The latter does not support YAML 1.1, nor many parts of the
specification. Use the more compliant implementation, in addition to try
to converge to a single one, so that we do not get serialization delta
surprises.
Change-Id: Ie51f1c79859d40ef0877fc0ab75f86ee72e14ea4
This script will validate the network.yml based on a schema constructed
from information only available from the network.yml file itself. This
way we can do the strictest validation, which we could not do before.
Change-Id: I32714e678e901e58d70e4253bcc61a147494c225
It is hard to clean ngcpcfg framework for users with
limited git knowledge, lets introduce action 'clean'.
It should allows users easily reset to 'previous safe state'
in the case 'if something went wrong'.
Also remove old and unreliable error handling hint from manuals,
as we have switched to fast-forward rebase long time ago.
Change-Id: I961e681d55cac15ba8d772b9345c668218313bf4
* all possible grant variations should be supported now
* changes detection algorithm should support all possible
user_options now
Change-Id: Id715219948374c60fff54408037d4506c872af35
* MariaDB + dbd::mysql: dbh->select* returns
"fetch() without execute()" on non-table based sql
statements such as "SHOW GRANTS FOR ..." when there are
no rows to return. Such false error is avoided as
execute() is performed automatically by DBI on "non-prepare()"
methods.
Change-Id: Iac1c1c0473f39ed9f377abb5dea1cbcfbc67868a
* ngcp-sync-grants now works with the extra suffix
"with grant option"
* ngcp-sync-constants also syncs user "user" sipwise from
/etc/mysql/sipwise.cnf
Change-Id: I6159257e3c9d34cb674e003e910535807c4e841b
* when there is a situation when a user has mixed records
with correct and incorrect passowrds to detect such
scenario and trigger password sync for the user
Change-Id: I2821dafa211779b149b9c0a8763939cd52f3bb55
* when in the "copy" mode and all *.localhost grants need
to be copied for some users there may be no such
key (e.g. replicator has only sp1 and sp2). Therefore,
if in the "copy" mode and there is no host for a user
- skip the user and continue instead of dropping with an error
* normalise_grant_str(): added support for more grant elements,
added a check to die if there are unsorted elements left
* recreate use before hosts processing to avoid situations when
the user is repeatedly removed
Change-Id: I706dfcbf52279abc5260b01f658ce554d53a604e
On Carrier:
local mysql is 127.0.0.1:3308
pair mysql is localhost:3306
On CE/PRO:
local mysql is localhost:3306
pair mysql is localhost:3306
ngcp-sync-grants/-constants should use pair mysql to upload grants/passwords.
local mysql is comming from db01:3306 using ngcp-sync-db.
Change-Id: I293bda36c64184acfde89a96703f1691279feba6
* generated password is represented with "!" prefix in mysql.user,
instead of the default "*" where internally it is still the valid one.
that allows to overcome the behavior when a non valid password
is assigned to a user "show grants" returns as if no grants assigned
to him causing ngcp-sync-grants recreate the user every time.
Change-Id: Id0acf626677177e4b17d17b50c78baea5a7f9955
- work with the new passwords schema in constants.yml
- all grants related code cleanup
- all is performed as a single, not replicated transaction
Change-Id: I7bfafcd6c1a9da67705fefa8beabf395447d96c1
- ngcp-sync-grants is responsible for ngcp mysql
grants sync from a template
- it is executed by the 'commit' trigger before ngcp-sync-constants
Change-Id: I082256e57b1394a3f056ad1ca56a5443bfb5a745
Mainly nobody validate the schema in trunk right now
as it requires manual changes for ngcpcfg.cfg.
Also having force validation will allow us to add
validation in ngcp-upgrade and Jenkins nightly builds.
Change-Id: Ia48a778ecf7dae30b26bdff0c5dd5b9000c9d089
Configuring the identical shared IP once again shouldn't cause
duplicate IP records, since e.g. nginx receives two "listen"
lines with the same IP and fails hard then.
New behaviour with this change is to avoid duplicates:
| root@spce:~# ngcp-network --verbose --set-interface=eth0 --shared-ip=1.2.3.4
| [...]
| adding IP entry shared_ip: 1.2.3.4
| [...]
| root@spce:~# ngcp-network --verbose --set-interface=eth0 --shared-ip=1.2.3.4
| [...]
| not setting shared_ip to 1.2.3.4 to avoid duplicates
| [...]
Change-Id: Iee3ff1e7a27bc3298128835468e1e888c327d13d
When setting up carrier environments we have to deal
with many similar nodes, often involving >10 proxy pairs.
By default we create prx01a and prx01b sections only.
Provide --clone-from=<HOST> --clone-to=<HOST> options
as convenience helpers so the operator can clone a
specific host definition and just needs to adapt IP
addresses accordingly afterwards.
Use example to clone the prox01a host definition
to prox02a, prox03a,.... up to prox10a:
for host in {02..10} ; do
ngcp-network --clone-from=prx01a --clone-to=prx${host}a
done
If the peer setting (as used in carrier environments) is
present in the source host config (--clone-from=...) then
we automatically set the peer for the destination, like:
| # ngcp-network --clone-from=prx01a --clone-to=prx01b
| Setting peer of host 'prx01b' to 'prx01a'
| Finished cloning host section 'prx01a' to 'prx01b'.
| Please do not forget to manually adjust '/etc/ngcp-config/network.yml'!
and:
| # ngcp-network --clone-from=prx01a --clone-to=prx04a
| Setting peer of host 'prx04a' to 'prx04b'
| Finished cloning host section 'prx01a' to 'prx04a'.
| Please do not forget to manually adjust '/etc/ngcp-config/network.yml'!
Change-Id: I6c30a2ce58dd8bc66247cfdd0028c18736173e99
Add missing options. Mark optional arguments as such. Surround
replecable text in angle brackets. Refactor usage text. Sort help
actions by action order and place less used actions at the end. Fix
typo in init-mgmt description.
Change-Id: Ifdb587b15cfefad6613d09bff69ea0cbdb5c1fef
The commit action already takes care of invoking etckeeper, so there's
no need to call it from the apply action. In addition calling it after
record_commit_id is either pointless or buggy.
Change-Id: I8ccd40f962c24f99b2ae26655c083bb976e47ce9
The output from «dpkg --list» is for human consumption, the scriptable
output comes from «dpkg-query --show».
Change-Id: Idad77451258b2857af69b6e7bdf5cd6486f3328d
Make the relationship internal, instead of external. So that anything
that might end up calling the build script will always do the right
thing and we will not forget to perform required actions.
Change-Id: Iafc3bc7230c59750de7ec8bf825005011b48f403
This reverts commit db373d3927.
Conflicts:
etc/ngcp-config/ngcpcfg.cfg
Until we've a working solution for this let's revert
the broken change so we avoid this being a release
stopper.
Change-Id: If03d9b3913de23c698b430d583dc7babfcc4ff04
If the latest git commit has a newer timestamp than
our latest "build" action then a "build" (or apply)
run is required, inform the user about it.
Change-Id: I83e2ff47ba54da733d368d78b6616d13d31a66d4
Provide "apply" action as separate script.
We don't care about changes related to etckeeper, but just
about outstanding commits in /etc/ngcp-config.
Change-Id: I47411f00a5085d65cacf9e24fc8a468258d57c31
This allows us to abort in 'ngcpcfg status' whenever there are
outstanding changes to pull/push from the shared storage. Using
the --no-action-failure option allows the user to continue anyway.
Change-Id: I4062d5bb627bb553b98705bb122575651b035849
Disabled by default as we need a time to check it carefuly.
Also we need to solve the "tilda" problem reported upstream:
https://github.com/eserte/p5-Kwalify/issues/1
Change-Id: Ia2c3d48f0ac6fc6ac9899d44f4291544373806d9
- added quiet option to disable loading output at tt2-daemon
- detect arrays and output values joined by space
Change-Id: I0b7694a366a284ca2b24ea2df55cb285b598e66d
The replication between peers will be set only if this option is set.
If the replication is alredy there, the password of the replication user
will be checked and updated if necessary always. No matter if --pair-repl
is set or not
Change-Id: I2315c8bb316c9348e19cfc3b251a04d4822e0d24
- removes node users before copying grants
- while at it, update password on already created user when copying grants
Change-Id: Ic15a7c27772a071d42e4e4d4bddd4204453b5be9
This is useful on installation phase when the sp2 node is not yet
in sync with sp1, so the grants are not yet there and it will produce
errors in sync afterwards
Change-Id: I47f9ac682f4513d309a41d8c5bab181d6070ecf2
In carrier central.dbhost points to db01a so any connection will use network even db01a|db01b. This connections will be resolved by mysql as sp1|sp2. So we need to add those perms too
Change-Id: Ie09aa15209a9aa5170849a17e383df1d6fc07c4c
We have a regression here for CE during the upgrade mr3.4->trunk:
> Removing proj-data ...
> ...
> Synchronizing data from /etc/ngcp-config/constants.yml
> DBI connect('database=mysql;host=127.0.0.1;port=3306','sipwise',...) failed:
> Can't connect to MySQL server on '127.0.0.1' (111)
> at /usr/sbin/ngcp-sync-constants line 131
> Can't connect to MySQL database mysql: Can't connect to MySQL server on
> '127.0.0.1' (111) at /usr/sbin/ngcp-sync-constants line 131.
It happens because MySQL listens Unix sockets only (due to "skip_networking" in my.cnf)
It doesn't affect newly installed CE trunk,
because it has defaults in /etc/ngcp-config/config.yml:
> database:
> central:
> dbhost: localhost
> pair:
> dbhost: localhost
While upgraded system not yet received those options
(ngcp-upgrade-cfg-schema will be called later).
So, we need to change defaults here to localhost.
MySQL always uses unix sockets for 'localhost'.
Change-Id: I0f07c43ea68ed47b653242cd87ed74e7351dcc1c
From MYSQL documentation:
"If you specify the MASTER_HOST or MASTER_PORT option, the slave
assumes that the master server is different from before
(even if the option value is the same as its current value.)
In this case, the old values for the master binary log file
name and position are considered no longer applicable"
Change-Id: I9be8e0fdab7ce598343df270c2ade0a5095e1f48
Michael Prokop
Kirill Solomko
Guillem Jover
Alexander Lutay
Rene Krenn
Victor Seva
Andreas Granig