Commit Graph

366 Commits (ea4d279e4bfe2dc9bef27fa609aa7c5dd13b4bf8)

Author SHA1 Message Date
Zuul ea4d279e4b Merge "Debian: fault: update" 6 months ago
Al Bailey cf658fba98 Fix openstack-tox jobs for fault repo
The Zuul upper-constraints env variable declaration needed
to be added to tox.ini otherwise an older constraints
was being used which does not work with newer
versions of python.

Partial-Bug: #1997255

Signed-off-by: Al Bailey <>
Change-Id: Ie912dc7ae3f9f1639311f0c1f5cf62070f44909d
7 months ago
Yue Tao a5b3d12469 Debian: fault: update
Move the packages of "fault" from stx-std.lst to

Test Plan:

Pass: build-pkgs -c -a
Pass: build-image
Pass: boot

Story: 2008862
Task: 46841

Signed-off-by: Yue Tao <>
Change-Id: Ic58349d7b1adce50fb28c6c843967da8c908dd02
7 months ago
Agustin Carranza d161fe5922 Extend events.yaml schema with usage context field
The events.yaml file contains every alarm and log used by platform and
openstack. There is no way to know which one relates to one or
the other.
In order to know that, it is required an additional field as part of
each record to differential between platform and openstack.

Story: 2010143
Task: 46723

Test plan
PASS: Build the fm-api and fm-doc packages.
      Install fm-api first and then fm-doc.
      No errors are found during build and installation process.

Signed-off-by: Agustin Carranza <>
Change-Id: I8598afc77d27d107c4f9a108dd46b2ebc79b30a1
7 months ago
Zuul 8596fc8fc5 Merge "Add stx-fm-rest-api loci image" 7 months ago
Enzo Candotti cd0f5c38c2 Add stx-fm-rest-api loci image
This change reorganizes the source directories of the stx-fm-rest-api
container to be reused by both CentOS and Debian Dockerfiles in order
to build the images having the corresponding OS-specic base.

As part of this, the fm-api, fm-rest-api, fm-common and
python-fmclient packages have been ported in order to generate deb
files that contain .whl.

Test plan:
PASS: Build debian iso and perform fresh install. Verify fm commands are
working as expected.
PASS: Build python3 wheels tarball on Debian. Verify fm, fm_api, fm_core
and fmclient .whl files are added.
PASS: Build Debian-based container and push it to a public registry.
Apply openstack application and update the fm-rest-api url to pull
this new image. Verify that:
    - pods are up and running with the new image/tag specified.
    - the container is running on Debian.
    - from inside the container, fm querys are working as expected.

Story: 2009831
Task: 46634


Signed-off-by: Enzo Candotti <>
Change-Id: I2b35139f8775141e39f97a5a6037c5de2b4d5d76
7 months ago
Joao Victor Portal 277c64bed7 Fix FM error messages for forbidden requests
The CLI error messages for users with reader role were not clear to the
operator and this change fixes this.

Test Plan:

PASS: In an AIO-SX with this change present, create a new openstack user
with reader role and through this user execute the commands:
fm alarm-list
fm alarm-delete <uuid>
fm event-suppress --alarm_id <alarm_id>
and check that the "alarm-list" command is executed without errors and
that the error message of the other commands changes from:
"HTTP Client Error (HTTP 403) (Request-ID: req-<req_id>)"
"Error: Forbidden."

Story: 2010149
Task: 46620

Signed-off-by: Joao Victor Portal <>
Change-Id: I45007a7f5319ef0a0238a07d671a859b5081660a
8 months ago
Zuul 8a07de3ea1 Merge "Alarm Hostname controller function has in-service failure reported" 8 months ago
Girish Subramanya efa09aa3db Alarm Hostname controller function has in-service failure reported
When compute services remain healthy:
 - listing alarms shall not refer to the below Obsoleted alarm
 - 200.012 alarm hostname controller function has an in-service failure

This update deletes definition of the obsoleted alarm and any references
200.012 is removed in events.yaml file
Also updated any reference to this alarm definition.
Need to also raise a Bug to track the Doc change.

Test Plan:

Verify on a Standard configuration no alarms are listed for hostname
controller in-service failure
Code (removal) changes exercised with fix prior to ansible bootstrap
and host-unlock and verify no unexpected alarms

There is no need to test the alarm referred here as they are obsolete

Closes-Bug: 1991531

Signed-off-by: Girish Subramanya <>

Change-Id: I255af68155c5392ea42244b931516f742fa838c3
8 months ago
Zuul e28e068018 Merge "Restrict fmClientCli binary permissions" 8 months ago
Zuul f6330794d9 Merge "Debian: Remove conf files from etc-pmon.d" 8 months ago
Zuul 5815cce15c Merge "debian: Remove preset file for fm-rest-api" 8 months ago
Joao Victor Portal 74d56e72a0 Restrict fmClientCli binary permissions
The fmClientCli binary can create and delete alarms freely on the
system, so the access to this binary should be restricted to Linux admin

Test Plan:

PASS: Deploy an AIO-SX using a Debian image containing this change and
check that the permissions for file "/usr/local/bin/fmClientCli" is
"-rwxr-x---" and the owner:group is root:root.
PASS: Repeat the test above using a CentOS image.

Closes-Bug: 1991118
Signed-off-by: Joao Victor Portal <>
Change-Id: I0375ddc68ae1b5967447a326780272f77695793a
8 months ago
Charles Short 9cd969eb25 debian: Remove preset file for fm-rest-api
Remove the fm-rest-api preset file since it will
be managed centrally going forward and not on per-package basis.

Test Plan
Build Package
Build ISO
Install ISO
Check for non-existant

Story: 2009968
Task: 46406


Signed-off-by: Charles Short <>
Change-Id: Ic3ec52bfb985c9e06d654476e6913ab897b67eb2
8 months ago
Leonardo Fagundes Luz Serrano a97fd5fc96 Debian: Remove conf files from etc-pmon.d
Removed conf files from /etc/pmon.d/
as they are being moved to another location.

This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.

The change is debian-only, since centos support
will be dropped soon.
Centos' pmon conf files remain in /etc/pmon.d/

Test Plan:
PASS - deb doesn't install anything to /etc/pmon.d/
PASS - AIOSX unlocked-enabled-available
PASS - Standard 2+2 unlocked-enabled-available

Story: 2010211
Task: 46303


Signed-off-by: Leonardo Fagundes Luz Serrano <>
Change-Id: I6675cb2f567fe5b9b62842d0428e672633078281
8 months ago
Tee Ngo 80d6819635 Add alarm id, definition for subcloud backup
This commit adds a new alarm id and definition for subcloud backup.
The alarm will be raised and cleared by dcmanager upon subcloud backup
failure and successful retry respectively.

Test Plan:
 - Verify successful tox test and package build

Story: 2010116
Task: 46162
Change-Id: I9a34a827e484bb691c8ce0da63e1a7d26735c289
Signed-off-by: Tee Ngo <>
9 months ago
Zuul e78a7eeb53 Merge " correct the wrong binaries name" 9 months ago
Zuul 7510ab5e4c Merge "Duplicate pmon.d conf files to another location" 9 months ago
Yue Tao f728e445cc correct the wrong binaries name
Currently we use the "stx-std.lst" file in tools to add install package.
We are going to use the "" file to follow CentOS.

We observed some layers already have the, so first
of all, we need to check if all the packages are available, otherwise,
once supporting "", "build-image" will fail.

Change the binaries name to align with "stx-std.lst".

Story: 2008846
Task: 46141

Signed-off-by: Yue Tao <>
Change-Id: If8a7848fcdb69ece17bf4db5a0812b8302457c53
9 months ago
Joao Victor Portal 99eba3afb8 Implement access control for FM API
This commit implements the access control for all FM APIs. An incomplete
list of FM APIs can be found at
"". Unit
tests will be created in other task.

All access control rules can be overwritten through file
"/etc/fm/policy.yaml". Any change in file "/etc/fm/policy.yaml" is
automatically detected by policy engine and the rules are updated.

Differently from other APIs, which have as default rule to enforce that
all users using the API are present in either project "admin" or
"services", all read-only actions (GET requests) of FM API are allowed
for any user, so it only requires "reader" role (that is the lowest
role). Other actions require the user to have "admin" role and to be
present in either project "admin" or "services".

As all system users of StarlingX have "admin" role and are present in
either project "admin" or "services", the default rules for FM API
allows any system users to execute any action, so there should be no
regression with the change introduced here.

To test the access control of FM API, the following commands will be
fm alarm-list
fm alarm-show <uuid>
fm alarm-summary
fm alarm-delete <uuid>
fm event-list
fm event-show <uuid>
fm event-suppress --alarm_id <alarm_id>
fm event-suppress-list
fm event-unsuppress --alarm_id <alarm_id>
fm event-unsuppress-all
On test plan, these commands will be reffered as "test commands".

Note: there is one FM API that is not tested by the commands above,
that is the creation of alarms ("fm_api:alarm:create"). This API will
be tested indirectly by observing the system successfully creating
alarms in the deployed environment.

Test Plan:

PASS: Successfully deploy an AIO-SX using an Debian image with this
commit present. Successfully create, through openstack CLI, the users:
'testreader' with role 'reader' in project 'admin',
'adminsvc' with role 'admin' in project 'services' and
'otheradmin' with role 'admin' in project 'notadminproject'.
Create openrc files for all new users. Note: the other user that will be
used is the already existing 'admin' with role 'admin' in project
PASS: In the deployed AIO-SX, check the behavior of test commands
through different users: for "admin" and "adminsvc" users, all commands
are successful; for users "testreader" and "otheradmin", only the
commands "alarm-delete", "event-suppress", "event-unsuppress" and
"event-unsuppress-all" fail. Observe also that the system is able to
create alarms during its operation.
PASS: In the deployed AIO-SX, add the following lines in file
fm_api:alarm:create: role:admin
fm_api:alarm:delete: role:admin
fm_api:alarm:get: role:admin
fm_api:alarm:modify: role:admin
fm_api:event_log:get: role:admin
fm_api:event_suppression:get: role:admin
fm_api:event_suppression:modify: role:admin
and check that all test commands are successful through user
"otheradmin" and that all test commands fail through user "testreader".
Observe also that the system is able to create alarms during its
PASS: In the deployed AIO-SX, to assert that public API works without
authentication, execute the commands:
"curl -v http://<MGMT_IP>:18002/" and
"curl -v http://<MGMT_IP>:18002/v1/" and
verify that they are accepted and that the HTTP response is 200,
and execute the commands:
"curl -v http://<MGMT_IP>:18002/v1/alarms" and
"curl -v http://<MGMT_IP>:18002/v1/event_log" and
verify that they are rejected and that the HTTP response is 401.
PASS: In the deployed AIO-SX, check through Horizon interface that Fault
Management works correctly (showing alarms and events, allowing events
to be suppressed).
PASS: Repeat all tests above changing the deploy to AIO-DX using an
CentOS image.

Story: 2010149
Task: 46123

Signed-off-by: Joao Victor Portal <>
Change-Id: I3db6d0464d8d53c4dfbc761663be1712141b8b93
9 months ago
Leonardo Fagundes Luz Serrano 3f45c9ad7b Duplicate pmon.d conf files to another location
Created a duplicate install of /etc/pmon.d/*.conf files
to /usr/share/starlingx/pmon.d/

This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.

Test Plan:
PASS: duplicate conf on deb

Story: 2010211
Task: 46110

Signed-off-by: Leonardo Fagundes Luz Serrano <>
Change-Id: I7c66c4806024e8d6bb54609bab8f05b0b6f1d5df
9 months ago
Agustin Carranza 571b0665ae Update events.yaml for specific alarms
The following alarms need to be clearer for users.
Some information was gathered in order to improve the
'description' and 'Proposed repair action' fields.


Test plan:
Build and install Debian package.

Story: 2010143
Task: 45785

Signed-off-by: Agustin Carranza <>
Change-Id: I55f81ffa4159284b730e2572e76dfd9867b348d5
10 months ago
Agustin Carranza 6ed32029db Revert "Update events.yaml for specific alarms"
This reverts commit baead557fb.

Reason for revert: Change breaks the build. 270.001 alarm has to remain defined because it is still being referenced.

Change-Id: I136928c90634e05e3026dddc9443cc2c59203320
10 months ago
Agustin Carranza baead557fb Update events.yaml for specific alarms
The following alarms need to be clearer for users. Some information
was gathered in order to improve the 'description' and 'Proposed
repair action' fields.

Alarm that has been deprecated:

The list of alarms that were modified is the following:

Test plan:
There is no need to test the alarms affected by the changes.

Story: 2010143
Task: 45785

Signed-off-by: Agustin Carranza <>
Change-Id: I57b86548a36da66119cb04779ce1f9147254316c
10 months ago
Gabriel de Araújo Cabral 71cef583e7 Removing alarm 800.102
800.102 alarm is not necessary anymore so it must be removed.

Test Plan: No test needed

Story: 2010104
Task: 45668

Signed-off-by: Gabriel de Araújo Cabral <>
Change-Id: I6f47dadb28c78781e95f479739a4a846df8431fc
12 months ago
Al Bailey 0b0d33fd72 Correct alarm IDs in the events.yaml for patching
The 900.002 and 900.003 alarm IDs were reversed.

Now corrected to be what the constants and code
are generating.

 - 900.002 is Patch host install failure
 - 900.003 is Obsolete patch in system

Story: 2009969
Task: 45582
Signed-off-by: Al Bailey <>
Change-Id: I0d13cfce39de15b34265012d1e26fd7fedcee81d
1 year ago
Takamasa Takenaka ad1d95fdf5 Add UUID in SNMP trap
FM sends alarm information for SNMP trap but it is lacking
Alarm UUID, which needs to identify the alarm.
This fix is adding uuid for all type of trap information.

Closes-bug: 1971626

PASS: Confirm UUID is included in trap information
      in log /var/log/fm-manager.log.
      [Trap type]
      - wrsAlarmCritical
      - wrsAlarmMajor
      - wrsAlarmMinor
      - wrsAlarmWarning
      - wrsAlarmMessage
      - wrsAlarmClear
      - wrsAlarmHierarchicalClear

Signed-off-by: Takamasa Takenaka <>
Change-Id: I3e2b7e4a6a07876ff08e6a13d46d50285465a6b2
1 year ago
Dan Voiculeasa 4a55539a8b debian: Fix fm-common binaries location
Keep the same binary location as on CentOS.
An fm component was updated to produce binaries to correct location,
but fm-common component was missed. Alarms could not be raised by sm.

PASS: bootstrap
PASS: unlock
PASS: alarms are raised by sm

Story: 2009101
Task: 44321
Signed-off-by: Dan Voiculeasa <>
Change-Id: I56eb2a5cd69c643d477fba20a7344cd51be5444d
1 year ago
Dan Voiculeasa 4df485a754 debian: Fix fm bootstrap
This work is part of Debian integration effort.
This fixes issues seen during bootstrap.
This work unifies and enhances:

Package binary to correct location.
Fix configuration file ownership.
Let debhelper install the services. Add systemd preset.

Tests on Debian:
PASS: build-pkgs && build-image
PASS: install iso && check the 2 services
PASS: bootstrap with fm workarounds
PASS: unlock

Story: 2009101
Task: 44321
Co-authored-by: Chuck Short <>
Co-authored-by: aoliveir <>
Signed-off-by: Dan Voiculeasa <>
Change-Id: I7d460bb7a3ffba429fce42e6dab72fc88e2bc885
1 year ago
Dan Voiculeasa be2ceec7a9 Rework fm-mgr Makefile and spec
Move service installation out of the Makefile.
This will let Debian build system control the service installation.

Test on CentOS:
PASS: build-pkgs && build-iso
PASS: install iso & fminit service exists
PASS: bootstrap & unlock

Story: 2009101
Task: 44321
Change-Id: I244c078b19fb0817fcd9ac3c2b026a32024dd1c9
Signed-off-by: Dan Voiculeasa <>
1 year ago
Chuck Short 30e9761ede debian: Fix python3 syntax warning

The compiler now produces a SyntaxWarning when identity
checks (is and is not) are used with certain types of
literals (e.g. strings, numbers). These can often work
by accident in CPython, but are not guaranteed by the
language spec. The warning advises users to use
equality tests (== and !=) instead.

Test Plan:
PASS Apply patch test the output of fm alarm-list on Debian 11.
PASS Apply patch test the output of fm alarm-list on Centos 7.

Closes-Bug: 1960958

Signed-off-by: Chuck Short <>
Change-Id: I12c43f336a449876fab8592e34eace674518d0da
1 year ago
Zuul cb34d876a8 Merge "Fault Management API request audit logging" 1 year ago
Zuul f1c3e852cb Merge "Remove unused constant" 1 year ago
Joao Victor Portal 7fd26e0d15 Fault Management API request audit logging
Here is added a hook to the WSGI compliant Pecan server that receives
the Fault Management API requests. This hook logs the needed request
data to "/var/log/fm-api.log". All requests are logged except the
ones of "GET" type.

The code is a port from the same hook that exists in
"starlingx/config" repository, also called "AuditLogging".

Note: there are no "POST" or "PUT" requests available in Fault
Management API v1.

Test Plan:

PASS: Successfully deploy an AIO-SX and verify that the logs of
"fm-api" service are present in file "/var/log/fm-api.log".
PASS: In the deployed AIO-SX, execute command "fm alarm-list" and
check that no GET requests was logged in "fm-api.log".
PASS: In the deployed AIO-SX, execute command "fm alarm-delete 1111"
and check that a "DELETE /v1/alarms/1111" request was logged in
"fm-api.log" with status "404".
PASS: In the deployed AIO-SX, execute command
"fm event-suppress --alarm_id <alarm_id>" and check that a
"PATCH /v1/event_suppression/<uuid>" request was logged in
"fm-api.log" with status "200".
PASS: Successfully build all packages of this repository as Debian
packages: fm-api, fm-common, fm-doc, fm-mgr, fm-rest-api and

Story: 2009824
Task: 44468

Signed-off-by: Joao Victor Portal <>
Change-Id: I25bf662ed9e792b30ae1f90329bd35b918f0a5f7
1 year ago
Zuul 19761c2f39 Merge "[PTP SyncE] Update PTP alarm description" 1 year ago
Teresa Ho 6aeafb674d [PTP SyncE] Update PTP alarm description
This commit updates the description and entity instance for the
PTP alarm for SyncE.

Story: 2009130
Task: 44497

Change-Id: Iefae1e75003ff2a45501e45d850f9556256d580f
Signed-off-by: Teresa Ho <>
1 year ago
Zuul a6ff3c3bfd Merge "Revert "Fix failing FM services on Debian"" 1 year ago
Iago Rodriguez Regiani 3074e4e4c7 Revert "Fix failing FM services on Debian"
This reverts commit 1bb9c1542c.

Reason for revert: Error on build-image, fm-mgr fails on preinst. Symlink: "File exists"

Change-Id: I235ef93446071a7a2f051489f7462f3fb454a20c
1 year ago
Zuul 395574b5fd Merge "Fix failing FM services on Debian" 1 year ago
Vinicius Lopes da Silva 45653becf4 Remove unused constant
Constant FM_ALARM_ID_STORAGE_CEPH_FREE_SPACE was being used only in
legacy code by ceph-manager. The code was updated to remove this
unused constant and its respective alarm.

Test plan:
    PASS: Verify that no alarms are raised related to quotas.
    PASS: Confirm that no quota messages are present in the logs.


Closes-Bug: 1959894
Signed-off-by: Daian Cardoso Sganderlla <>

Change-Id: I606d0e6dca102189a26c8cd4d587a1e772e610f0
1 year ago
Iago Regiani 1bb9c1542c Fix failing FM services on Debian
- Daemon location on Debian.
- Created a new .service for fm-api with the path for the service.
- Removed fminit.service install from Makefile to spec, in order to override
it on debian using deb_helper.
- Fm-api is now installed with deb_helper.
- Updated fm.conf permissions

Test Plan:

PASS: Package installed and ISO built successfully
PASS: Services are running after bootstrap configure restarts them
PASS: CentOS fm-mgr package is built and installed successfully

Story: 2009101
Task: 44321

Co-authored-by: Daniel Stevens <>
Signed-off-by: Iago Regiani <>
Change-Id: Idb10b01da6307fc964f9dc3baf9365f70f34c803
1 year ago
Andrei Suciu 6d30db1e0e Update debian-pkg-dirs with fm-doc library
Test plan:

PASS: Built packages
PASS: Built iso with the packages
PASS: Load iso in virtualbox and install controler 0
PASS: Bootstrap with workaround

Story: 2009101
Task: 44088
Signed-off-by: Andrei Suciu <>

Change-Id: Ic7f02c1e10fe2b9257f00ab9a8df55b5090df862
1 year ago
Zuul 57961f2ec9 Merge "Setting PYTHON3=no for LOCI images" 1 year ago
Zuul 495c5f861c Merge "Add debian package for fm-doc" 1 year ago
Thiago Brito e0fba90bdf Setting PYTHON3=no for LOCI images
Recently, LOCI changed its default so images are python3 if nothing is
specified at the *docker_image files. With the recent upversion of LOCI
in the build tools [1], we need to explictly set PYTHON3=no to images
that are still using python2. This commit fixes the StarlingX images to
use this parameter

PASS build the stx-fm-rest-api image on the stable branch

[1] 00bd632a68

Closes-Bug: #1958696

Signed-off-by: Thiago Brito <>
Change-Id: Icc80f5ca3f2031537e45ab8ff35420250522cb34
1 year ago
Giana Francisco f0b7677999 Add support to --insecure parameter in fmclient
current fmclient does not support --insecure parameter
and this cause that fm command doesn't work when
endpoint is configured with private signed certificates.

Closes-Bug: 1958262

Test Plan:

PASS: configure endpoint with private signed certificates
and run rm command with --insecure to get the alarm-list.
PASS: set FMCLIENT_INSECURE=true environment variable and
run fm alarm-list.

Signed-off-by: Giana Francisco <>
Change-Id: I2c2a33d24fb544147bd02fda2e0a89eafd48c818
1 year ago
Ramon Gazoni Lacerda 707340e521 Add debian package for fm-doc
Add debian packaging infrastructure for fm-doc to build
a debian package.

Test Plan:
PASS: Package installed and ISO built successfully

Story: 2009101
Task: 44088

Signed-off-by: Ramon Gazoni Lacerda <>
Change-Id: If98aa5c561012e31ab67589e7d62486c58be8e4c
1 year ago
fperez e9ba02ab5c Fixing logging for python scripts - FM
This commit complements the previous commit with
same topic:

This particular commit improves the log inside the
python script, considering others possible fails.

Also, some verifications are added in fmDbUtils class
wich calls the script.

Test Plan:

Log in (/var/log/platform.log):
PASS: Log arguments error calling script.
PASS: Log new database connection problems.
PASS: Log Session commit problems.
PASS: Log problems opening "/etc/fm/events.yaml" file.

Log (in /var/log/fm-manager.log):
PASS: Log Problems opening file.
PASS: Log problems running

PASS: build and install package.

Closes-bug: 1932324

Signed-off-by: fperez <>
Change-Id: I913d6d1282bea346f87f73179f0738c0c17d7446
1 year ago
Bin Qian 6105f83a85 Add new alarm for FD limit reached
Add a new alarm for open FD approaching limit (major) or
limit is reached (critical).

Partial-bug: 1952126
Change-Id: Ifaece0e1d7a335f980cfebc3a591a90edbc35742
Signed-off-by: Bin Qian <>
2 years ago
Zuul b04abb5162 Merge "Remove duplicates from debian_pkg_dirs file" 2 years ago