From 81fded989a237a9b8a3b2998684fd9c0c689f077 Mon Sep 17 00:00:00 2001 From: Paul-Emile Element Date: Wed, 12 Dec 2018 14:08:51 -0500 Subject: [PATCH 1/9] fix tpm certificate handling fixed handling of security certificates in tpm mode The code that handles the installation of tpm security certificates stopped working after recent updates to other packages This commit updates the code to properly work with the current system configuration Closes-Bug: #1808163 Change-Id: I76e10cf1ed68cfeb0ce3ee560df0c34711f57af2 Signed-off-by: Paul-Emile Element --- .../tpm2-openssl-engine/e_tpm2.c | 8 +++ security/wrs-ssl/files/tpmdevice-setup | 52 +++---------------- 2 files changed, 15 insertions(+), 45 deletions(-) diff --git a/security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2.c b/security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2.c index 5b5ca2e44..488f6a682 100644 --- a/security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2.c +++ b/security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2.c @@ -312,6 +312,14 @@ static int tpm_engine_init(ENGINE * e) * N.B: This assumes that the kernel-modules-tpm * pkg is installed with the modified tpm_crb KLM */ + if ((result = p_tpm2_Set_Property(hContext, + TPM_INTERFACE_TYPE, "dev"))) { + DBG("Failed to set Resource Manager in context (%p): rc %d", + hContext, (int)result); + TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE); + goto err; + } + if ((result = p_tpm2_Set_Property(hContext, TPM_DEVICE, "/dev/tpmrm0"))) { DBG("Failed to set Resource Manager in context (%p): rc %d", diff --git a/security/wrs-ssl/files/tpmdevice-setup b/security/wrs-ssl/files/tpmdevice-setup index 5fa10772c..e47e989b3 100644 --- a/security/wrs-ssl/files/tpmdevice-setup +++ b/security/wrs-ssl/files/tpmdevice-setup @@ -7,6 +7,8 @@ # TPM setup (both active controller and remote) +export TPM_INTERFACE_TYPE=dev + CERTIFICATE_FILE="server-cert.pem" LOGFILE="/etc/ssl/private/.install.log" ORIGINAL_KEY=$1 @@ -53,8 +55,7 @@ declare -a helper_scripts=("tss2_createprimary" "tss2_contextsave" "tss2_evictcontrol" "tss2_flushcontext" - "create_tpm2_key" - "resourcemgr") + "create_tpm2_key") for src in "${helper_scripts[@]}"; do if ! type "$src" &>/dev/null; then error_exit "ERROR: Cannot find $src. Needed for TPM configuration" @@ -62,41 +63,6 @@ for src in "${helper_scripts[@]}"; do done } -startResourceMgr () { -resourcemgr &>> $LOGFILE 2>&1 & - -# ensure the resourcemgr is started -for i in {1..5} -do - sleep 0.5 - MGR_RUNNING=`pidof resourcemgr` - if [ ! -z $MGR_RUNNING ]; then - break - fi -done -[ ! -z $MGR_RUNNING ] || error_exit "Unable to start TPM resourcemgr" - -# check to see if the resourcemgr port is open -IS_OPEN=0 -for i in {1..5} -do - sleep 0.5 - _test=`netstat -an | grep $RESOURCEMGR_DEFAULT_PORT | grep -i listen` - if [ ! -z "$_test" ]; then - IS_OPEN=1 - break - fi -done -[ $IS_OPEN -ne 0 ] || error_exit "Unable to initialize resourcemgr" -} - -stopResourceMgr () { -# Kill any previous instances of resourcemgr -pkill -c -TERM resourcemgr &> /dev/null 2>&1 -} - - - ### Main ### # remove previous object context rm -f $TPM_OBJECT_CONTEXT &> /dev/null @@ -115,14 +81,10 @@ if [ "$TPM_VERSION" != "2.0" ]; then error_exit "ERROR: TPM Device is not version 2.0 compatible" fi -# Start the Intel ResourceMgr to clear the NV +# Clear the NV # as well as all stale transient handles in # the endorsement hierarchy. -# Since ResourceMgr has a number of stability, -# and security issues, we will stop it after it -# initializes the NV and Handle space -startResourceMgr -stopResourceMgr +tss2_clear -hi l # Create the Endorsement Primary Key hierarchy which will be used # for wrapping the private key. Use RSA as the primary key encryption @@ -136,14 +98,14 @@ PRIMARY_HANDLE="0x$PRIMARY_HANDLE" # be persistently stored in TPM NV. # evict the persistent handle if it exists previously tss2_evictcontrol -hi o -ho $TPM_KEY_HIERARCHY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE -tss2_evictcontrol -hi o -ho $PRIMARY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE &>> $LOGFILE +tss2_evictcontrol -hi o -ho $PRIMARY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE >> $LOGFILE [ $? -eq 0 ] || error_exit "Unable to persist Key Hierarchy in TPM memory" tss2_flushcontext -ha $PRIMARY_HANDLE # wrap the original private key in TPM's Endorsement key hierarchy # this will generate a TSS key blob in ASN 1 encoding -create_tpm2_key -p $TPM_KEY_HIERARCHY_HANDLE -w $ORIGINAL_KEY $TPM_OBJECT_CONTEXT &>> $LOGFILE +create_tpm2_key -p $TPM_KEY_HIERARCHY_HANDLE -w $ORIGINAL_KEY $TPM_OBJECT_CONTEXT >> $LOGFILE [ $? -eq 0 ] || error_exit "Unable to wrap provided private key into TPM Key Hierarchy" # the apps will also need to the public key, place it in From 5700c1ee5db3520c42c7815b53eddbdd8eb661e8 Mon Sep 17 00:00:00 2001 From: Scott Little Date: Wed, 12 Dec 2018 14:45:51 -0500 Subject: [PATCH 2/9] Advance PLATFORM_RELEASE to 19.01 On master branch, PLATFORM_RELEASE should always have a value that lies between that of the last release (18.10), and that of the next anticipated release (19.06 was the last I heard). Setting it to 19.01 Story: 2004596 Task: 28487 Change-Id: I5e34e1fcdec39f0ce0205ea94c73d8a5d5c73bc9 Signed-off-by: Scott Little --- utilities/build-info/release-info.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/build-info/release-info.inc b/utilities/build-info/release-info.inc index 6bcfd74e7..2988fc9f0 100644 --- a/utilities/build-info/release-info.inc +++ b/utilities/build-info/release-info.inc @@ -9,4 +9,4 @@ # # Note: Sourced from scripts, so needs to be bash-able # -PLATFORM_RELEASE="18.10" +PLATFORM_RELEASE="19.01" From d4fec24f6c440ad63f745396980eea2416304e00 Mon Sep 17 00:00:00 2001 From: Tao Liu Date: Tue, 11 Dec 2018 17:47:37 -0500 Subject: [PATCH 3/9] Change compute node to worker node personality The compute personality & subfunction has been changed to worker, and compute_reserved.conf has been rename to worker_reserved.conf. Compute configuration flags have been updated to worker flags. This update changes misc dependencies to compute personality, compute_reserved.conf and configuration flag files. It aslo removed puppet-nova dependencies to compute_reserved.conf. Tests Performed: Non-containerized deployment AIO-SX: Sanity and Nightly automated test suite AIO-DX: Sanity and Nightly automated test suite 2+2 System: Sanity and Nightly automated test suite 2+2 System: Horizon Patch Orchestration Kubernetes deployment: AIO-SX: Create, delete, reboot and rebuild instances 2+2+2 System: worker nodes are unlock enable and no alarms Story: 2004022 Task: 27013 Depends-On: https://review.openstack.org/#/c/624452/ Change-Id: Iccf5584058a2154f1c4ffdb061938e76b9965861 Signed-off-by: Tao Liu --- .../syslog-ng-config/files/fm_event_syslogger | 4 +- .../centos/patches/0002-personality.patch | 4 +- ...emove-compute-reserved-VM-huge-pages.patch | 32 +++++ .../centos/meta_patches/PATCH_ORDER | 1 + ...emove-compute-reserved-VM-huge-pages.patch | 112 ++++++++++++++++++ monitoring/collectd-extensions/src/cpu.py | 8 +- monitoring/collectd-extensions/src/memory.py | 2 +- .../mlx4-config/files/mlx4_core_goenabled.sh | 4 +- .../files/ovsdb-server.pmon.conf | 12 +- .../openvswitch/files/ovsdb-server.pmon.conf | 12 +- .../scripts/live_stream.py | 2 +- 11 files changed, 169 insertions(+), 24 deletions(-) create mode 100644 config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/0012-Remove-compute-reserved-VM-huge-pages.patch create mode 100644 config/puppet-modules/openstack/puppet-nova-11.4.0/centos/patches/0012-Remove-compute-reserved-VM-huge-pages.patch diff --git a/config-files/syslog-ng-config/files/fm_event_syslogger b/config-files/syslog-ng-config/files/fm_event_syslogger index 1570659b4..e9fb1ba4b 100644 --- a/config-files/syslog-ng-config/files/fm_event_syslogger +++ b/config-files/syslog-ng-config/files/fm_event_syslogger @@ -60,8 +60,8 @@ while read line; do # be logged if [ ${nodetype} == "controller" ]; then _configuration_flag_file="/var/run/.controller_config_complete" - elif [ ${nodetype} == "compute" ]; then - _configuration_flag_file="/var/run/.compute_config_complete" + elif [ ${nodetype} == "worker" ]; then + _configuration_flag_file="/var/run/.worker_config_complete" elif [ ${nodetype} == "storage" ]; then _configuration_flag_file="/var/run/.storage_config_complete" else diff --git a/config/facter/centos/patches/0002-personality.patch b/config/facter/centos/patches/0002-personality.patch index 0291d6fcd..a1b6b5c8d 100644 --- a/config/facter/centos/patches/0002-personality.patch +++ b/config/facter/centos/patches/0002-personality.patch @@ -49,12 +49,12 @@ + end +end + -+Facter.add('is_compute_subfunction') do ++Facter.add('is_worker_subfunction') do + confine :kernel => :linux + + setcode do + if release = Facter::Util::FileRead.read('/etc/platform/platform.conf') -+ match = release.match(/^subfunction\=.*compute/) ? true : false ++ match = release.match(/^subfunction\=.*worker/) ? true : false + end + end +end diff --git a/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/0012-Remove-compute-reserved-VM-huge-pages.patch b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/0012-Remove-compute-reserved-VM-huge-pages.patch new file mode 100644 index 000000000..352efbb85 --- /dev/null +++ b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/0012-Remove-compute-reserved-VM-huge-pages.patch @@ -0,0 +1,32 @@ +From 0cc8e6f6a7db603c534fc6d6a3d36c212446e8c2 Mon Sep 17 00:00:00 2001 +From: Tao Liu +Date: Wed, 12 Dec 2018 14:39:12 -0500 +Subject: [PATCH 1/1] Remove compute reserved VM huge pages + +--- + SPECS/puppet-nova.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/puppet-nova.spec b/SPECS/puppet-nova.spec +index 367de7b..3554bd2 100644 +--- a/SPECS/puppet-nova.spec ++++ b/SPECS/puppet-nova.spec +@@ -20,6 +20,7 @@ Patch0008: 0008-Adding-pci_weight_multiple-to-nova-scheduler-filter.patch + Patch0009: 0009-Remove-SerialConsole-from-NovaConf.patch + Patch0010: 0010-Remove-compute-huge.patch + Patch0011: 0011-Provide-a-way-to-set-mem_stats_period_seconds.patch ++Patch0012: 0012-Remove-compute-reserved-VM-huge-pages.patch + + BuildArch: noarch + +@@ -51,6 +52,7 @@ Puppet module for OpenStack Nova + %patch0009 -p1 + %patch0010 -p1 + %patch0011 -p1 ++%patch0012 -p1 + + find . -type f -name ".*" -exec rm {} + + find . -size 0 -exec rm {} + +-- +1.8.3.1 + diff --git a/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/PATCH_ORDER b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/PATCH_ORDER index 800287913..f27e04d5b 100644 --- a/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/PATCH_ORDER +++ b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/PATCH_ORDER @@ -9,3 +9,4 @@ 0009-Remove-SerialConsole-from-NovaConf.patch 0010-Remove-compute-huge.patch 0011-Provide-a-way-to-set-mem_stats_period_seconds.patch +0012-Remove-compute-reserved-VM-huge-pages.patch diff --git a/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/patches/0012-Remove-compute-reserved-VM-huge-pages.patch b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/patches/0012-Remove-compute-reserved-VM-huge-pages.patch new file mode 100644 index 000000000..779f28887 --- /dev/null +++ b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/patches/0012-Remove-compute-reserved-VM-huge-pages.patch @@ -0,0 +1,112 @@ +From b5e101b0a02e4693f57b42ac487621685f839bee Mon Sep 17 00:00:00 2001 +From: Tao Liu +Date: Thu, 29 Nov 2018 10:48:37 -0600 +Subject: [PATCH 1/1] Remove compute reserved VM huge pages + +--- + .../compute_reserved_config/ini_setting.rb | 22 ---------------------- + lib/puppet/type/compute_reserved_config.rb | 19 ------------------- + manifests/compute.pp | 18 ------------------ + 3 files changed, 59 deletions(-) + delete mode 100644 lib/puppet/provider/compute_reserved_config/ini_setting.rb + delete mode 100644 lib/puppet/type/compute_reserved_config.rb + +diff --git a/lib/puppet/provider/compute_reserved_config/ini_setting.rb b/lib/puppet/provider/compute_reserved_config/ini_setting.rb +deleted file mode 100644 +index e7d142f..0000000 +--- a/lib/puppet/provider/compute_reserved_config/ini_setting.rb ++++ /dev/null +@@ -1,22 +0,0 @@ +-Puppet::Type.type(:compute_reserved_config).provide( +- :ini_setting, +- :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +-) do +- +- def section +- resource[:name].split('/', 2).first +- end +- +- def setting +- resource[:name].split('/', 2).last +- end +- +- def separator +- '=' +- end +- +- def file_path +- '/etc/nova/compute_reserved.conf' +- end +- +-end +diff --git a/lib/puppet/type/compute_reserved_config.rb b/lib/puppet/type/compute_reserved_config.rb +deleted file mode 100644 +index fa9d441..0000000 +--- a/lib/puppet/type/compute_reserved_config.rb ++++ /dev/null +@@ -1,19 +0,0 @@ +-Puppet::Type.newtype(:compute_reserved_config) do +- +- ensurable +- +- newparam(:name, :namevar => true) do +- desc 'Section/setting name to manage from compute_reserved.conf' +- newvalues(/\S*\/\S+/) +- end +- +- newproperty(:value) do +- desc 'The value of the setting to be defined.' +- munge do |value| +- value = value.to_s.strip +- value.capitalize! if value =~ /^(true|false)$/i +- value +- end +- end +- +-end +diff --git a/manifests/compute.pp b/manifests/compute.pp +index 719729a..62f3ac2 100644 +--- a/manifests/compute.pp ++++ b/manifests/compute.pp +@@ -148,9 +148,6 @@ + # for shared machine processes + # Defaults to undef + # +-# [*compute_reserved_vm_memory_2M*] +-# [*compute_reserved_vm_memory_1G*] +-# + # DEPRECATED + # + # [*pci_passthrough*] +@@ -194,8 +191,6 @@ class nova::compute ( + $consecutive_build_service_disable_threshold = $::os_service_default, + # WRS PARAMETERS + $shared_pcpu_map = undef, +- $compute_reserved_vm_memory_2M = '()', +- $compute_reserved_vm_memory_1G = '()', + # DEPRECATED PARAMETERS + $pci_passthrough = undef, + ) { +@@ -253,19 +248,6 @@ class nova::compute ( + 'DEFAULT/shared_pcpu_map': value => join(any2array($shared_pcpu_map), ','); + } + +- ## Only override build default if value is provided at runtime. +- ## Setting to () has effect of calculating maximum 2M hugepages. +- if ($compute_reserved_vm_memory_2M and ($compute_reserved_vm_memory_2M != '()')) { +- compute_reserved_config { +- '/COMPUTE_VM_MEMORY_2M' : value => $compute_reserved_vm_memory_2M; +- } +- } +- if ($compute_reserved_vm_memory_1G and ($compute_reserved_vm_memory_1G != '()')) { +- compute_reserved_config { +- '/COMPUTE_VM_MEMORY_1G' : value => $compute_reserved_vm_memory_1G; +- } +- } +- + ensure_resource('nova_config', 'DEFAULT/allow_resize_to_same_host', { value => $allow_resize_to_same_host }) + + if ($vnc_enabled) { +-- +1.8.3.1 + diff --git a/monitoring/collectd-extensions/src/cpu.py b/monitoring/collectd-extensions/src/cpu.py index 6f0fbf539..79ffe97bf 100755 --- a/monitoring/collectd-extensions/src/cpu.py +++ b/monitoring/collectd-extensions/src/cpu.py @@ -11,7 +11,7 @@ # platform core usable since the previous sample. # # Init Function: -# - if 'compute_reserved.conf exists then query/store PLATFORM_CPU_LIST +# - if 'worker_reserved.conf exists then query/store PLATFORM_CPU_LIST # ############################################################################ import os @@ -24,7 +24,7 @@ PASS = 0 FAIL = 1 PATH = '/proc/cpuinfo' -COMPUTE_RESERVED_CONF = '/etc/nova/compute_reserved.conf' +WORKER_RESERVED_CONF = '/etc/platform/worker_reserved.conf' PLUGIN = 'platform cpu usage plugin' @@ -63,8 +63,8 @@ def init_func(): collectd.info('%s init function for %s' % (PLUGIN, c.hostname)) raw_list = "" - if os.path.exists(COMPUTE_RESERVED_CONF): - with open(COMPUTE_RESERVED_CONF, 'r') as infile: + if os.path.exists(WORKER_RESERVED_CONF): + with open(WORKER_RESERVED_CONF, 'r') as infile: for line in infile: if 'PLATFORM_CPU_LIST' in line: val = line.split("=") diff --git a/monitoring/collectd-extensions/src/memory.py b/monitoring/collectd-extensions/src/memory.py index 2b436aeca..84320e758 100755 --- a/monitoring/collectd-extensions/src/memory.py +++ b/monitoring/collectd-extensions/src/memory.py @@ -11,7 +11,7 @@ # platform core usable since the previous sample. # # Init Function: -# - if 'compute_reserved.conf exists then query/store PLATFORM_CPU_LIST +# - if 'worker_reserved.conf exists then query/store PLATFORM_CPU_LIST # ############################################################################ import os diff --git a/networking/mellanox/mlx4-config/files/mlx4_core_goenabled.sh b/networking/mellanox/mlx4-config/files/mlx4_core_goenabled.sh index 189cf3214..dae8aa317 100644 --- a/networking/mellanox/mlx4-config/files/mlx4_core_goenabled.sh +++ b/networking/mellanox/mlx4-config/files/mlx4_core_goenabled.sh @@ -10,13 +10,13 @@ NAME=$(basename $0) OPTIONS_CHANGED_FLAG=/var/run/.mlx4_cx3_reboot_required -COMPUTE_CONFIG_COMPLETE=/var/run/.compute_config_complete +WORKER_CONFIG_COMPLETE=/var/run/.worker_config_complete function LOG { logger "$NAME: $*" } -if [ -f $OPTIONS_CHANGED_FLAG ] && [ -f $COMPUTE_CONFIG_COMPLETE ]; then +if [ -f $OPTIONS_CHANGED_FLAG ] && [ -f $WORKER_CONFIG_COMPLETE ]; then LOG "mlx4_core options has been changed. Failing goenabled check." exit 1 fi diff --git a/networking/openvswitch-config/files/ovsdb-server.pmon.conf b/networking/openvswitch-config/files/ovsdb-server.pmon.conf index d357c44c8..9fa8b51a0 100644 --- a/networking/openvswitch-config/files/ovsdb-server.pmon.conf +++ b/networking/openvswitch-config/files/ovsdb-server.pmon.conf @@ -12,14 +12,14 @@ debounce = 20 ; number of seconds that a process needs to remain startuptime = 5 ; Seconds to wait after process start before starting the debounce monitor mode = passive ; Monitoring mode: passive (default) or active ; passive: process death monitoring (default: always) - ; active : heartbeat monitoring, i.e. request / response messaging + ; active : heartbeat monitoring, i.e. request / response messaging ; ignore : do not monitor or stop monitoring -subfunction = compute ; Optional label. - ; Manage this process in the context of a combo host subfunction - ; Choices: compute or storage. +subfunction = worker ; Optional label. + ; Manage this process in the context of a combo host subfunction + ; Choices: worker or storage. ; when specified pmond will wait for - ; /var/run/.compute_config_complete or - ; /var/run/.storage_config_complete + ; /var/run/.worker_config_complete or + ; /var/run/.storage_config_complete ; ... before managing this process with the specified subfunction ; Excluding this label will cause this process to be managed by default on startup diff --git a/networking/openvswitch/files/ovsdb-server.pmon.conf b/networking/openvswitch/files/ovsdb-server.pmon.conf index d357c44c8..9fa8b51a0 100644 --- a/networking/openvswitch/files/ovsdb-server.pmon.conf +++ b/networking/openvswitch/files/ovsdb-server.pmon.conf @@ -12,14 +12,14 @@ debounce = 20 ; number of seconds that a process needs to remain startuptime = 5 ; Seconds to wait after process start before starting the debounce monitor mode = passive ; Monitoring mode: passive (default) or active ; passive: process death monitoring (default: always) - ; active : heartbeat monitoring, i.e. request / response messaging + ; active : heartbeat monitoring, i.e. request / response messaging ; ignore : do not monitor or stop monitoring -subfunction = compute ; Optional label. - ; Manage this process in the context of a combo host subfunction - ; Choices: compute or storage. +subfunction = worker ; Optional label. + ; Manage this process in the context of a combo host subfunction + ; Choices: worker or storage. ; when specified pmond will wait for - ; /var/run/.compute_config_complete or - ; /var/run/.storage_config_complete + ; /var/run/.worker_config_complete or + ; /var/run/.storage_config_complete ; ... before managing this process with the specified subfunction ; Excluding this label will cause this process to be managed by default on startup diff --git a/tools/engtools/hostdata-collectors/scripts/live_stream.py b/tools/engtools/hostdata-collectors/scripts/live_stream.py index e0e56b311..bbdf120f9 100644 --- a/tools/engtools/hostdata-collectors/scripts/live_stream.py +++ b/tools/engtools/hostdata-collectors/scripts/live_stream.py @@ -1176,7 +1176,7 @@ def getPlatformCores(node, cpe): logging.basicConfig(filename="/tmp/livestream.log", filemode="a", format="%(asctime)s %(levelname)s %(message)s", level=logging.INFO) core_list = list() try: - with open("/etc/nova/compute_reserved.conf", "r") as f: + with open("/etc/platform/worker_reserved.conf", "r") as f: for line in f: if line.startswith("PLATFORM_CPU_LIST"): core_list = line.split("=")[1].replace("\"", "").strip("\n").split(",") From 0ec172537192932c11f7a9cdc799fbc7e49a22e1 Mon Sep 17 00:00:00 2001 From: Eric MacDonald Date: Wed, 12 Dec 2018 17:15:10 -0500 Subject: [PATCH 4/9] Fix collectd Memory plugin Strict Mode learning Existing code sets overcommit strict mode to True if any non-zero value is returned from a read of /proc/sys/vm/overcommit_memory. This is incorrect. Strict mode should only be set when the returned value is 2. Change-Id: I2c5328624571bb3b2f478d5a79615650bb92cbd2 Closes-Bug: 1808225 Signed-off-by: Eric MacDonald --- .../collectd-extensions/centos/build_srpm.data | 2 +- monitoring/collectd-extensions/src/memory.py | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/monitoring/collectd-extensions/centos/build_srpm.data b/monitoring/collectd-extensions/centos/build_srpm.data index cb4885304..fb8be4619 100644 --- a/monitoring/collectd-extensions/centos/build_srpm.data +++ b/monitoring/collectd-extensions/centos/build_srpm.data @@ -16,4 +16,4 @@ COPY_LIST="$PKG_BASE/src/LICENSE \ $PKG_BASE/src/example.py \ $PKG_BASE/src/example.conf" -TIS_PATCH_VER=2 +TIS_PATCH_VER=3 diff --git a/monitoring/collectd-extensions/src/memory.py b/monitoring/collectd-extensions/src/memory.py index 2b436aeca..65e467c1b 100755 --- a/monitoring/collectd-extensions/src/memory.py +++ b/monitoring/collectd-extensions/src/memory.py @@ -74,16 +74,26 @@ def config_func(config): (PLUGIN, obj.cmd)) -# Get the platform cpu list and number of cpus reported by /proc/cpuinfo +# Load the hostname and kernel memory 'overcommit' setting. def init_func(): # get current hostname obj.hostname = os.uname()[1] + # get strict setting + # + # a value of 0 means "heuristic overcommit" + # a value of 1 means "always overcommit" + # a value of 2 means "don't overcommit". + # + # set strict true strict=1 if value is = 2 + # otherwise strict is false strict=0 (default) + fn = '/proc/sys/vm/overcommit_memory' if os.path.exists(fn): with open(fn, 'r') as infile: for line in infile: - obj.strict = int(line) + if int(line) == 2: + obj.strict = 1 break collectd.info("%s strict:%d" % (PLUGIN, obj.strict)) From 90f45c0c3256a3f87f35d9233781931034989b5f Mon Sep 17 00:00:00 2001 From: zhipengl Date: Thu, 13 Dec 2018 00:24:29 +0800 Subject: [PATCH 5/9] Remove the folder of docker-ce Since we do not add this package to centos_pks_dirs, it can be removed. It seems this folder was deprecated. As I see, docker-ce RPM is already there and packaged in iso. Story: 2004587 Task: 28461 Change-Id: Ice8ac0f8a8cdbd02f3a0f87165f5971a0aba5388 Signed-off-by: zhipengl --- kubernetes/docker-ce/centos/build_srpm.data | 3 -- ...te-package-versioning-for-TIS-format.patch | 36 ------------------- .../docker-ce/centos/meta_patches/PATCH_ORDER | 1 - kubernetes/docker-ce/centos/srpm_path | 1 - 4 files changed, 41 deletions(-) delete mode 100644 kubernetes/docker-ce/centos/build_srpm.data delete mode 100644 kubernetes/docker-ce/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch delete mode 100644 kubernetes/docker-ce/centos/meta_patches/PATCH_ORDER delete mode 100644 kubernetes/docker-ce/centos/srpm_path diff --git a/kubernetes/docker-ce/centos/build_srpm.data b/kubernetes/docker-ce/centos/build_srpm.data deleted file mode 100644 index 97226cee4..000000000 --- a/kubernetes/docker-ce/centos/build_srpm.data +++ /dev/null @@ -1,3 +0,0 @@ -VERSION=18.03.1 -MODULE=docker-ce -TIS_PATCH_VER=1 diff --git a/kubernetes/docker-ce/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/kubernetes/docker-ce/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch deleted file mode 100644 index 569a96d9b..000000000 --- a/kubernetes/docker-ce/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ /dev/null @@ -1,36 +0,0 @@ -commit b86683a477f4d40e09501b6953a89c634bd9de75 -Author: Shoaib Nasir -Date: Mon May 14 15:32:06 2018 -0400 - - WRS: 0001-Update-package-versioning-for-TIS-format.patch - -diff --git a/SPECS/docker-ce.spec b/SPECS/docker-ce.spec -index 82b5042..36d2980 100644 ---- a/SPECS/docker-ce.spec -+++ b/SPECS/docker-ce.spec -@@ -1,6 +1,8 @@ -+%global _version 18.03.1 -+ - Name: docker-ce - Version: %{_version} --Release: %{_release}%{?dist} -+Release: 1%{?_tis_dist}.%{tis_patch_ver} - Summary: The open-source application container engine - Group: Tools/Docker - License: ASL 2.0 -@@ -59,6 +61,7 @@ depending on a particular stack or provider. - %setup -q -c -n src -a 1 - - %build -+export PBR_VERSION=%{version} - export DOCKER_GITCOMMIT=%{_gitcommit} - mkdir -p /go/src/github.com/docker - rm -f /go/src/github.com/docker/cli -@@ -79,6 +82,7 @@ engine/bundles/dynbinary-daemon/dockerd -v - - %install - # install binary -+export PBR_VERSION=%{version} - install -d $RPM_BUILD_ROOT/%{_bindir} - install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker - install -p -m 755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT/%{_bindir}/dockerd diff --git a/kubernetes/docker-ce/centos/meta_patches/PATCH_ORDER b/kubernetes/docker-ce/centos/meta_patches/PATCH_ORDER deleted file mode 100644 index 91f9a80ea..000000000 --- a/kubernetes/docker-ce/centos/meta_patches/PATCH_ORDER +++ /dev/null @@ -1 +0,0 @@ -0001-Update-package-versioning-for-TIS-format.patch diff --git a/kubernetes/docker-ce/centos/srpm_path b/kubernetes/docker-ce/centos/srpm_path deleted file mode 100644 index 5299cbc6a..000000000 --- a/kubernetes/docker-ce/centos/srpm_path +++ /dev/null @@ -1 +0,0 @@ -mirror:Source/docker-ce-18.03.1.ce-1.el7.centos.src.rpm From 43514ea7fbd18d518511a165b59c82b7e20ebd8d Mon Sep 17 00:00:00 2001 From: "Kwan, Louie" Date: Wed, 12 Dec 2018 15:54:30 -0500 Subject: [PATCH 6/9] [Enhancement] Add system active alarms in collect logs Currently the collect tool does not collect the active alarm list. i.e. it doesn't contain the output of "fm alarm-list" Although fm-event.log contains the history of events/alarms, it is quite time-consuming to vet the fm-event.log for which alarms were really active at the time of log collection. A dump of alarm-list to the collect log will greatly reduce this effort. Story: 2004478 Tasks: 28193 Change-Id: I663fb055c244b31a84e682481f94bff82f610b90 Signed-off-by: Kwan, Louie --- tools/collector/centos/collector.spec | 1 + tools/collector/scripts/collect_fm.sh | 41 +++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 tools/collector/scripts/collect_fm.sh diff --git a/tools/collector/centos/collector.spec b/tools/collector/centos/collector.spec index 136c557c9..4de41526c 100644 --- a/tools/collector/centos/collector.spec +++ b/tools/collector/centos/collector.spec @@ -46,6 +46,7 @@ install -m 755 collect_patching.sh %{buildroot}%{_sysconfdir}/collect.d/collect_ install -m 755 collect_coredump.sh %{buildroot}%{_sysconfdir}/collect.d/collect_coredump install -m 755 collect_crash.sh %{buildroot}%{_sysconfdir}/collect.d/collect_crash install -m 755 collect_ima.sh %{buildroot}%{_sysconfdir}/collect.d/collect_ima +install -m 755 collect_fm.sh %{buildroot}%{_sysconfdir}/collect.d/collect_fm install -m 755 etc.exclude %{buildroot}%{_sysconfdir}/collect/etc.exclude install -m 755 run.exclude %{buildroot}%{_sysconfdir}/collect/run.exclude diff --git a/tools/collector/scripts/collect_fm.sh b/tools/collector/scripts/collect_fm.sh new file mode 100644 index 000000000..4ef489a4b --- /dev/null +++ b/tools/collector/scripts/collect_fm.sh @@ -0,0 +1,41 @@ +#! /bin/bash +# +# SPDX-License-Identifier: Apache-2.0 +# + + +# Loads Up Utilities and Commands Variables + +source /usr/local/sbin/collect_parms +source /usr/local/sbin/collect_utils + +SERVICE="alarms" +LOGFILE="${extradir}/${SERVICE}.info" + +function is_service_active { + active=`sm-query service management-ip | grep "enabled-active"` + if [ -z "$active" ] ; then + return 0 + else + return 1 + fi +} + +############################################################################### +# Only Controller +############################################################################### +if [ "$nodetype" = "controller" ] ; then + + is_service_active + if [ "$?" = "0" ] ; then + exit 0 + fi + + echo "${hostname}: System Alarm List .: ${LOGFILE}" + + # These go into the SERVICE.info file + delimiter ${LOGFILE} "fm alarm-list" + fm alarm-list 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE} +fi + +exit 0 From 4dd1d96eddc84433ee3f6cf6f61db5b71a2d3b4c Mon Sep 17 00:00:00 2001 From: zhipengl Date: Sat, 15 Dec 2018 01:34:18 +0800 Subject: [PATCH 7/9] Fix SFTP service is not working issue The root cause is that sftp path in sshd_config is not right. It should be changed from /usr/libexec/sftp-server to /usr/libexec/openssh/sftp-server Verified in my deployment environment sftp can connect to controller. Closes-Bug: 1808054 Change-Id: Ia8d00abc1f18bc3b46faadd87f8ed153a446b7b0 Signed-off-by: zhipengl --- base/openssh-config/files/sshd_config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/openssh-config/files/sshd_config b/base/openssh-config/files/sshd_config index 7091b6868..0dfc0e2d9 100644 --- a/base/openssh-config/files/sshd_config +++ b/base/openssh-config/files/sshd_config @@ -130,7 +130,7 @@ AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS # override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server +Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs From 61b8055a14f61851b9f70c76849bbb4f8f28ed55 Mon Sep 17 00:00:00 2001 From: Steven Webster Date: Mon, 17 Dec 2018 12:22:48 -0500 Subject: [PATCH 8/9] Fix remote logging traffic control filter priority Previous commit 01f5fdd made a required change to filter infrastructure traffic on the management interface with an 802.1q protocol in the case of a consolidated interface. However, this has caused the remote logging tc script to have a failure. The script tries to install 'ip' protocol filters at the same priority as the 802.1q filters, which is rejected by the kernel. This commit detects a consolidated interface situation and bumps the priority of the remote logging tc filter priority on the management interface, similarly to what is done in the main cgcs_tc_setup script. The file has also been cleaned up to pass bashate. Related-Bug: #1807055 Change-Id: Id11625c0f9bcbf109f574563ff284d4a36bc6377 Signed-off-by: Steven Webster --- .../scripts/remotelogging_tc_setup.sh | 115 ++++++++++++++---- 1 file changed, 88 insertions(+), 27 deletions(-) diff --git a/utilities/platform-util/scripts/remotelogging_tc_setup.sh b/utilities/platform-util/scripts/remotelogging_tc_setup.sh index f70da1ec0..7b7cf903a 100755 --- a/utilities/platform-util/scripts/remotelogging_tc_setup.sh +++ b/utilities/platform-util/scripts/remotelogging_tc_setup.sh @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2017 Wind River Systems, Inc. +# Copyright (c) 2017-2018 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -9,9 +9,12 @@ # $1 - listening port of remote log server PORT=$1 +DEFAULT_PRIORITY=1 + function is_loopback { # (from include/uapi/linux/if.h) - IFF_LOOPBACK=$((1<<3)) + # IFF_LOOPBACK = 1<<3 = 8. Using a left shifted syntax can confuse bashate. + IFF_LOOPBACK=8 # get the interface flags FLAGS=`cat /sys/class/net/$DEV/flags` @@ -26,7 +29,8 @@ function is_loopback { function log { # It seems that syslog isn't yet running, so append directly to the syslog file - echo `date +%FT%T.%3N` `hostname` CGCS_TC_SETUP: $@ >> /var/log/platform.log + local FILE=/var/log/platform.log + echo `date +%FT%T.%3N` `hostname` CGCS_TC_SETUP: $@ >> $FILE } function test_valid_speed { @@ -44,14 +48,10 @@ function test_valid_speed { function get_dev_speed { # If the link doesn't come up we won't go enabled, so here we can # afford to wait forever for the link. - while true - do - if [ -e /sys/class/net/$1/bonding ] - then - for VAL in `cat /sys/class/net/$1/lower_*/speed` - do - if test_valid_speed $VAL - then + while true; do + if [ -e /sys/class/net/$1/bonding ]; then + for VAL in `cat /sys/class/net/$1/lower_*/speed`; do + if test_valid_speed $VAL; then log slave for bond link $1 reported speed $VAL echo $VAL return 0 @@ -59,24 +59,24 @@ function get_dev_speed { log slave for bond link $1 reported invalid speed $VAL fi done - log all slaves for bond link $1 reported invalid speeds, will sleep 30 sec and try again + log all slaves for bond link $1 reported invalid speeds, \ + will sleep 30 sec and try again else VAL=`cat /sys/class/net/$1/speed` - if test_valid_speed $VAL - then + if test_valid_speed $VAL; then log link $1 reported speed $VAL echo $VAL return 0 else - log link $1 returned invalid speed $VAL, will sleep 30 sec and try again + log link $1 returned invalid speed $VAL, \ + will sleep 30 sec and try again fi fi sleep 30 done } -if [ -f /etc/platform/platform.conf ] -then +if [ -f /etc/platform/platform.conf ]; then source /etc/platform/platform.conf else exit 0 @@ -94,8 +94,7 @@ LOG_CBW=20 # 1:40 = default class from cgcs_tc_setup.sh # 1:60 = LOG class -if [ $nodetype == "controller" ] -then +if [ $nodetype == "controller" ]; then # Add class and filters to the oam interface DEV=$oam_interface SPEED=$(get_dev_speed $DEV) @@ -105,17 +104,22 @@ then # create new qdiscs, classes and LOG filters tc qdisc add dev $DEV root handle 1: htb default 40 - tc class add dev $DEV parent 1: classid 1:1 htb rate ${SPEED}mbit burst 15k quantum 60000 + tc class add dev $DEV parent 1: classid 1:1 htb rate ${SPEED}mbit \ + burst 15k quantum 60000 AC="tc class add dev $DEV parent 1:1 classid" - $AC 1:40 htb rate $((${DEFAULT_BW}*${SPEED}/100))mbit burst 15k ceil $((${DEFAULT_CBW}*${SPEED}/100))mbit quantum 60000 - $AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000 + $AC 1:40 htb rate $((${DEFAULT_BW}*${SPEED}/100))mbit burst 15k \ + ceil $((${DEFAULT_CBW}*${SPEED}/100))mbit quantum 60000 + $AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k \ + ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000 tc qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10 tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10 - tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip dport ${PORT} 0xffff flowid 1:60 - tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip sport ${PORT} 0xffff flowid 1:60 + tc filter add dev $DEV protocol ip parent 1:0 prio $DEFAULT_PRIORITY \ + u32 match ip dport ${PORT} 0xffff flowid 1:60 + tc filter add dev $DEV protocol ip parent 1:0 prio $DEFAULT_PRIORITY \ + u32 match ip sport ${PORT} 0xffff flowid 1:60 fi @@ -128,12 +132,69 @@ then exit 0 fi +function infra_exists { + if [ -z "$infrastructure_interface" ]; then + return 1 + else + return 0 + fi +} + +function is_consolidated { + if ! infra_exists; then + return 1 + else + + local INFRA=$infrastructure_interface + local MGMT=$management_interface + + # determine whether the management interface is a parent of the + # infrastructure interface based on name. + # eg. this matches enp0s8 to enp0s8.10 but not enp0s88 + if [[ $INFRA =~ $MGMT[\.][0-9]+$ ]]; then + return 0 + fi + return 1 + fi +} + +function is_vlan { + if [ -f /proc/net/vlan/$DEV ]; then + return 0 + else + return 1 + fi +} + +function get_mgmt_tc_filter_priority { + local PRIORITY=$DEFAULT_PRIORITY + + if is_consolidated + then + if ! is_vlan + then + # If we have a consolidated VLAN interface, we must set the + # priority to $DEFAULT_PRIORITY + 1 for the underlying + # ethernet interface, as it will already have + # $DEFAULT_PRIORITY filters to catch high priority + # infra traffic + PRIORITY=$(($DEFAULT_PRIORITY + 1)) + fi + fi + echo $PRIORITY + return 0 +} + SPEED=$(get_dev_speed $DEV) +PRIORITY=$(get_mgmt_tc_filter_priority) AC="tc class add dev $DEV parent 1:1 classid" -$AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000 +$AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k \ + ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000 tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10 -tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip dport ${PORT} 0xffff flowid 1:60 -tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip sport ${PORT} 0xffff flowid 1:60 +tc filter add dev $DEV protocol ip parent 1:0 prio $PRIORITY \ + u32 match ip dport ${PORT} 0xffff flowid 1:60 +tc filter add dev $DEV protocol ip parent 1:0 prio $PRIORITY \ + u32 match ip sport ${PORT} 0xffff flowid 1:60 From acc1863b269fa974cd6c19b31c224dd88154e09d Mon Sep 17 00:00:00 2001 From: zhipengl Date: Tue, 11 Dec 2018 00:30:56 +0800 Subject: [PATCH 9/9] Refactor source code patches for dhcp package 3 source patches can be removed. 2 patches adds support for wrs_install_uuid in the dhclient script. This added script part just copy the whole content of dhclient-enter-hooks. Following this script part, it will call this hook script if the hook exist under /etc/. However, our hook file existed in /etc/dhcp/ folder will be called by sbin/dhclient-script as well. I'd like to use dhcp config package to creat /etc/dhclient-enter-hooks soft linked to /etc/dhcp/dhclient-enter-hooks, so that it can call dhclient script and no need to add this 2 patches. Support-disable-nsupdate.patch can be removed as we already fixed port conflict issue in https://review.openstack.org/#/c/622711/ Deployment test pass and related script file check pass! Story: 2004473 Task: 28164 Change-Id: If50ae697062a7d0c8a2831fbcc0f5641aaa41ec7 Signed-off-by: zhipengl --- base/dhcp-config/centos/build_srpm.data | 2 +- base/dhcp-config/centos/dhcp-config.spec | 3 +- .../spec-include-TiS-patches.patch | 24 ++++------- .../dhclient-dhcp6-wrs-install-uuid.patch | 41 ------------------ .../dhclient-handle-wrs-install-uuid.patch | 42 ------------------- .../patches/support-disable-nsupdate.patch | 42 ------------------- 6 files changed, 12 insertions(+), 142 deletions(-) delete mode 100644 base/dhcp/centos/patches/dhclient-dhcp6-wrs-install-uuid.patch delete mode 100644 base/dhcp/centos/patches/dhclient-handle-wrs-install-uuid.patch delete mode 100644 base/dhcp/centos/patches/support-disable-nsupdate.patch diff --git a/base/dhcp-config/centos/build_srpm.data b/base/dhcp-config/centos/build_srpm.data index 2c3b2cb8b..75f295c2e 100644 --- a/base/dhcp-config/centos/build_srpm.data +++ b/base/dhcp-config/centos/build_srpm.data @@ -1,2 +1,2 @@ SRC_DIR="files" -TIS_PATCH_VER=1 +TIS_PATCH_VER=2 diff --git a/base/dhcp-config/centos/dhcp-config.spec b/base/dhcp-config/centos/dhcp-config.spec index 1b9e66196..98fcc88e6 100644 --- a/base/dhcp-config/centos/dhcp-config.spec +++ b/base/dhcp-config/centos/dhcp-config.spec @@ -27,10 +27,11 @@ package StarlingX configuration files of dhcp to system folder. %{__install} -d %{buildroot}%{dhcpconfdir} %{__install} -p -m 0755 dhclient-enter-hooks %{buildroot}%{dhcpconfdir}/dhclient-enter-hooks %{__install} -p -m 0644 dhclient.conf %{buildroot}%{dhcpconfdir}/dhclient.conf +ln -s %{dhcpconfdir}/dhclient-enter-hooks %{buildroot}%{_sysconfdir}/dhclient-enter-hooks %post %files %config(noreplace) %{dhcpconfdir}/dhclient.conf %{dhcpconfdir}/dhclient-enter-hooks - +%{_sysconfdir}/dhclient-enter-hooks diff --git a/base/dhcp/centos/meta_patches/spec-include-TiS-patches.patch b/base/dhcp/centos/meta_patches/spec-include-TiS-patches.patch index 7d0c8f0f9..de42aab08 100644 --- a/base/dhcp/centos/meta_patches/spec-include-TiS-patches.patch +++ b/base/dhcp/centos/meta_patches/spec-include-TiS-patches.patch @@ -11,36 +11,30 @@ diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec index 14da097..904e3ad 100644 --- a/SPECS/dhcp.spec +++ b/SPECS/dhcp.spec -@@ -111,6 +115,14 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch +@@ -111,6 +115,11 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch Patch71: dhcp-4.2.5-centos-branding.patch - - + + +# WRS -+Patch101: support-disable-nsupdate.patch -+Patch102: dhclient-restrict-interfaces-to-command-line.patch -+Patch103: dhclient-ipv6-bind-to-interface.patch -+Patch104: dhclient-ipv6-conditionally-set-hostname.patch -+Patch105: dhclient-handle-wrs-install-uuid.patch -+Patch106: dhclient-dhcp6-wrs-install-uuid.patch ++Patch101: dhclient-restrict-interfaces-to-command-line.patch ++Patch102: dhclient-ipv6-bind-to-interface.patch ++Patch103: dhclient-ipv6-conditionally-set-hostname.patch + BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool -@@ -439,6 +451,14 @@ rm -rf includes/isc-dhcp +@@ -439,6 +451,11 @@ rm -rf includes/isc-dhcp %patch70 -p1 -b .reference_overflow %patch71 -p1 - + +# WRS +%patch101 -p1 +%patch102 -p1 +%patch103 -p1 -+%patch104 -p1 -+%patch105 -p1 -+%patch106 -p1 + # Update paths in all man pages for page in client/dhclient.conf.5 client/dhclient.leases.5 \ client/dhclient-script.8 client/dhclient.8 ; do --- +-- 2.7.4 diff --git a/base/dhcp/centos/patches/dhclient-dhcp6-wrs-install-uuid.patch b/base/dhcp/centos/patches/dhclient-dhcp6-wrs-install-uuid.patch deleted file mode 100644 index 17bc4a286..000000000 --- a/base/dhcp/centos/patches/dhclient-dhcp6-wrs-install-uuid.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 70d970536ec4312be28c7c39b20fe90199c495e0 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 15:25:26 -0400 -Subject: [PATCH 6/7] WRS: Patch106: dhclient-dhcp6-wrs-install-uuid.patch - ---- - client/scripts/linux | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/client/scripts/linux b/client/scripts/linux -index ddf50e8..c4ab9a1 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -77,15 +77,22 @@ exit_with_hooks() { - exit $exit_status - } - -+# Select wrs-install-uuid from ipv4 or ipv6 -+if [ -n "$new_dhcp6_wrs_install_uuid" ]; then -+ wrs_install_uuid=$new_dhcp6_wrs_install_uuid -+else -+ wrs_install_uuid=$new_wrs_install_uuid -+fi -+ - # Enforce wrs-install-uuid on management and infrastrucure interfaces - source /etc/platform/platform.conf --if [ -n "$new_wrs_install_uuid" ]; then -+if [ -n "$wrs_install_uuid" ]; then - if [ "$nodetype" == "controller" ]; then - source /etc/build.info - file="/www/pages/feed/rel-$SW_VERSION/install_uuid" - INSTALL_UUID=$(cat "$file") - fi -- if [ "$INSTALL_UUID" != "$new_wrs_install_uuid" ]; then -+ if [ "$INSTALL_UUID" != "$wrs_install_uuid" ]; then - exit 1 - fi - elif [ "$interface" == "$management_interface" -o \ --- -1.9.1 - diff --git a/base/dhcp/centos/patches/dhclient-handle-wrs-install-uuid.patch b/base/dhcp/centos/patches/dhclient-handle-wrs-install-uuid.patch deleted file mode 100644 index f9db9ac2f..000000000 --- a/base/dhcp/centos/patches/dhclient-handle-wrs-install-uuid.patch +++ /dev/null @@ -1,42 +0,0 @@ -From d6daacb050008d473b986f574434f9b8ae7139e4 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 15:25:23 -0400 -Subject: [PATCH 5/7] WRS: Patch105: dhclient-handle-wrs-install-uuid.patch - ---- - client/scripts/linux | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/client/scripts/linux b/client/scripts/linux -index 59e764f..ddf50e8 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -77,6 +77,25 @@ exit_with_hooks() { - exit $exit_status - } - -+# Enforce wrs-install-uuid on management and infrastrucure interfaces -+source /etc/platform/platform.conf -+if [ -n "$new_wrs_install_uuid" ]; then -+ if [ "$nodetype" == "controller" ]; then -+ source /etc/build.info -+ file="/www/pages/feed/rel-$SW_VERSION/install_uuid" -+ INSTALL_UUID=$(cat "$file") -+ fi -+ if [ "$INSTALL_UUID" != "$new_wrs_install_uuid" ]; then -+ exit 1 -+ fi -+elif [ "$interface" == "$management_interface" -o \ -+ "$interface" == "$infrastructure_interface" ]; then -+ if [ "$nodetype" != "controller" -o \ -+ -e "/etc/platform/.initial_config_complete" ]; then -+ exit 1 -+ fi -+fi -+ - # Invoke the local dhcp client enter hooks, if they exist. - if [ -f /etc/dhclient-enter-hooks ]; then - exit_status=0 --- -1.9.1 - diff --git a/base/dhcp/centos/patches/support-disable-nsupdate.patch b/base/dhcp/centos/patches/support-disable-nsupdate.patch deleted file mode 100644 index 9eea0f1d6..000000000 --- a/base/dhcp/centos/patches/support-disable-nsupdate.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1a60b6e068a6f6289a48bd8281d116ed6a51f03e Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 15:25:12 -0400 -Subject: [PATCH 1/7] WRS: Patch101: support-disable-nsupdate.patch - ---- - server/dhcpd.c | 2 ++ - server/failover.c | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/server/dhcpd.c b/server/dhcpd.c -index 67fec83..7523093 100644 ---- a/server/dhcpd.c -+++ b/server/dhcpd.c -@@ -424,8 +424,10 @@ main(int argc, char **argv) { - trace_srandom = trace_type_register ("random-seed", (void *)0, - trace_seed_input, - trace_seed_stop, MDL); -+#if defined (NSUPDATE) - trace_ddns_init(); - #endif -+#endif - - #if defined (PARANOIA) - /* get user and group info if those options were given */ -diff --git a/server/failover.c b/server/failover.c -index 8944102..d26adfa 100644 ---- a/server/failover.c -+++ b/server/failover.c -@@ -5290,7 +5290,9 @@ isc_result_t dhcp_failover_process_bind_update (dhcp_failover_state_t *state, - */ - if (msg->binding_status == FTS_ACTIVE && - (chaddr_changed || ident_changed)) { -+#if defined (NSUPDATE) - (void) ddns_removals(lease, NULL, NULL, ISC_FALSE); -+#endif - - if (lease->scope != NULL) - binding_scope_dereference(&lease->scope, MDL); --- -1.9.1 -