Script init-mgmt is installed on PRO installation so change
description to the proper one - script is usable only on Carrier
installation.
Change-Id: I7a7904183e30c4146267d73fbfc1075b2b066d08
The 'ngcpcfg' received support for 'patchtt' files, like
> /etc/ngcp-config/templates/etc/foo/bar.patchtt.tt2
Those 'patchtt' are going to be applied on default 'tt2 template' file:
> /etc/ngcp-config/templates/etc/foo/bar.tt2
and produce 'customtt' on 'ngcpcfg patch':
> /etc/ngcp-config/templates/etc/foo/bar.customtt.tt2
Further 'customtt' will be used to overwrite 'tt2 templates'
on 'ngcpcfg build' or 'ngcpcfg apply'.
NOTE: 'ngcpcfg patch' is executed automatically on every 'ngcpcfg build'.
It should allows to update ngcp-templates easily and support
local modifications without the pain (until the patches can be applied).
Change-Id: Ice4369386313c5d33e4d498346345eade6f3d0d7
- eth* interfaces should have a hwaddr.
- anything other than bond*, eth* should have type.
- anything other than bond*, eth* and idrac* should have ip/netmask.
Change-Id: I8c0b4f5eddaaab0c658a5281448735a985ee08f1
* users with special chars, like debian-sys-maint
require revoke/grant to be escaped as 'user'@'host'
* [default.user.host] "parent" is printed in the log if
without debug but only when there is something to change
Change-Id: I63065b5df37eea9136c6e61d15c329b978ba62dd
The latter does not support YAML 1.1, nor many parts of the
specification. Use the more compliant implementation, in addition to try
to converge to a single one, so that we do not get serialization delta
surprises.
Change-Id: Ie51f1c79859d40ef0877fc0ab75f86ee72e14ea4
This script will validate the network.yml based on a schema constructed
from information only available from the network.yml file itself. This
way we can do the strictest validation, which we could not do before.
Change-Id: I32714e678e901e58d70e4253bcc61a147494c225
It is hard to clean ngcpcfg framework for users with
limited git knowledge, lets introduce action 'clean'.
It should allows users easily reset to 'previous safe state'
in the case 'if something went wrong'.
Also remove old and unreliable error handling hint from manuals,
as we have switched to fast-forward rebase long time ago.
Change-Id: I961e681d55cac15ba8d772b9345c668218313bf4
* all possible grant variations should be supported now
* changes detection algorithm should support all possible
user_options now
Change-Id: Id715219948374c60fff54408037d4506c872af35
* MariaDB + dbd::mysql: dbh->select* returns
"fetch() without execute()" on non-table based sql
statements such as "SHOW GRANTS FOR ..." when there are
no rows to return. Such false error is avoided as
execute() is performed automatically by DBI on "non-prepare()"
methods.
Change-Id: Iac1c1c0473f39ed9f377abb5dea1cbcfbc67868a
* ngcp-sync-grants now works with the extra suffix
"with grant option"
* ngcp-sync-constants also syncs user "user" sipwise from
/etc/mysql/sipwise.cnf
Change-Id: I6159257e3c9d34cb674e003e910535807c4e841b
* when there is a situation when a user has mixed records
with correct and incorrect passowrds to detect such
scenario and trigger password sync for the user
Change-Id: I2821dafa211779b149b9c0a8763939cd52f3bb55
* when in the "copy" mode and all *.localhost grants need
to be copied for some users there may be no such
key (e.g. replicator has only sp1 and sp2). Therefore,
if in the "copy" mode and there is no host for a user
- skip the user and continue instead of dropping with an error
* normalise_grant_str(): added support for more grant elements,
added a check to die if there are unsorted elements left
* recreate use before hosts processing to avoid situations when
the user is repeatedly removed
Change-Id: I706dfcbf52279abc5260b01f658ce554d53a604e
On Carrier:
local mysql is 127.0.0.1:3308
pair mysql is localhost:3306
On CE/PRO:
local mysql is localhost:3306
pair mysql is localhost:3306
ngcp-sync-grants/-constants should use pair mysql to upload grants/passwords.
local mysql is comming from db01:3306 using ngcp-sync-db.
Change-Id: I293bda36c64184acfde89a96703f1691279feba6
* generated password is represented with "!" prefix in mysql.user,
instead of the default "*" where internally it is still the valid one.
that allows to overcome the behavior when a non valid password
is assigned to a user "show grants" returns as if no grants assigned
to him causing ngcp-sync-grants recreate the user every time.
Change-Id: Id0acf626677177e4b17d17b50c78baea5a7f9955
- work with the new passwords schema in constants.yml
- all grants related code cleanup
- all is performed as a single, not replicated transaction
Change-Id: I7bfafcd6c1a9da67705fefa8beabf395447d96c1
- ngcp-sync-grants is responsible for ngcp mysql
grants sync from a template
- it is executed by the 'commit' trigger before ngcp-sync-constants
Change-Id: I082256e57b1394a3f056ad1ca56a5443bfb5a745
Mainly nobody validate the schema in trunk right now
as it requires manual changes for ngcpcfg.cfg.
Also having force validation will allow us to add
validation in ngcp-upgrade and Jenkins nightly builds.
Change-Id: Ia48a778ecf7dae30b26bdff0c5dd5b9000c9d089
Configuring the identical shared IP once again shouldn't cause
duplicate IP records, since e.g. nginx receives two "listen"
lines with the same IP and fails hard then.
New behaviour with this change is to avoid duplicates:
| root@spce:~# ngcp-network --verbose --set-interface=eth0 --shared-ip=1.2.3.4
| [...]
| adding IP entry shared_ip: 1.2.3.4
| [...]
| root@spce:~# ngcp-network --verbose --set-interface=eth0 --shared-ip=1.2.3.4
| [...]
| not setting shared_ip to 1.2.3.4 to avoid duplicates
| [...]
Change-Id: Iee3ff1e7a27bc3298128835468e1e888c327d13d
When setting up carrier environments we have to deal
with many similar nodes, often involving >10 proxy pairs.
By default we create prx01a and prx01b sections only.
Provide --clone-from=<HOST> --clone-to=<HOST> options
as convenience helpers so the operator can clone a
specific host definition and just needs to adapt IP
addresses accordingly afterwards.
Use example to clone the prox01a host definition
to prox02a, prox03a,.... up to prox10a:
for host in {02..10} ; do
ngcp-network --clone-from=prx01a --clone-to=prx${host}a
done
If the peer setting (as used in carrier environments) is
present in the source host config (--clone-from=...) then
we automatically set the peer for the destination, like:
| # ngcp-network --clone-from=prx01a --clone-to=prx01b
| Setting peer of host 'prx01b' to 'prx01a'
| Finished cloning host section 'prx01a' to 'prx01b'.
| Please do not forget to manually adjust '/etc/ngcp-config/network.yml'!
and:
| # ngcp-network --clone-from=prx01a --clone-to=prx04a
| Setting peer of host 'prx04a' to 'prx04b'
| Finished cloning host section 'prx01a' to 'prx04a'.
| Please do not forget to manually adjust '/etc/ngcp-config/network.yml'!
Change-Id: I6c30a2ce58dd8bc66247cfdd0028c18736173e99
Add missing options. Mark optional arguments as such. Surround
replecable text in angle brackets. Refactor usage text. Sort help
actions by action order and place less used actions at the end. Fix
typo in init-mgmt description.
Change-Id: Ifdb587b15cfefad6613d09bff69ea0cbdb5c1fef
The commit action already takes care of invoking etckeeper, so there's
no need to call it from the apply action. In addition calling it after
record_commit_id is either pointless or buggy.
Change-Id: I8ccd40f962c24f99b2ae26655c083bb976e47ce9
The output from «dpkg --list» is for human consumption, the scriptable
output comes from «dpkg-query --show».
Change-Id: Idad77451258b2857af69b6e7bdf5cd6486f3328d
Make the relationship internal, instead of external. So that anything
that might end up calling the build script will always do the right
thing and we will not forget to perform required actions.
Change-Id: Iafc3bc7230c59750de7ec8bf825005011b48f403
This reverts commit db373d3927.
Conflicts:
etc/ngcp-config/ngcpcfg.cfg
Until we've a working solution for this let's revert
the broken change so we avoid this being a release
stopper.
Change-Id: If03d9b3913de23c698b430d583dc7babfcc4ff04
If the latest git commit has a newer timestamp than
our latest "build" action then a "build" (or apply)
run is required, inform the user about it.
Change-Id: I83e2ff47ba54da733d368d78b6616d13d31a66d4
Provide "apply" action as separate script.
We don't care about changes related to etckeeper, but just
about outstanding commits in /etc/ngcp-config.
Change-Id: I47411f00a5085d65cacf9e24fc8a468258d57c31
This allows us to abort in 'ngcpcfg status' whenever there are
outstanding changes to pull/push from the shared storage. Using
the --no-action-failure option allows the user to continue anyway.
Change-Id: I4062d5bb627bb553b98705bb122575651b035849
Manuel Montecelo
Richard Fuchs
Mykola Malkov
Alexander Lutay
Guillem Jover
Kirill Solomko
Michael Prokop