We need to initialize ngcpcfg without HA repo,
to solve chicken-eggs problem about git hooks handking.
Also it will be useful to build glusterfs configs
from tt2 templates and yml configuration.
Then start glusterfs and store HA repo on glusterfs.
In this case ngcp-installer will be able to call:
> ngcpcfg initialise --without_shared
> ngcpcfg set ...
> ngcpcfg build ...
> ngcpcfg init-shared
> ngcpcfg apply "Applying everything together"
In the past it was not so critical problem until we started
taking care about the files permissions which are coming from
ngcp-template-* packages and transferred to POSIX perms via ngcpcfg.
One of the problems there is 'git clone' (which is a part of
HA setup initialisation). It resets file perms if they are not
yet stored into file '.ngcpcfg_perms'.
Change-Id: I3cdc93f309f0b899e626779afb1e71f64b2cb953
Otherwise ngcpcfg fails in trunk with error:
> +03:29:10 (cfg.inc:378): cfg_common_configuration(): ngcpcfg set /etc/ngcp-config/config.yml bootenv.netscript.fallbackfssize=10M
> Save size of 'code' partitions to /etc/ngcp-config/config.yml
> /usr/share/ngcp-ngcpcfg/functions//main: line 68: NGCP_TESTSUITE: unbound variable
Change-Id: I32961cda14550278662acd40ed5863c19412de3c
The li match was triggering for all wildcards and when li mode was not
enabled in some way then we were getting negative results.
The proper way to solve the original problem is to relegate the matching
of the li modes to the end, so that we can properly match on wildcards
and not interfere with other roles.
Change-Id: I7cb559a8dc10e8a832c2e2bcd78f1effc1cc101a
Fixes: commit 236b56d990
- Remove a spurious trailing ';'.
- Make the hook directory reaction conditional on whether we are running
from within a testsuite, to restore its otherwise fatal treatment.
Change-Id: I3f8a5364d7b2f0ac82bfdc132b94641603225f85
Fixes: commit 505d6566d8
Unfortunately git doesn't track POSIX file permissions,
which cause perms drop on some git commands like 'git stash/pull/reset', etc.
We must be sure 'restore-permissions' always executed at the end of 'ngcpcfg'.
Also we must be sure we update .ngcpcfg_perms whenever we start 'ngcpcfg',
otherwise we might loose not-yet committed changes in .ngcpcfg_perms.
Example during the upgrade mr7.0->mr7.1:
1) JFYI, ngcpcfg mr7.1+ copies perms from source tt2 file to the destination config
2) on mr7.0->mr7.1, ngcp-upgrade installs new package ngcp-templates-pro package
with new perms on tt2 files (which are not committed by apt as /etc/ngcp-config
is not covered by 'etckeeper', it is by design).
3) later ngcp-upgrade executes 'ngcpcfg build' to build some config.
4) on PRO/Carrier 'ngcpcfg build' executes 'ngcpcfg pull' first to
ensure there is no outstanding changes on shared git repo
(has been done on Ops request in MT#15803).
5) 'ngcpcfg pull' does 'git stash/pop' before pulling which effectively
reset new perms which came from package in step 1 (as git doesn't track
perms on files, by design).
Summary/fix:
whenever we stash something we should ensure perms are stored as well,
which means we need to generate new .ngcpcfg_perms and store it in stash
together with all the rest local changes.
Change-Id: I5292d4433a39ff2751874d63083f093f19b9cfe2
When running the test suite, in case we need to cover the code paths
that are handling the hooks, we should not assume the files are
installed in the system directories.
Change-Id: I1cd09eaf186d28093eb03ad5e9fc096fe7d63a3e
Since we manage this as a template, the configuration is getting more and more
complex and it's important to have comprehensive tests that help us to detect
problems when we add options and change templates.
Change-Id: Ieff8449f3d6d1cd74a9b44d49e1642a1bf02efc2
The configuration is getting more complex and it's important to have
comprehensive tests that help us to detect problems with the new options.
Change-Id: I5d0004ce5a23b46d48e85294d6fb3bf14073b253
There was a fix for the similar issue in Mantis ticket #7577,
see commit fc5af3bbb2 for more details.
Unfortunately one corner case was missing there:
"git status" doesn't show untracked files in untracked folders by default.
It requires "-u" option with value "all":
>> man git status
> ...
> -u[<mode>], --untracked-files[=<mode>]
> Show untracked files.
>
> The mode parameter is used to specify the handling of untracked files.
> It is optional: it defaults to all, and if specified,
> it must be stuck to the option (e.g. -uno, but not -u no).
>
> The possible options are:
> · no - Show no untracked files.
> · normal - Shows untracked files and directories.
> · all - Also shows individual files in untracked directories.
The ngcpcfg need to see complete path and filename to untracked file
to properly detect .services files and execute them (if configs were changed):
> root@web01a:/etc# git status
> On branch master
> nothing to commit, working tree clean
> root@web01a:/etc# git status --porcelain | sed 's/^...//'
> root@web01a:/etc# touch test1
> root@web01a:/etc# git status --porcelain | sed 's/^...//'
> test1
> root@web01a:/etc# mkdir test2
> root@web01a:/etc# touch test2/test2_file
> root@web01a:/etc# git status --porcelain | sed 's/^...//'
> test1
> test2/
> root@web01a:/etc# git status -uall --porcelain | sed 's/^...//'
> test1
> test2/test2_file
> root@web01a:/etc#
Change-Id: I18286fd76c511061159f90e8aa9841a6e98c7199
Although the NGCPCFG_RUNNING environment variable might be useful for
some of the subprocesses, it is definitely not useful for anything
that gets started via systemd. In that case we have to transmit this
information via the filesystem.
In the future we should probably extend this with some proper locking,
but for our current problem with ngcp-eaddres we'll still want to
completely avoid running if such file exists, not just prevent
multiple concurrent executions.
Change-Id: I0546620d8ef4263177c5d04f7d2546345c42fbb6
This will make it possible for child processes to check whether they are
being executed from ngcpcfg, for example to avoid recursion.
Change-Id: I8f51dd7872c458b8c3214be4bc9a4ab133b3e441
This will make sure any service that should not be running is stopped,
and any that should is started.
Change-Id: I7ab181b66ed3554c8f93f2d9f46dc08ee087a87d
'git status' output has been changed in 2.9 which causes some troubles for us
(we didn't change all the places, we missed ngcpcfg-ha.git repo,
better to use common code in all the places).
Change-Id: Ie664af89ee6d6b31fb3011e763107c41bf4cf00f
We have a hard dependency on netcat-openbsd, see:
| commit 26ba0340b6
| Author: Alexander Lutay <alutay@sipwise.com>
| Date: Mon Jun 4 13:22:27 2018 +0200
|
| TT#37401 Fix 50ecc1544: depends on netcat-openbsd since we use 'nc -U' (not available in 'netcat-traditional')
But our docker image still uses netcat-traditional.
Make sure to have netcat-openbsd available, while at
it also adjust Build-Depends accordingly.
Change-Id: I1d3cfd9b4b56047fa51c3ef1d77060122f4d2568
Due to the code in tt2-wrapper, the only errors reported were failures to
connect to the socket to use the back-end performing the parsing. But there was
no attempt to detect errors in the parsing at all.
Since we are only able to use the output stream and not for example exit codes
of the parser at the back-end (libtemplate-perl), we can only rely on finding
some kind of error string, which can change in future versions of
libtemplate-perl but hopefully not very often, and at most it should only change
when we move base to newer Debian releases.
In the case of the original problem reported we could rely on "parse error", but
since there are two such strings ("file error" and "parse error") the first is
more general and also covers cases like "permission denied to read file" or
other errors that might happen. So the implementation of error checking is
basically grepping for "^file error", the string at the beginning of a line, to
limit possible false positives.
With the new checks and an example of an invalid syntax already in the first
line, "ngcpcfg build" detects the error correctly and stops processing, and
shows information about the source of the problem, e.g.:
root@spce:~# ngcpcfg build /etc/test
2018-10-29 11:37:01 spce: yml configs were validated successfuly
2018-10-29 11:37:01 spce: configs were checked successfuly
2018-10-29 11:37:01 spce: No patchtt files found, nothing to patch.
Loading /etc/ngcp-config/config.yml in memory: OK
Loading /etc/ngcp-config/network.yml in memory: OK
Loading /etc/ngcp-config/constants.yml in memory: OK
2018-10-29 11:37:02 spce: Error: Generating /etc/test based on /etc/ngcp-config/templates//etc/test.customtt.tt2: FAILED
2018-10-29 11:37:02 spce: Error: from generated file:
2018-10-29 11:37:02 spce: Error: file error - parse error - input file handle line 1: unexpected end of directive
2018-10-29 11:37:02 spce: NOTE: Check those files for valid syntax and encoding:
2018-10-29 11:37:02 spce: /etc/ngcp-config/templates//etc/test.customtt.tt2
2018-10-29 11:37:02 spce: /etc/ngcp-config/config.yml
2018-10-29 11:37:02 spce: /etc/ngcp-config/network.yml
2018-10-29 11:37:02 spce: /etc/ngcp-config/constants.yml
2018-10-29 11:37:02 spce: Running /usr/share/ngcp-ngcpcfg/helper/tt2-wrapper <file>
2018-10-29 11:37:02 spce: or inspecting temporary /tmp/ngcpcfg.test.PwGvShIm9G
2018-10-29 11:37:02 spce: should provide more details.
Change-Id: Ic305bdab20a6ce15eca13f19586a2572a90b4e13
When the "mktemp" command is invoked with a template parameter without path
prefixes or without using "--tmpdir", it does not use "/tmp" by default, but
instead it uses the current working directory as the place to create these
temporary files.
This was an oversight based on our side on the unknown behaviour, which was
discovered when working on this task, because we do want to have "/tmp" as the
home for these temporary files.
Change-Id: I1b03dc90cfd8dd9364c8bc3b2bfe0e3c26979e7f
In some conditional branches we make the ip key optional, but never
change netmask to match. Which can end up being required when it
should not, such as on a vlan interface.
Change-Id: I9767434901abb2c0f07c10f8b8800987c2e363c5
The night Carrier trunk installation has failed:
> +02:29:59 (cfg_pro.inc:280): cfg_ngcpcfg_init_mgmt(): cfg_ensure_file_mgmt_node
> ...
> +02:29:59 (cfg_pro.inc:282): cfg_ngcpcfg_init_mgmt(): '[' -x /usr/share/ngcp-ngcpcfg/scripts/init-mgmt ']'
> +02:29:59 (cfg_pro.inc:287): cfg_ngcpcfg_init_mgmt(): DEBUG=yes
> +02:29:59 (cfg_pro.inc:287): cfg_ngcpcfg_init_mgmt(): /usr/share/ngcp-ngcpcfg/scripts/init-mgmt
> /usr/share/ngcp-ngcpcfg/functions//main: line 18: HNAME: unbound variable
The manual execution of script 'init-mgmt' shows no error,
so far if 'DEBUG=yes' is enabled the issue is easily reproducible.
The reason here is debug messages which can be printed on the
very early stage of initialisation and cause the issue here:
> ++ log_debug 'sourced configuration file /etc/ngcp-config/ngcpcfg.cfg'
> ++ '[' -n yes ']'
> ++ logger -t ngcpcfg -- 'Debug: sourced configuration file /etc/ngcp-config/ngcpcfg.cfg'
> ++ console_output 'DEBUG: sourced configuration file /etc/ngcp-config/ngcpcfg.cfg\n'
> ++ '[' -z '+%F %T' ']'
> +++ date '+%F %T'
> ++ local 'timestamp=2018-10-12 10:16:24'
> +++ printf -- '%s: ' '2018-10-12 10:16:24'
> +++ sed 's/./ /g'
> ++ timestamp_replacementchars=' '
> /usr/share/ngcp-ngcpcfg/functions//main: line 18: HNAME: unbound variable
Let's be polite for such kind of log message.
Change-Id: I3647567aba5fad3a103af2e6da35229f6d932bed
It is necessary to improve navigation into long 'ngcpcfg push all'
output on huge customer's systems. Requested by Sipwise Ops team.
Previously:
2018-10-11 10:48:40: Generating /etc/update-motd.d/05-maintenance-mode: OK
2018-10-11 10:48:40: Executing postbuild for /etc/update-motd.d/05-maintenance-mode
2018-10-11 10:48:40: Generating /etc/update-motd.d/10-heartbeat: OK
2018-10-11 10:48:40: Executing postbuild for /etc/update-motd.d/10-heartbeat
2018-10-11 10:48:40: Generating /etc/update-motd.d/20-sysinfo: OK
Now:
2018-10-11 11:55:28 web01a: Generating /etc/systemd/system/redis-server.service: OK
2018-10-11 11:55:28 web01a: Generating /etc/systemd/system/rsyslog.service.d/override.conf: OK
2018-10-11 11:55:28 web01a: Generating /etc/systemd/system/slapd.service.d/override.conf: OK
2018-10-11 11:55:28 web01a: Generating /etc/systemd/system/slapd.service: OK
2018-10-11 11:55:28 web01a: Generating /etc/systemd/system/snmpd.service.d/override.conf: OK
Change-Id: I3035293b95f64033005cc5f8d031dbbfac1dcc33
Currently `/etc/debian_version` for Debian/buster systems includes:
buster/sid
So until we get the according version number via base-files, also
check for the codename instead. Make it more generic so it works for
any upcoming release that uses ".*/sid", to not run into the issue
again with e.g. the upcoming Debian/release codenamed bullseye (the
release expected after buster).
Thanks: Manuel Montecelo for improving my initial version
Change-Id: I59e6adea98b6c228daa2b5ebe14872c4a35b8920
It was impossible to set value like '10G' previosuly:
>> ngcpcfg set /etc/ngcp-config/config.yml bootenv.netscript.fallbackfssize=10M
> Bareword found where operator expected at /tmp/tmp.px3MpkUFZS line 28, near "10M"
> (Missing operator before M?)
> Bareword found where operator expected at /tmp/tmp.px3MpkUFZS line 30, near "10M"
> (Missing operator before M?)
> Bareword found where operator expected at /tmp/tmp.px3MpkUFZS line 31, near "10M"
> (Missing operator before M?)
> Bareword found where operator expected at /tmp/tmp.px3MpkUFZS line 33, near "10M"
> (Missing operator before M?)
> Bareword found where operator expected at /tmp/tmp.px3MpkUFZS line 34, near "10M"
> (Missing operator before M?)
> syntax error at /tmp/tmp.px3MpkUFZS line 28, near "10M"
> syntax error at /tmp/tmp.px3MpkUFZS line 30, near "10M"
> syntax error at /tmp/tmp.px3MpkUFZS line 39, near "}"
> Execution of /tmp/tmp.px3MpkUFZS aborted due to compilation errors.
The 'case' statement doesn't support regular expresions in Bash,
let's rewrite them into linear check.
Change-Id: I29ced837fca0abdc3cbe1ea18c614c4c1dd6780c
At the end of installer's 'configuration' section we need
to restart all services were touched during the installation
(otherwise we need to restart the node completely).
The option helps us in this case as etckeeper is
not reliable enough during the installation.
P.S. we pass options from 'apply' to 'services' now,
we should remove 'Unsupported option(s) given: $*' check,
otherwise it is failing as 'apply' requires commit message,
which cause error on 'services' level: 'Unsupported option(s) given'
> 2018-09-13 18:08:33: Error: Unsupported option(s) given: my commit message
> 2018-09-13 18:08:34: Did you mean '--dry-run'?
Change-Id: I5dac44cd87dc1fc90f81e4ac3a14af32c00f825e
We need to have some reproducible order of services restart,
otherwise this might lead to different results, depending on the order.
Also unifyer() looks too heavy here since the files can be easily
unified in a moment of writing them into ${TMPFILE}.
Change-Id: I0a683a7d57cd52b74cba0ee9a285f84f77f3dc20
It was initially introduced in the commit:
> commit 7d422b7878
> Author: Victor Seva <vseva@sipwise.com>
> Date: Fri Aug 22 17:03:39 2014 +0200
>
> MT#8763 check for .git before running the services
>
> On a multi directory config, the services depends on git. Check
> first if the git repository exists and warn about it
The subshell here was necessary to isolate 'cd $dir' call.
In the same time the "proper" bash way is to use pushd/popd.
For the history, 'shellcheck disable' was muting the warning:
> This only exits the subshell caused by the (..) group. [SC2106]
Change-Id: I3546fa9615858dbbc4c0f91d74de003e22837d55
NGCP doesn't use NDB anymore and also it looks like non-safe commit
as the commit has been done by user 'ngcp-config <root@4bd5de92c84d>' :-D
Removing it.
This reverts commit 9f4d913f6b.
Change-Id: Ie91442a1f33e9ddcae5589c095d19c9e46cd68cb
To be able to generate an authorized_keys file from templates we need
to fetch the public ssh keys for the root user. This function will make
this task easier.
Change-Id: If8edef0e77a5f3c1167fe8dfd0e92e4d9e468a6a
Previously 'systemd daemon-reload' and 'systemctl preset-all'
were executed only if changes detected in configs.
Otherwise the early exit happened if no .service files were triggered:
> DEBUG: No services file(s) reported - nothing to do.
Move the code into the function systed_daemon_reload_preset and
execute it on the top of the script. Also print info message
informing users about reloaded systemd and newly preset units.
It should provide better visibility here.
Change-Id: I992af9fb274ea93a37b812a51cebcd7af5c54133
Otherwise the code in between the functions can be easily missed
which cause issues as described in the ticket and will be fixed
in the following commit.
Change-Id: I57decfcbcd41691d35d085b13881e1e6b5208f6e
This partially reverts commit bc8ae9e795.
We should not match li_dist with regexes as then we would trap cases
that we should not be covering by the li_dist mapping logic. Just do
exact matches.
This also fixes the hypothetical case with other regexes that are not
the wrongly specified '*'.
Change-Id: I9d9d850969e03fa9dc587f2d47a688bc0359e63c
Corrupted YML schema is the popular way for time spending on debug
mystery behaviour on NGCP. We have validation schema since mr4.5
and it coverts all YML files nowadays. Let's enable it by default,
since in field testing shows good results.
In case of the inconsistent schema, apply is still possible with
ngcpcfg option '--no-validate':
> root@sp1:~# ngcpcfg --no-validate apply 'some changes with inconsistent schema'
> 2018-08-29 13:12:27: Error: Invalid schema detected for /etc/ngcp-config/config.yml
> /etc/ngcp-config/config.yml#0: INVALID
> - [/apps] Expected required key 'malicious_call'
>
> DANGEROUS ZONE: invalid configs detected, continue anyway due to option '--no-validate'
> Checking state of local storage:
> ...
Change-Id: Ifa51c9e0c2fd396696f73760d89eadcbe9763456
Otherwise it matches on 'li/li_dist' cases and the library get_all_ips
returns no IPs if called like:
> argv.role='*';
> argv.type='*';
> PROCESS '/usr/lib/ngcp-ngcpcfg/get_all_ips';
> all_ips = out;
This is a hotfix commit for backporting into mr6.4.1 while the "proper" fix
should be re-considered and committed for mr6.5+
P.S we have 3 tt2 templates where we have * in argv parameters.
P.P.S. The code is from Andreas, tnx for the fix!
Change-Id: I119a687389075d2ebdcd824ed457f768b5fb2123
This will collect all service actions, synthetize them into their
minimal expression and execute them in a single batch per action.
Change-Id: I950d5db32e0ec6327964faac4ce8f15449f90e90
the following additional fields can be used in
admin_export_fields/reseller_export_fields in config.yml:
- FURNISHED_CHARGE_INFO:
the fci data returned by external lnp requests
- HEADER_*:
the value of a sip header. * is the sip header name,
which is case-sensitive.
Change-Id: Ie0c95d341648fc63fff23ea2d3054b70fa2cf9e9
We need to use rename semantics when moving the built template into the
destination, so that we avoid reacing on ETXTBSY for executable files.
But we need to fallback to use copy semantics, because at least Docker
bind mounts /etc/hosts, which means we cannot rename over it.
We'll use perl's File::Copy which gives us the exact semantics we need.
Ref: https://github.com/moby/moby/issues/22281
Change-Id: I6ae6ce2050050c13c7ec9d08b0e6e01fb2801fd6
Mykola Malkov
Alexander Lutay
Guillem Jover
Manuel Montecelo
Sipwise Jenkins Builder
Michael Prokop
Rene Krenn