These commands are db-specific, and the constants one involves the
database credentials, so give both better names to make it clear these
are not general purpose commands.
Preserve backwards compatibility symlinks for external callers, or
user muscle memory, which this gets migrated away.
Change-Id: I3baae364e786ebbdc9e386dfc4f8c0bf54333cd1
* check that host on which instance runs exists
* check that instance names are not dupplicated
* check that instance names in connections are not duplicated
Additionally fix an uniqueness of array members in 'dupe_conn'.
Change-Id: I65fc31107d7e784614974ab9992836885ff50d75
* check doesn't work for 'host' type
* check doesn't test 'type' interface
* introduce test for command
Change-Id: I6a9c37a874aa219f33fde10fb0991f7450906443
Use a tree-like formatting similar to ngcp-network-validator, which
mimics the output from pkwalify, which should make it easier to
pin-point where the error happened in the YAML document.
Change-Id: I27c5933e88b392ea473fedae8f3daf87e3bdaf7f
Remove redundant symbol name parts that are clear from the context.
Turn arrays into grammatical plurals, and hash tables into singular,
which are more natural. Use the same "dupe" nomenclature as the
ngcp-network-validator.
Change-Id: I6fb275b4806b7c0e3b71a7bfa943af541d1b3790
Instead of open-coding these functions, use them from List::Util, which
which will be also more performant as they do early exists.
Change-Id: Iab7692f93ece4d66ecc6c1e7d43c5472c0b72835
Introduce a list of checks related to connections:
* check that we don't have instance names duplicates
* prove an existence of a preferred for instnace host
* an instance to which instance gets connected exists
* a host to which instance gets connected exists
* interface via which instance gets connected is defined
Change-Id: I24f43b0fb24e308f571a88f30a72a9b6dd04b94d
Related to previous commit (fa645475), we shouldn't execute
restore-permissions with any actions that aren't modifying system state.
Therefore also skip restore-permissions execution for diff, log + status
actions.
While at it, sort list of actions alphabetically.
Thanks Guillem Jover for raising this.
Change-Id: I803b08eee843d31f12d9810fe33b4327490228da
Execution of `ngcpcfg check` shouldn't modify system state,
and executing the restore-permissions helper script also
takes some notable time (e.g. during ngcp-status execution
it causes ~10% of its runtime).
Change-Id: I8ad861379da3817f0bdf760ea16939c80eae2ce6
This new action concatenates the various configuration files and outputs
the result as YAML. This is useful because they have a determined
ordering, and include optional host specific files that might not be
obvious how to merge.
This will also be the foundation for verifying all the current host
settings against the cfg-schema.
Change-Id: I72a61193f74caf3b2f7a58a47eefad2ed46c973a
The YAML::XS module handles its passed or returned data for Load() and
Dump() as raw UTF-8, irrespective of perl's UTF-8 string markers. When
we use these functions we need to use a «:raw» encoding or we will end
up with doubly encoded strings.
We also need to tell the Template Toolkit to use UTF-8 as encoding, and
then setup the file handles to use the appropriate encodings.
Change-Id: I37a6811f0680763d7177c3ad92ddf9b890869e66
Instead of having to identify the parent process name (ngcpcfg vs.
ngcp-config) inside subprocesses (like "status"), let's provide the
invocation name through the main ngcpcfg binary via variable
NGCPCFG_NAME.
Thanks to Guillem Jover for the suggestion.
Change-Id: Iafbac535bedb9cc9dc73f3d95861a5bc735cc739
Even though this has no current functional difference, as we always have
a hosts definition, we should key the copy action on the copy hash in
the grants.yml file.
Change-Id: I45b6d4100910e600979b187a769a92753a8e7a2f
* drop: '!localhost' can remove all user@host where host is not
'localhost'
* drop: '%' now correctly drops user as user@% where host = '%'
Change-Id: I9c294979a73816ec76c217e9e7e83458cea1b0c1
* ngcpcfg: obey SKIP_UPDATE_PERMS
* t/fixtures/programs.py: set SKIP_*_PERMS to true by default
* t/test_ngcpcfg_apply.py:
touching the file was not producing a change in git
Change-Id: Id8317ff09fee2a9a3d4d2015d1cd782c3f9b62e7
NGCP has two VPN connections (types in network.yml):
- openvpn
- openvpn_vip
The second one should have identical IP on sp1 and sp2,
therefor we have to disable validation for 'tun' interface
(like we have for 'dummy' already).
Change-Id: Ia49d22d4c448a2d77db6a6cd7e755ec2f19a8d7b
* bin/ngcpcfg: SKIP_RESTORE_PERMS so we can skip that on tests
* scripts/status: use NGCPCTL_BASE and NGCPCTL_MAIN so it would work
in test environment
Change-Id: I8ba80bbb2ea3adf1b8cc2a4229568a87f9508cbd
The command 'decrypt' produced an error:
> root@sp1:~# ngcp-config decrypt
> /usr/sbin/ngcp-config: line 12: NGCPCTL_MAIN: unbound variable
> root@sp1:~#
It happens due to the missing load of '"${FUNCTIONS}"/main'
inside 'scripts/decrypt' which is required for 'ngcpcfg_update_perms()'.
The '"${FUNCTIONS}"/main' cannot be loaded here as explained inside 'scripts/decrypt':
> # sadly we can't source ${FUNCTIONS}/main as we are missing a bunch of
> # configuration files that are supposed to be available, therefore
> # provide the main functions we need for successful execution of the
> # decrypt function
The fix here is to extract action 'decrypt' from ngcpcfg_update_perms()
as it is not necessary here as we are unpacking files from archive anyway.
Change-Id: Ic3117f585c2ff4af555fb7600a5b331cf7425e3c
Normally it is necessary to press TAB multiple times, e.g:
> vim /etc/ngcp-conf<TAB>/con<TAB>f<TAB>...
For new NGCP users it is even longer.
In the same time we have a nice usability experience for ngcp-ppa,
where users are just pressing "ngcp-ppa<ENTER>1<ENTER>1<ENTER>".
Let's add the same concept here as the order of the main files is static:
> 1) /etc/ngcp-config/config.yml
> 2) /etc/ngcp-config/network.yml
> 3) /etc/ngcp-config/constants.yml
if I need to edit network.yml I will type:
> ngcpc<TAB> e<TAB><ENTER>2<ENTER>
or even:
> ngcpc<TAB> e<TAB>2<ENTER>
Change-Id: Id20fec8c931c15c73a73689a3f8b552a72ef11f7
Quoting from "man bash" about `-E` (AKA errtrace):
| If set, any trap on ERR is inherited by shell functions, command
| substitutions, and commands executed in a subshell environment.
| The ERR trap is normally not inherited in such cases.
To demonstrate the problem see this short shell script:
| % cat foo
| set -eu -o pipefail
|
| bailout() {
| echo "Bailing out because of error" >&2
| exit 1
| }
| trap bailout 1 2 3 6 9 14 15 ERR
|
| foo() {
| echo "Executing magic"
| magic
| }
|
| foo
| echo end
If "magic" can't be executed, then this fails as follows:
| % bash ./foo
| Executing magic
| ./foo: line 11: magic: command not found
But it doesn't invoke the bailout function via trap.
When using `set -eE` (AKA errexit + errtrace), instead of only
`set -e` (errexit), then it behaves as expected though:
| % bash ./foo
| Executing magic
| ./foo: line 11: magic: command not found
| Bailing out because of error
Change-Id: I9f05355716551cd8fc8f22bd2fa16bbc9d0b7247
* ngcp-sync-grants uses "SET PASSWORD" now as mysql.user is a view
* ngcp-sync-constants rework to use either mysql.global_priv (10.4+)
or else mysql.user to fetch matched passwords. use user@host to
update passwords per. Improve "changed" passwords detection.
Change-Id: I72025f1d1b58304638a3b2444989061648fedb6c
* set_user_protected_password() is renamed to
create_protected_user() to better match its purpose
* the temporary user to help with grants is now created only once
and dropped when the script finishes
Change-Id: I30755617859f43fa6c1acd68f46d473c495a36b8
* check only mode enables only checking if there
are differences with users/grants
* remove flush privileges from a temporary user as
those privileges are only created to retrieve a
MariaDB sorted content, no real access is meant
by them
Change-Id: Ifcbda45e1bf53bb983da0ce005285c00965ea92f
shellcheck v0.7.1 complains about a bunch of issues:
SC1083: This { is literal. Check expression (missing ;/\n?) or quote it.
SC1083: This } is literal. Check expression (missing ;/\n?) or quote it.
SC1090: Can't follow non-constant source. Use a directive to specify location.
SC2034: foo appears unused. Verify it or export it.
SC2059: Don't use variables in the printf format string. Use printf '..%s..' "$foo".
SC2128: Expanding an array without an index only gives the first element.
SC2148: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
SC2155: Declare and assign separately to avoid masking return values.
SC2162: read without -r will mangle backslashes.
SC2164: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly with $?.
SC2207: Prefer mapfile or read -a to split command output (or quote to avoid splitting).
SC2237: Use [ -z .. ] instead of ! [ -n .. ].
We're still bound to support shellcheck v0.3.4 and sadly this version
fails hard when using the modern "shellcheck source=" directives to
address SC1090 and SC1091. It's failing like:
| not ok 1 source/functions/init:8:28: note: The mentioned parser error was in this then clause. [SC1009]
| not ok 2 source/functions/init:10:3: error: Couldn't parse this shellcheck annotation. [SC1073]
| not ok 3 source/functions/init:10:16: error: Unexpected "s". Fix any mentioned problems and try again. [SC1072]
So until we can get rid of supporting this ancient shellcheck version,
instead of using:
| # shellcheck source=etc/ngcp-config/ngcpcfg.cfg
| # shellcheck source=functions/init
| # shellcheck source=functions/logs
| # shellcheck source=functions/main
we need to place disable=SC1090 and disable=SC1091 accordingly.
Change-Id: I14da87a00102609bffdb60e932045180c6d13d5e
Add a new config flag to interfaces to allow usage with just a shared IP
address configured, without a static IP address. This requires special
routing to be set up by the operator and can be used on dummy interfaces
as well.
We explicitly disallow this usage for any interface that has a type of
ha_int or ssh_* or mon_*.
Change-Id: Id950a525d2f499fdd17a0a9fee876f01e9f01d87
Switch away from the old daemon/wrapper architecture, which complicates
things and requires more scaffolding code.
We turn the daemon/wrapper and build_config into a single perl process
that will load all YAML files, and then process each input/output pair
on a parallel child, to try to speed up the processing as much as
possible.
For whole rebuilds, it might speed up the generation by at least a
factor of x2, x4 or more, depending on the number of active processors.
Change-Id: I51aa2f90336e34a20983d8733f45b64d9b6fea0b
If the password is not valid, we should retry until the user has
introduced a valid one, or has canceled the action. Otherwise the
script leaves the system in a bad state, where for example ngcp-reset-db
cannot be re-executed because the password is not valid anymore.
Change-Id: Ic793cabb50a15bed56d916454850db046826083c
We use this module instead of IO::Prompter, which is more lightweight
and has less issues, and is already used in NGCP.
Change-Id: I735bceb7df10d37c68ddedbaa4b5f9ce2a4b3e06
The DBI connect call can be specified the PrintError option, which will
make the function print the contents of the $DBI:errstr, but then we do
that again, which results in redudant output, so we disable this option.
The $DBI::errstr variable contains an error string that is *not*
terminated with a newline. The perl die built-in has magic behavior
when the string it gets does not end in a newline character, it will
then emit the source line, file name and a newline where the error
happened, which is in most cases not what we want. We just avoid
this by adding an explicit newline.
Replace a print + exit with a die, and a printf without a terminating
newline which would mess up further output with a warn call with an
explicit newline, which will also make it go to stderr.
And remove the local PrintError overrides which are now unnecessary.
Change-Id: I348b8cc676da7f255c6c823de2a774694dbca826
Sipwise recommends to set password for MariaDB user 'root'.
It brakes ngcp-reset-db which drops database, upload/create the
new one and cannot connect MariaDB using user 'root' to
initialize all DB passwords using ngcp-sync-constants.
ngcp-sync-constants has to use user 'root' to initialize
DB user 'sipwise' from constants.yml.
We have to request user to provide password for DB user 'root' as
it is NOT stored on NGCP platform anywhere.
P.S. also performed 'wrap-and-sort -sat' here.
Change-Id: I15467ef37d6765e972c8c482a2dbe86eececd0ca
ngcp-config
Guillem Jover
Kirill Solomko
dzenichev
Michael Prokop
Mykola Malkov
Alexander Lutay
Richard Fuchs