This update allows the user to change the system_mode on a subcloud
from simplex to duplex using the system modify command. The sysinv DB
and the platform.conf will be updated with the new system mode. The
semantic checks were modified to ensure that changing from duplex to
simplex is prohibited. The changes also include support for updating
the OAM networking config using the oam-modify command.
Story: 2008587
Task: 41885
Signed-off-by: Melissa Wang <melissa.wang@windriver.com>
Change-Id: If7c14222ca66323225400ed88f214655f33fe615
The original solution removed the 'app-name-placeholder' dummy
entry if download failed but it was not approved because
sysadmins expect this and manually removing the dummy placeholder
app is advised.
This patch simply sets an unique name for the placeholder using
the first 16 characters for the URL md5sum as a postfix in case
there are multiple application-upload performed in sequence (
by a script, for example)
Closes-Bug: 1917374
Signed-off-by: Andrei Grosu <andrei.grosu@windriver.com>
Change-Id: Ib5db12bb23a0e7cce52596532e661d12092ea1d1
Users will be able to change the OAM IP address without a lock/unlock
cycle. To achieve this some services will be restarted (sm, sm-api,
haproxy and vim-webserver) to reopen the L4 ports using the old IP
address as part of the socket.
Some config files in /etc are being updated also with the new address.
Story: 2008531
Task: 42060
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/780955
Change-Id: I9e77fc60882f20d4f31c3e38b5305b1f207f40d9
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
This commit updates the migration script used to apply the
pod security policy (psp) configuration during an upgrade.
The change is necessary to accommodate newly added psp
ClusterRoleBinding configurations.
Closes-Bug: 1885716
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/782325
Change-Id: Ibfdfd51e588eb2ad47c9f1c116875d01a2f06502
Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
For some reason, if the application to be uploaded is a (remote) URL,
parsing the manifest if deferred (presumably not to block for large
files and/or slow networks) and a dummy 'app-name-placeholder' is used
until later, when the file is unpacked and its manifest read.
Closes-Bug: 1915518
Signed-off-by: Andrei Grosu <andrei.grosu@windriver.com>
Change-Id: Ic3929965ea931b117c3e5aab6f8e3f128bbbeb56
Dcorch-engine stops auditing the subclouds after the upgrade.
This is because audit_status of subcloud_sync data was not
set during data migration.
This update sets audit_status to initial state of “none”.
Test: Upgrade controller-1, and then swact to controller-1.
Verify the dcorch-engine audits subclouds.
Closes-Bug: 1920962
Signed-off-by: Tao Liu <tao.liu@windriver.com>
Change-Id: If8fa6c5e1c1d1a81104976cb3e527c4095dd97f7
A long time ago oslo-incubated code was used to build the
individual projects the same way. Now the openstack projects
use pbr to build the python projects.
Remove oslo-incubated version code, it is not being used anywhere
so just remove it. Unit tests run fine when this module has been
removed.
Story: 2006796
Task: 42010
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: Ib11d69210878f38febf2d031b083a1ad85fec30c
This update is to allow the option primary_reselect configurable for
aggregated ethernet interface. The option is to prevent reverting
between the primary slave and other slaves.
Story: 2008706
Task: 42057
Change-Id: Icacc0bd2d5e42bf2e5db1505fd676c628dbe3ed1
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
Changed the name of the constant and the yaml key to better reflect
the purpose. Now the value is an integer which represents the
adjustment value used to compute the percentage completion when
applying charts. Cleaned up the code around the usage of the value
and computing the percentage.
Story: 2007960
Task: 41959
Signed-off-by: Andrei Grosu <andrei.grosu@windriver.com>
Change-Id: Ia3b07b83762cdf20f6809222dc687f67c15deee5
Let apps run semantic checks for lock and unlock actions.
Let forced actions not run the app semantic check.
Create unit tests for allowing and rejecting the action by an app.
Story: 2007960
Task: 41842
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: Ibe35c917cd5702031a56baf3059b70e0e2e59480
Adding the functionality of using the flag -f or --force with
system application-remove or system application-delete
Story: 2007960
Task: 42016
Signed-off-by: Suvro Ghosh <suvrojeet.ghosh@windriver.com>
Depends-On: Ia1017b7eff0d9bd73b6448f2c4790f7e2b89c828
Change-Id: If68d66d799addcd996da4b146d092c855b455aa3
New fields was created for the system object.
Changes was made to include GEO location attributes (latitude,
longitude) to the system object and adding a way to retrieve and
modify those attributes using the API and CLI.
Updates on: DB system model; DB migration; System object fields;
API fields; CLI fields; API documentation.
Story: 2008570
Task: 41721
Signed-off-by: Daniel Pinto Barros <DanielPinto.Barros@windriver.com>
Change-Id: I86f124c44d80896427e3ac1bc799fe34588ae942
If an app has a metadata stating remove is prevented/forbidden then
"system application-remove" for that app will be rejected
Story: 2007960
Task: 42005
Signed-off-by: Suvro Ghosh <suvrojeet.ghosh@windriver.com>
Change-Id: Ia1017b7eff0d9bd73b6448f2c4790f7e2b89c828
The enable_secured_etcd.yml playbook will use the
cluster_floating_address variable instead of
default_cluster_host_start_address. So we change
the upgrade script accordingly to use the new
variable.
Closes-Bug: 1918130
Depends-On: I8fecc1e5e54b5a9a9a72a54c069f79f5f2d434ba
Change-Id: I8c9fd36e1104d4713bb748a57193530a0c4b458a
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>
The sysinv code runs under eventlet that causes the
running greenthread to swap out the original umask. This
results in the sysinv code running with the incorrect umask.
This can be demonstrated by the "system dns-modify" command,
the agent process starts with a umask of 022, switched to 0,
and is never restored.
This simple fix is to audit where os.umask is being used and
replace os.umask with os.chmod.
Testing has been done locally by:
1. Running the "system dns-modify nameservers=8.8.8.8,8.8.4.4" command
and checking the results/permissions of /etc/resolv.conf. Also,
cheked to see if the umask flag have been changed in /proc/XXX/status
before and after running the command.
2. Running an "system applicaton-upload" command on an installed helm
armada package, these are located in /usr/local/share/application/helm.
After the application upload, the application-apply should be
"applied" without error/failure as shown in "system
application-list".
3. Running a distributed-cloud and checking for any errors. The command
"dcmanager subcloud show <subcloudname>" should show the identity
service in sync after the dcmanager subcloud manage <>".
Closes-Bug: 1915955
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I16ce695cfc4f6fb496ac0b3287906cc968ec5e98
Implement algorithm to determine app priorities for reapply evaluation.
Use information provided in metadata to create a directional graph.
Detect cycles and abort.
Unit tests added.
Tests: AIO-SX, AIO-DX
Apps are correctly ordered for reapply evaluation.
Applications reapply order: [u'cert-manager', 'rook-ceph-apps',
'platform-integ-apps', 'oidc-auth-apps', u'stx-openstack']
Story: 2007960
Task: 41781
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I375a90b746a0ff4c970305a26c2e3e061b14454e
At the moment the managed apps are hardcoded.
This behavior needs to be changed.
Let apps specify in the metadata if they want to be managed or not.
Let apps specify in the metadata the state they want to achieve.
Create column in kube_app table to store metadata. This will be read
when conductor is restarted.
Tests:
Install AIO-SX and AIO-DX, apps achieve the state described in their
metadata file.
Restart conductor, metadata gets picked up from the database.
Do system application-remove, app gets auto-applied.
Do system application-delete, app gets auto-uploaded.
Story: 2007960
Task: 41780
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I881716049471183cfd1179ab0558a557c8d104d8
The sysinv-fpga-agent is modified to use the http_port parameter
from the platform.conf file.
If a device image update operation is in progress, the http_port
service parameter modification cannot be applied.
Story: 2007875
Task: 41969
Change-Id: I41e795606535d91131b96a014b07bf18f0032d57
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
When an upgrade has been completed we want to notify dcmanager
so that it can do a load audit of the subclouds rather than
waiting up to an hour for the normal load audit to run.
Story: 2007267
Task: 41967
Depends-On: https://review.opendev.org/c/starlingx/distcloud/+/778338
Change-Id: I0c03bbfa16745fa297e159256a284e8862ff926a
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
During an upgrade-activate the upgrade scripts can be interrupted by a
swact. We need to block the swact during the activation. If a swact does
occur we need to reset the upgrade state so the activate can be
attempted again.
Closes-Bug: 1917779
Change-Id: I9274319375296b2334533e386629d185e2b472ac
Signed-off-by: David Sullivan <david.sullivan@windriver.com>
The old code did not account for a type='ERROR'
being received by the watch stream. The new code
checks if the received event is an error and returns
from the infinite loop to start the watch from scratch.
Closes-Bug: 1914408
Signed-off-by: Isac Souza <IsacSacchi.Souza@windriver.com>
Change-Id: I7feabe5b550979d3761427ae501f1a94903a8983
