It was detected on StarlingX the lack of correct hostname after
address atribution by the server, if the installation is IPv6. This
change makes the dhclient script read the field fqdn_hostname (if
available) to set the name.
Test Plan
[PASS] Install AIO-DX within a IPv6 network
[PASS] unlock controller-1
Story: 2009968
Task: 46211
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: I9c876d00feed03720317fa4d581971b4c25f771f
During AIO-DX IPv6 node installation, the management address for
controller-1 set by dhclient receives a "/128" prefix length. The
cause comes from DHCPv6, which does not inform a prefix length on its
negotiation. The prefix should be learned via RA messages.
Since the internode IPv6 communications in StarlingX do not contain
a router and RA is in principle disabled on the management network,
we must set the system with the default prefix length of 64. A similar
patch was done for Centos.
Test Plan
[PASS] Install AIO-DX on IPv6 network, it is correctly setting the
controller-1 mgmt ip address after the first boot.
Story: 2009968
Task: 46184
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: I2fce4e7fce7f4e1fd6902d24330d7621b238031a
Due to the changes
bd9e560d4b
which removed the sm-watchdog, we also need to remove the enablement
of the service it provided from systemd preset.
Story: 2010087
Task: 46007
Depends-on: https://review.opendev.org/c/starlingx/metal/+/855396
Signed-off-by: Davi Frossard <dbarrosf@windriver.com>
Change-Id: I7df5b047c9f2a954ebd38ec1df82b3d2d65f2ea6
nslcd has been replaced by sssd on Debian. The puppet-nslcd
package is no longer needed. With this change, the package
is no longer built and included in the image.
Test Plan on Debian:
PASS: image build
PASS: After system deployed, verify puppet-nslcd package doesn't
exist.
PASS: openldap functions (user addition, user login on console and
by ssh, etc) work properly.
Story: 2009834
Task: 46174
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/855513
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: Ia29dc8e66fc1f7e7c537b4dea87511aba00f2217
This image is unused, replaced by
ghcr.io/k8snetworkplumbingwg/sriov-network-device-plugin
Story: 2010076
Task: 45563
Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
Change-Id: I3fc5848caa7024cbdcd22a197437a86e8dfb38ef
Add keystone to group, passwd to prevent issue on
data-migration because keystone doesn't have permission
to open the /var/log/keystone/keystone.log and the
content of /opt/platform/keystone/fernet-keys/ as well
on upgrade between 22.06 centos and 22.12 debian.
The fernet-keys content files is created with an uid and
gid specific (42424), without this change the keystone will
not be the owner of the file, with that causing the permission
error. So adding the keystone to these files the user/group
will be keystone keystone instead of 42424 42424.
We want to get the same behavior as we do in CentOS, in [1]
[1]: https://opendev.org/starlingx/integ/src/branch/master/base/setup/centos/patches/0001-Change-group-passwd-and-uidgid.patch
Test Plan:
PASS: Data-migration-complete CentOS -> Debian upgrade
PASS: Debian building test
PASS: Debian AIO-SX unlocked
PASS: Debian AIO-DX unlocked
Story: 2009303
Task: 46093
Signed-off-by: Luis Eduardo Bonatti <LuizEduardo.Bonatti@windriver.com>
Change-Id: Id9bfe914cd80552cb49029c3fdca77886c432a3e
This reverts commit 583e744578297838b4a755fc6c9c20281f6de96c.
Reason for revert: Systems with multiple hosts are failing to unlock controller-1 and the computes with those servers halting with an emergency mode prompt. Suspicion is the newer version of systemd has changed behaviour in udev and disk dependencies. It seems to have caused a previous infrequent issue with emergency mode to occur much more frequently. To enable install and sanities to pass we have to revert this commit until the emergency mode issue is fixed first.
Change-Id: I5235843a3d44c93df472313c0166f5918787a761
This change implements building Centos based image(s) for n3000-opae
in a Debian build env.
The Dockerfile will use an upstream version of centos:7.9.2009
as the $BASE.
Test Plan:
PASS: Build Centos based image in a Debian build env.
Save the image in a tarball and transfer into a controller
for testing.
PASS: Use "system host-device-image-update controller-0" which
uses the functionality of n3000-opae packages. The new built
image is used as the main n3000-opae during command execution.
--> Sysinv.log response:
sysinv.fpga_agent.rpcapi [-] sending device_update_image
to host controller-0
sysinv.conductor.manager [-] device_update_image_status:
transaction_id: 1,status: in-progress, progress: None,
err: None
sysinv.conductor.manager [-] device_update_image_status:
transaction_id: 1, status: completed, progress: None,
err: None
sysinv.conductor.manager [-] no more device images to process
PASS: Check controller's fpga commands available through new built image
by running "sudo docker run -t --privileged -e LC_ALL=en_US.UTF-8
-e LANG=en_US.UTF-8 -v /usr/../sysinv:/mnt/images
registry.local:9001/docker.io/starlingx/n3000-opae:test
ls /usr/bin/fpga*"
--> Command Response:
fpgabist
fpgad
fpgadiag
fpga_dma_test
fpgaflash
fpgainfo
fpgalpbk
fpgamac
fpgaotsu
fpgaport
fpgastats
fpgasupdate
Story: 2009831
Task: 46150
Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
Change-Id: If1ad4ff7c731b463f877798be9607be9aa192397
Created a duplicate install of /etc/pmon.d/*.conf files
to /usr/share/starlingx/pmon.d/
This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.
Test Plan:
PASS: duplicate conf on deb
Story: 2010211
Task: 46111
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I50fcb17145e909b973a33d4ef6fb9f772d37a2f5
Currently we use the "stx-std.lst" file in tools to add install package.
We are going to use the "debian_iso_image.inc" file to follow CentOS.
We observed some layers already have the debian_iso_image.inc, so first
of all, we need to check if all the packages are available, otherwise,
once supporting "debian_iso_image.inc", "build-image" will fail.
drbd-tools is changed to drbd-utils in Debian.
Story: 2008846
Task: 46141
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: I3c762836c448e714be93ebe7df006aa23ab60eba
Debian systemd 247. 3-7 will result in greater
overall CPU usage than Centos.
The upgrade to 251 can reduce overall CPU usage
by about 8%, about the same as Centos.
Remove some patches that already involved in systemd 251.3-1
Test Plan(Debian only):
Pass: package and Image build successfully.
Pass: Image boot successfully.
Pass: Ran the high-stress system test for about
4 days and found nothing abnormal.
Story: 2009221
Task: 46034
Signed-off-by: Wentao Zhang <Wentao.Zhang@windriver.com>
Change-Id: I732fa51db50e2affc33c4b2ec39a912fb16240cb
Backport containerd 1.5.0 commit
1f5b84f27cd675780bc7127f9aedbfe34cc7590b to reduce clutter of log
entries during process execution.
This commit addresses the log clutter on Debian based systems.
The corresponding change on Centos was implemented by
5022532a73ee73e43173d0bd3cf510a80d8a3f64
Test Plan: Verify containerd.log logs fewer messages
PASS: Verified that the containerd.log file omits previously noisy log
messages such as "ExecSync for", "Exec process", and "Finish piping"
which are now logged at the Debug verbosity threshold.
Story: 2009272
Task: 46099
Change-Id: I73cbf31c110adead3f076eb6f24393542c4ab3ba
Signed-off-by: Gleb Aronsky <gleb.aronsky@windriver.com>
This work only affects Debian.
Currently the pmon conf file isolcpu_plugin.conf is not delivered
in the desired location (/etc/pmon.d).
Fix packaging to deliver the file in the desired location.
This is a follow-up to [1].
Tests:
PASS: build-pkgs
isolcpu_plugin.conf in /etc/pmon.d
PASS: build-image
PASS: Standard deployed
reached unlocked enabled available
[1]: https://review.opendev.org/c/starlingx/integ/+/814552
Story: 2009221
Task: 43783
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I5161eb2c241881e17aef80f3148be960ff92cf72
This reverts commit a22ff43fc09b55eeb3ee3aec1526ac0a9edca31f.
The behavior is no longer required with the submission of:
c1b1d85a93
Change-Id: Ia723f5dbcbd20fda7af4f3d15032db9b63204d67
This is part of the change to replace nslcd with sssd to
support multiple secure ldap backends.
This change removed nss-pam-ldapd (nslcd, libpam-slapd,
libnss-slapd) on Debian based stx system.
nscd is removed in
https://review.opendev.org/c/starlingx/tools/+/854217
Test Plan on Debian:
PASS: Package build, image build
PASS: System deployment
PASS: Verify nslcd, libpam-slapd, libnss-slapd are not installed.
PASS: ldap functions work properly (ldap user creation, user login
on console and by ssh etc).
Story: 2009834
Task: 46069
Depends-On: https://review.opendev.org/c/starlingx/metal/+/854203
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: I87de211876a00c0b0a0d629dde70e13c0feb3df0
This is part of the change to replace nslcd with sssd to
support multiple secure ldap backends.
This change patched ldapscripts (ldapadduser) to reset password
right after the ldap user is created on Debian. With its password
reset, the ldap user will be forced to change its password at
first login, the similar behavior as on CentOS.
Test Plan on Debian (SX and DX):
PASS: Package build, image build.
PASS: System deployment.
PASS: ldap user added by ldapadduser or ldapusersetup will be asked
to change password at first login (either on console or by
ssh)
PASS: Change checked by shellcheck, warnings investigated.
Story: 2009834
Task: 46068
Depends-On: https://review.opendev.org/c/starlingx/metal/+/854203
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: I13f098c6053816bb3b0450c039caccf94c04d55d
Checksums are currently not being checked upon download. This commit
corrects them with the intent for us to turn on checking soon.
Not sure what reason causes the checksum incorrect. I am aware someone
complain on github that checksum of some tarballs are changed without
any updating. We also can't guarantee developers always fill correct
checksum. Once we turn on checksum upon download, we can catch in up in
time.
Test Plan:
Pass: downloader -s
Story: 2009303
Task: 46029
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: I89f0db6086641062048b52270ffc585887cb8acf
Legacy-resolver will have its support dropped in the future.
Also, legacy-resolver was masking a dependency conflict that
required the constraints files be updated. To use the
updated constraints file, the stx-integ-pylint job had to be
updated. This update matches what is done in other repos,
eg. https://github.com/starlingx/update/blob/master/.zuul.yaml#L108.
Test Plan:
Execute: tox
Closes-Bug: 1964372
Signed-off-by: Joshua Kraitberg <joshua.kraitberg@windriver.com>
Change-Id: I6b71f0cd3d9315f957d6a6a15bf0a22e2a692185
Keystone has standardized the term "project" as the
entity that owns resources, replacing the previous
term "tenant". Without this change this tool will
not work due to authentication issues.
Test Plan:
Install tools/storage-topology and run it on controller
Closes-Bug: 1987297
Signed-off-by: Joshua Kraitberg <joshua.kraitberg@windriver.com>
Change-Id: I8409ea6233b8eb94fc75158c5dba96c9a71872f9
mapkubeapis helm plugin can be used to update deprecated kubernetes
apis. This plugin will be needed for system upgrade scripts dealing
with applications with deprecated kubernetes resources
TEST PLAN:
PASS: build centos
PASS: build debian
Closes-bug: 1983025
Depends-on: https://review.opendev.org/c/starlingx/tools/+/853293
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I1b831b5e8b49ebcd49d5e19bf91015fe81ff1e7f
This change a6a5349d02
(k8s-1.22.5: remove feature-gates)
adds a script that is run during upgrade activate. The script modifies
kubeadm cluster config and eventually updates kube-apiserver manifest
to remove deprecated features-gates in k8s 1.22.
As 'kubeadm init phase' is rerun in the script, it updates the
kube-apiserver manifest to be in sync with the kubeadm cluster config.
In that process, it nullifies the effect of these two commits,
04a1c1b080
(Rework advertise address in apiserver-change-param)
and 52ace69c83
(Amend kube-apiserver 1.23 configuration to use PSP)
This change adds a function to the script that preserves the effect
of above listed commits.
Test Plan:
On CentOS AIO-SX
PASS: Upgrade Successful. Check if advertise address in
kube-apiserver manifest before and after running
upgrade-activate is same.
Ensure that the seccomp profile configuration is
removed after upgrade-activate.
Kube-apiserver is running and cluster is accessible after
the upgrade.
PASS: No Shellcheck errors
Closes-Bug: 1986854
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: Ib97e14bc5b4ed208e65e16888e1380a3bd9fdb8f
When building the docker image, the apt-get update fails
due to:
/etc/apt/sources.list.d/mariadb.list
which contains a repo that no longer exists
http://ftp.osuosl.org/pub/mariadb/repo/10.2/ubuntu
To get the docker build to work, that repo needs to
be removed prior to running the 'update'
Closes-Bug: 1986828
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ibbb449755717a5dec28deebeb753dc8e993eacb9
This change https://review.opendev.org/c/starlingx/integ/+/834215
adds metrics-server to the list of platform namespaces for
k8s 1.23.1. Apparently, Debian package for k8s 1.23.1 was not
added when above change was created.
Note: The patch was copied from centos/files.
Test Plan:
Pass: Package builds successfully
PASS: Image built and deployed successfully.
PASS: Apply metrics-server and verify that metrics-server is
running on platform CPUs.
Closes-Bug: 1964503
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: I989be27416f388dc0ff46a820b8fa3a276600737
After performing an analysis of the system it was recognized
that the following package: python-ryu; is not being used anymore
by the system. In order to clean it up, it was decided to
remove the package.
Test Plan:
PASS - All pkgs built successfully after removal of python-ryu
PASS - Successfully generated an openstack tarball
PASS - Stx-Openstack tarball successfully applied
PASS - Built CentOS ISO with the change and applied it to a lab
Closes-bug: #1985091
Signed-off-by: Rafael Cardoso Pereira <rafael.cardosopereira@windriver.com>
Change-Id: I399896a24204d618a535e874716eadf8889eec8d
It was detected the networking.service is marked as failing after reboot.
It happpens because "ifup -a" is executed by the service.
It starts to run the scripts in /etc/network/interfaces.d/.
But several scripts in ifupdown-extra are not prepared to handle "-all".
In the case of nss-pam-ldapd the script /etc/network/if-up.d/nslcd
is failing when there are loopback interfaces with label (lo:X) as the
script only tests the interface "lo".
Test Plan (Debian only - AIO-SX and AIO-DX)):
PASS Check systemctl status networking.service after unlock
Closes-Bug: #1983503
Change-Id: I1fd9e2ea75233d987d6f1f2aa5a3395ab2885e2b
Signed-off-by: Fabiano Mercer <fabiano.correamercer@windriver.com>
This change adds the gpu-operator package to the Debian build. The
NVIDIA GPU Operator uses the operator framework within Kubernetes to
automate the management of all NVIDIA software components needed to
provision GPU.
The provided patches come from the CentOS port done in
https://review.opendev.org/c/starlingx/integ/+/784144https://review.opendev.org/c/starlingx/integ/+/817725
Test plan (Debian only)
PASS build ISO with the package installed
PASS execute helm install
PASS execute helm uninstall
Story: 2009968
Task: 45976
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: Ic656d764dc3e31dcd89e02b172c14eb6d32743a7
Here the root filesystem is managed by OSTree. OSTree is designed to
manage/deploy read-only filesystem. For read-only filesystem, hardlink
all files with same content is safe and can save disk space. It is a
good principle for readonly folders like /bin, /lib and so on. While
"/var" is somehow special that it is designed to store variable data
files, it can not be read-only, it must be read-write. Files in
"/var" should not be hardlinked together like other folders, break
them to make it.
Do the same for /usr/homedirs/home as it gets mounted at /var/home
at runtime.
Test Plan:
Pass: build ISO image
Pass: In runtime system, no hardlink in /var
Story: 2008862
Task: 45966
Related-Bug: #1983580
Change-Id: I1a61f919e0a60f83e27b6c0bf402c20c2d43abb4
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>