-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add j2 template for enable pam_limit and limit SSH session #10177
Add j2 template for enable pam_limit and limit SSH session #10177
Conversation
/azp run |
You have several pipelines (over 10) configured to build pull requests in this repository. Specify which pipelines you would like to run by using /azp run [pipelines] command. You can specify multiple pipelines using a comma separated list. |
/azp run |
You have several pipelines (over 10) configured to build pull requests in this repository. Specify which pipelines you would like to run by using /azp run [pipelines] command. You can specify multiple pipelines using a comma separated list. |
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
e72797e
to
e5be05b
Compare
…liuh-80/sonic-buildimage into dev/liuh/add_ssh_limit_template
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
@@ -1015,6 +1082,7 @@ class HostConfigDaemon: | |||
radius_global = self.config_db.get_table('RADIUS') | |||
radius_server = self.config_db.get_table('RADIUS_SERVER') | |||
self.aaacfg.load(aaa, tacacs_global, tacacs_server, radius_global, radius_server) | |||
self.pamLimitsCfg.load(self.config_db) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please be aware there is a comprehensive refactor (with some improvement) PR #10168.
This pamLimitsCfg.load
could be move into __init__()
. All the code in HostConfigDaemon.load()
are relating to subscribed tables.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed, move the load code to init()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After move code to init, I found hostcfgd continuously write PAM error message to syslog, also 'frontend' process take almost 100% CPU, however the config file rendered correctly, so I will check why this happpen and fix it soon.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed The UT issue and 'frontend' process issue fixed by remove unnecessary command, the pam-auth-update code request user input which cause high CPU utilization in pamd, also will update 201811 PR.
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
Some UT failed but not related with this PR, I validate this by following test PR which change nothing: https://github.com/Azure/sonic-buildimage/pull/10329/checks?check_run_id=5653802859 and according to failed UT, the issue seems related with this change in sonic-mgmt: |
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run Azure.sonic-buildimage |
Azure Pipelines successfully started running 1 pipeline(s). |
Why I did it
How I did it
How to verify it
Which release branch to backport (provide reason below if selected)
Description for the changelog
A picture of a cute animal (not mandatory but encouraged)