unattended update without questions (saltstack) - updates

How to correctly update hosts in saltstack?
cmd.run "apt update && apt upgrade -y"
sometimes asks confirmation to overwrite config files with new version, how automatically preserve the current config file? "Y/N"
or
there are better way to update entire system via salt-stack?

There is the pkg module. Use it like that:
salt '*' pkg.upgrade --refresh=True

You can use the pkg.upgrade module, or you could schedule a pkg.uptodate state.
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.uptodate
And use the salt scheduler to run it periodically.
https://docs.saltstack.com/en/latest/topics/jobs/#scheduling-jobs

Related

Gerrit review not found in spite of present in DB

We are using Gerrit 2.12 with MySQL DB. There is one review open for a while but when I try to access it from Gerrit UI, I get following error.
The page you requested was not found, or you do not have permission to view this page.
I am logged into the UI and my account have administrative capabilities.I can see the entry of the change in changes table in data base. Should reindexing solve the problem? I am more curious about what was the trigger for disappearance of change in UI.
I had the same problem. I have verified if the changes were there in the repository by cloning the corresponding change under refs/changes branch.
As the documentation says, When a commit is pushed for review, Gerrit stores it in a staging area which is a branch in the special refs/changes/ namespace. A change ref has the format refs/changes/XX/YYYY/ZZ where YYYY is the numeric change number, ZZ is the patch set number and XX is the last two digits of the numeric change number, e.g. refs/changes/20/884120/1. Understanding the format of this ref is not required for working with Gerrit.
Using the change ref, git clients can fetch the corresponding commit, e.g. for local verification.
git clone <URL>
cd <reponame>
git fetch https://yourhostname/reponame refs/changes/16/261016/1 && git checkout FETCH_HEAD
If you find the fetch to be happening successful, it means that the change is present and therefore a full reindex as the appropriate user should fix.
su gerrit -c "java -jar gerrit.war reindex"
PS. Online reindex did not help in my case. I had to do a full offline reindex as above.

Zabbix - track config files

I would like to track changes to one config file. The reason for this is that multiple users access it to solve different issues, but every now and then those fixes break something else. diff function in Zabbix shows that a file was changed, but I would like Zabbix to also track what changed. Is there a combination of triggers that would let me do that? Any help is greatly appreciated.
Do you store file checksum or contents in the item? In any case, there is no built-in way to do that, but you can implement it with a script.
If checksum, you will need a way to store the previous version, new version and run the diff command. The easiest would be a userparameter that would do a diff between a temporary copy of the file and the current copy, then copy the current file over the temporary copy. In this case, you would store diff results directly in an item and your trigger would check that the last value is not an empty string. See https://www.zabbix.com/documentation/3.0/manual/config/items/userparameters for more information on userparameters.
If you are storing file contents already, presumably you want to reuse them. This would be a bit more complicated, as you would have to kick off the script whenever a new value arrives - maybe a special trigger could kick off an action that would compare the last two values (probably using the API), then push the result in another item that has another trigger. Unless you have a good reason to do it this way, I'd opt for the first approach.
Make a copy off your file
file.txt.copy or something like that. Make this file only writable by zabbix.
Create an item and trigger on zabbix to check when the file was changed (using diff or checksum)
Create a action on zabbix to execute a script that will
1 - diff between file.txt and file.txt.copy and send this diference to your email
2 - Copy file.txt to file.txt.copy so you can do the diff next time the file change.
To reate a action with script.
Create a action on zabbix. Go to "operations" tab. Select "Remote Command" from option.
Choose custom script.
Put the script with the whole path and arg's.
Sample
/opt/script/my_script.sh
The user zabbix must have permission to ruin the script.
Zabbix docs

MediaWiki Hook for Installing Extension

I did some research on MediaWiki hooks.
To the best of my knowledge, the only hook for adding/updating database tables is https://www.mediawiki.org/wiki/Manual:Hooks/LoadExtensionSchemaUpdates.
However, I need a hook that fires on installing a new extension. How do I achieve that? I'd like to execute a CREATE TABLE statement only once - when the extension is installed. Installing an extension doesn't require a MediaWiki update, which is why the above hook does not suit my needs.
EDIT
To clarify: I'm developing an extension that requires access to a custom table in the database. That's why I need to execute the CREATE TABLE statement whenever this extension is installed.
First: As you have noticed, there is no such hook. You will need to do the check for installed extensions by a cron job (if it's your server), or on, say, each 100th request to the wiki, using the job queue (if you are doing this in an extension).
From there, you have a few options, depending on if you need to catch every single extension, or just most of them:
Check for registered extensions, with something like: $registry = ExtensionRegistry::getInstance();$extensions = $registry->loaded();This will work extensions using the new style. For older versions, check the global variable $wgExtensionCredits for registered extensions. Note that nothing prevents an extensions from running without registering. In fact, there are a lot of extensions like that.
Parse LocalSettings.php, and check for old and new style extension loading with a regex. Very dirty, but it's actually the way e.g. the maintainance script getConfiguration.php does it. You need to check for lines like this:wfLoadExtension( 'FooBar' );and this:wfLoadExtensions( ['Foo', 'Bar'] );and this:require_once "$IP/extensions/Foo/Bar.php"; Note however that it is possible to use other directories for extensions, and that modern skins in fact behave like extensions too.
If you need to track a certain family of extensions, and you can make sure they all use Composer, the parse $IP/composer.json for installed extensions.
I did some more research (https://www.mediawiki.org/wiki/Manual:Update.php#Details) and found out that the LoadExtensionSchemaUpdates hook is exactly what I am looking for.
# Schema updates for update.php
$wgHooks['LoadExtensionSchemaUpdates'][] = 'fnMyHook';
function fnMyHook( DatabaseUpdater $updater ) {
$updater->addExtensionTable( 'tablename',
__DIR__ . '/table.sql' );
return true;
}
When running $ php update.php for the first time after installing the extension, the script executes the CREATE TABLE statement. Then, for consecutive executions, the update script just notes that the table already exists.

Run build on change but don't checkout in Hudson

I have kind of an interesting problem...
So I'm trying to run a build every time I see a change on a directory in my SCM in Hudson. However, I don't need to pull the directory to run my script. Is there any way to check if there's a change in a directory, but don't pull it?
In addition, there is another directory which I do need to pull from Hudson at the same time. So basically I want something like:
On change of directory A or B:
pull directory B only
run script
I was told there was functionality like this in Hudson, but I can't find it. Any suggestions? Thanks for the help!
In case anyone is interested, I was able to accomplish this with just Hudson and Perforce.
When using Perforce as the SCM (don't know about the others) there is a 'Use View Mask' checkbox. Checking that give you the ability to choose which directories/files in Perforce to poll without actually pulling those files. For example, I had in my view:
//depot/my_script
I didn't want my script to run automatically when I had a new version, so I put it int o the "Poll Exclude File(s) text box:
//depot/my_script
Which pulls the latest version of my script. Then I checked the Use View Mask checkbox and put:
//depot/my_code_to_compile/
into the View Mask box.
To make Perforce poll for changes, I just checked the "Poll SCM" in build triggers and then made it check every minute. (by inserting "* * * * *" into the Scheduler box)
So to sum up, with the variables set as above, my Hudson job had the following behavior:
check for changes every minute
On changes to //depot/my_code_to_compile/, the Hudson job will run
On changes to //depot/my_script, nothing will happen
The job will pull changes to my_script, but will download nothing from //depot/my_code_to_compile/.
I think you need to install the FSTrigger Plugin for this functionality. To what the wiki pages show this is supported in Jenkins, I am not sure about Hudson compatibility.

Configure or Create hudson job automatically

Is there any way to create new Hudson job by one more Hudson job based one previous Jobs?
For example if I need to create new bunch of jobs one by one, Automatically create 4 jobs with similar configuration with different parameter
Basically steps like this
create SVN branch I can call svn cp command and make it parametrized using script
Create some build based on new svnbranch name
Later tag it
Or other word, I need to clone the previous job and give the new branch name where ever $ Branch comes in new job.
Thanks
You can try the Hudson Remote API for this kind of task (setting up an Hudson project).
See this tutorial for instance, and remember you can display the help quite easily:
java -jar hudson-cli.jar -s http://your_Hudson_server/ help
So, to copy a job:
java -jar hudson-cli.jar -s http://your_Hudson_server/ copy-job myjob copy-myjob
You could use groovy system script like this :
def jenkins = hudson.model.Hudson.instance
def template = jenkins.getItem("MyTemplate")
def job = jenkins.copy(template,"MyNewJob")
job.scm = new hudson.scm.SubversionSCM("http://base/branches/mybranche")
job.save()
Kind of already covered in the other answers, but for an easy way to copy the config.xml over:
curl --user USER:PASS -H "Content-Type: text/xml" -s
--data-binary "#config.xml" "http://hudsonserver:8080/createItem?name=newjobname"
There seems to be a plugin for jenkins.
https://wiki.jenkins-ci.org/display/JENKINS/Job+DSL+Plugin
I have not tested the plug-in yet. But if the plugin works, it should alleviate some of human errors from straight copying a job and modifying variables/values.
def jenkins = hudson.model.Hudson.instance
def template = jenkins.getItem("MyTemplate")
def job = jenkins.copy(template,"MyNewJob")
job.save()
I used this now I have to change the parameter values of MyNewJob using Groovy how will I do that?
ex I have a parameter called "Build_BranchName" and the default is //perforce/mybranch
I have to change it to
//perforce/mynewbranch
You have the option that VonC just gave you (which is probably the safest way but you can also go a different rout by just creating a new directory in {Hudson_Home}\jobs (the directory name will be the job name) and copy a modified config.xml in there. The modification will basically just be the SVN URL. You should check out the xml from the job that you are copying. You need to find out how you change the xml file via script, but this is a secondary problem.
Unfortunately, you have to either restart Hudson, or force a reload of the configuration. (visit the page http://:/reload to reload the config).
In case you're willing to use GIT (like I do, mirroring the main SVN repo, onto the Hudson/Jenkins server, and it works great)....
..you could try Stephen Haberman's post-receive-hudson:
This hook creates new jobs for each
branch in the Hudson continuous
integration tool. Besides creating the
job if needed, the user who pushed is
added to the job's email list if they
were not already there.
In any case, that script can give you new hints on how to remote control Jenkins(Hudson).