This commit updates keepalived from v1.3.5 to v2.1.5 to avoid failures
encountered when building StarlingX flock container images, which
started to fail with the following errors after the recent iptables
update introduced by commit 36673774ee3c ("iproute-5.12, iptables-1.8.4,
and libnftnl-1.1.5", 2021-10-27):
=== 8< ===
Error: Package: keepalived-1.3.5-19.el7.x86_64 (base)
Requires: libxtables.so.10()(64bit)
Available: iptables-1.4.21-35.el7.x86_64 (base)
libxtables.so.10()(64bit)
Installing: iptables-1.8.4-21.tis.5.x86_64 (stx-mirror-distro)
Not found
=== >8 ===
keepalived-2.1.5 was imported from CentOS 8-Stream where it is the
latest version as of this writing. It should be noted that rebuilding
keepalived-1.3.5 (i.e., CentOS 7's version) was not suitable as
keepalived-1.3.5 does not support iptables-nftables, and the CentOS
8-Stream keepalived RPM cannot be used as is due to the specific
versions of some of its dependencies.
During the preparation of this patch, an unexpected build failure had to
be worked around by disabling SNMP support in keepalived, which is
assumed to not have a negative impact on StarlingX according to a
software architect colleague at Wind River. Please see the description
of the patch named "keepalived.spec-Disable-dependency-on-snmp.patch"
for further details regarding the build failure.
Verification:
- Layered and monolithic StarlingX master branch builds succeed.
- StarlingX container builds, which used to fail without this commit,
succeed as well.
Closes-Bug: #1950513
Signed-off-by: M. Vefa Bicakci <vefa.bicakci@windriver.com>
Change-Id: I59bd7d4f8ed89c73248ecd97e6985f91b88c4623
This commit updates iproute from 5.9 to 5.12, iptables from 1.4.21 to
1.8.4, and libnftnl from 1.0.8 to 1.1.5:
- iproute 5.9 does not make use of libbpf, which causes the 'tc' utility
(provided by iproute-tc) to report BTF debugging symbol-related
warnings when eBPF programs are used with tc by the kernel's eBPF
sample test programs, even though the programs appear to work: "BTF
debug data section '.BTF' rejected: Invalid argument (22)!".
- iptables 1.4.21 does not support the --object-pinned option, which is
required to be able to use eBPF programs to match packets.
- libnftnl >= 1.1.5 is a dependency for recent versions of iptables, and
the version of libnftnl in StarlingX's CentOS 7 is 1.0.8.
The versions which are used by this commit are the latest versions in
CentOS 8-Stream as of this writing.
Notes:
- iptables software package bundles a version of ebtables different than
the legacy version already included in StarlingX. The legacy version
supports the broute table and the BROUTING chain and string matching,
whereas the iptables version does not. The legacy version is
deprecated by this commit based on feedback received from colleagues,
mainly to avoid unexpected incompatibilities between ebtables-legacy
and iptables' netfilter/nft-based versions.
Verification:
- All-in-One simplex installation and bootstrap was carried out
successfully.
- Installation and bootstrap was successful on two separate systems: One
system consisting of 2 controller hosts, 4 compute hosts and 2 storage
hosts, and another system consisting of 2 controller hosts and 2
compute hosts.
- Configuration of aggregated links (after using ifenslave manually) and
configuration of virtual function (VF) interfaces (also manually set
up) were carried out with the iproute tools successfully as basic
sanity tests.
- The results of basic ebtables commands (insertion and removal of DROP
rules) were observed in "ebtables -L" output and confirmed to take
effect in a test bed consisting of two network namespaces connected by
bridged interfaces, as a basic sanity test.
- Sample eBPF test programs and scripts shipped with the v5.10 kernel
were executed successfully, with the caveat that there is a need to
install a recent version of LLVM to compile the eBPF test programs.
(I built LLVM-13.0 from scratch.)
Partial-Bug: #1949217
Depends-On: I24bb7c60e353643add5e63ae7ea7c6516d07c7bf
Depends-On: I12d20797db91fecdac409b0535632ac97bd6ad47
Depends-On: If95c2d24c98cb2add5e24548bc45f505c94b4b79
Signed-off-by: M. Vefa Bicakci <vefa.bicakci@windriver.com>
Change-Id: I63d557112c653d59b88ac3a4798dee0e89246612
This commit updates the iproute package from 4.11.0-14 shipped with
CentOS 7.6.1810 (i.e., StarlingX baseline) to 5.9.0-4 shipped with
CentOS 8.4.2105, because the former version does not support the "seg6"
and "seg6local" encapsulation types (used for segment-based routing via
the "ip route" command).
Segment-based routing capability was requested by a user, and the
shortcomings of the pre-existing version of iproute package were noticed
when attempting to test the seg6 encapsulation type with a v5.10-based
kernel.
Note that it was not possible to re-use CentOS 8.4.2105's binary RPM
package on StarlingX, due to the fact that StarlingX's CentOS 7.6.1810
baseline ships with glibc-2.17, whereas the CentOS 8.4.2105 iproute
package depends on glibc-2.27. This requires StarlingX to rebuild the
RPM package.
Verification:
- Installation and bootstrap of an All-in-One simplex system has been
carried out with this commit as an overall regression test.
- The iproute package's git repository was also browsed for potentially
non-backwards-compatible changes by searching for keywords "backward"
and "compat" in the git commit history between versions 4.11.0 and
5.9.0 using "git log -i --grep".
Story: 2008921
Task: 43663
Depends-On: I5e272dc59b8b69611474706c165644a8dd5d7f52
Signed-off-by: M. Vefa Bicakci <vefa.bicakci@windriver.com>
Change-Id: I6de9659dfec830f954661a0b0f82e69dc9637a5d
We use the CentOS 8 version of the source package
and apply the same six patches that we applied to
the previous version, with one caveat. Patch 3
had an additional test in it of the uncalibrated
state, and this test does not exist in the upstream
version of the patch. Now patch 3 is identical
to the upstream version.
All five upstream patches have been refreshed to
what was actually accepted upstream and thus now
contain proper git headers. The logic of those
five patches remain as they were, with the one
exception noted in the previous paragraph.
Patch 6 has also now been given a proper git header.
Change-Id: Ifd44680d2f190dc0c5662bd05bd214fccf50a2fd
Story: 2009130
Task: 43199
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>