Fix up SGSN config on nitb systems

2022-07-20 16:36:58 +00:00 · 2022-07-20 16:36:58 +00:00 · 1dee5b6ea4
commit 1dee5b6ea4
parent 58b73ef6b8
3 changed files with 53 additions and 50 deletions
--- a/modules/rhizo_base/manifests/openbsc.pp
+++ b/modules/rhizo_base/manifests/openbsc.pp
@ -32,6 +32,7 @@ class rhizo_base::openbsc {
  $ggsn_ip_address = hiera('rhizo::ggsn_ip_address')
  $repo            = hiera('rhizo::osmo_repo', 'latest')
  $bts             = hiera('rhizo::bts')
+  $pgsql_pwd       = $rhizo_base::pgsql_pwd

  $nitb_version = $repo ? {
    'latest'    => 'present',
@ -122,13 +123,12 @@ class rhizo_base::openbsc {
      require => Package['osmo-sip-connector'],
    }

-  if ($gprs != "disabled") {
  file { '/etc/osmocom/make_sgsn_acl_config':
       content => template('rhizo_base/make_sgsn_acl_config.erb'),
       mode    => "0750",
+       notify  => Exec['osmo-sgsn.cfg']
    }

-
  systemd::dropin_file { 'override.conf':
      unit    => 'osmo-sgsn.service',
      source  => 'puppet:///modules/rhizo_base/systemd/coredump.override'
@ -140,12 +140,6 @@ class rhizo_base::openbsc {
    default     => 'installed',
   }

-    file { '/etc/osmocom/osmo-sgsn.cfg':
-         content => template("rhizo_base/osmo-sgsn.cfg.erb"),
-         mode => "0750",
-         notify  => Service['osmo-sgsn'],
-      }
-
  package {  [ 'osmo-sgsn' ]:
      ensure   => $sgsn_version,
      require  => Class['rhizo_base::apt'],
@ -170,6 +164,12 @@ class rhizo_base::openbsc {
      ensure   => 'latest',
      require  => Class['rhizo_base::apt'],
    }
+
+  exec { 'osmo-sgsn.cfg':
+      command     =>
+        '/etc/osmocom/make_sgsn_acl_config > /etc/osmocom/osmo-sgsn.cfg',
+      require     => File['/etc/osmocom/make_sgsn_acl_config'],
+      refreshonly => true,
    }

  exec { 'hlr_pragma_wal':
--- a/modules/rhizo_base/templates/make_sgsn_acl_config.erb
+++ b/modules/rhizo_base/templates/make_sgsn_acl_config.erb
@ -1,4 +1,5 @@
 #!/bin/bash
+_auth=`psql postgresql://rhizomatica:<%= @pgsql_pwd %>@localhost:5432/rhizomatica -t -c "SELECT msisdn from subscribers where subscription_status=1" | grep . | sed -n '1h;1!H;${g;s/\n/,/g;p;}'`
 cat << EOF
 !
 ! Osmocom SGSN configuration
@ -23,10 +24,10 @@ sgsn
 ggsn 0 echo-interval 60
 auth-policy acl-only
 EOF
-echo "SELECT imsi from subscriber where authorized=1 ORDER BY imsi;" | sudo /usr/bin/sqlite3 /var/lib/osmocom/hlr.sqlite3 | grep "^[0-9].*" | sed 's/\(.*\)/ imsi-acl add \1/'
+echo "SELECT imsi from subscriber where extension in ($_auth) ORDER BY imsi;" | sudo /usr/bin/sqlite3 /var/lib/osmocom/hlr.sqlite3 | grep "^[0-9].*" | sed 's/\(.*\)/ imsi-acl add \1/'
 cat << EOF
- gsup remote-ip 127.0.0.1
- gsup remote-port 4222
+ !gsup remote-ip <%= @vpn_ip_address %>
+ !gsup remote-port 4222
 !
 ns
 timer tns-block 3
--- a/modules/rhizo_base/templates/rhizomatica.cron.erb
+++ b/modules/rhizo_base/templates/rhizomatica.cron.erb
@ -74,8 +74,10 @@ PYTHONPATH=$PYTHONPATH:/var/rhizomatica/rccn
 #Restart osmo-nitb every 6 hours (This wasn't working anyway. If it is needed, do something more elegant!)
 #  0 */6   *   *   *     root /usr/bin/sv restart osmo-nitb 2>&1 > /dev/null

+<% if @osmo_stack != 'split' -%>
 # Rebuild ACL config and restart the SGSN (stopgap pre HLR solution, we loose all PDP contexts)
-#  55 2     *   *   *    root /etc/osmocom/make_sgsn_acl_config > /etc/osmocom/osmo-sgsn.cfg ; systemctl restart osmo-sgsn
+  55 2     *   *   *    root /etc/osmocom/make_sgsn_acl_config > /etc/osmocom/osmo-sgsn.cfg ; systemctl restart osmo-sgsn
+<% end -%>

 # It's a new day....
  30  5  *   *   *      root /home/rhizomatica/bin/check_broken.sh