265 Commits

Author SHA1 Message Date
Mohammad Issa
f3a6361ce3 n3000-opae: debian docker build fails
The directory change will fix the error shown when building an image
regarding n3000-opae. The build script needs a non-empty docker
directory as well as a Dockerfile to run properly.

Closes-Bug: 1988868

Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
Change-Id: I0cf57216d60a12728a13c1278b6ea4a5d2cd1e2f
2022-09-07 22:28:14 +00:00
Mohammad Issa
8a2dc339a5 Remove k8s-plugin-sriov-network-device image
This image is unused, replaced by
ghcr.io/k8snetworkplumbingwg/sriov-network-device-plugin

Story: 2010076
Task: 45563

Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
Change-Id: I3fc5848caa7024cbdcd22a197437a86e8dfb38ef
2022-08-31 14:03:22 -04:00
Zuul
bde4514325 Merge "Build Debian image(s): n3000-opae" 2022-08-30 13:13:45 +00:00
Mohammad Issa
896bd432a2 Build Debian image(s): n3000-opae
This change implements building Centos based image(s) for n3000-opae
in a Debian build env.

The Dockerfile will use an upstream version of centos:7.9.2009
as the $BASE.

Test Plan:

PASS: Build Centos based image in a Debian build env.
      Save the image in a tarball and transfer into a controller
      for testing.

PASS: Use "system host-device-image-update controller-0" which
      uses the functionality of n3000-opae packages. The new built
      image is used as the main n3000-opae during command execution.
      --> Sysinv.log response:
          sysinv.fpga_agent.rpcapi [-] sending device_update_image
          to host controller-0

          sysinv.conductor.manager [-] device_update_image_status:
          transaction_id: 1,status: in-progress, progress: None,
          err: None

          sysinv.conductor.manager [-] device_update_image_status:
          transaction_id: 1, status: completed, progress: None,
          err: None

          sysinv.conductor.manager [-] no more device images to process

PASS: Check controller's fpga commands available through new built image
      by running "sudo docker run -t --privileged -e LC_ALL=en_US.UTF-8
      -e LANG=en_US.UTF-8 -v /usr/../sysinv:/mnt/images
      registry.local:9001/docker.io/starlingx/n3000-opae:test
      ls /usr/bin/fpga*"
      --> Command Response:
          fpgabist
          fpgad
          fpgadiag
          fpga_dma_test
          fpgaflash
          fpgainfo
          fpgalpbk
          fpgamac
          fpgaotsu
          fpgaport
          fpgastats
          fpgasupdate

Story: 2009831
Task: 46150

Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
Change-Id: If1ad4ff7c731b463f877798be9607be9aa192397
2022-08-29 18:37:10 +00:00
Leonardo Fagundes Luz Serrano
bb528debad Duplicate pmon.d conf files to another location
Created a duplicate install of /etc/pmon.d/*.conf files
to /usr/share/starlingx/pmon.d/

This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.

Test Plan:
PASS: duplicate conf on deb

Story: 2010211
Task: 46111

Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I50fcb17145e909b973a33d4ef6fb9f772d37a2f5
2022-08-29 11:37:34 -03:00
Zuul
4c940d1062 Merge "Debian: Fix isolcpus-device-plugin pmon conf location" 2022-08-26 18:46:36 +00:00
Gleb Aronsky
c640dcb5c3 Debian: Backport commit to Reduce log clutter
Backport containerd 1.5.0 commit
1f5b84f27cd675780bc7127f9aedbfe34cc7590b to reduce clutter of log
entries during process execution.

This commit addresses the log clutter on Debian based systems.
The corresponding change on Centos was implemented by
5022532a73ee73e43173d0bd3cf510a80d8a3f64

Test Plan: Verify containerd.log logs fewer messages

PASS: Verified that the containerd.log file omits previously noisy log
messages such as "ExecSync for", "Exec process", and "Finish piping"
which are now logged at the Debug verbosity threshold.

Story: 2009272
Task: 46099

Change-Id: I73cbf31c110adead3f076eb6f24393542c4ab3ba
Signed-off-by: Gleb Aronsky <gleb.aronsky@windriver.com>
2022-08-25 13:52:33 -07:00
Dan Voiculeasa
80cf98701f Debian: Fix isolcpus-device-plugin pmon conf location
This work only affects Debian.

Currently the pmon conf file isolcpu_plugin.conf is not delivered
in the desired location (/etc/pmon.d).
Fix packaging to deliver the file in the desired location.
This is a follow-up to [1].

Tests:
PASS: build-pkgs
      isolcpu_plugin.conf in /etc/pmon.d
PASS: build-image
PASS: Standard deployed
      reached unlocked enabled available

[1]: https://review.opendev.org/c/starlingx/integ/+/814552
Story: 2009221
Task: 43783
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I5161eb2c241881e17aef80f3148be960ff92cf72
2022-08-25 19:43:53 +03:00
Charles Short
6b1e03daf4 Revert "debian: Fix containerd shim v2 shutdown"
This reverts commit a22ff43fc09b55eeb3ee3aec1526ac0a9edca31f.

The behavior is no longer required with the submission of:
c1b1d85a93

Change-Id: Ia723f5dbcbd20fda7af4f3d15032db9b63204d67
2022-08-24 21:05:50 +00:00
Zuul
0de31588a8 Merge "Add mapkubeapis helm plugin package" 2022-08-24 04:26:08 +00:00
Yue Tao
9d93ffc30b Debian: fix wrong checksums
Checksums are currently not being checked upon download. This commit
corrects them with the intent for us to turn on checking soon.

Not sure what reason causes the checksum incorrect. I am aware someone
complain on github that checksum of some tarballs are changed without
any updating. We also can't guarantee developers always fill correct
checksum. Once we turn on checksum upon download, we can catch in up in
time.

Test Plan:

Pass: downloader -s

Story: 2009303
Task: 46029

Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: I89f0db6086641062048b52270ffc585887cb8acf
2022-08-23 11:56:25 +08:00
Zuul
8749bc9656 Merge "Preserve kube-apiserver manifest params during upgrade-activate" 2022-08-19 19:28:23 +00:00
Lucas Cavalcante
8072da8fab Add mapkubeapis helm plugin package
mapkubeapis helm plugin can be used to update deprecated kubernetes
apis. This plugin will be needed for system upgrade scripts dealing
with applications with deprecated kubernetes resources

TEST PLAN:
PASS: build centos
PASS: build debian

Closes-bug: 1983025
Depends-on: https://review.opendev.org/c/starlingx/tools/+/853293
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I1b831b5e8b49ebcd49d5e19bf91015fe81ff1e7f
2022-08-19 10:33:22 -03:00
Kaustubh Dhokte
73632416b3 Preserve kube-apiserver manifest params during upgrade-activate
This change a6a5349d02
(k8s-1.22.5: remove feature-gates)
adds a script that is run during upgrade activate. The script modifies
kubeadm cluster config and eventually updates kube-apiserver manifest
to remove deprecated features-gates in k8s 1.22.

As 'kubeadm init phase' is rerun in the script, it updates the
kube-apiserver manifest to be in sync with the  kubeadm cluster config.
In that process, it nullifies the effect of these two commits,
04a1c1b080
(Rework advertise address in apiserver-change-param)
and 52ace69c83
(Amend kube-apiserver 1.23 configuration to use PSP)

This change adds a function to the script that preserves the effect
of above listed commits.

Test Plan:
On CentOS AIO-SX
PASS: Upgrade Successful. Check if advertise address in
      kube-apiserver manifest before and after running
      upgrade-activate is same.
      Ensure that the seccomp profile configuration is
      removed after upgrade-activate.
      Kube-apiserver is running and cluster is accessible after
      the upgrade.
PASS: No Shellcheck errors

Closes-Bug: 1986854

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: Ib97e14bc5b4ed208e65e16888e1380a3bd9fdb8f
2022-08-18 17:06:53 -04:00
Kaustubh Dhokte
500adad67e Debian: Add metrics-server to platform namespaces
This change https://review.opendev.org/c/starlingx/integ/+/834215
adds metrics-server to the list of platform namespaces for
k8s 1.23.1. Apparently, Debian package for k8s 1.23.1 was not
added when above change was created.

Note: The patch was copied from centos/files.

Test Plan:
Pass: Package builds successfully
PASS: Image built and deployed successfully.
PASS: Apply metrics-server and verify that metrics-server is
      running on platform CPUs.

Closes-Bug: 1964503

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: I989be27416f388dc0ff46a820b8fa3a276600737
2022-08-16 16:51:20 +00:00
Al Bailey
1c467064a8 Debian: Fix for sanitize_kubelet_reserved_cpus.sh
The sanitize_kubelet_reserved_cpus.sh was being
installed as a directory rather than a script.

Test Plan:
  Build/Bootstrap/Unlock on Debian AIO-SX
  Verify that kubelet starts up, and the sanity file exists

Story: 2009964
Task: 45878
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: I966f8b13f7cbd65f1a3f015d75d628e38a166038
2022-07-25 17:57:41 +00:00
Zuul
d8d6604404 Merge "Debian: containerd package customization with k8s-container-cleanup" 2022-07-06 13:42:39 +00:00
Zuul
64253056a6 Merge "Debian: Enable containerd package customization" 2022-07-06 13:42:37 +00:00
Steven Webster
82b19f0a3c cni plugins: add IFNAME key support to the tuning plugin
This commit backports IFNAME key support from v1.1.1 of the
k8s containernetworking-plugins:

c16cff9805

IFNAME key support allows one to use the keyword
'IFNAME' in a network attachment definition using the
tuning plugin.  Without this, the actual interface name
(whether specified in the pod spec, or the default 'net<X>')
must be specified.

Example:

apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: hd0
spec:
  config: '{
    "cniVersion": "0.3.1",
    "plugins": [
      {
        "name": "hd0",
        "type": "host-device",
        "device": "eth1000"
      },
      {
        "type": "tuning",
        "sysctl": {
          "net.ipv6.conf.IFNAME.accept_ra": "0"
        }
      }
    ]
  }'

The above example would disable the processing of
IPv6 router advertisements on the interface associated
with the network attachment definition, regardless of
what the interface has been named in the container.

Note: Currently, StarlingX supports v1.0.1 of the
containernetworking-plugins.  Once the plugins have been
up-revved to v1.1.1, this patch can be removed.

Testing:

- Ensure patch is applied and build successful
  on CentOS and Debian
- Perform a functional test of the tuning plugin using
  the IFNAME key on CentOS and Debian

Story: 2010114
Task: 45693

Signed-off-by: Steven Webster <steven.webster@windriver.com>
Change-Id: I4fc617390b25bcf74a2a319fcb4409a0633c4a31
2022-06-30 09:22:36 -04:00
Jim Gauld
c1b1d85a93 Debian: containerd package customization with k8s-container-cleanup
This provides the Debian containerd package changes to include
k8s-container-cleanup script.

Test Plan: Debian:
PASS: Build containerd package
PASS: Build image
PASS: Install ISO for AIO-SX
PASS: Reboot host, verify we get daemon.log:
      k8s-container-cleanup(283049): info : Stopping all containers.

Closes-Bug: 1964111

Signed-off-by: Jim Gauld <james.gauld@windriver.com>
Change-Id: I56170b98cf32c2e7e51b1c35779305a90cdc6db8
2022-06-20 13:48:52 -04:00
Kaustubh Dhokte
a6a5349d02 k8s-1.22.5: remove feature-gates
This script is intended to be run during platform upgrade.
('upgrade-activate' phase). It removes below feature gates
from kubeadm-config configmap and rewrites kube-apiserver
and kube-controller-manager manifests.
  - SCTPSupport=true
  - HugePageStorageMediumSize=true
  - TTLAfterFinished=true

Background:
HugePageStorageMediumSize is deprecated in Kubernetes 1.22
SCTPSupport blocks kube-apiserver pod to spawn after control-plane upgrade
TTLAfterFinished value defaults to true from k8s 1.21

Test Plan (On CentOS)
On AIO-SX and AIO-DX:
PASS: Full platform upgrade successful.
      Confirm kubeadm-configmap is updated, kube-apiserver
      and controller-manager static manifests and processes
      are updated with updated feature-gates after platform
      upgrade.
PASS: Upgrade k8s 1.21.8 to 1.22.5 after platform upgrade.
      Create a PV, PVC and deploy a pod.
PASS: Package builds successfully.

Story: 2009789
Task: 45627

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: I51400c63226b532eed4a05fddb255b877cc5bbb5
2022-06-19 03:42:53 -04:00
Steven Webster
0c0aa6ff67 debian: fix issue with bond-cni binary install
This commit fixes an issue with the debian install of the
bond CNI plugin.

It was noticed that the 'bond' source directory was being
installed, rather than the built 'bond' binary.

Since the build output is a single binary, it will be
found in debian/bond-cni/, rather than the standard
debian/tmp/

dh_install is instructed where to find the build output
installed by dh_auto_install.

Testing:

- Debian build and install
- Confirmed the bond binary is at /var/opt/cni/bin/
- Functional testing to ensure a pod using the
  bond plugin could be launched

Depends-On: https://review.opendev.org/c/starlingx/integ/+/844865
Closes-Bug: 1976111

Signed-off-by: Steven Webster <steven.webster@windriver.com>
Change-Id: I2a504b8bfc210dc09487a496959da235dec82525
2022-06-17 09:41:16 -04:00
Zuul
5bc6930b0f Merge "cni: use /var/opt/cni" 2022-06-16 22:34:45 +00:00
Jim Gauld
fcd8b87c03 Debian: Enable containerd package customization
This provides the original Debian containerd package files:
rules, containerd.install. These files are contained within
the tarball: containerd-debian-1.4.12_ds1-1.tar.gz .

Subsequent changes to these are package customizations.

Test Plan: Debian
PASS: Build Debian containerd package

Partial-Bug: 1964111

Signed-off-by: Jim Gauld <james.gauld@windriver.com>
Change-Id: Icf5356c94b64b2c786ee988ad34cdd0a6e25c915
2022-06-15 17:49:51 -04:00
Dan Voiculeasa
537bffe16e Add support for building armada image
Follow-up to https://review.opendev.org/c/starlingx/integ/+/845752.
As explained in the mentioned commit we need to build the armada
container image using the sources provided there.
Add support for that.

Partial-Bug: 1978409
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I26e8117272a6925ea429be10be91ce20f6b71c8b
2022-06-15 19:29:09 +03:00
Dan Voiculeasa
0783ec950b Debian: Upversion armada sources for container build
Currently, we use in the playbooks [1] an armada image built upstream
[2]. We use armada from upstream helm2 branch.

Armada needs to be patched to add support for k8s >=1.22.
Proposed an upstream patch, but we don't know how long it takes until
it is merged:
https://review.opendev.org/c/airship/armada/+/845392

Instead of waiting for upstream commit to merge, and an image be
generated, we provide the code change here, so an armada image with
k8s >=1.22 support can be generated. The k8s >=1.22 support is added
by patch 0003.
Necessary StarlingX build changes to support generating an container
image and push to https://hub.docker.com/r/starlingx will be
addressed in another commit.

Note: since we always used an upstream built armada container, this
package purpose was to provide helm chart overrides. We add a new
purpose: to release to opensource the changes we are about to do to
armada, since we'll be building a container image using these changes.

To achieve this we do the following:
- upversion sources from 7ef4b8643b5ec5216a8f6726841e156c0aa54a1a
to ddbdd7256c20f138737f6cbd772312f7a19f58b8. This ensures we are
patching the image used in the playbooks[2].
- create patches 0001 and 0002 to ensure there are no helm chart
changes between upversion. This reduces testing effort related to
original purpose (provide helm chart overrides) of this package.
- create patch 0003 to add k8s >=1.22 support.
- old patches are not changed, but renamed from 0001->0005 to
0004->0008 and regenerated.

Other notes:
We don't need to port this work to CentOS. This work is supposed to be
temporary until the upstream airship/armada commit merges.

Tests on Debian:
PASS: build-pkgs -c -p armada
PASS: make images
      Upload image to controller, use it.
      Using the new armada image do an apply,remove,apply,remove,apply
      chain for a custom StarlingX app.

[1]: https://opendev.org/starlingx/ansible-playbooks/src/branch/
master/playbookconfig/src/playbooks/roles/common/
load-images-information/vars/k8s-v1.22.5/system-images.yml#L5
[2] quay.io/airshipit/armada:
ddbdd7256c20f138737f6cbd772312f7a19f58b8-ubuntu_bionic

Partial-Bug: 1978409
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: Id51c241a3965ef462d325da4ffce37a81693a9f4
2022-06-14 21:18:06 +03:00
Zuul
bee6b23e0b Merge "Add helm-2to3 package" 2022-06-10 20:55:23 +00:00
Lucas Cavalcante
53c950f369 Add helm-2to3 package
This plugin is needed to ease migration of helmv2 release to helmv3,
therefore enabling migration of Armada apps to FluxCD

TEST PLAN:

PASS: 2to3 is installed to /usr/local/share/helm/plugins/2to3

Story: 2009138
Task: 45584
Depends-on: https://review.opendev.org/c/starlingx/tools/+/845273
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I83d572bf8903c0d6e4daf189e69487956b0f8bcc
2022-06-10 11:49:25 -03:00
Davlet Panech
3dccec656c Remove k8s-cni-sriov docker image
This image is unused -- superseded by ghcr.io/k8snetworkplumbingwg/sriov-cni

Story: 2010076
Task: 45562

Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: I1e4ed5e14e187948c4e43276283b9a1257a6b721
2022-06-07 21:52:00 -04:00
Dan Voiculeasa
1ed2cdf186 cni: use /var/opt/cni
This will allow bootstrap on Debian to work without unlocking ostree.

Currently /opt/cni is a symlink to a /usr subdir.
/usr is mounted read-only. This lead to issues when containers try to
write inside /opt/cni.
Update software to use /var/opt/cni instead.

The problematic symlink is created by the meta-lat component.
This commit can be reverted later if the meta-lat design is changed.

This is an enhancement to the following series:
https://review.opendev.org/c/starlingx/ansible-playbooks/+/825354
https://review.opendev.org/c/starlingx/integ/+/825346
https://review.opendev.org/c/starlingx/stx-puppet/+/825355
https://review.opendev.org/c/starlingx/integ/+/843965

Test on AIO-SX:
CentOS:
PASS: unlocked enabled available
Debian:
PASS: bootstrap without ostree unlock.
PASS: unlocked enabled available

Story: 2009101
Task: 44314
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: Id6ced63f913ed21954c379b031ae74683cd4d86f
2022-06-06 20:07:27 +03:00
Zuul
6d7de7f756 Merge "debian: Fix containerd shim v2 shutdown" 2022-06-06 17:00:33 +00:00
Kaustubh Dhokte
1b5ece880b Debian: Add missing patches to armada-helm-toolkit
This change adds missing patches to debian armada-helm-toolkit
package which are already present for its CentOS equivalent.

These patches are particularly important because Kubernetes 1.22
deprecated below k8s apiversions that armada-helm-toolkit uses.

- 'extensions/v1beta1' for 'Ingress' kind
- 'rbac.authorization.k8s.io/v1beta1' for 'Role' and 'RoleBinding'
- 'extensions/v1beta1' for kind 'PodSecurityPolicy'

'Ingress' should now use apiversion 'networking.k8s.io/v1'.
'Role' and 'RoleBinding' should now use apiversion
'rbac.authorization.k8s.io/v1'.
'PodSecurityPolicy' should now use apiversion 'policy/v1beta1'.

Reference: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#migrate-to-non-deprecated-apis

Test Plan:
PASS: Package builds successfully
PASS: Image builds successfully
PASS: Armada helm chart gets installed successfully during ansible
      bootstrap for k8s 1.23.1

Story: 2009888
Task: 44649

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: Ic2b6a982e53b01ec24f4ab1bcf61025c59acf86e
2022-06-04 01:28:04 +00:00
Charles Short
a22ff43fc0 debian: Fix containerd shim v2 shutdown
Containerd uses the "process" killmode which shutsdown
shim v1 container processes but it does not shutdown
v2 container processes. As a result, when shutting down
the server it will result in a longer shutdown time
than compared to Centos 7.

This is a temporary workaround until we update to containerd
1.5+.

Test Plan
PASS Build containerd with patch
PASS Boot and unlock server
PASS Reboot server check for continerd-shim processes
in the syslog after the server reboots

Story: 2009845
Task: 44456

Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: Iac496e9f2b7f3ccded5ea3e034db8bac2cfc0125
2022-06-02 13:57:09 -04:00
Steven Webster
478a4e59ad Fix bond CNI install path
Recent commit 54f2f7d6c667e0d26211e713d0b1fd44a527cdaa made
changes to the install path of the containernetworking-plugins
from /usr/libexec/cni/ to /opt/bin/cni/ as part of making
/usr readonly to support OSTree.

Since the bond-cni plugin is not distributed with the other
containernetworking-plugins, the same change needs to be
made in the bond-cni package.

Closes-Bug: 1976111

Testing:

Ensure /opt/cni/bin/bond exists on both Debian and CentOS.

Signed-off-by: Steven Webster <steven.webster@windriver.com>
Change-Id: I48b47100d14c77818daf42cb24b7146ae6672e35
2022-05-30 16:26:48 -04:00
Zuul
6a367ce472 Merge "Debian: add package k8s-cni-cache-cleanup build files" 2022-05-27 13:54:10 +00:00
Andre Fernando Zanella Kantek
b23d4c84c2 Debian: add package k8s-cni-cache-cleanup build files
This change adds the package k8s-cni-cache-cleanup to StarlingX's
Debian build

Test Plan:
PASS  build Debian ISO
PASS  install AIO-SX Debian ISO
PASS  Check package k8s-cni-cache-cleanup is present
PASS  Check presence of script /usr/local/sbin/k8s-cni-cache-cleanup

Story: 2009965
Task: 45461

Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: I277937ad1be326f75c3b5fc01a30e775a7b9ca0a
2022-05-26 16:18:12 -03:00
Zuul
53da7ef285 Merge "Debian: Add kubernetes 1.23.1 package" 2022-05-17 20:20:54 +00:00
Zuul
be4767afb5 Merge "Debian: Change k8s 1.21.8 package name" 2022-05-17 00:11:15 +00:00
Zuul
3476338753 Merge "Add Kubectl Cert Manager" 2022-05-16 20:03:11 +00:00
Jerry Sun
d2acaea1ef Add Kubectl Cert Manager
This commit adds the kubernetes plugin kubectl cert manager to the iso.
This is used to convert old v1alpha2 and v1alpha3 cert manager
resources to v1 during a system upgrade. The plugin is not required
for debian because there are no old cert manager resources to convert.

Test Cases:

PASS: Convert our default DC certificates and issuers using
      kubectl cert manager

Change-Id: I59f1b0e4d5d6ece1ccef43fee1acacd7b7e44efd
Story: 2009837
Task: 45372
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
2022-05-16 11:56:14 -04:00
Zuul
23651385cb Merge "Debian: Correct "sanitize reserved cpus list before kubelet starts"" 2022-05-11 17:57:23 +00:00
Kaustubh Dhokte
ee6eadab97 Debian: Correct "sanitize reserved cpus list before kubelet starts"
This change makes a correction in kubeadm.conf for k8s 1.21.8 on
Debian originally committed in
https://review.opendev.org/c/starlingx/integ/+/827384

/etc/sysconfig does not exist on Debian.
Kubelet service environment variables file location is /etc/default/
on StarlingX Debian.

Test Plan:
Package builds successfully

Closes-Bug: 1955608

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: Ic3f7f6a514088a3ccbd7f99c0433a8144e8d0ade
2022-05-03 23:02:58 +00:00
Bin Qian
54f2f7d6c6 Make /usr readonly to support OSTree
OSTree structure requires /usr to be readonly as OSTree's dracut
hook creates a read-only bind mount over /usr.

1. deploy validate_postgresql_connection.sh directly to
   /usr/local/bin. It was copied to the location after
   installation.
2. move /usr/local/etc/ldapscripts to /etc/ldapscripts, files
   need writable.
3. move /usr/libexec/cni to /opt/cni/bin. Plugins are installed
   at runtime.

TCs:
   provision aio-dx centos with /usr mount to readonly fs.
   unlocked host
   provision aio-sx debian and unlocked host.
   upgrade AIO-DX from 21.12
   upgrade AIO-SX from 21.12
   successfully apply cert-manager and nginx-ingress-controller

Story: 2009101
Task: 44314

Change-Id: I99231f3f7db3d2d8eaceba137e13dea650370f71
Signed-off-by: Bin Qian <bin.qian@windriver.com>
2022-04-29 11:19:37 -04:00
Kaustubh Dhokte
95cd66e67d Debian: Change k8s 1.21.8 package name
This changes Debian package name for k8s 1.21.8 from "kubernetes" to
"kubernetes-1.21.8".

Until https://review.opendev.org/c/starlingx/integ/+/831343
is merged, version 1.21.8 is the only packaged version of
kubernetes on StarlingX Debian. In future, multiple kubernetes
versions will be supported on most, if not all, StarlingX releases.
Currently, Debian build server uses the value of 'debname' parameter in
the meta_data.yaml as the package name.
'debname' is an optional parameter in the meta_data.yaml.
If not provided, it uses package dir name as the package name
(kubernetes-1.21.8 in this case), which follows the preferred format
('kubernetes-<version>') for naming different versions of kubernetes
packages distinctly.

Test Plan:
PASS: Package builds successfully
PASS: Image builds successfully.

Story: 2009830
Task: 44638

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: I46f7d9307f4254597557bb8be81ef471dcc7d73d
2022-04-29 06:00:57 +00:00
Kaustubh Dhokte
c47f0964d9 Debian: Add kubernetes 1.23.1 package
Test Plan:(On Debian)
Kubernetes 1.23.1 package builds successfully
All packages build successfully
Image builds successfully

Depends-On: https://review.opendev.org/c/starlingx/compile/+/825651

Story: 2009830
Task: 44638

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: I57de1d998412e61bb928a9ce1930bc2a1c600282
2022-04-22 22:37:53 +00:00
Davlet Panech
6b7479e737 debian: sriov-network-device: convert to debian
Rename centos directory to "distroless", same as other intel k8s
plugins.

TESTS
=====
Rebuild on debian & centos hosts

Story: 2009831
Task: 45083

Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: If4c82b89fc1a1c235ef4de61a76e234ef912cab1
2022-04-18 15:48:20 -04:00
Zuul
739faa1c3d Merge "Move k8s container cleanup to containerd service" 2022-04-14 14:33:02 +00:00
Jim Gauld
169a0c0ee3 Move k8s container cleanup to containerd service
This introduces k8s-container-cleanup script that will be called
when containerd.service is stopped. The script detects whether systemd
state is 'stopping' due to shutdown/reboot, then stops all running
containers before the service shuts down.

During shutdown/reboot, some containers are not receiving the
SIGTERM signal. This leads to unexpected behaviour such as
generating huge coredumps.

There is an upstream issue regarding this:
https://github.com/kubernetes/kubernetes/issues/107158
The problem seems to be systemd related but this commit
addresses the problem with a workaround.

This reverts commit f3c18b0f79e3b145d378474b24d861926dd61a13.
The k8s-container-cleanup script is moved from kubelet.service
to containerd.service. The ExecStopPost that calls this script
is removed, and replaced with ExecStop in containerd.service
to call the script (in config-files repo).

The k8s-container-cleanup script requires containerd is running
in order to use crictl utility. The shutdown of kubelet and
containerd have unpredictable timing, so the cleanup must be done
in containerd.

Test Plan: On AIO-SX
PASS: Verify k8s-container-cleanup logs to daemon.log during 'stopping.
PASS: Manual change containerd/kubelet shutdown timing and verify.
k8s-container-cleanup running to completion before containerd stopped.
PASS: Reboot and verify k8s-container-cleanup running to completion.
PASS: Lock/unlock and verify k8s-container-cleanup running to completion.
PASS: Manually run spellintian tool against k8s-container-cleanup.sh.
PASS: Manually run shellcheck tool against k8s-container-cleanup.sh.
PASS: Zuul tox bashate tool against k8s-container-cleanup.sh.

Partial-Bug: 1964111
Change-Id: Ic8a9e257f861ae218a8520205eced3eaa580dd20
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
2022-04-12 13:52:40 -04:00
Zuul
9b3dde85f1 Merge "Debian: runc upversion to 1.0.2" 2022-04-12 17:48:50 +00:00
Steven Webster
d4c56d145f Enable bond-cni to build with golang 1.17
This commit fixes an issue that was seen if golang 1.17
was chosen as the toolchain to build the CNI package.

The go 1.17.5 build complains that the following vendored
modules should be explicitly required in the go.mod file:

github.com/coreos/go-iptables v0.6.0
github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e

If these are added to the go.mod file, a further complaint
is given that it no longer matches the information in
vendor/modules.txt

The patch files were generated by running go mod tidy for
the go.mod file, and go mod vendor for the vendor/modules.txt.

Since the bond-cni uses go 1.17 in the go directive of its
go.mod file, this commit locks down on this version to attempt
to prevent other issues from arising from new or other golang
versions.

Testing:

- CentOS build
- Debian build
- Spot check of bond-cni functionality on CentOS

Closes-Bug: 1966728

Signed-off-by: Steven Webster <steven.webster@windriver.com>
Change-Id: I14638165db48cda9b89dd666b0c8b7c0a4e8e380
2022-04-11 14:21:24 -04:00