From 6fa9a3f1ef6cddc88b204a90780711ada05f2ed2 Mon Sep 17 00:00:00 2001 From: Dashuai Zhang <164845223+sdszhang@users.noreply.github.com> Date: Wed, 29 May 2024 17:40:57 +1000 Subject: [PATCH] [TACACS] Improve robustness for IPv6 TACACS cases to workaround tacacs_plus server crash issue (#13026) Description of PR Summary: Fixes TACACS failures in test_mgmt_ipv6_only module. Approach What is the motivation for this PR? It's observed that tacacs_plus process may crash when receiving ipv6 tacacs requests. Need a way to workaround it. How did you do it? Similar issue in tacacs/test_ro_user has been fixed in #12819 Using the similar method to restart tacacs_plus process if it fails. How did you verify/test it? Verified in both virtual testbed and physical testbed. Not seeing tacacs failures anymore. co-authorized by: jianquanye@microsoft.com --- tests/ip/test_mgmt_ipv6_only.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/ip/test_mgmt_ipv6_only.py b/tests/ip/test_mgmt_ipv6_only.py index 42cab219e8c..6688a55db7e 100644 --- a/tests/ip/test_mgmt_ipv6_only.py +++ b/tests/ip/test_mgmt_ipv6_only.py @@ -8,7 +8,7 @@ from tests.tacacs.utils import check_output from tests.bgp.test_bgp_fact import run_bgp_facts from tests.test_features import run_show_features -from tests.tacacs.test_ro_user import ssh_remote_run +from tests.tacacs.test_ro_user import ssh_remote_run_retry from tests.ntp.test_ntp import run_ntp, setup_ntp_func # noqa F401 from tests.common.helpers.assertions import pytest_require from tests.tacacs.conftest import tacacs_creds, check_tacacs_v6_func # noqa F401 @@ -128,29 +128,29 @@ def test_snmp_ipv6_only(duthosts, enum_rand_one_per_hwsku_hostname, localhost, c # use function scope fixture so that convert_and_restore_config_db_to_ipv6_only will setup before check_tacacs_v6_func. # Otherwise, tacacs_v6 config may be lost after config reload in ipv6_only fixture. -def test_ro_user_ipv6_only(localhost, duthosts, enum_rand_one_per_hwsku_hostname, +def test_ro_user_ipv6_only(localhost, ptfhost, duthosts, enum_rand_one_per_hwsku_hostname, tacacs_creds, convert_and_restore_config_db_to_ipv6_only, check_tacacs_v6_func): # noqa F811 # Add a temporary debug log to see if DUTs are reachable via IPv6 mgmt-ip. Will remove later log_eth0_interface_info(duthosts) duthost = duthosts[enum_rand_one_per_hwsku_hostname] dutipv6 = get_mgmt_ipv6(duthost) - res = ssh_remote_run(localhost, dutipv6, tacacs_creds['tacacs_ro_user'], - tacacs_creds['tacacs_ro_user_passwd'], 'cat /etc/passwd') + res = ssh_remote_run_retry(localhost, dutipv6, ptfhost, tacacs_creds['tacacs_ro_user'], + tacacs_creds['tacacs_ro_user_passwd'], 'cat /etc/passwd') check_output(res, 'test', 'remote_user') # use function scope fixture so that convert_and_restore_config_db_to_ipv6_only will setup before check_tacacs_v6_func. # Otherwise, tacacs_v6 config may be lost after config reload in ipv6_only fixture. -def test_rw_user_ipv6_only(localhost, duthosts, enum_rand_one_per_hwsku_hostname, +def test_rw_user_ipv6_only(localhost, ptfhost, duthosts, enum_rand_one_per_hwsku_hostname, tacacs_creds, convert_and_restore_config_db_to_ipv6_only, check_tacacs_v6_func): # noqa F811 # Add a temporary debug log to see if DUTs are reachable via IPv6 mgmt-ip. Will remove later log_eth0_interface_info(duthosts) duthost = duthosts[enum_rand_one_per_hwsku_hostname] dutipv6 = get_mgmt_ipv6(duthost) - res = ssh_remote_run(localhost, dutipv6, tacacs_creds['tacacs_rw_user'], - tacacs_creds['tacacs_rw_user_passwd'], "cat /etc/passwd") + res = ssh_remote_run_retry(localhost, dutipv6, ptfhost, tacacs_creds['tacacs_rw_user'], + tacacs_creds['tacacs_rw_user_passwd'], "cat /etc/passwd") check_output(res, 'testadmin', 'remote_user_su')