26 Commits

Author SHA1 Message Date
chenlx
c465aad924 Fix RPM release name "el7" misspelled problem
Change-Id: If692e8ce815a5dd400d9ae3835d62c74112aa39a
Closes-Bug: #1821637
2019-03-29 08:59:43 +08:00
Saul Wold
ba9900eef8 Merge remote-tracking branch 'gerrit/master' into f/centos76
Change-Id: I1c7d7adf054471ef8a00bdc9ce9193dba83025a6
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2019-02-12 08:02:41 -08:00
Daniel Chavolla
1e9f9ff1f4 Add low latency per-cpu power management
Refactor low latency compute per-cpu power management
out of stx-nova into libvirt qemu hook

Story: 2004610
Task: 28508

Change-Id: I80432b36c4e71d957db51f1742ef87fb519acce2
Signed-off-by: Daniel Chavolla <daniel.chavolla@windriver.com>
2019-02-01 14:27:10 -05:00
Zuul
aed7ec8741 Merge "rebase tboot patch to CentOS 7.6 version" into f/centos76 2019-01-22 16:22:53 +00:00
Martin, Chen
d983580f90 rebase tboot patch to CentOS 7.6 version
Test:
Install bootimage.iso on bare mental, enable
Intel TXT setting in BIOS. During installation
make with such selection

"Standard Controller" or "All-in-One Controller" ->
"Graphical console" -> "EXTENDED Security Profile" ->
"Trusted Boot Profile"

After system bootup, check tboot with such command
"sudo txt-stat"

Depends-On: https://review.openstack.org/627745

Story: 2004522
Task: 28436

Change-Id: I7599f1648acfa71757cd5dfdb54f00c9499c8d61
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
2019-01-17 01:25:09 +08:00
Zuul
c0945008c3 Merge "rebase tpm2-tools patch to CentOS 7.6 version" into f/centos76 2019-01-15 16:33:46 +00:00
Martin, Chen
8e351f68e4 rebase tpm2-tools patch to CentOS 7.6 version
Test:
Pass build and simplex deploy test

Depends-On: https://review.openstack.org/630593/

Story: 2004522
Task: 28440

Change-Id: If0b02774c5d133122599a003b616672a6114d700
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
2019-01-15 13:52:16 +08:00
Zuul
20c48cddd3 Merge "rebase shim-signed patch to CentOS 7.6 version" into f/centos76 2019-01-11 07:23:46 +00:00
Martin, Chen
0c6391af4e rebase shim-signed patch to CentOS 7.6 version
Test:
Pass build and multi-node deploy test

Depends-On: https://review.openstack.org/627932/

Story: 2004522
Task: 28439

Change-Id: Ia10f16834721cc2aa1a148557f8fc614954c5c07
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
2019-01-04 14:22:46 +08:00
Shuicheng Lin
0d0623c8d9 de-fuzz fuzzy patch in net-tools & shim-unsigned
It is introduced by CentOS 7.6 upgrade.

Story: 2004660
Task: 28705

Change-Id: I6184b8ab9213eb995eb409cfeef6153f4fb4233a
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2019-01-03 23:56:53 +08:00
Martin, Chen
245592c60e rebase shim patch to CentOS 7.6 version
Test:
Pass build and multi-node deploy test

Depends-On: https://review.openstack.org/627922

Story: 2004522
Task: 28438

Change-Id: I838e71c0334515ad2e34cbad968188b81f908d6a
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
2019-01-02 14:06:57 +08:00
Paul-Emile Element
81fded989a fix tpm certificate handling
fixed handling of security certificates in tpm mode

The code that handles the installation of tpm security
certificates stopped working after recent updates to
other packages

This commit updates the code to properly work with the
current system configuration

Closes-Bug: #1808163

Change-Id: I76e10cf1ed68cfeb0ce3ee560df0c34711f57af2
Signed-off-by: Paul-Emile Element <Paul-Emile.Element@windriver.com>
2018-12-12 14:48:49 -05:00
slin14
be3514e25c refactor audit
Package audit-config is created to config customized config
file of audit. Since there is no other change for audit,
we could replace srpm with rpm directly.

audit-config is set to depends on audit, so audit rpm will be
installed automatically.

Test:
Pass build and multi node deploy test. Confirm syslog.conf is
the same as before in the deploy.

Story: 2003768
Task: 27602
Depends-On: https://review.openstack.org/617174

Change-Id: I6101142642dd21c35e7db1352cc8c9aa05fba923
Signed-off-by: slin14 <shuicheng.lin@intel.com>
2018-11-12 19:51:58 +08:00
Paul-Emile Element
5e98d76a9f Update instance path for swtpm / vtpm
This commit modifies the vtpm instance path to reflect
openstack-help default
The vtpm data will now be located under
/var/lib/nova/instances

Story: 2003909
Task: 27081

Change-Id: Ibb54558e2d84afae23c9094e631b904a68400e7e
Signed-off-by: Paul-Emile Element <Paul-Emile.Element@windriver.com>
2018-10-31 19:17:43 +00:00
slin14
3533354c69 de-fuzz python-keyring patch
With rpm version < 4.13, patch cmd will create .orig file for fuzzy
patch in default. And this .orig file may lead to rpmbuild failure
"error: Installed (but unpackaged) file(s) found:"

Please visit below link to get more detail info:
https://bugs.launchpad.net/starlingx/+bug/1794611

Story: 2003917
Task: 26817

Change-Id: I455087544161e38160608b1fba27e00584c61feb
Signed-off-by: slin14 <shuicheng.lin@intel.com>
2018-10-09 23:07:55 +08:00
Sun Austin
9476528006 de-fuzz tpm2-tools patches
Problem:
- Centos 7.5 upgraded tpm2-toolss.
- Porting of tpm2-toolss patches did not resolve and 'fuzz' in the line
  numbers of the patches.
- If tpm2-tools is built by rpm 4.11, or default version of rpm
  until 4.14 is compiled, a fuzzy patch results in the creating
  of an .orig file.
- Packaging of tpm2-toolss failes due to the unexpected, and
  unpackaged .orig file

Solution:
  Safest solution is to de-fuzz our tpm2-toolss patches.

Story: 2003389
Task: 26755

Change-Id: I8dd8d71e2bdcd75ec6786af6bf162f3deae046a2
Signed-off-by: Sun Austin <austin.sun@intel.com>
2018-09-27 20:48:03 +08:00
zhipengl
4a71635ea5 upgrade tpm2-tools to CentOS 7.5 version
Fix version issue introduced in https://review.openstack.org/#/c/595514/

Story: 2003389
Task: 24508

Change-Id: I728c871aef0afa307f8043942e19ada995e848b0
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
2018-09-09 06:49:27 +08:00
zhipengl
9d4ed58794 upgrade tpm2-tools to CentOS 7.5 version
Story: 2003389
Task: 24508
Depends-On: https://review.openstack.org/#/c/595525/

Change-Id: I4424414bcde7ac57faa692c72c76b089154839a7
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
2018-08-28 00:55:27 +00:00
chenyan
5d26f76e31 CentOS 7.5 upgrade for tboot package.
Story: 2003389
Task: 24506

Change-Id: I111deaddf2df85ff2762c4ea0191c2cd39b5b4ab
Signed-off-by: chenyan <yan.chen@intel.com>
2018-08-24 14:20:28 +08:00
slin14
3fd3486f27 rebase audit patch to CentOS7.5
Story: 2003389
Task: 24507

Change-Id: Id8d4d1674f20c264489264836a1cceb62c9efeaa
Signed-off-by: slin14 <shuicheng.lin@intel.com>
2018-08-22 15:00:08 +08:00
Scott Little
9f0e32eab4 Relocate python-keyring to stx-integ/security/python-keyring
Move content from stx-gplv3 into stx-integ

Packages will be relocated to

stx-integ:
    base/
        anaconda
        crontabs
        dnsmasq
        rsync

    database/
        python-psycopg2

    filesystem/
        parted

    grub/
        grub2

    security/
        python-keyring

Change-Id: I17163dbff41222985a29228a8b42c919a86d1e67
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>
2018-08-01 15:39:40 -04:00
Scott Little
bab9bb6b69 Internal restructuring of stx-integ
Create new directories:
   ceph
   config
   config-files
   filesystem
   kernel
   kernel/kernel-modules
   ldap
   logging
   strorage-drivers
   tools
   utilities
   virt

Retire directories:
   connectivity
   core
   devtools
   support
   extended

Delete two packages:
   tgt
   irqbalance

Relocated packages:
   base/
      dhcp
      initscripts
      libevent
      lighttpd
      linuxptp
      memcached
      net-snmp
      novnc
      ntp
      openssh
      pam
      procps
      sanlock
      shadow
      sudo
      systemd
      util-linux
      vim
      watchdog

   ceph/
      python-cephclient

   config/
      facter
      puppet-4.8.2
      puppet-modules

   filesystem/
      e2fsprogs
      nfs-utils
      nfscheck

   kernel/
      kernel-std
      kernel-rt

   kernel/kernel-modules/
      mlnx-ofa_kernel

   ldap/
      nss-pam-ldapd
      openldap

   logging/
      syslog-ng
      logrotate

   networking/
      lldpd
      iproute
      mellanox
      python-ryu
      mlx4-config

   python/
      python-2.7.5
      python-django
      python-gunicorn
      python-setuptools
      python-smartpm
      python-voluptuous

   security/
      shim-signed
      shim-unsigned
      tboot

   strorage-drivers/
      python-3parclient
      python-lefthandclient

   virt/
      cloud-init
      libvirt
      libvirt-python
      qemu

   tools/
      storage-topology
      vm-topology

   utilities/
      tis-extensions
      namespace-utils
      nova-utils
      update-motd

Change-Id: I37ade764d873c701b35eac5881eb40412ba64a86
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>
2018-08-01 10:06:31 -04:00
Paul-Emile Element
f869a1f7ef Rename server-cert to self-signed-server-cert
This is part of solution to address issues related to switching between
HTTP and HTTPS.

Story: 2002894
Task: 22857

Change-Id: I020da4d405ef00a10d112e29cad3844658be9a63
Signed-off-by: Don Penney <don.penney@windriver.com>
Signed-off-by: Jack Ding <jack.ding@windriver.com>
2018-07-23 10:27:32 -04:00
Abraham Arce
921fc22a82 spectre-meltdown-checker: package format
Current stx-tools infrastructure allows the download of tar compressed files
having different names, directory output and version including commits, see a
more detailed description here:
https://review.openstack.org/#/c/577953/

All our compressed tar files are in gz format and this change makes our life easier
avoiding us to add the check of bz2 format.

Change-Id: Ic909dc7fc813956caf3f5cf4a6873b018967f42b
Signed-off-by: Abraham Arce <abraham.arce.moreno@intel.com>
2018-07-03 23:58:57 -07:00
jmckenna
88877ed3cd Spectre/meltdown kernel options controllable by customer
Add spectre-meltdown-checker package.
Implements customer configuration of kernel options to control
spectre/meltdown related kernel options.  Default (with "nopti
nospectre_v2" options) can be changed to "" using

system modify -S spectre_meltdown_all

Change-Id: Id86c4bbe9063cf6c47fe4128d641ef2983622481
Signed-off-by: Jack Ding <jack.ding@windriver.com>
2018-07-03 11:06:50 -04:00
Dean Troyer
3cd12006bb StarlingX open source release updates
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
2018-05-31 07:36:35 -07:00