The Zuul upper-constraints env variable declaration needed
to be added to tox.ini otherwise an older constraints
was being used which does not work with newer
versions of python.
Partial-Bug: #1997255
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ie912dc7ae3f9f1639311f0c1f5cf62070f44909d
Move the packages of "fault" from stx-std.lst to debian_iso_image.inc
Test Plan:
Pass: build-pkgs -c -a
Pass: build-image
Pass: boot
Story: 2008862
Task: 46841
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: Ic58349d7b1adce50fb28c6c843967da8c908dd02
The events.yaml file contains every alarm and log used by platform and
openstack. There is no way to know which one relates to one or
the other.
In order to know that, it is required an additional field as part of
each record to differential between platform and openstack.
Story: 2010143
Task: 46723
Test plan
PASS: Build the fm-api and fm-doc packages.
Install fm-api first and then fm-doc.
No errors are found during build and installation process.
Signed-off-by: Agustin Carranza <agustin.carranza@windriver.com>
Change-Id: I8598afc77d27d107c4f9a108dd46b2ebc79b30a1
This change reorganizes the source directories of the stx-fm-rest-api
container to be reused by both CentOS and Debian Dockerfiles in order
to build the images having the corresponding OS-specic base.
As part of this, the fm-api, fm-rest-api, fm-common and
python-fmclient packages have been ported in order to generate deb
files that contain .whl.
Test plan:
PASS: Build debian iso and perform fresh install. Verify fm commands are
working as expected.
PASS: Build python3 wheels tarball on Debian. Verify fm, fm_api, fm_core
and fmclient .whl files are added.
PASS: Build Debian-based container and push it to a public registry.
Apply openstack application and update the fm-rest-api url to pull
this new image. Verify that:
- pods are up and running with the new image/tag specified.
- the container is running on Debian.
- from inside the container, fm querys are working as expected.
Story: 2009831
Task: 46634
Depends-On: https://review.opendev.org/c/starlingx/config/+/862498
Signed-off-by: Enzo Candotti <enzo.candotti@windriver.com>
Change-Id: I2b35139f8775141e39f97a5a6037c5de2b4d5d76
The CLI error messages for users with reader role were not clear to the
operator and this change fixes this.
Test Plan:
PASS: In an AIO-SX with this change present, create a new openstack user
with reader role and through this user execute the commands:
fm alarm-list
fm alarm-delete <uuid>
fm event-suppress --alarm_id <alarm_id>
and check that the "alarm-list" command is executed without errors and
that the error message of the other commands changes from:
"HTTP Client Error (HTTP 403) (Request-ID: req-<req_id>)"
to:
"Error: Forbidden."
Story: 2010149
Task: 46620
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I45007a7f5319ef0a0238a07d671a859b5081660a
When compute services remain healthy:
- listing alarms shall not refer to the below Obsoleted alarm
- 200.012 alarm hostname controller function has an in-service failure
This update deletes definition of the obsoleted alarm and any references
200.012 is removed in events.yaml file
Also updated any reference to this alarm definition.
Need to also raise a Bug to track the Doc change.
Test Plan:
Verify on a Standard configuration no alarms are listed for hostname
controller in-service failure
Code (removal) changes exercised with fix prior to ansible bootstrap
and host-unlock and verify no unexpected alarms
Regression:
There is no need to test the alarm referred here as they are obsolete
Closes-Bug: 1991531
Signed-off-by: Girish Subramanya <girish.subramanya@windriver.com>
Change-Id: I255af68155c5392ea42244b931516f742fa838c3
The fmClientCli binary can create and delete alarms freely on the
system, so the access to this binary should be restricted to Linux admin
users.
Test Plan:
PASS: Deploy an AIO-SX using a Debian image containing this change and
check that the permissions for file "/usr/local/bin/fmClientCli" is
"-rwxr-x---" and the owner:group is root:root.
PASS: Repeat the test above using a CentOS image.
Closes-Bug: 1991118
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I0375ddc68ae1b5967447a326780272f77695793a
Remove the fm-rest-api preset file since it will
be managed centrally going forward and not on per-package basis.
Test Plan
Build Package
Build ISO
Install ISO
Check for non-existant
/etc/system/system-preset/fm-reset-api.preset
Story: 2009968
Task: 46406
Depends-On: https://review.opendev.org/c/starlingx/integ/+/853653
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: Ic3ec52bfb985c9e06d654476e6913ab897b67eb2
Removed conf files from /etc/pmon.d/
as they are being moved to another location.
This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.
The change is debian-only, since centos support
will be dropped soon.
Centos' pmon conf files remain in /etc/pmon.d/
Test Plan:
PASS - deb doesn't install anything to /etc/pmon.d/
PASS - AIOSX unlocked-enabled-available
PASS - Standard 2+2 unlocked-enabled-available
Story: 2010211
Task: 46303
Depends-On: https://review.opendev.org/c/starlingx/metal/+/855095
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I6675cb2f567fe5b9b62842d0428e672633078281
This commit adds a new alarm id and definition for subcloud backup.
The alarm will be raised and cleared by dcmanager upon subcloud backup
failure and successful retry respectively.
Test Plan:
- Verify successful tox test and package build
Story: 2010116
Task: 46162
Change-Id: I9a34a827e484bb691c8ce0da63e1a7d26735c289
Signed-off-by: Tee Ngo <Tee.Ngo@windriver.com>
Currently we use the "stx-std.lst" file in tools to add install package.
We are going to use the "debian_iso_image.inc" file to follow CentOS.
We observed some layers already have the debian_iso_image.inc, so first
of all, we need to check if all the packages are available, otherwise,
once supporting "debian_iso_image.inc", "build-image" will fail.
Change the binaries name to align with "stx-std.lst".
Story: 2008846
Task: 46141
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Change-Id: If8a7848fcdb69ece17bf4db5a0812b8302457c53
This commit implements the access control for all FM APIs. An incomplete
list of FM APIs can be found at
"https://docs.starlingx.io/api-ref/fault/api-ref-fm-v1-fault.html". Unit
tests will be created in other task.
All access control rules can be overwritten through file
"/etc/fm/policy.yaml". Any change in file "/etc/fm/policy.yaml" is
automatically detected by policy engine and the rules are updated.
Differently from other APIs, which have as default rule to enforce that
all users using the API are present in either project "admin" or
"services", all read-only actions (GET requests) of FM API are allowed
for any user, so it only requires "reader" role (that is the lowest
role). Other actions require the user to have "admin" role and to be
present in either project "admin" or "services".
As all system users of StarlingX have "admin" role and are present in
either project "admin" or "services", the default rules for FM API
allows any system users to execute any action, so there should be no
regression with the change introduced here.
To test the access control of FM API, the following commands will be
used:
fm alarm-list
fm alarm-show <uuid>
fm alarm-summary
fm alarm-delete <uuid>
fm event-list
fm event-show <uuid>
fm event-suppress --alarm_id <alarm_id>
fm event-suppress-list
fm event-unsuppress --alarm_id <alarm_id>
fm event-unsuppress-all
On test plan, these commands will be reffered as "test commands".
Note: there is one FM API that is not tested by the commands above,
that is the creation of alarms ("fm_api:alarm:create"). This API will
be tested indirectly by observing the system successfully creating
alarms in the deployed environment.
Test Plan:
PASS: Successfully deploy an AIO-SX using an Debian image with this
commit present. Successfully create, through openstack CLI, the users:
'testreader' with role 'reader' in project 'admin',
'adminsvc' with role 'admin' in project 'services' and
'otheradmin' with role 'admin' in project 'notadminproject'.
Create openrc files for all new users. Note: the other user that will be
used is the already existing 'admin' with role 'admin' in project
'admin'.
PASS: In the deployed AIO-SX, check the behavior of test commands
through different users: for "admin" and "adminsvc" users, all commands
are successful; for users "testreader" and "otheradmin", only the
commands "alarm-delete", "event-suppress", "event-unsuppress" and
"event-unsuppress-all" fail. Observe also that the system is able to
create alarms during its operation.
PASS: In the deployed AIO-SX, add the following lines in file
"/etc/fm/policy.yaml":
fm_api:alarm:create: role:admin
fm_api:alarm:delete: role:admin
fm_api:alarm:get: role:admin
fm_api:alarm:modify: role:admin
fm_api:event_log:get: role:admin
fm_api:event_suppression:get: role:admin
fm_api:event_suppression:modify: role:admin
and check that all test commands are successful through user
"otheradmin" and that all test commands fail through user "testreader".
Observe also that the system is able to create alarms during its
operation.
PASS: In the deployed AIO-SX, to assert that public API works without
authentication, execute the commands:
"curl -v http://<MGMT_IP>:18002/" and
"curl -v http://<MGMT_IP>:18002/v1/" and
verify that they are accepted and that the HTTP response is 200,
and execute the commands:
"curl -v http://<MGMT_IP>:18002/v1/alarms" and
"curl -v http://<MGMT_IP>:18002/v1/event_log" and
verify that they are rejected and that the HTTP response is 401.
PASS: In the deployed AIO-SX, check through Horizon interface that Fault
Management works correctly (showing alarms and events, allowing events
to be suppressed).
PASS: Repeat all tests above changing the deploy to AIO-DX using an
CentOS image.
Story: 2010149
Task: 46123
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I3db6d0464d8d53c4dfbc761663be1712141b8b93
Created a duplicate install of /etc/pmon.d/*.conf files
to /usr/share/starlingx/pmon.d/
This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.
Test Plan:
PASS: duplicate conf on deb
Story: 2010211
Task: 46110
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I7c66c4806024e8d6bb54609bab8f05b0b6f1d5df
The following alarms need to be clearer for users.
Some information was gathered in order to improve the
'description' and 'Proposed repair action' fields.
500.200
500.210
750.002
900.002
900.003
900.004
900.009
900.103
900.203
900.303
900.503
Test plan:
Build and install Debian package.
Story: 2010143
Task: 45785
Signed-off-by: Agustin Carranza <agustin.carranza@windriver.com>
Change-Id: I55f81ffa4159284b730e2572e76dfd9867b348d5
This reverts commit baead557fb.
Reason for revert: Change breaks the build. 270.001 alarm has to remain defined because it is still being referenced.
Change-Id: I136928c90634e05e3026dddc9443cc2c59203320
The following alarms need to be clearer for users. Some information
was gathered in order to improve the 'description' and 'Proposed
repair action' fields.
Alarm that has been deprecated:
270.001
The list of alarms that were modified is the following:
500.210
500.200
750.002
750.006
800.003
800.102
900.002
900.003
900.004
900.009
900.103
900.203
900.303
900.503
Test plan:
There is no need to test the alarms affected by the changes.
Story: 2010143
Task: 45785
Signed-off-by: Agustin Carranza <agustin.carranza@windriver.com>
Change-Id: I57b86548a36da66119cb04779ce1f9147254316c
800.102 alarm is not necessary anymore so it must be removed.
Test Plan: No test needed
Story: 2010104
Task: 45668
Signed-off-by: Gabriel de Araújo Cabral <gabriel.cabral@windriver.com>
Change-Id: I6f47dadb28c78781e95f479739a4a846df8431fc
The 900.002 and 900.003 alarm IDs were reversed.
Now corrected to be what the constants and code
are generating.
- 900.002 is Patch host install failure
- 900.003 is Obsolete patch in system
Story: 2009969
Task: 45582
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: I0d13cfce39de15b34265012d1e26fd7fedcee81d
FM sends alarm information for SNMP trap but it is lacking
Alarm UUID, which needs to identify the alarm.
This fix is adding uuid for all type of trap information.
Closes-bug: 1971626
TEST PLAN:
PASS: Confirm UUID is included in trap information
in log /var/log/fm-manager.log.
[Trap type]
- wrsAlarmCritical
- wrsAlarmMajor
- wrsAlarmMinor
- wrsAlarmWarning
- wrsAlarmMessage
- wrsAlarmClear
- wrsAlarmHierarchicalClear
Signed-off-by: Takamasa Takenaka <takamasa.takenaka@windriver.com>
Change-Id: I3e2b7e4a6a07876ff08e6a13d46d50285465a6b2
Keep the same binary location as on CentOS.
An fm component was updated to produce binaries to correct location,
but fm-common component was missed. Alarms could not be raised by sm.
Tests:
PASS: bootstrap
PASS: unlock
PASS: alarms are raised by sm
Story: 2009101
Task: 44321
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I56eb2a5cd69c643d477fba20a7344cd51be5444d
This work is part of Debian integration effort.
This fixes issues seen during bootstrap.
This work unifies and enhances:
https://review.opendev.org/c/starlingx/fault/+/833935https://review.opendev.org/c/starlingx/fault/+/834950
Package binary to correct location.
Fix configuration file ownership.
Let debhelper install the services. Add systemd preset.
Tests on Debian:
PASS: build-pkgs && build-image
PASS: install iso && check the 2 services
PASS: bootstrap with fm workarounds
PASS: unlock
Depends-On: https://review.opendev.org/c/starlingx/fault/+/836660
Story: 2009101
Task: 44321
Co-authored-by: Chuck Short <charles.short@windriver.com>
Co-authored-by: aoliveir <adriano.oliveira@windriver.com>
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I7d460bb7a3ffba429fce42e6dab72fc88e2bc885
Move service installation out of the Makefile.
This will let Debian build system control the service installation.
Test on CentOS:
PASS: build-pkgs && build-iso
PASS: install iso & fminit service exists
PASS: bootstrap & unlock
Story: 2009101
Task: 44321
Change-Id: I244c078b19fb0817fcd9ac3c2b026a32024dd1c9
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
From https://docs.python.org/3/whatsnew/3.8.html#changes-in-python-behavior:
The compiler now produces a SyntaxWarning when identity
checks (is and is not) are used with certain types of
literals (e.g. strings, numbers). These can often work
by accident in CPython, but are not guaranteed by the
language spec. The warning advises users to use
equality tests (== and !=) instead.
Test Plan:
PASS Apply patch test the output of fm alarm-list on Debian 11.
PASS Apply patch test the output of fm alarm-list on Centos 7.
Closes-Bug: 1960958
Signed-off-by: Chuck Short <charles.short@windriver.com>
Change-Id: I12c43f336a449876fab8592e34eace674518d0da
Here is added a hook to the WSGI compliant Pecan server that receives
the Fault Management API requests. This hook logs the needed request
data to "/var/log/fm-api.log". All requests are logged except the
ones of "GET" type.
The code is a port from the same hook that exists in
"starlingx/config" repository, also called "AuditLogging".
Note: there are no "POST" or "PUT" requests available in Fault
Management API v1.
Test Plan:
PASS: Successfully deploy an AIO-SX and verify that the logs of
"fm-api" service are present in file "/var/log/fm-api.log".
PASS: In the deployed AIO-SX, execute command "fm alarm-list" and
check that no GET requests was logged in "fm-api.log".
PASS: In the deployed AIO-SX, execute command "fm alarm-delete 1111"
and check that a "DELETE /v1/alarms/1111" request was logged in
"fm-api.log" with status "404".
PASS: In the deployed AIO-SX, execute command
"fm event-suppress --alarm_id <alarm_id>" and check that a
"PATCH /v1/event_suppression/<uuid>" request was logged in
"fm-api.log" with status "200".
PASS: Successfully build all packages of this repository as Debian
packages: fm-api, fm-common, fm-doc, fm-mgr, fm-rest-api and
python-fmclient.
Story: 2009824
Task: 44468
Depends-On: https://review.opendev.org/c/starlingx/config-files/+/828200
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I25bf662ed9e792b30ae1f90329bd35b918f0a5f7
This commit updates the description and entity instance for the
PTP alarm for SyncE.
Story: 2009130
Task: 44497
Change-Id: Iefae1e75003ff2a45501e45d850f9556256d580f
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
This reverts commit 1bb9c1542c.
Reason for revert: Error on build-image, fm-mgr fails on preinst. Symlink: "File exists"
Change-Id: I235ef93446071a7a2f051489f7462f3fb454a20c
Constant FM_ALARM_ID_STORAGE_CEPH_FREE_SPACE was being used only in
legacy code by ceph-manager. The code was updated to remove this
unused constant and its respective alarm.
Test plan:
PASS: Verify that no alarms are raised related to quotas.
PASS: Confirm that no quota messages are present in the logs.
Depends-On: https://review.opendev.org/c/starlingx/config/+/827545
Depends-On: https://review.opendev.org/c/starlingx/utilities/+/820933
Closes-Bug: 1959894
Signed-off-by: Daian Cardoso Sganderlla <Daian.CardosoSganderlla@windriver.com>
Change-Id: I606d0e6dca102189a26c8cd4d587a1e772e610f0
Fixes:
- Daemon location on Debian.
- Created a new .service for fm-api with the path for the service.
- Removed fminit.service install from Makefile to spec, in order to override
it on debian using deb_helper.
- Fm-api is now installed with deb_helper.
- Updated fm.conf permissions
Test Plan:
PASS: Package installed and ISO built successfully
PASS: Services are running after bootstrap configure restarts them
PASS: CentOS fm-mgr package is built and installed successfully
Story: 2009101
Task: 44321
Depends-on: https://review.opendev.org/c/starlingx/fault/+/819665
Depends-on: https://review.opendev.org/c/starlingx/integ/+/826935
Co-authored-by: Daniel Stevens <DanielStevens.TorresCardenas@windriver.com>
Signed-off-by: Iago Regiani <Iago.RodriguezRegiani@windriver.com>
Change-Id: Idb10b01da6307fc964f9dc3baf9365f70f34c803
Test plan:
PASS: Built packages
PASS: Built iso with the packages
PASS: Load iso in virtualbox and install controler 0
PASS: Bootstrap with workaround
Story: 2009101
Task: 44088
Signed-off-by: Andrei Suciu <andrei.suciu@windriver.com>
Change-Id: Ic7f02c1e10fe2b9257f00ab9a8df55b5090df862
Recently, LOCI changed its default so images are python3 if nothing is
specified at the *docker_image files. With the recent upversion of LOCI
in the build tools [1], we need to explictly set PYTHON3=no to images
that are still using python2. This commit fixes the StarlingX images to
use this parameter
TEST PLAN
PASS build the stx-fm-rest-api image on the stable branch
[1] 00bd632a68
Closes-Bug: #1958696
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Icc80f5ca3f2031537e45ab8ff35420250522cb34
current fmclient does not support --insecure parameter
and this cause that fm command doesn't work when
endpoint is configured with private signed certificates.
Closes-Bug: 1958262
Test Plan:
PASS: configure endpoint with private signed certificates
and run rm command with --insecure to get the alarm-list.
PASS: set FMCLIENT_INSECURE=true environment variable and
run fm alarm-list.
Signed-off-by: Giana Francisco <francisco.giana@windriver.com>
Change-Id: I2c2a33d24fb544147bd02fda2e0a89eafd48c818
Add debian packaging infrastructure for fm-doc to build
a debian package.
Test Plan:
PASS: Package installed and ISO built successfully
Story: 2009101
Task: 44088
Signed-off-by: Ramon Gazoni Lacerda <Ramon.GazoniLacerda@windriver.com>
Change-Id: If98aa5c561012e31ab67589e7d62486c58be8e4c
This commit complements the previous commit with
same topic:
https://review.opendev.org/c/starlingx/fault/+/815381
This particular commit improves the log inside the
python script, considering others possible fails.
Also, some verifications are added in fmDbUtils class
wich calls the script.
Test Plan:
Log in (/var/log/platform.log):
PASS: Log arguments error calling script.
PASS: Log new database connection problems.
PASS: Log Session commit problems.
PASS: Log problems opening "/etc/fm/events.yaml" file.
Log (in /var/log/fm-manager.log):
PASS: Log Problems opening fm_db_sync_event_suppression.py file.
PASS: Log problems running fm_db_sync_event_suppression.py.
PASS: build and install package.
Closes-bug: 1932324
Signed-off-by: fperez <fabrizio.perez@windriver.com>
Change-Id: I913d6d1282bea346f87f73179f0738c0c17d7446
Add a new alarm for open FD approaching limit (major) or
limit is reached (critical).
Partial-bug: 1952126
Change-Id: Ifaece0e1d7a335f980cfebc3a591a90edbc35742
Signed-off-by: Bin Qian <bin.qian@windriver.com>
Zuul