* ngcp-sync-grants uses "SET PASSWORD" now as mysql.user is a view
* ngcp-sync-constants rework to use either mysql.global_priv (10.4+)
or else mysql.user to fetch matched passwords. use user@host to
update passwords per. Improve "changed" passwords detection.
Change-Id: I72025f1d1b58304638a3b2444989061648fedb6c
If the password is not valid, we should retry until the user has
introduced a valid one, or has canceled the action. Otherwise the
script leaves the system in a bad state, where for example ngcp-reset-db
cannot be re-executed because the password is not valid anymore.
Change-Id: Ic793cabb50a15bed56d916454850db046826083c
We use this module instead of IO::Prompter, which is more lightweight
and has less issues, and is already used in NGCP.
Change-Id: I735bceb7df10d37c68ddedbaa4b5f9ce2a4b3e06
The DBI connect call can be specified the PrintError option, which will
make the function print the contents of the $DBI:errstr, but then we do
that again, which results in redudant output, so we disable this option.
The $DBI::errstr variable contains an error string that is *not*
terminated with a newline. The perl die built-in has magic behavior
when the string it gets does not end in a newline character, it will
then emit the source line, file name and a newline where the error
happened, which is in most cases not what we want. We just avoid
this by adding an explicit newline.
Replace a print + exit with a die, and a printf without a terminating
newline which would mess up further output with a warn call with an
explicit newline, which will also make it go to stderr.
And remove the local PrintError overrides which are now unnecessary.
Change-Id: I348b8cc676da7f255c6c823de2a774694dbca826
Sipwise recommends to set password for MariaDB user 'root'.
It brakes ngcp-reset-db which drops database, upload/create the
new one and cannot connect MariaDB using user 'root' to
initialize all DB passwords using ngcp-sync-constants.
ngcp-sync-constants has to use user 'root' to initialize
DB user 'sipwise' from constants.yml.
We have to request user to provide password for DB user 'root' as
it is NOT stored on NGCP platform anywhere.
P.S. also performed 'wrap-and-sort -sat' here.
Change-Id: I15467ef37d6765e972c8c482a2dbe86eececd0ca
After checking with Kirill, it looks like we do not need any longer
"special handling for user sipwise as it is not in constants.yml".
ngcp-installer fully operates with sipwise_extra.cnf which is filled
from constants.yml, tested as PPA, CE/PRO were installed properly.
The following commands also work well:
> root@spce:~# ngcp-sync-constants -v
> --> nodename => sp1
> --> connected to localhost:3306 using '/etc/mysql/sipwise_extra.cnf'
> --> nothing to update
> root@sp1:~#
> root@spce:~# ngcp-sync-constants -v -r
> --> nodename => spce
> --> connected to localhost:3306 using user 'root'
> --> nothing to update
> root@spce:~#
Also reset DB passwords works in both ways:
- using user 'root':
> ngcp-sync-constants -v -i
> ngcp-sync-constants -v -r
- using user sipwise:
> ngcp-sync-constants -v -i
> ngcpcfg build /etc/mysql/sipwise_extra.cnf
> ngcp-sync-constants -v -r
ngcpcfg build there is necessary to update defaults-extra-file with
newly generated password in constants.yml (credentials->mysql->system->p).
Change-Id: Ib9be8723233ec385256d05576ecfbab613a8c1ce
The latter does not support YAML 1.1, nor many parts of the
specification. Use the more compliant implementation, in addition to try
to converge to a single one, so that we do not get serialization delta
surprises.
Change-Id: Ie51f1c79859d40ef0877fc0ab75f86ee72e14ea4
* ngcp-sync-grants now works with the extra suffix
"with grant option"
* ngcp-sync-constants also syncs user "user" sipwise from
/etc/mysql/sipwise.cnf
Change-Id: I6159257e3c9d34cb674e003e910535807c4e841b
* when there is a situation when a user has mixed records
with correct and incorrect passowrds to detect such
scenario and trigger password sync for the user
Change-Id: I2821dafa211779b149b9c0a8763939cd52f3bb55
On Carrier:
local mysql is 127.0.0.1:3308
pair mysql is localhost:3306
On CE/PRO:
local mysql is localhost:3306
pair mysql is localhost:3306
ngcp-sync-grants/-constants should use pair mysql to upload grants/passwords.
local mysql is comming from db01:3306 using ngcp-sync-db.
Change-Id: I293bda36c64184acfde89a96703f1691279feba6
- work with the new passwords schema in constants.yml
- all grants related code cleanup
- all is performed as a single, not replicated transaction
Change-Id: I7bfafcd6c1a9da67705fefa8beabf395447d96c1
The replication between peers will be set only if this option is set.
If the replication is alredy there, the password of the replication user
will be checked and updated if necessary always. No matter if --pair-repl
is set or not
Change-Id: I2315c8bb316c9348e19cfc3b251a04d4822e0d24
- removes node users before copying grants
- while at it, update password on already created user when copying grants
Change-Id: Ic15a7c27772a071d42e4e4d4bddd4204453b5be9
This is useful on installation phase when the sp2 node is not yet
in sync with sp1, so the grants are not yet there and it will produce
errors in sync afterwards
Change-Id: I47f9ac682f4513d309a41d8c5bab181d6070ecf2
In carrier central.dbhost points to db01a so any connection will use network even db01a|db01b. This connections will be resolved by mysql as sp1|sp2. So we need to add those perms too
Change-Id: Ie09aa15209a9aa5170849a17e383df1d6fc07c4c
We have a regression here for CE during the upgrade mr3.4->trunk:
> Removing proj-data ...
> ...
> Synchronizing data from /etc/ngcp-config/constants.yml
> DBI connect('database=mysql;host=127.0.0.1;port=3306','sipwise',...) failed:
> Can't connect to MySQL server on '127.0.0.1' (111)
> at /usr/sbin/ngcp-sync-constants line 131
> Can't connect to MySQL database mysql: Can't connect to MySQL server on
> '127.0.0.1' (111) at /usr/sbin/ngcp-sync-constants line 131.
It happens because MySQL listens Unix sockets only (due to "skip_networking" in my.cnf)
It doesn't affect newly installed CE trunk,
because it has defaults in /etc/ngcp-config/config.yml:
> database:
> central:
> dbhost: localhost
> pair:
> dbhost: localhost
While upgraded system not yet received those options
(ngcp-upgrade-cfg-schema will be called later).
So, we need to change defaults here to localhost.
MySQL always uses unix sockets for 'localhost'.
Change-Id: I0f07c43ea68ed47b653242cd87ed74e7351dcc1c
From MYSQL documentation:
"If you specify the MASTER_HOST or MASTER_PORT option, the slave
assumes that the master server is different from before
(even if the option value is the same as its current value.)
In this case, the old values for the master binary log file
name and position are considered no longer applicable"
Change-Id: I9be8e0fdab7ce598343df270c2ade0a5095e1f48
Kirill Solomko
Guillem Jover
Alexander Lutay
Michael Prokop
Rene Krenn
Victor Seva
Andreas Granig