This conditionalizes the heartbeat checks and adds corosync/pacemaker
checks.
Change-Id: I6af7a84025951c37bd90c8ba3fd37da0467ba8db
(cherry picked from commit 2947010649)
(cherry picked from commit 4507f24da4)
* Switch to use the ngcp-pushd.socket instead of .service, as the later
gets triggered by the formed when that is activated.
* Mark the .socket unit as enabled only when not using a process_handler,
as otherwise it will be managed by the HA system and be disabled.
Change-Id: I4a07410fe1c9dc17edde3e10921959a170556e1e
(cherry picked from commit 9cd6b39517)
The check of /var/log/messages was not strict enough, and it failed:
22 - - Command: find /var/log/ -type f -name messages ! -group adm:
stdout: patterns not found: [!/./] 0 ms
34 - - Command: find /var/log/ -type f -name messages ! -perm 640:
stdout: patterns not found: [!/./] 0 ms
51 - - Command: find /var/log/ -type f -name messages ! -user root:
stdout: patterns not found: [!/./] 0 ms
due to matches of /var/log/asterisk/messages which were not intended, and
doesn't follow the same ownership and permissions rules:
root@spce:~# ls -l /var/log/asterisk/messages
-rw-rw---- 1 asterisk asterisk 0 Dec 10 2019 /var/log/asterisk/messages
So convert /var/log/messages back to be a basic check of type "file", as it was
initially, because now it's guaranteed to be created (by systemd-tmpfiles).
Change-Id: Ibd392a0adef78d09e7b232ef3ccae7f9a7e83f56
(cherry picked from commit 4cd3d9bb9f)
These files are created by rsyslog with default conf file. Usually it's
done after the deployment.sh's reboot.
But when NGCP is installed via installer package on existing debian
system there is no reboot between installation of rsyslog (as part of
NGCP) and ngcp-initial-configuration which modifies /etc/rsyslog.conf.
So in this case these files are not created.
So check the ownership and permission of these files only if they exist.
Change-Id: I33be13a4e78baee3926de8bd0135d655b89d5bb6
(cherry picked from commit bac90e73dd)
Now nginx uses rsyslog for logging but all logs processed by rsyslog
have root:adm ownership so change the test accordingly.
Change-Id: I902f6a588ea60c5a0412a1c0a59fc74a2e36faa8
Since the recent change in templates (commit
b95a6ef4ecb9bc3abe44e54506c029569d5a393c) to let systemd-coredump be
able to write to the /var/lib/systemd/coredump directory, it has started
to change the permissions for that pathname 0755 in some circumstances.
This being a symlink, the permissions do not really matter, so we accept
the 0755 permissions matching the target directory (/ngcp-data/coredumps/)
and the 0777 permissions for a default symlink.
Change-Id: Ifc084cb56541e43bd9fa0245464606c1ca992c97
The ownership of nginx logs is www-data:adm. Also check empty files to
catch wrong permissions as soon as possible.
Change-Id: Icb9e1e1c9590bbef7021e3826a19419f7c21f9ce
We don't actually care whether the log files exists or not, we really
only care about their permissions and ownerships.
Change-Id: I094e9b262b4c4c775023beba79acd3787ec616ac
Remove log files that are not guaranteed to exist. Special case api.log
as it's owned by group _ngcp-li while also being optional.
Change-Id: Ie45a6039bbf120cc3b76ad63b9fd35310966ab48
The name of the variables SKIP_DNS_CHECK_TEST and
SKIP_STRICT_HOSTNAME_TEST so if they are 'true' the check should be
skipped. But in code it has direct branching, if the variable true -
run the test.
So add the negation to checks of these variables.
Change-Id: Iaf1e252dbb30cd2dc624db71742fa2cee8edb888
Also check that there are no expired keys
The key was used to sign repos for old unsupported releases.
Change-Id: Ia5dd91c4d8b2e54f4fc18626ef3968c95265bdf6
Nowadays goss yml files are generated by ngcpcfg. But their content
depends on whether the node is active or not, which can change
dynamically during the lifetime of the generated files from the
templates. Which will make the goss checks fail when the node state
changes.
Switch the node state into a run-time variable, and use go template
support to parametrize this into the goss checks.
For the Template Toolkit values that get instantiated within the go
template conditionals, we need to make sure we always set a boolean
value, as the Template Toolkit will return undef on false values,
which would be considered a non-existining argument. Even though the
has_role method will always return either 0 or 1, we still force
a boolean value to make the code future-proof in case more logic is
added on the same check, which would then turn it into a Template
Toolkit boolean evaluation and possibly return nothing on false.
Change-Id: I19c3ef48f09c8d2e79613ef118adc362399a6e78
The semantics of the environment variables are different, as they are
always considered strings. The variables file makes it possible to
specify types, given that it's a yaml file. So the SKIP variables
will now be proper booleans.
Change-Id: Ibbc02c047fd743b8bff9a9da52cffd76db5d7524
We are not matching to new prosody version 0.11.2-1 here as it can
be changed any time by Debian (as we migrated to upstream prosody version).
Also goss doesn't have support for regexps for 'versions' field,
so we cannot check something like:
> prosody:
> installed: true
> versions:
> - /0.11.2-.*/
After a long trying with goss 'matches/match-regexp/semver-constraint'
I decided to stop on the current version, where we inside old version is not available.
Change-Id: I626be7a23fd2b31d468f4cd9411530b24eb7216b
Let us introduce a system-wide symlink from /var/backup to /ngcp-data/backup, to
fix recurrent problems like the missing /var/backup/cdr or
/var/backup/ngcp-upgrade backups taking too much space.
This should have happened when changing the partition schema to use /ngcp-data/
and have a root partition with minimal amount of space, because there were
several paths migrated to /ngcp-data like /var/backup, and we failed to migrate
all those paths in sync with the change to the partitioning and also failed to
have a back-up solution like this symlink.
Some (hopefully most, or all!) of the problems have been sorted out by now, but
they've been biting us years after the change, like this TT#72908, so maybe it
can still save some pain in the future, and there's little cost to it.
Change-Id: Ief4ba33bf57bb5f02cc54b000b64540667ebba48
This is problematic because it can stomp over pre-existing host-specific
local files, which we'd end up removing. It also requires to run ngcpcfg
before being able to execute the tests.
We wwitch to use golang's text/template support for environment variables
so that we can stop using this hack.
Change-Id: I6c4d5b2efde2704d68a327d4df9af51bcb8fd964
- The /login/admin/ endpoint on web_int is on port 1443.
- The /login/subscriber/ endpoint on web_ext is on port 443.
- The /api/ endpoint check with user:pass on default ports should be
done on web_ext, as a similar test is already being done on web_int.
Change-Id: Ieb7f794288e52f3ac8a520d1cb3508f442648c36
These services are only supposed to be present on mgmt or li_dist nodes,
so there is no point in checking other nodes.
Change-Id: Ic7a83a30acc5078b6b2108d4393e73b7a4ce9612
Except for the mgmt nodes, each node exposes information only about
itself and its peer, so the keys and their indices depend on the nodes
involved.
Change-Id: I8562e87c246f98743d2e29e56da653da0b1b2bf6
These only make sense when they are at the end-of-line, so that no
newline gets included in the output, but never when surrounded by
other text.
Change-Id: Idd43b8e3d7de390cc1d8dc1e2c0b666012c66eba
These need to match, as the service is always going to be enabled or
disabled, depending on the conditions, in constrast to HA-handled
services, which are never enabled.
Change-Id: I1f733e3b3ccb149482e7f8577d874c3f22345724
We had to downgrade prosody in mr7.5 and have to check it is
still old/pinned version in use until we are ready for the upgrade.
See workfront ticket 66583 for more details here.
Change-Id: I7cad16c1d08beb57d52eca5f83fbcc1d21dba7c9
On early upgrades mr5.5->mr6.5 GTID was not reconfigured on
the very first upgraded node... It is a test to ensure we
have covered all the upgrade scenarios.
Change-Id: I40433f536402c52b582911fc18bd4021ed050bbf
We should not assume monit is always running and enabled, that depends
on whether it is configured as the current process_handler. This will
make it easier to remove in the future.
Change-Id: I8851728228dd3e46323d9745ed04da49b18ff928
The missing test were detected while working on another ticket.
Good to have them here as they are very important for NGCP.
Change-Id: I73afe7332dc1f60b412b9415fef1ce402829dd2b
Guillem Jover
Manuel Montecelo
Mykola Malkov
Sergii Kipot
Richard Fuchs
Alexander Lutay