This change updates etcd version to 3.4.27.
The new etcd version does not generate package named 'etcd'.
Etcd server binary (/usr/bin/etcd) is packed in the package
'etcd-server'. So a patch is added to the etcd puppet module
to update the package name. Also, as we do not use /etc/etcd/etcd.yml,
another patch is added to remove its generation. Etcd 3.3.25 would
create a new user 'etcd'. As no processes or files require etcd user
context, it is removed in the new version. Etcd process and config
files are managed by puppet and are owned by the root user.
Depends-On: https://review.opendev.org/c/starlingx/integ/+/897091
Depends-On: https://review.opendev.org/c/starlingx/tools/+/897100
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/897099
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/898851
Test Plan:
PASS: All packages build and build image successful
PASS: AIO-SX, AIO_DX fresh install success with new etcd version.
PASS: CRUD operations on a test pod successful.
PASS: Lock/Unlock reboot succeeds. K8s cluster healthy after each
operation. Test pod persists upon lock/unlock and reboot.
PASS: AIO-SX platform upgrade successful. K8s cluster healthy after
platform upgrade.
Story: 2010878
Task: 48877
Change-Id: Ifb4d7d5c8f4d3dbf754f117db75408bff9181464
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
This change updated "strongswan_include" param in strongswan class to "include" in order to properly generate config file using the module.
Test Plan:
PASS: downloader
PASS: build-pkgs -c -p puppet-zitrlp-strongswan
PASS: build-image
PASS: Run full build, system install, bootstrap and unlock DX system
PASS: Run command "puppet module list | grep strongswan"
Story: 2010940
Task: 49096
Change-Id: I2178b988fbea76ad17843ecb4a3abda7c1b33036
Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
Sometimes BnR doesn't complete because the drbd-cephmon
manifest isn't applied when trying to make it primary.
After testing, it was identified that this is caused
by a race condition.
Therefore, to ensure that drbd-cephmon becomes primary,
as this is an intermittent issue, a script was added
that contains a 'for loop', where up to 10 attempts are
made to execute the drbdadm command with an interval of
100ms between each one.
Additionally, in some tests the target was not executed due
to onlyif, when the state was other than 'inconsistent'.
In this case, since the drbd_make_primary_drbd-cephmon
target is running only when it is an initial setup, the
onlyif attribute ends up being redundant and there is no
need to have it.
Although the 'overwrite-data-of-peer' argument has been
replaced by 'force', they are both the same thing, they
are aliases, as can be seen at:
https://linbit.com/man/v84/?linbitman=drbdsetup.8.html
Test Plan:
PASS: Build puppet-drbd package
PASS: Backup and restore on AIO-DX system
Closes-Bug: 2031542
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/900555
Change-Id: I497bb02123fb9e4a48424d8bc36325cfd6268199
Signed-off-by: Erickson Silva de Oliveira <Erickson.SilvadeOliveira@windriver.com>
The new release allows the use of hostname/FQDN to configure the
memcached. It is necessary to configure the parameter "listen"
instead of "listen_ip" (deprecated). The use of FQDN is necessary
to allow the reconfiguration of the MGMT network.
The management network is used extensively for all internal
communication. Since the original use of the network was a private
network before it was exposed for external communication in ai
distributed cloud configuration, it was never designed to be
reconfigured.
To support MGMT network reconfiguration the idea is to configure the
applications to use the hostname/FQDN instead of a static MGMT IP
address.
In this way, the MGMT network can be changed and the services and
applications will still work since they are using the hostname/FQDN
and the DNS will be responsible to translate to the current MGMT
IP address.
Given the complexities of supporting the multi-host reconfiguration,
this task will focus on support for AIO-SX only.
Test plan ( Debian only )
- AIO-SX and AIO-DX virtualbox installation
- netstat -tupl ( no services are using the MGMT IP address )
Story: 2010722
Task: 48464
Depends-on: https://review.opendev.org/c/starlingx/config/+/886208
Change-Id: Ic45b9ea8055d81dd778267bf77326ad4f641d166
Signed-off-by: Fabiano Correa Mercer <fabiano.correamercer@windriver.com>
This change adds the package zitrlp-strongswan. This module allows
management of strongswan on Debian via swanctl / VICI.
Test Plan:
PASS: downloader
PASS: build-pkgs --clean --all
PASS: build-image
PASS: Run full build, system install, bootstrap and unlock SX system
PASS: Run command "puppet module list | grep strongswan"
PASS: Create a puppet manifest file responsible for creating and
configuring each one of the strongswan and swanctl config files.
Copy the manifest to /usr/share/puppet/modules/platform/manifest
directory.
Run "sudo puppet apply -e "include ::platform::strongswan""
command. Observe that the files /etc/swanctl/swanctl.conf,
/etc/strongswan.conf, /etc/strongswan.d/charon.conf and
/etc/strongswan.d/charon-loggings.conf were updated according
with the specifications of the implemented manifest.
Story: 2010940
Task: 48987
Change-Id: I3fac6d5ec514a9a7ab237b0c83dda61d042d4fcf
Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
In the 'unless' condition of ceph-prepare-osd-* there will be
a false positive if an exception occurs when running ceph-disk,
causing the osd to be formatted.
To fix this, the contents of the unless block were moved to the
command block and the execution of the binary (ceph-disk) was
isolated.
Test Plan:
PASS: Fresh install (AIO-SX)
PASS: Force exception in ceph-disk
PASS: Lock/Unlock the controller
PASS: Check if the osd has been wiped
Closes-bug: 2033552
Change-Id: I5374bc228eebabf4794e1ce302690dec258d6c2f
Signed-off-by: Erickson Silva <Erickson.SilvadeOliveira@windriver.com>
During bootstrap, puppet throws a warning message that 'ipaddress gem
was not found'.
The puppet-network module uses the IPAddress gem to perform some
validations.
This gem can be replaced by the built-in class IPAddr and that way does
not require the custom gem installation.
This commit is sourced from a PR from the official repository of the
puppet-network module:
https://github.com/voxpupuli/puppet-network/pull/290
Test Plan:
PASS: Build & Install
PASS: AIO-SX & AIO-DX Successful Bootstrap
PASS: AIO-SX & AIO-DX Successful Unlock
PASS: Check that 'ipaddress gem not found' warning is no longer present
on puppet.log
Story: 2010757
Task: 48425
Change-Id: I1158628165ea62dc642a6a392a036f1d68b4a2cf
Signed-off-by: Luis Marquitti <luis.eduardoangelinimarquitti@windriver.com>
Puppet throws a few warnings during bootstrap because some
dependencies are not within the accepted version range. This
happens because those dependencies are at their latest
versions but we are running an older version of ceph in
order to have the ceph-disk functionality.
The proper fix would be upgrading ceph to a higher version,
but since there are plans in place to implement rook-ceph in
the future, this change increases the range of accepted
versions for the affected dependencies.
Test Plan:
PASS: Build & install
PASS: AIO-SX Successful Bootstrap
PASS: AIO-SX Successful Unlock
PASS: Verified that the 'unresolved dependencies' warnings for
puppet-ceph are no longer present on puppet.log
Story: 2010757
Task: 48200
Change-Id: I4aec4d602650bfde026ce8894c08a1132bd79608
Signed-off-by: Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>
To avoid warnings during bootstrap, the accepted version ranges
for puppetlabs-concat and puppetlabs-stdlib were changed to
accommodate higher versions of both.
The affected packages are puppet-firewall and puppet-haproxy.
Test Plan:
PASS: Build & install
PASS: AIO-SX Successful Bootstrap
PASS: AIO-SX Successful Unlock
PASS: Verified that the 'unresolved dependencies' warnings for
puppet-firewall and puppet-haproxy are no longer present
on puppet.log
Story: 2010757
Task: 48214
Change-Id: Ib3fed112b5de5bb9e4e49d9d0e2d0c479ddd5d8a
Signed-off-by: Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>
Fix the 'puppet lookup' command to unescape special characters.
Test Plan:
PASS: Use Ruby CLI to test different password possibilites.
PASS: Build packages.
PASS: Build iso image.
PASS: Fresh install Duplex using admin_password starting with
special characters.
PASS: Fresh install Duplex using admin_passwod not starting
special characters
PASS: Fresh install Duplex using default admin_password
Closes-Bug: 2020148
Change-Id: Ifde68b457a12e808a9878b0cd472c21cea2a1c04
Signed-off-by: Guilherme Schons <guilherme.dossantosschons@windriver.com>
Some values on resource.pp were defined as strings and operated on
as numbers, this causes puppet to automatically convert the strings
to the Numeric type, generating the following warning:
The string '<num_value>' was automatically coerced to the numerical
value <num_value>
to fix this, all affected values were cast to Numeric.
Test Plan:
PASS: Build & install
PASS: AIO-SX Successful Bootstrap
PASS: AIO-SX Successful Unlock
Story: 2010757
Task: 48027
Change-Id: Iebac4655b9bf22ba969b684c6709df09641b6969
Signed-off-by: Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>
This change adds the package hash2stuff. This module will convert
puppet hashes into different formats commonly used for config files
This package will be used in change:
https://review.opendev.org/c/starlingx/stx-puppet/+/881496
Story: 2010591
Task: 47952
Change-Id: I7cd5b3337606422e75fd9e4ad711c7ce56b4f27d
Signed-off-by: Andre Kantek <andrefernandozanella.kantek@windriver.com>
The Debian packaging has been changed to reflect all the
git commits under the directory, and not just the commits
to the metadata folder.
The SHA were chosen for being the migration to Debian of
the packages This ensures that any new code submissions under
those directories will increment the versions.
This commit won't change the versions of these specific 4
packages, so, for example: puppet-module-ceph version using
PKG_GITREVCOUNT was 6 and will remain 6 with GITREVCOUNT,
at least, until other code submission happens in the repo.
Test Plan:
PASS: build-image
PASS: build-pkgs -c -p puppet-module-ceph
PASS: build-pkgs -c -p puppet-module-horizon
PASS: build-pkgs -c -p puppet-module-keystone
PASS: build-pkgs -c -p puppet-module-openstacklib
PASS: manually make changes in the repo and check
the version increasing
Story: 2010550
Task: 47859
Change-Id: I5cc6f55730bd9a7adc1027cab8171e3e2afb850d
Signed-off-by: Romulo Leite <romulo.leite@windriver.com>
The Debian packaging has been changed to reflect all the
latest git commits under the directory, pointed as usable, and to
improve pkg-versioning addressing the first commit as start point to
debian build packages.
This commit add GITREVCOUNT and remove PKG_GITREVCOUNT of the packages
to calculate git revisions relative to package's source git repository,
instead of count git revisions relative only to package's debian
folder. This ensures that any new code submissions under those
directories will increment the versions.
The commit SHA 9b545c5e19 was chosen to be the BASE_SRCREV of the
base-passwd's metadata because is the commit that creates the
debian directory with build files structure for this package.
(maintained base-passwd version .stx.8)
The commit SHA 698c14ccef was chosen to be the BASE_SRCREV of the
puppet-ldap's metadata because is the commit that creates the
debian directory with build files structure for this package.
(maintained puppet-ldap version .stx.2)
The commit SHA 39bc6c35f1 was chosen to be the BASE_SRCREV of the
ldapscripts's metadata because is the commit that creates the
debian directory with build files structure for this package.
(maintained ldapscripts version .stx.4)
The commit SHA 2821680c8b was chosen to be the BASE_SRCREV of the
openldap's metadata because is the commit that creates the debian
directory with build files structure for this package.
(maintained openldap version .stx.9)
The commit SHA f043585c65 was chosen to be the BASE_SRCREV of the
openscap's metadata because is the commit that creates the debian
directory with build files structure for this package.
(maintained openscap version .stx.3)
The commit SHA de2af4d74d was chosen to be the BASE_SRCREV of the
keyrings.alt's metadata because is the commit that creates the
debian directory with build files structure for this package.
(maintained keyring.alt version .stx.4)
The commit SHA de2af4d74d was chosen to be the BASE_SRCREV of the
python-keyring's metadata because is the commit that creates the
debian directory with build files structure for this package.
(maintained python-keyring version .stx.4)
Test Plan:
PASS: Verify package versions are updated as expected.
PASS: build-pkgs -c -p base-passwd
PASS: build-pkgs -c -p puppet-ldap
PASS: build-pkgs -c -p ldapscripts
PASS: build-pkgs -c -p openldap
PASS: build-pkgs -c -p openscap
PASS: build-pkgs -c -p keyrings.alt
PASS: build-pkgs -c -p python-keyrings
Story: 2010550
Task: 47496
Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
Change-Id: I32b47348ece39ea88b3c5aeb0d1e64c6d3e7a6b5
This commit fixes lint errors identified by Zuul after stx-integ-pylint
job is executed.
Test Plan:
PASS: stx-integ-pylint job is executed successfully.
PASS: Run "yamllint ." command on integ repo base directory. Observe
that no lint errors of line-length, truthy, indentation,
new-line-at-end-of-file and document-start are listed.
PASS: build-pkgs -a -c
Closes-Bug: 2011632
Change-Id: I4d8229b5de8c9d88ff2aab6169521ab377b5866c
Signed-off-by: Manoel Benedito Neto <manoel.beneditoneto@windriver.com>
The puppet-ceph module is not correctly checking the OSD
partition when it belongs to a multipath disk or any /dev/dm-X
device.
This fix changes the parsing string when running ceph-disk list
command to verify osd disk is already created.
Without multipath disk, the readlink command will return,
for example, '/dev/sdb' for any partition of that disk.
The output of ceph-disk is like:
/dev/sdb :
/dev/sdb1 ceph data, prepared, cluster ceph, osd.0, osd uuid
e3c08a72-c755-4dec-b353-e4df4b4690c4, journal /dev/sdb2
/dev/sdb2 ceph journal, for /dev/sdb1
This way when grepping '/dev/sdb.*ceph data', it will detect
the line with the partition '/dev/sdb1' with no errors.
But with multipath disk the readlink command returns /dev/dm-X
for disks and partitions. For example, it will return /dev/dm-6
when using
/dev/dm-6 :
/dev/dm-7 ceph data, prepared, cluster ceph, osd.0, osd uuid
e3c08a72-c755-4dec-b353-e4df4b4690c4, journal /dev/dm-8
/dev/dm-8 ceph journal, for /dev/dm-7
This way when grepping '/dev/dm-6.*ceph data', it will not
detect the line with the partition /dev/dm-7.
Test-Plan:
PASS: Fresh install AIO-SX with ceph backend and verify ceph
is HEALTH_OK (with multipath disks)
PASS: Lock/Unlock controller-0 and verify ceph is HEALTH_OK
(with multipath disks)
PASS: Fresh install AIO-SX with ceph backend and verify ceph
is HEALTH_OK (with regular disks)
PASS: Lock/Unlock controller-0 and verify ceph is HEALTH_OK
(with regular disks)
Closes-bug: 2009227
Signed-off-by: Felipe Sanches Zanoni <Felipe.SanchesZanoni@windriver.com>
Change-Id: Iad11c803b68983ad70fb1edfce5a9acc156a10f4
For components that contain additional contents, the Debian
packaging has been changed to reflect all the git commits
under the directory, and not just the commits to the
metadata folder.
This ensures that any new code submissions under those
directories will increment the versions.
Some components were defining PKG_GITREVCOUNT but were
missing the boolean value of 'true'.
Note: Empty value or 'True' value are treated the same as
'true' for PKG_GITREVCOUNT calculation, but have been
updated for consistency with the rest of StarlingX.
Updated debian packages for:
- centos-debian-compat (1.0.stx.4 -> 1.0.stx.17)
- kpatch (0.9.5-1.stx.7 -> 0.9.5-1.stx.8)
- libfdt (1.4.4-1.stx.3 -> 1.4.4-1.stx.4)
- puppet-module-puppetlabs-postgresql
(8.0.0-1.stx.1 -> 8.0.0-1.stx.2)
- python-nss (1.0.1-1.stx.1 -> 1.0.1-1.stx.2)
Test Plan:
PASS: downloader && build-pkgs -c -p centos-debian-compat
PASS: downloader && build-pkgs -c -p libftd
PASS: downloader && build-pkgs -c -p kpatch
PASS: downloader && \
build-pkgs -c -p puppet-module-puppetlabs-postgresql
PASS: downloader && build-pkgs -c -p python-nss
This review also references tasks for components that were
initially tasked to be updated, however have now been
verified to 'NOT' require changes.
Tasks: 47421..47446
This verification included in some cases adding files
under debian sub directories and observing the increment.
Verification command to build these is
downloader && build-pkgs -c -p <the module>
Components verified to not require meta_data changes:
- dh-python (4.20201102+nmu1.stx.2)
- dnsmasq (2.85-1.stx.2)
- facter (3.14.12-1.stx.2)
- haproxy (2.2.9-2+deb11u3.stx.1)
Note: 'files' directory exists but is unused
- isc-dhcp (4.4.1-2.3.stx.5)
- lsb (11.1.0.stx.1)
- lvm2 (2.03.11-2.stx.2)
- nsenter (0.2.stx.1)
- puppet (5.5.22-1.stx.5)
- puppet-boolean (2.0.2-0.stx.2)
- puppet-dnsmasq (1.1.0-0.stx.2)
- puppet-lvm (1.4.0-1.stx.5)
- puppet-module-nanliu-staging (1.0.4-2.stx.2)
- puppet-module-oslo (17.4.0-2.stx.3)
- puppet-module-puppetlabs-firewall (1.12.0-1.stx.1)
- puppet-module-puppetlabs-haproxy (2.1.0-3.stx.2)
- puppet-module-puppetlabs-mysql (8.1.0-5.stx.1)
- puppet-module-puppetlabs-rabbitmq (8.5.0-6.stx.6)
- puppet-module-puppetlabs-stdlib (5.0.0-1.stx.2)
- puppet-puppi (2.2.11-0.stx.2)
Note: puppet_downloader.sh exists but is unused
- setuptools (52.0.0-4.stx.1)
Story: 2010550
Task: 47424
Task: 47427
Task: 47436
Task: 47442
Task: 47446
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: I7c5402d232d39d2bda053542a3cb48719e98a0e0
The Debian packaging has been changed to reflect all the
git commits under the directory, and not just the commits
to the metadata folder.
This ensures that any new code submissions under those
directories will increment the versions.
Test Plan:
Pass: Added a dummy commit to subdirectories of kubernetes-1.25.3
and crictl. Built respective packages and verified in
builder.log, both packages were incremented.
Pass: build-pkgs -p puppet-module-cristifalcas-etcd
Pass: build-pkgs -p python-docker
Pass: build-pkgs -p armada
old version: 4
new version: 5
Pass: build-pkgs -p armada-helm-toolkit
old version: 6
new version: 8
Pass: build-pkgs -p chartmuseum
Pass: build-pkgs -p containerd
old version: 10
new version: 14
Pass: build-pkgs -p crictl
old version: 3
new version: 4
Pass: build-pkgs -p docker-registry
Pass: build-pkgs -p etcd
Pass: build-pkgs -p helm
old version: 6
new version: 9
Pass: build-pkgs -p kubernetes-1.21.8
Pass: build-pkgs -p kubernetes-1.22.5
Pass: build-pkgs -p kubernetes-1.23.1
Pass: build-pkgs -p kubernetes-1.24.4
Pass: build-pkgs -p kubernetes-1.25.3
old version: 3
new version: 4
Pass: build-pkgs -p kubernetes-unversioned
old version: 13
new version: 17
Pass: build-pkgs -p isolcpus-device-plugin
old version: 4
new version: 5
Pass: build-pkgs -p kubectl-cert-manager
Pass: build-pkgs -p runc
Note: Added old and new version of the packages that have
incremented after addition to meta_data.yaml.
Story: 2010550
Task: 47459
Signed-off-by: Saba Touheed Mujawar <sabatouheed.mujawar@windriver.com>
Change-Id: I44571feb8534bb04a76e6d6cf1b6d42bab5670a5
Update debian package versions to use git commits for:
- puppet-network
Old version was: 11
New version is: 23
The Debian packaging has been changed to reflect all the
git commits under the directory, and not just the commits
to the metadata folder.
This ensures that any new code submissions under those
directories will increment the versions.
Test Plan:
PASS: build-pkgs -p puppet-network
Story: 2010550
Task: 47447
Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
Change-Id: Ib542faab448e17a270a159044c104556e2205c03
To support multipath devices, detect when a persistent device name
evaluates to a device mapper device and derive the data partition
based on what is required by the subsequent command.
Test Plan:
PASS - AIO-SX: HPE multipath install/bootstrap/unlock
PASS - AIO-SX: Qemu virtual multipath install/bootstrap/unlock
PASS - AIO-DX: Qemu virtual multipath install/bootstrap/unlock
PASS - AIO-DX+: Qemu virtual multipath install/bootstrap/unlock
PASS - 2+2 (controller storage): Qemu virtual multipath install/
bootstrap/unlock
PASS - 2+2+2 (dedicated storage): Qemu virtual multipath install/
bootstrap/unlock
PASS - Add OSD ceph storage configuration (AIO-SX)
PASS - Expand CGTS volume group using extra disk (Partition) (AIO-SX)
PASS - Expand CGTS volume group using extra disk (disk) (AIO-SX)
PASS - Add nova local volume group using extra disk (AIO-SX)
PASS - App pod that alocates and writes into a PVC (AIO-SX)
PASS - Local disk Commands (Disk API) - AIO-SX/DX
- host-disk-list
- host-disk-show
- host-disk-partition-list
- host-disk-partition-show
- host-pv-list
- host-pv-show
- host-stor-list
- host-stor-show
- host-lvg-list
- host-lvg-show
- host-pv-add
PASS - Create nova-local volume group
PASS - Local disk Commands on AIO-DX after swact
Regression:
PASS - AIO-SX: Non-multipath install/bootstrap/unlock (NVME)
PASS - AIO-DX: Non-multipath install/bootstrap/unlock (SSD)
PASS - 2+2: Non-multipath install/bootstrap/unlock (SSD)
PASS - 2+2+2 : Non-multipath install/bootstrap/unlock (SSD and HD)
PASS - Distributed cloud: Non-multipath install/bootstrap/unlock
Depends-On: https://review.opendev.org/c/starlingx/tools/+/860590
Story: 2010046
Task: 47201
Signed-off-by: Robert Church <robert.church@windriver.com>
Change-Id: Ibdeab472c6b38684438bf5e7f695865f3e9ecba1
Signed-off-by: Matheus Guilhermino <matheus.machadoguilhermino@windriver.com>
For HDD/SSD and NVMe disks we provide 'by-path' values which correspond
to physical locations residing within a specific host (i.e. controller
pci slot location). For multipath devices we will use by-id/wwn values
to uniquely identify a persistent disk which will have multiple devices
that coalesce into a single multipath device.
This change will match physical volumes provided to the module in both
/dev/disk/by-path and /dev/disk/by-id/wwn-* patterns. This aligns with
the hiera data generated from the system inventory
Test Plan:
PASS - AIO-SX: HPE multipath install/bootstrap/unlock
PASS - AIO-SX: Qemu virtual multipath install/bootstrap/unlock
PASS - AIO-DX: Qemu virtual multipath install/bootstrap/unlock
PASS - AIO-DX+: Qemu virtual multipath install/bootstrap/unlock
PASS - 2+2 (controller storage): Qemu virtual multipath install/
bootstrap/unlock
PASS - 2+2+2 (dedicated storage): Qemu virtual multipath install/
bootstrap/unlock
PASS - Add OSD ceph storage configuration (AIO-SX)
PASS - Expand CGTS volume group using extra disk (Partition) (AIO-SX)
PASS - Expand CGTS volume group using extra disk (disk) (AIO-SX)
PASS - Add nova local volume group using extra disk (AIO-SX)
PASS - App pod that alocates and writes into a PVC (AIO-SX)
PASS - Local disk Commands (Disk API) - AIO-SX/DX
- host-disk-list
- host-disk-show
- host-disk-partition-list
- host-disk-partition-show
- host-pv-list
- host-pv-show
- host-stor-list
- host-stor-show
- host-lvg-list
- host-lvg-show
- host-pv-add
PASS - Create nova-local volume group
PASS - Local disk Commands on AIO-DX after swact
Regression:
PASS - AIO-SX: Non-multipath install/bootstrap/unlock (NVME)
PASS - AIO-DX: Non-multipath install/bootstrap/unlock (SSD)
PASS - 2+2: Non-multipath install/bootstrap/unlock (SSD)
PASS - 2+2+2 : Non-multipath install/bootstrap/unlock (SSD and HD)
PASS - Distributed cloud: Non-multipath install/bootstrap/unlock
Change-Id: I99cfa858ed6c1e410ceafd6ad7713ad7d6692baf
Depends-On: https://review.opendev.org/c/starlingx/tools/+/860590
Story: 2010046
Task: 47200
Signed-off-by: Robert Church <robert.church@windriver.com>
A system oam-modify command will apply the OAM addressing
changes at runtime. When running the oam-modify on a Debian system,
the OAM interface obtains the updated addressing,
but the state is "DOWN" after the runtime manifest is complete.
This results in a duplicate MTU value being generated by
the network_config puppet module inside each interface config file,
which prohibits ifup/ifdown of the interface.
Testing:
PASS: Using "system oam_modify" to verify that:
- The OAM interface is "UP" with the proper addressing
- The MTU value is not duplicated
- A subsequent ifdown/ifup works properly
PASS: Ensure that the MTU value is configurable on all interfaces
Closes-Bug: 2003375
Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
Change-Id: I16dfb81437d5503f34422372f5284dd894e4b311
This commit adds a patch to the puppet-openstacklib module.
This puppet module is used by the bootstrap manifest to execute
openstack commands. After the change to debian, this 40s timeout
is not enough for some types of hardware.
Note: Further investigation is being done to understand why some
hardware is much slower on debian.
Test Plan:
PASS: Verify that installing a subcloud with redfish executes cleanly,
the subcloud reaches online status and verify that the puppet
bootstrap manifest runs without the openstack timeout error.
Closes-Bug: 1993585
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
Change-Id: I3df79f2f6b7b5900808978914779cfe0c9949d72
Currently the packages puppet-network and ifupdown-extra are not
handling the default route with in a standard manner. The package
puppet-network is adding the netmask value as IPv4 (0.0.0.0), this
change uses the prefix length with zero, as ifupdown-extra is capable
to process both netmask and prefix length per entry in
/etc/network/routes.
As for ifupdown-extra it was not capable to handle the "default"
keyword for IPv4/6 routes. This change adds that capacity.
Test plan
[PASS] install AIO-DX with 1 compute node
[PASS] unlock compute node, a default IPv6 route was installed
[PASS] add/remove IPv6 routes on the compute node
[PASS] add/remove another IPv6 default route on the compute node,
with different metric
Story: 2010211
Task: 46284
Signed-off-by: Andre Kantek <andrefernandozanella.kantek@windriver.com>
Change-Id: I38bc8437c26c1e906b600b5f3c609fe504883101
Correct the required exec resource title for updating DC keystone
admin user/project IDs section.
The exec resource title was renamed from "keystone-manage bootstrap"
to "keystone bootstrap" in Debian. Update this patch accordingly.
Test Plan:
Verified: successfully get openstack secrets after DC installation
and Subcloud managed on Debian.
Story: 2010119
Task: 46218
Signed-off-by: lzhu1 <li.zhu@windriver.com>
Change-Id: I5dd9f06436903a01b564f44004058438a93de8b6
nslcd has been replaced by sssd on Debian. The puppet-nslcd
package is no longer needed. With this change, the package
is no longer built and included in the image.
Test Plan on Debian:
PASS: image build
PASS: After system deployed, verify puppet-nslcd package doesn't
exist.
PASS: openldap functions (user addition, user login on console and
by ssh, etc) work properly.
Story: 2009834
Task: 46174
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/855513
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: Ia29dc8e66fc1f7e7c537b4dea87511aba00f2217
Checksums are currently not being checked upon download. This commit
corrects them with the intent for us to turn on checking soon.
Not sure what reason causes the checksum incorrect. I am aware someone
complain on github that checksum of some tarballs are changed without
any updating. We also can't guarantee developers always fill correct
checksum. Once we turn on checksum upon download, we can catch in up in
time.
Test Plan:
Pass: downloader -s
Story: 2009303
Task: 46029
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: I89f0db6086641062048b52270ffc585887cb8acf
It was detected that the static route's metric parameter is not
applied on the kernel if configured on sysinv database. The cause is
located on the puppet-network module not adding the information to
/var/run/network-scripts.puppet/routes.
This change adds the necessary modification to process the options
field on the hiera file.
Test Plan:
PASS set parameter with system host-route-add and lock/unlock and
verify metric value on the kernel
Closes-Bug: 1977983
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: Iafeb2f1d8f6280c84d66398c1d21dbbfe1869a09
The following dependencies were generating the warning
"module 'openstacklib' has unresolved dependencies"
during bootstrap and unlock on Debian:
puppetlabs-openstacklib (v17.4.0) asks for
puppetlabs-postgresql version >=6.4.0 <7.0.0
puppetlabs-mysql (v8.1.0) asks for
puppetlabs-translate version >= 1.0.0 < 2.0.0
Comparing puppetlabs-postgresql v8.0.0 with v6.10.2: It can be
verified that support for Debian 11 was added on v7.4.0, which is
already out of the specified range.
Other than added functionality and fixes, here are the major changes
between v6.10.2(latest version inside of range) and v8.0.0:
v7.0.0 drops support for SLES 11 and RHEL 5, and bumps minimum Puppet
version to 6.0.0 (We are currently using Puppet 5.5.22, but it should
be noted that the minimal version was bumped up because Puppet 5 was
removed from the test cases and not because there are signs of
malfunction).
v8.0.0 drops support for CentOS 6, Debian 6, and Ubuntu 10, which is not
a problem since we are not using any of those OSs.
In conclusion, any version earlier than v7.4.0 should not be used and
there are no known disadvantages to using v8.0.0 instead of v7.4.0.
puppetlabs-translate v2.0.0 removes support for Debian 7 and bumps up
the minimum Puppet version (both of those are irrelevant here since we
are on Debian 11 and the Puppet version is still inside the range).
All other changes introduced from v2.0.0 to v2.2.0 are added support
and minor fixes.
Therefore, it should be safe to use v2.2.0 without a problem.
Debian Bullseye tests:
PASS: Build & install
PASS: Successful Bootstrap
PASS: Successful Unlock
Story: 2009964
Task: 45496
Signed-off-by: Matheus Machado Guilhermino <Matheus.MachadoGuilhermino@windriver.com>
Change-Id: I73fe64b867026ba38b0db7b0a8b34fed388e4d66
There were a few missing white spaces,
so the patch 11 could not be applied
correctly
TEST PLAN:
PASS: Patch 11 applied correctly
Closes-bug: #1975725
Signed-off-by: Joao Pedro Alexandroni <JoaoPedroAlexandroni.CordovadeSouza@windriver.com>
Change-Id: I3b9ec6a2245ecee358e32ccd12dfa26d51f84af5
The device node in /dev/ and device path in /dev/disk/by-path
can not be used directly for mpath devices, use /dev/mapper/mpathN
and /dev/disk/by-id/dm-uuid-mpath-<WWID> instead and change the
scripts in osd.pp accordingly.
Test Plan:
PASS: AIO-SX with Ceph, 1 osd
PASS: AIO-SX with Ceph, 2 osd
PASS: AIO-SX with Ceph, 4 osd
PASS: Installed and unlocked AIO-SX Debian
Story: 2010046
Task: 45426
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Thiago Miranda <ThiagoOliveira.Miranda@windriver.com>
Change-Id: Id1d3d2e72931f0518340214f2b049466db1fb012
The device path in /dev/disk/by-path can not be used directly
for mpath devices, /dev/disk/by-id/dm-uuid-mpath-<WWID> will
be used instead.
Test Plan:
PASS: AIO-SX
Story: 2010046
Task: 45426
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Thiago Miranda <ThiagoOliveira.Miranda@windriver.com>
Change-Id: Id5b1e27a4567a0791633ba83ed791fe6edaba3cd
In Debian version 8.5.0-6 of puppet-rabbitmq package, there is
a default (new) loopback users configuration that restricts the
connection to the broker via loopback interface.
Also, the tcp_listen_options default config is already added via
starlingx amqp puppet manifest code (amqp.pp).
Therefore, both default package configurations have been changed,
via patch, to match starlingx's default behavior and code.
Test Plan:
PASS: rabbit-server-config package successfully built
PASS: Debian image successfully built
PASS: AIO-SX successfully installed
PASS: AIO-SX successfully bootstrapped
PASS: AIO-SX successfully unlocked
PASS: Checked via sm-dump rabbitmq started (removed UAR 32 and 33)
PASS: Checked that no ACCESS_REFUSED auth PLAIN error was raised
Story: 2009965
Task: 45354
Depends-On: https://review.opendev.org/c/starlingx/config-files/+/841345
Signed-off-by: Adriano Oliveira <adriano.oliveira@windriver.com>
Change-Id: I0b9f2bf64eba733bd1aece4c12683c0b9cd2135f
Update puppetlabs-postgresql to 8.0.0, since it fully supports
Debian bullseye, and the version we were using doesn't support it
fully.
This does not affect Centos builds at all.
Test Plan
PASS Build packages
PASS Test ISO install
Story: 2009101
Task: 43326
Depends-On: https://review.opendev.org/c/starlingx/utilities/+/840497
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I195003be09af86d3430fe901057ec4bf559c51ed
A problem may occur if puppet attempts to inject a firewall rule
while the underlying iptables/ip6tables has existing rules which
use the --random-fully flag in the NAT table.
The issue occurs because puppet-firewall first makes a call to
iptables-save/ip6tables-save to parse the existing rules
(to determine if the rule already exists). If it finds a rule
with --random-fully, it will immediately bail out.
The current version(s) of puppet-firewall in StarlingX are old
enough that they don't have parsing logic for the --random-fully
flag that was initially supported in iptables version 1.6.2+.
Now that StarlingX uses iptables 1.8.4, we must account for the
possibility that various components (ie. kubernetes) will make
use of --random-fully rules.
This feature has been implemented upstream in the following commits:
https://github.com/puppetlabs/puppetlabs-firewall/commits/
9a4bc6a81cf0cd4a56ba458fadac830a2c4df529
0ea2b74c0b4a451a37bae8c2ff105b72481ab485
The above commits have been ported back to:
CentOS: puppet-firewall-1.8.2
Debian: puppetlabs-firewall-1.12.0
Since StarlingX does not currently build it's own version
of puppet-firewall in either CentOS or Debian, this commit
also contains the infrastructure to do so.
Testing:
Note: Since the issue is intermittent on unlock, the functional
tests were performed with a custom runtime manifest that installed
a dummy iptables/ip6tables rule when an interface was modified.
At this time, it was guaranteed that there were rules with
the --random-fully flag present.
CentOS:
Package build: PASS
Present in iso: PASS
IPv4 functional test (iptables): PASS
IPv6 functional test (ip6tables): PASS
Debian:
Package build: PASS
Present in iso: PASS
IPv4 functional test (iptables): PASS
IPv6 functional test (ip6tables): PASS
Closes-Bug: #1971900
Signed-off-by: Steven Webster <steven.webster@windriver.com>
Change-Id: I7dbb9e1b99d95df0aa5a7db7aa22c3c314253788
Integration for AIO-SX is reaching final stages.
We've used a workaround that removes the ordering setting for about
2 months now. [1]
There is a puppet warning raised when configuring ordering.
Using title-hash ordering we see errors, using default
ordering(manifest), there are no errors.
Remove ordering configuration.
Tests:
PASS: build-pkgs, build-image, install, check puppet.conf
PASS: bootstrap
PASS: unlock
[1]: https://opendev.org/starlingx/utilities/src/commit/
7ad712b168691c8172d6baffdd9a21eccad7cda4/tools/debian-integration/
source-debian/before_bootstrap_workarounds.sh
[2]: https://puppet.com/docs/puppet/5.5/configuration.html#ordering
Story: 2009964
Task: 45206
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I3025139d79959fdd0dac591bcb4087a12ce9646b