Currently the packages puppet-network and ifupdown-extra are not
handling the default route with in a standard manner. The package
puppet-network is adding the netmask value as IPv4 (0.0.0.0), this
change uses the prefix length with zero, as ifupdown-extra is capable
to process both netmask and prefix length per entry in
/etc/network/routes.
As for ifupdown-extra it was not capable to handle the "default"
keyword for IPv4/6 routes. This change adds that capacity.
Test plan
[PASS] install AIO-DX with 1 compute node
[PASS] unlock compute node, a default IPv6 route was installed
[PASS] add/remove IPv6 routes on the compute node
[PASS] add/remove another IPv6 default route on the compute node,
with different metric
Story: 2010211
Task: 46284
Signed-off-by: Andre Kantek <andrefernandozanella.kantek@windriver.com>
Change-Id: I38bc8437c26c1e906b600b5f3c609fe504883101
Correct the required exec resource title for updating DC keystone
admin user/project IDs section.
The exec resource title was renamed from "keystone-manage bootstrap"
to "keystone bootstrap" in Debian. Update this patch accordingly.
Test Plan:
Verified: successfully get openstack secrets after DC installation
and Subcloud managed on Debian.
Story: 2010119
Task: 46218
Signed-off-by: lzhu1 <li.zhu@windriver.com>
Change-Id: I5dd9f06436903a01b564f44004058438a93de8b6
nslcd has been replaced by sssd on Debian. The puppet-nslcd
package is no longer needed. With this change, the package
is no longer built and included in the image.
Test Plan on Debian:
PASS: image build
PASS: After system deployed, verify puppet-nslcd package doesn't
exist.
PASS: openldap functions (user addition, user login on console and
by ssh, etc) work properly.
Story: 2009834
Task: 46174
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/855513
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: Ia29dc8e66fc1f7e7c537b4dea87511aba00f2217
Checksums are currently not being checked upon download. This commit
corrects them with the intent for us to turn on checking soon.
Not sure what reason causes the checksum incorrect. I am aware someone
complain on github that checksum of some tarballs are changed without
any updating. We also can't guarantee developers always fill correct
checksum. Once we turn on checksum upon download, we can catch in up in
time.
Test Plan:
Pass: downloader -s
Story: 2009303
Task: 46029
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: I89f0db6086641062048b52270ffc585887cb8acf
It was detected that the static route's metric parameter is not
applied on the kernel if configured on sysinv database. The cause is
located on the puppet-network module not adding the information to
/var/run/network-scripts.puppet/routes.
This change adds the necessary modification to process the options
field on the hiera file.
Test Plan:
PASS set parameter with system host-route-add and lock/unlock and
verify metric value on the kernel
Closes-Bug: 1977983
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: Iafeb2f1d8f6280c84d66398c1d21dbbfe1869a09
The following dependencies were generating the warning
"module 'openstacklib' has unresolved dependencies"
during bootstrap and unlock on Debian:
puppetlabs-openstacklib (v17.4.0) asks for
puppetlabs-postgresql version >=6.4.0 <7.0.0
puppetlabs-mysql (v8.1.0) asks for
puppetlabs-translate version >= 1.0.0 < 2.0.0
Comparing puppetlabs-postgresql v8.0.0 with v6.10.2: It can be
verified that support for Debian 11 was added on v7.4.0, which is
already out of the specified range.
Other than added functionality and fixes, here are the major changes
between v6.10.2(latest version inside of range) and v8.0.0:
v7.0.0 drops support for SLES 11 and RHEL 5, and bumps minimum Puppet
version to 6.0.0 (We are currently using Puppet 5.5.22, but it should
be noted that the minimal version was bumped up because Puppet 5 was
removed from the test cases and not because there are signs of
malfunction).
v8.0.0 drops support for CentOS 6, Debian 6, and Ubuntu 10, which is not
a problem since we are not using any of those OSs.
In conclusion, any version earlier than v7.4.0 should not be used and
there are no known disadvantages to using v8.0.0 instead of v7.4.0.
puppetlabs-translate v2.0.0 removes support for Debian 7 and bumps up
the minimum Puppet version (both of those are irrelevant here since we
are on Debian 11 and the Puppet version is still inside the range).
All other changes introduced from v2.0.0 to v2.2.0 are added support
and minor fixes.
Therefore, it should be safe to use v2.2.0 without a problem.
Debian Bullseye tests:
PASS: Build & install
PASS: Successful Bootstrap
PASS: Successful Unlock
Story: 2009964
Task: 45496
Signed-off-by: Matheus Machado Guilhermino <Matheus.MachadoGuilhermino@windriver.com>
Change-Id: I73fe64b867026ba38b0db7b0a8b34fed388e4d66
There were a few missing white spaces,
so the patch 11 could not be applied
correctly
TEST PLAN:
PASS: Patch 11 applied correctly
Closes-bug: #1975725
Signed-off-by: Joao Pedro Alexandroni <JoaoPedroAlexandroni.CordovadeSouza@windriver.com>
Change-Id: I3b9ec6a2245ecee358e32ccd12dfa26d51f84af5
The device node in /dev/ and device path in /dev/disk/by-path
can not be used directly for mpath devices, use /dev/mapper/mpathN
and /dev/disk/by-id/dm-uuid-mpath-<WWID> instead and change the
scripts in osd.pp accordingly.
Test Plan:
PASS: AIO-SX with Ceph, 1 osd
PASS: AIO-SX with Ceph, 2 osd
PASS: AIO-SX with Ceph, 4 osd
PASS: Installed and unlocked AIO-SX Debian
Story: 2010046
Task: 45426
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Thiago Miranda <ThiagoOliveira.Miranda@windriver.com>
Change-Id: Id1d3d2e72931f0518340214f2b049466db1fb012
The device path in /dev/disk/by-path can not be used directly
for mpath devices, /dev/disk/by-id/dm-uuid-mpath-<WWID> will
be used instead.
Test Plan:
PASS: AIO-SX
Story: 2010046
Task: 45426
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Thiago Miranda <ThiagoOliveira.Miranda@windriver.com>
Change-Id: Id5b1e27a4567a0791633ba83ed791fe6edaba3cd
In Debian version 8.5.0-6 of puppet-rabbitmq package, there is
a default (new) loopback users configuration that restricts the
connection to the broker via loopback interface.
Also, the tcp_listen_options default config is already added via
starlingx amqp puppet manifest code (amqp.pp).
Therefore, both default package configurations have been changed,
via patch, to match starlingx's default behavior and code.
Test Plan:
PASS: rabbit-server-config package successfully built
PASS: Debian image successfully built
PASS: AIO-SX successfully installed
PASS: AIO-SX successfully bootstrapped
PASS: AIO-SX successfully unlocked
PASS: Checked via sm-dump rabbitmq started (removed UAR 32 and 33)
PASS: Checked that no ACCESS_REFUSED auth PLAIN error was raised
Story: 2009965
Task: 45354
Depends-On: https://review.opendev.org/c/starlingx/config-files/+/841345
Signed-off-by: Adriano Oliveira <adriano.oliveira@windriver.com>
Change-Id: I0b9f2bf64eba733bd1aece4c12683c0b9cd2135f
Update puppetlabs-postgresql to 8.0.0, since it fully supports
Debian bullseye, and the version we were using doesn't support it
fully.
This does not affect Centos builds at all.
Test Plan
PASS Build packages
PASS Test ISO install
Story: 2009101
Task: 43326
Depends-On: https://review.opendev.org/c/starlingx/utilities/+/840497
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I195003be09af86d3430fe901057ec4bf559c51ed
A problem may occur if puppet attempts to inject a firewall rule
while the underlying iptables/ip6tables has existing rules which
use the --random-fully flag in the NAT table.
The issue occurs because puppet-firewall first makes a call to
iptables-save/ip6tables-save to parse the existing rules
(to determine if the rule already exists). If it finds a rule
with --random-fully, it will immediately bail out.
The current version(s) of puppet-firewall in StarlingX are old
enough that they don't have parsing logic for the --random-fully
flag that was initially supported in iptables version 1.6.2+.
Now that StarlingX uses iptables 1.8.4, we must account for the
possibility that various components (ie. kubernetes) will make
use of --random-fully rules.
This feature has been implemented upstream in the following commits:
https://github.com/puppetlabs/puppetlabs-firewall/commits/
9a4bc6a81cf0cd4a56ba458fadac830a2c4df529
0ea2b74c0b4a451a37bae8c2ff105b72481ab485
The above commits have been ported back to:
CentOS: puppet-firewall-1.8.2
Debian: puppetlabs-firewall-1.12.0
Since StarlingX does not currently build it's own version
of puppet-firewall in either CentOS or Debian, this commit
also contains the infrastructure to do so.
Testing:
Note: Since the issue is intermittent on unlock, the functional
tests were performed with a custom runtime manifest that installed
a dummy iptables/ip6tables rule when an interface was modified.
At this time, it was guaranteed that there were rules with
the --random-fully flag present.
CentOS:
Package build: PASS
Present in iso: PASS
IPv4 functional test (iptables): PASS
IPv6 functional test (ip6tables): PASS
Debian:
Package build: PASS
Present in iso: PASS
IPv4 functional test (iptables): PASS
IPv6 functional test (ip6tables): PASS
Closes-Bug: #1971900
Signed-off-by: Steven Webster <steven.webster@windriver.com>
Change-Id: I7dbb9e1b99d95df0aa5a7db7aa22c3c314253788
OSTree structure requires /usr to be readonly as OSTree's dracut
hook creates a read-only bind mount over /usr.
1. deploy validate_postgresql_connection.sh directly to
/usr/local/bin. It was copied to the location after
installation.
2. move /usr/local/etc/ldapscripts to /etc/ldapscripts, files
need writable.
3. move /usr/libexec/cni to /opt/cni/bin. Plugins are installed
at runtime.
TCs:
provision aio-dx centos with /usr mount to readonly fs.
unlocked host
provision aio-sx debian and unlocked host.
upgrade AIO-DX from 21.12
upgrade AIO-SX from 21.12
successfully apply cert-manager and nginx-ingress-controller
Story: 2009101
Task: 44314
Change-Id: I99231f3f7db3d2d8eaceba137e13dea650370f71
Signed-off-by: Bin Qian <bin.qian@windriver.com>
The HieraPuppet.lookup() function malfunctions when hiera v5 is used.
In order to have Hiera v5 working, the function was replaced by the
'puppet lookup' command.
Hiera v5 should be used instead of Hiera v3 to avoid the following
warning during bootstrap:
"/etc/puppet/hiera.yaml: Use of 'hiera.yaml' version 3
is deprecated. It should be converted to version 5"
Also replaced the default path in which keystone.rb looks for
openstacklib since a custom installation directory is being used.
Debian Bullseye tests:
PASS: Build & install
PASS: Successful Bootstrap
Story: 2009964
Task: 45008
Signed-off-by: Matheus Machado Guilhermino <Matheus.MachadoGuilhermino@windriver.com>
Change-Id: I570aa6e06448e00b96882629b54882a1467740c5
The output of "pvs -o pv_name,vg_name,lv_name --separator ','" is the
same under CentOS and Debian. This output is fed to the csv.to_a.map
function which produces a slightly different hash.
Under Centos ruby (2.0.0):
{:_pv=>" /dev/sda5", :vg=>"cgts-vg", :lv=>"log-lv"}
Under Debian ruby (2.7.4):
{:pv=>" /dev/sda7", :vg=>"cgts-vg", :lv=>"log-lv"}
The '_pv' hash key is invalid under Debian and results in:
undefined method `strip' for nil:NilClass (NoMethodError)
This patch corrects the variable reference
Change-Id: I70033adfff4b551770e9b5026ed93c98949f3689
Story: 2009964
Task: 45101
Signed-off-by: Robert Church <robert.church@windriver.com>
There is an issue on Debian iso when re-installing which halts the
bootstrap with the error:
Failed to wipe signatures on logical volume cgts-vg/pgsql-lv.
Aborting. Failed to wipe start of new LV.
This commit fixes this issue.
Test Plan:
Debian:
PASS: Build package
PASS: Build image
PASS: Install controller
PASS: Re-install controller
PASS: Controller unlocked/enabled/available
Story: 2009101
Task: 44883
Signed-off-by: Fabricio Henrique Ramos <fabriciohenrique.ramos@windriver.com>
Change-Id: Ibd10aacda1deeff9415fd556d12143a1598d3559
It was observed in some debian installations that the value of
SCRIPT_DIRECTORY was /etc/sysconfig/network instead of
/var/run/network-scripts.puppet/. This was caused due to the fact that
the file redhat.rb on the puppet-network plugin also is declaring
a SCRIPT_DIRECTORY string with freeze and, depending on how the system
was loading, this module it would overwrite the value set in
interfaces.rb (used for Debian).
This corrections make the variable names unique on the debian files,
interfaces.rb and routes.rb, to prevent them to be overwitten
Test plan
PASS Debian installation done on virtualbox
PASS host unlock with correct network configuration after reboot
Story: 2009101
Task: 44908
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: I30c9d16f824bfd42854717d743f0c9d9e9bf3eb2
The following dependencies were generating
"unresolved dependency" warnings during bootstrap on Debian:
puppet-archive (>= 2.0.0 < 4.0.0)
camptocamp-systemd (>= 2.1.0 < 3.0.0)
But they are not present in Debian Bullseye and not
installable using the base-bullseye.lst.
Also, puppet-archive is not needed since rabbitmq is not
configured to install pkgs at runtime, and camptocamp-systemd
only manages the file limit before bootstrap (sets to 524288)
and removing it does not present big risks.
The solution was to create a patch to remove the
dependency declaration for each module.
Debian Bullseye tests:
PASS: Build & install
PASS: Successful Bootstrap
Story: 2009101
Task: 44710
Signed-off-by: Matheus Machado Guilhermino <Matheus.MachadoGuilhermino@windriver.com>
Change-Id: Ia6025c56dca3ee7f34058057bdd64a6232d30988
The use of the Oslo parameter 'idle_timeout' was generating
the following warning during bootstrap:
"Scope(Oslo::Db[keystone_config]): The idle_timeout parameter
is deprecated. Please use connection_recycle_time instead."
The warning was gone after the parameter was replaced by
connection_recycle_time on the Keystone package and deactivated
on the Oslo package.
Debian Bullseye tests:
PASS: Build & install
PASS: Successful Bootstrap
Story: 2009101
Task: 44741
Signed-off-by: Matheus Machado Guilhermino <Matheus.MachadoGuilhermino@windriver.com>
Change-Id: Ie92ef00f1cb0ad6e95db3cd7ad0e99eb4307b321
The following dependency was generating a
"unresolved dependency" warning during bootstrap on Debian:
puppet-stdlib (>= 4.6.0 < 5.0.0)
Debian is currently using puppet-stdlib 5.0.0 and the
most recent version of puppet-etcd asks for puppet-stdlib
(>= 4.6.0 < 5.0.0).
puppet-stdlib 5.0.0 provides the same manifests, classes
and functions as puppet-stdlib 4.25.1, the changes are more
present in the packaging architecture, inclusion of a new function,
and improved and updated documentation.
Updating the dependency declaration to allow version 5.0.0
of puppet-stdlib removes the warning, shows no signs of malfunction,
and does not prevent from successfully bootstraping and unlocking.
For that, the package puppet-etcd-1.12.3 was included and patched.
Debian Bullseye tests:
PASS: Build & install
PASS: Successful Bootstrap
PASS: Successful Unlock
Story: 2009101
Task: 44772
Signed-off-by: Matheus Machado Guilhermino <Matheus.MachadoGuilhermino@windriver.com>
Change-Id: I940faf6c406fa0146da86976154f4e4793621c40
This work is part of Debian integration effort.
This work affects only Debian, but we can port to CentOS.
Puppet manifest fails because osd service is called before osds are
prepared (partitioned). This happends because parameters are not
correctly passed to the service call. In fact the service call only
asks to start a mon serice.
Tests:
PASS: live patch controller && unlock, puppet goes past the issue
PASS: build-pkgs and check contents
Story: 2009101
Task: 44756
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I9f6c6478c51ba45843bbaff9e264fc10056fac48
This work is part of Debian integration effort. This work only affects
debian.
We package the same version of ceph for both CentOS and Debian.
Since we know the puppet-ceph module on CentOS is supposed to work,
use this on Debian also to reduce testing and possible issues.
Patches were copied from CentOS and not touched.
Drop one patch to metadata.json, we know we have some work to do in
that area to clear puppet warnings, but will be done part of a
generic clearing puppet warnings effort.
The sources need to be patched to work with debhelper-compat 13, which
we don't care now.
There are some integration issues, but testing so far revealed that
during a puppet replay for aio manifest ceph data and ceph journal
partitions were created.
Story: 2009101
Task: 43431
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I90adc736ea52e6c4f9946520156f53e572c224cc
In order to compare the difference between sysinv database and
currently configured static routes, the destination directory will be
changed to /var/run/network-scripts.puppet/
This new location will be used by apply_network_config script to
update modified configuration from the database and save the result
in /etc/network/routes be used during boot by ifupdown
Story: 2009101
Task: 44728
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: I4ba06160c2cc7db2bfec061c09b9eb6a75961ce4
When the interfaces file is generated it is necessary to determine the
mode (vlan or raw) from the interface name. Originally the plugin
considers that a previous interfaces file exists and will use it to
set the mode value.
But on StarlingX network_config is generated by sysinv and there is no
previous file to parse, so this change adds the mode logic on
file formatting.
Test Plan:
PASS: generate valid ifupdown config when interface name is of format
"vlanNNN" on Debian and apply it with ifup/ifdown command
Story: 2009101
Task: 44659
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: Ibccd189ea14eed4b8504908188fabedfa6bf4c2a
In order to compare the difference between sysinv database and currently
configured interfaces the destination directory will be changed to
/var/run/network-scripts.puppet/
This new location will be used by apply_network_config script to
update modified configuration from the database and save the result
in /etc/network/interfaces.d/ to be used during boot
Story: 2009101
Task: 44570
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: I0b54688ee4ce658a23ef6257481a44d96f29f441
The system command for resizing ceph-mon partition is disabled
for AIO-DX setup because it is broken.
The problem is that DRBD filesystem is not handled correctly
when the ceph-mon lvm partition is resized.
Updating the DRBD metadata for the ceph-mon partition with
'drbdmadm apply-al' command fixed the problem.
Test-Plan: Install the system with ceph backend and try to resize
the ceph-mon partition with 'system ceph-mon-modify'
command.
PASS: Fresh install and ceph-mon resizing on AIO-SX
PASS: Fresh install and ceph-mon resizing on AIO-DX
Story: 2009861
Task: 44526
Signed-off-by: Felipe Sanches Zanoni <Felipe.SanchesZanoni@windriver.com>
Change-Id: I734238c94575c94ea59937b72471de940735fe1b
Supported version should be 13 and not 13.5.
Test Plan:
PASS Build package
PASS Ran puppet manifest with patch applied. Postgres version
was detected.
Story: 2009101
Task: 43326
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: Icc8c02d26bfe71404769da5fbb383b94061b6082
Support only goes up to Debian 10(buster) add support to
detect Debian 11(bullseye). Without this patch the puppet
postgresql module will fail to run.
Test Plan:
PASS Build package
PASS Ran puppet manifest with patch applied. Postgres version
was detected.
Story: 2009101
Task: 43326
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: Ib4f262e2c6aa3443f31b3622ad87290bdceae051
Fix syntax error in sync.pp
Test Plan:
PASSED Debian build and examine output
PASSED bootstrap Debian and check keystone endpoints created
Story: 2009101
Task: 44357
Signed-off-by: John Kung <john.kung@windriver.com>
Change-Id: Id5c8bec398d3eac137532d5f9d645a297a364287
This reverts commit d27206ec923f814018b3cde4e1106007c6cbac69.
Reason for revert: We have a red sanity and we believe it this is the commit that is causing ansible to fail.
Change-Id: Ia0ef3bb302be88e04849cd0343fd849895c455f0
This package is 3rdparty.
All patches were changed and lifted.
Did build puppet-postgresql.
Story: 2009242
Task: 43883
Signed-off-by: Roberto Nogueira <robertoluiz.martinsnogueira@windriver.com>
Change-Id: I1d473e34c703c6355bee4f33daf6ce12b71b4d19
Add debian infrastructure to build puppet-ceph as a debian packaging.
Patches Dropped:
0005-Remove-puppetlabs-apt-as-ceph-requirement.patch
0004-US92424-Add-OSD-support-for-persistent-naming.patch
0006-ceph-disk-prepare-invalid-data-disk-value.patch
0008-ceph-mimic-prepare-activate-os.patch
0009-fix-ceph-osd-disk-partition-for-nvme-disks.patch
Re-diffed:
0001-Roll-up-TIS-patches.patch
0002-Newton-rebase-fixes.patch
0003-ceph-jewel-rebase.patch
0004-US92424-Add-OSD-support-for-persistent-naming.patch
0005-Add-StarlingX-specific-restart-command-for-Ceph-moni.patch
The patches that were dropped needs to be re-worked for ceph-volume,
since ceph-disk has been deprecated and not included in the Ceph version
from Debian.
0001-Roll-up-TIS-patches.patch and 0003-ceph-jewel-rebase.patch
were rebased because most of the systemd logic has
been dropped as well and need to be redone.
Story: 2009101
Task: 43431
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I5a66bcd274f2752d4c050fab25a7b1b8347b650e