Refactor low latency compute per-cpu power management
out of stx-nova into libvirt qemu hook
Story: 2004610
Task: 28508
Change-Id: I80432b36c4e71d957db51f1742ef87fb519acce2
Signed-off-by: Daniel Chavolla <daniel.chavolla@windriver.com>
Test:
Install bootimage.iso on bare mental, enable
Intel TXT setting in BIOS. During installation
make with such selection
"Standard Controller" or "All-in-One Controller" ->
"Graphical console" -> "EXTENDED Security Profile" ->
"Trusted Boot Profile"
After system bootup, check tboot with such command
"sudo txt-stat"
Depends-On: https://review.openstack.org/627745
Story: 2004522
Task: 28436
Change-Id: I7599f1648acfa71757cd5dfdb54f00c9499c8d61
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
It is introduced by CentOS 7.6 upgrade.
Story: 2004660
Task: 28705
Change-Id: I6184b8ab9213eb995eb409cfeef6153f4fb4233a
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
fixed handling of security certificates in tpm mode
The code that handles the installation of tpm security
certificates stopped working after recent updates to
other packages
This commit updates the code to properly work with the
current system configuration
Closes-Bug: #1808163
Change-Id: I76e10cf1ed68cfeb0ce3ee560df0c34711f57af2
Signed-off-by: Paul-Emile Element <Paul-Emile.Element@windriver.com>
Package audit-config is created to config customized config
file of audit. Since there is no other change for audit,
we could replace srpm with rpm directly.
audit-config is set to depends on audit, so audit rpm will be
installed automatically.
Test:
Pass build and multi node deploy test. Confirm syslog.conf is
the same as before in the deploy.
Story: 2003768
Task: 27602
Depends-On: https://review.openstack.org/617174
Change-Id: I6101142642dd21c35e7db1352cc8c9aa05fba923
Signed-off-by: slin14 <shuicheng.lin@intel.com>
This commit modifies the vtpm instance path to reflect
openstack-help default
The vtpm data will now be located under
/var/lib/nova/instances
Story: 2003909
Task: 27081
Change-Id: Ibb54558e2d84afae23c9094e631b904a68400e7e
Signed-off-by: Paul-Emile Element <Paul-Emile.Element@windriver.com>
With rpm version < 4.13, patch cmd will create .orig file for fuzzy
patch in default. And this .orig file may lead to rpmbuild failure
"error: Installed (but unpackaged) file(s) found:"
Please visit below link to get more detail info:
https://bugs.launchpad.net/starlingx/+bug/1794611
Story: 2003917
Task: 26817
Change-Id: I455087544161e38160608b1fba27e00584c61feb
Signed-off-by: slin14 <shuicheng.lin@intel.com>
Problem:
- Centos 7.5 upgraded tpm2-toolss.
- Porting of tpm2-toolss patches did not resolve and 'fuzz' in the line
numbers of the patches.
- If tpm2-tools is built by rpm 4.11, or default version of rpm
until 4.14 is compiled, a fuzzy patch results in the creating
of an .orig file.
- Packaging of tpm2-toolss failes due to the unexpected, and
unpackaged .orig file
Solution:
Safest solution is to de-fuzz our tpm2-toolss patches.
Story: 2003389
Task: 26755
Change-Id: I8dd8d71e2bdcd75ec6786af6bf162f3deae046a2
Signed-off-by: Sun Austin <austin.sun@intel.com>
Move content from stx-gplv3 into stx-integ
Packages will be relocated to
stx-integ:
base/
anaconda
crontabs
dnsmasq
rsync
database/
python-psycopg2
filesystem/
parted
grub/
grub2
security/
python-keyring
Change-Id: I17163dbff41222985a29228a8b42c919a86d1e67
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>
This is part of solution to address issues related to switching between
HTTP and HTTPS.
Story: 2002894
Task: 22857
Change-Id: I020da4d405ef00a10d112e29cad3844658be9a63
Signed-off-by: Don Penney <don.penney@windriver.com>
Signed-off-by: Jack Ding <jack.ding@windriver.com>
Current stx-tools infrastructure allows the download of tar compressed files
having different names, directory output and version including commits, see a
more detailed description here:
https://review.openstack.org/#/c/577953/
All our compressed tar files are in gz format and this change makes our life easier
avoiding us to add the check of bz2 format.
Change-Id: Ic909dc7fc813956caf3f5cf4a6873b018967f42b
Signed-off-by: Abraham Arce <abraham.arce.moreno@intel.com>
Add spectre-meltdown-checker package.
Implements customer configuration of kernel options to control
spectre/meltdown related kernel options. Default (with "nopti
nospectre_v2" options) can be changed to "" using
system modify -S spectre_meltdown_all
Change-Id: Id86c4bbe9063cf6c47fe4128d641ef2983622481
Signed-off-by: Jack Ding <jack.ding@windriver.com>