Commit Graph

2229 Commits

Author SHA1 Message Date
Wentao Zhang 1b0db90e43 Debian: openvswitch: fix CVE-2023-3966/CVE-2023-5366/CVE-2024-22563
Upgrade openvswitch's version from 2.15.0+ds1-2+deb11u4 to
2.15.0+ds1-2+deb11u5 to fix CVE-2023-3966/CVE-2023-5366/CVE-2024-22563

Refer to:
https://nvd.nist.gov/vuln/detail/CVE-2023-3966
https://nvd.nist.gov/vuln/detail/CVE-2023-5366
https://nvd.nist.gov/vuln/detail/CVE-2024-22563
https://security-tracker.debian.org/tracker/DSA-5640-1

Test Plan:
 Pass: downloader
 Pass: build-pkgs --clean --all
 Pass: build-image
 Pass: boot

Closes-bug: #2057984

Change-Id: I59ac7a2d64cf3f93da081a32e683d36f29055f28
Signed-off-by: Wentao Zhang <Wentao.Zhang@windriver.com>
2024-03-21 16:05:14 +08:00
Zuul 0898f29a7a Merge "Add kubernetes 1.29.2 patches" 2024-03-20 16:47:15 +00:00
Zuul b331398cfd Merge "Up-rev runc package to 1.1.12" 2024-03-20 14:03:05 +00:00
Ramesh Kumar Sivanandam 524383ceb9 Up-rev runc package to 1.1.12
This change updates runc package from 1.1.7 to 1.1.12
and fixes the vulnerability issue - CVE-2024-21626.
https://nvd.nist.gov/vuln/detail/CVE-2024-21626

Test Plan:
  PASS: runc package builds successfully
  PASS: Build ISO successful with multiple kubernetes versions
  PASS: Verify correct runc vesion on deployed system,
        dpkg-query -f '${Version}' -W runc
  PASS: Performed the K8s version upgrade from 1.24.4 to 1.28.4
  PASS: Verify platform cpu occupancy is normal using
        collectd.log and occtop tool

Closes-bug: https://bugs.launchpad.net/starlingx/+bug/2052401

Change-Id: Ia34c4a1bcab777a9af80e2b045960895f2bed976
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
2024-03-20 09:43:36 -04:00
Ramesh Kumar Sivanandam 6633522643 Set kubernetes kubeadm UpgradeManifestTimeout to 3 minutes
This modifies kubeadm UpgradeManifestTimeout from 5 minutes default
to 3 minutes to reduce the unnecessary delay in retries during
kubeadm-upgrade-apply failures.

The typical control-plane upgrade of static pods is 75 to 85 seconds,
so 3 minutes gives adequate buffer to complete the operation.

TEST PLAN:
PASS: All Kubernetes packages build successfully from 1.24 to 1.28.
PASS: Perform k8s upgrade and verify kubeadm-upgrade-apply.log
      shows the UpgradeManifestTimeout value as 3 minutes.

Partial-Bug: 2056326

Change-Id: Ief35c63dacc92af861525f03fa25ceb7b8253622
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
2024-03-17 23:03:19 -04:00
Zuul a933669618 Merge "Identify platform pods based on pod/namespace labels" 2024-03-07 20:33:00 +00:00
Boovan Rajendran 50883a70df Add kubernetes 1.29.2 patches
This change ports the following kubernetes 1.29.2 patches which were
refactored slightly to allow for upstream changes

The following patches were applied cleanly:
kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch
kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch
Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch
kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch

The following patches were refactored:
kubeadm-create-platform-pods-with-zero-CPU-resources.patch
kubernetes-make-isolcpus-allocation-SMT-aware.patch
kubelet-cpumanager-disable-CFS-quota-throttling.patch
kubelet-cpumanager-keep-normal-containers-off-reserv.patch
kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch

Test Plan:
PASS: Kubernetes package 1.29.2 builds properly.
PASS: Run all Kubelet, kubeadm, kubectl make tests for affected code.

Story: 2011047
Task: 49674

Change-Id: Ib24dc061a7da201650cc6550fd7bbed0aebe390c
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
2024-03-06 10:20:55 -05:00
Zuul aff28c17a8 Merge "Up-rev kubernetes package from 1.29.1 to 1.29.2" 2024-03-05 23:05:31 +00:00
Zuul adf9764322 Merge "update tzdata" 2024-03-04 19:33:48 +00:00
Scott Little 1bbcf7596b update tzdata
tzdata expires every 6-12 months.

Update to the latest tzdata, valid until Dec 2024
The new tzdata is supplied by upstream, we no longer need
to build it ourselves.  We just need to be sure it is included
in the iso.

Verification:
- tzdata is no longer built
- build-iso and make sure it contains the new package
- check the package to ensure it contains the
  expected leap-seconds.list file
- boot the iso and ensure nothing weird observed
  regarding the date
- run "export TZ=/usr/share/zoneinfo/EST5EDT" followed
  by the date command and ensure that it displays the
  correct time for that timezone

Partial-Bug: 2054466
Change-Id: I765dc225f9b9f23799af662cd87fe94703857241
Signed-off-by: Scott Little <scott.little@windriver.com>
2024-03-04 17:26:34 +00:00
Zuul 10ebdfe1c2 Merge "Fix uninitialized ts2phc variable in nmea_scan_rmc" 2024-03-04 17:15:44 +00:00
Ramesh Kumar Sivanandam 63991d3041 Up-rev kubernetes package from 1.29.1 to 1.29.2
This change updates kubernetes package from 1.29.1 to 1.29.2
and it uses golang-1.21.7.

Test Plan:
PASS: kubernetes-1.29.2 package builds successfully
PASS: All packages build successfully
PASS: Build ISO successful with multiple kubernetes versions
PASS: For pkg-versioning, add a dummy commit to subdirectory
      of kubernetes-1.29.2. Built package kubernetes-1.29.2
      and verified that package version was incremented by 1.
PASS: Install the ISO as AIO-SX and verify the K8s 1.29.2 staged
      binaries are present in the path /usr/local/kubernetes/1.29.2

Story: 2011047
Task: 49654

Depends-On: https://review.opendev.org/c/starlingx/compile/+/910697

Change-Id: Ib463753fe82527d64d7b0e5605895b0ed2c48e49
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
2024-03-04 08:49:36 -05:00
Cole Walker acadeca144 Fix uninitialized ts2phc variable in nmea_scan_rmc
This change pulls in an upstream linuxptp fix to initialize the tm_isdst
variable.

An unitialized tm_isdst variable in ts2phc can result in mktime failing
and cause ts2phc to be unable to sync time with a "invalid master time
stamp" error.

The fault was intermittent based on the random value in the unitialized
variable. If it was read as a positive integer, mktime would fail and
the symptom would occur.

The upstream commit id is:
63fc1ef4fd5e5fc45dd4de3bf27920bb109a4357

Test plan:
Pass: Verify package build
Pass: Deploy updated ts2phc binary and perform repeated service
start/stops. The fault was not reproduced after 20 attempts.

Closes-bug: https://bugs.launchpad.net/starlingx/+bug/2055464

Change-Id: I9fb1722c6ab93f6bb9ec6cdc4fbe902a823b3e2e
Signed-off-by: Cole Walker <cole.walker@windriver.com>
2024-03-01 13:43:45 -05:00
Zuul 49e08dd3eb Merge "Remove support for ignoring isolated CPUs in k8s 1.24" 2024-02-27 20:47:16 +00:00
Zuul aa255de4c8 Merge "debian-pkg: Update golang for cni plugins" 2024-02-27 17:21:06 +00:00
Zuul 5832fc1923 Merge "Debian: Add kubernetes 1.29.1 package" 2024-02-26 22:27:12 +00:00
Mohammad Issa 435ba6e194 debian-pkg: Update golang for cni plugins
This commit updates the containernetworking-plugins and
bond-cni pkgs to use golang-1.18.

Test Plan:
- PASS: downloader
- PASS: build pkgs
- PASS: build image
- PASS: the plugins are present at /var/opt/cni/bin/
- PASS: test the plugins' functionality

Story: 2010878
Task: 49619

Change-Id: Ie8e0f01502e74cf2fb7a4b3ba88c37b69609c297
Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
2024-02-23 16:43:30 +00:00
Zuul 302385e7bb Merge "Fix DAD and gateway detection in ifupdown/ifupdown-extra, improve logs" 2024-02-22 14:26:32 +00:00
Lucas Ratusznei Fonseca 1ac33ded8a Fix DAD and gateway detection in ifupdown/ifupdown-extra, improve logs
The scripts in ifupdown-0.8.36 and ifupdown-extra-0.32, as they are
distributed, don't work correctly for detecting duplicate IP addresses
and gateway reachability in the interfaces. Because of this, error
messages are thrown in daemon.log even if error conditions don't exist.
This commit fixes the detection logic and also improves the log logic,
so that messages carry useful and accurate information.

Test plan

Systems: AIO-SX IPv4, AIO-SX IPv6

Scenarios without error/warning conditions
------------------------------------------

For these scenarios, OAM is over a regular ethernet interface, gateway
is reachable and there are no duplicate IP addresses. Log messages
must reflect this.

[PASS] mgmt and cluster-host over same eth port, pxe unassigned
[PASS] mgmt and cluster-host over same bond port, pxe unassigned
[PASS] mgmt and cluster-host over same vlan port, pxe unassigned
[PASS] mgmt and cluster-host over same vlan port, pxe assigned to
       base eth
[PASS] mgmt and cluster-host over different vlan ports, pxe assigned
       to base bond

Scenarios with error/warning conditions
---------------------------------------

For these scenarios, error/warning messages must appear and reflect
the real conditions.

[PASS] Cable disconnected in ethernet interface
[PASS] Cable disconnected in bonding interface
[PASS] Duplicate address in ethernet interface
[PASS] Duplicate address in vlan interface
[PASS] Duplicate address in bonding interface
[PASS] Missing gateway in ethernet interface
[PASS] Missing gateway in vlan interface
[PASS] Missing gateway in bonding interface

Closes-Bug: #2052534
Change-Id: Ie9152eff51f21bdcb8693f554eb696d63e2bab34
Signed-off-by: Lucas Ratusznei Fonseca <lucas.ratuszneifonseca@windriver.com>
2024-02-21 10:08:10 -03:00
Leonardo Mendes 5642771926 Preset to enable ipsec auth server service
This update added ipsec-server service to systemd preset config
to enable it on controllers.

Test Plan (DX system):
PASS: Install and bootstrap controller-0, verify ipsec-server is
      "enabled" and "vendor preset: enabled" after first reboot and
      bootstrap.

Story: 2010940
Task: 49583

Depends-On: https://review.opendev.org/c/starlingx/metal/+/907348

Change-Id: I41d4fdb9f9adc857234981e04de1a5a4e8af8721
Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
2024-02-20 14:10:57 -03:00
Ramesh Kumar Sivanandam 5233b51876 Debian: Add kubernetes 1.29.1 package
This adds kubernetes 1.29.1 package for Debian, this is built
using golang-1.21.6.

Taken from the previous version and modified the files for 1.29.1.

Test Plan:
PASS: kubernetes-1.29.1 package builds successfully
PASS: All packages build successfully
PASS: Build ISO successful with multiple kubernetes versions
PASS: For pkg-versioning, add a dummy commit to subdirectory
      of kubernetes-1.29.1. Built package kubernetes-1.29.1
      and verified that package version was incremented by 1.
PASS: Install the ISO as AIO-SX and verify the K8s 1.29.1 staged
      binaries are present in the path /usr/local/kubernetes/1.29.1

Story: 2011047
Task: 49591

Depends-On: https://review.opendev.org/c/starlingx/compile/+/909068

Change-Id: I97b4a3a25ca93a2b414a1600f3ba8bd0f16b1e8c
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
2024-02-19 03:31:27 -05:00
Kaustubh Dhokte 424c00985e Identify platform pods based on pod/namespace labels
This change updates kubernetes patch
kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch
for supported kubernetes versions from 1.24 to 1.28.

Currently, for static CPU allocation, pods are identified
as platform pods using a hard-coded list of namespaces.
New method identifies a pod as a platform pod using label
assigned to it or its namespace.

Test Plan:
PASS: All affected versions of kubernetes package build successfully.
PASS: Create a pod with the platform label. Pod is classified as
      a platform pod.
PASS: Create a pod without the platform label but in a namespace with
      the platform label. Pod is classified as a platform pod.
PASS: Create a pod without the platform label and in a namespace
      without the platform label. Pod is not classified as a platform
      pod.

Depends-On: https://review.opendev.org/c/starlingx/config/+/907640
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/907641
Depends-On: https://review.opendev.org/c/starlingx/integ/+/908340
Depends-On: https://review.opendev.org/c/starlingx/integ/+/908958

Story: 2010612
Task: 47513

Change-Id: I654d466e51522b42a2e1d17a1828288089791b8f
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
2024-02-14 00:19:51 +00:00
Kaustubh Dhokte 191839ee71 Remove support for ignoring isolated CPUs in k8s 1.24
This change covers up for the missed kubernetes version 1.24.4
in this change.
https://review.opendev.org/c/starlingx/integ/+/908340

Test Plan:
PASS: Kubernetes 1.24.4 package builds successfully.

Story: 2010878
Task: 49546

Change-Id: Iff11cd4ee8239bed5875100b4499216e80e27386
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
2024-02-14 00:12:08 +00:00
Andy Ning 92e7b2fce3 Preset to enable strongswan IPSec daemon service
This update added strongswan IPSec daemon (charon) to systemd
preset config to enable it on all types of systems.

Test Plan (DX system):
PASS: Install and bootstrap controller-0, verify IPSec service is
      "enabled" and "vendor preset: enabled" after first reboot and
      bootstrap.
PASS: Unlock controller-0, verify IPSec service is enabled and
      "vendor preset: enabled" after unlock.
PASS: Install controller-1, verify IPSec service is enabled and
      "vendor preset: enabled" after first reboot.

Story: 2010940
Task: 49482

Co-Authored-By: Andy Ning <andy.ning@windriver.com>

Change-Id: I2bc122f080e33b87fd1b6535d1817df2a9cb0b52
Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
2024-02-09 14:24:53 +00:00
Zuul c5b1a5296f Merge "Remove support for ignoring isolated CPUs in k8s" 2024-02-09 00:38:28 +00:00
Zuul 9702234bb9 Merge "Remove Revert-use-subpath-for-coredns-only-for-default-repo k8s patch" 2024-02-07 21:30:41 +00:00
Kaustubh Dhokte d755f69b6c Remove support for ignoring isolated CPUs in k8s
As we no longer have any users for this feature, we remove the patch
enable-support-for-kubernetes-to-ignore-isolcpus.patch from the repo.

Test Plan:
PASS: Each affected kubernetes version package builds successfully.

Story: 2010878
Task: 49546

Change-Id: Id21fe6cd029d4b3cd6e6bd920628dfcc4703f6b2
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
2024-02-07 19:24:14 +00:00
Zuul 09b80ac7bc Merge "fixing high cpu usage of luks service on compute" 2024-02-06 14:47:44 +00:00
Rahul Roshan Kachchap 90223dda23 Ensure encryption-proider.yaml present in luks
Following checks and enhacement are done in this commit
to handle the patching scenarios:
 - Added check for encryption-proider.yaml to be moved
   to luks volume from /etc/kubernetes directory if not
   present.
 - If encryption-proider.yaml already present in luks
   volume and also exists in /etc/kubernetes directory,
   then delete the encryption-proider.yaml file from
   /etc/kubernetes directory.
 - Remove the encryption-provider.yaml from the
   /opt/platform/config/${sftw_ver}/kubernetes
   if exists.

Test Plan:
PASSED: build-pkgs -c -p luks-fs-mgr
PASSED: build-image
PASSED: AIO-SX patch testing: Verified that the
        encryption-proider.yaml file is present only in
        luks volume. Luks service is up and running.

Story: 2010873
Task: 49533

Change-Id: If0891ed5b93f538953912e22afc940c6e4742800
Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com>
2024-02-06 06:23:48 -05:00
Jagatguru Prasad Mishra da797bbff3 fixing high cpu usage of luks service on compute
Storage and Compute node going in "degraded" state due to high
cpu usage for luks-fs-mgr. Currently the service keeps checking
the luks volume status and exits when it is in inactive state.
This is a redundant activity as the maintenance code already
checks volume status and raises the alarm.

This code change exits the main thread of the service on compute
and storage nodes after unsealing the volume.

Test Plan:
PASS: build-pkgs -c -p luks-fs-mgr
PASS: build-image
PASS: AIO-DX plus: verify if service stops after unsealing luks
      volume on compute and storage nodes and there is no high
      cpu usage alarm.
PASS: AIO-DX plus: verify if luks service continue running
      on controller nodes.

Story: 2010872
Task: 49517

Change-Id: I7cb2cbf6761b429cb06e5b100e0bfdbfce43f94c
Signed-off-by: Jagatguru Prasad Mishra <jagatguruprasad.mishra@windriver.com>
2024-02-04 16:40:25 +00:00
Zuul 8764fbf385 Merge "Remove guestServer and guestAgent from systemd-presets" 2024-02-02 20:45:20 +00:00
Zuul df3220bc7e Merge "Etcd upversion from 3.3.25 to 3.4.27" 2024-02-02 18:23:40 +00:00
Eric MacDonald b5ef59fc8e Remove guestServer and guestAgent from systemd-presets
The stx/nfv/mtce-guest service has been deprecated and is no longer
built as part of the nfv git.

https://opendev.org/starlingx/nfv/commit/
bfded2ded62263695ec37fb6214eda7b191c1cbc

However, removing the guestServer and guestAgent systemd presets
were missed.

Therefore, as a final cleanup effort for these deprecated
services, this update removes all references to both the
guestAgent and guestServer from starlingX systemd-presets.

Test Plan:

PASS: Full clean Debian build
PASS: Debian ISO install Standard system with worker and storage
PASS: Verify guestServer and guestAgent service files are not packaged.

Related-Bug: 2051389
Change-Id: I4b0dfa1739f35b0ceab3b6b98a9b24eb53caa1a9
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
2024-02-01 15:13:06 +00:00
Kaustubh Dhokte 8cecc0667d Etcd upversion from 3.3.25 to 3.4.27
This change updates etcd version to 3.4.27.

The new etcd version does not generate package named 'etcd'.
Etcd server binary (/usr/bin/etcd) is packed in the package
'etcd-server'. So a patch is added to the etcd puppet module
to update the package name. Also, as we do not use /etc/etcd/etcd.yml,
another patch is added to remove its generation. Etcd 3.3.25 would
create a new user 'etcd'. As no processes or files require etcd user
context, it is removed in the new version. Etcd process and config
files are managed by puppet and are owned by the root user.

Depends-On: https://review.opendev.org/c/starlingx/integ/+/897091
Depends-On: https://review.opendev.org/c/starlingx/tools/+/897100
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/897099
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/898851

Test Plan:
PASS: All packages build and build image successful
PASS: AIO-SX, AIO_DX fresh install success with new etcd version.
PASS: CRUD operations on a test pod successful.
PASS: Lock/Unlock reboot succeeds. K8s cluster healthy after each
      operation. Test pod persists upon lock/unlock and reboot.
PASS: AIO-SX platform upgrade successful. K8s cluster healthy after
      platform upgrade.

Story: 2010878
Task: 48877

Change-Id: Ifb4d7d5c8f4d3dbf754f117db75408bff9181464
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
2024-01-31 18:49:54 +00:00
Scott Little d797c9778c fix golang-github-golang-jwt-jwt-dev url
The original archive url was for version 4.3.3, not 4.3.3-1,
resulting in a verification failure.

I have supplied the correct url.

Testing:
dget -d https://snapshot.debian.org/archive/debian/20230904T084702Z/pool/main/g/golang-github-golang-jwt-jwt/golang-github-golang-jwt-jwt_4.4.3-1.debian.tar.xz
stx download

Closes-bug: 2051856
Signed-off-by: Scott Little <scott.little@windriver.com>
Change-Id: I424e5fc2718e97a0d0176b721af5a249c4c7250a
2024-01-31 10:39:34 -05:00
Zuul 41de3338d3 Merge "Add dependencies for etcd 3.4.27" 2024-01-30 20:39:36 +00:00
Boovan Rajendran 8ba265a6ce Remove Revert-use-subpath-for-coredns-only-for-default-repo k8s patch
Revert-use-subpath-for-coredns-only-for-default-repo.patch
is removed as this change that updates the dns
imageRepository is taken care in ansible playbook review
https://review.opendev.org/c/starlingx/ansible-playbooks/+/903499

Test Plan:
PASS: Kubernetes package 1.25.3, 1.26.1 and 1.27.5
      builds properly.
PASS: Verify k8s upgrade from 1.24.4 to 1.25.3

Story: 2010878
Task: 49244

Change-Id: Ic5a825f88f625db10610cc7e19770a0a36b6aad4
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
2024-01-23 01:59:23 -05:00
Rahul Roshan Kachchap dd158616be Removing symlink creation on compute/storage host
Luks service creates a symbolic link to encryption-provider.yaml
at /etc/kubernetes from the luks volume. Symlink must be present
only on the controller node only.

This commit adds the code to create the symlink to
encryption-provider.yaml file based on the personality.

Test Plan:
PASSED: build-pkgs -c -p luks-fs-mgr
PASSED: bootstrap
PASSED: symlinks are created at /etc/kubernetes/ for
        controllers only and not for compute/storage

Story: 2010873
Task: 49438

Change-Id: I048e880ef97a17d745f20dd7d247df71cb53eae8
Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com>
2024-01-22 06:03:54 -05:00
Andre Mauricio Zelak cfe25f0193 Fixed event port id map
Fixed the port id map in the Port Data Set event handling. The port id
is composed by port number and node index after the HA implementation.

Code tidying. As definition, the port id and the port number are
different. An existing port number variable was rennamed to
prevent missinterpretation.

Code tidying. The HA node state change processing was disabled
when HA feature is not enabled.

Test plan:
PASS: Verify the phc2sys executable recognizes the port in the port
state change event, when -a configuration option is used
PASS: Verify the events in the HA scenario are being recognized

Story: 2010723
Task: 49405

Change-Id: Iea2b3c4e7d7dcd07ca2ad52bc4042f80282b1a9a
Signed-off-by: Andre Mauricio Zelak <andre.zelak@windriver.com>
2024-01-15 16:28:29 -03:00
Zuul 60e8c113f7 Merge "Code enhancements for luks-fs-mgr" 2024-01-15 14:01:27 +00:00
Zuul dd59d24235 Merge "Fix PTP configuration compatibility" 2024-01-12 17:22:32 +00:00
Harshad sonde 151539e64b Code enhancements for luks-fs-mgr
Following enhancements and fixes are done in this commit:
- Added code for handling graceful exit of the service.
- Fixed code to remove segfault core-dump.
- Added return value for copyKubeProviderFile() function
  so that service is exited in case of failure.
- Used inotifytools package to detect file change and
  creation recursively.
- Fixed issue related to removal of luks mount path.

Test Plan:
PASSED: Successfully deployed ISO on AIO-DX
PASSED: Both the controllers are up and running
PASSED: No segfault or luks-fs-mgr service crash
        is observed after deployment
PASSED: symlinks are created at /etc/kubernetes/ and
        /opt/platform/config/23.09/kubernetes/ folders.
PASSED: All the files/directories created on the
        /var/luks/stx/luks_fs/controller/ directory
        on active controller are pushed onto the luks volume
        on standby controller.
PASSED: Tested Push functionality from active to standby controller.
        by modifying a file inside a subdirectory on LUKS/controller.
PASSED: Standby controller is able to pull luks/controller
        from the active controller. Verified on the Standard setup
        using HOST-SWACT command.
PASSED: Removed the copy of encryption-provider.yaml file from
        /opt/platform/config/<SW_VERSION>/kubernetes/
        (To support patch installation)
PASSED: LUKS service comes up after unmounting and removal of LUKS
        mount path.

Depends-On: https://review.opendev.org/c/starlingx/tools/+/904556
            https://review.opendev.org/c/starlingx/root/+/904558

Story: 2010873
Task: 49375

Change-Id: I26e7f5c72baf2095bea4df4ef34bec22d0f93aed
Signed-off-by: Harshad sonde <harshad.sonde@windriver.com>
2024-01-12 21:14:31 +05:30
Andre Mauricio Zelak 9fb03e0f35 Fix PTP configuration compatibility
Fixed the behavior when HA is disabled, one interface has been
configured and '-a' autoconfiguration option is enabled in a
phc2sys instance. The behavior before HA feature was to ignore
the given interface. To keep compatibility with earlier
configurations, interfaces in the configuration file are
ignored if HA is disabled.

Test Plan: non HA
PASS: Verify behavior when HA is disabled and interface has been
configured.
PASS: Verify behavior when HA is ommited and interface has been
configured.
PASS: Verify behavior when HA is disabled and no interface has
been configured.

Test Plan: HA
PASS: Verify phc2sys exit with error when HA is enabled and
one interface has been configured.

Test Plan: Build
PASS: Verify patch application and package build

Closes-bug: 2048085

Change-Id: Ia65c157cfd63b637bd3ae3d7e370407e82371305
Signed-off-by: Andre Mauricio Zelak <andre.zelak@windriver.com>
2024-01-11 17:30:26 -03:00
Zuul 2379dd202e Merge "Add kubernetes 1.28.4 patches" 2024-01-10 17:00:54 +00:00
Zuul 5be479daf1 Merge "remove support for versions of K8s lower than 1.24" 2024-01-10 16:14:53 +00:00
Zuul 671b1fe36b Merge "Fix timeout command in ceph-init-wrapper" 2024-01-09 22:03:09 +00:00
Tiago Leal 10a6701d71 Fix timeout command in ceph-init-wrapper
When analyzing the ceph-process-states.log file, we observed a
recurring error scenario. In the /etc/init.d/ceph-init-wrapper
osd.0 script, the 'timeout' was consistently failing with error
code 125 on the execute_ceph_cmd function call. This failure was
due to the absence of a mandatory value parameter, causing
'timeout' to interpret 'ceph' as an invalid time interval.

To solve this bug, we introduced the necessary initialization
of the $WAIT_FOR_CMD variable. This ensures that the command is
executed correctly, addressing the issue and preventing the
recurrence of the 'timeout' error."

Test Plan:
  - PASS: Force the disk process to be reported as hung and
    check the aforementioned log for the desired output.

Closes-Bug: 2037728
Change-Id: Ic337b212b74c0cc76f25f4aaf9a99d77f8d9250d
Signed-off-by: Tiago Leal <Tiago.Leal@windriver.com>
2024-01-08 19:38:04 +00:00
Zuul 889e9dab93 Merge "Add kata containers support for Starlingx" 2024-01-08 16:49:18 +00:00
Zuul e13fcc0035 Merge "haproxy: Upgrade to 2.2.9-2+deb11u6" 2024-01-08 16:08:03 +00:00
Zuul e138861a9b Merge "systemd: fix build after meson upgrade" 2024-01-08 16:05:58 +00:00