The script got supported added for the maintenance file, but missed a
spot where the actual selection is performed.
Fixes: commit 948f940975
Change-Id: I9d092fd99a821f6f8ce72b0f7b8c05e5ab1c25e6
This variable has been deprecated for a long time (since mr10.5), and it
is not used anywhere in our entire NGCP code base.
Change-Id: I83b3f00c519c8e152fcb166b4ebeb635246b1915
In the deployment of our lab carrier, we are heavily using ngcpcfg set
command for example to change the IP addresses of all proxies. The issue is that
execution of a command takes around 1,5 seconds and this seems because every time
"set" is used, we call the check-permissions script, which has some time
penalty to be executed. Most likely nobody uses set quite often, so that is why
the problem was not so visible for a long time.
Change-Id: I47c6c3b88b0f108aadf9d8d9a2b131e0cb76b498
Add a library to return the full list of ping nodes to use for HA
verification. This makes it possible to print an identical list of ping
nodes in several places without code duplication.
The code is taken from templates/pacemaker/cluster.crm
Change-Id: Ie121a6062a15c09bf15af1761a22c5f4bcc3199e
* sync_timezone_version() checks the current olson database
version from DateTime::TimeZone vs ngcp.timezone.version
and updates billing.contacts.timezone field with the new
names following the "links" (aliases)
Change-Id: Iacb552a9151ffb8eaaa40a16b530cbde0cc4b718
We currently only fix up owner and permissions for known local files,
including the stock config.yml and any variant affecting the current
host (which include role selectors, pair or host specific files).
The problem is that when pushing these to the remotes where the files
are local there, then their permissions will be fixed up, and that will
happen independently for different files on different nodes. Which
results in git conflicts when trying to merge back these files.
Instead add a new variable that contains the glob for all such
customized files which we will fix up in the current node.
Change-Id: Ib2a7317a92733ad5b4d2fa8106759b00049edb68
This new library code will fetch a list of instances for a given service
name with a specific status.
Change-Id: I161af48d777e8478a8f1358ffd40c996cee9b4a5
We need to pass the host lists to the check remote code, and we should
not be passing any host lists to the check shared storage code, as that
takes an action instead.
Change-Id: I7292cf56f110df81f5a3b83da911742bae2af1b2
If value is already quoted it's written as '''X.X''' into yml file so
causes validation fail.
Fix of a38c0e6.
Change-Id: I4baa303950471782e1500561a4535131e4232123
Previously 'set-value' sets 1 even in case 1.0 was passed.
Check if the value is number and if yes - do not reval() it.
Add a testcase for a float number.
Change-Id: I6b4e014b036fe12ad62206ad3386d0bf0b1225f7
Fixing issues reported by new shellcheck v0.9.0:
1) SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).
https://www.shellcheck.net/wiki/SC2317
(new feature as of shellcheck v0.9.0)
2) SC2086 (info): Double quote to prevent globbing and word splitting.
https://www.shellcheck.net/wiki/SC2086
(behavior change with shellcheck v0.9.0)
Change-Id: I73d50157f72b772c381cf1bff497079133bc6d09
If the element of array is not quoted it causes malformed output:
=======================
ngcpcfg set /tmp/config.yml "geo_cluster.remote_shared_proxy=[172.30.52.170]"
---
geo_cluster:
remote_shared_lb: []
remote_shared_proxy:
- "¬\x1E4ª"
======================
So detect it and print the error.
Add a testcase.
Change-Id: I7119256728c82b123eff5a171aa4e257b67ac5ff
Until Debian/bookworm is getting the new stable release, it's
known as bookworm/sid in /etc/debian_version.
Fixes:
| sp1: Error: Cannot process template '/etc/ngcp-config/templates/etc/default/ngcp-proxy.tt2':
| undef error - Error: unsupported Debian codename bookworm at (eval 16) line 30.
Change-Id: Idfe0119ce47cbe8fdcbcd57e9a2c2014e93cf6e1
These commands are db-specific, and the constants one involves the
database credentials, so give both better names to make it clear these
are not general purpose commands.
Preserve backwards compatibility symlinks for external callers, or
user muscle memory, which this gets migrated away.
Change-Id: I3baae364e786ebbdc9e386dfc4f8c0bf54333cd1
This makes this function spN ready, by getting the entire list of
siblings and returning the first of them.
Change-Id: Ifc69b1764bc6d8c1007b8b567f4158a66eca81d8
This method returns a sorted list of hostnames for the pair of the
specified hostname, except itself. This is useful for spN support.
Change-Id: I4e7d46de4f480f4c56701b1663877812f74e3640
To make the code easier to follow and not having to add exceptions or
needing to amend the config for each different ngcp-type-related test,
we split it into three different config types and objects that we can
use when needed, and in an isolated way, so that they are future-proof
against additions to other types.
Change-Id: Ic6ba9ae8a5afc44a53e14a5a3ef9725fb9ccd773
These are only needed on the first dereference, subsequent ones within
the same data structure are implicit.
Change-Id: I9f8b8a9b21540affd1ba342bc1b75eb16788fd5e
Move perl code which actually modifies yml file to separate helper as
there is no sense to recreate it every call of 'ngcpcfg del'.
Change-Id: Iab9e023318cf9798bdb10d89b08dc2afe125c495
In ngcp-initial-configuration there are a lot of multiple sequential calls
of 'ngcpcfg set' which consume significant amount of time.
So add support for setting multiple options to do it at once.
Change-Id: I8cacdbec78ecefc4681048a0fb085b4cb705d83e
Move perl code which actually modifies yml file to separate helper as
there is no sense to recreate it every call of 'ngcpcfg set'.
Change-Id: I08b10186b1aa127d4a2b81ef36b234dfdd46fc8e
If the maintenance mode is enabled, then we shouldn't suggest to
run ngcpcfg build/apply, as this might cause unexpected side effects.
Instead report that the maintenance mode is enabled and we're skipping
checks.
Change-Id: I2ca43142a3caeac2c00514b1353568f4c438fbed
With git v2.37.2-1, as present in current Debian/unstable, our unit
tests might fail - as seen with our Github actions:
| err = ('fatal: detected dubious ownership in repository at '
| "'/tmp/pytest-of-root/pytest-24/test_build_instance_customtt0/ngcpctl-pytest-base/ngcp-config'\n"
| 'To add an exception for this directory, call:\n'
| '\n'
| '\tgit config --global --add safe.directory '
With its underlying working directory looking like:
| root@b5a6b272fb90:/code# ls -la /tmp/pytest-of-root/pytest-24/test_build_instance_customtt0/ngcpctl-pytest-base/ngcp-config
| total 148
| drwxr-xr-x 5 root root 4096 Aug 15 09:12 .
| drwxr-xr-x 3 root root 4096 Aug 15 09:12 ..
| drwxr-xr-x 8 1000 1000 4096 May 18 2021 .git
| -rw-r--r-- 1 1000 1000 305 Jun 11 2020 .gitignore
| -rw-r----- 1 1000 1000 47437 Jun 15 2020 config.yml
| [...]
FTR, this can also be reproduced with our docker setup, when running as
user root, while the underlying ngcpcfg repository is owned by a normal
user:
| root@b5a6b272fb90:/code# ls -la
| total 92
| drwxr-xr-x 16 1000 1000 4096 Aug 15 08:41 .
| drwxr-xr-x 1 root root 4096 Aug 15 08:36 ..
| drwxr-xr-x 8 1000 1000 4096 Aug 15 09:22 .git
| drwxr-xr-x 4 1000 1000 4096 Jun 23 15:37 .github
| -rw-r--r-- 1 1000 1000 125 Jun 23 15:37 .gitignore
| -rw-r--r-- 1 1000 1000 64 Jul 16 2019 .gitreview
| -rw-r--r-- 1 1000 1000 169 Aug 15 08:41 .mailmap
| [...]
Quoting from git's Documentation/RelNotes/2.36.0.txt:
| * With the fixes for CVE-2022-24765 that are common with versions of
| Git 2.30.4, 2.31.3, 2.32.2, 2.33.3, 2.34.3, and 2.35.3, Git has
| been taught not to recognise repositories owned by other users, in
| order to avoid getting affected by their config files and hooks.
| You can list the path to the safe/trusted repositories that may be
| owned by others on a multi-valued configuration variable
| `safe.directory` to override this behaviour, or use '*' to declare
| that you trust anything.
Whereas the following git upstream change checks if a repository is
safe, by verifying the ownership of the worktree (if any), the git
directory, and the gitfile (if any):
| commit 3b0bf2704980b1ed6018622bdf5377ec22289688
| Author: Carlo Marcelo Arenas Belón <carenas@gmail.com>
| Date: Tue May 10 12:35:29 2022 -0700
|
| setup: tighten ownership checks post CVE-2022-24765
This change made it into git v2.30.5, v2.31.4, v2.32.3, v2.33.4,
v2.34.4, v2.35.4, v2.36.2, v2.37.1 + v2.37.2, and we got v2.37.2-1
in Debian/unstable as of 2022-08-12 (see
https://packages.qa.debian.org/g/git/news/20220813T030422Z.html).
This affects us with our mixture of root vs user permissions of the
working directory vs the git directory, so let's make sure the .git
directory has the according permissision as well.
Change-Id: I695fbd5a3b7fb79acc2873f75b8de410c8e3a0aa
* check that host on which instance runs exists
* check that instance names are not dupplicated
* check that instance names in connections are not duplicated
Additionally fix an uniqueness of array members in 'dupe_conn'.
Change-Id: I65fc31107d7e784614974ab9992836885ff50d75
* check doesn't work for 'host' type
* check doesn't test 'type' interface
* introduce test for command
Change-Id: I6a9c37a874aa219f33fde10fb0991f7450906443
Guillem Jover
Volodymyr Fedorov
Mykola Malkov
Sipwise Jenkins Builder
Richard Fuchs
Kirill Solomko
Rene Krenn
Marco Capetta
Michael Prokop
ngcp-config
dzenichev