This also changes the group wrs_protected to sys_protected
to de-brand the user and group names.
Depends-On: I887464a20fc17d66529caea03be2b445156f9426
Change-Id: Ic2ea06d3ac15c31854a604af5f4cecf9094fcaea
Story: 2004716
Task: 28748
Signed-off-by: Saul Wold <sgw@linux.intel.com>
The SRIOV network device plugin is Kubernetes device plugin for
discovering and advertising SRIOV network virtual functions (VFs) in a
Kubernetes host.
StarlingX support requires us to build the following plugin images:
starlingx/k8s-cni-sriov: derived from ...
https://github.com/intel/sriov-cni
starlingx/k8s-plugins-sriov-network-device: derived from ...
https://github.com/intel/sriov-network-device-plugin
Change-Id: I1ab9f642040dcacfc4e3494cbc6aef83816d3c20
Depends-on: Iea5eae32bd245557a4b02c9825297343a001e778
Story: 2005208
Task: 33485
Signed-off-by: Scott Little <scott.little@windriver.com>
This adds a kubelet ExecStartPre script to ensure cgroup is setup
prior to kubelet launch. This creates k8s-infra cgroup for a minimal
set of resource controllers, and configures cpuset attributes to span
all online cpus and nodes. This will do nothing if the k8s-infra cgroup
already exists (i.e., assume already configured).
NOTE: The creation of directories under /sys/fs/cgroup is volatile, and
does not persist reboots. The cpuset.mems and cpuset.cpus is later
updated by puppet kubernetes.pp manifest.
Tests performed:
Standard system: system install, lock/unlock controller & computes,
forced reboot: active/standby controller, computes.
Change-Id: I6a7aad5c40fe8225e9e16c8d8b40a0cffd76715d
Closes-Bug: 1828270
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
Change config file to allow controller local Docker registry images to
be deleted.
Story: 2002840
Task: 28621
Change-Id: I636a8e26f92c50ebc2222292cd21f7e7784ed2ac
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Update the helm-upload script to require specifying a specific helm
repository to use with it's operations.
Change-Id: I4b1a3615a6bd5d0bdd834a1cdf27c05d5a1057a0
Story: 2005424
Task: 30645
Signed-off-by: Robert Church <robert.church@windriver.com>
etcd 3.2.24 is the required version for kubernetes 1.13
There is no 3.2.24 src rpm, so the github archive is used as
the source code.
The original spec file and additional files are
from the etcd 3.2.22 src rpm in centos.
Story: 2005198
Task: 30405
Depends-On: I8f7061a9577941c257046721dbf5e957375691ab
Change-Id: Iab65a3bcd9e9d3f9968515c35675119bb06b9a54
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Cloud-Provider-Openstack is required for Keystone authentication with
Kubernetes. This commit brings in Cloud-Provider-Openstack as a
pre-built binary to shove into an RPM as part of the ISO. The source
is also downloaded, but not used at the moment.
Story: 2002843
Task: 26958
Depends-On: https://review.openstack.org/651326
Change-Id: If2a7a1d696370c8e40a11f8002c9a597406eb2db
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Generate/clear kubelet.pid file at start/stop of kubelet service
Story: 2002843
Task: 29216
Change-Id: I41206c7ea14d79b5d0cbca945e7a6488eda9b7bb
Signed-off-by: Bin Qian <bin.qian@windriver.com>
Rather than storing a diff file of the spec file changes,
the original spec file is included for easier comparison.
Story: 2002843
Task: 28909
Change-Id: I11b327e292e9acdeee66d0869f2b159698e40706
Depends-On: Ifb2ca9f36ae2a2f69038f0aad05a4af93eaaa5ad
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
This change reworks the registry-token-server package spec with
go dependencies downloaded at mirror-download time, rather than
at build time. The dependencies (at fixed revisions) are
extracted into the package's build tree for compilation.
Story: 2002840
Task: 22783
Depends-On: https://review.openstack.org/#/c/631001/
Change-Id: Ib7d745c6469beacf029195c3e6eaa4935f398483
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Signed-off-by: Jason McKenna <jason.mckenna@windriver.com>
This updates the helm-upload to stop syncing charts to standby
controller as charts are changed to store in drbd fs.
Story: 2004520
Task: 28343
Depends-On: https://review.openstack.org/#/c/630763/
Change-Id: I12f17fae6124650d878ba7a560f94b7a8ed36e56
Signed-off-by: Angie Wang <angie.wang@windriver.com>
As part of setting up Keystone authentication with Docker registry,
a token server needs to be deployed and managed by SM. This commit
adds the source code and spec files to build the token server used by
Docker registry for authentication with Keystone. The token server is
a modified version of the example token server provided by Docker
Distribution. The changes uses the Gophercloud library to communicate
with Keystone as opposed to checking the user credentials against an
existing HTPASSWD file.
Story: 2002840
Task: 22783
Depends-On: https://review.openstack.org/#/c/625335/
Change-Id: I00f5aa1073d496aa0b08223c6fa1fcbaf9d5b89b
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
This commit upversions helm from v2.11.0 to v2.12.1.
This is necessary as support for kubernetes v1.12 support is only
introduced in helm v2.12.
Story: 2004520
Task: 28777
Depends-on: I2501cd1174f85810892e51ac8a44746302eeb120
Change-Id: I605f1ba2c7fda52d9e0bf84b6132314efad15b24
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
Since we do not add this package to centos_pks_dirs, it can be removed.
It seems this folder was deprecated. As I see, docker-ce RPM is already
there and packaged in iso.
Story: 2004587
Task: 28461
Change-Id: Ice8ac0f8a8cdbd02f3a0f87165f5971a0aba5388
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This requires golang upversioned to 1.10.2 or later
The older kubernetes was a src rpm. This is a src tarball
so the files and patches from the old src rpm are included here.
Some of the files from the 1.10 src rpm failed lint checks, so
they have been updated.
ppc patch from 1.10 was removed.
golang debug patch for ELF removed.
The kubeadm.conf originates from:
kubernetes/build/rpms/10-kubeadm.conf
Story: 2002843
Task: 26751
Change-Id: Ib5602a4a57c0e8998430b0774375853cdd2bca01
Depends-On: I1ea17cc89d839e0ffa90459965c521e504695294
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
The missing PID file was spamming SM logs. This commit creates the
missing PID file for Docker Registry which fixes the issue.
Task: 22782
Story: 2002840
Change-Id: I10438e034165de88649a0228ffa9840768f6a1d6
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
Point the spec and data file to the newer version.
Reset the TIS patch version from 3 to 1
Story: 2002843
Task: 26751
Depends-On: Ic6a75a2c89d6992433fe78407ff4464da339e776
Change-Id: I5afb5847204c62214689f9e246a4c9c0ddaf02b7
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
There's a lot going on here but conceptually we're just enabling a
local helm repo along with a helper script to install helm charts into
the repo.
The first item is to configure lighttpd to serve up helm charts as
static information (so no proxying) at http://127.0.0.1/helm_charts".
This is fairly straightforward, but the files are served out of
/www which isn't a replicated filesystem and which is owned by the www
user.
The helm puppet manifest is modified to create the "helm_charts"
directory for the webserver, to generate the initial index file,
and to tell helm to add the new repo for the "wrsroot" user. The
various commands are run as specific users with specific environment
variables, this is key to making everything work as planned.
To allow the wrsroot user to upload charts into /www the helm-upload
script will re-run itself as the www user. /etc/sudoers.d is modified
to allow this without asking for a password. The upload script will
copy the specified charts in to /www/pages/helm_charts, and will then
regenerate the index.yaml file. The upload script will then try to
sync the files over to the other node. To enable this without
prompting for a password we modify /etc/rsyncd.conf to allow
passwordless syncing into /www/helm_charts.
In a future commit we'll need to sync charts with the other
controller when booting up, and also configure the local starlingx
helm repo on the second controller.
Change-Id: I86a7795decb7833cb22c04e34e298c8d24ed7fa3
Signed-off-by: David Sullivan <david.sullivan@windriver.com>
Story: 2002876
Task: 22831
Depends-On: https://review.openstack.org/596802
This update removes the tiller-2.9.1-docker-image.tgz tarball from
the helm package until it can be properly gernerated within the
build framework.
Story: 2002876
Task: 22831
Change-Id: Ie54187b0462be22af5e8935fd4fd25c6ff913332
Signed-off-by: Jack Ding <jack.ding@windriver.com>