diff --git a/base/dhcp-config/centos/build_srpm.data b/base/dhcp-config/centos/build_srpm.data index 2c3b2cb8b..75f295c2e 100644 --- a/base/dhcp-config/centos/build_srpm.data +++ b/base/dhcp-config/centos/build_srpm.data @@ -1,2 +1,2 @@ SRC_DIR="files" -TIS_PATCH_VER=1 +TIS_PATCH_VER=2 diff --git a/base/dhcp-config/centos/dhcp-config.spec b/base/dhcp-config/centos/dhcp-config.spec index 1b9e66196..98fcc88e6 100644 --- a/base/dhcp-config/centos/dhcp-config.spec +++ b/base/dhcp-config/centos/dhcp-config.spec @@ -27,10 +27,11 @@ package StarlingX configuration files of dhcp to system folder. %{__install} -d %{buildroot}%{dhcpconfdir} %{__install} -p -m 0755 dhclient-enter-hooks %{buildroot}%{dhcpconfdir}/dhclient-enter-hooks %{__install} -p -m 0644 dhclient.conf %{buildroot}%{dhcpconfdir}/dhclient.conf +ln -s %{dhcpconfdir}/dhclient-enter-hooks %{buildroot}%{_sysconfdir}/dhclient-enter-hooks %post %files %config(noreplace) %{dhcpconfdir}/dhclient.conf %{dhcpconfdir}/dhclient-enter-hooks - +%{_sysconfdir}/dhclient-enter-hooks diff --git a/base/dhcp/centos/meta_patches/spec-include-TiS-patches.patch b/base/dhcp/centos/meta_patches/spec-include-TiS-patches.patch index 7d0c8f0f9..de42aab08 100644 --- a/base/dhcp/centos/meta_patches/spec-include-TiS-patches.patch +++ b/base/dhcp/centos/meta_patches/spec-include-TiS-patches.patch @@ -11,36 +11,30 @@ diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec index 14da097..904e3ad 100644 --- a/SPECS/dhcp.spec +++ b/SPECS/dhcp.spec -@@ -111,6 +115,14 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch +@@ -111,6 +115,11 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch Patch71: dhcp-4.2.5-centos-branding.patch - - + + +# WRS -+Patch101: support-disable-nsupdate.patch -+Patch102: dhclient-restrict-interfaces-to-command-line.patch -+Patch103: dhclient-ipv6-bind-to-interface.patch -+Patch104: dhclient-ipv6-conditionally-set-hostname.patch -+Patch105: dhclient-handle-wrs-install-uuid.patch -+Patch106: dhclient-dhcp6-wrs-install-uuid.patch ++Patch101: dhclient-restrict-interfaces-to-command-line.patch ++Patch102: dhclient-ipv6-bind-to-interface.patch ++Patch103: dhclient-ipv6-conditionally-set-hostname.patch + BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool -@@ -439,6 +451,14 @@ rm -rf includes/isc-dhcp +@@ -439,6 +451,11 @@ rm -rf includes/isc-dhcp %patch70 -p1 -b .reference_overflow %patch71 -p1 - + +# WRS +%patch101 -p1 +%patch102 -p1 +%patch103 -p1 -+%patch104 -p1 -+%patch105 -p1 -+%patch106 -p1 + # Update paths in all man pages for page in client/dhclient.conf.5 client/dhclient.leases.5 \ client/dhclient-script.8 client/dhclient.8 ; do --- +-- 2.7.4 diff --git a/base/dhcp/centos/patches/dhclient-dhcp6-wrs-install-uuid.patch b/base/dhcp/centos/patches/dhclient-dhcp6-wrs-install-uuid.patch deleted file mode 100644 index 17bc4a286..000000000 --- a/base/dhcp/centos/patches/dhclient-dhcp6-wrs-install-uuid.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 70d970536ec4312be28c7c39b20fe90199c495e0 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 15:25:26 -0400 -Subject: [PATCH 6/7] WRS: Patch106: dhclient-dhcp6-wrs-install-uuid.patch - ---- - client/scripts/linux | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/client/scripts/linux b/client/scripts/linux -index ddf50e8..c4ab9a1 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -77,15 +77,22 @@ exit_with_hooks() { - exit $exit_status - } - -+# Select wrs-install-uuid from ipv4 or ipv6 -+if [ -n "$new_dhcp6_wrs_install_uuid" ]; then -+ wrs_install_uuid=$new_dhcp6_wrs_install_uuid -+else -+ wrs_install_uuid=$new_wrs_install_uuid -+fi -+ - # Enforce wrs-install-uuid on management and infrastrucure interfaces - source /etc/platform/platform.conf --if [ -n "$new_wrs_install_uuid" ]; then -+if [ -n "$wrs_install_uuid" ]; then - if [ "$nodetype" == "controller" ]; then - source /etc/build.info - file="/www/pages/feed/rel-$SW_VERSION/install_uuid" - INSTALL_UUID=$(cat "$file") - fi -- if [ "$INSTALL_UUID" != "$new_wrs_install_uuid" ]; then -+ if [ "$INSTALL_UUID" != "$wrs_install_uuid" ]; then - exit 1 - fi - elif [ "$interface" == "$management_interface" -o \ --- -1.9.1 - diff --git a/base/dhcp/centos/patches/dhclient-handle-wrs-install-uuid.patch b/base/dhcp/centos/patches/dhclient-handle-wrs-install-uuid.patch deleted file mode 100644 index f9db9ac2f..000000000 --- a/base/dhcp/centos/patches/dhclient-handle-wrs-install-uuid.patch +++ /dev/null @@ -1,42 +0,0 @@ -From d6daacb050008d473b986f574434f9b8ae7139e4 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 15:25:23 -0400 -Subject: [PATCH 5/7] WRS: Patch105: dhclient-handle-wrs-install-uuid.patch - ---- - client/scripts/linux | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/client/scripts/linux b/client/scripts/linux -index 59e764f..ddf50e8 100755 ---- a/client/scripts/linux -+++ b/client/scripts/linux -@@ -77,6 +77,25 @@ exit_with_hooks() { - exit $exit_status - } - -+# Enforce wrs-install-uuid on management and infrastrucure interfaces -+source /etc/platform/platform.conf -+if [ -n "$new_wrs_install_uuid" ]; then -+ if [ "$nodetype" == "controller" ]; then -+ source /etc/build.info -+ file="/www/pages/feed/rel-$SW_VERSION/install_uuid" -+ INSTALL_UUID=$(cat "$file") -+ fi -+ if [ "$INSTALL_UUID" != "$new_wrs_install_uuid" ]; then -+ exit 1 -+ fi -+elif [ "$interface" == "$management_interface" -o \ -+ "$interface" == "$infrastructure_interface" ]; then -+ if [ "$nodetype" != "controller" -o \ -+ -e "/etc/platform/.initial_config_complete" ]; then -+ exit 1 -+ fi -+fi -+ - # Invoke the local dhcp client enter hooks, if they exist. - if [ -f /etc/dhclient-enter-hooks ]; then - exit_status=0 --- -1.9.1 - diff --git a/base/dhcp/centos/patches/support-disable-nsupdate.patch b/base/dhcp/centos/patches/support-disable-nsupdate.patch deleted file mode 100644 index 9eea0f1d6..000000000 --- a/base/dhcp/centos/patches/support-disable-nsupdate.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1a60b6e068a6f6289a48bd8281d116ed6a51f03e Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 15:25:12 -0400 -Subject: [PATCH 1/7] WRS: Patch101: support-disable-nsupdate.patch - ---- - server/dhcpd.c | 2 ++ - server/failover.c | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/server/dhcpd.c b/server/dhcpd.c -index 67fec83..7523093 100644 ---- a/server/dhcpd.c -+++ b/server/dhcpd.c -@@ -424,8 +424,10 @@ main(int argc, char **argv) { - trace_srandom = trace_type_register ("random-seed", (void *)0, - trace_seed_input, - trace_seed_stop, MDL); -+#if defined (NSUPDATE) - trace_ddns_init(); - #endif -+#endif - - #if defined (PARANOIA) - /* get user and group info if those options were given */ -diff --git a/server/failover.c b/server/failover.c -index 8944102..d26adfa 100644 ---- a/server/failover.c -+++ b/server/failover.c -@@ -5290,7 +5290,9 @@ isc_result_t dhcp_failover_process_bind_update (dhcp_failover_state_t *state, - */ - if (msg->binding_status == FTS_ACTIVE && - (chaddr_changed || ident_changed)) { -+#if defined (NSUPDATE) - (void) ddns_removals(lease, NULL, NULL, ISC_FALSE); -+#endif - - if (lease->scope != NULL) - binding_scope_dereference(&lease->scope, MDL); --- -1.9.1 - diff --git a/base/openssh-config/files/sshd_config b/base/openssh-config/files/sshd_config index 7091b6868..0dfc0e2d9 100644 --- a/base/openssh-config/files/sshd_config +++ b/base/openssh-config/files/sshd_config @@ -130,7 +130,7 @@ AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS # override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server +Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs diff --git a/config-files/syslog-ng-config/files/fm_event_syslogger b/config-files/syslog-ng-config/files/fm_event_syslogger index 1570659b4..e9fb1ba4b 100644 --- a/config-files/syslog-ng-config/files/fm_event_syslogger +++ b/config-files/syslog-ng-config/files/fm_event_syslogger @@ -60,8 +60,8 @@ while read line; do # be logged if [ ${nodetype} == "controller" ]; then _configuration_flag_file="/var/run/.controller_config_complete" - elif [ ${nodetype} == "compute" ]; then - _configuration_flag_file="/var/run/.compute_config_complete" + elif [ ${nodetype} == "worker" ]; then + _configuration_flag_file="/var/run/.worker_config_complete" elif [ ${nodetype} == "storage" ]; then _configuration_flag_file="/var/run/.storage_config_complete" else diff --git a/config/facter/centos/patches/0002-personality.patch b/config/facter/centos/patches/0002-personality.patch index 0291d6fcd..a1b6b5c8d 100644 --- a/config/facter/centos/patches/0002-personality.patch +++ b/config/facter/centos/patches/0002-personality.patch @@ -49,12 +49,12 @@ + end +end + -+Facter.add('is_compute_subfunction') do ++Facter.add('is_worker_subfunction') do + confine :kernel => :linux + + setcode do + if release = Facter::Util::FileRead.read('/etc/platform/platform.conf') -+ match = release.match(/^subfunction\=.*compute/) ? true : false ++ match = release.match(/^subfunction\=.*worker/) ? true : false + end + end +end diff --git a/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/0012-Remove-compute-reserved-VM-huge-pages.patch b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/0012-Remove-compute-reserved-VM-huge-pages.patch new file mode 100644 index 000000000..352efbb85 --- /dev/null +++ b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/0012-Remove-compute-reserved-VM-huge-pages.patch @@ -0,0 +1,32 @@ +From 0cc8e6f6a7db603c534fc6d6a3d36c212446e8c2 Mon Sep 17 00:00:00 2001 +From: Tao Liu +Date: Wed, 12 Dec 2018 14:39:12 -0500 +Subject: [PATCH 1/1] Remove compute reserved VM huge pages + +--- + SPECS/puppet-nova.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/puppet-nova.spec b/SPECS/puppet-nova.spec +index 367de7b..3554bd2 100644 +--- a/SPECS/puppet-nova.spec ++++ b/SPECS/puppet-nova.spec +@@ -20,6 +20,7 @@ Patch0008: 0008-Adding-pci_weight_multiple-to-nova-scheduler-filter.patch + Patch0009: 0009-Remove-SerialConsole-from-NovaConf.patch + Patch0010: 0010-Remove-compute-huge.patch + Patch0011: 0011-Provide-a-way-to-set-mem_stats_period_seconds.patch ++Patch0012: 0012-Remove-compute-reserved-VM-huge-pages.patch + + BuildArch: noarch + +@@ -51,6 +52,7 @@ Puppet module for OpenStack Nova + %patch0009 -p1 + %patch0010 -p1 + %patch0011 -p1 ++%patch0012 -p1 + + find . -type f -name ".*" -exec rm {} + + find . -size 0 -exec rm {} + +-- +1.8.3.1 + diff --git a/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/PATCH_ORDER b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/PATCH_ORDER index 800287913..f27e04d5b 100644 --- a/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/PATCH_ORDER +++ b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/meta_patches/PATCH_ORDER @@ -9,3 +9,4 @@ 0009-Remove-SerialConsole-from-NovaConf.patch 0010-Remove-compute-huge.patch 0011-Provide-a-way-to-set-mem_stats_period_seconds.patch +0012-Remove-compute-reserved-VM-huge-pages.patch diff --git a/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/patches/0012-Remove-compute-reserved-VM-huge-pages.patch b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/patches/0012-Remove-compute-reserved-VM-huge-pages.patch new file mode 100644 index 000000000..779f28887 --- /dev/null +++ b/config/puppet-modules/openstack/puppet-nova-11.4.0/centos/patches/0012-Remove-compute-reserved-VM-huge-pages.patch @@ -0,0 +1,112 @@ +From b5e101b0a02e4693f57b42ac487621685f839bee Mon Sep 17 00:00:00 2001 +From: Tao Liu +Date: Thu, 29 Nov 2018 10:48:37 -0600 +Subject: [PATCH 1/1] Remove compute reserved VM huge pages + +--- + .../compute_reserved_config/ini_setting.rb | 22 ---------------------- + lib/puppet/type/compute_reserved_config.rb | 19 ------------------- + manifests/compute.pp | 18 ------------------ + 3 files changed, 59 deletions(-) + delete mode 100644 lib/puppet/provider/compute_reserved_config/ini_setting.rb + delete mode 100644 lib/puppet/type/compute_reserved_config.rb + +diff --git a/lib/puppet/provider/compute_reserved_config/ini_setting.rb b/lib/puppet/provider/compute_reserved_config/ini_setting.rb +deleted file mode 100644 +index e7d142f..0000000 +--- a/lib/puppet/provider/compute_reserved_config/ini_setting.rb ++++ /dev/null +@@ -1,22 +0,0 @@ +-Puppet::Type.type(:compute_reserved_config).provide( +- :ini_setting, +- :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +-) do +- +- def section +- resource[:name].split('/', 2).first +- end +- +- def setting +- resource[:name].split('/', 2).last +- end +- +- def separator +- '=' +- end +- +- def file_path +- '/etc/nova/compute_reserved.conf' +- end +- +-end +diff --git a/lib/puppet/type/compute_reserved_config.rb b/lib/puppet/type/compute_reserved_config.rb +deleted file mode 100644 +index fa9d441..0000000 +--- a/lib/puppet/type/compute_reserved_config.rb ++++ /dev/null +@@ -1,19 +0,0 @@ +-Puppet::Type.newtype(:compute_reserved_config) do +- +- ensurable +- +- newparam(:name, :namevar => true) do +- desc 'Section/setting name to manage from compute_reserved.conf' +- newvalues(/\S*\/\S+/) +- end +- +- newproperty(:value) do +- desc 'The value of the setting to be defined.' +- munge do |value| +- value = value.to_s.strip +- value.capitalize! if value =~ /^(true|false)$/i +- value +- end +- end +- +-end +diff --git a/manifests/compute.pp b/manifests/compute.pp +index 719729a..62f3ac2 100644 +--- a/manifests/compute.pp ++++ b/manifests/compute.pp +@@ -148,9 +148,6 @@ + # for shared machine processes + # Defaults to undef + # +-# [*compute_reserved_vm_memory_2M*] +-# [*compute_reserved_vm_memory_1G*] +-# + # DEPRECATED + # + # [*pci_passthrough*] +@@ -194,8 +191,6 @@ class nova::compute ( + $consecutive_build_service_disable_threshold = $::os_service_default, + # WRS PARAMETERS + $shared_pcpu_map = undef, +- $compute_reserved_vm_memory_2M = '()', +- $compute_reserved_vm_memory_1G = '()', + # DEPRECATED PARAMETERS + $pci_passthrough = undef, + ) { +@@ -253,19 +248,6 @@ class nova::compute ( + 'DEFAULT/shared_pcpu_map': value => join(any2array($shared_pcpu_map), ','); + } + +- ## Only override build default if value is provided at runtime. +- ## Setting to () has effect of calculating maximum 2M hugepages. +- if ($compute_reserved_vm_memory_2M and ($compute_reserved_vm_memory_2M != '()')) { +- compute_reserved_config { +- '/COMPUTE_VM_MEMORY_2M' : value => $compute_reserved_vm_memory_2M; +- } +- } +- if ($compute_reserved_vm_memory_1G and ($compute_reserved_vm_memory_1G != '()')) { +- compute_reserved_config { +- '/COMPUTE_VM_MEMORY_1G' : value => $compute_reserved_vm_memory_1G; +- } +- } +- + ensure_resource('nova_config', 'DEFAULT/allow_resize_to_same_host', { value => $allow_resize_to_same_host }) + + if ($vnc_enabled) { +-- +1.8.3.1 + diff --git a/kubernetes/docker-ce/centos/build_srpm.data b/kubernetes/docker-ce/centos/build_srpm.data deleted file mode 100644 index 97226cee4..000000000 --- a/kubernetes/docker-ce/centos/build_srpm.data +++ /dev/null @@ -1,3 +0,0 @@ -VERSION=18.03.1 -MODULE=docker-ce -TIS_PATCH_VER=1 diff --git a/kubernetes/docker-ce/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/kubernetes/docker-ce/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch deleted file mode 100644 index 569a96d9b..000000000 --- a/kubernetes/docker-ce/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ /dev/null @@ -1,36 +0,0 @@ -commit b86683a477f4d40e09501b6953a89c634bd9de75 -Author: Shoaib Nasir -Date: Mon May 14 15:32:06 2018 -0400 - - WRS: 0001-Update-package-versioning-for-TIS-format.patch - -diff --git a/SPECS/docker-ce.spec b/SPECS/docker-ce.spec -index 82b5042..36d2980 100644 ---- a/SPECS/docker-ce.spec -+++ b/SPECS/docker-ce.spec -@@ -1,6 +1,8 @@ -+%global _version 18.03.1 -+ - Name: docker-ce - Version: %{_version} --Release: %{_release}%{?dist} -+Release: 1%{?_tis_dist}.%{tis_patch_ver} - Summary: The open-source application container engine - Group: Tools/Docker - License: ASL 2.0 -@@ -59,6 +61,7 @@ depending on a particular stack or provider. - %setup -q -c -n src -a 1 - - %build -+export PBR_VERSION=%{version} - export DOCKER_GITCOMMIT=%{_gitcommit} - mkdir -p /go/src/github.com/docker - rm -f /go/src/github.com/docker/cli -@@ -79,6 +82,7 @@ engine/bundles/dynbinary-daemon/dockerd -v - - %install - # install binary -+export PBR_VERSION=%{version} - install -d $RPM_BUILD_ROOT/%{_bindir} - install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker - install -p -m 755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT/%{_bindir}/dockerd diff --git a/kubernetes/docker-ce/centos/meta_patches/PATCH_ORDER b/kubernetes/docker-ce/centos/meta_patches/PATCH_ORDER deleted file mode 100644 index 91f9a80ea..000000000 --- a/kubernetes/docker-ce/centos/meta_patches/PATCH_ORDER +++ /dev/null @@ -1 +0,0 @@ -0001-Update-package-versioning-for-TIS-format.patch diff --git a/kubernetes/docker-ce/centos/srpm_path b/kubernetes/docker-ce/centos/srpm_path deleted file mode 100644 index 5299cbc6a..000000000 --- a/kubernetes/docker-ce/centos/srpm_path +++ /dev/null @@ -1 +0,0 @@ -mirror:Source/docker-ce-18.03.1.ce-1.el7.centos.src.rpm diff --git a/monitoring/collectd-extensions/centos/build_srpm.data b/monitoring/collectd-extensions/centos/build_srpm.data index cb4885304..fb8be4619 100644 --- a/monitoring/collectd-extensions/centos/build_srpm.data +++ b/monitoring/collectd-extensions/centos/build_srpm.data @@ -16,4 +16,4 @@ COPY_LIST="$PKG_BASE/src/LICENSE \ $PKG_BASE/src/example.py \ $PKG_BASE/src/example.conf" -TIS_PATCH_VER=2 +TIS_PATCH_VER=3 diff --git a/monitoring/collectd-extensions/src/cpu.py b/monitoring/collectd-extensions/src/cpu.py index 6f0fbf539..79ffe97bf 100755 --- a/monitoring/collectd-extensions/src/cpu.py +++ b/monitoring/collectd-extensions/src/cpu.py @@ -11,7 +11,7 @@ # platform core usable since the previous sample. # # Init Function: -# - if 'compute_reserved.conf exists then query/store PLATFORM_CPU_LIST +# - if 'worker_reserved.conf exists then query/store PLATFORM_CPU_LIST # ############################################################################ import os @@ -24,7 +24,7 @@ PASS = 0 FAIL = 1 PATH = '/proc/cpuinfo' -COMPUTE_RESERVED_CONF = '/etc/nova/compute_reserved.conf' +WORKER_RESERVED_CONF = '/etc/platform/worker_reserved.conf' PLUGIN = 'platform cpu usage plugin' @@ -63,8 +63,8 @@ def init_func(): collectd.info('%s init function for %s' % (PLUGIN, c.hostname)) raw_list = "" - if os.path.exists(COMPUTE_RESERVED_CONF): - with open(COMPUTE_RESERVED_CONF, 'r') as infile: + if os.path.exists(WORKER_RESERVED_CONF): + with open(WORKER_RESERVED_CONF, 'r') as infile: for line in infile: if 'PLATFORM_CPU_LIST' in line: val = line.split("=") diff --git a/monitoring/collectd-extensions/src/memory.py b/monitoring/collectd-extensions/src/memory.py index 2b436aeca..cf4d1e7cd 100755 --- a/monitoring/collectd-extensions/src/memory.py +++ b/monitoring/collectd-extensions/src/memory.py @@ -11,7 +11,7 @@ # platform core usable since the previous sample. # # Init Function: -# - if 'compute_reserved.conf exists then query/store PLATFORM_CPU_LIST +# - if 'worker_reserved.conf exists then query/store PLATFORM_CPU_LIST # ############################################################################ import os @@ -74,16 +74,26 @@ def config_func(config): (PLUGIN, obj.cmd)) -# Get the platform cpu list and number of cpus reported by /proc/cpuinfo +# Load the hostname and kernel memory 'overcommit' setting. def init_func(): # get current hostname obj.hostname = os.uname()[1] + # get strict setting + # + # a value of 0 means "heuristic overcommit" + # a value of 1 means "always overcommit" + # a value of 2 means "don't overcommit". + # + # set strict true strict=1 if value is = 2 + # otherwise strict is false strict=0 (default) + fn = '/proc/sys/vm/overcommit_memory' if os.path.exists(fn): with open(fn, 'r') as infile: for line in infile: - obj.strict = int(line) + if int(line) == 2: + obj.strict = 1 break collectd.info("%s strict:%d" % (PLUGIN, obj.strict)) diff --git a/networking/mellanox/mlx4-config/files/mlx4_core_goenabled.sh b/networking/mellanox/mlx4-config/files/mlx4_core_goenabled.sh index 189cf3214..dae8aa317 100644 --- a/networking/mellanox/mlx4-config/files/mlx4_core_goenabled.sh +++ b/networking/mellanox/mlx4-config/files/mlx4_core_goenabled.sh @@ -10,13 +10,13 @@ NAME=$(basename $0) OPTIONS_CHANGED_FLAG=/var/run/.mlx4_cx3_reboot_required -COMPUTE_CONFIG_COMPLETE=/var/run/.compute_config_complete +WORKER_CONFIG_COMPLETE=/var/run/.worker_config_complete function LOG { logger "$NAME: $*" } -if [ -f $OPTIONS_CHANGED_FLAG ] && [ -f $COMPUTE_CONFIG_COMPLETE ]; then +if [ -f $OPTIONS_CHANGED_FLAG ] && [ -f $WORKER_CONFIG_COMPLETE ]; then LOG "mlx4_core options has been changed. Failing goenabled check." exit 1 fi diff --git a/networking/openvswitch-config/files/ovsdb-server.pmon.conf b/networking/openvswitch-config/files/ovsdb-server.pmon.conf index d357c44c8..9fa8b51a0 100644 --- a/networking/openvswitch-config/files/ovsdb-server.pmon.conf +++ b/networking/openvswitch-config/files/ovsdb-server.pmon.conf @@ -12,14 +12,14 @@ debounce = 20 ; number of seconds that a process needs to remain startuptime = 5 ; Seconds to wait after process start before starting the debounce monitor mode = passive ; Monitoring mode: passive (default) or active ; passive: process death monitoring (default: always) - ; active : heartbeat monitoring, i.e. request / response messaging + ; active : heartbeat monitoring, i.e. request / response messaging ; ignore : do not monitor or stop monitoring -subfunction = compute ; Optional label. - ; Manage this process in the context of a combo host subfunction - ; Choices: compute or storage. +subfunction = worker ; Optional label. + ; Manage this process in the context of a combo host subfunction + ; Choices: worker or storage. ; when specified pmond will wait for - ; /var/run/.compute_config_complete or - ; /var/run/.storage_config_complete + ; /var/run/.worker_config_complete or + ; /var/run/.storage_config_complete ; ... before managing this process with the specified subfunction ; Excluding this label will cause this process to be managed by default on startup diff --git a/networking/openvswitch/files/ovsdb-server.pmon.conf b/networking/openvswitch/files/ovsdb-server.pmon.conf index d357c44c8..9fa8b51a0 100644 --- a/networking/openvswitch/files/ovsdb-server.pmon.conf +++ b/networking/openvswitch/files/ovsdb-server.pmon.conf @@ -12,14 +12,14 @@ debounce = 20 ; number of seconds that a process needs to remain startuptime = 5 ; Seconds to wait after process start before starting the debounce monitor mode = passive ; Monitoring mode: passive (default) or active ; passive: process death monitoring (default: always) - ; active : heartbeat monitoring, i.e. request / response messaging + ; active : heartbeat monitoring, i.e. request / response messaging ; ignore : do not monitor or stop monitoring -subfunction = compute ; Optional label. - ; Manage this process in the context of a combo host subfunction - ; Choices: compute or storage. +subfunction = worker ; Optional label. + ; Manage this process in the context of a combo host subfunction + ; Choices: worker or storage. ; when specified pmond will wait for - ; /var/run/.compute_config_complete or - ; /var/run/.storage_config_complete + ; /var/run/.worker_config_complete or + ; /var/run/.storage_config_complete ; ... before managing this process with the specified subfunction ; Excluding this label will cause this process to be managed by default on startup diff --git a/security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2.c b/security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2.c index 5b5ca2e44..488f6a682 100644 --- a/security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2.c +++ b/security/tpm2-openssl-engine/tpm2-openssl-engine/e_tpm2.c @@ -312,6 +312,14 @@ static int tpm_engine_init(ENGINE * e) * N.B: This assumes that the kernel-modules-tpm * pkg is installed with the modified tpm_crb KLM */ + if ((result = p_tpm2_Set_Property(hContext, + TPM_INTERFACE_TYPE, "dev"))) { + DBG("Failed to set Resource Manager in context (%p): rc %d", + hContext, (int)result); + TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE); + goto err; + } + if ((result = p_tpm2_Set_Property(hContext, TPM_DEVICE, "/dev/tpmrm0"))) { DBG("Failed to set Resource Manager in context (%p): rc %d", diff --git a/security/wrs-ssl/files/tpmdevice-setup b/security/wrs-ssl/files/tpmdevice-setup index 5fa10772c..e47e989b3 100644 --- a/security/wrs-ssl/files/tpmdevice-setup +++ b/security/wrs-ssl/files/tpmdevice-setup @@ -7,6 +7,8 @@ # TPM setup (both active controller and remote) +export TPM_INTERFACE_TYPE=dev + CERTIFICATE_FILE="server-cert.pem" LOGFILE="/etc/ssl/private/.install.log" ORIGINAL_KEY=$1 @@ -53,8 +55,7 @@ declare -a helper_scripts=("tss2_createprimary" "tss2_contextsave" "tss2_evictcontrol" "tss2_flushcontext" - "create_tpm2_key" - "resourcemgr") + "create_tpm2_key") for src in "${helper_scripts[@]}"; do if ! type "$src" &>/dev/null; then error_exit "ERROR: Cannot find $src. Needed for TPM configuration" @@ -62,41 +63,6 @@ for src in "${helper_scripts[@]}"; do done } -startResourceMgr () { -resourcemgr &>> $LOGFILE 2>&1 & - -# ensure the resourcemgr is started -for i in {1..5} -do - sleep 0.5 - MGR_RUNNING=`pidof resourcemgr` - if [ ! -z $MGR_RUNNING ]; then - break - fi -done -[ ! -z $MGR_RUNNING ] || error_exit "Unable to start TPM resourcemgr" - -# check to see if the resourcemgr port is open -IS_OPEN=0 -for i in {1..5} -do - sleep 0.5 - _test=`netstat -an | grep $RESOURCEMGR_DEFAULT_PORT | grep -i listen` - if [ ! -z "$_test" ]; then - IS_OPEN=1 - break - fi -done -[ $IS_OPEN -ne 0 ] || error_exit "Unable to initialize resourcemgr" -} - -stopResourceMgr () { -# Kill any previous instances of resourcemgr -pkill -c -TERM resourcemgr &> /dev/null 2>&1 -} - - - ### Main ### # remove previous object context rm -f $TPM_OBJECT_CONTEXT &> /dev/null @@ -115,14 +81,10 @@ if [ "$TPM_VERSION" != "2.0" ]; then error_exit "ERROR: TPM Device is not version 2.0 compatible" fi -# Start the Intel ResourceMgr to clear the NV +# Clear the NV # as well as all stale transient handles in # the endorsement hierarchy. -# Since ResourceMgr has a number of stability, -# and security issues, we will stop it after it -# initializes the NV and Handle space -startResourceMgr -stopResourceMgr +tss2_clear -hi l # Create the Endorsement Primary Key hierarchy which will be used # for wrapping the private key. Use RSA as the primary key encryption @@ -136,14 +98,14 @@ PRIMARY_HANDLE="0x$PRIMARY_HANDLE" # be persistently stored in TPM NV. # evict the persistent handle if it exists previously tss2_evictcontrol -hi o -ho $TPM_KEY_HIERARCHY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE -tss2_evictcontrol -hi o -ho $PRIMARY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE &>> $LOGFILE +tss2_evictcontrol -hi o -ho $PRIMARY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE >> $LOGFILE [ $? -eq 0 ] || error_exit "Unable to persist Key Hierarchy in TPM memory" tss2_flushcontext -ha $PRIMARY_HANDLE # wrap the original private key in TPM's Endorsement key hierarchy # this will generate a TSS key blob in ASN 1 encoding -create_tpm2_key -p $TPM_KEY_HIERARCHY_HANDLE -w $ORIGINAL_KEY $TPM_OBJECT_CONTEXT &>> $LOGFILE +create_tpm2_key -p $TPM_KEY_HIERARCHY_HANDLE -w $ORIGINAL_KEY $TPM_OBJECT_CONTEXT >> $LOGFILE [ $? -eq 0 ] || error_exit "Unable to wrap provided private key into TPM Key Hierarchy" # the apps will also need to the public key, place it in diff --git a/tools/collector/centos/collector.spec b/tools/collector/centos/collector.spec index 136c557c9..4de41526c 100644 --- a/tools/collector/centos/collector.spec +++ b/tools/collector/centos/collector.spec @@ -46,6 +46,7 @@ install -m 755 collect_patching.sh %{buildroot}%{_sysconfdir}/collect.d/collect_ install -m 755 collect_coredump.sh %{buildroot}%{_sysconfdir}/collect.d/collect_coredump install -m 755 collect_crash.sh %{buildroot}%{_sysconfdir}/collect.d/collect_crash install -m 755 collect_ima.sh %{buildroot}%{_sysconfdir}/collect.d/collect_ima +install -m 755 collect_fm.sh %{buildroot}%{_sysconfdir}/collect.d/collect_fm install -m 755 etc.exclude %{buildroot}%{_sysconfdir}/collect/etc.exclude install -m 755 run.exclude %{buildroot}%{_sysconfdir}/collect/run.exclude diff --git a/tools/collector/scripts/collect_fm.sh b/tools/collector/scripts/collect_fm.sh new file mode 100644 index 000000000..4ef489a4b --- /dev/null +++ b/tools/collector/scripts/collect_fm.sh @@ -0,0 +1,41 @@ +#! /bin/bash +# +# SPDX-License-Identifier: Apache-2.0 +# + + +# Loads Up Utilities and Commands Variables + +source /usr/local/sbin/collect_parms +source /usr/local/sbin/collect_utils + +SERVICE="alarms" +LOGFILE="${extradir}/${SERVICE}.info" + +function is_service_active { + active=`sm-query service management-ip | grep "enabled-active"` + if [ -z "$active" ] ; then + return 0 + else + return 1 + fi +} + +############################################################################### +# Only Controller +############################################################################### +if [ "$nodetype" = "controller" ] ; then + + is_service_active + if [ "$?" = "0" ] ; then + exit 0 + fi + + echo "${hostname}: System Alarm List .: ${LOGFILE}" + + # These go into the SERVICE.info file + delimiter ${LOGFILE} "fm alarm-list" + fm alarm-list 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE} +fi + +exit 0 diff --git a/tools/engtools/hostdata-collectors/scripts/live_stream.py b/tools/engtools/hostdata-collectors/scripts/live_stream.py index e0e56b311..bbdf120f9 100644 --- a/tools/engtools/hostdata-collectors/scripts/live_stream.py +++ b/tools/engtools/hostdata-collectors/scripts/live_stream.py @@ -1176,7 +1176,7 @@ def getPlatformCores(node, cpe): logging.basicConfig(filename="/tmp/livestream.log", filemode="a", format="%(asctime)s %(levelname)s %(message)s", level=logging.INFO) core_list = list() try: - with open("/etc/nova/compute_reserved.conf", "r") as f: + with open("/etc/platform/worker_reserved.conf", "r") as f: for line in f: if line.startswith("PLATFORM_CPU_LIST"): core_list = line.split("=")[1].replace("\"", "").strip("\n").split(",") diff --git a/utilities/build-info/release-info.inc b/utilities/build-info/release-info.inc index 6bcfd74e7..2988fc9f0 100644 --- a/utilities/build-info/release-info.inc +++ b/utilities/build-info/release-info.inc @@ -9,4 +9,4 @@ # # Note: Sourced from scripts, so needs to be bash-able # -PLATFORM_RELEASE="18.10" +PLATFORM_RELEASE="19.01" diff --git a/utilities/platform-util/scripts/remotelogging_tc_setup.sh b/utilities/platform-util/scripts/remotelogging_tc_setup.sh index f70da1ec0..7b7cf903a 100755 --- a/utilities/platform-util/scripts/remotelogging_tc_setup.sh +++ b/utilities/platform-util/scripts/remotelogging_tc_setup.sh @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright (c) 2017 Wind River Systems, Inc. +# Copyright (c) 2017-2018 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -9,9 +9,12 @@ # $1 - listening port of remote log server PORT=$1 +DEFAULT_PRIORITY=1 + function is_loopback { # (from include/uapi/linux/if.h) - IFF_LOOPBACK=$((1<<3)) + # IFF_LOOPBACK = 1<<3 = 8. Using a left shifted syntax can confuse bashate. + IFF_LOOPBACK=8 # get the interface flags FLAGS=`cat /sys/class/net/$DEV/flags` @@ -26,7 +29,8 @@ function is_loopback { function log { # It seems that syslog isn't yet running, so append directly to the syslog file - echo `date +%FT%T.%3N` `hostname` CGCS_TC_SETUP: $@ >> /var/log/platform.log + local FILE=/var/log/platform.log + echo `date +%FT%T.%3N` `hostname` CGCS_TC_SETUP: $@ >> $FILE } function test_valid_speed { @@ -44,14 +48,10 @@ function test_valid_speed { function get_dev_speed { # If the link doesn't come up we won't go enabled, so here we can # afford to wait forever for the link. - while true - do - if [ -e /sys/class/net/$1/bonding ] - then - for VAL in `cat /sys/class/net/$1/lower_*/speed` - do - if test_valid_speed $VAL - then + while true; do + if [ -e /sys/class/net/$1/bonding ]; then + for VAL in `cat /sys/class/net/$1/lower_*/speed`; do + if test_valid_speed $VAL; then log slave for bond link $1 reported speed $VAL echo $VAL return 0 @@ -59,24 +59,24 @@ function get_dev_speed { log slave for bond link $1 reported invalid speed $VAL fi done - log all slaves for bond link $1 reported invalid speeds, will sleep 30 sec and try again + log all slaves for bond link $1 reported invalid speeds, \ + will sleep 30 sec and try again else VAL=`cat /sys/class/net/$1/speed` - if test_valid_speed $VAL - then + if test_valid_speed $VAL; then log link $1 reported speed $VAL echo $VAL return 0 else - log link $1 returned invalid speed $VAL, will sleep 30 sec and try again + log link $1 returned invalid speed $VAL, \ + will sleep 30 sec and try again fi fi sleep 30 done } -if [ -f /etc/platform/platform.conf ] -then +if [ -f /etc/platform/platform.conf ]; then source /etc/platform/platform.conf else exit 0 @@ -94,8 +94,7 @@ LOG_CBW=20 # 1:40 = default class from cgcs_tc_setup.sh # 1:60 = LOG class -if [ $nodetype == "controller" ] -then +if [ $nodetype == "controller" ]; then # Add class and filters to the oam interface DEV=$oam_interface SPEED=$(get_dev_speed $DEV) @@ -105,17 +104,22 @@ then # create new qdiscs, classes and LOG filters tc qdisc add dev $DEV root handle 1: htb default 40 - tc class add dev $DEV parent 1: classid 1:1 htb rate ${SPEED}mbit burst 15k quantum 60000 + tc class add dev $DEV parent 1: classid 1:1 htb rate ${SPEED}mbit \ + burst 15k quantum 60000 AC="tc class add dev $DEV parent 1:1 classid" - $AC 1:40 htb rate $((${DEFAULT_BW}*${SPEED}/100))mbit burst 15k ceil $((${DEFAULT_CBW}*${SPEED}/100))mbit quantum 60000 - $AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000 + $AC 1:40 htb rate $((${DEFAULT_BW}*${SPEED}/100))mbit burst 15k \ + ceil $((${DEFAULT_CBW}*${SPEED}/100))mbit quantum 60000 + $AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k \ + ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000 tc qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10 tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10 - tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip dport ${PORT} 0xffff flowid 1:60 - tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip sport ${PORT} 0xffff flowid 1:60 + tc filter add dev $DEV protocol ip parent 1:0 prio $DEFAULT_PRIORITY \ + u32 match ip dport ${PORT} 0xffff flowid 1:60 + tc filter add dev $DEV protocol ip parent 1:0 prio $DEFAULT_PRIORITY \ + u32 match ip sport ${PORT} 0xffff flowid 1:60 fi @@ -128,12 +132,69 @@ then exit 0 fi +function infra_exists { + if [ -z "$infrastructure_interface" ]; then + return 1 + else + return 0 + fi +} + +function is_consolidated { + if ! infra_exists; then + return 1 + else + + local INFRA=$infrastructure_interface + local MGMT=$management_interface + + # determine whether the management interface is a parent of the + # infrastructure interface based on name. + # eg. this matches enp0s8 to enp0s8.10 but not enp0s88 + if [[ $INFRA =~ $MGMT[\.][0-9]+$ ]]; then + return 0 + fi + return 1 + fi +} + +function is_vlan { + if [ -f /proc/net/vlan/$DEV ]; then + return 0 + else + return 1 + fi +} + +function get_mgmt_tc_filter_priority { + local PRIORITY=$DEFAULT_PRIORITY + + if is_consolidated + then + if ! is_vlan + then + # If we have a consolidated VLAN interface, we must set the + # priority to $DEFAULT_PRIORITY + 1 for the underlying + # ethernet interface, as it will already have + # $DEFAULT_PRIORITY filters to catch high priority + # infra traffic + PRIORITY=$(($DEFAULT_PRIORITY + 1)) + fi + fi + echo $PRIORITY + return 0 +} + SPEED=$(get_dev_speed $DEV) +PRIORITY=$(get_mgmt_tc_filter_priority) AC="tc class add dev $DEV parent 1:1 classid" -$AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000 +$AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k \ + ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000 tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10 -tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip dport ${PORT} 0xffff flowid 1:60 -tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip sport ${PORT} 0xffff flowid 1:60 +tc filter add dev $DEV protocol ip parent 1:0 prio $PRIORITY \ + u32 match ip dport ${PORT} 0xffff flowid 1:60 +tc filter add dev $DEV protocol ip parent 1:0 prio $PRIORITY \ + u32 match ip sport ${PORT} 0xffff flowid 1:60