-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dev cli sessions #17623
base: master
Are you sure you want to change the base?
Dev cli sessions #17623
Changes from 6 commits
2539a1d
0940eea
64cf56c
4a4aa75
18f246c
24a9da0
987a19f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
[Unit] | ||
Description=Update serial console config | ||
Requires=sonic.target | ||
After=sonic.target | ||
Before=getty-pre.target | ||
StartLimitIntervalSec=0 | ||
|
||
[Service] | ||
Type=oneshot | ||
ExecStart=/usr/bin/serial-config.sh | ||
|
||
[Install] | ||
WantedBy=sonic.target |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/bash | ||
|
||
# generate conf file for sysrq capabilities. | ||
sonic-cfggen -d -t /usr/share/sonic/templates/sysrq-sysctl.conf.j2 > /etc/sysctl.d/95-sysrq-sysctl.conf | ||
|
||
SYSRQ_CONF=0 | ||
# update sysrq for current boot. | ||
sysrq_conf=`sonic-db-cli CONFIG_DB HGET "SERIAL_CONSOLE|POLICIES" sysrq_capabilities` | ||
if [ ${sysrq_conf} = "enabled" ]; then | ||
SYSRQ_CONF=1 | ||
fi | ||
sudo echo $SYSRQ_CONF > /proc/sys/kernel/sysrq | ||
|
||
# generate env file for profile.d to set auto-logout timeout for serial consoles. | ||
sonic-cfggen -d -t /usr/share/sonic/templates/tmout-env.sh.j2 > /etc/profile.d/tmout-env.sh |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
############################################################################### | ||
# This file was AUTOMATICALLY GENERATED. DO NOT MODIFY. | ||
# Controlled by serial-config.sh | ||
############################################################################### | ||
{% set sysrq = 0 %} | ||
{% set serial_policies = (SERIAL_CONSOLE | d({})).get('POLICIES', {}) -%} | ||
{% if serial_policies.sysrq_capabilities == 'enabled' %} | ||
{% set sysrq = 1 %} | ||
{% endif %} | ||
kernel.sysrq={{ sysrq }} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{# Default timeout (15 min) #} | ||
{% set inactivity_timeout_sec = 900 %} | ||
|
||
{% set serial_pol = (SERIAL_CONSOLE | d({})).get('POLICIES', {}) -%} | ||
{% if serial_pol and serial_pol.inactivity_timeout and serial_pol.inactivity_timeout | int >= 0 %} | ||
{% set inactivity_timeout_sec = serial_pol.inactivity_timeout | int * 60 %} | ||
{% endif %} | ||
|
||
{# apply only for serial tty #} | ||
tty | grep -q tty && \ | ||
export TMOUT={{ inactivity_timeout_sec }} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{ | ||
"SERIAL_CONSOLE": { | ||
"desc": "SERIAL_CONSOLE configuration in the Config DB table." | ||
}, | ||
"SERIAL_CONSOLE_INVALID_INACTIVITY_TIMEOUT": { | ||
"desc": "SERIAL_CONSOLE attribute 'inactivity_timeout' set to invalid value (out of allowed range of [0, 35000] minutes).", | ||
"eStr": "does not satisfy the constraint \"0..35000\"" | ||
}, | ||
"SERIAL_CONSOLE_INVALID_SYSRQ" : { | ||
"desc": "SERIAL_CONSOLE attribute 'sysrq' set to invalid value", | ||
"eStr": "Invalid value" | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"SERIAL_CONSOLE": { | ||
"sonic-serial-console:sonic-serial-console": { | ||
"sonic-serial-console:SERIAL_CONSOLE": { | ||
"POLICIES": { | ||
"inactivity_timeout": 900, | ||
"sysrq_capabilities": "disabled" | ||
} | ||
} | ||
} | ||
}, | ||
|
||
"SERIAL_CONSOLE_INVALID_INACTIVITY_TIMEOUT": { | ||
"sonic-serial-console:sonic-serial-console": { | ||
"sonic-serial-console:SERIAL_CONSOLE": { | ||
"POLICIES": { | ||
"inactivity_timeout": -500 | ||
} | ||
} | ||
} | ||
}, | ||
"SERIAL_CONSOLE_INVALID_SYSRQ" : { | ||
"sonic-serial-console:sonic-serial-console": { | ||
"sonic-serial-console:SERIAL_CONSOLE": { | ||
"POLICIES": { | ||
"sysrq_capabilities": "negative" | ||
} | ||
} | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
//filename: sonic-serial-console.yang | ||
module sonic-serial-console { | ||
yang-version 1.1; | ||
namespace "http://github.com/Azure/sonic-serial-console"; | ||
prefix cli-sessions; | ||
description "SERIAL_CONSOLE YANG Module for SONiC-based OS"; | ||
revision 2023-06-07 { | ||
description "First Revision"; | ||
} | ||
container sonic-serial-console { | ||
container SERIAL_CONSOLE { | ||
description "SERIAL_CONSOLE part of config_db.json"; | ||
container POLICIES { | ||
leaf inactivity_timeout { | ||
description "serial-console inactivity-timeout timer value in minutes"; | ||
type int32 { | ||
range "0..35000"; | ||
} | ||
default 15; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @qiluo-msft hi, yes, this is old defaults in sonic |
||
} | ||
|
||
leaf sysrq_capabilities { | ||
description "managing SysRq capabilities"; | ||
type stypes:admin_mode; | ||
default disabled; | ||
} | ||
} | ||
/* end of container POLICIES */ | ||
} | ||
/* end of container SERIAL_CONSOLE */ | ||
} | ||
/* end of top level container */ | ||
} | ||
/* end of module sonic-serial-console */ |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,6 +11,11 @@ module sonic-ssh-server { | |
description | ||
"First Revision"; | ||
} | ||
|
||
revision 2023-06-07 { | ||
description | ||
"Introduce inactivity timeout and max syslogins options"; | ||
} | ||
|
||
container sonic-ssh-server { | ||
container SSH_SERVER { | ||
|
@@ -40,6 +45,20 @@ module sonic-ssh-server { | |
} | ||
} | ||
} | ||
leaf inactivity_timeout { | ||
description "inactivity timeout (in minutes), 0 means no timeout"; | ||
default 15; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @qiluo-msft hi, yes, this is old defaults in sonic |
||
type uint32 { | ||
range 0..35000; | ||
} | ||
} | ||
leaf max_sessions { | ||
description "limit of concurrent system logins, 0 means no limit"; | ||
default 0; | ||
type uint32 { | ||
range 0..100; | ||
} | ||
} | ||
}/*container policies */ | ||
} /* container SSH_SERVER */ | ||
}/* container sonic-ssh-server */ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ganglyu @wen587 @isabelmsft Please help review the 2 Yang models.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@i-davydenko
Can you create separate PR for sonic yang models?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@i-davydenko is there a PR for yang? can you please share?
also please add it to the HLD list of PRs for the feature