1001 Commits

Author SHA1 Message Date
chendongqi
be8e0dfa61 CentOS 8: Upgrade python-requests to version 2.20.0
(1)Release Version Upgrade
(2)Matching code changes with el7 to el8

This package actually comes from the openstack package repo [0]
and the correct version is 2.21.0-3.
Since the CentOS folks have not created a cloud repo yet.
Ultimately this will need to be a python3 version.
We will need to rename the package to python3-requests.

[0] http://vault.centos.org/7.7.1908/cloud/Source/openstack-stein/

Story: 2006729
Task: 37659
Depends-On: https://review.opendev.org/#/c/696481/
Depends-On: https://review.opendev.org/#/c/696050/
Change-Id: I8544995320fa440074554c6fdf0e1143bf68b582
Signed-off-by: Dongqi Chen <chen.dq@neusoft.com>
2019-12-16 15:56:07 +08:00
Saul Wold
9035cd1be8 Merge branch 'master' into f/centos8
Change-Id: Ia907a71dfa89d3ce7580d788eacf29dda1fb7fc8
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2019-12-11 10:06:10 -08:00
Zuul
435361662f Merge "ceph-init-wrapper: Detect stuck peering OSDs and restart them" 2019-12-09 16:01:32 +00:00
Martin, Chen
4aa661ce56 Build layering
Rebase tarball for i40e Driver
Rebase srpm for systemd 219-67.el7
Rebase srpm for sudo
Rebase srpm for ntp

Depends-On: https://review.opendev.org/#/c/695061/
Depends-On: https://review.opendev.org/#/c/695560/
Depends-On: https://review.opendev.org/#/c/695637/
Depends-On: https://review.opendev.org/#/c/695983/

Story: 2006166
Task: 37570

Change-Id: I7f33e0fb1319df3421318c4927d2a5675a490273
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
2019-11-29 14:14:13 +08:00
Zuul
20c8ce27e7 Merge "Uprev ntp to version 4.2.6p5-29.el7" 2019-11-26 17:10:02 +00:00
Jim Somerville
5d854355d8 Uprev ntp to version 4.2.6p5-29.el7
This solves:
ntp: Stack-based buffer overflow in ntpq and ntpdc allows
denial of service or code execution (CVE-2018-12327)

See the announcement link:

https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006016.html

for more details.

Here we refresh the meta patches and correct the crime of
"name of patch file differs from git format-patch".  We
also clean up the commit short logs.

Change-Id: I263465d85f06096296fdd478a302eb110ab1259c
Closes-Bug: 1849197
Depends-On: https://review.opendev.org/#/c/695983
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
2019-11-25 16:07:17 -05:00
Dan Voiculeasa
11fd5d9cd4 ceph-init-wrapper: Detect stuck peering OSDs and restart them
OSDs might become stuck peering.
Recover from such state.

Closes-bug: 1851287

Change-Id: I2ef1a0e93d38c3d041ee0c5c1e66a4ac42785a68
Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
2019-11-25 09:37:48 +00:00
Robin Lu
f30cb74fef Update sudo srpm patch for CVE bug
To fix below CVE, we will use sudo-1.8.23-4.el7_7.1.src.rpm
And we have to update some patches according to new srpm.
https://lists.centos.org/pipermail/centos-announce/2019-October/023499.html

CVE bug: CVE-2019-14287: sudo: can bypass certain policy blacklists

Closes-Bug: 1852825
Depends-On: https://review.opendev.org/#/c/695637/
Change-Id: Ifc0a3423464fafce06cd504d9b427fc3433fb756
Signed-off-by: Robin Lu <bin1.lu@intel.com>
2019-11-25 09:43:16 +08:00
Zuul
dcacc409f4 Merge "Uprev systemd to version 219-67.el7" 2019-11-21 22:24:55 +00:00
Jim Somerville
0231aba5cd Uprev systemd to version 219-67.el7
This solves:
systemd: line splitting via fgets() allows for state injection
during daemon-reexec (CVE-2018-15686)

along with some other less critical issues.  See the security
announcement link:

https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006149.html

for more details.

Here we rebase the patches, and fix the atrocious crime of "name of patch file
doesn't match what git format-patch generates".  We also squash down the
meta patches which add the patches to the spec file as part of
good housekeeping.

Change-Id: I01a3fa329bbad541a063cb604d1756892139967f
Closes-Bug: 1849200
Depends-On: https://review.opendev.org/#/c/695560
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
2019-11-21 16:48:47 -05:00
Zuul
d2a3c1e163 Merge "i40e Driver Upgrade in support of N3000 on-board NICs" 2019-11-20 22:14:49 +00:00
Jim Somerville
2718976ddc i40e Driver Upgrade in support of N3000 on-board NICs
Uprev i40e to version 2.10.19.30
i40evf gets replaced by iavf version 3.7.61.20

The iavf driver supports both fortville and columbiaville,
so they decided to rename from i40evf to something more generic.

We get to drop the patch which polls for coming out of
reset as it was incorporated upstream.

The Intel FPGA Programmable Acceleration Card N3000 contains
dual Intel XL710 NICs and an FPGA for acceleration purposes.
This driver upgrade is required to support those NICs.

Change-Id: Ifbec94bcc00a8cce9fe97bf0eb41556b8bd3e592
Story: 2006740
Task: 37542
Depends-On: https://review.opendev.org/#/c/695061
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
2019-11-19 14:42:12 -05:00
Joseph Richard
8a3722089d Drop initscripts patch running ipv6 dhcp as daemon
This commit rebases initscripts patch set, dropping
run-dhclient-as-daemon-for-ipv6.patch

Currently, ifup-eth tries running ipv6 dhclient with the one-shot
option, and if that fails, then retries indefinitely in the background.
That has the side-effect of causing the ifup-post script to not be run
if the first dhclient attempt fails, which will prevent routes on that
interface from being created.  This is especially problematic in the
case of a DOR, where the compute nodes may come up before dnsmasq is up
on the controller.
This is different from upstream centos, which will only try running
dhclient with the one-shot option for ipv6.
By reverting the initscripts patch to run as a daemon, ipv6 dhclient now
runs as one-shot only, and if it fails, ifup-eth script exits without
getting an address, and then the node fails to come up and reboot.
While this may result in the compute node having an extra reboot in a DOR,
that is preferable to the compute coming up incorrectly and requiring a
lock/unlock to recover.

Closes-bug: 1844579
Change-Id: I5b7f6b7c878dc4e4737d986f11fae3301585fb1c
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
2019-11-19 14:24:28 -05:00
Saul Wold
f00abf590a .gitreview: Update for f/centos8 feature branch
This will be used for the CentOS-8 Upgrade work

Change-Id: Ibb0e8998c5bb1c5964df15115cc98a66da01e4d8
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2019-11-11 00:46:29 -08:00
Andy Ning
5afd5f90b2 update Barbican admin secret's user/project IDs during bootstrap
In a DC system when subcloud is managed, keystone user/project IDs are
synced with Central Cloud, including admin user and project. But the
admin's secrets in Barbian still use the original user/project IDs,
causing docker registry access failure when platform-integ-apps is
reapplied.

This change added a patch to keystone puppet manifest, that updates
keystone admin user/project IDs to be the same as Central Cloud right
after keystone is bootstrapped during subcloud deployment. This way any
referece to admin user/project IDs after bootstrap will be using the
IDs same as Central Cloud, including the ones in Barbican. This will
solve the problem of retrieving central registry credential failure
when platform-integ-apps is reapplied.

Change-Id: I509a06b4b810620a1b3648837726f7f2771162a5
Closes-Bug: 1851247
Signed-off-by: Andy Ning <andy.ning@windriver.com>
2019-11-08 09:51:24 -05:00
Don Penney
b00d7ff68c Package /etc/default/lldpd as a config file
The lldpd package currently does not package the /etc/default/lldpd
file as a config file, but it is modified at runtime by a puppet
manifest. As a result, if the lldpd package is updated on a system, it
would overwrite the modified file with the version from the package.

This update adds the %config(noreplace) to lldpd.spec for this file.

Change-Id: I82e62bdcac9ea07a3eaea0dfca5b1037b4b392d6
Partial-Bug: 1850695
Signed-off-by: Don Penney <don.penney@windriver.com>
2019-10-30 16:22:55 -04:00
Zuul
7173fb6cf5 Merge "Build layering, add layer build config file and srpm and tarball lst" 2019-10-29 19:07:32 +00:00
Al Bailey
4341591423 Ensure barbican user and group exist during installation
The barbican user and group were missing from the setup files.

Adding it ensures consistent uid/gid values across nodes, where
filesystems may be shared.

Adding it also ensures uid/gid exists when barbican is installed.
This will fix sanity issues due to arbitrary rpm ordering during
initial system installation.

openstack-barbican-common has a scriptlet that sets up
barbican user and group if they do not exist, through
shadow-utils.

The shadow-utils requirement is set for openstack-barbican
rather than openstack-barbican-common or python-barbican.

Alternatively the src rpm could be patched, but this would add
source code patching debt, and still not resolve the filesystem
consistency issue.

Change-Id: I67b7c292e4a3356335df6619648284e028625fe6
Closes-Bug: 1849671
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
2019-10-24 13:49:43 -05:00
Scott Little
9a02692850 Build layering, add layer build config file and srpm and tarball lst
Story: 2006166
Task: 37113

Change-Id: I11b2a3f635d7a1f50d0d21c4b4bad88de96d5292
Signed-off-by: Scott Little <scott.little@windriver.com>
2019-10-21 09:24:22 +08:00
Al Bailey
2ab04bc375 Upversion kubernetes to 1.16.2
This is a minor bugfix release.
It requires golang 1.12.10 to build.

Change-Id: I3eb4818d4667ff3be1020a2066c52ed248d5e23c
Story: 2005860
Task: 37159
Depends-On: https://review.opendev.org/#/c/689000/
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
2019-10-16 14:31:23 -05:00
Zuul
8295196cf4 Merge "Add script to build intel qat device plugin image" 2019-10-15 21:21:27 +00:00
Zuul
d2acda56bb Merge "De-couple kubernetes rpms from one another" 2019-10-10 15:37:37 +00:00
Zuul
adc1f00b8c Merge "Uprev SR-IOV CNI and device plugin image base" 2019-10-09 19:18:58 +00:00
Al Bailey
f0870b2e48 De-couple kubernetes rpms from one another
The spec file from Centos was written to tightly couple
the kubernetes rpms to the same version and therefore prevent
any of them from being changed without installing the entire set.

This blocks the kubernetes upgrade procedure, which expects
components such as kubeadm or kubelet to up-version independently
from the other kubernetes components.

Refer to Upgrading Control Planes section of:
https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/

In addition, hyperkube (unused) was packaged in multiple
rpms which is an rpm patching semantic violation.

Story: 2005860
Task: 36956
Change-Id: I26b7bc4b232635ac5f58aa9db79fcfe505c85fdc
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
2019-10-08 10:14:08 -05:00
Zuul
33f01e91b3 Merge "Fix missing IP of alias interface" 2019-10-07 14:41:21 +00:00
Zuul
1de9d18a0b Merge "Upversion kubernetes build files to 1.16.0" 2019-10-02 14:03:04 +00:00
Zuul
e8a76cd4bd Merge "Upversion etcd to 3.3.15" 2019-10-02 14:01:18 +00:00
Teresa Ho
caac6ebf35 Fix missing IP of alias interface
The ifup-aliases script assumes that the IPv4 address is always
defined. If the configuration is only for IPv6, the script would
generate an error and not process the IPv6 address of the interface.
This commit is to bring up the IPv6 interface even if the IPv4 address
is not defined.

Partial-Bug: 1834234

Change-Id: Ib0c4cbc7ec19cc0c0c485e4ad63c380aa8a49a4c
Signed-off-by: Teresa Ho <teresa.ho@windriver.com>
2019-09-30 17:18:51 -04:00
Mingyuan Qi
d9d92a6997 Add script to build intel qat device plugin image
This image will be run as a daemonset to enable intel qat device plugin

Story: 2005514
Task: 36819

Change-Id: I6ba1410bec7bbbc915048f6dee66975eba1ced55
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>
2019-09-29 14:29:42 +08:00
Steven Webster
dac417bd31 Uprev SR-IOV CNI and device plugin image base
Currently, StarlingX uses a version of the SR-IOV CNI and device
plugin container images that are based on a certain commit reference.
This is done to ensure reliable and predicable behaviour until the
images can be locked down on a stable release version.

It is desirable to move to a later version of these images for
a couple of reasons (aside from bug fixes, etc):

1. The SR-IOV CNI image now uses an alpine base, rather than
   a Redhat base.
2. The SR-IOV device plugin allows a DPDK enabled pod with
   Mellanox NICs to run unprivileged.

This commit moves the image base forward.

Testing has been performed with netdevice and DPDK based
pod applications with various combinations of the following
devices:

Mellanox MT27700 Family [ConnectX-4]
Intel 82599ES 10-Gigabit SFI/SFP+ Network Connection
Intel Ethernet Controller X710 for 10GbE SFP+

Change-Id: Ia74e135b3e4b1a00465d4a8fd0b4650efdcfd2c5
Closes-Bug: 1843963
Closes-Bug: 1835020
Signed-off-by: Steven Webster <steven.webster@windriver.com>
2019-09-27 15:04:11 -05:00
Alex Kozyrev
5f72ddb26a Build a Docker image with FPGA plugin
Create Intel FPGA plugins Docker images to StarlingX image build from
intel-device-plugins-for-kubernetes. Adjust the script to make it
more generic. Update intel-gpu-plugin to the latest codebase as well.

Change-Id: I4e60de505aca5d01c10a4db396a2311591b44ff0
Story: 2006495
Task: 36710
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
2019-09-24 11:17:50 -04:00
Al Bailey
2e0201f211 Upversion kubernetes build files to 1.16.0
The spec file and srpm tarball are updated to build
the 1.16.0 kubernetes source archive.

Change-Id: Ib9770f43b3e035085ef1d1692d4f14c4beddae49
Story: 2005860
Task: 36702
Depends-On: https://review.opendev.org/#/c/684351
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
2019-09-24 09:23:03 -05:00
Al Bailey
a2bd894d1a Upversion etcd to 3.3.15
3.3.15 is the default etcd used by kubernetes 1.16

Some patches from the old src rpm have been removed since
they are not compatible with the updated source tree, and
do not appear related to STX.

Change-Id: I6337a963d7b4af059ae445e4a4f11fb69efbe0a7
Story: 2005860
Task: 36701
Depends-On: https://review.opendev.org/#/c/684351
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
2019-09-24 09:22:41 -05:00
Zuul
c563674a43 Merge "Add boto3 to build" 2019-09-19 18:36:36 +00:00
Jerry Sun
464819c170 Add boto3 to build
boto3 is a python package for interacting with AWS. we need this for
interacting with an Amazon Docker registry. This commit adds boto3 and
its dependencies to the build

Story: 2006274
Task: 36704
Depends-On: https://review.opendev.org/683179

Change-Id: I5a5c7ea7b20c012b51ee20057a1ebd0f0c635386
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
2019-09-19 13:11:13 -04:00
Zuul
bbb9e4042c Merge "Build and package OPAE FPGA drivers" 2019-09-16 19:39:23 +00:00
Jim Somerville
b675795e5b Build and package OPAE FPGA drivers
Includes a spec file for building and changes to get the
kernel modules into the load.

Change-Id: I6e075e19b1e4deefd7f5bcb11fec34c383b313b8
Story: 2006495
Task: 36607
Depends-On: https://review.opendev.org/#/c/682058/
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
2019-09-16 18:12:55 +00:00
Zuul
82fc1ff6d4 Merge "Update lighttpd to 1.4.54 version." 2019-09-16 17:42:03 +00:00
Zuul
d51e846143 Merge "ceph: mgr-restful-plugin set ceph-mgr config file path" 2019-09-11 18:16:56 +00:00
Zuul
bc4877e5bb Merge "ceph: mgr restful plugin set certificate to match host name" 2019-09-11 16:35:05 +00:00
Daniel Badea
edc7f8495d ceph: mgr-restful-plugin set ceph-mgr config file path
Explicitly set ceph-mgr configuration file path to
/etc/ceph/ceph.conf to avoid surprises. ceph-mon
and ceph-osd are also started with '-c' (--conf)
pointing to /etc/ceph/ceph.conf.

Change-Id: I4915952f17b4d96a8fce3b4b96335693f9b6c76b
Closes-bug: 1843082
Signed-off-by: Daniel Badea<daniel.badea@windriver.com>
2019-09-11 16:30:06 +00:00
Zuul
4b6a275e4f Merge "ceph-init-wrapper use flock instead of flag files" 2019-09-09 19:34:31 +00:00
Zuul
c1447f4132 Merge "[python2to3] upgrade requests-toolbelt to 0.9.1 version" 2019-09-09 19:15:50 +00:00
Kristine Bujold
588e39fe64 Add new ntp package to build
This is required to fix a bug with ntpq and IPV6 addresses. The ntpq
command truncates the remote addresses to 15 characters. This is not
long enough for IPV6 addresses. This has been fixed in version 4.2.8
which is not yet released by Centos. Patch
Fix-ntpq-truncates-IPV6-addresses.patch provides a subset of the fix.

aeb3ee65bc
https://bugs.ntp.org/show_bug.cgi?id=1128

Depends-On: https://review.opendev.org/680105
Partial-Bug: 1840687

Change-Id: If9d07acf913ebebead5505d44129f0644511b748
Signed-off-by: Kristine Bujold <kristine.bujold@windriver.com>
2019-09-09 10:43:30 -04:00
Daniel Badea
fcaa49ecaf ceph: mgr restful plugin set certificate to match host name
python-cephclient certificate validation fails when connecting
to ceph-mgr restful plugin because server URL doesn't match
CommonName (CN) or SubjectAltName (SAN).

Setting CN to match server hostname fixes this issue but
raises a warning caused by missing SAN.

Using CN=ceph-restful and SAN=<hostname> fixes the issue
and clears the warning.

Change-Id: I6e8ca93c7b51546d134a6eb221c282961ba50afa
Closes-bug: 1828470
Signed-off-by: Daniel Badea <daniel.badea@windriver.com>
2019-09-09 06:53:58 +00:00
Sun Austin
a5fab83861 [python2to3] upgrade requests-toolbelt to 0.9.1 version
From https://pypi.org/project/requests-toolbelt/0.9.1/
version 0.9.1 will support python3.

Story: 2006158
Task: 36431

Depends-On: https://review.opendev.org/#/c/679711/
Change-Id: I412783de9b96b45c9f44b5b40fb81f2d912c88b8
Signed-off-by: Sun Austin <austin.sun@intel.com>
2019-09-06 09:10:14 +08:00
Scott Little
e80813bb81 Relocated some packages to repo 'config-files'
List of relocated subdirectories:

base/centos-release-config
base/dhcp-config
base/dnsmasq-config
base/haproxy-config
base/initscripts-config
base/lighttpd-config
base/net-snmp-config
base/openssh-config
base/setup-config
base/systemd-config
config-files/audit-config
config-files/docker-config
config-files/io-scheduler
config-files/iptables-config
config-files/memcached-custom
config-files/ntp-config
config-files/pam-config
config-files/rsync-config
config-files/shadow-utils-config
config-files/sudo-config
config-files/syslog-ng-config
config-files/util-linux-config
filesystem/filesystem-scripts
filesystem/iscsi-initiator-utils-config
filesystem/nfs-utils-config
ldap/openldap-config
logging/logrotate-config
networking/mellanox/mlx4-config
networking/openvswitch-config

Story: 2006166
Task: 35687
Depends-On: I665dc7fabbfffc798ad57843eb74dca16e7647a3
Change-Id: I3dc0fc9f88931c5e0963d00274408ff7a16fae3a
Signed-off-by: Scott Little <scott.little@windriver.com>
Depends-On: I761b0f76150881c765b70b2ccd255244c754bd5d
2019-09-05 20:32:09 -04:00
Scott Little
3637d66ae4 Relocated some packages to repo 'monitoring'
List of relocated subdirectories:

monitoring/collectd-extensions
monitoring/influxdb-extensions
tools/monitor-tools
tools/vm-topology

Story: 2006166
Task: 35687
Depends-On: I6c62895f8dda5b8dc4ff56680c73c49f3f3d7935
Depends-On: I665dc7fabbfffc798ad57843eb74dca16e7647a3
Change-Id: Iffacd50340005320540cd9ba1495cde0b2231cd0
Signed-off-by: Scott Little <scott.little@windriver.com>
Depends-On: I14e631137ff5658a54d62ad3d7aa2cd0ffaba6e0
2019-09-05 20:31:52 -04:00
Scott Little
062ec89dbb Relocated some packages to repo 'utilities'
List of relocated subdirectories:

ceph/ceph-manager
ceph/python-cephclient
filesystem/nfscheck
logging/logmgmt
security/tpm2-openssl-engine
security/wrs-ssl
tools/collector
tools/engtools/hostdata-collectors
utilities/build-info
utilities/namespace-utils
utilities/pci-irq-affinity-agent
utilities/platform-util
utilities/tis-extensions
utilities/update-motd

Story: 2006166
Task: 35687
Depends-On: I665dc7fabbfffc798ad57843eb74dca16e7647a3
Change-Id: I2bf543a235507a4eff644a7feabd646a99d1474f
Signed-off-by: Scott Little <scott.little@windriver.com>
Depends-On: I85dda6d09028f57c1fb0f96e4bcd73ab9b9550be
Signed-off-by: Scott Little <scott.little@windriver.com>
2019-09-05 20:31:36 -04:00
Scott Little
edb9f64aec Relocated some packages to repo 'compile'
List of relocated subdirectories:

base/bash
base/golang-dep
base/rpm
python/python-2.7.5
base/golang

Story: 2006166
Task: 35687
Depends-On: I665dc7fabbfffc798ad57843eb74dca16e7647a3
Change-Id: I1afe2c0a2f9ca6acf70f29ae85f8497da7593bf8
Signed-off-by: Scott Little <scott.little@windriver.com>
Depends-On: I840888f0b012e9fb24e72f4e6a46567e6f949df7
2019-09-05 20:31:20 -04:00