Use cert-mon to monitor and install system-local-ca's RCA
as a trusted CA upon changes in the secret.
This RCA anchors the platform certificates (OpenLDAP, Docker
Registry, REST API/GUI and such), and needs to be trusted
by the platform.
A known issue with OpenSSL results in problems when a new
RCA with the same subject as existing one is added to the
trusted bundle. Cert-mon will remove an existing RCA if
it has the same subject as the new one.
Test plan:
PASS: Run tox to validate the unit tests.
PASS: Bootstrap AIO-SX and DC + SX subcloud.
PASS: Run system-local-ca update.
PASS: Manually replaced system-local-ca 'ca.crt' with a RCA
w/ same subject. Observed that cert-mon uninstalls the
old RCA and installs the new one.
Story: 2009811
Task: 50275
Change-Id: I5a9cd1ad4063e24d8f5b976e922cc980aba2f612
Signed-off-by: Marcelo Loebens <Marcelo.DeCastroLoebens@windriver.com>
Currently the swact logic blocks the USM abort/rollback
scenario after controller-0 is rolled back.
This commit enables swacting between controllers
in a abort/rollback scenario for USM major release
deployment.
Test Plan
PASS: swact between controllers during USM abort
(Regression)
PASS: swact between controllers out of USM abort
Story: 2010676
Task: 50264
Change-Id: I3cc4c5c5c080bba4c3ff60c1591a4eab7339a16c
Signed-off-by: Heitor Matsui <heitorvieira.matsui@windriver.com>
In a admin network configured DC, subcloud fails to unlock after
bootstrap, sysinv checks system upgrade state via admin network.
The fix is to change sysinv to access USM via internal endpoint.
TCs:
passed: provisioned subcloud w/ admin network configured.
passed: provisioned standalone SX w/o admin network configured.
Closes-Bug: 2068776
Change-Id: I71cee9bdb65d26b92708d2d89329791822f17a92
Signed-off-by: Bin Qian <bin.qian@windriver.com>
This commit increases socket buffer receive size on IPsec server to
the same socket buffer receive size of IPsec client. This modification
ensures that packets exchanged during IPsec communication are readable
by both, server and client.
Test Plan:
PASS: Full build, install, bootstrap and deploy a DX system with IPsec
enabled. Observe that controller-0 and controller-1 are on
unlocked enable available status and security associations are
created between the controllers.
Story: 2010940
Task: 50294
Change-Id: I0a0928e598ed3f8c8296d17d1c53057cc07103a2
Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
This change enables modification of the address pools associated
to the Admin network via addrpool-modify and
network-addrpool-add / network-addrpool-remove commands.
Change summary
==============
- Admin network runtime reconfiguration
All operations that lead to admin network changes trigger the
runtime reconfiguration.
- DC route updates
DC route update operations are trigerred not only when an
interface-network is created, but also when the gateway address
is changed via addrpool-modify or when a network-address-pool
relation is changed.
Test plan
=========
Installation tests
------------------
System: DC with AIO-SX subcloud, IPv4
[PASS] TC1 - Installation/bootstrap/unlock on VirtualBox
Online setup tests
------------------
System: AIO-SX subcloud
Initial setup:
- Interface oam0: ethernet assigned to oam
- Interface mgmt0: ethernet assigned to mgmt and cluster-host
- Interface admin0: ethernet unassigned
Procedure:
- Perform action
- Check that network config in kernel is updated at runtime and
matches database
[PASS] TC2 - Create admin network with gateway address
[PASS] TC3 - Assign network to admin0 interface
[PASS] TC4 - Modify network/prefix/ranges/addresses in the primary pool
[PASS] TC5 - Try to remove primary pool (fails)
[PASS] TC6 - Create secondary pool, assign secondary pool to network
[PASS] TC7 - Modify network/prefix/ranges/addrs. in the secondary pool
[PASS] TC8 - Remove secondary pool from network
[PASS] TC9 - Assign secondary pool to network again
[PASS] TC10 - Remove gateway address from primary pool
[PASS] TC11 - Add gateway address to primary pool
Rehoming test
-------------
[PASS] TC12 - Rehome AIO-SX subcloud
Story: 2011027
Task: 50136
Depends-On: https://review.opendev.org/c/starlingx/config/+/918961
Depends-On: https://review.opendev.org/c/starlingx/ha/+/920774
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/920775
Change-Id: I4d0538bfa37b015b09b6a0f16373a6de7b77b67a
Signed-off-by: Lucas Ratusznei Fonseca <lucas.ratuszneifonseca@windriver.com>
This change enables modification of the address pools associated
to the Management network via addrpool-modify and
network-addrpool-add / network-addrpool-remove commands.
Change summary
==============
- Management network reconfiguration
All operations that lead to management network changes for AIO-SX
set the management reconfiguration flag. Also, changes are only
allowed if the host is locked.
- No proxy list
The docker 'no proxy list' service parameter update logic was
expanded to consider all scenarions in which the management
network and associated entities can be changed:
> The association between the management network and an interface
is changed via interface-network-assign and
interface-network-remove.
> The management network is currently assigned to an interface and
a network-address-pool association is created or removed.
> The management network is currently assigned to an interface and
an associated address pool is modified or deleted.
- Address pool overlaps
Validation for address pool overlaps are done when an attempt is
made to assign an address pool to a network (via
network-addrpool-assign) or to an interface (via host-if-add or
host-if-modify), and no longer when it is created. This means that
multiple address pools with overlapped ranges can be created, as
long as they are not assigned. The validation is also performed
when editing an address pool that is already assigned.
- Other validations
Several validations were made using the address pool name as
reference, which made mandatory the use of specific names for
certain address pools. All the validations are now made using
database relations as reference.
Test plan
=========
Installation tests
------------------
Systems: AIO-SX, AIO-DX
[PASS] TC1 - Installation/bootstrap/unlock on VirtualBox, IPv4
[PASS] TC2 - Installation/bootstrap/unlock on VirtualBox, IPv6
Online setup tests
------------------
System: AIO-SX
Stacks: IPv4, IPv6
Initial setup:
- Interface oam0: ethernet assigned to oam
- Interface mgmt0: ethernet assigned to mgmt and cluster-host
Procedure:
- Lock host
- Perform action
- Unlock host
- Check that interface config matches database
[PASS] TC3 - Modify network/prefix/ranges/addresses in the primary pool
[PASS] TC4 - Try to remove primary pool (fails)
[PASS] TC5 - Create secondary pool, assign secondary pool to network
[PASS] TC6 - Modify network/prefix/ranges/addrs. in the secondary pool
[PASS] TC7 - Remove secondary pool from mgmt network
[PASS] TC8 - Assign secondary pool to mgmt network again
Story: 2011027
Task: 50068
Depends-On: https://review.opendev.org/c/starlingx/config/+/917689
Change-Id: I7966674c4432ea6a101c7c517ced9ab535969acb
Signed-off-by: Lucas Ratusznei Fonseca <lucas.ratuszneifonseca@windriver.com>
This change enables modification of the address pools associated
to the OAM network via addrpool-modify and network-addrpool-add /
network-addrpool-remove commands.
Change summary
==============
- addrpool-modify
The command was expanded to allow for editing of parameters that
were previously unavailable:
- network
- prefix
- floating-address
- controller0-address
- controller1-address
- gateway-address
- network-addrpool-add / network-addrpool-remove
The commands allow changing associations for the OAM network
and trigger runtime reconfiguration for AIO-SX. For now, only
the secondary address pool association can be changed.
- oam-modify / oam-show
A deprecation warning was added to the commands.
Test plan
=========
Online setup tests
------------------
System:
- AIO-SX
- AIO-DX
Stacks:
- IPv4
- IPv6
[PASS] TC1 - Modify floating-address in the primary pool
[PASS] TC2 - Modify controller0-address in the primary pool
[PASS] TC3 - Modify controller0-address in the primary pool
[PASS] TC4 - Modify gateway-address in the primary pool
[PASS] TC5 - Try to modify only network/prefix in primary pool (fails)
[PASS] TC6 - Modify network/prefix/ranges/addresses in the primary pool
[PASS] TC7 - Try to remove primary pool (fails)
[PASS] TC8 - Add secondary pool
[PASS] TC9 - Modify network/prefix/ranges/addrs. in the secondary pool
[PASS] TC10 - Remove secondary pool
Installation tests
------------------
Systems: AIO-SX, AIO-DX
[PASS] TC11 - Installation/bootstrap/unlock on VirtualBox, IPv4
[PASS] TC12 - Installation/bootstrap/unlock on VirtualBox, IPv6
Story: 2011027
Task: 50003
Depends-On: https://review.opendev.org/c/starlingx/config/+/918088
Change-Id: Ic7346aebdd458b411bb07d20bfbd5ccaab437ef1
Signed-off-by: Lucas Ratusznei Fonseca <lucas.ratuszneifonseca@windriver.com>
The new label 'sriovdp-vhostnet=enabled' was added to allow
/dev/vhost-net and /dev/net/tun to be shared with containers.
When setting this label the needVhostNet parameter will be added to the
SR-IOV Network Device Plugin configuration file.
Test Plan:
PASS: assign the label and check that the devices appear inside the pod
PASS: remove the label and check that the devices won't appear inside
the pod
Story: 2011131
Task: 50167
Change-Id: I28d222222d854aecb7cb0f9e37ad39c64b106941
Signed-off-by: Caio Bruchert <caio.bruchert@windriver.com>
When updating the host DB record, no need to update the mgmt_ip
since the attribute has already been deleted from the DB.
Test plan:
PASS: Host add/update of a controller node
PASS: Host add/update of a storage node
Story: 2010722
Task: 49835
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
Change-Id: I1acaab48a65e5f4047e27aa2a54c3d35a28a5d7b
The RPC operation for evaluating whether applications need to be
reapplied was changed from a "call" operation to "cast". It is was also
moved from the Kubernetes upgrade complete step to the delete step
instead.
The "call" operation meant that the response back to the user would be
delayed when finishing a Kubernetes upgrade as well as when performing
other actions. Also, exceptions raised along the reapply checks would
raise unwanted errors during the k8s upgrade completion process. The
reapply operation was moved to the kube-upgrade-delete step, since
applications can now be post updated in between completion and deletion
steps, therefore it makes more sense to trigger the evaluation after all
apps have been updated.
Test Plan:
PASS: build-pkgs -a && build-image
PASS: AIO-SX fresh install.
lock/unlock node.
Confirm that the reapply evaluation operation was triggered.
PASS: Upgrade Kubernetes from 1.24 to 1.25.
Confirm that the reapply evaluation operation was triggered when
running kube-upgrade-delete.
PASS AIO-DX fresh install.
Switch node activity.
Confirm that the reapply evaluation operation was triggered
PASS Reinstall node
Confirm that the reapply evaluation operation was triggered
PASS Delete node
Confirm that the reapply evaluation operation was triggered
PASS: Modify node
Confirm that the reapply evaluation operation was triggered
Closes-bug: 2067641
Change-Id: Ifdf1b47f10a2c29bc6515a6a8132849e63da5704
Signed-off-by: Igor Soares <Igor.PiresSoares@windriver.com>
The change added all unit tests to the ceph-rook backend, the tests
include:
- tests about capabilities
- tests about services
- tests about deployment_model
All tests are for adding and modifying procedures, including valid and
invalid options in each test
Depends-On: https://review.opendev.org/c/starlingx/config/+/918749
Story: 2011117
Task: 50088
Change-Id: I06714f7e190221d835ecf7bc76f23726e6d5f1dc
Signed-off-by: Gustavo Ornaghi Antunes <gustavo.ornaghiantunes@windriver.com>
The host-stor-add command accepts adding new host-stor only if the
storage-backend is ceph, so now we need to change it to accept rook-ceph
as well.
This adds/modifies checks in host-stor-add to accept adding host-stor
OSD for new ceph-rook storage backend.
Test Plan:
- PASS: Check host-stor can be added with OSD function
- PASS: Check host-stor can be removed
Depends-On: https://review.opendev.org/c/starlingx/config/+/918749
Story: 2011117
Task: 50071
Change-Id: I660abab2313fd37cc20b2d255d355bba0d198613
Signed-off-by: Gustavo Ornaghi Antunes <gustavo.ornaghiantunes@windriver.com>
This adds an optional ceph-lv filesystem to the cgts-vg volume group
which will be used to establish ceph specific storage on controllers and
workers. The presence of this filesystem on a particular host will be
used to determine where containerized Ceph services will be provisioned
via Rook.
Additional followup commits will be submitted that adds state
information for the filesystem and institutes semantic checks limiting
when this filesystem can be added.
Other minor related changes:
- Rename is_filesystem_enabled() to is_host_filesystem_enabled() to
differentiate between controller and host filesystems
- Change FS_CREATION_ALLOWED to HOSTFS_CREATION_ALLOWED to
differentiate between controller and host filesystems
Test Plan:
- PASS: Install AIO-SX with bare-metal Ceph
- PASS: Install AIO-DX with bare-metal Ceph
- PASS: Install 2+2 with bare-metal Ceph
- PASS: add/remove optional ceph host-fs on controller-0/1
- PASS: add/remove optional ceph host-fs on worker
Change-Id: Iba08543374281922e4e1f44ec9bb3326f7a22c08
Story: 2011117
Task: 50036
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/918449
Signed-off-by: Robert Church <robert.church@windriver.com>
Upon investigation, we have identified an opportunity to enhance the
messaging within the sysinv.log file.
Currently, during the initialization process, DNSMasq is initiated
following the readiness of the management_ip (IPv4/IPv6) and the
file system.
However, during the initial unlock phase following a fresh install,
we observed delays in certain services receiving DNS query results
despite DNSMasq being operational.
This issue predominantly manifests during the first unlock
post-installation, affecting services such as sysinv-api and
sysinv-conductor.
Consequently, error messages are logged in the sysinv.log as these
services encounter difficulties.
Fortunately, this issue does not adversely impact system functionality
as the SM effectively restarts these services.
To mitigate these error messages and ensure smoother operation,
we've introduced a new dependency within the SM.
Now, the sysinv-api service will commence only after DNSMasq is
operational, thereby reducing the likelihood of DNS-related issues
during startup.
However, due to constraints related to host-swact, a similar adjustment
cannot be made for sysinv-conductor at this time.
Additionally, we refined the DNSMasq start script to return only upon
successful resolution of a DNS query, streamlining its initialization
process.
Test Plan
AIO-SX fresh install
AIO-DX fresh install
AIO-DX host-swact
Story: 2010722
Task: 50220
Change-Id: I546a85861415d9b12c9073625ca5d2db6ebfa2e6
Signed-off-by: Fabiano Correa Mercer <fabiano.correamercer@windriver.com>
This commit adds support for creating and deleting a controller
filesystem. At the moment, only the creation of the controller
fs 'ceph-float' is allowed, used to establish ceph-specific
storage on controllers for Rook Ceph support.
The states below were introduced:
- 'drbd_fs_creating_in_progress': Status when creation is in
progress. The standby controller must be locked when using
the fs command.
- 'drbd_fs_creating_on_unlock': Status when using the create fs
command after bootstrap and before the first unlock of
controller-0.
- 'drbd_fs_deleting_in_progress': Status when deletion is in
progress. The standby controller must be locked when using
the fs command.
- 'drbd_fs_update_error': Status that indicates that there was a
failure in creation/deletion, with the possibility of retry
to be successful.
* A new alarm was added to FM for controller-fs: 800.105.
Test Plan:
PASS: AIO-SX / AIO-DX / Standard -> fresh install with Ceph Bare
Metal using designer build with topic changes + Check that
there is no interference or errors.
PASS: AIO-DX -> Standby controller locked and ceph-rook as
storage-backend + controller-fs add ceph-float=<size> +
checking if everything is created correctly: lv, drbd and
SM services.
PASS: AIO-DX -> After bootstrap, add ceph-rook as storage backend
+ use controller-fs add ceph=<size> + check if controller_fs
went to creation state on unlock + continue installation and
check if after unlock controller-1 if everything is created
correctly.
PASS: AIO-DX -> with the ceph filesystem created, modify (resize)
the new filesystem and some of the default ones, checking
that is working properly.
PASS: AIO-DX -> Lock/unlock + swact tests.
PASS: AIO-DX -> Standby controller locked + controllerfs-delete
ceph + checking if everything is deleted correctly: lv, drbd
and SM services.
PASS: Force operation to go to the state "drbd_fs_update_error" +
Check if the alarm 800.105 is raised + retry the command that
failed + Verify that the execution was successful and the
alarm was cleared.
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/919078
Story: 2011117
Task: 50073
Change-Id: I57dd9669ad8cddea81ec0692cd11435dae27dce4
Co-Authored-By: Robert Church <robert.church@windriver.com>
Signed-off-by: Gabriel de Araújo Cabral <gabriel.cabral@windriver.com>
This changes are done to support dependency of dual-stack
ansible bootstrap on ansible-playbooks.
Address-pool no longer looked-up based on hard-coded pool name
(e.g. management), rather derived from sysinv/database based on
network-type.
Note: Dual stack support for DC systems will be implemented in
a follow-up review.
TEST PLAN:
PASS: AIO-SX dual-stack bootstrap: primary IPv6, secondary IPv4
dual-stack config on localhost.yml as following:
external_oam_subnet: fd00::/64,10.20.5.0/24
external_oam_gateway_address: fd00::1,10.20.5.1
external_oam_floating_address: fd00::10.20.5.3,10.20.5.3
external_oam_node_0_address: fd00::10.20.5.4,10.20.5.4
external_oam_node_1_address: fd00::10.20.5.5,10.20.5.5
management_subnet: fd01::/64,192.168.204.0/24
management_multicast_subnet: ff08::1:1:0/124,239.1.1.0/28
cluster_host_subnet: fd02::/64,192.168.206.0/24
cluster_pod_subnet: fd03::/64,172.16.0.0/16
cluster_service_subnet: fd04::/112,10.96.0.0/12
management_start_address: fd01::1,192.168.204.1
dns_servers:
- fd00::1
Successful bootstrap
system addrpool-list: shows both primary and secondary
pools with correct addresses
ip addr show: see mgmt/oam/cluster-host dual-stack
ip route/ ip -6 route: default routes for oam
Pods e.g. coredns showing dual-stack IP (correct address)
unlock successful
PASS: AIO-SX dual-stack bootstrap: primary IPv4, secondary IPv6
dual-stack config on localhost.yml as following:
external_oam_subnet: 10.20.1.0/24,fd00::/64
external_oam_gateway_address: 10.20.1.1,fd00::1
external_oam_floating_address: 10.20.1.3,fd00::10.20.1.3
external_oam_node_0_address: 10.20.1.4,fd00::10.20.1.4
external_oam_node_1_address: 10.20.1.5,fd00::10.20.1.5
management_subnet: 192.168.204.0/24,fd01::/64
management_multicast_subnet: 239.1.1.0/28,ff08::1:1:0/124
cluster_host_subnet: 192.168.206.0/24,fd02::/64
cluster_pod_subnet: 172.16.0.0/16,fd03::/64
cluster_service_subnet: 10.96.0.0/12,fd04::/112
management_start_address: 192.168.204.1,fd01::1
dns_servers:
- 128.224.144.130
Successful bootstrap
system addrpool-list: shows both primary and secondary
pools with correct addresses
ip addr show: see mgmt/oam/cluster-host dual-stack
ip route/ ip -6 route: default routes for oam
Pods e.g. coredns showing dual-stack IP (correct address)
unlock successful
PASS: AIO DX primary:IPv4, secondary:IPv6
bootstrap and unlock and swact to see nothing breaks
PASS: AIO DX primary:IPv6, secondary:IPv4
bootstrap and unlock and swact to see nothing breaks
PASS: Standard primary:IPv4, secondary:IPv6
bootstrap and unlock to see nothing breaks
PASS: Standard primary:IPv6, secondary:IPv4
bootstrap and unlock to see nothing breaks
PASS: AIO SX IPv4: bootstrap and unlock and backup/restore
PASS: AIO SX IPv6: bootstrap and unlock and backup/restore
PASS: DC IPv4 (DX system controller, SX subcloud):
- bootstrap and unlock to see nothing breaks
- subcloud bootstrap replay: change networking config
(added secondary IPv6 stack on management_subnet)
of subcloud's localhost.yml and re-run bootstrap
playbook: addrpool-list and "ip addr show" reflects
changes.
Story: 2011027
Task: 50144
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/917254
Change-Id: Id0ac553abdd8affbfa2fe18853e9100ae6aa5226
Signed-off-by: Tara Nath Subedi <tara.subedi@windriver.com>
This commit introduces changes to make ceph-mon API available
only for systems that have Ceph as the storage backend.
Test Plan:
PASS: AIO-SX/AIO-DX/Standard -> Fresh install with Ceph bare
metal.
PASS: In the above systems, Check that all ceph-mon commands do
not have restrictions on the system's storage backend and
are working properly.
PASS: AIO-DX -> Fresh install with Rook Ceph as storage-backend
+ Check if the restriction is present when attempting to
create a ceph-mon.
PASS: AIO-DX -> Fresh install without any storage backend +
Check if the restriction is present when attempting to
create a ceph-mon.
Story: 2011117
Task: 50098
Change-Id: I700cee85f574869e87c091fb3b9a478a3b569e0a
Signed-off-by: Gabriel de Araújo Cabral <gabriel.cabral@windriver.com>
This change add/delete/modify storage-backend commands,
including the following changes:
- Check if there is ceph or ceph-rook in the system, only one is
allowed, never both
- deployment_model argument, use: -d or --deployment
- Add default deployment model for ceph-rook backend
- disallow if the deployment model it not supported
(supported values: controller, dedicated and open)
- Initial state for ceph-rook backend is configuring-with-app
- Add default services for ceph-rook backend
- Add supported services check for ceph-rook backend
- disallow modify ceph-rook backend if deployment model is from
controller to dedicated if controller hosts has OSDs deployed
- disallow modify ceph-rook backend if deployment model is from
dedicated to controller if worker hosts has OSDs deployed
Test Plan:
- PASS: allow/disallow adding ceph-rook backend if ceph already in
system
- PASS: Check if the deployment model value is added in capabilities
column in storage_backend
- PASS: Check if it is not allowed to insert/modify another type of
deployment model in storage_backend.
- PASS: Check if storage_backend state is aligned with host lock/unlock
- PASS: Check that when host is unlocked the storage_backend state has
been updated.
- PASS: Check if default values have been added to storage_backend
- PASS: Check if it is not allowed to insert/modify another type of
service in storage_backend services
- PASS: Check if modify ceph-rook backend is allowed from controller to
dedicated if controller hosts has not OSDs deployed
- PASS: Check if modify ceph-rook backend is allowed from dedicated to
controller if worker hosts has not OSDs deployed
- PASS: Check if delete ceph-rook backend is allowed only if the app
does not exist
- PASS: Check if ceph-rook backend can not be modified if app is in
transition state
Story: 2011117
Task: 50062
Change-Id: I5be1323d3ac08cff02d859bd8e414814bc378c4f
Signed-off-by: Gustavo Ornaghi Antunes <gustavo.ornaghiantunes@windriver.com>
This update made various improvments to the ipsec-config's ocf script
to make it more resillient to error conditions. Particularly when the
swanctl.conf points to the wrong version of config file, the
ipsec-config service will correct it based on whether the host is
active or standby controller.
Test Plan:
PASS: In a DX system, swact controllers back and forth, verify after
swact, swanctl.conf points to the correct version of swanctl
config file, IPsec SAs established, both controllers are in
unlocked|enabled|available state.
PASS: In a DX system, lock standby controller, then force reboot active
controller by "reboot -f", verify that the swanctl.conf points to
the swanct_standby.conf when it boots up, and then it is
corrected to point to swanctl_active.conf by ipsec-config when SM
services start up, also IPsec SAs are established between
controllers. Eventually both controllers are in
unlocked|enabled|available, system is stable with no reboot.
PASS: In a DX system, reboot both controllers, verify that the
swanctl.conf points to the swanct_standby.conf when they boot up,
then the symlink on active controller is corrected by
ipsec-config when SM services start up, also IPsec SAs are
established between controllers. Eventually both controllers are
in unlocked|enabled|available, system is stable with no reboot.
PASS: In a DX system, manually link a wrong config file to
swanctl.conf, verify that the ipsec-config service correct it.
Story: 2010940
Task: 50198
Change-Id: I9fc028eb7a0ed296f9dd47b92c2b53302e845ac3
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Namespace not found error message is shown in sysinv.log when an application that has a specific namespace is uploaded.
This log is expected and has no impact on the system. This
happens due to the command "kubectl -k <manifest_dir>
--dry-run=server". If the application has a specific namespace that
the system does not yet have, the command shows this error. But
there is nothing to worry about, as the namespace is created within
the apply process.
To avoid misinterpretations, this log has been suppressed.
Test Plan:
PASS: Add the new log to kube_app.py and restart sysinv.
PASS: During the application upload process, the log that says the
namespace was not found no longer appears.
Closes-Bug: 2067070
Change-Id: I6e56c338c9789c686381c330be65ec109a3f0b50
Signed-off-by: David Bastos <david.barbosabastos@windriver.com>
Cgtsclient uses post method of request module to upload files and
does not use, verify and cert options of post method. This cause
failure when doing insecure upload like in license-install command.
This change updates cgtsclient to use verify and cert options of
post method, when using upload commands.
Test Plan:
PASS: Verify upload with SessionClient using verify & cert options
PASS: Verify upload with HTTPClient using verify & cert options
PASS: Verify insecure, ca-file, cert-file & key-file in cgtsclient
Closes-Bug: 2067447
Change-Id: Icb9aca3d69ddd2e8b7882f0ce6907f18feccd28e
Signed-off-by: Joseph Vazhappilly <joseph.vazhappillypaily@windriver.com>
This commit fixes the support for StarlingX applications that do not
provide any plugins, also known as generic apps. Two changes were
required to fix that regression:
* Check if the app is generic when retrieving its charts. A previous
commit [1] introduced a check to verify whether charts are enabled,
which caused false negatives because generic apps do not provide
plugins to tell if they are enabled or disabled. In light of that,
all charts provided by generic apps should be considered as enabled.
* Swap the order that the "_get_list_of_charts" and
"generate_helm_application_overrides" methods are called during the
application apply process. The call to
"generate_helm_application_overrides" requires application charts to
be passed as a parameter, so "_get_list_of_charts" should be called
first.
In addition, an error log message was added to cover the scenario where
no application charts are found. That will provide better information
for developers that eventually makes mistakes when structuring their
apps. Otherwise, the apply process would silently abort with no clear
error.
[1] 967eedadb7
Test Plan:
PASS: build-pkgs -a && build-image.
PASS: AIO-SX fresh install.
PASS: Upload/apply/remove/delete generic app.
PASS: Upload dell-storage app.
Enable csm-replication replication chart.
Apply user overrides.
Apply dell-storage.
Confirm that the enabled chart was installed.
Remove/Delete dell-storage.
Closes-bug: 2067430
Change-Id: Ib6fbd53209e19b12c5dbedc3584e04f8261363f4
Signed-off-by: Igor Soares <Igor.PiresSoares@windriver.com>
Convert keystone database migration to a migration script at major
release deploy activate, to replace the logic in [1].
[1]: https://opendev.org/starlingx/config/src/branch/master/controllerconfig/controllerconfig/controllerconfig/upgrades/management.py#L340-L354
Story: 2010676
Task: 50081
TCs:
Passed: USM major release deploy activate completed successfully
Passed: USM major release deploy activate failed
Passed: USM major release deploy activate after activate failed
Change-Id: Ie6529733c2db231db03d7253a8a716cb0899fd8a
Signed-off-by: Bin Qian <bin.qian@windriver.com>
Region name was not being correctly updated to match correct value.
This lead to the VIM services having the wrong region name and failing.
TEST PLAN
PASS: On SX subcloud (with UUID region name), verify VIM config for
correct region names
Story: 2011045
Task: 50208
Change-Id: I896b1bf8898886ee5962bb4cce6e955a70a91ff7
Signed-off-by: Joshua Kraitberg <joshua.kraitberg@windriver.com>