[tacacs+ test]: Add TACACS+ test #372
Conversation
liuqu
commented
Nov 30, 2017
liuqu
commented
- Add TACACS+ testcase
- Add username and password for TACACS+ server
* Add TACACS+ testcase * Add username and password for TACACS+ server
| @@ -14,3 +14,6 @@ switch5 | |||
|
|
|||
| [ptf] | |||
| ptf-1 ansible_host=10.0.0.200 ansible_ssh_user=root ansible_ssh_pass=password | |||
|
|
|||
| [tacacs_server] | |||
| tacacs_server ansible_host=10.0.0.9 ansible_ssh_user=root ansible_ssh_pass=root | |||
There was a problem hiding this comment.
@liuqu are you using the default ptf docker within the testbed? I didn't closely follow up PRs in sonic-buildimage, is this server been included and deployed with testbed ptf docker?
did you add your Tacacs+ design/testing document to sonic/wiki so the community member can follow? (I remembered last time it's from your own repo)
There was a problem hiding this comment.
Sorry too late to reply. You can find the the test plan in TACACS+ Test Plan.md
TACACS+ server is a host which installed tac_plus, not included in ptf docker. This configuration is used to save the username and password to ensure that TACACS+ server can be logined to execute sudo command.
There was a problem hiding this comment.
The feature source address for TACACS+ is needed for source address test. It will be pulled request after the current PRs are merged.
| become: true | ||
| shell: config aaa authentication failthrough default | ||
|
|
||
| # Test source address |
There was a problem hiding this comment.
admin@str-s6000-on-4:~$ sudo config tacacs src_ip
Usage: config tacacs [OPTIONS] COMMAND [ARGS]...
Error: No such command "src_ip".
There was a problem hiding this comment.
since src_ip is not supported in current version, I suggest to remove the src_ip test.
| service: | ||
| name: tac_plus | ||
| state: started | ||
| delegate_to: "{{ tacacs_server }}" |
There was a problem hiding this comment.
suggest to move tacacs_server, passkey, test username, passwd all into test inventory. Make this as a testbed requirement, and leave the tacacs+ server setup outside of the test.
I suggest also remove the starting tacacs+ service and add comment indicating whoever perform the testbed needs to setup tacacs service manually to enable the test user and passwd and passkey.
There was a problem hiding this comment.
Some comments have been added to inform user which setup need for TACACS+ testbed. The tacacs+ passkey, user account and password already moved to group_vars/lab/lab.yml
* The feature source address for TACACS+ hasn't been merged in current version, so remove src_ip test temporarily. * Remove configuration for TACACS+ service * Move TACACS+ passkey, user account and password to group_vars/lab/lab.yml * Move configure, testcase and cleanup to one file, remove redundant files. Signed-off-by: Chenchen Qi <[email protected]>
|
superceded by #1428 |
