This was in place during the period where trunk was built for both
bullseye and bookworm, which has not been the case for a long time,
and it is dead code now. Remove the old support.
Change-Id: Ic2c4e06a13d03ffa02b01687f2c534099f0e4959
Listing it first makes it easier to know that this is the one that we
need to preserve, and changing from the equality operator to a
greater-or-equal, makes it explicit what the fallback case is about.
Change-Id: Ifb63f9cb1d88fec4c67b51502a88724a009d50e4
apt-key is gone as of apt version 2.9.17, so rely on apt-key
only for Debian bookworm, instead use our own tooling to verify
the key situation on Debian/trixie (v13) and newer.
Migrate our existing checks from templates/140_apt-keys.yaml.tt2
to our new helper script helper/check-apt-keyrings, so we have one
single interface for all those checks.
FTR: the checksums of the sipwise-archive-2015.gpg +
sipwise-autobuilder-2011.gpg keyfiles differ between bookworm and
trixie, because of the way we generate them during package builds
(gnupg for bookworm vs. sequoia starting with trixie).
Situation on bookworm / trunk:
| root@spce:~# gpg /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg
| gpg: WARNING: no command supplied. Trying to guess what you mean ...
| pub rsa4096 2015-03-05 [SC] [expires: 2029-10-12]
| 68A702B1FD8E422AAAA1ADA3773236EFF411A836
| uid Sipwise GmbH (Sipwise Repository Key) <support@sipwise.com>
| sub rsa4096 2015-03-05 [E] [expires: 2029-10-12]
| root@spce:~# gpg /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
| gpg: WARNING: no command supplied. Trying to guess what you mean ...
| pub rsa4096 2011-06-06 [SC]
| F7B8A739CE638D719A078C9859104633EE5E097D
| uid Sipwise autobuilder (Used to sign packages for autobuild) <development@sipwise.com>
| sub rsa4096 2011-06-06 [E]
| root@spce:~# sha256sum /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
| 811f878f5320fc8563a70b166d2c27ec060b4397ca021702f433bc4659336b9b /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg
| f00aad42a76ddec341fb2c67b45b41e2d1c19d67bd239196cd52488c4b7da4a0 /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
Situation on trixie / trunk:
| root@spce:~# gpg /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg
| gpg: WARNING: no command supplied. Trying to guess what you mean ...
| pub rsa4096 2015-03-05 [SC] [expires: 2029-10-12]
| 68A702B1FD8E422AAAA1ADA3773236EFF411A836
| uid Sipwise GmbH (Sipwise Repository Key) <support@sipwise.com>
| sub rsa4096 2015-03-05 [E] [expires: 2029-10-12]
| root@spce:~# gpg /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
| gpg: WARNING: no command supplied. Trying to guess what you mean ...
| pub rsa4096 2011-06-06 [SC]
| F7B8A739CE638D719A078C9859104633EE5E097D
| uid Sipwise autobuilder (Used to sign packages for autobuild) <development@sipwise.com>
| sub rsa4096 2011-06-06 [E]
|
| root@spce:~# sha256sum /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
| 88d92e09810a13b5e749839bca89029fbbe73cca261a3a26712a560cc7b50e47 /etc/apt/trusted.gpg.d/sipwise-archive-2015.gpg
| b64656d5f8fa0a636d46084bda74e16cef502d3d48e8ed101c6386ad8bbcacef /etc/apt/trusted.gpg.d/sipwise-autobuilder-2011.gpg
NOTE: Once we switch our /etc/apt/sources.list* setup to the
deb822.sources format (see sources.list(5) + deb822(5) for details), and
neither our ngcp-archive-keyring nor Debian's debian-archive-keyring no
longer installs any files inside /etc/apt/trusted.gpg.d, we can instead
check for empty /etc/apt/trusted.gpg.d + /etc/apt/keyrings and expected
files inside /usr/share/keyrings.
Change-Id: I0ef7e1d8f0684f94c1e6ae0499f85080cdcd690a
Switch the main key/value service to use the database.key_value.flavor.
Add explicit support for valkey directories and user/group.
Change-Id: Idd21565e66c940c564045ebd02dd148ad3562e9e
There is a more complete check that should already handle the case this
instance was covering, with a non-empty license-key.
This was causing the following parse failure with the new goss version
from Debian trixie:
,---
Error: could not read json data in /etc/ngcp-system-tests/510_init-daemons-ngcp.yaml: yaml: unmarshal errors:
line 115: mapping key "ngcp-license-client.service" already defined at line 31
`---
Reported-by: goss 0.4.9
Change-Id: I7323fbd80e2b13d0bcc280210bdb8010b910c5f1
Fixes:
| Error: could not read json data in /etc/ngcp-system-tests/900_service-ngcp-api.yaml: yaml: unmarshal errors:
| line 61: mapping key "curl --insecure -L http://192.168.211.210/" already defined at line 4
| line 68: mapping key "curl --insecure -L https://192.168.211.210/" already defined at line 11
Merge the identical curl command lines into one single test.
This is being detected by new goss versions from Debian trixie as
errors, and causing the entire ngcp-system-tests run to fail.
Change-Id: If9fb68dd182891ae742a4af07ebe259d914c3c91
These share the same ports depending on the role of the current node, so
to avoid emitting the same duplicate port entries we should turn these
into cascading if/elif.
This is being detected by new goss versions from Debian trixie as
errors, and causing the entire ngcp-system-tests run to fail.
Change-Id: I2898f623e87867a03ef6cfb728a90631f53ffae7
We run the *-tap-test Jenkins jobs in a docker environment. To be able
to use jenkins-debian-glue from our own internal repository, we need to
enable the repository in apt's sources.list configuration.
Change-Id: Id9cccd0f7edd15ebffc1fc71e274d6943c77a2c3
For services we use an «enable» key to select whether to enable or
disable a service. The «start» key is unusual and has already caused a
wrong usage in templates in the past. Rename them for uniformity with
the rest of the key naming conventions used.
For DHCP address ranges, namespace the «start» key (alongside «end» and
«lease» renamed from «expire») into a new addr_range map, so that it's
obvious this is not about starting the service, but about the
aforementioned address range setting.
Change-Id: Icff25a273358e69881cc54ccdd9be39a27c5c526
Add checks for stock services that were previously omitted. This makes
sure we can spot any possible regression in the set of listening
addresses.
This includes dnsmasq and nginx ports.
Change-Id: I9a9041cf97df511f4801941e932e97baa797a348
Added exceptions:
.+/prosody/status_checks - this was probably a table manually
created in sipwise system and not existing anywhere else.
.+/billing/test - this was probably a table manually created in
sipwise system and not existing anywhere else.
.+/ngcp/pt_checksums_sp.* - these were tables created by percona
tools created in sipwise and demo system and not existing anywhere
else.
Change-Id: Ie7461754e2e3baea770be5e60e2f1f658f13cfdb
We only support keydb now, and the config knob and migration script
have been removed. Hardcode keydb for the redis flavor we intend to
use, and add checks to make sure the redis service is not running nor
enabled anymore
Change-Id: I1a9ecb7e26346cd23618b464a7f5f420d5ab7263
There's currently a divergence between CE and PRO, where web_int is not
setup by default as a role for the loopback interface on CE systems. We
should thus for now not expect NGINX to be listening there, for the
NGCP Panel admin and csc ports.
In the future we should probably unify this behavior and make CE behave
the same as a PRO, because this seems like a gratuitous divergence.
Fixes: commit d0d8c1eb10
Change-Id: Ib65b9dcf94a34b416d59aad93e19d88cf5a6469c
The exception '.+/accounting/cdr_[0-9]{6}/.+' ignores all elements of a
table (columns, indexes, etc) but not the table itself. It cases error:
=======================
Element: tables/accounting/cdr_202205 is missing in json file
=======================
So fix the regex.
Change-Id: Ie5c23a89e85281b0d2a436cea3b888cad5974c11
Add IPv6 entries for services for which we are currently checking their
IPv4 listening addresses. This makes sure we check for these addresses
and that we do not regress in case other components rely on being able
to access these services through these addresses.
Change-Id: Ifa73e594d8cce862af77317ea88cea5c564dd1c6
These services also listen on the localhost and any address. Add these
explicitly as we might have other components relying on being able
to access these services through them.
Change-Id: I6d234620847ccc88f2c709a20692c6d5b7174229
We switched from heartbeat-2 to corosync/pacemaker long ago, and these
checks that were in place for a transitory period to make sure no odd
services were running when not expected, no longer serve much of a
purpose.
Change-Id: I8be3252278a5876f1a6ac89da0ade3fb63b01a18
We have removed InfluxDB support long ago, and there's been enough time
to clean up any systems involved. Remove these checks that no longer
serve any purpose.
Change-Id: I6de535f0dd571d7d8d006eecd66cb31ff6661db6
As of git rev 511e1f69cc91 in templates (see "MT#58452 monit: Use a Unix socket for the httpd control access"),
monit no longer listens on port 2812 but uses a Unix socket instead.
Fixes:
| not ok 848 - Port: tcp:2812: listening: doesn't match, expect: [true] found: [false]
Change-Id: I9b16aac2ebbf14defdd2713f72c7362ab21d43b8
Print known exceptions only if --debug option is used. No need to flood
output with useless messages.
Change-Id: I4460a370d44dc0f95beb654efc493270f11103d3
Release trunk/mr11.4 was switched to Debian/bookworm where Mariadb 10.11
is used and json/sql files were rebuilt so remove these exceptions.
Change-Id: I9a00e2394eec82a2c2b3ce518df3fa8f731c6e4f
In mariadb 10.6 utf8 was renamed to to utf8mb3:
https://jira.mariadb.org/browse/MDEV-8334
Now json files are built on mariadb 10.5 while on bookworm mariadb 10.11
is used. So until trunk is switched to bookworm we have to skip this
part.
Change-Id: I9a6c61a2250a61676df3dac7ed509442f39dd183
The variable NGCP_HOSTNAME is not defined in /etc/default/ngcp-roles
file so fallback to 'localhost'. The value 'spce' can't be used as there
is no grant for this hostname in mariadb.
Change-Id: I7ee48d00c7615678574bce8194ab29e07774de96
In mariadb 10.6 utf8 was renamed to to utf8mb3:
https://jira.mariadb.org/browse/MDEV-8334
Now json files are built on mariadb 10.5 while on bookworm mariadb 10.11
is used. So until trunk is switched to bookworm we have to skip this
part.
Change-Id: Ia28b9560f516af569c9e76c318d08765af42740f
The reason is partitioning mechanism so the tables are created without
partitioning but then partitions are created by ngcp-cleanup-acc tool
as well as history tables like <table_name>_<date>
So ignore create_options for the list of tables and <table_name>_<date>.
The list of tables are from templates.git:ngcp-cleanup-tools/acc-cleanup.conf
Change-Id: I3a720d7b5b34498abe6805278795825cb1c708c7
Now we have json file with schema description which is etalon one.
Remove comparing schemes between two instances.
Change-Id: I046cc30eed926b06a578c0572132b7e8ae42eb21
Guillem Jover
Michael Prokop
Sipwise Jenkins Builder
Richard Fuchs
Mykola Malkov