6 Commits

Author SHA1 Message Date
M. Vefa Bicakci
6da5c5ecbe networking: Update keepalived from 1.3.5 to 2.1.5
This commit updates keepalived from v1.3.5 to v2.1.5 to avoid failures
encountered when building StarlingX flock container images, which
started to fail with the following errors after the recent iptables
update introduced by commit 36673774ee3c ("iproute-5.12, iptables-1.8.4,
and libnftnl-1.1.5", 2021-10-27):

=== 8< ===
Error: Package: keepalived-1.3.5-19.el7.x86_64 (base)
       Requires: libxtables.so.10()(64bit)
       Available: iptables-1.4.21-35.el7.x86_64 (base)
           libxtables.so.10()(64bit)
       Installing: iptables-1.8.4-21.tis.5.x86_64 (stx-mirror-distro)
           Not found
=== >8 ===

keepalived-2.1.5 was imported from CentOS 8-Stream where it is the
latest version as of this writing. It should be noted that rebuilding
keepalived-1.3.5 (i.e., CentOS 7's version) was not suitable as
keepalived-1.3.5 does not support iptables-nftables, and the CentOS
8-Stream keepalived RPM cannot be used as is due to the specific
versions of some of its dependencies.

During the preparation of this patch, an unexpected build failure had to
be worked around by disabling SNMP support in keepalived, which is
assumed to not have a negative impact on StarlingX according to a
software architect colleague at Wind River. Please see the description
of the patch named "keepalived.spec-Disable-dependency-on-snmp.patch"
for further details regarding the build failure.

Verification:
- Layered and monolithic StarlingX master branch builds succeed.
- StarlingX container builds, which used to fail without this commit,
  succeed as well.

Closes-Bug: #1950513

Signed-off-by: M. Vefa Bicakci <vefa.bicakci@windriver.com>
Change-Id: I59bd7d4f8ed89c73248ecd97e6985f91b88c4623
2021-11-12 12:12:16 -05:00
M. Vefa Bicakci
36673774ee iproute-5.12, iptables-1.8.4, and libnftnl-1.1.5
This commit updates iproute from 5.9 to 5.12, iptables from 1.4.21 to
1.8.4, and libnftnl from 1.0.8 to 1.1.5:

- iproute 5.9 does not make use of libbpf, which causes the 'tc' utility
  (provided by iproute-tc) to report BTF debugging symbol-related
  warnings when eBPF programs are used with tc by the kernel's eBPF
  sample test programs, even though the programs appear to work: "BTF
  debug data section '.BTF' rejected: Invalid argument (22)!".

- iptables 1.4.21 does not support the --object-pinned option, which is
  required to be able to use eBPF programs to match packets.

- libnftnl >= 1.1.5 is a dependency for recent versions of iptables, and
  the version of libnftnl in StarlingX's CentOS 7 is 1.0.8.

The versions which are used by this commit are the latest versions in
CentOS 8-Stream as of this writing.

Notes:
- iptables software package bundles a version of ebtables different than
  the legacy version already included in StarlingX. The legacy version
  supports the broute table and the BROUTING chain and string matching,
  whereas the iptables version does not. The legacy version is
  deprecated by this commit based on feedback received from colleagues,
  mainly to avoid unexpected incompatibilities between ebtables-legacy
  and iptables' netfilter/nft-based versions.

Verification:
- All-in-One simplex installation and bootstrap was carried out
  successfully.
- Installation and bootstrap was successful on two separate systems: One
  system consisting of 2 controller hosts, 4 compute hosts and 2 storage
  hosts, and another system consisting of 2 controller hosts and 2
  compute hosts.
- Configuration of aggregated links (after using ifenslave manually) and
  configuration of virtual function (VF) interfaces (also manually set
  up) were carried out with the iproute tools successfully as basic
  sanity tests.
- The results of basic ebtables commands (insertion and removal of DROP
  rules) were observed in "ebtables -L" output and confirmed to take
  effect in a test bed consisting of two network namespaces connected by
  bridged interfaces, as a basic sanity test.
- Sample eBPF test programs and scripts shipped with the v5.10 kernel
  were executed successfully, with the caveat that there is a need to
  install a recent version of LLVM to compile the eBPF test programs.
  (I built LLVM-13.0 from scratch.)

Partial-Bug: #1949217

Depends-On: I24bb7c60e353643add5e63ae7ea7c6516d07c7bf
Depends-On: I12d20797db91fecdac409b0535632ac97bd6ad47
Depends-On: If95c2d24c98cb2add5e24548bc45f505c94b4b79

Signed-off-by: M. Vefa Bicakci <vefa.bicakci@windriver.com>
Change-Id: I63d557112c653d59b88ac3a4798dee0e89246612
2021-10-29 19:47:27 -04:00
M. Vefa Bicakci
a7760b40a2 iproute: Update from 4.11.0-14 to 5.9.0-4
This commit updates the iproute package from 4.11.0-14 shipped with
CentOS 7.6.1810 (i.e., StarlingX baseline) to 5.9.0-4 shipped with
CentOS 8.4.2105, because the former version does not support the "seg6"
and "seg6local" encapsulation types (used for segment-based routing via
the "ip route" command).

Segment-based routing capability was requested by a user, and the
shortcomings of the pre-existing version of iproute package were noticed
when attempting to test the seg6 encapsulation type with a v5.10-based
kernel.

Note that it was not possible to re-use CentOS 8.4.2105's binary RPM
package on StarlingX, due to the fact that StarlingX's CentOS 7.6.1810
baseline ships with glibc-2.17, whereas the CentOS 8.4.2105 iproute
package depends on glibc-2.27. This requires StarlingX to rebuild the
RPM package.

Verification:
- Installation and bootstrap of an All-in-One simplex system has been
  carried out with this commit as an overall regression test.

- The iproute package's git repository was also browsed for potentially
  non-backwards-compatible changes by searching for keywords "backward"
  and "compat" in the git commit history between versions 4.11.0 and
  5.9.0 using "git log -i --grep".

Story: 2008921
Task: 43663
Depends-On: I5e272dc59b8b69611474706c165644a8dd5d7f52

Signed-off-by: M. Vefa Bicakci <vefa.bicakci@windriver.com>
Change-Id: I6de9659dfec830f954661a0b0f82e69dc9637a5d
2021-10-22 16:37:44 -04:00
Jim Somerville
8445cd91a1 Uprev linuxptp to version 3.1.1-1
We use the CentOS 8 version of the source package
and apply the same six patches that we applied to
the previous version, with one caveat.  Patch 3
had an additional test in it of the uncalibrated
state, and this test does not exist in the upstream
version of the patch.  Now patch 3 is identical
to the upstream version.

All five upstream patches have been refreshed to
what was actually accepted upstream and thus now
contain proper git headers.  The logic of those
five patches remain as they were, with the one
exception noted in the previous paragraph.

Patch 6 has also now been given a proper git header.

Change-Id: Ifd44680d2f190dc0c5662bd05bd214fccf50a2fd
Story: 2009130
Task: 43199
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
2021-09-03 17:24:27 -04:00
SidneyAn
5bb777d372 Add python-daemon to srpm list
add python-daemon-2.2.3-7.el8.src.rpm to srpm list
for pkg python3-daemon building.

Change-Id: I0ad60d1083222130e72f935e08f97a8608b75880
Story: 2007106
Task: 39291
Signed-off-by: SidneyAn <ran1.an@intel.com>
2020-05-20 23:22:06 +08:00
Scott Little
9a02692850 Build layering, add layer build config file and srpm and tarball lst
Story: 2006166
Task: 37113

Change-Id: I11b2a3f635d7a1f50d0d21c4b4bad88de96d5292
Signed-off-by: Scott Little <scott.little@windriver.com>
2019-10-21 09:24:22 +08:00