From 7bba188b6a55aaca22e230970e7099e853bcb60d Mon Sep 17 00:00:00 2001 From: pkriko <32265250+pkriko@users.noreply.github.com> Date: Thu, 12 Aug 2021 13:47:49 +0200 Subject: [PATCH 01/17] (enh): handle systemd + read_only check (#19) * (enh): handle systemd + read_only check * enh following Tanguy review --- bin/centreondb-smooth-backup.sh | 111 +++++++++++++------------------- 1 file changed, 46 insertions(+), 65 deletions(-) diff --git a/bin/centreondb-smooth-backup.sh b/bin/centreondb-smooth-backup.sh index 77ec47d..aa1af8c 100755 --- a/bin/centreondb-smooth-backup.sh +++ b/bin/centreondb-smooth-backup.sh @@ -9,6 +9,8 @@ # ################################################### +source /etc/centreon-ha/mysql-resources.sh + OPT_TOTAL=1 OPT_TOTALINCR=0 OPT_INCR=0 @@ -41,20 +43,17 @@ BACKUP_DIR="/var/backup" SAVE_LAST_DIR="/var/lib/centreon-backup" SAVE_LAST_FILE="backup.last" DO_ARCHIVE=1 -DB_ROOT_USER="root" -DB_ROOT_PASSWORD="" -INIT_SCRIPT="" # try to find it PARTITION_NAME="centreon_storage/data_bin centreon_storage/logs" -PACEMAKER_ON="0" -PACEMAKER_RSC_MYSQL="ms_MySQL" +PACEMAKER_ON="1" +PACEMAKER_RSC_MYSQL="ms_mysql" MYSQL_CNF="/etc/my.cnf.d/server.cnf" -READONLY_CHECK=0 +READONLY_CHECK=1 ### # Check MySQL launch ### process=$(ps -o args --no-headers -C mysqld) -started=0 +started=1 logbin_activated=1 ##### @@ -67,12 +66,15 @@ check_readonly() { return 0 fi - if [ "$started" -eq 1 ] ; then - readonly_value=$(mysql -N -B -u "$DB_ROOT_USER" -p"$DB_ROOT_PASSWORD" -e 'SELECT @@global.read_only') - if [ "$?" -ne "0" ] ; then - output_log "ERROR: cannot get readonly option value" 1 - exit 1 - fi + readonly_value=$(mysql -N -B -u "$DBROOTUSER" -p"$DBROOTPASSWORD" -e 'SELECT @@global.read_only') + if [ "$?" -ne "0" ] ; then + output_log "ERROR: cannot get readonly option value" 1 + exit 1 + fi + + if [ "$readonly_value" -eq "0" ] ; then + output_log "ERROR: The database is not on read_only. Maybe you tried to perform the backup on the master" + exit 1 fi } @@ -81,32 +83,26 @@ set_readonly() { return 0 fi # we let the default if we don't know before - if [ "$started" -eq 1 ] ; then - mysql -N -B -u "$DB_ROOT_USER" -p"$DB_ROOT_PASSWORD" -e "SET GLOBAL read_only=$readonly_value" - fi + mysql -N -B -u "$DBROOTUSER" -p"$DBROOTPASSWORD" -e "SET GLOBAL read_only=$readonly_value" } get_current_logbin_file() { up_logbin=$1 - if [ "$started" -eq 1 ] ; then - if [ "$up_logbin" -eq 1 ] ; then - mysqladmin --user="$DB_ROOT_USER" --password="$DB_ROOT_PASSWORD" flush-logs - fi + if [ "$up_logbin" -eq 1 ] ; then + mysqladmin --user="$DBROOTUSER" --password="$DBROOTPASSWORD" flush-logs + fi - if [ -z "$DB_ROOT_PASSWORD" ] ; then - file=$(mysql -B -u "$DB_ROOT_USER" -e 'SHOW MASTER STATUS\G' 2>&1 | grep 'File:' | awk '{ print $2 }') - else - file=$(mysql -B -u "$DB_ROOT_USER" -p"$DB_ROOT_PASSWORD" -e 'SHOW MASTER STATUS\G' 2>&1 | grep 'File:' | awk '{ print $2 }') - fi - if [ "$?" -ne "0" ] ; then - output_log "ERROR: connection MySQL to get index file." 1 - exit 1 - fi - echo "$file" | awk -F. '{ print $2 - 1 }' + if [ -z "$DBROOTPASSWORD" ] ; then + file=$(mysql -B -u "$DBROOTUSER" -e 'SHOW MASTER STATUS\G' 2>&1 | grep 'File:' | awk '{ print $2 }') else - cat "$datadir/mysql-bin.index" | tail -1 | awk -F. '{ print $2 }' + file=$(mysql -B -u "$DBROOTUSER" -p"$DBROOTPASSWORD" -e 'SHOW MASTER STATUS\G' 2>&1 | grep 'File:' | awk '{ print $2 }') fi + if [ "$?" -ne "0" ] ; then + output_log "ERROR: connection MySQL to get index file." 1 + exit 1 + fi + echo "$file" | awk -F. '{ print $2 - 1 }' } output_log() { @@ -132,7 +128,6 @@ if [ -n "$process" ] ; then logbin=$(echo "$process" | awk '{ for (i = 1; i < NF; i++) { if (match($i, "--log-bin")) { print $i } } }' | awk -F\= '{ print $1 }') logbin_path=$(echo "$process" | awk '{ for (i = 1; i < NF; i++) { if (match($i, "--log-bin")) { print $i } } }' | awk -F\= '{ print $2 }') pidname=$(echo "$process" | awk '{ for (i = 1; i < NF; i++) { if (match($i, "--pid-file")) { print $i } } }' | awk -F\= '{ print $2 }') - started=1 if [ -n "$etc_file" ] ; then MYSQL_CNF="$etc_file" fi @@ -181,18 +176,6 @@ output_log "MySQL datadir found: $datadir" output_log "MySQL logbin files: $logbin_files" output_log "MySQL logbin localisation: $logbin_loc" -if [ -e "/etc/init.d/mysql" ] ; then - INIT_SCRIPT="/etc/init.d/mysql" -fi -if [ -e "/etc/init.d/mysqld" ] ; then - INIT_SCRIPT="/etc/init.d/mysqld" -fi -if [ -z "$INIT_SCRIPT" ] ; then - output_log "ERROR: Can't find init MySQL script." 1 - exit 1 -fi - -### # Get mount ### mount_device=$(df -P "$datadir" | tail -1 | awk '{ print $1 }') @@ -361,24 +344,22 @@ echo "#####################" # We need to stop if need ### if [ "$PACEMAKER_ON" = "1" ] ; then - crm resource unmanage "$PACEMAKER_RSC_MYSQL" -fi -if [ "$started" -eq 1 ] ; then - i=0 - output_log "Stopping mysqld:" 0 1 - $INIT_SCRIPT stop - while ps -o args --no-headers -C mysqld >/dev/null; do - if [ "$i" -gt "$STOP_TIMEOUT" ] ; then - output_log "" - output_log "ERROR: Can't stop MySQL Server" 1 - exit 1 - fi - output_log "." 0 1 - sleep 1 - i=$(($i + 1)) - done - output_log "OK" -fi + pcs resource unmanage "$PACEMAKER_RSC_MYSQL" +fi +i=0 +output_log "Stopping mysqld:" 0 1 +mysqladmin --user="$DBROOTUSER" --password="$DBROOTPASSWORD" shutdown +while ps -o args --no-headers -C mysqld >/dev/null; do + if [ "$i" -gt "$STOP_TIMEOUT" ] ; then + output_log "" + output_log "ERROR: Can't stop MySQL Server" 1 + exit 1 + fi + output_log "." 0 1 + sleep 1 + i=$(($i + 1)) +done +output_log "OK" save_timestamp=$(date '+%s') @@ -392,7 +373,7 @@ lvcreate -l $free_pe -s -n dbbackup $lv_name # Start server ### output_log "Start mysqld:" -$INIT_SCRIPT start +systemctl start mariadb set_readonly @@ -400,8 +381,8 @@ set_readonly # Pacemaker start ### if [ "$PACEMAKER_ON" = "1" ] ; then - crm resource manage "$PACEMAKER_RSC_MYSQL" - crm resource cleanup "$PACEMAKER_RSC_MYSQL" + pcs resource manage "$PACEMAKER_RSC_MYSQL" + pcs resource cleanup "$PACEMAKER_RSC_MYSQL" fi ### From 74f2dff435e25dfbad10c2b9052ee9501b4ea823 Mon Sep 17 00:00:00 2001 From: pkriko <32265250+pkriko@users.noreply.github.com> Date: Thu, 12 Aug 2021 13:48:08 +0200 Subject: [PATCH 02/17] (enh): new cbd-rrd.service (#18) --- systemd/cbd-rrd.service | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 systemd/cbd-rrd.service diff --git a/systemd/cbd-rrd.service b/systemd/cbd-rrd.service new file mode 100644 index 0000000..f3c0fa7 --- /dev/null +++ b/systemd/cbd-rrd.service @@ -0,0 +1,29 @@ +## +## Copyright 2015 Centreon +## +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## +## For more information : contact@centreon.com +## + +[Unit] +Description=Centreon RRD Broker service + +[Service] +EnvironmentFile=/etc/sysconfig/cbd_rrd +ExecStart=/usr/sbin/cbd $OPTIONS +ExecReload=/bin/kill -HUP $MAINPID +Type=simple +User=centreon-broker +UMask=0002 + From b48416d3d37d8c2b488969d573a7f957784bebe1 Mon Sep 17 00:00:00 2001 From: sc979 <34628915+sc979@users.noreply.github.com> Date: Tue, 28 Sep 2021 18:01:39 +0200 Subject: [PATCH 03/17] enh(chore): automate dependabot ticket creation (#28) --- .github/workflows/dependabot_jira.yml | 54 +++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/dependabot_jira.yml diff --git a/.github/workflows/dependabot_jira.yml b/.github/workflows/dependabot_jira.yml new file mode 100644 index 0000000..eef0974 --- /dev/null +++ b/.github/workflows/dependabot_jira.yml @@ -0,0 +1,54 @@ +name: Create Dependabot Ticket on Jira + +on: + pull_request: + types: [ opened ] + branches: [ develop, dev-2* ] + +env: + JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} + JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} + JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} + JIRA_PROJECT_KEY: "MON" + JIRA_ISSUE_TYPE: "Vulnerability" + +jobs: + create_ticket: + name: Create Jira ticket on dependaBot PR + if: github.event.pull_request.user.id == 49699333 + runs-on: ubuntu-latest + steps: + - name: Get current date + id: date + run: echo "CURRENT_DATE=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV + + - name: Login to Jira + uses: atlassian/gajira-login@v2.0.0 + env: + JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} + JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} + JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} + + - name: Create Jira Issue + id: create + uses: atlassian/gajira-create@v2.0.1 + with: + project: ${{ env.JIRA_PROJECT_KEY }} + issuetype: ${{ env.JIRA_ISSUE_TYPE }} + summary: | + [Dependency to upgrade on : centreon/${{ github.event.repository.name }}] - ${{ github.event.pull_request.title }} + description: | + + {panel:title=Dependency to upgrade} + ${{ github.event.pull_request.title }} + {panel} + + More details are available in the *PR n°${{ github.event.pull_request.number }}* + + The link is: ${{ github.event.pull_request.html_url }} + fields: + '{ + "customfield_10880": "Internal", + "customfield_10881": "dependabot", + "customfield_10866": "${{ env.CURRENT_DATE }}" + }' From 6a63c3dbf909d76a883011e2b37766f5eb3850c5 Mon Sep 17 00:00:00 2001 From: sc979 <34628915+sc979@users.noreply.github.com> Date: Wed, 29 Sep 2021 11:38:25 +0200 Subject: [PATCH 04/17] fix(chore): old dependabot's PR ticket creation (#29) --- .github/workflows/dependabot_jira.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot_jira.yml b/.github/workflows/dependabot_jira.yml index eef0974..fe5153f 100644 --- a/.github/workflows/dependabot_jira.yml +++ b/.github/workflows/dependabot_jira.yml @@ -2,7 +2,7 @@ name: Create Dependabot Ticket on Jira on: pull_request: - types: [ opened ] + types: [ opened, reopened ] branches: [ develop, dev-2* ] env: From 6eb1c8f15edd12398fe019a4d4140384b2e4329d Mon Sep 17 00:00:00 2001 From: Zakaria Guennoune Date: Mon, 11 Oct 2021 20:27:17 +0000 Subject: [PATCH 05/17] Jenkinsfile --- Jenkinsfile | 106 +++++++++++++++++++--------------------------------- 1 file changed, 38 insertions(+), 68 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 0bc6f88..661303b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,15 +1,16 @@ -import groovy.json.JsonSlurper - /* ** Variables. */ -properties([buildDiscarder(logRotator(numToKeepStr: '50'))]) def serie = '21.10' def maintenanceBranch = "${serie}.x" +def qaBranch = "dev-${serie}.x" + if (env.BRANCH_NAME.startsWith('release-')) { env.BUILD = 'RELEASE' } else if ((env.BRANCH_NAME == 'master') || (env.BRANCH_NAME == maintenanceBranch)) { env.BUILD = 'REFERENCE' +} else if ((env.BRANCH_NAME == 'develop') || (env.BRANCH_NAME == qaBranch)) { + env.BUILD = 'QA' } else { env.BUILD = 'CI' } @@ -17,7 +18,7 @@ if (env.BRANCH_NAME.startsWith('release-')) { /* ** Pipeline code. */ -stage('Source') { +stage('Deliver sources') { node { sh 'setup_centreon_build.sh' dir('centreon-ha') { @@ -38,78 +39,47 @@ stage('Source') { withSonarQubeEnv('SonarQubeDev') { sh "./centreon-build/jobs/ha/${serie}/ha-analysis.sh" } + def qualityGate = waitForQualityGate() + if (qualityGate.status != 'OK') { + currentBuild.result = 'FAIL' + } } } -try { - // sonarQube step to get qualityGate result - stage('Quality gate') { +stage('RPM packaging') { + parallel 'centos7': { node { - def reportFilePath = "target/sonar/report-task.txt" - def reportTaskFileExists = fileExists "${reportFilePath}" - if (reportTaskFileExists) { - echo "Found report task file" - def taskProps = readProperties file: "${reportFilePath}" - echo "taskId[${taskProps['ceTaskId']}]" - timeout(time: 10, unit: 'MINUTES') { - while (true) { - sleep 10 - def taskStatusResult = - sh(returnStdout: true, script: "curl -s -X GET -u ${authString} \'${sonarProps['sonar.host.url']}/api/ce/task?id=${taskProps['ceTaskId']}\'") - echo "taskStatusResult[${taskStatusResult}]" - def taskStatus = new JsonSlurper().parseText(taskStatusResult).task.status - echo "taskStatus[${taskStatus}]" - // Status can be SUCCESS, ERROR, PENDING, or IN_PROGRESS. The last two indicate it's - // not done yet. - if (taskStatus != "IN_PROGRESS" && taskStatus != "PENDING") { - break; - } - def qualityGate = waitForQualityGate() - if (qualityGate.status != 'OK') { - currentBuild.result = 'FAIL' - } - } - } - } - if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { - error("Quality gate failure: ${qualityGate.status}."); - } + sh 'setup_centreon_build.sh' + sh "./centreon-build/jobs/ha/${serie}/ha-package.sh centos7" + stash name: 'rpms-centos7', includes: "output/noarch/*.rpm" + archiveArtifacts artifacts: 'rpms-centos7.tar.gz' + sh 'rm -rf output' } + }, + 'centos8': { + node { + sh 'setup_centreon_build.sh' + sh "./centreon-build/jobs/ha/${serie}/ha-package.sh centos8" + stash name: 'rpms-centos8', includes: "output/noarch/*.rpm" + archiveArtifacts artifacts: 'rpms-centos8.tar.gz' + sh 'rm -rf output' + } + } + if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { + error('Package stage failure.') } +} - stage('Package') { - parallel 'centos7': { - node { - sh 'setup_centreon_build.sh' - sh "./centreon-build/jobs/ha/${serie}/ha-package.sh centos7" - } - }, - 'centos8': { - node { - sh 'setup_centreon_build.sh' - sh "./centreon-build/jobs/ha/${serie}/ha-package.sh centos8" - } +if ((env.BUILD == 'RELEASE') || (env.BUILD == 'CI') || (env.BUILD == 'QA') ) { + stage('Delivery') { + node { + sh 'setup_centreon_build.sh' + unstash 'rpms-centos7' + unstash 'rpms-centos8' + sh "./centreon-build/jobs/ha/${serie}/ha-delivery.sh" } if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { - error('Package stage failure.') - } - } - - if ((env.BUILD == 'RELEASE') || (env.BUILD == 'REFERENCE')) { - stage('Delivery') { - node { - sh 'setup_centreon_build.sh' - sh "./centreon-build/jobs/ha/${serie}/ha-delivery.sh" - } - if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { - error('Delivery stage failure.'); - } + error('Delivery stage failure.'); } } -} -finally { - buildStatus = currentBuild.result ?: 'SUCCESS'; - if ((buildStatus != 'SUCCESS') && ((env.BUILD == 'RELEASE') || (env.BUILD == 'REFERENCE'))) { - slackSend channel: '#monitoring-metrology', message: "@channel Centreon HA build ${env.BUILD_NUMBER} of branch ${env.BRANCH_NAME} was broken by ${source.COMMITTER}. Please fix it ASAP." - } -} +} \ No newline at end of file From 6278ea6205985b79abbfec61efe78be5ab12ac66 Mon Sep 17 00:00:00 2001 From: schapron Date: Mon, 18 Oct 2021 19:53:00 +0200 Subject: [PATCH 06/17] enh(chore): issueType, feature_team and issue description --- .github/workflows/dependabot_jira.yml | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dependabot_jira.yml b/.github/workflows/dependabot_jira.yml index fe5153f..dbc7ef8 100644 --- a/.github/workflows/dependabot_jira.yml +++ b/.github/workflows/dependabot_jira.yml @@ -3,14 +3,14 @@ name: Create Dependabot Ticket on Jira on: pull_request: types: [ opened, reopened ] - branches: [ develop, dev-2* ] + branches: [ develop ] env: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} JIRA_PROJECT_KEY: "MON" - JIRA_ISSUE_TYPE: "Vulnerability" + JIRA_ISSUE_TYPE: "Technical" jobs: create_ticket: @@ -36,19 +36,30 @@ jobs: project: ${{ env.JIRA_PROJECT_KEY }} issuetype: ${{ env.JIRA_ISSUE_TYPE }} summary: | - [Dependency to upgrade on : centreon/${{ github.event.repository.name }}] - ${{ github.event.pull_request.title }} + [${{ github.event.repository.name }}] - ${{ github.event.pull_request.title }} description: | - {panel:title=Dependency to upgrade} - ${{ github.event.pull_request.title }} + {panel:title=Recommandation} + ${{ github.event.pull_request.title }} {panel} More details are available in the *PR n°${{ github.event.pull_request.number }}* - The link is: ${{ github.event.pull_request.html_url }} + Github link is: ${{ github.event.pull_request.html_url }} + + {panel:title=CVSS details} + More details are available on snyk + {panel} + + *Github Advisory* + + fields: '{ "customfield_10880": "Internal", - "customfield_10881": "dependabot", - "customfield_10866": "${{ env.CURRENT_DATE }}" + "customfield_10881": "Dependabot", + "customfield_10866": "${{ env.CURRENT_DATE }}", + "labels": ["Dependabot"], + "priority": {"name": "Highest"}, + "components":[{"name": "centreon-ha"}] }' From f7c2644cb608a4e8dc3e3ed66e457d331a645985 Mon Sep 17 00:00:00 2001 From: pkriko <32265250+pkriko@users.noreply.github.com> Date: Mon, 25 Oct 2021 16:49:50 +0200 Subject: [PATCH 07/17] change php binary path (#32) only for 21.10.x --- etc/centreon-gorgone/config.d/cron.d/10-centreon-ha.yaml | 8 ++++---- .../cron.d/30-centreon-ha-centreon-statistics.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/etc/centreon-gorgone/config.d/cron.d/10-centreon-ha.yaml b/etc/centreon-gorgone/config.d/cron.d/10-centreon-ha.yaml index 95bc134..6f6242d 100644 --- a/etc/centreon-gorgone/config.d/cron.d/10-centreon-ha.yaml +++ b/etc/centreon-gorgone/config.d/cron.d/10-centreon-ha.yaml @@ -2,14 +2,14 @@ timespec: "*/5 * * * *" action: COMMAND parameters: - - command: "/opt/rh/rh-php72/root/usr/bin/php -q /usr/share/centreon/cron/centAcl.php >> /var/log/centreon-gorgone/centAcl.log 2>&1" + - command: "/usr/bin/php -q /usr/share/centreon/cron/centAcl.php >> /var/log/centreon-gorgone/centAcl.log 2>&1" timeout: 120 keep_token: true - id: recurrent_downtimes timespec: "*/5 * * * *" action: COMMAND parameters: - - command: "/opt/rh/rh-php72/root/usr/bin/php -q /usr/share/centreon/cron/downtimeManager.php >> /var/log/centreon-gorgone/downtimeManager.log 2>&1" + - command: "/usr/bin/php -q /usr/share/centreon/cron/downtimeManager.php >> /var/log/centreon-gorgone/downtimeManager.log 2>&1" timeout: 240 keep_token: true - id: event_report_builder @@ -30,13 +30,13 @@ timespec: "0 2 * * *" action: COMMAND parameters: - - command: "/opt/rh/rh-php72/root/usr/bin/php /usr/share/centreon/cron/centstorage_purge.php >> /var/log/centreon-gorgone/centreon-purge.log 2>&1" + - command: "/usr/bin/php /usr/share/centreon/cron/centstorage_purge.php >> /var/log/centreon-gorgone/centreon-purge.log 2>&1" timeout: 120 keep_token: true - id: database_partitioning timespec: "0 4 * * *" action: COMMAND parameters: - - command: "/opt/rh/rh-php72/root/usr/bin/php /usr/share/centreon/cron/centreon-partitioning.php >> /var/log/centreon-gorgone/centreon-partitioning.log 2>&1" + - command: "/usr/bin/php /usr/share/centreon/cron/centreon-partitioning.php >> /var/log/centreon-gorgone/centreon-partitioning.log 2>&1" timeout: 120 keep_token: true diff --git a/etc/centreon-gorgone/config.d/cron.d/30-centreon-ha-centreon-statistics.yaml b/etc/centreon-gorgone/config.d/cron.d/30-centreon-ha-centreon-statistics.yaml index b771052..f97129c 100644 --- a/etc/centreon-gorgone/config.d/cron.d/30-centreon-ha-centreon-statistics.yaml +++ b/etc/centreon-gorgone/config.d/cron.d/30-centreon-ha-centreon-statistics.yaml @@ -2,6 +2,6 @@ timespec: "15 6 * * *" action: COMMAND parameters: - - command: "/opt/rh/rh-php72/root/usr/bin/php -q /usr/share/centreon/cron/centreon-send-stats.php >> /var/log/centreon-gorgone/statistics.log 2>&1" + - command: "/usr/bin/php -q /usr/share/centreon/cron/centreon-send-stats.php >> /var/log/centreon-gorgone/statistics.log 2>&1" timeout: 60 keep_token: true From 11b753bb292423f758a592bdc029e5afbe0512aa Mon Sep 17 00:00:00 2001 From: pkriko <32265250+pkriko@users.noreply.github.com> Date: Mon, 25 Oct 2021 21:29:53 +0200 Subject: [PATCH 08/17] (enh/fix): mariadbd version and start mariadb using mysqld_safe (#33) * (enh/fix): mariadbd version and start mariadb using mysqld_safe * variabilize mysql binary * fix ps in process variable * Update bin/mysql-sync-bigdb.sh Co-authored-by: omercier <32134301+omercier@users.noreply.github.com> Co-authored-by: omercier <32134301+omercier@users.noreply.github.com> --- bin/mysql-sync-bigdb.sh | 41 +++++++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/bin/mysql-sync-bigdb.sh b/bin/mysql-sync-bigdb.sh index 099cbb7..0743b9b 100755 --- a/bin/mysql-sync-bigdb.sh +++ b/bin/mysql-sync-bigdb.sh @@ -39,9 +39,10 @@ SNAPSHOT_MOUNT_PATH="/mnt/" MYSQL_CNF="/etc/my.cnf.d/server.cnf" USER="mysql" USER_SUDO="sudo -u $USER" +MYSQLBINARY="mariadbd" MYSQLADMIN="mysqladmin" MYSQLBINLOG="mysqlbinlog" -MYSQL_START="systemctl restart mysql" +MYSQL_START="/usr/bin/mysqld_safe --defaults-file=/etc/my.cnf.d/server.cnf --pid-file=/var/lib/mysql/mysql.pid --socket=/var/lib/mysql/mysql.sock --datadir=/var/lib/mysql --log-error=/var/log/mysqld.log --user=mysql --skip-slave-start" SUDO_MYSQL_START_SLAVE="sudo" if [[ "$USER" == "root" ]] ; then @@ -62,7 +63,7 @@ fi ### # Check MySQL launch ### -process=$(ps -o args --no-headers -C mysqld) +process=$(ps -o args --no-headers -C ${MYSQLBINARY}) started=0 ### @@ -247,7 +248,7 @@ fi slave_hostname=$(get_other_db_hostname) master_hostname=$(get_other_db_hostname $slave_hostname) echo "Connection to slave Server (verify mysql stopped): $slave_hostname" -result=$($USER_SUDO ssh $slave_hostname 'if ps --no-headers -C mysqld >/dev/null; then echo "yes" ; else echo "no"; fi') +result=$($USER_SUDO ssh $slave_hostname 'if ps --no-headers -C '"$MYSQLBINARY"' >/dev/null; then echo "yes" ; else echo "no"; fi') if [ "$result" != "no" ] ; then echo "ERROR: MySQL is launched or problem to connect to the server." >&2 exit 1 @@ -266,9 +267,9 @@ fi ### if [ "$started" -eq 1 ] ; then i=0 - echo -n "Stopping mysqld:" + echo -n "Stopping $MYSQLBINARY:" $MYSQLADMIN -f -u "$DBROOTUSER" -h "$master_hostname" -p"$DBROOTPASSWORD" shutdown - while ps -o args --no-headers -C mysqld >/dev/null; do + while ps -o args --no-headers -C $MYSQLBINARY >/dev/null; do if [ "$i" -gt "$STOP_TIMEOUT" ] ; then echo "" echo "ERROR: Can't stop MySQL Server" >&2 @@ -295,8 +296,20 @@ fi ### # Start server ### -echo "Start mysqld: ($MYSQL_START)" -$MYSQL_START +echo "Start $MYSQLBINARY: ($MYSQL_START)" +$MYSQL_START & +i=0 +until mysqlshow -u "$DBROOTUSER" -h "$master_hostname" -p"$DBROOTPASSWORD" > /dev/null 2>&1; do + if [ "$i" -gt "$STOP_TIMEOUT" ] ; then + echo "" + echo "ERROR: Can't start MySQL server" >&2 + exit 1 + fi + echo -n "." + sleep 1 + i=$(($i + 1)) +done +echo "OK" ### # Mount snapshot @@ -382,7 +395,19 @@ fi ### echo "Start MySQL Slave" -$USER_SUDO ssh $slave_hostname "$SUDO_MYSQL_START_SLAVE $MYSQL_START" +$USER_SUDO ssh $slave_hostname -- "$MYSQL_START &" +i=0 +until mysqlshow -u "$DBROOTUSER" -h "$slave_hostname" -p"$DBROOTPASSWORD" > /dev/null 2>&1; do + if [ "$i" -gt "$STOP_TIMEOUT" ] ; then + echo "" + echo "ERROR: Can't start MySQL server" >&2 + exit 1 + fi + echo -n "." + sleep 1 + i=$(($i + 1)) +done +echo "OK" ### # Demarrer la replication From b130ad6d43f36d1becce5248f033100d5d5556a6 Mon Sep 17 00:00:00 2001 From: sc979 <34628915+sc979@users.noreply.github.com> Date: Wed, 5 Jan 2022 15:21:53 +0100 Subject: [PATCH 09/17] fix(secu): add SQ pipeline timeout (#43) --- Jenkinsfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 661303b..94a1fc7 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -39,9 +39,11 @@ stage('Deliver sources') { withSonarQubeEnv('SonarQubeDev') { sh "./centreon-build/jobs/ha/${serie}/ha-analysis.sh" } - def qualityGate = waitForQualityGate() - if (qualityGate.status != 'OK') { - currentBuild.result = 'FAIL' + timeout(time: 10, unit: 'MINUTES') { + def qualityGate = waitForQualityGate() + if (qualityGate.status != 'OK') { + currentBuild.result = 'FAIL' + } } } } From eb2b19aa898b2d2fc9dce39cb25ef78d430bd7a1 Mon Sep 17 00:00:00 2001 From: sc979 <34628915+sc979@users.noreply.github.com> Date: Wed, 5 Jan 2022 19:55:24 +0100 Subject: [PATCH 10/17] fix(chore): use github action env usage (#44) --- .github/workflows/dependabot_jira.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependabot_jira.yml b/.github/workflows/dependabot_jira.yml index dbc7ef8..6729ffa 100644 --- a/.github/workflows/dependabot_jira.yml +++ b/.github/workflows/dependabot_jira.yml @@ -6,9 +6,6 @@ on: branches: [ develop ] env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} JIRA_PROJECT_KEY: "MON" JIRA_ISSUE_TYPE: "Technical" @@ -24,15 +21,19 @@ jobs: - name: Login to Jira uses: atlassian/gajira-login@v2.0.0 - env: + id: login + with: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - name: Create Jira Issue - id: create uses: atlassian/gajira-create@v2.0.1 + id: create with: + JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} + JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} + JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} project: ${{ env.JIRA_PROJECT_KEY }} issuetype: ${{ env.JIRA_ISSUE_TYPE }} summary: | @@ -53,7 +54,6 @@ jobs: *Github Advisory* - fields: '{ "customfield_10880": "Internal", From bdc137df2439d8e068744628043fc6763f583546 Mon Sep 17 00:00:00 2001 From: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Date: Tue, 1 Feb 2022 00:05:13 +0100 Subject: [PATCH 11/17] fix(build): disable centos8 packaging (#45) --- Jenkinsfile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 94a1fc7..6322089 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -57,16 +57,16 @@ stage('RPM packaging') { archiveArtifacts artifacts: 'rpms-centos7.tar.gz' sh 'rm -rf output' } - }, - 'centos8': { - node { - sh 'setup_centreon_build.sh' - sh "./centreon-build/jobs/ha/${serie}/ha-package.sh centos8" - stash name: 'rpms-centos8', includes: "output/noarch/*.rpm" - archiveArtifacts artifacts: 'rpms-centos8.tar.gz' - sh 'rm -rf output' - } } + //'centos8': { + // node { + // sh 'setup_centreon_build.sh' + // sh "./centreon-build/jobs/ha/${serie}/ha-package.sh centos8" + // stash name: 'rpms-centos8', includes: "output/noarch/*.rpm" + // archiveArtifacts artifacts: 'rpms-centos8.tar.gz' + // sh 'rm -rf output' + // } + //} if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { error('Package stage failure.') } @@ -77,7 +77,7 @@ if ((env.BUILD == 'RELEASE') || (env.BUILD == 'CI') || (env.BUILD == 'QA') ) { node { sh 'setup_centreon_build.sh' unstash 'rpms-centos7' - unstash 'rpms-centos8' + //unstash 'rpms-centos8' sh "./centreon-build/jobs/ha/${serie}/ha-delivery.sh" } if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { From 3197f5d1fd06e4afdfbb56c0147cba49b8f3840e Mon Sep 17 00:00:00 2001 From: sc979 <34628915+sc979@users.noreply.github.com> Date: Wed, 2 Feb 2022 17:25:07 +0100 Subject: [PATCH 12/17] fix(chore): dependabot github automation (#51) --- .github/workflows/dependabot_jira.yml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dependabot_jira.yml b/.github/workflows/dependabot_jira.yml index 6729ffa..acaec29 100644 --- a/.github/workflows/dependabot_jira.yml +++ b/.github/workflows/dependabot_jira.yml @@ -5,9 +5,13 @@ on: types: [ opened, reopened ] branches: [ develop ] +permissions: + pull-requests: read + env: JIRA_PROJECT_KEY: "MON" JIRA_ISSUE_TYPE: "Technical" + COMPONENT_NAME: "${{ github.event.pull_request.base.repo.name }}" jobs: create_ticket: @@ -19,10 +23,19 @@ jobs: id: date run: echo "CURRENT_DATE=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV + - name: Check components name + id: name + if: ${{ env.COMPONENT_NAME == 'centreon'}} + run: echo "COMPONENT_NAME=centreon-web" >> $GITHUB_ENV + + - name: debug + id: debug + run: echo "component is ${{ env.COMPONENT_NAME }}." + - name: Login to Jira uses: atlassian/gajira-login@v2.0.0 id: login - with: + env: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} @@ -30,10 +43,11 @@ jobs: - name: Create Jira Issue uses: atlassian/gajira-create@v2.0.1 id: create - with: + env: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} + with: project: ${{ env.JIRA_PROJECT_KEY }} issuetype: ${{ env.JIRA_ISSUE_TYPE }} summary: | @@ -61,5 +75,5 @@ jobs: "customfield_10866": "${{ env.CURRENT_DATE }}", "labels": ["Dependabot"], "priority": {"name": "Highest"}, - "components":[{"name": "centreon-ha"}] + "components":[{"name": "${{ env.COMPONENT_NAME }}"}] }' From d88f3865ea79781d2d804b5b72c4ef41f839eed0 Mon Sep 17 00:00:00 2001 From: schapron Date: Wed, 23 Mar 2022 11:36:37 +0100 Subject: [PATCH 13/17] chore(CI): upgrade version to 22.04 --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 6322089..bee49ca 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,7 +1,7 @@ /* ** Variables. */ -def serie = '21.10' +def serie = '22.04' def maintenanceBranch = "${serie}.x" def qaBranch = "dev-${serie}.x" From cf5d420b25cca2c07a37ed4475582deeacebfbdb Mon Sep 17 00:00:00 2001 From: sc979 <34628915+sc979@users.noreply.github.com> Date: Wed, 23 Mar 2022 11:40:54 +0100 Subject: [PATCH 14/17] chore(SQ): skip analysis on env.build is CI (#55) --- Jenkinsfile | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index bee49ca..53e1afe 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -15,10 +15,16 @@ if (env.BRANCH_NAME.startsWith('release-')) { env.BUILD = 'CI' } +// Skip sonarQ analysis on branch without PR - Unable to merge +def securityAnalysisRequired = 'yes' +if (!env.CHANGE_ID && env.BUILD == 'CI') { + securityAnalysisRequired = 'no' +} + /* ** Pipeline code. */ -stage('Deliver sources') { +stage('Deliver and analyse sources') { node { sh 'setup_centreon_build.sh' dir('centreon-ha') { @@ -36,14 +42,21 @@ stage('Deliver sources') { reportName: 'Centreon HA Build Artifacts', reportTitles: '' ]) - withSonarQubeEnv('SonarQubeDev') { - sh "./centreon-build/jobs/ha/${serie}/ha-analysis.sh" - } - timeout(time: 10, unit: 'MINUTES') { - def qualityGate = waitForQualityGate() - if (qualityGate.status != 'OK') { - currentBuild.result = 'FAIL' + + if (securityAnalysisRequired == 'yes') { + // Run sonarQube analysis + withSonarQubeEnv('SonarQubeDev') { + sh "./centreon-build/jobs/ha/${serie}/ha-analysis.sh" } + timeout(time: 10, unit: 'MINUTES') { + def qualityGate = waitForQualityGate() + if (qualityGate.status != 'OK') { + currentBuild.result = 'FAIL' + } + } + } + if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { + error('Source stage failure.'); } } } From e8dc4cf084f25646fe02064f4691c0bb8ad47afc Mon Sep 17 00:00:00 2001 From: Thomas Untoja Date: Wed, 18 May 2022 15:20:00 +0200 Subject: [PATCH 15/17] ci: updated unstash to alma8 in Jenkinsfile --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index f8b4c6e..51df42e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -125,7 +125,7 @@ if ((env.BUILD == 'RELEASE') || (env.BUILD == 'CI') || (env.BUILD == 'QA') ) { node { sh 'setup_centreon_build.sh' unstash 'rpms-centos7' - //unstash 'rpms-centos8' + unstash 'rpms-alma8' sh "./centreon-build/jobs/ha/${serie}/ha-delivery.sh" } if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { From 925c2ed8a9f574cbc689d5c82d3c5b9a97db70aa Mon Sep 17 00:00:00 2001 From: Thomas Untoja Date: Wed, 18 May 2022 15:49:43 +0200 Subject: [PATCH 16/17] ci: remove duplicate Delivery stage --- Jenkinsfile | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 51df42e..2900d2f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -119,17 +119,3 @@ if ((env.BUILD == 'RELEASE') || (env.BUILD == 'CI') || (env.BUILD == 'QA') ) { } } } - -if ((env.BUILD == 'RELEASE') || (env.BUILD == 'CI') || (env.BUILD == 'QA') ) { - stage('Delivery') { - node { - sh 'setup_centreon_build.sh' - unstash 'rpms-centos7' - unstash 'rpms-alma8' - sh "./centreon-build/jobs/ha/${serie}/ha-delivery.sh" - } - if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { - error('Delivery stage failure.'); - } - } -} From 99886c77c2b69670eb0d9924c6a94a8a945b29a8 Mon Sep 17 00:00:00 2001 From: psame <44295022+psamecentreon@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:23:54 +0100 Subject: [PATCH 17/17] Report modification develop branch (#69) * Create centreon-ha-common.postinst * Create centreon-ha-common.install * Create centreon-ha-common.dirs * Delete centreon-ha.dirs * Delete centreon-ha.install * Delete centreon-ha.postinst --- ci/debian/centreon-ha-common.dirs | 1 + ci/debian/{centreon-ha.install => centreon-ha-common.install} | 0 ci/debian/{centreon-ha.postinst => centreon-ha-common.postinst} | 1 + ci/debian/centreon-ha.dirs | 1 - 4 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 ci/debian/centreon-ha-common.dirs rename ci/debian/{centreon-ha.install => centreon-ha-common.install} (100%) rename ci/debian/{centreon-ha.postinst => centreon-ha-common.postinst} (74%) mode change 100755 => 100644 delete mode 100644 ci/debian/centreon-ha.dirs diff --git a/ci/debian/centreon-ha-common.dirs b/ci/debian/centreon-ha-common.dirs new file mode 100644 index 0000000..3a576da --- /dev/null +++ b/ci/debian/centreon-ha-common.dirs @@ -0,0 +1 @@ +/var/log/centreon-ha diff --git a/ci/debian/centreon-ha.install b/ci/debian/centreon-ha-common.install similarity index 100% rename from ci/debian/centreon-ha.install rename to ci/debian/centreon-ha-common.install diff --git a/ci/debian/centreon-ha.postinst b/ci/debian/centreon-ha-common.postinst old mode 100755 new mode 100644 similarity index 74% rename from ci/debian/centreon-ha.postinst rename to ci/debian/centreon-ha-common.postinst index b04ccf6..5542c59 --- a/ci/debian/centreon-ha.postinst +++ b/ci/debian/centreon-ha-common.postinst @@ -5,6 +5,7 @@ if [ "$1" = "configure" ] ; then if [ "$(getent passwd centreon)" ]; then chown -vR centreon:centreon /var/log/centreon-ha chmod -vR 0755 /var/log/centreon-ha + chmod gu+x /usr/lib/ocf/resource.d/heartbeat/mariadb-centreon fi fi diff --git a/ci/debian/centreon-ha.dirs b/ci/debian/centreon-ha.dirs deleted file mode 100644 index 82d8106..0000000 --- a/ci/debian/centreon-ha.dirs +++ /dev/null @@ -1 +0,0 @@ -/var/log/centreon-ha \ No newline at end of file