stork issueshttps://gitlab.isc.org/isc-projects/stork/-/issues2019-10-17T14:42:41Zhttps://gitlab.isc.org/isc-projects/stork/-/issues/20Create the initial Stork database schema and the migrations tooling2019-10-17T14:42:41ZMarcin SiodelskiCreate the initial Stork database schema and the migrations toolingWe need initial version of the database which requires tables for storing users and passwords as well as the tables for sessions. There should be a way to create this database using the *migrations* tool.We need initial version of the database which requires tables for storing users and passwords as well as the tables for sessions. There should be a way to create this database using the *migrations* tool.Stork-0.1https://gitlab.isc.org/isc-projects/stork/-/issues/25Users: manage users by the user with administrator's privileges.2019-12-02T16:09:20ZMarcin SiodelskiUsers: manage users by the user with administrator's privileges.Initially, we will have two roles in the system: superuser and the regular user. The super user should be able to manage the user information: add new user with a generated password. The user should be able to log in to the system and be...Initially, we will have two roles in the system: superuser and the regular user. The super user should be able to manage the user information: add new user with a generated password. The user should be able to log in to the system and be prompted to change the password.Stork-0.2Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/33Add schema version checking in the Stork server and upgrade if necessary2021-10-12T06:30:36ZMarcin SiodelskiAdd schema version checking in the Stork server and upgrade if necessaryWe think that server should detect database schema version upon startup. In case, the schema version is lower than the version required by the system we may either upgrade the schema or simply report an error. This ticket adds such verif...We think that server should detect database schema version upon startup. In case, the schema version is lower than the version required by the system we may either upgrade the schema or simply report an error. This ticket adds such verification to the server.Stork-0.2Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/23Machines: listing, add new machine, fetch a machine in both frontend and the ...2019-10-31T17:33:41ZMarcin SiodelskiMachines: listing, add new machine, fetch a machine in both frontend and the backend.We have to create a view with a list of machine and with a selected machine. We have to be able to specify new machine information and store it in the db. The operational status of the machine should be available.We have to create a view with a list of machine and with a selected machine. We have to be able to specify new machine information and store it in the db. The operational status of the machine should be available.Stork-0.1Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/170App can have multiple access points2020-03-10T15:54:17ZMatthijs Mekkingmatthijs@isc.orgApp can have multiple access pointsFor example, BIND9 can be accessed with `rndc` to control the daemon, or via the statistics-channel to get metrics.
Change the stork code such that multiple access points are allowed.For example, BIND9 can be accessed with `rndc` to control the daemon, or via the statistics-channel to get metrics.
Change the stork code such that multiple access points are allowed.0.6Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/stork/-/issues/82add reconnecting to DB in server2020-01-14T16:41:07ZMichal Nowikowskiadd reconnecting to DB in serverCurrently when 2 containers with server and postgres are starting it happens that server is quicker and fails while connectint to the db. To fix this server should retry connecting.Currently when 2 containers with server and postgres are starting it happens that server is quicker and fails while connectint to the db. To fix this server should retry connecting.Stork-0.3https://gitlab.isc.org/isc-projects/stork/-/issues/88add storing machines in database2019-12-05T13:15:10ZMichal Nowikowskiadd storing machines in databaseStork-0.2https://gitlab.isc.org/isc-projects/stork/-/issues/24Services: listing, add new service, fetch a service in both frontend and the ...2019-12-23T11:21:38ZMarcin SiodelskiServices: listing, add new service, fetch a service in both frontend and the backend.We have to create a view with a list of services and with a selected service. We have to be able to specify new service information and store it in the db. The operational status of the service should be available.We have to create a view with a list of services and with a selected service. We have to be able to specify new service information and store it in the db. The operational status of the service should be available.Stork-0.3https://gitlab.isc.org/isc-projects/stork/-/issues/107Database migration test should include data integrity checks2022-11-16T11:54:50ZMatthijs Mekkingmatthijs@isc.orgDatabase migration test should include data integrity checksCurrently the database migration test only checks version is correct, but there should be checks that the data is intact after migration (list of machines, list of services).Currently the database migration test only checks version is correct, but there should be checks that the data is intact after migration (list of machines, list of services).backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/180shared networks in db should be distinghuished by inet family2020-03-05T17:00:06ZMichal Nowikowskishared networks in db should be distinghuished by inet familyWhen there are 2 networks defined, one in dhcp4 and one in dhcp6 and they have the same name then creating LocalSubnets go wrong.When there are 2 networks defined, one in dhcp4 and one in dhcp6 and they have the same name then creating LocalSubnets go wrong.0.5https://gitlab.isc.org/isc-projects/stork/-/issues/136add storing Kea config in kea daemons in database2020-02-05T10:28:46ZMichal Nowikowskiadd storing Kea config in kea daemons in databaseStork-0.4Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/123Delete machine does not delete apps2020-01-27T08:38:16ZMatthijs Mekkingmatthijs@isc.orgDelete machine does not delete appsDelete machine sets a time in the `deleted` column in the database. This will no longer show the machine in the UI.
However, there is no update to the machine's applications and they will stay visible on the Dashboard.Delete machine sets a time in the `deleted` column in the database. This will no longer show the machine in the UI.
However, there is no update to the machine's applications and they will stay visible on the Dashboard.Stork-0.4Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/137Create database model for services2020-02-17T09:09:24ZMarcin SiodelskiCreate database model for servicesA service is a collection of applications which together provide some functionality. The Kea HA is the first use case for services in Stork. We need to define a model in the database which can be used for representing Kea HA, but also DN...A service is a collection of applications which together provide some functionality. The Kea HA is the first use case for services in Stork. We need to define a model in the database which can be used for representing Kea HA, but also DNS anycast service or anything else that will be defined in the future.0.5Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/165Create database model for subnets and shared networks2020-02-27T09:03:20ZMarcin SiodelskiCreate database model for subnets and shared networksWe need to support the model in which the database holds a single instance of a given subnet and multiple servers can be associated with it, e.g. in a load balancing case. We should be able to edit this subnet and then deploy it to the s...We need to support the model in which the database holds a single instance of a given subnet and multiple servers can be associated with it, e.g. in a load balancing case. We should be able to edit this subnet and then deploy it to the selected DHCP servers. As a first step (with this ticket) we should be able to detect the subnets from the Kea servers` configurations and store them in the dedicated tables.0.5Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/172Use the new subnet data model in REST API2020-02-28T16:55:09ZMarcin SiodelskiUse the new subnet data model in REST APIThis is a followup work to #165. There are two major changes required:
- When an app is added to the database we need to parse its configuration and detect the subnets it belongs to. Those subnets have to be stored in the database.
- The...This is a followup work to #165. There are two major changes required:
- When an app is added to the database we need to parse its configuration and detect the subnets it belongs to. Those subnets have to be stored in the database.
- The REST API has to be modified to return the new subnet and shared network instances.0.5https://gitlab.isc.org/isc-projects/stork/-/issues/169add storing and getting settings in database2020-03-13T17:49:26ZMichal Nowikowskiadd storing and getting settings in databaseref:
- https://gitlab.isc.org/isc-projects/stork/merge_requests/76#note_110969
- https://gitlab.isc.org/isc-projects/stork/-/wikis/Designs/Settings-in-Databaseref:
- https://gitlab.isc.org/isc-projects/stork/merge_requests/76#note_110969
- https://gitlab.isc.org/isc-projects/stork/-/wikis/Designs/Settings-in-Database0.6https://gitlab.isc.org/isc-projects/stork/-/issues/173implement storing lease stats2020-03-03T13:41:16ZMichal Nowikowskiimplement storing lease statsQueried periodically lease stats by StatsPuller in server/apps/kea should store retrieved stats to LocalSubnet table.
part of: #47 Queried periodically lease stats by StatsPuller in server/apps/kea should store retrieved stats to LocalSubnet table.
part of: #47 0.5Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/188Add data model for host reservations2020-03-17T17:54:47ZMarcin SiodelskiAdd data model for host reservationsWe need a data model in the Stork database to store host reservations. Multiple reservations may appear for a single host and the host may be identified in various ways, e.g. using MAC address, using DHCP specific values such as client i...We need a data model in the Stork database to store host reservations. Multiple reservations may appear for a single host and the host may be identified in various ways, e.g. using MAC address, using DHCP specific values such as client identifier or anything else. This ticket adds such model to the database. The reservations should initially include IP addresses and delegated prefixes. We don't store DHCP options at this point for host reservations.0.6Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/177all timestamp fields in database should have `_at` suffix2020-03-13T07:53:49ZMichal Nowikowskiall timestamp fields in database should have `_at` suffixThis is popular approach for naming timestamps:
* https://opensource.zalando.com/restful-api-guidelines/#235
* https://www.omise.co/upgrade-guide-2017-to-2019#new-naming-conventions
* https://app.sugarwod.com/developers-api-docs
In Go ...This is popular approach for naming timestamps:
* https://opensource.zalando.com/restful-api-guidelines/#235
* https://www.omise.co/upgrade-guide-2017-to-2019#new-naming-conventions
* https://app.sugarwod.com/developers-api-docs
In Go this is `At` suffix. Examples:
- in DB: stats_collected_at
- in Go: StatsCollectedAt
In Stork 'created' columns should be renamed to `created_at`.0.6https://gitlab.isc.org/isc-projects/stork/-/issues/203Handle incorrect DB credentials better.2020-04-16T15:51:04ZTomek MrugalskiHandle incorrect DB credentials better.The following discussion from !87 should be addressed:
- [ ] @tomek started a [discussion](https://gitlab.isc.org/isc-projects/stork/-/merge_requests/87#note_116349): (+1 comment)
> Install server using DEB on ubuntu 19.10. I did ...The following discussion from !87 should be addressed:
- [ ] @tomek started a [discussion](https://gitlab.isc.org/isc-projects/stork/-/merge_requests/87#note_116349): (+1 comment)
> Install server using DEB on ubuntu 19.10. I did not modify server.env yet. Here's what I saw:
>
> ```
> mar 13 12:34:10 billabong stork-server[13274]: INFO[2020-03-13 12:34:10] main.go:18 Starting Stork Server, version 0.4.0, build date 2020-03-13 10:13
> mar 13 12:34:10 billabong stork-server[13274]: database password:
> mar 13 12:34:10 billabong stork-server[13274]: 2020/03/13 12:34:10 inappropriate ioctl for device
> ```
>
> Two comments:
>
> 1. printing database password must go away.
> 2. the "inappropriate ioctl for device" message is confusing. I suspect the reason is that I haven't set values in server.env, but the error message should be more meaningful. Maybe some check if those are not defined or empty? Some empty params are ok (e.g. password).0.7Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/206Create host reservations when adding Kea app2020-03-18T20:49:07ZMarcin SiodelskiCreate host reservations when adding Kea appThe #188 introduces mechanisms to parse host reservations stored in the Kea configuration files. This issue is about triggering those mechanisms when the Kea app is being added to Stork. As a result, host reservations should be inserted ...The #188 introduces mechanisms to parse host reservations stored in the Kea configuration files. This issue is about triggering those mechanisms when the Kea app is being added to Stork. As a result, host reservations should be inserted to the database.0.6Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/228Database model for Kea High Availability2020-04-15T15:01:47ZMarcin SiodelskiDatabase model for Kea High AvailabilityAs of Kea 0.6.0, the HA status is fetched directly from the monitored Kea servers and displayed in the UI. We'd like to move to a different model in which the Stork server is fetching the HA status from the servers and stores them in the...As of Kea 0.6.0, the HA status is fetched directly from the monitored Kea servers and displayed in the UI. We'd like to move to a different model in which the Stork server is fetching the HA status from the servers and stores them in the database. The UI can then fetch this information from the db along with some additional information not present in the response to the `status-get` command. Such information may include things like last failover event seen from the Stork server's perspective or anything else that the server is able to gather from the Kea servers over a period of time.
This ticket extends the Stork database to accommodate the HA specific information.0.7Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/233Create data model for daemons2020-04-22T11:57:33ZMarcin SiodelskiCreate data model for daemonsOur UI seems to become "daemon centric". The lists we're aiming to present in the dashboard contain daemons and their statuses rather than apps and their statuses. When clicking on the given app the user is taken to the view where we hav...Our UI seems to become "daemon centric". The lists we're aiming to present in the dashboard contain daemons and their statuses rather than apps and their statuses. When clicking on the given app the user is taken to the view where we have multiple tabs, each one for each daemon. Configurations are per daemon, rather than per app and so forth.
This all implies that daemons already deserve their own SQL table(s) so as the daemon specific information (e.g. LPS stats) can be associated with them. In fact, the HA status is also presented per daemons. This ticket should introduce the new tables and fill them in with the daemon specific information upon adding a new app or refreshing an existing app. It should also handle deletion of the app. The service tables should be adopted to provide the relations to the daemon table(s) rather than app tables.0.7Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/268Detect incompatible Postgresql version2021-09-07T15:31:04ZThomas MarkwalderDetect incompatible Postgresql versionDuring initial environment setup I inadvertently pointed Stork to Postgresql 9.5. This apparently caused a SQL syntax error in the migrations code. IIRC it had something to with "AS", syntax error at or near "AS". I did not save the ...During initial environment setup I inadvertently pointed Stork to Postgresql 9.5. This apparently caused a SQL syntax error in the migrations code. IIRC it had something to with "AS", syntax error at or near "AS". I did not save the exact message. Upon pointing Stork to Postgresql 11 everything was fine.
It should be possible to detect the Postgresql version in the init db or migration logic and bail if it is too old. Barring that we might consider a more helpful failure message if possible.https://gitlab.isc.org/isc-projects/stork/-/issues/328Spelling errors in the database2023-07-27T12:21:13ZMarcin SiodelskiSpelling errors in the databaseWee have spelling errors in the database in the per subnet statistics. It should be `assigned-addresses`, but it is `assigned-addreses` (with single s). This error is repeated for total addresses and declined addresses too.Wee have spelling errors in the database in the per subnet statistics. It should be `assigned-addresses`, but it is `assigned-addreses` (with single s). This error is repeated for total addresses and declined addresses too.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/354DB migration tool must allow migration to specific schema versions2021-03-05T13:12:48ZTomek MrugalskiDB migration tool must allow migration to specific schema versionsSee background for this request: [support#16817](https://support.isc.org/Ticket/Display.html?id=16817).
There's a need to be able to migrate to specific version. In some environments (with FIPS enabled), some migrations may have to be d...See background for this request: [support#16817](https://support.isc.org/Ticket/Display.html?id=16817).
There's a need to be able to migrate to specific version. In some environments (with FIPS enabled), some migrations may have to be done manually. This is not ideal, but it's useful for troubleshooting/workaround purposes.
There should be a command, like `migrate 12`.1.0-backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/355Add server option to skip DB migration on startup2021-04-09T10:46:37ZTomek MrugalskiAdd server option to skip DB migration on startupBy default, the server always runs migrations on startup. This is convenient, as users don't need to remember about it and migrations are done automatically. However, on some systems where migration is causing problems, there should be a...By default, the server always runs migrations on startup. This is convenient, as users don't need to remember about it and migrations are done automatically. However, on some systems where migration is causing problems, there should be a way to skip migration.
When migration is disabled, the server should simply check if the schema version is as expected. If it's not, refuse to start. Alternatively, it could print a critical warning and try to run, but if the DB is not up to date, there would be problems that's impossible to predict.
Background for this request [support#16817](https://support.isc.org/Ticket/Display.html?id=16817).outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/356Make sure Stork runs on RHEL7 with FIPS enabled2020-08-11T07:58:05ZTomek MrugalskiMake sure Stork runs on RHEL7 with FIPS enabledThere's a report that Stork migration fails on RHEL7 with FIPS enabled.
For details, see [support#16817](https://support.isc.org/Ticket/Display.html?id=16817).
On a related note, we should migrate away from poor security algorithms lik...There's a report that Stork migration fails on RHEL7 with FIPS enabled.
For details, see [support#16817](https://support.isc.org/Ticket/Display.html?id=16817).
On a related note, we should migrate away from poor security algorithms like MD5 and use something modern.0.10Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/367migration tool up to version X doesn't work, doesn't report its own version (-h)2021-04-09T10:44:12ZTomek Mrugalskimigration tool up to version X doesn't work, doesn't report its own version (-h)Two problems with the migration tool:
- the migration to specific version doesn't work, `stork-db-migrate up 20` always migrates to latest version.
- Every software should be able to return its own version using -v or --version.Two problems with the migration tool:
- the migration to specific version doesn't work, `stork-db-migrate up 20` always migrates to latest version.
- Every software should be able to return its own version using -v or --version.outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/366Debug/verbose mode to db migration2021-03-05T13:12:51ZTomek MrugalskiDebug/verbose mode to db migrationOur DB schema is not documented anywhere and it's stored in .go files. There was one incident when migration failed and it was difficult to debug what exactly was going on. We need a `--debug` or `--verbose` flag that would print each DB...Our DB schema is not documented anywhere and it's stored in .go files. There was one incident when migration failed and it was difficult to debug what exactly was going on. We need a `--debug` or `--verbose` flag that would print each DB migration schema before it's actually applied.0.12Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/stork/-/issues/403Support for DB connection encryption2021-11-09T13:33:40ZTomek MrugalskiSupport for DB connection encryptionOne of the issues pointed out in [security audit 1](https://gitlab.isc.org/isc-private/stork/-/wikis/SecurityAudit1) was that the Postgres connection is not encrypted. It doesn't have to be always encrypted, but we need to implement a wa...One of the issues pointed out in [security audit 1](https://gitlab.isc.org/isc-private/stork/-/wikis/SecurityAudit1) was that the Postgres connection is not encrypted. It doesn't have to be always encrypted, but we need to implement a way to use TLS for more security conscious users.1.0Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/484Committing Kea app to the database may hang2021-03-02T16:08:17ZMarcin SiodelskiCommitting Kea app to the database may hangWhen I was testing #483, I came across an issue described in the following comment: https://gitlab.isc.org/isc-projects/stork/-/merge_requests/267#note_195348.
In order to reproduce, follow these steps:
- Start Stork server,
- Make sure...When I was testing #483, I came across an issue described in the following comment: https://gitlab.isc.org/isc-projects/stork/-/merge_requests/267#note_195348.
In order to reproduce, follow these steps:
- Start Stork server,
- Make sure that no Kea app runs on the machine with an agent,
- Launch agent registration procedure,
- Approve agent registration in the UI,
- Start Kea app on the monitored machine and allow some time for the agent to discover the Kea app,
- Navigate to the machine page and click "Get Latest State"
The request to get state should hang (not return status 200) and the app should be neither visible in the UI nor in the database. The database transaction committing the app to the database should hang.
As I explained in the following comment: https://gitlab.isc.org/isc-projects/stork/-/merge_requests/267#note_195373, the issue appears to be related to committing events to the database outside of an open transaction. We may consider committing the events within the transaction, but we should investigate why exactly it hangs to avoid this issue in the future.https://gitlab.isc.org/isc-projects/stork/-/issues/488Perf: dedicated call to count authorized/unauthorized machines2022-11-16T11:55:06ZTomek MrugalskiPerf: dedicated call to count authorized/unauthorized machinesThe implementation introduced in !267 to get a list of unauthorized machines is pretty inefficient. It retrieves all the machines with all the configurations just to count them. We should optimize it. One way would be to have a dedicated...The implementation introduced in !267 to get a list of unauthorized machines is pretty inefficient. It retrieves all the machines with all the configurations just to count them. We should optimize it. One way would be to have a dedicated query for simply returning the number of machines.outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/515Ability to export certificates from Stork2021-05-31T07:04:11ZTomek MrugalskiAbility to export certificates from StorkStork stores its certificates in a database. @tomek feels (and @fdupont agrees) that there needs to be an ability to import and export certificates. Here are couple usecases:
1. there is a problem with TLS and it needs to be investigate...Stork stores its certificates in a database. @tomek feels (and @fdupont agrees) that there needs to be an ability to import and export certificates. Here are couple usecases:
1. there is a problem with TLS and it needs to be investigated. The standard practice is to inspect the certificates using openssl.
2. admin wants to inspect the traffic and decode the traffic, e.g. wireshark allows such ability, but it of course requires providing the necessary secrets.
3. an audit wants to inspect certificates and perform some form of automated checks
A more advanced case would be this:
4. a deployment with high security requirements would want to generate its own certs and keys and provision them to Stork. This by definition would be a manual process
Since the last item requires import capabilities, it is currently out of scope for this ticket. But it would very useful and also the next logical step after we get the export capability.0.18Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/571get events failing (0.19)2021-09-03T10:49:59ZTomek Mrugalskiget events failing (0.19)This is a follow-up to the sanity check issue discovered (see [here](https://gitlab.isc.org/isc-projects/stork/-/issues/569#note_229567) ).
Steps to reproduce:
1. Install 0.19 RPMs for server and agent
2. start server on port 8080: `sys...This is a follow-up to the sanity check issue discovered (see [here](https://gitlab.isc.org/isc-projects/stork/-/issues/569#note_229567) ).
Steps to reproduce:
1. Install 0.19 RPMs for server and agent
2. start server on port 8080: `systemctl start isc-stork-server`
3. run agent: `stork-agent --server-url http://192.168.56.101:8000/ --host 192.168.56.101 --port 8080`
4. go to UI, click unauthorized, authorize the new machine
5. nagivate to Services>Machines, click on the machine.
![cannot-get-events](/uploads/84b80aa2dd7b15c641305a733ef7803a/cannot-get-events.png)
When looking at the firefox console, I got this:
![500-error](/uploads/377dee8e5625f70ba1efaaa94383fb1f/500-error.png)
The response says: `{"message":"problem with fetching events from the database"}`.
The server log prints lots of data, but this one seems relevant: ```#033[31mERRO#033[0m[2021-08-11 12:22:19] events.go:63 problem with getting events: ERROR #42846 cannot cast type jsonb to integer```
Full logs attached:
[centos8-stork.log](/uploads/c4397c406587f463f731199ca01baf12/centos8-stork.log)0.20Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/546migrate to bun ie. pg-go rewrite2022-02-04T08:46:21ZMichal Nowikowskimigrate to bun ie. pg-go rewritehttps://bun.uptrace.dev/guide/pg-migration.html#new-featureshttps://bun.uptrace.dev/guide/pg-migration.html#new-featuresoutstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/858Support passwordless database authentication.2023-10-17T12:34:25ZSlawek FigielSupport passwordless database authentication.The issue was found during 1.6.0 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/850#note_312559)
Another issue with setting up the database on Fedora 36 is how to create database schema with the `stork-tool` ...The issue was found during 1.6.0 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/850#note_312559)
Another issue with setting up the database on Fedora 36 is how to create database schema with the `stork-tool` using the default PostgreSQL `pg_hba.conf` file. It uses `peer` and `ident` authentication methods by default but `stork-tool` prompts for the admin password. Leaving password blank causes authentication failures. Setting up postgres password in the database, using the `\password` command doesn't seem to resolve the problem until authentication methods are changed to `password` in the `pg_hba.conf`. The tool should be more friendly with regards to different authentication methods. If nothing else, we should document how to deal with the default database setup like this.1.10Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/573Change sslmode based on server.env2021-11-09T14:22:02ZbradleymccandlessChange sslmode based on server.envDatabase connections are hardcoded with sslmode='disable'. We should add a variable in server.env that can change this value.Database connections are hardcoded with sslmode='disable'. We should add a variable in server.env that can change this value.1.0https://gitlab.isc.org/isc-projects/stork/-/issues/678Upgrade go-pg to version 102022-02-04T08:46:22ZMarcin SiodelskiUpgrade go-pg to version 10The currently used go-pg version is already pretty old. It would be good to migrate to the new version v10: https://github.com/go-pg/pg/blob/v10/CHANGELOG.md. One of the useful features is "Added pg.DBI which is a DB interface implemente...The currently used go-pg version is already pretty old. It would be good to migrate to the new version v10: https://github.com/go-pg/pg/blob/v10/CHANGELOG.md. One of the useful features is "Added pg.DBI which is a DB interface implemented by pg.DB and pg.Tx".1.1Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/676[ISC-support #19985] Fix database migration in Stork 1.0.02023-01-03T13:11:06ZMarcin Siodelski[ISC-support #19985] Fix database migration in Stork 1.0.0The database migration 37, among other things, does this:
```sql
...
DELETE FROM host;
...
-- Add a missing foreign key to host table.
ALTER TABLE local_host
ADD CONSTRAINT local_host_to_host_id FOREIGN KEY (host_id)
REFEREN...The database migration 37, among other things, does this:
```sql
...
DELETE FROM host;
...
-- Add a missing foreign key to host table.
ALTER TABLE local_host
ADD CONSTRAINT local_host_to_host_id FOREIGN KEY (host_id)
REFERENCES host (id) MATCH SIMPLE
ON UPDATE CASCADE
ON DELETE CASCADE;
```
The first statement relies on the presence of the foreign key which is added later. This causes constraint violation issues when people migrate databases that include host reservations. The order of these operations must be swapped.
Current workaround for this issue is to manually run:
```sql
DELETE FROM local_host;
```
using psql.1.1Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/737Demo: Server starts earlier then the database2022-05-17T13:32:45ZSlawek FigielDemo: Server starts earlier then the databaseThe issue was found during 1.3 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/732#note_285141)
I've been testing on 733aaea2cf70106719d8065de41eeacaec66c126 (master as of today). I like the new build system a...The issue was found during 1.3 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/732#note_285141)
I've been testing on 733aaea2cf70106719d8065de41eeacaec66c126 (master as of today). I like the new build system a lot. The elapsed build time is super useful, as is the general cleaning of the `rake` tasks. I had some problems: Something that looked like a race condition (`server_1 | FATA[2022-05-09 14:56:57] main.go:45 cannot start the Stork Server: FATAL #57P03 the database system is starting up`), but after the second attempt it worked well.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/857Improve Postgres configuration section in doc2022-12-06T22:52:59ZSlawek FigielImprove Postgres configuration section in docThe issue was found during 1.6.0 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/850#note_312552)
I successfully installed the server from RPM on Fedora, but it turns out it may not be so trivial to properly c...The issue was found during 1.6.0 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/850#note_312552)
I successfully installed the server from RPM on Fedora, but it turns out it may not be so trivial to properly configure the Postgres database. Our ARM says this:
```
The general installation procedure for PostgreSQL is OS-specific
and is not included here. However, please note that Stork uses
pgcrypto extensions, which often come in a separate package. For
example, a postgresql-crypto package is required on Fedora and
postgresql12-contrib is needed on RHEL and CentOS.
```
which is almost correct, but the newest Fedora keeps the crypto package in `postgresql-contrib` rather than `postgresql-crypto`. We should probably slightly generalize this text to mention that crypto lib must be installed but do not be so specific what package contains it on what system because it is a moving target.outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/854Timeout on database queries2023-10-10T11:51:26ZSlawek FigielTimeout on database queriesThe issue was found during 1.6.0 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/850#note_312612)
The database queries aren't timeout if the execution takes too long. The stuck query should be interrupted afte...The issue was found during 1.6.0 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/850#note_312612)
The database queries aren't timeout if the execution takes too long. The stuck query should be interrupted after 30s-1min. It may be helpful to automatically repeat it to handle incident disconnect without impacting the user experience.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/818HA state unavailable, though working2024-02-26T14:50:32ZNicolas EHA state unavailable, though working---
Stork 1.4.0 is showing both Kea 2.1.7 dhcp4 servers in HA+MT with state unavailable.
Actually, there are both working fine, as Stork server is.
**To Reproduce**
Steps to reproduce the behaviour:
1. Run Kea 2.1.7 in High-availability...---
Stork 1.4.0 is showing both Kea 2.1.7 dhcp4 servers in HA+MT with state unavailable.
Actually, there are both working fine, as Stork server is.
**To Reproduce**
Steps to reproduce the behaviour:
1. Run Kea 2.1.7 in High-availability hot-standby + Multi Threading on two machines, Stork server running on machine 1
2. Restart both machine (to be sure to be sure)
3. Witness that after every daemon has started, and the logs are showing a correct HA state (machine 1 = primary and OK, machine 2 in hot-standby)
4. Make some tests (stop one dhcp4 service, validate that clients still get served, restart, witness a correct chat between both nodes)
5. During all this, the stork web GUI dashboard (very first page after login) is showing : "HA state unavailable"
When clicking on the "unavailable" clickable link, it leads me to a page where everything is green, OK, correct, valid as it can be.
**Expected behaviour**
The dashboard show report a situation as happy as the reality is when looking at the details pages, or in the logs, or in the currently running services.
**Environment:**
- Kea version: 2.1.7
- Stork agent + server : 1.4.0
- OS: Debian 11 bullseye
**Contacting you**
admin@sitpi.fr1.7Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/887Question: who connects to the postgresql database ? Unix sockets possible ?2022-10-26T12:35:33ZmikygeeQuestion: who connects to the postgresql database ? Unix sockets possible ?Hello,
I don't understand this part in the documentation.
Accorrding to this, the clients connect directly to the database ? That looks unusual.
Usually the stork clients would connect to the stork server and the stork server would conn...Hello,
I don't understand this part in the documentation.
Accorrding to this, the clients connect directly to the database ? That looks unusual.
Usually the stork clients would connect to the stork server and the stork server would connect to the database.
![image](/uploads/079adc417410b068ad2aa3727228775d/image.png)
If so, I would I configure the stork server to use unix sockets because I would like to disable the TCP/IP stack (more secure and faster)
Regardshttps://gitlab.isc.org/isc-projects/stork/-/issues/889Feature Request: Possibility to connect to the postgresql database using Unix...2023-10-17T12:34:25ZmikygeeFeature Request: Possibility to connect to the postgresql database using Unix socketsHello,
According to the documentation and to this discussion #887, it's not possible that the stork server uses unix sockets to connect to the database.
It's sometimes a good choice to rely on unix sockets instead of tcp/ip (should be f...Hello,
According to the documentation and to this discussion #887, it's not possible that the stork server uses unix sockets to connect to the database.
It's sometimes a good choice to rely on unix sockets instead of tcp/ip (should be faster and more secure)
It would be nice to have this implementation within the stork server.
Regardsbackloghttps://gitlab.isc.org/isc-projects/stork/-/issues/951Kea configuration versioning in the backend2023-01-31T14:43:54ZMarcin SiodelskiKea configuration versioning in the backendKea configuration can be modified from Stork or externally. Stork should be able to detect that the configuration has changed (someone modified a configuration file) and assign a version number/id to the detected configuration. It should...Kea configuration can be modified from Stork or externally. Stork should be able to detect that the configuration has changed (someone modified a configuration file) and assign a version number/id to the detected configuration. It should be possible to go back to one of the previous configurations and see what has changed.
This issue introduces suitable Stork backend changes to automatically store a trace of the old Kea configurations (perhaps in a separate table and perhaps using SQL triggers). Technically, configuration versioning is not required to implement other config-mgmnt tickets, e.g. subnet manipulation but it is related because subnet modification results in a Kea configuration change.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/952Extend the subnet data model with DHCP parameters2023-03-06T20:33:29ZMarcin SiodelskiExtend the subnet data model with DHCP parametersThe #931 introduces subnet view. However, Stork data model includes a limited number of parameters. We need to extend the database model to include additional parameters. Some of the parameters are trivial, e.g. valid lifetime, but some ...The #931 introduces subnet view. However, Stork data model includes a limited number of parameters. We need to extend the database model to include additional parameters. Some of the parameters are trivial, e.g. valid lifetime, but some are more complex (e.g., client classes, pools and options). The data model must make it efficient to query a subnet along with its DHCP parameters. We should also differentiate some of the parameters between different servers (use a local subnet concept, like we do for local host).1.10Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/959Move the pools from the subnet to local subnet2023-05-16T14:45:44ZMarcin SiodelskiMove the pools from the subnet to local subnetMultiple DHCP servers can serve the same subnet. Imagine a setup where two servers do some kind of load balancing and each of the servers uses different set of pools. The current Stork data model does not facilitate such a use case becau...Multiple DHCP servers can serve the same subnet. Imagine a setup where two servers do some kind of load balancing and each of the servers uses different set of pools. The current Stork data model does not facilitate such a use case because pools are the direct property of the subnet. It means that all servers must have the same pools configured for the subnet. We should move the pools definitions from the `subnet` table to the `local_subnet` table. This data model change requires the changes in the REST API calls and in the UI.1.11Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/1007Go over our database update statements and exclude created_at updates2023-04-18T14:34:57ZMarcin SiodelskiGo over our database update statements and exclude created_at updatesWhen I was working on #996, I realised that our `dbmodel.Update...` calls may be wrongly updating the `created_at` columns. It becomes apparent when you have an instance in the database and, instead of getting it before the update from t...When I was working on #996, I realised that our `dbmodel.Update...` calls may be wrongly updating the `created_at` columns. It becomes apparent when you have an instance in the database and, instead of getting it before the update from the database, you create a sibling instance and attempt to use it in the update. In that case, you typically don't set the `created_at` value and it defaults to nil. As a result, `go-pg` will try to set the nil value which is prohibited due to the `NOT NULL` constraint.
In general, the updates should not modify this timestamp. Therefore, the `created_at` column should be excluded from the update statement, like this:
```golang
result, err := tx.Model(host).WherePK().ExcludeColumn("created_at").Update()
```
I think we're lucky we haven't hit this issue before.1.11Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/954Fetch DHCP option definitions from the Kea servers and use them to specify op...2024-02-12T17:06:34ZMarcin SiodelskiFetch DHCP option definitions from the Kea servers and use them to specify optionsStork can use standard DHCP option definitions in the options form and in the backend to convert options from Kea to Stork format. However, Stork doesn't fetch custom option definitions from the Kea instances. Stork should fetch such opt...Stork can use standard DHCP option definitions in the options form and in the backend to convert options from Kea to Stork format. However, Stork doesn't fetch custom option definitions from the Kea instances. Stork should fetch such option definitions and use them aside standard option definitions in the form and in the backend. Creating custom option definitions is out of scope for this ticket.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1148Improve creating DB guide for modern Postgres2023-10-02T16:47:43ZSlawek FigielImprove creating DB guide for modern PostgresThe issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-users/2023-August/000168.html).
Some modern Postgres versions may require explicitly granting the privileges on the `public` schema to Stork users. We sh...The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-users/2023-August/000168.html).
Some modern Postgres versions may require explicitly granting the privileges on the `public` schema to Stork users. We should mention it in our documentation.
```
GRANT ALL ON SCHEMA public TO stork;
```1.13Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1018DB password is not prompted2023-06-06T12:40:54ZSlawek FigielDB password is not promptedThe issue was reported by @marcin during 1.10 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/1009#note_364567).
I build stork-server on mac and attempted to start it. I am getting the following error:
```
./...The issue was reported by @marcin during 1.10 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/1009#note_364567).
I build stork-server on mac and attempted to start it. I am getting the following error:
```
./stork-server --rest-static-files-dir=/Users/marcin/devel/stork-build/usr/share/stork/www/ --db-host=/tmp/ --db-user=stork
WARN[2023-04-04 16:30:09] server.go:195 The hook directory: '/var/lib/stork-server/hooks' doesn't exist error="cannot find plugin paths in: /var/lib/stork-server/hooks: cannot list hook directory: /var/lib/stork-server/hooks: open /var/lib/stork-server/hooks: no such file or directory"
INFO[2023-04-04 16:30:09] connection.go:90 Checking connection to database
FATA[2023-04-04 16:30:09] main.go:63 Cannot start the Stork Server: FATAL #28P01 empty password returned by client
unable to connect to the database using provided settings
isc.org/stork/server/database.NewPgDBConn
/Users/marcin/devel/stork-1.10.0/backend/server/database/connection.go:99
isc.org/stork/server/database.NewApplicationDatabaseConn
/Users/marcin/devel/stork-1.10.0/backend/server/database/connection.go:152
isc.org/stork/server.(*StorkServer).Bootstrap
/Users/marcin/devel/stork-1.10.0/backend/server/server.go:202
main.main
/Users/marcin/devel/stork-1.10.0/backend/cmd/stork-server/main.go:61
runtime.main
/Users/marcin/devel/stork-1.10.0/tools/golang/go/src/runtime/proc.go:250
runtime.goexit
/Users/marcin/devel/stork-1.10.0/tools/golang/go/src/runtime/asm_amd64.s:1594
```
Our help says that it is recommended to leave the password blank to be prompted, but I am not prompted.
Oddly enough, I can be prompted when I do this:
```
$ ./stork-server --rest-static-files-dir=/Users/marcin/devel/stork-build/usr/share/stork/www/ --db-host=/tmp/ --db-user=stork --db-password=" "
WARN[2023-04-04 16:33:28] server.go:195 The hook directory: '/var/lib/stork-server/hooks' doesn't exist error="cannot find plugin paths in: /var/lib/stork-server/hooks: cannot list hook directory: /var/lib/stork-server/hooks: open /var/lib/stork-server/hooks: no such file or directory"
INFO[2023-04-04 16:33:28] connection.go:90 Checking connection to database
database password for user stork:
```1.11Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1023After upgrade to 1.10 with PostgreSQL database server will no longer start2023-04-11T11:13:24ZKevin FlemingAfter upgrade to 1.10 with PostgreSQL database server will no longer start**Describe the bug**
Working system running Stork 1.9 was upgraded to 1.10; server will no longer start, see log below.
**To Reproduce**
Steps to reproduce the behavior:
1. `systemctl start isc-stork-server`
**Expected behavior**
Stork...**Describe the bug**
Working system running Stork 1.9 was upgraded to 1.10; server will no longer start, see log below.
**To Reproduce**
Steps to reproduce the behavior:
1. `systemctl start isc-stork-server`
**Expected behavior**
Stork server should start as it did before the upgrade.
**Environment:**
- Stork: 1.10.0.230404081226
- OS: Debian Bullseye amd64
**Additional Information**
```
Apr 10 06:44:20 stork22 systemd[1]: Started ISC Stork Server.
Apr 10 06:44:20 stork22 stork-server[73617]: time="2023-04-10 06:44:20" level="warning" msg="The hook directory: '/var/lib/stork-server/hooks' doesn't exist" file=" server.go:195 " error="cannot find plugin paths in: /var/lib/stork-server/hooks: cannot list hook directory: /var/lib/stork-server/hooks: open /var/lib/stork-server/hooks: no such file or directory"
Apr 10 06:44:20 stork22 stork-server[73617]: time="2023-04-10 06:44:20" level="info" msg="Checking connection to database" file=" connection.go:90 "
Apr 10 06:44:20 stork22 stork-server[73617]: time="2023-04-10 06:44:20" level="fatal" msg="Cannot start the Stork Server: Not running in a terminal\nisc.org/stork/util.GetSecretInTerminal\n\t/builds/isc-projects/stork/backend/util/util.go:232\nisc.org/stork/server/database.NewPgDBConn\n\t/builds/isc-projects/stork/backend/server/database/connection.go:103\nisc.org/stork/server/database.NewApplicationDatabaseConn\n\t/builds/isc-projects/stork/backend/server/database/connection.go:152\nisc.org/stork/server.(*StorkServer).Bootstrap\n\t/builds/isc-projects/stork/backend/server/server.go:202\nmain.main\n\t/builds/isc-projects/stork/backend/cmd/stork-server/main.go:61\nruntime.main\n\t/builds/isc-projects/stork/tools/golang/go/src/runtime/proc.go:250\nruntime.goexit\n\t/builds/isc-projects/stork/tools/golang/go/src/runtime/asm_amd64.s:1594" file=" main.go:63 "
Apr 10 06:44:20 stork22 systemd[1]: isc-stork-server.service: Main process exited, code=exited, status=1/FAILURE
Apr 10 06:44:20 stork22 systemd[1]: isc-stork-server.service: Failed with result 'exit-code'.
```
server.env contains:
```
STORK_DATABASE_NAME=stork
STORK_DATABASE_USER_NAME=stork
STORK_DATABASE_PASSWORD=<redacted>
STORK_REST_HOST=2001:470:8afe:64::115
STORK_REST_PORT=8989
STORK_REST_STATIC_FILES_DIR=/usr/share/stork/www
STORK_SERVER_ENABLE_METRICS=true
```https://gitlab.isc.org/isc-projects/stork/-/issues/1022Cannot log in to UI while Postgres uses "trust" authentication2023-06-05T17:31:34ZSlawek FigielCannot log in to UI while Postgres uses "trust" authenticationThe issue was reported by @marcin during 1.10 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/1009#note_364608).
I am unable to log in to the Stork UI when Postgres is using `trust` authentication with no pass...The issue was reported by @marcin during 1.10 sanity checks. [Source](https://gitlab.isc.org/isc-projects/stork/-/issues/1009#note_364608).
I am unable to log in to the Stork UI when Postgres is using `trust` authentication with no password.
Suppose that's part of your `pg_hba.conf`:
```
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all stork trust
local all all peer
```
It configures the database to allow user Stork with no password. I can start Stork server with this configuration and an empty (default) password. However, I get an error trying to login to the Stork UI because the session manager is using libpq library (not a `go-pg` library) which in our case is not handling well this authentication method:
```
stork-server[17064]: 2023/04/04 20:44:35 pq: password authentication failed for user "stork"
```
Using the `password` authentication and specifying the password in the `server.env` file works.
BTW, I tried it on Ubuntu 22.04 with Stork installed from the packages.1.11Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1025System test with the Stork server and database server running in the same con...2023-05-31T11:58:15ZSlawek FigielSystem test with the Stork server and database server running in the same containerSome users install the Stork and Postgres servers on the same machine. Unfortunately, this case isn't covered by our system tests. We install these components in two separate containers. In both cases, the technical details of the connec...Some users install the Stork and Postgres servers on the same machine. Unfortunately, this case isn't covered by our system tests. We install these components in two separate containers. In both cases, the technical details of the connection between Stork and Postgres differ. We got some bug reports after 1.10 that occurred only while Stork and Postgres were installed on the same machine and communicated over Unix sockets.
We must add system tests to check this setup and guarantee Stork runs appropriately.1.11Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1043System test with Postgres using the ident authentication method2023-06-06T13:29:00ZSlawek FigielSystem test with Postgres using the ident authentication methodI added some unit and system tests to check if Stork supports the main Postgres authentication methods.
I've written unit tests for `trust`, `peer`, `ident`, `md5`, and `scram-sha-256`.
I tried to write system tests for the above method,...I added some unit and system tests to check if Stork supports the main Postgres authentication methods.
I've written unit tests for `trust`, `peer`, `ident`, `md5`, and `scram-sha-256`.
I tried to write system tests for the above method, and I did it except for `ident`.
I failed to configure the ident service. Ident service is a service running on the 113 port that implements [RFC 1413](https://datatracker.ietf.org/doc/html/rfc1413).
We use Debian 10.13-slim in our system tests, and no ident service is built-in.
In the `apt` repository are available three ident packages:
- `ident2`
- `oidentd`
- `nullidentd`
I checked all, and none of them is helpful in our case.
`ident2` runs properly, but it doesn't support IPv6, but the Postgres container tries to connect over this protocol. Due to Postgres running in a Docker container, the configuration capabilities are limited. I couldn't force it to use IPv4 without strongly reconfiguring our system tests' networks.
`oidentd` supports IPv6 well, but it didn't run due to failure during dropping root privileges. The problem occurs even if I run the service with a non-root user. I suppose it is a bug that is solved in the newer versions. Unfortunately, the author provides the binary packages on their own webpage. I think it isn't a good practice to link to non-trusted webpages from the system tests' environment, so I abandoned using them. I couldn't build the application from sources because some packages are missing in our current setup, and I didn't want to extend it.
`nullidentd` is a fake ident server intended to use with `inetd`. It increases the complexity of the solution, so I didn't spend time on it.
I think the best solution is to upgrade the system tests' operating system and use `oidentd`.
An alternative is implementing a fake ident service on our own, as the RFC 1413 is a very simple protocol.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1049Test prompting DB password2023-06-06T13:31:18ZSlawek FigielTest prompting DB passwordWe need a unit test that allows us to check if there is a prompt for the database password if it is not provided.
It requires refactoring the code to encapsulate the `IsRunningInTerminal` and `GetSecretInTerminal` method calls with an i...We need a unit test that allows us to check if there is a prompt for the database password if it is not provided.
It requires refactoring the code to encapsulate the `IsRunningInTerminal` and `GetSecretInTerminal` method calls with an interface to allow mock their returns.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1203Peer database authentication for SystemD service user.2023-10-17T14:04:12ZSlawek FigielPeer database authentication for SystemD service user.The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-users/2023-October/000212.html).
When the Stork server is installed using the packages, it is configured as the SystemD service.
The `stork-server` user ...The issue was reported on [our mailing list](https://lists.isc.org/pipermail/stork-users/2023-October/000212.html).
When the Stork server is installed using the packages, it is configured as the SystemD service.
The `stork-server` user runs the server. But the default database user is `stork`. By default, the server connects to the database over the Unix socket. It causes the `peer` authentication method to be used (depending on distribution, it will be `trust` or `peer`).
Unfortunately, Postgres rejects the connection due to divergence between DB and the system user.
```
stork@stork LOG: provided user name (stork) and authenticated user name (stork-server) do not match
```backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1320Duplicated rows in the service table2024-02-28T16:28:53ZSlawek FigielDuplicated rows in the service tableThe problem was reported [on the Stork-users mailing list](https://lists.isc.org/pipermail/stork-users/2024-February/000245.html).
The `service` table rows may be duplicated on some unknown conditions. It causes the HA status displayed ...The problem was reported [on the Stork-users mailing list](https://lists.isc.org/pipermail/stork-users/2024-February/000245.html).
The `service` table rows may be duplicated on some unknown conditions. It causes the HA status displayed on the Dashboard to diverge from the status presented on the application page.
The user reports that the problem occurs in Stork 1.15 but was also observed in the previous versions. The first installed version was 1.12.
Stork was installed long after configuring HA in Kea.
It seems the same problem was reported in #616 and #818.
We should check if the problem were fixed correctly in 1.7 and if the invalid table state may preserved from the previous versions.
We should also analyze if adding the unique constraint on the `service` table would be beneficial to avoid similar issues.1.16Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/1318Change database for migrating hosts2024-03-12T08:19:13ZSlawek FigielChange database for migrating hostsBelow is our current database schema:
![image](/uploads/6ff3034985b96c7a7c984478bb4ff11d/image.png)
In this structure, it is impossible to recognize which Kea daemon holds a specific IP or hostname reservation.
So, we don't know on whi...Below is our current database schema:
![image](/uploads/6ff3034985b96c7a7c984478bb4ff11d/image.png)
In this structure, it is impossible to recognize which Kea daemon holds a specific IP or hostname reservation.
So, we don't know on which Kea daemon perform the migration.
I want to make the below changes:
- Replace the `ip_reservation` table's reference to `host` table with reference to `local_host`.
- Move the `hostname` column from `host` to `local_host` table
- (Optionally) Add a single-column primary key to the `local_host` table and add a unique index on the `host_id`, `data_source`, and `daemon_id` to preserve the existing constraints.1.16Slawek FigielSlawek Figiel