:
+                if 'Error' in line:
+                    msg = line
+                    break
+        return result.returncode, msg
+
+    @host_service.method(host_service.bus_name(MOD_NAME), in_signature='s', out_signature='is')
+    def replace_yang(self, patch_text):
+        input_bytes = (patch_text + '\n').encode('utf-8')
+        cmd = ['/usr/local/bin/config', 'replace', '-f', 'SONICYANG', '/dev/stdin']
+
+        result = subprocess.run(cmd, input=input_bytes, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        msg = ''
+        if result.returncode:
+            lines = result.stderr.decode().split('\n')
+            for line in lines:
+                if 'Error' in line:
+                    msg = line
+                    break
+        return result.returncode, msg
+
     @host_service.method(host_service.bus_name(MOD_NAME), in_signature='s', out_signature='is')
     def create_checkpoint(self, checkpoint_file):
 

diff --git a/host_modules/systemd_service.py b/host_modules/systemd_service.py
@@ -0,0 +1,50 @@
+"""Systemd service handler"""
+
+from host_modules import host_service
+import subprocess
+
+MOD_NAME = 'systemd'
+ALLOWED_SERVICES = ['snmp', 'swss', 'dhcp_relay', 'radv', 'restapi', 'lldp', 'sshd', 'pmon', 'rsyslog', 'telemetry']
+EXIT_FAILURE = 1
+
+
+class SystemdService(host_service.HostModule):
+    """
+    DBus endpoint that executes the service command
+    """
+    @host_service.method(host_service.bus_name(MOD_NAME), in_signature='s', out_signature='is')
+    def restart_service(self, service):
+        if not service:
+            return EXIT_FAILURE, "Dbus restart_service called with no service specified"
+        if service not in ALLOWED_SERVICES:
+            return EXIT_FAILURE, "Dbus does not support {} service restart".format(service)
+
+        cmd = ['/usr/bin/systemctl', 'reset-failed', service]
+        result = subprocess.run(cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        if result.returncode:
+            possible_expected_error = "Failed to reset failed state"
+            msg = result.stderr.decode()
+            if possible_expected_error not in msg:
+                return result.returncode, msg  # Throw error only if unexpected error
+
+        msg = ''
+        cmd = ['/usr/bin/systemctl', 'restart', service]
+        result = subprocess.run(cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        if result.returncode:
+            msg = result.stderr.decode()
+
+        return result.returncode, msg
+
+    @host_service.method(host_service.bus_name(MOD_NAME), in_signature='s', out_signature='is')
+    def stop_service(self, service):
+        if not service:
+            return EXIT_FAILURE, "Dbus stop_service called with no service specified"
+        if service not in ALLOWED_SERVICES:
+            return EXIT_FAILURE, "Dbus does not support {} service management".format(service)
+
+        cmd = ['/usr/bin/systemctl', 'stop', service]
+        result = subprocess.run(cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        msg = ''
+        if result.returncode:
+            msg = result.stderr.decode()
+        return result.returncode, msg