We should not just check whether these keys are defined, but whether
they contain actual IPs too.
Fixes: commit 80f70d88b2
Change-Id: I122de32629164cc46537ab0800612c8654f1ba14
If we are using DHCP we do not need either an IPv4 nor an IPv6. If we
have an IPv6 we do not need an IPv4. If we have a netmask, a shared
IP, an advertised IP, we should have the matching IP setting.
Change-Id: I13f190086a0540495b0314e58ca301aae6db0453
Otherwise ngcp-installer failed to install PRO/Carrier as
we build the file /etc/ngcp_mgmt_node the very first time on the first MGMT node:
> +08:22:48 cfg_build_templates
> +08:22:48 cfg_build_configs /etc/ngcp_mgmt_node
> +08:22:48 build_configs=($1)
> +08:22:48 declare -a build_configs
> +08:22:48 log_info 'Generating default configuration files /etc/ngcp_mgmt_node'
> +08:22:48 tee -a /tmp/ngcp-installer.log
> +08:22:48 echo 'Generating default configuration files /etc/ngcp_mgmt_node'
> Generating default configuration files /etc/ngcp_mgmt_node
> +08:22:48 ngcpcfg build /etc/ngcp_mgmt_node
> cat: /etc/ngcp_mgmt_node: No such file or directory
> +08:22:48 log_die 'Error running '\''ngcpcfg build'\'''
Checking the file availability is not enough here, the next error is:
> (sp1)root@sp1:/# ngcpcfg build
> /usr/share/ngcp-ngcpcfg/scripts//check: line 83: NGCP_IS_MGMT: unbound variable
> (sp1)root@sp1:/# cat /etc/default/ngcp-roles
> NGCP_TYPE="sppro"
> (sp1)root@sp1:/#
It happens because /etc/default/ngcp-roles is a fake one at this stage.
Handling NGCP_IS_MGMT properly is also not enough:
> (sp1)root@sp1:/# ngcpcfg build
> 2018-07-16 16:49:32: Error: Remote origin of ngcpcfg is '/mnt/glusterfs/ngcpcfg-share', expected: 'sp:/mnt/glusterfs/ngcpcfg-share'.
> 2018-07-16 16:49:32: Error: NOTE: execute `cd /etc/ngcp-config ; git remote set-url origin 'sp:/mnt/glusterfs/ngcpcfg-share'` to adjust setting.
> 2018-07-16 16:49:32: Error: NOTE: perform `ngcpcfg clean --all` to recreate local master branch from remote.
> (sp1)root@sp1:/#
Which happens because the peer is not yet configured at the moment (first node installation).
Introducing new internal option '--no-check-origin' to skip the test into installer.
Change-Id: I0265c65f45972e92ca92320871a7ef29f8904fec
We should be exhaustive here, and any unknown pattern should be caught
and reported, as we might miss information about peers and the cluster
layout otherwise.
Change-Id: I56a9a2b5b6c6f776c0c64fc2f8e01f5f76bb8e10
Previously it had the following behavior:
Select all records with 'Host LIKE' filtering so if requested host was '%'
this select returned all the record for this user.
Then user was delete with 'DELETE ... Host LIKE' statement so if
requested host was '%' it deleted all the records.
With using 'DROP USER' statement the same behavior can be achieved with
the same selecting but drop user not with requested host but with actual
one from select statement.
Change-Id: I72f1dd1962e139939be700794e0eb025fe1615b2
There are a lot of flushing privileges so in order not to flood the
console move it to debug level.
Change-Id: I98e3247881393d7892799cc23c2a4e5dc865185a
Replace unsafe 'DELETE FROM mysql.user' with recommended 'DROP USER'
statement to avoid problems with DROP/CREATE USER due to missing
'FLUSH PRIVILEGES' like:
Error: Cannot create grant temp user: Operation CREATE USER failed
for 'ngcp-sync-db'@'localhost' at /usr/sbin/ngcp-sync-grants line 322.
Execute 'FLUSH PRIVILEGES' before creating and after dropping of temp user
'ngcp-sync-db'.
Change-Id: I49c29b6c39353d4a47f086851a915af1469ebcdd
Script init-mgmt is installed on PRO installation so change
description to the proper one - script is usable only on Carrier
installation.
Change-Id: I7a7904183e30c4146267d73fbfc1075b2b066d08
The 'ngcpcfg' received support for 'patchtt' files, like
> /etc/ngcp-config/templates/etc/foo/bar.patchtt.tt2
Those 'patchtt' are going to be applied on default 'tt2 template' file:
> /etc/ngcp-config/templates/etc/foo/bar.tt2
and produce 'customtt' on 'ngcpcfg patch':
> /etc/ngcp-config/templates/etc/foo/bar.customtt.tt2
Further 'customtt' will be used to overwrite 'tt2 templates'
on 'ngcpcfg build' or 'ngcpcfg apply'.
NOTE: 'ngcpcfg patch' is executed automatically on every 'ngcpcfg build'.
It should allows to update ngcp-templates easily and support
local modifications without the pain (until the patches can be applied).
Change-Id: Ice4369386313c5d33e4d498346345eade6f3d0d7
- eth* interfaces should have a hwaddr.
- anything other than bond*, eth* should have type.
- anything other than bond*, eth* and idrac* should have ip/netmask.
Change-Id: I8c0b4f5eddaaab0c658a5281448735a985ee08f1
* users with special chars, like debian-sys-maint
require revoke/grant to be escaped as 'user'@'host'
* [default.user.host] "parent" is printed in the log if
without debug but only when there is something to change
Change-Id: I63065b5df37eea9136c6e61d15c329b978ba62dd
The latter does not support YAML 1.1, nor many parts of the
specification. Use the more compliant implementation, in addition to try
to converge to a single one, so that we do not get serialization delta
surprises.
Change-Id: Ie51f1c79859d40ef0877fc0ab75f86ee72e14ea4
This script will validate the network.yml based on a schema constructed
from information only available from the network.yml file itself. This
way we can do the strictest validation, which we could not do before.
Change-Id: I32714e678e901e58d70e4253bcc61a147494c225
It is hard to clean ngcpcfg framework for users with
limited git knowledge, lets introduce action 'clean'.
It should allows users easily reset to 'previous safe state'
in the case 'if something went wrong'.
Also remove old and unreliable error handling hint from manuals,
as we have switched to fast-forward rebase long time ago.
Change-Id: I961e681d55cac15ba8d772b9345c668218313bf4
* all possible grant variations should be supported now
* changes detection algorithm should support all possible
user_options now
Change-Id: Id715219948374c60fff54408037d4506c872af35
* MariaDB + dbd::mysql: dbh->select* returns
"fetch() without execute()" on non-table based sql
statements such as "SHOW GRANTS FOR ..." when there are
no rows to return. Such false error is avoided as
execute() is performed automatically by DBI on "non-prepare()"
methods.
Change-Id: Iac1c1c0473f39ed9f377abb5dea1cbcfbc67868a
* ngcp-sync-grants now works with the extra suffix
"with grant option"
* ngcp-sync-constants also syncs user "user" sipwise from
/etc/mysql/sipwise.cnf
Change-Id: I6159257e3c9d34cb674e003e910535807c4e841b
* when there is a situation when a user has mixed records
with correct and incorrect passowrds to detect such
scenario and trigger password sync for the user
Change-Id: I2821dafa211779b149b9c0a8763939cd52f3bb55
* when in the "copy" mode and all *.localhost grants need
to be copied for some users there may be no such
key (e.g. replicator has only sp1 and sp2). Therefore,
if in the "copy" mode and there is no host for a user
- skip the user and continue instead of dropping with an error
* normalise_grant_str(): added support for more grant elements,
added a check to die if there are unsorted elements left
* recreate use before hosts processing to avoid situations when
the user is repeatedly removed
Change-Id: I706dfcbf52279abc5260b01f658ce554d53a604e
On Carrier:
local mysql is 127.0.0.1:3308
pair mysql is localhost:3306
On CE/PRO:
local mysql is localhost:3306
pair mysql is localhost:3306
ngcp-sync-grants/-constants should use pair mysql to upload grants/passwords.
local mysql is comming from db01:3306 using ngcp-sync-db.
Change-Id: I293bda36c64184acfde89a96703f1691279feba6
* generated password is represented with "!" prefix in mysql.user,
instead of the default "*" where internally it is still the valid one.
that allows to overcome the behavior when a non valid password
is assigned to a user "show grants" returns as if no grants assigned
to him causing ngcp-sync-grants recreate the user every time.
Change-Id: Id0acf626677177e4b17d17b50c78baea5a7f9955
- work with the new passwords schema in constants.yml
- all grants related code cleanup
- all is performed as a single, not replicated transaction
Change-Id: I7bfafcd6c1a9da67705fefa8beabf395447d96c1
- ngcp-sync-grants is responsible for ngcp mysql
grants sync from a template
- it is executed by the 'commit' trigger before ngcp-sync-constants
Change-Id: I082256e57b1394a3f056ad1ca56a5443bfb5a745
Mainly nobody validate the schema in trunk right now
as it requires manual changes for ngcpcfg.cfg.
Also having force validation will allow us to add
validation in ngcp-upgrade and Jenkins nightly builds.
Change-Id: Ia48a778ecf7dae30b26bdff0c5dd5b9000c9d089
Configuring the identical shared IP once again shouldn't cause
duplicate IP records, since e.g. nginx receives two "listen"
lines with the same IP and fails hard then.
New behaviour with this change is to avoid duplicates:
| root@spce:~# ngcp-network --verbose --set-interface=eth0 --shared-ip=1.2.3.4
| [...]
| adding IP entry shared_ip: 1.2.3.4
| [...]
| root@spce:~# ngcp-network --verbose --set-interface=eth0 --shared-ip=1.2.3.4
| [...]
| not setting shared_ip to 1.2.3.4 to avoid duplicates
| [...]
Change-Id: Iee3ff1e7a27bc3298128835468e1e888c327d13d
When setting up carrier environments we have to deal
with many similar nodes, often involving >10 proxy pairs.
By default we create prx01a and prx01b sections only.
Provide --clone-from=<HOST> --clone-to=<HOST> options
as convenience helpers so the operator can clone a
specific host definition and just needs to adapt IP
addresses accordingly afterwards.
Use example to clone the prox01a host definition
to prox02a, prox03a,.... up to prox10a:
for host in {02..10} ; do
ngcp-network --clone-from=prx01a --clone-to=prx${host}a
done
If the peer setting (as used in carrier environments) is
present in the source host config (--clone-from=...) then
we automatically set the peer for the destination, like:
| # ngcp-network --clone-from=prx01a --clone-to=prx01b
| Setting peer of host 'prx01b' to 'prx01a'
| Finished cloning host section 'prx01a' to 'prx01b'.
| Please do not forget to manually adjust '/etc/ngcp-config/network.yml'!
and:
| # ngcp-network --clone-from=prx01a --clone-to=prx04a
| Setting peer of host 'prx04a' to 'prx04b'
| Finished cloning host section 'prx01a' to 'prx04a'.
| Please do not forget to manually adjust '/etc/ngcp-config/network.yml'!
Change-Id: I6c30a2ce58dd8bc66247cfdd0028c18736173e99
Add missing options. Mark optional arguments as such. Surround
replecable text in angle brackets. Refactor usage text. Sort help
actions by action order and place less used actions at the end. Fix
typo in init-mgmt description.
Change-Id: Ifdb587b15cfefad6613d09bff69ea0cbdb5c1fef
The commit action already takes care of invoking etckeeper, so there's
no need to call it from the apply action. In addition calling it after
record_commit_id is either pointless or buggy.
Change-Id: I8ccd40f962c24f99b2ae26655c083bb976e47ce9
Guillem Jover
Alexander Lutay
Mykola Malkov
Manuel Montecelo
Richard Fuchs
Kirill Solomko
Michael Prokop