Backport the patches for this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1968528
It reports:
The fix for Bug 1819868 has introduced a new issue related to its
implementation of rate limiting.
Rate limiting the mount_event_source can cause unmount events to be
missed, which leads to mount unit cgroups being leaked (not cleaned up
when the mount is gone).
The fix for 1968528 can fix the issue we met:
During the reboot process of subclouds (either lock-unlock or sudo
reboot), unmounting failure messages repeat for a few hundred of times.
The patches are listed at:
https://github.com/redhat-plumbers/systemd-rhel8/pull/198/commits
And they are picked from https://github.com/systemd-rhel/rhel-8/ (branch
rhel-8.4.0).
Verification:
In my test on an AIO-SX lab, the bug appears as:
run "sudo reboot" on controller, endless unmounting failure logs
printed.
Verified that the problem was there during the shutdown
phase of a reboot. Reinstalled with a fixed image, and verified that
the issue was now gone by doing 5 reboots. Ran sanity on the lab,
and verified no new issues seen.
Closes-Bug: #1948899
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: If95932ceead1bea973f2219d3a8d6b04cf0fd5f8
Backport the patches for this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1819868
We met such an issue:
When testing a large number of pods (> 230), occasionally observed a
number of issues related to systemd process:
systemd ran continually 90-100% cpu usage
systemd memory usage started increasing rapidly (20GB/hour)
systemctl commands would always timeout (Failed to get properties:
Connection timed out)
sm services failed and can't recover: open-ldap,
registry-token-server, docker-distribution, etcd
new pods can't start, and got stuck in state ContainerCreating
Those patches work to prevent excessive /proc/1/mountinfo reparsing.
It has been verified that those patches can improve this performance
greatly.
16 commits are listed in sequence (from [1] to [16]) at below link
for the issue:
https://github.com/systemd-rhel/rhel-8/pull/154/commits
[16](10)core: prevent excessive /proc/self/mountinfo parsing
[15][Dropped-6]test: add ratelimiting test
[14](9)sd-event: add ability to ratelimit event sources
[13](8)sd-event: increase n_enabled_child_sources just once
[12](7)sd-event: update state at the end in event_source_enable
[11](6)sd-event: remove earliest_index/latest_index into common part of
event source objects
[10][Dropped-5]sd-event: follow coding style with naming return
parameter
[9] [Dropped-4]sd-event: ref event loop while in sd_event_prepare() ot
sd_event_run()
[8] (5)sd-event: refuse running default event loops in any other thread
than the one they are default for
[7] [Dropped-3]sd-event: let's suffix last_run/last_log with "_usec"
[6] [Dropped-2]sd-event: fix delays assert brain-o (#17790)
[5] (4)sd-event: split out code to add/remove timer event sources to
earliest/latest prioq
[4] (3)sd-event: split clock data allocation out of sd_event_add_time()
[3] [Dropped-1]sd-event: mention that two debug logged events are
ignored
[2] (2)sd-event: split out enable and disable codepaths from
sd_event_source_set_enabled()
[1] (1)sd-event: split out helper functions for reshuffling prioqs
I ported 10 of them back (from (1) to (10)) to fix this issue
and dropped the other 6 (from [Dropped-1] to [Dropped-6]) for those
reasons:
[Dropped-1]Only changes error log.
[Dropped-2]Fixes a bug introduced in a commit which doesn't exist in
this version.
[Dropped-3]Only changes vars' names and there is no functional change.
[Dropped-4]More commits are needed for merging it, while I don't see
any help on adding the rate-limiting ability.
[Dropped-5]Change coding style for a function which isn't really used
by anyone.
[Dropped-6]Add test cases.
Closes-Bug: #1924686
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: Ia4c8f162cb1a47b40d1b26cf4d604976b97e92d6
This update makes use of the PKG_GITREVCOUNT variable
to auto-version the packages in this repo.
Story: 2007750
Task: 39951
Change-Id: I854419c922b9db4edbbf6f1e987a982ec2ec7b59
Signed-off-by: Dongqi Chen <chen.dq@neusoft.com>
This solves:
systemd: line splitting via fgets() allows for state injection
during daemon-reexec (CVE-2018-15686)
along with some other less critical issues. See the security
announcement link:
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006149.html
for more details.
Here we rebase the patches, and fix the atrocious crime of "name of patch file
doesn't match what git format-patch generates". We also squash down the
meta patches which add the patches to the spec file as part of
good housekeeping.
Change-Id: I01a3fa329bbad541a063cb604d1756892139967f
Closes-Bug: 1849200
Depends-On: https://review.opendev.org/#/c/695560
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Fuzzy patch will cause potential build failure issue. Correct the
line number in patch file to de-fuzz it.
Story: 2004660
Task: 33558
Change-Id: Iccc880025c791d38835e9cd535eab657529c6f47
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
This commit is a complement for the change in the stx-tools repo
(link: https://review.openstack.org/#/c/651340/), the upgrade is
required to fix the CVE-2018-15688.
The fix was done in Jan 2019 by the community and requires the
update of systemd packages.
System-config needs to be updated in order to be aligned with the
new version of systemd-219-62.el7_6.5.
systemd-config.spec:
Update 'BuildRequires' value for the new systemd version.
update-package-versioning-for-TIS-format.patch:
Update 'Release' value for the new version of systemd.
0703-fix-build-error-for-CentOS7.6.patch:
Update process_http_upload function in order to support the
new type of value '-ENOBUFS' and changes in the index file.
srpm_path:
Update the 'mirror' value with the new systemd version.
Change-Id: I8f69532833c216f7a369f1b0596dc6607b0f2a7c
Closes-Bug: #1820756
Depends-On: I3fd97d9dabe2350a7af887a0c7de26ec95f7a7d9
Signed-off-by: Mawrer Ramirez <mawrer.a.ramirez.martinez@intel.com>
With new toolchain(gcc 4.8.5-36), some values become deprecated, and
need be replaced with new values.
Depends-On: https://review.openstack.org/629483
Story: 2004522
Task: 28931
Change-Id: I02ccfef4fb21490e7a32e0c8dbd892b2c0be4ea9
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Test:
Build pass with build pkgs and build iso, and then build rpms for installer,
update installer and rebuild iso again. And deploy multi-node test pass.
Depends-On: https://review.openstack.org/628732/
Story: 2004522
Task: 28439
Change-Id: I58affb58f08254dc82695bc524c964f01bf10c69
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
Story: 2003768
Task: 27594
Package systemd-config is added to config customized config file
of systemd.
Several patches are converted to config files. These config files
are based on systemd-219-57.el7.src.rpm.
BuildRequires in system-config is set to equal "219-57.el7", to
avoid system-config is missed check when do upgrade. So when do
systemd upgrade, system-config need be upgraded also.
"0003-spec-expand-_udevrulesdir-macro.patch" is removed which
seems not needed.
Test:
Pass build and multi node deploy test. Confirmed related config
file is the same as before.
Change-Id: I879dc276f3280911d844cfa605c56ba03caabdad
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
When do Centos 7.5 upgraded, some patches didn't resolve and cause
the fuzzy in the line numbers of the patches. And it may cause
.orig file is created when do patch. And this .orig file will lead
to rpm packaging failure due to the unexpected and unpackaged .orig
file.
Please visit below link to get more detail info:
https://bugs.launchpad.net/starlingx/+bug/1794611
Solution:
Safest solution is to de-fuzz our patches.
Story: 2003389
Task: 26755
Change-Id: Iba5ccb26f65b61bcd602c36a6f61a2e93ca5d637
Signed-off-by: slin14 <shuicheng.lin@intel.com>