fm-api.service CPUShares is reduced to 512 out of 1024 since
it exhibits severe CPU hog behaviour for extended periods.
This is part of an overall set of adjustments are required for systemd
cgroups CPUShares, CPUQuota, and AllowedCPUs for key system services.
This will improve latency of Kubernetes critical components, and
throttles lesser important services.
Partial-Bug: 2084714
TEST PLAN:
AIO-SX, AIO-DX, Standard, Storage, DC:
- PASS: Fresh install
- PASS: verify systemd parameters for fm-api
Example:
systemctl show fm-api.service | grep -e CPUShares
AIO-SX, AIO-DX:
- PASS: BnR
- PASS: K8S orchestrated Upgrade 1.24 - 1.29
Change-Id: I5581036d325cb9ed615324ebf6eff2b9820b051c
Signed-off-by: Jim Gauld <James.Gauld@windriver.com>
Some alarm and event exceptions in fm-rest-api are returning
HTTP 500 instead of the correct status code. This issue is related
to the exception class being used.
This commit corrects the returned value and prevents the default
exception from being generated.
Test Plan:
PASS: Apply the changes to the system. Use the 'fm alarm-show' or
'event-show' commands with a non-existent UUID. Verify that
the correct code is returned in both logs and console output.
PASS: Force other errors, such as invalid parameters (400) and
unauthorized access (401), and verify that the returned code
matches the expected value.
closes-bug: 2080697
Change-Id: Ie91dc3bba8efa0e1e47678f18710c83d97eb2905
Signed-off-by: fperez <fabrizio.perez@windriver.com>
StarlingX stopped supporting CentOS builds in the after release 7.0.
This update will strip CentOS from our code base. It will also remove
references to the failed OpenSUSE feature as well.
Story: 2011110
Task: 49950
Change-Id: I6b5f5d828ae11f9fe8de5e1e74db94a4b6d82011
Signed-off-by: Scott Little <scott.little@windriver.com>
Added in the following tox targets for fm-rest-api:
- bandit
- flake8 / pep8
- pylint (suppressing most of the codes)
All the tox targets run on python3
The test-requirements.txt have been updated
The StarlingX Debian upper constraints are utilized.
The spec-lint (rpm) job is removed from Zuul.
Zuul runs pylint for sub directories
Bandit exclusions are updated.
Included a change to a .py file to trigger
the bandit zuul job.
Test Plan (for fm-rest-api)
PASS: tox -e bandit
PASS: tox -e coverage
PASS: tox -e flake8
PASS: tox -e pylint
Story: 2010531
Task: 47575
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: I7ecaf1c90495b283c26e02e3b481bfe4c77c3939
The Debian packaging has been changed to reflect all the
git commits under the directory, and not just the commits
to the metadata folder.
This ensures that any new code submissions under those
directories will increment the versions.
All packages have a higher version than before the change.
Test Plan:
PASS: build-pkgs -c -p fm-api
PASS: build-pkgs -c -p fm-common
PASS: build-pkgs -c -p fm-doc
PASS: build-pkgs -c -p fm-mgr
PASS: build-pkgs -c -p fm-rest-api
PASS: build-pkgs -c -p python-fmclient
Story: 2010550
Task: 47226
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: I65e881ba96512d2eaba25c44332d5ae82efea502
This change reorganizes the source directories of the stx-fm-rest-api
container to be reused by both CentOS and Debian Dockerfiles in order
to build the images having the corresponding OS-specic base.
As part of this, the fm-api, fm-rest-api, fm-common and
python-fmclient packages have been ported in order to generate deb
files that contain .whl.
Test plan:
PASS: Build debian iso and perform fresh install. Verify fm commands are
working as expected.
PASS: Build python3 wheels tarball on Debian. Verify fm, fm_api, fm_core
and fmclient .whl files are added.
PASS: Build Debian-based container and push it to a public registry.
Apply openstack application and update the fm-rest-api url to pull
this new image. Verify that:
- pods are up and running with the new image/tag specified.
- the container is running on Debian.
- from inside the container, fm querys are working as expected.
Story: 2009831
Task: 46634
Depends-On: https://review.opendev.org/c/starlingx/config/+/862498
Signed-off-by: Enzo Candotti <enzo.candotti@windriver.com>
Change-Id: I2b35139f8775141e39f97a5a6037c5de2b4d5d76
Remove the fm-rest-api preset file since it will
be managed centrally going forward and not on per-package basis.
Test Plan
Build Package
Build ISO
Install ISO
Check for non-existant
/etc/system/system-preset/fm-reset-api.preset
Story: 2009968
Task: 46406
Depends-On: https://review.opendev.org/c/starlingx/integ/+/853653
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: Ic3ec52bfb985c9e06d654476e6913ab897b67eb2
Removed conf files from /etc/pmon.d/
as they are being moved to another location.
This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.
The change is debian-only, since centos support
will be dropped soon.
Centos' pmon conf files remain in /etc/pmon.d/
Test Plan:
PASS - deb doesn't install anything to /etc/pmon.d/
PASS - AIOSX unlocked-enabled-available
PASS - Standard 2+2 unlocked-enabled-available
Story: 2010211
Task: 46303
Depends-On: https://review.opendev.org/c/starlingx/metal/+/855095
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I6675cb2f567fe5b9b62842d0428e672633078281
This commit implements the access control for all FM APIs. An incomplete
list of FM APIs can be found at
"https://docs.starlingx.io/api-ref/fault/api-ref-fm-v1-fault.html". Unit
tests will be created in other task.
All access control rules can be overwritten through file
"/etc/fm/policy.yaml". Any change in file "/etc/fm/policy.yaml" is
automatically detected by policy engine and the rules are updated.
Differently from other APIs, which have as default rule to enforce that
all users using the API are present in either project "admin" or
"services", all read-only actions (GET requests) of FM API are allowed
for any user, so it only requires "reader" role (that is the lowest
role). Other actions require the user to have "admin" role and to be
present in either project "admin" or "services".
As all system users of StarlingX have "admin" role and are present in
either project "admin" or "services", the default rules for FM API
allows any system users to execute any action, so there should be no
regression with the change introduced here.
To test the access control of FM API, the following commands will be
used:
fm alarm-list
fm alarm-show <uuid>
fm alarm-summary
fm alarm-delete <uuid>
fm event-list
fm event-show <uuid>
fm event-suppress --alarm_id <alarm_id>
fm event-suppress-list
fm event-unsuppress --alarm_id <alarm_id>
fm event-unsuppress-all
On test plan, these commands will be reffered as "test commands".
Note: there is one FM API that is not tested by the commands above,
that is the creation of alarms ("fm_api:alarm:create"). This API will
be tested indirectly by observing the system successfully creating
alarms in the deployed environment.
Test Plan:
PASS: Successfully deploy an AIO-SX using an Debian image with this
commit present. Successfully create, through openstack CLI, the users:
'testreader' with role 'reader' in project 'admin',
'adminsvc' with role 'admin' in project 'services' and
'otheradmin' with role 'admin' in project 'notadminproject'.
Create openrc files for all new users. Note: the other user that will be
used is the already existing 'admin' with role 'admin' in project
'admin'.
PASS: In the deployed AIO-SX, check the behavior of test commands
through different users: for "admin" and "adminsvc" users, all commands
are successful; for users "testreader" and "otheradmin", only the
commands "alarm-delete", "event-suppress", "event-unsuppress" and
"event-unsuppress-all" fail. Observe also that the system is able to
create alarms during its operation.
PASS: In the deployed AIO-SX, add the following lines in file
"/etc/fm/policy.yaml":
fm_api:alarm:create: role:admin
fm_api:alarm:delete: role:admin
fm_api:alarm:get: role:admin
fm_api:alarm:modify: role:admin
fm_api:event_log:get: role:admin
fm_api:event_suppression:get: role:admin
fm_api:event_suppression:modify: role:admin
and check that all test commands are successful through user
"otheradmin" and that all test commands fail through user "testreader".
Observe also that the system is able to create alarms during its
operation.
PASS: In the deployed AIO-SX, to assert that public API works without
authentication, execute the commands:
"curl -v http://<MGMT_IP>:18002/" and
"curl -v http://<MGMT_IP>:18002/v1/" and
verify that they are accepted and that the HTTP response is 200,
and execute the commands:
"curl -v http://<MGMT_IP>:18002/v1/alarms" and
"curl -v http://<MGMT_IP>:18002/v1/event_log" and
verify that they are rejected and that the HTTP response is 401.
PASS: In the deployed AIO-SX, check through Horizon interface that Fault
Management works correctly (showing alarms and events, allowing events
to be suppressed).
PASS: Repeat all tests above changing the deploy to AIO-DX using an
CentOS image.
Story: 2010149
Task: 46123
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I3db6d0464d8d53c4dfbc761663be1712141b8b93
Created a duplicate install of /etc/pmon.d/*.conf files
to /usr/share/starlingx/pmon.d/
This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.
Test Plan:
PASS: duplicate conf on deb
Story: 2010211
Task: 46110
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I7c66c4806024e8d6bb54609bab8f05b0b6f1d5df
This work is part of Debian integration effort.
This fixes issues seen during bootstrap.
This work unifies and enhances:
https://review.opendev.org/c/starlingx/fault/+/833935https://review.opendev.org/c/starlingx/fault/+/834950
Package binary to correct location.
Fix configuration file ownership.
Let debhelper install the services. Add systemd preset.
Tests on Debian:
PASS: build-pkgs && build-image
PASS: install iso && check the 2 services
PASS: bootstrap with fm workarounds
PASS: unlock
Depends-On: https://review.opendev.org/c/starlingx/fault/+/836660
Story: 2009101
Task: 44321
Co-authored-by: Chuck Short <charles.short@windriver.com>
Co-authored-by: aoliveir <adriano.oliveira@windriver.com>
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I7d460bb7a3ffba429fce42e6dab72fc88e2bc885
Here is added a hook to the WSGI compliant Pecan server that receives
the Fault Management API requests. This hook logs the needed request
data to "/var/log/fm-api.log". All requests are logged except the
ones of "GET" type.
The code is a port from the same hook that exists in
"starlingx/config" repository, also called "AuditLogging".
Note: there are no "POST" or "PUT" requests available in Fault
Management API v1.
Test Plan:
PASS: Successfully deploy an AIO-SX and verify that the logs of
"fm-api" service are present in file "/var/log/fm-api.log".
PASS: In the deployed AIO-SX, execute command "fm alarm-list" and
check that no GET requests was logged in "fm-api.log".
PASS: In the deployed AIO-SX, execute command "fm alarm-delete 1111"
and check that a "DELETE /v1/alarms/1111" request was logged in
"fm-api.log" with status "404".
PASS: In the deployed AIO-SX, execute command
"fm event-suppress --alarm_id <alarm_id>" and check that a
"PATCH /v1/event_suppression/<uuid>" request was logged in
"fm-api.log" with status "200".
PASS: Successfully build all packages of this repository as Debian
packages: fm-api, fm-common, fm-doc, fm-mgr, fm-rest-api and
python-fmclient.
Story: 2009824
Task: 44468
Depends-On: https://review.opendev.org/c/starlingx/config-files/+/828200
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I25bf662ed9e792b30ae1f90329bd35b918f0a5f7
Recently, LOCI changed its default so images are python3 if nothing is
specified at the *docker_image files. With the recent upversion of LOCI
in the build tools [1], we need to explictly set PYTHON3=no to images
that are still using python2. This commit fixes the StarlingX images to
use this parameter
TEST PLAN
PASS build the stx-fm-rest-api image on the stable branch
[1] 00bd632a68
Closes-Bug: #1958696
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Icc80f5ca3f2031537e45ab8ff35420250522cb34
Add debian packaging infrastructure for fm-api
so we can create a debian packaging for it.
Also update the directory layout due to limitations
of the STX tool. Update the centos build information
to reflect the new layout.
Story: 2009101
Task: 43091
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I5c9784647581f31384d7475f596663adc0d26498
Add support for Debian bullseye which runs python3.9.
This was tested by running tox locally on a Debian bullseye
VM.
Story: 2006796
Task: 42941
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I5568b85a365104fdbca2af7adcf9f289001baea0
Handle http client exceptions for non-admin
users. This is because some alarms/events
metadata are not available for them.
For example if the call fails the user will see the a
value like:
"host=controller-1.port=enp0s8"
instead of:
"host=controller-1.port=0cbb441a-874d-418e-bd57-7aa1b8ab0044"
Before this if an error in translation happened, the user
experienced an alert badge saying "Unable to retrieve
Events", then the user seen an empty table.
Story: 2009077
Task: 43093
Signed-off-by: Pablo Bovina <pablo.bovina@windriver.com>
Change-Id: I68eeb103a6fe97beb1fb7969a1cd9503210cdcb0
Fixed a typo for accessing a configuration resource.
Fixed a python3 script called by fmManager on initialization. It was
modifying a dictionary while parsing it using an iterator, which doesn't
guarantee all initial elements are visited. The fm database
event_suppression table was left in a bad state, thus alarm list and
alarm summary were empty.
Tests:
- build and deploy from iso
- tested with the fm_api_test.py provided in the repo
- tested some of the commands by raising a config out of date and
targeting the raised alarm
- fm alarm-list, alarm-delete, alarm-show, alarm-summary, event-list,
event-show, event-suppress-list, event-suppress, event-unsuppress,
event-unsuppress-all produce relevant output
Story: 2008454
Task: 42632
Depends-On: I2d0f4c2c85ea8057258d56632a102b2eac7db388
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: Ib3d5276c4a669a3f3f123470c31edf7a07751eaa
(cherry picked from commit c18a7865c6f3605aa3abfe2dcf83723fc1955108)
- Replace 'range' with six.moves.range.
- Replace 'zip' with six.moves.zip.
- Replace 'map' with six.moves.map.
- Replace dict.keys() with list(dict.keys()) to get a list on Python
3. On Python 3, dict.keys() now returns a view.
- Fix 'TypeError: unorderable types: NoneType() < int()' for python3
- Python 3 changed the iso8601 module iso8601.iso8601.Utc()
function to iso8601.UTC. This is compatible with Python2.7.
Testing:
1. Built new fm-rest-api rpm package.
2. Built new ISO with newer fm-rest-api and installed fine.
3. Checked for an exception in the logs while running "fm event-list".
4. Ran "fm alarm-list" without a problem.
Story: 2006729
Task: 42256
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I2d0f4c2c85ea8057258d56632a102b2eac7db388
(cherry picked from commit b91aaaab9092acc97166d2cccdb11c5d1b2569b9)
The fm-api service is not properly started since the status logic is
wrong.
Updated the status logic to drop the regex approach and use the PIDFILE
instead.
There is a confirm_stop logic step which still needs to use the regex
approach because the main process spawns children. Updated the regex
for confirm_stop logic step. Now looking for /usr/bin/pythton3 and
/usr/libexec/platform-python.
Story: 2008454
Task: 42631
Depends-On: I970c2600475e32f2c5fb815738a2fe79f99a5b17
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: Ia77988ce282ea17de84b89e833ec686df342b3c4
(cherry picked from commit 4d5c6c7f21f3b44bd2ec7c55c820a5242384198d)
Centos 8 uses python3 by default so check for running python3
process as well.
Story: 2008454
Task: 42370
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I970c2600475e32f2c5fb815738a2fe79f99a5b17
(cherry picked from commit 4958c7be50f7af240231151d6545fc8e83141306)
System UUID not required to be part of alarms summary.
This is also needed to allow non-admin users to read
alarms summary.
Story: 2009077
Task: 42995
Signed-off-by: Pablo Bovina <pablo.bovina@windriver.com>
Change-Id: I55c0cb297be7e86d31bce116e8ba20a2162d2f04
The tox jobs for fault are having problems with a
timeout, which appears to be related to how long it takes
to setup the python requirements.
This update tries to limit the scope for yamllint, and
eliminate some of the sdist related actions.
pylint has been relocated to the test-requirements file.
The usedevelop = False is required for the base tox.ini
because there are no setup files at that directory level.
Several pylint errors had to be suppressed, and will be
restored once py3 changes are merged from centos8 branch.
Story: 2008943
Task: 42967
Signed-off-by: albailey <Al.Bailey@windriver.com>
Change-Id: Icc8747226511f0be614df20800813fe4eb9e6b96
flake8 2.5.5 fails on ubuntu-focal zuul machines running python3.8
with the following error:
AttributeError: 'FlakesChecker' object has no attribute 'CONSTANT'
Fixed:
E117 over-indented
E741 ambiguous variable name
F841 local variable is assigned to but never used
Per-Line-Suppressed:
E402 module level import not at top of file
F632 use ==/!= to compare constant literals
Global Suppress:
W504 line break after binary operator
W605 invalid escape sequence
The suppressed errors can be fixed by later submissions.
Change-Id: I2df3ece427f0c84ce16c1a82f4d9f0c9a5a6982b
Partial-Bug: 1895054
Signed-off-by: albailey <Al.Bailey@windriver.com>
This commit modifies the ownership and access privilege of the
fault manager config file to the fm user only.
Verified the ownership and permission of /etc/fm/fm.conf after
successfully installed and unlocked a controller. No extra error
message is produced in fm-manager.log and fm-event.log. And fm
commands are functional.
Change-Id: Ief675bbe08c00bb106b7fdd6b5db46364192c69c
Closes-Bug: 1887444
Signed-off-by: Yuxing Jiang <yuxing.jiang@windriver.com>
This update changed the TIS_PATCH_VER to use the PKG_GITREVCOUNT
variable to auto-version the packages.
Adds an upper constraint to fm-rest-api to pass zuul.
Story: 2006740
Task: 39842
Change-Id: I4a180f1395ff9764ecc9d617a514e265db670b9c
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
stestr was upgraded to 3.0.0 on Mar. 26 and it does not support py27.
Update test requirements accordingly so py27 tests will use earlier version.
Change-Id: Ia481a4609d81ad4d225aeb6ec3ab0cc3a9e18ae5
Closes-Bug: 1869777
Signed-off-by: Gerry Kopec <gerry.kopec@windriver.com>
add test class DbSyncTestCase
add test case for migration database sync
Story: 2007082
Task: 38152
Depends-on: https://review.opendev.org/#/c/702823/
Signed-off-by: SidneyAn <ran1.an@intel.com>
Signed-off-by: chenyan <yan.chen@intel.com>
Change-Id: I8121dedae7e4319a454dc128a591f74ef066c149
As of March 1, when jobs run on ubuntu-xenial, they fail
to run py27 and py35 jobs with an error similar to:
/usr/bin/python3 -m virtualenv --no-download
--python /usr/bin/python2.7 py27
ImportError: cannot import name 'ContextManager'
It does not appear to impact the ubuntu-bionic nodes so
updating zuul to use those nodes.
bionic nodes do not support python3.5, so the py35 jobs
is now converted to py36.
Partial-Bug: 1865554
Change-Id: Iad13d03ced21294d1a02c82f4e1e37cac3f27ee7
Signed-off-by: albailey <Al.Bailey@windriver.com>
As new unit tests are being added, the coverage target
helps to view their impact.
Story: 2007082
Task: 38836
Change-Id: I2d57aac7c633ab358a2d31bfc8d8a8635931527f
Signed-off-by: albailey <Al.Bailey@windriver.com>
Add add the first unit test for fm-rest-api/fm/fm/common/timeutils.
Add tox task for py27/35 as zuul checking and gating jobs.
Story: 2007082
Task: 38077
Change-Id: I2f259dcf2178f42546966063c0d724bc17e2a804
Signed-off-by: chenyan <yan.chen@intel.com>
Some of the fault components rely on having all the dependencies
installed in the StarlingX ISO so having missing dependencies listed
in the spec files is not an issue. However, when we take those compo-
nents and run them in a non StarlingX installation these problems
started to arise.
This patch is the result of the analysis of all imports and a manual
execution of the fault components in opensuse. This is a summary of
the findings:
- fm-api: This component imports `fm_core` which is provided by
`fm-common` but not listed in the dependencies. Same
case for `six` module.
- fm-mgr: `fmManager` links to `libfmcommon` but is not listed in the
requirements. Also, it expects to find the `/etc/fm/events.yaml`
file which is provided by `fm-doc`.
- fm-rest-api: A set of imports that are missing. This component also
depends on other StarlingX compoments.
- python-fmclient: Missing python imports.
Story: 2006684
Task: 36971
Change-Id: I6719ab8a8d9a35d105be1c6f7dac57b855da543e
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
The rpmlint tool complains about having duplicated files in these
two packages. The %fdupes macro helps to remove these duplicated
files and thus pass rpmlint checks.
Story: 2006508
Task: 36867
Change-Id: I031352e06c74da65dc62b9a6c51dbb87371432d1
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
These files are part of OBS infrastructure and shouldn't be part of
this repository.
Story: 2006508
Task: 36862
Change-Id: I8cc056a49a888352d8dbb03b2a55e86549e6a45a
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
All opensuse version are being standardize with the same format,
this requires that all components will change from 1.0 to 1.0.0.
Story: 2006508
Task: 36811
Change-Id: I301759895e4ed816633daa6595d5f60f2f1d59c7
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
The rpmlintrc files helps to configure the behavior of the rpm linter
executed by the opensuse build system. This patch adds the rpmlintrc
files that were defined in the opensuse build system.
Story: 2006508
Task: 36799
Change-Id: If75264e809bb78bbcff1dd474b1a5fc1819ac193
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
