stork issueshttps://gitlab.isc.org/isc-projects/stork/-/issues2024-02-28T16:28:53Zhttps://gitlab.isc.org/isc-projects/stork/-/issues/1320Duplicated rows in the service table2024-02-28T16:28:53ZSlawek FigielDuplicated rows in the service tableThe problem was reported [on the Stork-users mailing list](https://lists.isc.org/pipermail/stork-users/2024-February/000245.html).
The `service` table rows may be duplicated on some unknown conditions. It causes the HA status displayed ...The problem was reported [on the Stork-users mailing list](https://lists.isc.org/pipermail/stork-users/2024-February/000245.html).
The `service` table rows may be duplicated on some unknown conditions. It causes the HA status displayed on the Dashboard to diverge from the status presented on the application page.
The user reports that the problem occurs in Stork 1.15 but was also observed in the previous versions. The first installed version was 1.12.
Stork was installed long after configuring HA in Kea.
It seems the same problem was reported in #616 and #818.
We should check if the problem were fixed correctly in 1.7 and if the invalid table state may preserved from the previous versions.
We should also analyze if adding the unique constraint on the `service` table would be beneficial to avoid similar issues.1.16Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/1318Change database for migrating hosts2024-03-12T08:19:13ZSlawek FigielChange database for migrating hostsBelow is our current database schema:
![image](/uploads/6ff3034985b96c7a7c984478bb4ff11d/image.png)
In this structure, it is impossible to recognize which Kea daemon holds a specific IP or hostname reservation.
So, we don't know on whi...Below is our current database schema:
![image](/uploads/6ff3034985b96c7a7c984478bb4ff11d/image.png)
In this structure, it is impossible to recognize which Kea daemon holds a specific IP or hostname reservation.
So, we don't know on which Kea daemon perform the migration.
I want to make the below changes:
- Replace the `ip_reservation` table's reference to `host` table with reference to `local_host`.
- Move the `hostname` column from `host` to `local_host` table
- (Optionally) Add a single-column primary key to the `local_host` table and add a unique index on the `host_id`, `data_source`, and `daemon_id` to preserve the existing constraints.1.16Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1203Peer database authentication for SystemD service user.2023-10-17T14:04:12ZSlawek FigielPeer database authentication for SystemD service user.The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-users/2023-October/000212.html).
When the Stork server is installed using the packages, it is configured as the SystemD service.
The `stork-server` user ...The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-users/2023-October/000212.html).
When the Stork server is installed using the packages, it is configured as the SystemD service.
The `stork-server` user runs the server. But the default database user is `stork`. By default, the server connects to the database over the Unix socket. It causes the `peer` authentication method to be used (depending on distribution, it will be `trust` or `peer`).
Unfortunately, Postgres rejects the connection due to divergence between DB and the system user.
```
stork@stork LOG: provided user name (stork) and authenticated user name (stork-server) do not match
```backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1049Test prompting DB password2023-06-06T13:31:18ZSlawek FigielTest prompting DB passwordWe need a unit test that allows us to check if there is a prompt for the database password if it is not provided.
It requires refactoring the code to encapsulate the `IsRunningInTerminal` and `GetSecretInTerminal` method calls with an i...We need a unit test that allows us to check if there is a prompt for the database password if it is not provided.
It requires refactoring the code to encapsulate the `IsRunningInTerminal` and `GetSecretInTerminal` method calls with an interface to allow mock their returns.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1043System test with Postgres using the ident authentication method2023-06-06T13:29:00ZSlawek FigielSystem test with Postgres using the ident authentication methodI added some unit and system tests to check if Stork supports the main Postgres authentication methods.
I've written unit tests for `trust`, `peer`, `ident`, `md5`, and `scram-sha-256`.
I tried to write system tests for the above method,...I added some unit and system tests to check if Stork supports the main Postgres authentication methods.
I've written unit tests for `trust`, `peer`, `ident`, `md5`, and `scram-sha-256`.
I tried to write system tests for the above method, and I did it except for `ident`.
I failed to configure the ident service. Ident service is a service running on the 113 port that implements [RFC 1413](https://datatracker.ietf.org/doc/html/rfc1413).
We use Debian 10.13-slim in our system tests, and no ident service is built-in.
In the `apt` repository are available three ident packages:
- `ident2`
- `oidentd`
- `nullidentd`
I checked all, and none of them is helpful in our case.
`ident2` runs properly, but it doesn't support IPv6, but the Postgres container tries to connect over this protocol. Due to Postgres running in a Docker container, the configuration capabilities are limited. I couldn't force it to use IPv4 without strongly reconfiguring our system tests' networks.
`oidentd` supports IPv6 well, but it didn't run due to failure during dropping root privileges. The problem occurs even if I run the service with a non-root user. I suppose it is a bug that is solved in the newer versions. Unfortunately, the author provides the binary packages on their own webpage. I think it isn't a good practice to link to non-trusted webpages from the system tests' environment, so I abandoned using them. I couldn't build the application from sources because some packages are missing in our current setup, and I didn't want to extend it.
`nullidentd` is a fake ident server intended to use with `inetd`. It increases the complexity of the solution, so I didn't spend time on it.
I think the best solution is to upgrade the system tests' operating system and use `oidentd`.
An alternative is implementing a fake ident service on our own, as the RFC 1413 is a very simple protocol.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/954Fetch DHCP option definitions from the Kea servers and use them to specify op...2024-02-12T17:06:34ZMarcin SiodelskiFetch DHCP option definitions from the Kea servers and use them to specify optionsStork can use standard DHCP option definitions in the options form and in the backend to convert options from Kea to Stork format. However, Stork doesn't fetch custom option definitions from the Kea instances. Stork should fetch such opt...Stork can use standard DHCP option definitions in the options form and in the backend to convert options from Kea to Stork format. However, Stork doesn't fetch custom option definitions from the Kea instances. Stork should fetch such option definitions and use them aside standard option definitions in the form and in the backend. Creating custom option definitions is out of scope for this ticket.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/951Kea configuration versioning in the backend2023-01-31T14:43:54ZMarcin SiodelskiKea configuration versioning in the backendKea configuration can be modified from Stork or externally. Stork should be able to detect that the configuration has changed (someone modified a configuration file) and assign a version number/id to the detected configuration. It should...Kea configuration can be modified from Stork or externally. Stork should be able to detect that the configuration has changed (someone modified a configuration file) and assign a version number/id to the detected configuration. It should be possible to go back to one of the previous configurations and see what has changed.
This issue introduces suitable Stork backend changes to automatically store a trace of the old Kea configurations (perhaps in a separate table and perhaps using SQL triggers). Technically, configuration versioning is not required to implement other config-mgmnt tickets, e.g. subnet manipulation but it is related because subnet modification results in a Kea configuration change.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/854Timeout on database queries2023-10-10T11:51:26ZSlawek FigielTimeout on database queriesThe issue was found during 1.6.0 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/850#note_312612)
The database queries aren't timeout if the execution takes too long. The stuck query should be interrupted afte...The issue was found during 1.6.0 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/850#note_312612)
The database queries aren't timeout if the execution takes too long. The stuck query should be interrupted after 30s-1min. It may be helpful to automatically repeat it to handle incident disconnect without impacting the user experience.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/737Demo: Server starts earlier then the database2022-05-17T13:32:45ZSlawek FigielDemo: Server starts earlier then the databaseThe issue was found during 1.3 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/732#note_285141)
I've been testing on 733aaea2cf70106719d8065de41eeacaec66c126 (master as of today). I like the new build system a...The issue was found during 1.3 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/732#note_285141)
I've been testing on 733aaea2cf70106719d8065de41eeacaec66c126 (master as of today). I like the new build system a lot. The elapsed build time is super useful, as is the general cleaning of the `rake` tasks. I had some problems: Something that looked like a race condition (`server_1 | FATA[2022-05-09 14:56:57] main.go:45 cannot start the Stork Server: FATAL #57P03 the database system is starting up`), but after the second attempt it worked well.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/328Spelling errors in the database2023-07-27T12:21:13ZMarcin SiodelskiSpelling errors in the databaseWee have spelling errors in the database in the per subnet statistics. It should be `assigned-addresses`, but it is `assigned-addreses` (with single s). This error is repeated for total addresses and declined addresses too.Wee have spelling errors in the database in the per subnet statistics. It should be `assigned-addresses`, but it is `assigned-addreses` (with single s). This error is repeated for total addresses and declined addresses too.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/107Database migration test should include data integrity checks2022-11-16T11:54:50ZMatthijs Mekkingmatthijs@isc.orgDatabase migration test should include data integrity checksCurrently the database migration test only checks version is correct, but there should be checks that the data is intact after migration (list of machines, list of services).Currently the database migration test only checks version is correct, but there should be checks that the data is intact after migration (list of machines, list of services).backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/857Improve Postgres configuration section in doc2022-12-06T22:52:59ZSlawek FigielImprove Postgres configuration section in docThe issue was found during 1.6.0 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/850#note_312552)
I successfully installed the server from RPM on Fedora, but it turns out it may not be so trivial to properly c...The issue was found during 1.6.0 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/850#note_312552)
I successfully installed the server from RPM on Fedora, but it turns out it may not be so trivial to properly configure the Postgres database. Our ARM says this:
```
The general installation procedure for PostgreSQL is OS-specific
and is not included here. However, please note that Stork uses
pgcrypto extensions, which often come in a separate package. For
example, a postgresql-crypto package is required on Fedora and
postgresql12-contrib is needed on RHEL and CentOS.
```
which is almost correct, but the newest Fedora keeps the crypto package in `postgresql-contrib` rather than `postgresql-crypto`. We should probably slightly generalize this text to mention that crypto lib must be installed but do not be so specific what package contains it on what system because it is a moving target.outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/546migrate to bun ie. pg-go rewrite2022-02-04T08:46:21ZMichal Nowikowskimigrate to bun ie. pg-go rewritehttps://bun.uptrace.dev/guide/pg-migration.html#new-featureshttps://bun.uptrace.dev/guide/pg-migration.html#new-featuresoutstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/488Perf: dedicated call to count authorized/unauthorized machines2022-11-16T11:55:06ZTomek MrugalskiPerf: dedicated call to count authorized/unauthorized machinesThe implementation introduced in !267 to get a list of unauthorized machines is pretty inefficient. It retrieves all the machines with all the configurations just to count them. We should optimize it. One way would be to have a dedicated...The implementation introduced in !267 to get a list of unauthorized machines is pretty inefficient. It retrieves all the machines with all the configurations just to count them. We should optimize it. One way would be to have a dedicated query for simply returning the number of machines.outstanding