1764 Commits

Author SHA1 Message Date
Zuul
2c71642e6e Merge "Debian: use DHCPv6 FQDN hostname field to set hostname" 2022-09-07 17:14:08 +00:00
Zuul
7e88d9f659 Merge "Remove puppet-nslcd package on Debian" 2022-09-07 15:25:19 +00:00
Andre Fernando Zanella Kantek
3761933b15 Debian: use DHCPv6 FQDN hostname field to set hostname
It was detected on StarlingX the lack of correct hostname after
address atribution by the server, if the installation is IPv6. This
change makes the dhclient script read the field fqdn_hostname (if
available) to set the name.

Test Plan
[PASS] Install AIO-DX within a IPv6 network
[PASS] unlock controller-1

Story: 2009968
Task: 46211

Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: I9c876d00feed03720317fa4d581971b4c25f771f
2022-09-06 17:19:33 -03:00
Zuul
5bd61a85c4 Merge "Remove k8s-plugin-sriov-network-device image" 2022-09-06 16:30:39 +00:00
Zuul
100b872263 Merge "Add keystone to /etc/group and /etc/passwd" 2022-09-06 14:11:09 +00:00
Zuul
f48f1c3e18 Merge "Debian: dhclient set the IPv6 prefix length for the addresses" 2022-09-03 17:37:15 +00:00
Andre Fernando Zanella Kantek
93c481b975 Debian: dhclient set the IPv6 prefix length for the addresses
During AIO-DX IPv6 node installation, the management address for
controller-1 set by dhclient receives a "/128" prefix length. The
cause comes from DHCPv6, which does not inform a prefix length on its
negotiation. The prefix should be learned via RA messages.

Since the internode IPv6 communications in StarlingX do not contain
a router and RA is in principle disabled on the management network,
we must set the system with the default prefix length of 64. A similar
patch was done for Centos.

Test Plan
[PASS] Install AIO-DX on IPv6 network, it is correctly setting the
       controller-1 mgmt ip address after the first boot.

Story: 2009968
Task: 46184


Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: I2fce4e7fce7f4e1fd6902d24330d7621b238031a
2022-09-02 16:22:06 -03:00
Davi Frossard
698c8986e3 Remove sm-watchdog service enablement
Due to the changes
bd9e560d4b
which removed the sm-watchdog, we also need to remove the enablement
of the service it provided from systemd preset.

Story: 2010087
Task: 46007

Depends-on: https://review.opendev.org/c/starlingx/metal/+/855396
Signed-off-by: Davi Frossard <dbarrosf@windriver.com>
Change-Id: I7df5b047c9f2a954ebd38ec1df82b3d2d65f2ea6
2022-09-01 14:08:46 +00:00
Andy Ning
344c2f9cae Remove puppet-nslcd package on Debian
nslcd has been replaced by sssd on Debian. The puppet-nslcd
package is no longer needed. With this change, the package
is no longer built and included in the image.

Test Plan on Debian:
PASS: image build
PASS: After system deployed, verify puppet-nslcd package doesn't
      exist.
PASS: openldap functions (user addition, user login on console and
      by ssh, etc) work properly.

Story: 2009834
Task: 46174
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/855513
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: Ia29dc8e66fc1f7e7c537b4dea87511aba00f2217
2022-09-01 09:54:17 -04:00
Mohammad Issa
8a2dc339a5 Remove k8s-plugin-sriov-network-device image
This image is unused, replaced by
ghcr.io/k8snetworkplumbingwg/sriov-network-device-plugin

Story: 2010076
Task: 45563

Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
Change-Id: I3fc5848caa7024cbdcd22a197437a86e8dfb38ef
2022-08-31 14:03:22 -04:00
Zuul
7b69610d60 Merge "debian_iso_image.inc: change drbd-tools to drbd-utils" 2022-08-31 13:22:12 +00:00
lbonatti
db0fb615dc Add keystone to /etc/group and /etc/passwd
Add keystone to group, passwd to prevent issue on
data-migration because keystone doesn't have permission
to open the /var/log/keystone/keystone.log and the
content of /opt/platform/keystone/fernet-keys/ as well
on upgrade between 22.06 centos and 22.12 debian.

The fernet-keys content files is created with an uid and
gid specific (42424), without this change the keystone will
not be the owner of the file, with that causing the permission
error. So adding the keystone to these files the user/group
will be keystone keystone instead of 42424 42424.
We want to get the same behavior as we do in CentOS, in [1]

[1]: https://opendev.org/starlingx/integ/src/branch/master/base/setup/centos/patches/0001-Change-group-passwd-and-uidgid.patch

Test Plan:

PASS: Data-migration-complete CentOS -> Debian upgrade
PASS: Debian building test
PASS: Debian AIO-SX unlocked
PASS: Debian AIO-DX unlocked

Story: 2009303
Task: 46093

Signed-off-by: Luis Eduardo Bonatti <LuizEduardo.Bonatti@windriver.com>
Change-Id: Id9bfe914cd80552cb49029c3fdca77886c432a3e
2022-08-30 20:34:27 +00:00
Zuul
c2711ec6b1 Merge "Revert "Debian: Upgrade systemd version from 247.3-7 to 251.3-1"" 2022-08-30 17:21:05 +00:00
Frank Miller
01745032e7 Revert "Debian: Upgrade systemd version from 247.3-7 to 251.3-1"
This reverts commit 583e744578297838b4a755fc6c9c20281f6de96c.

Reason for revert: Systems with multiple hosts are failing to unlock controller-1 and the computes with those servers halting with an emergency mode prompt.  Suspicion is the newer version of systemd has changed behaviour in udev and disk dependencies. It seems to have caused a previous infrequent issue with emergency mode to occur much more frequently. To enable install and sanities to pass we have to revert this commit until the emergency mode issue is fixed first.

Change-Id: I5235843a3d44c93df472313c0166f5918787a761
2022-08-30 16:50:57 +00:00
Zuul
bde4514325 Merge "Build Debian image(s): n3000-opae" 2022-08-30 13:13:45 +00:00
Mohammad Issa
896bd432a2 Build Debian image(s): n3000-opae
This change implements building Centos based image(s) for n3000-opae
in a Debian build env.

The Dockerfile will use an upstream version of centos:7.9.2009
as the $BASE.

Test Plan:

PASS: Build Centos based image in a Debian build env.
      Save the image in a tarball and transfer into a controller
      for testing.

PASS: Use "system host-device-image-update controller-0" which
      uses the functionality of n3000-opae packages. The new built
      image is used as the main n3000-opae during command execution.
      --> Sysinv.log response:
          sysinv.fpga_agent.rpcapi [-] sending device_update_image
          to host controller-0

          sysinv.conductor.manager [-] device_update_image_status:
          transaction_id: 1,status: in-progress, progress: None,
          err: None

          sysinv.conductor.manager [-] device_update_image_status:
          transaction_id: 1, status: completed, progress: None,
          err: None

          sysinv.conductor.manager [-] no more device images to process

PASS: Check controller's fpga commands available through new built image
      by running "sudo docker run -t --privileged -e LC_ALL=en_US.UTF-8
      -e LANG=en_US.UTF-8 -v /usr/../sysinv:/mnt/images
      registry.local:9001/docker.io/starlingx/n3000-opae:test
      ls /usr/bin/fpga*"
      --> Command Response:
          fpgabist
          fpgad
          fpgadiag
          fpga_dma_test
          fpgaflash
          fpgainfo
          fpgalpbk
          fpgamac
          fpgaotsu
          fpgaport
          fpgastats
          fpgasupdate

Story: 2009831
Task: 46150

Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
Change-Id: If1ad4ff7c731b463f877798be9607be9aa192397
2022-08-29 18:37:10 +00:00
Leonardo Fagundes Luz Serrano
bb528debad Duplicate pmon.d conf files to another location
Created a duplicate install of /etc/pmon.d/*.conf files
to /usr/share/starlingx/pmon.d/

This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.

Test Plan:
PASS: duplicate conf on deb

Story: 2010211
Task: 46111

Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I50fcb17145e909b973a33d4ef6fb9f772d37a2f5
2022-08-29 11:37:34 -03:00
Zuul
585ef4ea87 Merge "Debian: Upgrade systemd version from 247.3-7 to 251.3-1" 2022-08-29 00:40:59 +00:00
Yue Tao
14e6bc4af5 debian_iso_image.inc: change drbd-tools to drbd-utils
Currently we use the "stx-std.lst" file in tools to add install package.
We are going to use the "debian_iso_image.inc" file to follow CentOS.

We observed some layers already have the debian_iso_image.inc, so first
of all, we need to check if all the packages are available, otherwise,
once supporting "debian_iso_image.inc", "build-image" will fail.

drbd-tools is changed to drbd-utils in Debian.

Story: 2008846
Task: 46141

Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: I3c762836c448e714be93ebe7df006aa23ab60eba
2022-08-27 18:50:02 +08:00
Zuul
0e37611215 Merge "Remove nslcd and related packages on Debian" 2022-08-26 19:06:05 +00:00
Zuul
4516d73f9b Merge "Patch ldapscripts to support user password change" 2022-08-26 19:05:30 +00:00
Zuul
4c940d1062 Merge "Debian: Fix isolcpus-device-plugin pmon conf location" 2022-08-26 18:46:36 +00:00
Wentao Zhang
583e744578 Debian: Upgrade systemd version from 247.3-7 to 251.3-1
Debian systemd 247. 3-7 will result in greater
overall CPU usage than Centos.
The upgrade to 251 can reduce overall CPU usage
by about 8%, about the same as Centos.

Remove some patches that already involved in systemd 251.3-1

Test Plan(Debian only):
Pass: package and Image build successfully.
Pass: Image boot successfully.
Pass: Ran the high-stress system test for about
      4 days and found nothing abnormal.

Story: 2009221
Task: 46034
Signed-off-by: Wentao Zhang <Wentao.Zhang@windriver.com>
Change-Id: I732fa51db50e2affc33c4b2ec39a912fb16240cb
2022-08-26 13:10:48 +08:00
Gleb Aronsky
c640dcb5c3 Debian: Backport commit to Reduce log clutter
Backport containerd 1.5.0 commit
1f5b84f27cd675780bc7127f9aedbfe34cc7590b to reduce clutter of log
entries during process execution.

This commit addresses the log clutter on Debian based systems.
The corresponding change on Centos was implemented by
5022532a73ee73e43173d0bd3cf510a80d8a3f64

Test Plan: Verify containerd.log logs fewer messages

PASS: Verified that the containerd.log file omits previously noisy log
messages such as "ExecSync for", "Exec process", and "Finish piping"
which are now logged at the Debug verbosity threshold.

Story: 2009272
Task: 46099

Change-Id: I73cbf31c110adead3f076eb6f24393542c4ab3ba
Signed-off-by: Gleb Aronsky <gleb.aronsky@windriver.com>
2022-08-25 13:52:33 -07:00
Dan Voiculeasa
80cf98701f Debian: Fix isolcpus-device-plugin pmon conf location
This work only affects Debian.

Currently the pmon conf file isolcpu_plugin.conf is not delivered
in the desired location (/etc/pmon.d).
Fix packaging to deliver the file in the desired location.
This is a follow-up to [1].

Tests:
PASS: build-pkgs
      isolcpu_plugin.conf in /etc/pmon.d
PASS: build-image
PASS: Standard deployed
      reached unlocked enabled available

[1]: https://review.opendev.org/c/starlingx/integ/+/814552
Story: 2009221
Task: 43783
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I5161eb2c241881e17aef80f3148be960ff92cf72
2022-08-25 19:43:53 +03:00
Charles Short
6b1e03daf4 Revert "debian: Fix containerd shim v2 shutdown"
This reverts commit a22ff43fc09b55eeb3ee3aec1526ac0a9edca31f.

The behavior is no longer required with the submission of:
c1b1d85a93

Change-Id: Ia723f5dbcbd20fda7af4f3d15032db9b63204d67
2022-08-24 21:05:50 +00:00
Andy Ning
7962e653b3 Remove nslcd and related packages on Debian
This is part of the change to replace nslcd with sssd to
support multiple secure ldap backends.

This change removed nss-pam-ldapd (nslcd, libpam-slapd,
libnss-slapd) on Debian based stx system.

nscd is removed in
https://review.opendev.org/c/starlingx/tools/+/854217

Test Plan on Debian:
PASS: Package build, image build
PASS: System deployment
PASS: Verify nslcd, libpam-slapd, libnss-slapd are not installed.
PASS: ldap functions work properly (ldap user creation, user login
      on console and by ssh etc).

Story: 2009834
Task: 46069
Depends-On: https://review.opendev.org/c/starlingx/metal/+/854203
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: I87de211876a00c0b0a0d629dde70e13c0feb3df0
2022-08-24 16:36:42 -04:00
Andy Ning
1d73a1bd70 Patch ldapscripts to support user password change
This is part of the change to replace nslcd with sssd to
support multiple secure ldap backends.

This change patched ldapscripts (ldapadduser) to reset password
right after the ldap user is created on Debian. With its password
reset, the ldap user will be forced to change its password at
first login, the similar behavior as on CentOS.

Test Plan on Debian (SX and DX):
PASS: Package build, image build.
PASS: System deployment.
PASS: ldap user added by ldapadduser or ldapusersetup will be asked
      to change password at first login (either on console or by
      ssh)
PASS: Change checked by shellcheck, warnings investigated.

Story: 2009834
Task: 46068
Depends-On: https://review.opendev.org/c/starlingx/metal/+/854203
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: I13f098c6053816bb3b0450c039caccf94c04d55d
2022-08-24 13:42:54 -04:00
Zuul
0de31588a8 Merge "Add mapkubeapis helm plugin package" 2022-08-24 04:26:08 +00:00
Zuul
94e2b7ffec Merge "Debian: fix wrong checksums" 2022-08-23 14:15:45 +00:00
Yue Tao
9d93ffc30b Debian: fix wrong checksums
Checksums are currently not being checked upon download. This commit
corrects them with the intent for us to turn on checking soon.

Not sure what reason causes the checksum incorrect. I am aware someone
complain on github that checksum of some tarballs are changed without
any updating. We also can't guarantee developers always fill correct
checksum. Once we turn on checksum upon download, we can catch in up in
time.

Test Plan:

Pass: downloader -s

Story: 2009303
Task: 46029

Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: I89f0db6086641062048b52270ffc585887cb8acf
2022-08-23 11:56:25 +08:00
Zuul
0d24cabf6d Merge "Remove Legacy-resolver and changed constraints" 2022-08-22 21:35:04 +00:00
Joshua Kraitberg
bcf17e661e Remove Legacy-resolver and changed constraints
Legacy-resolver will have its support dropped in the future.

Also, legacy-resolver was masking a dependency conflict that
required the constraints files be updated.  To use the
updated constraints file, the stx-integ-pylint job had to be
updated.  This update matches what is done in other repos,
eg. https://github.com/starlingx/update/blob/master/.zuul.yaml#L108.

Test Plan:
Execute: tox

Closes-Bug: 1964372

Signed-off-by: Joshua Kraitberg <joshua.kraitberg@windriver.com>
Change-Id: I6b71f0cd3d9315f957d6a6a15bf0a22e2a692185
2022-08-22 15:04:43 +00:00
Joshua Kraitberg
1a64ff8dda Update legacy keystone credential tenant to project
Keystone has standardized the term "project" as the
entity that owns resources, replacing the previous
term "tenant".  Without this change this tool will
not work due to authentication issues.

Test Plan:
Install tools/storage-topology and run it on controller

Closes-Bug: 1987297

Signed-off-by: Joshua Kraitberg <joshua.kraitberg@windriver.com>
Change-Id: I8409ea6233b8eb94fc75158c5dba96c9a71872f9
2022-08-22 10:59:15 -04:00
Zuul
8749bc9656 Merge "Preserve kube-apiserver manifest params during upgrade-activate" 2022-08-19 19:28:23 +00:00
Lucas Cavalcante
8072da8fab Add mapkubeapis helm plugin package
mapkubeapis helm plugin can be used to update deprecated kubernetes
apis. This plugin will be needed for system upgrade scripts dealing
with applications with deprecated kubernetes resources

TEST PLAN:
PASS: build centos
PASS: build debian

Closes-bug: 1983025
Depends-on: https://review.opendev.org/c/starlingx/tools/+/853293
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I1b831b5e8b49ebcd49d5e19bf91015fe81ff1e7f
2022-08-19 10:33:22 -03:00
Kaustubh Dhokte
73632416b3 Preserve kube-apiserver manifest params during upgrade-activate
This change a6a5349d02
(k8s-1.22.5: remove feature-gates)
adds a script that is run during upgrade activate. The script modifies
kubeadm cluster config and eventually updates kube-apiserver manifest
to remove deprecated features-gates in k8s 1.22.

As 'kubeadm init phase' is rerun in the script, it updates the
kube-apiserver manifest to be in sync with the  kubeadm cluster config.
In that process, it nullifies the effect of these two commits,
04a1c1b080
(Rework advertise address in apiserver-change-param)
and 52ace69c83
(Amend kube-apiserver 1.23 configuration to use PSP)

This change adds a function to the script that preserves the effect
of above listed commits.

Test Plan:
On CentOS AIO-SX
PASS: Upgrade Successful. Check if advertise address in
      kube-apiserver manifest before and after running
      upgrade-activate is same.
      Ensure that the seccomp profile configuration is
      removed after upgrade-activate.
      Kube-apiserver is running and cluster is accessible after
      the upgrade.
PASS: No Shellcheck errors

Closes-Bug: 1986854

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: Ib97e14bc5b4ed208e65e16888e1380a3bd9fdb8f
2022-08-18 17:06:53 -04:00
Al Bailey
df777c46ba Fix the stx-mariadb docker build errors
When building the docker image, the apt-get update fails
due to:
   /etc/apt/sources.list.d/mariadb.list
which contains a repo that no longer exists
  http://ftp.osuosl.org/pub/mariadb/repo/10.2/ubuntu

To get the docker build to work, that repo needs to
be removed prior to running the 'update'

Closes-Bug: 1986828
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ibbb449755717a5dec28deebeb753dc8e993eacb9
2022-08-18 13:39:29 +00:00
Zuul
bb2721ebba Merge "Debian: Add metrics-server to platform namespaces" 2022-08-17 21:18:58 +00:00
Kaustubh Dhokte
500adad67e Debian: Add metrics-server to platform namespaces
This change https://review.opendev.org/c/starlingx/integ/+/834215
adds metrics-server to the list of platform namespaces for
k8s 1.23.1. Apparently, Debian package for k8s 1.23.1 was not
added when above change was created.

Note: The patch was copied from centos/files.

Test Plan:
Pass: Package builds successfully
PASS: Image built and deployed successfully.
PASS: Apply metrics-server and verify that metrics-server is
      running on platform CPUs.

Closes-Bug: 1964503

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: I989be27416f388dc0ff46a820b8fa3a276600737
2022-08-16 16:51:20 +00:00
Zuul
9195c75b7c Merge "Removing unused package python-ryu" 2022-08-15 16:04:20 +00:00
Rafael Cardoso Pereira
5385bad154 Removing unused package python-ryu
After performing an analysis of the system it was recognized
that the following package: python-ryu; is not being used anymore
by the system. In order to clean it up, it was decided to
remove the package.

Test Plan:
PASS - All pkgs built successfully after removal of python-ryu
PASS - Successfully generated an openstack tarball
PASS - Stx-Openstack tarball successfully applied
PASS - Built CentOS ISO with the change and applied it to a lab

Closes-bug: #1985091

Signed-off-by: Rafael Cardoso Pereira <rafael.cardosopereira@windriver.com>
Change-Id: I399896a24204d618a535e874716eadf8889eec8d
2022-08-12 17:53:49 +00:00
Zuul
8e9f9b1f7a Merge "Ignore --all/lo* for ifupdown/nslcd scripts" 2022-08-12 17:19:46 +00:00
Fabiano Mercer
84017b4290 Ignore --all/lo* for ifupdown/nslcd scripts
It was detected the networking.service is marked as failing after reboot.
It happpens because "ifup -a" is executed by the service.
It starts to run the scripts in /etc/network/interfaces.d/.
But several scripts in ifupdown-extra are not prepared to handle "-all".

In the case of nss-pam-ldapd the script /etc/network/if-up.d/nslcd
is failing when there are loopback interfaces with label (lo:X) as the
script only tests the interface "lo".

Test Plan (Debian only - AIO-SX and AIO-DX)):
PASS  Check systemctl status networking.service after unlock

Closes-Bug: #1983503

Change-Id: I1fd9e2ea75233d987d6f1f2aa5a3395ab2885e2b
Signed-off-by: Fabiano Mercer <fabiano.correamercer@windriver.com>
2022-08-12 13:07:02 -03:00
Zuul
a323eec351 Merge "Debian: Add package gpu-operator" 2022-08-11 20:15:10 +00:00
Andre Fernando Zanella Kantek
fd5d9e694b Debian: Add package gpu-operator
This change adds the gpu-operator package to the Debian build. The
NVIDIA GPU Operator uses the operator framework within Kubernetes to
automate the management of all NVIDIA software components needed to
provision GPU.

The provided patches come from the CentOS port done in
https://review.opendev.org/c/starlingx/integ/+/784144
https://review.opendev.org/c/starlingx/integ/+/817725

Test plan (Debian only)
PASS  build ISO with the package installed
PASS  execute helm install
PASS  execute helm uninstall

Story: 2009968
Task: 45976

Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: Ic656d764dc3e31dcd89e02b172c14eb6d32743a7
2022-08-11 16:27:41 -03:00
Zuul
66f70da947 Merge "Debian: kpatch: Correct CONFIGFILE when cache src dir is used" 2022-08-11 16:58:19 +00:00
Zuul
bdc17d2c2f Merge "Debian: Break hardlinks in /var" 2022-08-11 16:02:50 +00:00
Zhang Xiao
2b1fbfd4bc Debian: Break hardlinks in /var
Here the root filesystem is managed by OSTree. OSTree is designed to
manage/deploy read-only filesystem. For read-only filesystem, hardlink
all files with same content is safe and can save disk space. It is a
good principle for readonly folders like /bin, /lib and so on. While
"/var" is somehow special that it is designed to store variable data
files, it can not be read-only, it must be read-write. Files in
"/var" should not be hardlinked together like other folders, break
them to make it.

Do the same for /usr/homedirs/home as it gets mounted at /var/home
at runtime.

Test Plan:
Pass: build ISO image
Pass: In runtime system, no hardlink in /var

Story: 2008862
Task: 45966
Related-Bug: #1983580

Change-Id: I1a61f919e0a60f83e27b6c0bf402c20c2d43abb4
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
2022-08-11 22:47:56 +08:00
Zuul
30398292cf Merge "debian: Setup 00check-network-cable" 2022-08-11 13:41:08 +00:00