rate-o-mat fails during startup, when binlog_format
privileges are not in place (yet).
Change-Id: Ia3a9853fb945505274cc19d35918e359b0f63cd5
(cherry picked from commit 1f24f79e64)
IODKU statements can fail for master-master replication.
switching to 'STATEMENT' binlog_format to mitigate.
Change-Id: I5e7d2438c6338e6cc7b17bf9c51a8a4712f72454
(cherry picked from commit cf6b9b75c4)
Normally duplication DB credentials are missing on NGCP,
generating warning here for no reason confuses newbies
and produce proubles with tracing as warnings are printed
immediately, while infos is cached.
Change-Id: I1b29c62566f162d797321f08a1773f7e52f61ef0
(cherry picked from commit 4c98b9f6c8)
fee matching works in 2 attempts:
1. try to find a fee matching <user@domain>
2. if none found, try to find a fee matching <user>
the billing_profile record will get a new field
"ignore_domain". if set to "1", step#1 above
should be skipped.
Change-Id: Ie2de4884fc23aef2179830aced82ff57b1dafd3f
(cherry picked from commit 75f61accde)
ngcp-rate-o-mat service state BEFORE this change:
| $ sudo systemd-analyze security ngcp-rate-o-mat | tail -1
| → Overall exposure level for ngcp-rate-o-mat.service: 9.6 UNSAFE 😨
ngcp-rate-o-mat service state AFTER this change:
| $ sudo systemd-analyze security ngcp-rate-o-mat | grep -v '✓'
| NAME DESCRIPTION EXPOSURE
| ✗ PrivateNetwork= Service has access to the host's network 0.5
| ✗ User=/DynamicUser= Service runs as root user 0.4
| ✗ RestrictAddressFamilies=~AF_(INET|INET6) Service may allocate Internet sockets 0.3
| ✗ DeviceAllow= Service has a device ACL with some special devices 0.1
| ✗ IPAddressDeny= Service does not define an IP address allow list 0.2
| ✗ ProtectClock= Service may write to the hardware clock or system clock 0.2
| ✗ ProtectKernelLogs= Service may read from or write to the kernel log ring buffer 0.2
| ✗ ProtectProc= Service has full access to process tree (/proc hidepid=) 0.2
| ✗ RestrictSUIDSGID= Service may create SUID/SGID files 0.2
| ✗ RootDirectory=/RootImage= Service runs within the host's root directory 0.1
| SupplementaryGroups= Service runs as root, option does not matter
| RemoveIPC= Service runs as root, option does not apply
| ✗ ProtectHostname= Service may change system host/domainname 0.1
| ✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1
| ✗ ProcSubset= Service has full access to non-process /proc files (/proc subset=) 0.1
|
| → Overall exposure level for ngcp-rate-o-mat.service: 2.1 OK 🙂
NOTE: state with systemd v247.3-5 on bullseye
Change-Id: Iace478d9c5762cd641a333c0ea7d1b77b919a10d
These variables are defined in testrunner so we should not redefine them
in code, only in case if they aren't defined for some reason.
Change default to 127.0.0.1 as it's the only value which has some
meaning.
Remove commented lines.
Change-Id: Icca03215ff854bb2dffe3d3e308445ef5debb9e8
so far, a fee with destination "lnp:<lnp_provider_id>" allows to charge
a call of a ported number by its lnp_provider_id. the problem with this
is that the lnp_provider_id changes each time you purge&upload new lnp
numbers.
this change adds supports for fee destinations such as
"lnpnumbertype:<type>" to match the lnp number's 'type' field. it is a
free text field, that can be set individually per lnp number.
Change-Id: Ic791ffc8d2a3ed63d5bf4d4a0812d8ac01529925
File /etc/ngcp-config/templates/etc/mysql/my.cnf.tt2 no longer exists
as such nowadays. Also it's configuration option bind-address and no
longer skip_networking.
FTR, our template file ships with:
| bind-address = [% database.local.dbhost %]
So another option might be to adjust database.local.dbhost
configuration inside /etc/ngcp-config/constants.yml. As
we discourage modifying constants.yml, let's mention the
bind-address workaround only instead.
Change-Id: I7cb71fa39386256e6b488aaa8fe676d48772372f
We are using systemd and the service is executed in foreground mode, we
should set a default running mode that matches our default behavior.
Change-Id: Id3c0bda0afb1b5c9157bc334d91774e8bce45ec6
charge the "extra rate" at "extra second" of call time.
while it is included in the value of
"(source|destination)_(carrier|reselller|customer)_cost", it also
has to be recorded explicitly, using
(source|destination)_(carrier|reseller|customer)_extra_rate
dcr_tag.
Change-Id: I016977a7ed54f45a67513595980a14f9847c3a4b
Sipwise Jenkins Builder
Rene Krenn
Alexander Lutay
Michael Prokop
Manuel Montecelo
Mykola Malkov
Guillem Jover