This change reorganizes the source directories of the stx-fm-rest-api
container to be reused by both CentOS and Debian Dockerfiles in order
to build the images having the corresponding OS-specic base.
As part of this, the fm-api, fm-rest-api, fm-common and
python-fmclient packages have been ported in order to generate deb
files that contain .whl.
Test plan:
PASS: Build debian iso and perform fresh install. Verify fm commands are
working as expected.
PASS: Build python3 wheels tarball on Debian. Verify fm, fm_api, fm_core
and fmclient .whl files are added.
PASS: Build Debian-based container and push it to a public registry.
Apply openstack application and update the fm-rest-api url to pull
this new image. Verify that:
- pods are up and running with the new image/tag specified.
- the container is running on Debian.
- from inside the container, fm querys are working as expected.
Story: 2009831
Task: 46634
Depends-On: https://review.opendev.org/c/starlingx/config/+/862498
Signed-off-by: Enzo Candotti <enzo.candotti@windriver.com>
Change-Id: I2b35139f8775141e39f97a5a6037c5de2b4d5d76
Remove the fm-rest-api preset file since it will
be managed centrally going forward and not on per-package basis.
Test Plan
Build Package
Build ISO
Install ISO
Check for non-existant
/etc/system/system-preset/fm-reset-api.preset
Story: 2009968
Task: 46406
Depends-On: https://review.opendev.org/c/starlingx/integ/+/853653
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: Ic3ec52bfb985c9e06d654476e6913ab897b67eb2
Removed conf files from /etc/pmon.d/
as they are being moved to another location.
This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.
The change is debian-only, since centos support
will be dropped soon.
Centos' pmon conf files remain in /etc/pmon.d/
Test Plan:
PASS - deb doesn't install anything to /etc/pmon.d/
PASS - AIOSX unlocked-enabled-available
PASS - Standard 2+2 unlocked-enabled-available
Story: 2010211
Task: 46303
Depends-On: https://review.opendev.org/c/starlingx/metal/+/855095
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I6675cb2f567fe5b9b62842d0428e672633078281
This commit implements the access control for all FM APIs. An incomplete
list of FM APIs can be found at
"https://docs.starlingx.io/api-ref/fault/api-ref-fm-v1-fault.html". Unit
tests will be created in other task.
All access control rules can be overwritten through file
"/etc/fm/policy.yaml". Any change in file "/etc/fm/policy.yaml" is
automatically detected by policy engine and the rules are updated.
Differently from other APIs, which have as default rule to enforce that
all users using the API are present in either project "admin" or
"services", all read-only actions (GET requests) of FM API are allowed
for any user, so it only requires "reader" role (that is the lowest
role). Other actions require the user to have "admin" role and to be
present in either project "admin" or "services".
As all system users of StarlingX have "admin" role and are present in
either project "admin" or "services", the default rules for FM API
allows any system users to execute any action, so there should be no
regression with the change introduced here.
To test the access control of FM API, the following commands will be
used:
fm alarm-list
fm alarm-show <uuid>
fm alarm-summary
fm alarm-delete <uuid>
fm event-list
fm event-show <uuid>
fm event-suppress --alarm_id <alarm_id>
fm event-suppress-list
fm event-unsuppress --alarm_id <alarm_id>
fm event-unsuppress-all
On test plan, these commands will be reffered as "test commands".
Note: there is one FM API that is not tested by the commands above,
that is the creation of alarms ("fm_api:alarm:create"). This API will
be tested indirectly by observing the system successfully creating
alarms in the deployed environment.
Test Plan:
PASS: Successfully deploy an AIO-SX using an Debian image with this
commit present. Successfully create, through openstack CLI, the users:
'testreader' with role 'reader' in project 'admin',
'adminsvc' with role 'admin' in project 'services' and
'otheradmin' with role 'admin' in project 'notadminproject'.
Create openrc files for all new users. Note: the other user that will be
used is the already existing 'admin' with role 'admin' in project
'admin'.
PASS: In the deployed AIO-SX, check the behavior of test commands
through different users: for "admin" and "adminsvc" users, all commands
are successful; for users "testreader" and "otheradmin", only the
commands "alarm-delete", "event-suppress", "event-unsuppress" and
"event-unsuppress-all" fail. Observe also that the system is able to
create alarms during its operation.
PASS: In the deployed AIO-SX, add the following lines in file
"/etc/fm/policy.yaml":
fm_api:alarm:create: role:admin
fm_api:alarm:delete: role:admin
fm_api:alarm:get: role:admin
fm_api:alarm:modify: role:admin
fm_api:event_log:get: role:admin
fm_api:event_suppression:get: role:admin
fm_api:event_suppression:modify: role:admin
and check that all test commands are successful through user
"otheradmin" and that all test commands fail through user "testreader".
Observe also that the system is able to create alarms during its
operation.
PASS: In the deployed AIO-SX, to assert that public API works without
authentication, execute the commands:
"curl -v http://<MGMT_IP>:18002/" and
"curl -v http://<MGMT_IP>:18002/v1/" and
verify that they are accepted and that the HTTP response is 200,
and execute the commands:
"curl -v http://<MGMT_IP>:18002/v1/alarms" and
"curl -v http://<MGMT_IP>:18002/v1/event_log" and
verify that they are rejected and that the HTTP response is 401.
PASS: In the deployed AIO-SX, check through Horizon interface that Fault
Management works correctly (showing alarms and events, allowing events
to be suppressed).
PASS: Repeat all tests above changing the deploy to AIO-DX using an
CentOS image.
Story: 2010149
Task: 46123
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I3db6d0464d8d53c4dfbc761663be1712141b8b93
Created a duplicate install of /etc/pmon.d/*.conf files
to /usr/share/starlingx/pmon.d/
This is part of an effort to allow pmon conf files
to be selected at runtime by kickstarts.
Test Plan:
PASS: duplicate conf on deb
Story: 2010211
Task: 46110
Signed-off-by: Leonardo Fagundes Luz Serrano <Leonardo.FagundesLuzSerrano@windriver.com>
Change-Id: I7c66c4806024e8d6bb54609bab8f05b0b6f1d5df
This work is part of Debian integration effort.
This fixes issues seen during bootstrap.
This work unifies and enhances:
https://review.opendev.org/c/starlingx/fault/+/833935https://review.opendev.org/c/starlingx/fault/+/834950
Package binary to correct location.
Fix configuration file ownership.
Let debhelper install the services. Add systemd preset.
Tests on Debian:
PASS: build-pkgs && build-image
PASS: install iso && check the 2 services
PASS: bootstrap with fm workarounds
PASS: unlock
Depends-On: https://review.opendev.org/c/starlingx/fault/+/836660
Story: 2009101
Task: 44321
Co-authored-by: Chuck Short <charles.short@windriver.com>
Co-authored-by: aoliveir <adriano.oliveira@windriver.com>
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: I7d460bb7a3ffba429fce42e6dab72fc88e2bc885
Here is added a hook to the WSGI compliant Pecan server that receives
the Fault Management API requests. This hook logs the needed request
data to "/var/log/fm-api.log". All requests are logged except the
ones of "GET" type.
The code is a port from the same hook that exists in
"starlingx/config" repository, also called "AuditLogging".
Note: there are no "POST" or "PUT" requests available in Fault
Management API v1.
Test Plan:
PASS: Successfully deploy an AIO-SX and verify that the logs of
"fm-api" service are present in file "/var/log/fm-api.log".
PASS: In the deployed AIO-SX, execute command "fm alarm-list" and
check that no GET requests was logged in "fm-api.log".
PASS: In the deployed AIO-SX, execute command "fm alarm-delete 1111"
and check that a "DELETE /v1/alarms/1111" request was logged in
"fm-api.log" with status "404".
PASS: In the deployed AIO-SX, execute command
"fm event-suppress --alarm_id <alarm_id>" and check that a
"PATCH /v1/event_suppression/<uuid>" request was logged in
"fm-api.log" with status "200".
PASS: Successfully build all packages of this repository as Debian
packages: fm-api, fm-common, fm-doc, fm-mgr, fm-rest-api and
python-fmclient.
Story: 2009824
Task: 44468
Depends-On: https://review.opendev.org/c/starlingx/config-files/+/828200
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I25bf662ed9e792b30ae1f90329bd35b918f0a5f7
Recently, LOCI changed its default so images are python3 if nothing is
specified at the *docker_image files. With the recent upversion of LOCI
in the build tools [1], we need to explictly set PYTHON3=no to images
that are still using python2. This commit fixes the StarlingX images to
use this parameter
TEST PLAN
PASS build the stx-fm-rest-api image on the stable branch
[1] 00bd632a68
Closes-Bug: #1958696
Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Icc80f5ca3f2031537e45ab8ff35420250522cb34
Add debian packaging infrastructure for fm-api
so we can create a debian packaging for it.
Also update the directory layout due to limitations
of the STX tool. Update the centos build information
to reflect the new layout.
Story: 2009101
Task: 43091
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I5c9784647581f31384d7475f596663adc0d26498
Add support for Debian bullseye which runs python3.9.
This was tested by running tox locally on a Debian bullseye
VM.
Story: 2006796
Task: 42941
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I5568b85a365104fdbca2af7adcf9f289001baea0
Handle http client exceptions for non-admin
users. This is because some alarms/events
metadata are not available for them.
For example if the call fails the user will see the a
value like:
"host=controller-1.port=enp0s8"
instead of:
"host=controller-1.port=0cbb441a-874d-418e-bd57-7aa1b8ab0044"
Before this if an error in translation happened, the user
experienced an alert badge saying "Unable to retrieve
Events", then the user seen an empty table.
Story: 2009077
Task: 43093
Signed-off-by: Pablo Bovina <pablo.bovina@windriver.com>
Change-Id: I68eeb103a6fe97beb1fb7969a1cd9503210cdcb0
Fixed a typo for accessing a configuration resource.
Fixed a python3 script called by fmManager on initialization. It was
modifying a dictionary while parsing it using an iterator, which doesn't
guarantee all initial elements are visited. The fm database
event_suppression table was left in a bad state, thus alarm list and
alarm summary were empty.
Tests:
- build and deploy from iso
- tested with the fm_api_test.py provided in the repo
- tested some of the commands by raising a config out of date and
targeting the raised alarm
- fm alarm-list, alarm-delete, alarm-show, alarm-summary, event-list,
event-show, event-suppress-list, event-suppress, event-unsuppress,
event-unsuppress-all produce relevant output
Story: 2008454
Task: 42632
Depends-On: I2d0f4c2c85ea8057258d56632a102b2eac7db388
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: Ib3d5276c4a669a3f3f123470c31edf7a07751eaa
(cherry picked from commit c18a7865c6)
- Replace 'range' with six.moves.range.
- Replace 'zip' with six.moves.zip.
- Replace 'map' with six.moves.map.
- Replace dict.keys() with list(dict.keys()) to get a list on Python
3. On Python 3, dict.keys() now returns a view.
- Fix 'TypeError: unorderable types: NoneType() < int()' for python3
- Python 3 changed the iso8601 module iso8601.iso8601.Utc()
function to iso8601.UTC. This is compatible with Python2.7.
Testing:
1. Built new fm-rest-api rpm package.
2. Built new ISO with newer fm-rest-api and installed fine.
3. Checked for an exception in the logs while running "fm event-list".
4. Ran "fm alarm-list" without a problem.
Story: 2006729
Task: 42256
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I2d0f4c2c85ea8057258d56632a102b2eac7db388
(cherry picked from commit b91aaaab90)
The fm-api service is not properly started since the status logic is
wrong.
Updated the status logic to drop the regex approach and use the PIDFILE
instead.
There is a confirm_stop logic step which still needs to use the regex
approach because the main process spawns children. Updated the regex
for confirm_stop logic step. Now looking for /usr/bin/pythton3 and
/usr/libexec/platform-python.
Story: 2008454
Task: 42631
Depends-On: I970c2600475e32f2c5fb815738a2fe79f99a5b17
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
Change-Id: Ia77988ce282ea17de84b89e833ec686df342b3c4
(cherry picked from commit 4d5c6c7f21)
Centos 8 uses python3 by default so check for running python3
process as well.
Story: 2008454
Task: 42370
Signed-off-by: Charles Short <charles.short@windriver.com>
Change-Id: I970c2600475e32f2c5fb815738a2fe79f99a5b17
(cherry picked from commit 4958c7be50)
System UUID not required to be part of alarms summary.
This is also needed to allow non-admin users to read
alarms summary.
Story: 2009077
Task: 42995
Signed-off-by: Pablo Bovina <pablo.bovina@windriver.com>
Change-Id: I55c0cb297be7e86d31bce116e8ba20a2162d2f04
The tox jobs for fault are having problems with a
timeout, which appears to be related to how long it takes
to setup the python requirements.
This update tries to limit the scope for yamllint, and
eliminate some of the sdist related actions.
pylint has been relocated to the test-requirements file.
The usedevelop = False is required for the base tox.ini
because there are no setup files at that directory level.
Several pylint errors had to be suppressed, and will be
restored once py3 changes are merged from centos8 branch.
Story: 2008943
Task: 42967
Signed-off-by: albailey <Al.Bailey@windriver.com>
Change-Id: Icc8747226511f0be614df20800813fe4eb9e6b96
flake8 2.5.5 fails on ubuntu-focal zuul machines running python3.8
with the following error:
AttributeError: 'FlakesChecker' object has no attribute 'CONSTANT'
Fixed:
E117 over-indented
E741 ambiguous variable name
F841 local variable is assigned to but never used
Per-Line-Suppressed:
E402 module level import not at top of file
F632 use ==/!= to compare constant literals
Global Suppress:
W504 line break after binary operator
W605 invalid escape sequence
The suppressed errors can be fixed by later submissions.
Change-Id: I2df3ece427f0c84ce16c1a82f4d9f0c9a5a6982b
Partial-Bug: 1895054
Signed-off-by: albailey <Al.Bailey@windriver.com>
This commit modifies the ownership and access privilege of the
fault manager config file to the fm user only.
Verified the ownership and permission of /etc/fm/fm.conf after
successfully installed and unlocked a controller. No extra error
message is produced in fm-manager.log and fm-event.log. And fm
commands are functional.
Change-Id: Ief675bbe08c00bb106b7fdd6b5db46364192c69c
Closes-Bug: 1887444
Signed-off-by: Yuxing Jiang <yuxing.jiang@windriver.com>
This update changed the TIS_PATCH_VER to use the PKG_GITREVCOUNT
variable to auto-version the packages.
Adds an upper constraint to fm-rest-api to pass zuul.
Story: 2006740
Task: 39842
Change-Id: I4a180f1395ff9764ecc9d617a514e265db670b9c
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
stestr was upgraded to 3.0.0 on Mar. 26 and it does not support py27.
Update test requirements accordingly so py27 tests will use earlier version.
Change-Id: Ia481a4609d81ad4d225aeb6ec3ab0cc3a9e18ae5
Closes-Bug: 1869777
Signed-off-by: Gerry Kopec <gerry.kopec@windriver.com>
add test class DbSyncTestCase
add test case for migration database sync
Story: 2007082
Task: 38152
Depends-on: https://review.opendev.org/#/c/702823/
Signed-off-by: SidneyAn <ran1.an@intel.com>
Signed-off-by: chenyan <yan.chen@intel.com>
Change-Id: I8121dedae7e4319a454dc128a591f74ef066c149
As of March 1, when jobs run on ubuntu-xenial, they fail
to run py27 and py35 jobs with an error similar to:
/usr/bin/python3 -m virtualenv --no-download
--python /usr/bin/python2.7 py27
ImportError: cannot import name 'ContextManager'
It does not appear to impact the ubuntu-bionic nodes so
updating zuul to use those nodes.
bionic nodes do not support python3.5, so the py35 jobs
is now converted to py36.
Partial-Bug: 1865554
Change-Id: Iad13d03ced21294d1a02c82f4e1e37cac3f27ee7
Signed-off-by: albailey <Al.Bailey@windriver.com>
As new unit tests are being added, the coverage target
helps to view their impact.
Story: 2007082
Task: 38836
Change-Id: I2d57aac7c633ab358a2d31bfc8d8a8635931527f
Signed-off-by: albailey <Al.Bailey@windriver.com>
Add add the first unit test for fm-rest-api/fm/fm/common/timeutils.
Add tox task for py27/35 as zuul checking and gating jobs.
Story: 2007082
Task: 38077
Change-Id: I2f259dcf2178f42546966063c0d724bc17e2a804
Signed-off-by: chenyan <yan.chen@intel.com>
Some of the fault components rely on having all the dependencies
installed in the StarlingX ISO so having missing dependencies listed
in the spec files is not an issue. However, when we take those compo-
nents and run them in a non StarlingX installation these problems
started to arise.
This patch is the result of the analysis of all imports and a manual
execution of the fault components in opensuse. This is a summary of
the findings:
- fm-api: This component imports `fm_core` which is provided by
`fm-common` but not listed in the dependencies. Same
case for `six` module.
- fm-mgr: `fmManager` links to `libfmcommon` but is not listed in the
requirements. Also, it expects to find the `/etc/fm/events.yaml`
file which is provided by `fm-doc`.
- fm-rest-api: A set of imports that are missing. This component also
depends on other StarlingX compoments.
- python-fmclient: Missing python imports.
Story: 2006684
Task: 36971
Change-Id: I6719ab8a8d9a35d105be1c6f7dac57b855da543e
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
The rpmlint tool complains about having duplicated files in these
two packages. The %fdupes macro helps to remove these duplicated
files and thus pass rpmlint checks.
Story: 2006508
Task: 36867
Change-Id: I031352e06c74da65dc62b9a6c51dbb87371432d1
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
These files are part of OBS infrastructure and shouldn't be part of
this repository.
Story: 2006508
Task: 36862
Change-Id: I8cc056a49a888352d8dbb03b2a55e86549e6a45a
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
All opensuse version are being standardize with the same format,
this requires that all components will change from 1.0 to 1.0.0.
Story: 2006508
Task: 36811
Change-Id: I301759895e4ed816633daa6595d5f60f2f1d59c7
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
The rpmlintrc files helps to configure the behavior of the rpm linter
executed by the opensuse build system. This patch adds the rpmlintrc
files that were defined in the opensuse build system.
Story: 2006508
Task: 36799
Change-Id: If75264e809bb78bbcff1dd474b1a5fc1819ac193
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
As the tarballs are now created by the _service definition in the
opensuse build system, it requires now to include the specfiles
within the tarballs. This means that the `-n` option needs to be
set for `%autosetup`.
Story: 2006508
Task: 36780
Change-Id: Ib89a440d4911200ead2a3a35d731564e86b0b447
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
In the opensuse build system (OBS) the `_service` files are being
standardized to generate tarballs with gz compression. The fault's
specfiles were created before this decision, therefore an update
in the extension is required.
Story: 2006508
Task: 36670
Change-Id: I96cb185a9a0e089e4f8e184e8fdeaa709f77915e
Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
This is a tox job to scan the RPM specfiles and do some
initial sanity checks and use the OpenDev Spec-Cleaner tool, this
is not a 'linter' per-se, but will output a diff of recommended
changes for the specfile.
Initial disable cleaning our default CentOS specfiles since we
know they need work, we can enable this later.
This uses the speclint script in starlingx/integ a proposed
by the Depends-On.
The recommended guildline for openSUSE is located here:
https://en.opensuse.org/openSUSE:Specfile_guidelines
Fix up fm-rest-api opensuse specfile
Depends-On: https://review.opendev.org/664995
Change-Id: I46da780a667569a9dccedd551d955c983e9601cd
Signed-off-by: Saul Wold <sgw@linux.intel.com>
This commit adds the RPM specfile that supports openSUSE, these
include the _service file which creates the tarball, the changes
files and specfile itself.
These are all built via the OpenBuildService (OBS) and can be
found here:
https://build.opensuse.org/project/show/Cloud:StarlingX:2.0
Change-Id: I676aae8cb9554eab2740232fd0dd77e0ed876506
Signed-off-by: Saul Wold <sgw@linux.intel.com>