Sometimes documents in ArangoDB contain wrong entries. In the following example, the _from and _to values are incorrect and show the same information (the remaining values of the document are correct) :

The reason for these wrong entries is not clear. Maybe there is a problem with an update of the documents.

Hi together,

After installing kubeadm and the deployment of the Jalapeno application with the script deploy_jalapeno.sh, all pods were stuck in the Pending state. (Could be observed with the command kubectl get all --all-namespaces)

After taking a closer look at the pods with the command kubectl describe pod/<pod-name> -n <namespace-name> I could find an error message like that:

$ kubectl describe pod/grafana-deployment-7d4dd466f5-brvp9 -n jalapeno

Name:           grafana-deployment-7d4dd466f5-brvp9
Namespace:      jalapeno
Priority:       0
Node:           <none>
Labels:         app=grafana
                pod-template-hash=7d4dd466f5
Annotations:    <none>
Status:         Pending
IP:
IPs:            <none>
Controlled By:  ReplicaSet/grafana-deployment-7d4dd466f5
Containers:
  grafana:
    Image:      grafana/grafana:6.6.1
    Port:       3000/TCP
    Host Port:  0/TCP
    Command:
      grafana-server
    Args:
      --homepath=/usr/share/grafana
      --config=/etc/grafana/grafana.ini
    Environment:  <none>
    Mounts:
      /etc/grafana from grafana-config (rw)
      /var/lib/grafana from grafana-lib (rw)
      /var/log/grafana from grafana-log (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-kwjlp (ro)
Conditions:
  Type           Status
  PodScheduled   False
Volumes:
  grafana-config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      grafana-config
    Optional:  false
  grafana-log:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  grafana-lib:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  default-token-kwjlp:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-kwjlp
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason            Age                  From               Message
  ----     ------            ----                 ----               -------
  Warning  FailedScheduling  89s (x9 over 7m37s)  default-scheduler  0/1 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate. 

The problem is connected to Kubernetes Taints and could be solved with the help of calebhailey/homelab#3

To solve the problem, the command kubectl taint nodes --all node-role.kubernetes.io/master- has to be executed, and the Jalapeno application has to be redeployed. After that, it should work.

This issue was automatically created by Allstar.

Security Policy Violation
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

• bin/linkstate-edge
• bin/topology

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

best practice is for RRs to BMP monitor their clients rather than the other way around. if an RR client runs BMP on their RR session the collector/topology processor will write an incorrect entry into the graphDB:

"key": "10.0.12.0_24_10.0.0.10",
"peer_ip": "10.0.0.10",
"nexthop": "10.0.0.12",
"bmp_ip": "10.0.0.8" <-- this RR client was configured to collect/pass BMP data from the RR to Jalapeno

}

Key should be: 10.0.12.0_24_10.0.0.12

Topology processor should probably check BMP message peer_ip == nexthop, and if != then use nexthop in key construction

Allstar has detected that this repository’s Branch Protection security policy is out of compliance. Status:
No protection found for branch master

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

Allstar has detected that this repository’s Outside Collaborators security policy is out of compliance. Status:
Found 1 outside collaborators with admin access.
This policy requires all users with this access to be members of the organisation. That way you can easily audit who has access to your repo, and if an account is compromised it can quickly be denied access to organization resources. To fix this you should either remove the user from repository-based access, or add them to the organization.

• Remove the user from the repository-based access. From the main page of the repository, go to Settings -> Manage Access.
  (For more information, see https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository)

OR

• Invite the user to join your organisation. Click your profile photo and choose “Your Organization” → choose the org name → “People” → “Invite Member.” (For more information, see https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization)

If you don't see the Settings tab you probably don't have administrative access. Reach out to the administrators of the organisation to fix this issue.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

Links at bottom of Readme are dead:

Repo: https://github.com/cisco-open/jalapeno/tree/main/infra/grafana

Text:
https://github.com/jalapeno/jalapeno-lab/blob/master/grafana/egress-mdt.json

https://github.com/jalapeno/jalapeno-lab/blob/master/grafana/ingress-mdt.json

Problem Statement

Currently, the ls_node_edge collection lacks igp_router_id and remote_igp_router_id, identifiers that are available in other datasets like ls_prefix and ls_srv6_sid. Adding these IGP Router IDs into the ls_node_edge collection would simplify retrieving related information such as Prefix or SRv6 SID data.

Proposed Solution

Add the igp_router_id and remote_idp_router_id to the ls_node_edge.

Additional Context

I'm using the ls_node_edge collection to build a network graph in my app, where nodes are routers and edges are the connections between them. The calculation is triggered with a source and destination IPv6 address. Thus, I need the ls_prefix collection to identify the source and destination router that announces the source/destination networks where the IPv6 addresses are included. The calculation result should be transformed into a SID list. Thus, I also need the ls_srv6_sid.
Adding the igp_router_id and remote_igp_router_id directly in the ls_node_edge documents makes retrieving the related documents much more straightforward.

Do you agree that this would be handy? If so, I would create a PR.

Hi together,

I think there is a false port referenced in the broker config of kafka...
In the moment the outside port is referenced to the outside port (tcp/32400) of service telegraf-ingress-np.
But it should be referenced to the outside port (tcp/30092) of service kafka
https://github.com/jalapeno/jalapeno/blob/4828a47bbda0baed563942cc6b71cb96b4f407f7/infra/kafka/2-broker-cfg.yaml#L30

I noticed the problem when I tried to access Kafka Topics from external. When doing so, strange DNS responses like the one below came back:

2021/07/16 07:22:34 failed to read messages:dial tcp: lookup broker.jalapeno on 10.43.0.10:53: no such host

As soon as the OUTSIDE_PORT variable is set to tcp/30092 then it works.

Best regards,
Julian

Hi together,

After the renaming of the ls-edge-processor, the deployment is failing.
Following an example of the error during the deployment process:

Deploying LS Edge Processor
error: the path "/home/test/jalapeno/processors/ls-edge-processor/ls-edge-processor.yaml" does not exist

The solution is straight forward:
In the file processors/deploy_processors.sh following change has to be made:

Change:

echo "Deploying LS Edge Processor"
${KUBE} create -f ${PWD}/${BASEDIR}/ls-edge-processor/ls-edge-processor.yaml

to:

echo "Deploying LS Edge Processor"
${KUBE} create -f ${PWD}/${BASEDIR}/lsnode-edge/lsnode-edge.yaml

After the change, the deployment is working successfully.

Thanks.

Best
Severin

http://198.62.154.2:30852/_db/jalapeno/_admin/aardvark/index.html#collection/LSPrefix/0000.0000.0000_10.0.0.0
vs.
http://198.62.154.2:30852/_db/jalapeno/_admin/aardvark/index.html#collection/LSPrefix/0000.0000.0002_10.0.0.2

Creating LSv6_Topology collection in Arango
LSv6_Topology collection exists: entering collection.
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/pyArango/query.py", line 120, in getitem
return self.result[i]
IndexError: list index out of range
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "create_lsv6_topology.py", line 108, in
main()
File "create_lsv6_topology.py", line 54, in main
local_srv6_info = get_srv6_info(database, local_igpid)[0]
File "/usr/local/lib/python3.6/site-packages/pyArango/query.py", line 122, in getitem
self.nextBatch()
File "/usr/local/lib/python3.6/site-packages/pyArango/query.py", line 88, in nextBatch
raise StopIteration("That was the last batch")
StopIteration: That was the last batch