Most of the v1 mitigation is baked into the kernel and not
optional. The swapgs barriers are, however, optional.
They have a negative performance impact so we disable them
by using the nospectre_v1 kernel bootarg.
Partial-Bug: 1860193
Depends-On: https://review.opendev.org/#/c/704406
Change-Id: Id11232fe113293ed04b2802aaf038e2eedf9d797
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Neither of these components were maintained or used, and so are
being abandoned.
- inventory was an old fork of the sysinv code
- python-inventoryclient was an old fork of the cgts-client code
The devstack commands, although currently disabled, have also
been updated.
Change-Id: If6a109edbc70eb1bd92012f4261dec4a2c58fbd1
Story: 2004515
Task: 37538
Depends-On: https://review.opendev.org/701591
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
This update
1. Refactors some of the common maintenance ipmi
definitions and utilities into a more generic
'bmcUtil' module to reduce code duplication and improve
improve code reuse with the introduction of a second
bmc communication protocol ; redfish.
2. Creates a new 'redFishUtil' module similar to the existing
'ipmiUtil' module but in support of common redfish
utilities and definitions that can be used by both
maintenance and the hardware monitor.
3. Moves the existing 'mtcIpmiUtil' module to a more common
'mtcBmcUtil' and renames the 'ipmi_command_send/recv' to
the more generic 'bmc_command_send/recv' which are enhanced
to support both ipmi and redfish bmc communication methods.
4. Renames the bmc info collection and connection monitor ;
'bm_handler' to 'bmc_handler' and adds support necessary
to learn if a host's bmc supports redfish.
5. Renames the existing 'mtcThread_ipmitool' to a more common
'mtcThread_bmc' and redfishtool support for the now common
set of bmc thread commands and the addition of the new
redfishtool bmc query, aka 'redfish root query', used to
detect if a host's bmc supports redfish.
Note: This aspect is the primary feature of this update.
Namely the ability to detect and print a log indicating
if a host's bmc supports redfish.
Test Plan:
PASS: Verify sensor monitoring and alarming still works.
PASS: Verify power-off command handling.
PASS: Verify power-on command handling.
PASS: Verify reset command handling.
PASS: Verify reinstall (netboot) command handling.
PASS: Verify logging when redfish is not supported.
PASS: Verify logging when redfish is supported.
PASS: Verify ipmitool is used regardless of redfish support.
PASS: Verify mtce thread error handling for both protocols.
Change-Id: I72e63958f61d10f5c0d4a93a49a7f39bdd53a76f
Story: 2005861
Task: 35825
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
ipmitool was recently found to be missing from the load after
a rpm cleanup that seemed to remove all dependency on it.
Maintenance and its Hardware Monitor use the ipmitool
for power / reset control as well as sensor monitoring.
This update adds a dependency on ipmitool in the maintenance
mtcAgent and hwmon rpm build recipe so that it will always
be included in the load with maintenance.
Closes-Bug:1821958
Test Plan:
PASS: Verify ipmitool in load
PASS: Verify mtce and hwmon rpm dependency on ipmitool
PASS: Verify system install
Change-Id: I958a2365f6df7bdbf942bc57c1aa17ee2ae6a73d
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
* fix hwmon start script issue
* check hostname for mtcAgent. disable mtcAgent if the hostname does
not meet the requriement.
* set correct interface name
Story: 2003161
Task: 29977
Change-Id: I30e321eab3fd5424913ddce37cc9ef6442c0e969
Signed-off-by: Yi Wang <yi.c.wang@intel.com>
* Enforce presence of Barbican in DevStack configuration
* Add Barbican and python-barbicanclient to stx-devstack-metal job
Change-Id: I3df338785b2352ec9e9f7c1387f2fbb47bb7baca
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
https://review.openstack.org/#/c/644677/ removed these from mtce
but not the plugin.
Change-Id: I2bc70dd57e7e39148a2b2d38ff3ab03e51880bcb
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
All rmon resource monitoring has been moved to collectd.
This update removes rmon from mtce and the load.
Story: 2002823
Task: 30045
Test Plan:
PASS: Build and install a standard system.
PASS: Inspect mtce rpm list
PASS: Inspect logs
PASS: Check pmon.d
Change-Id: I7cf1fa071eac89274e7fae1f307e14d548cc945b
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
Put everything in /usr/local and allow that to be overridden to
a user-writable dir and not require sudo.
Story: 2003161
Task: 29897
Change-Id: I873690cf8f4a12ed9a1c4a5319f03c1b7feb3817
Signed-off-by: Yi Wang <yi.c.wang@intel.com>
The preceeding 4 reviews all needed to be in place in order for
the devstack run to complete. Enable it now.
Change-Id: I139c862b8edbe7214ad11b9820e400b7e613bd61
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
This allows DevStack plugins to add its configured STX_INST_DIR
to the linker search path.
Change-Id: I277204cd89767b93eec6c96969fc33d23e04516b
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
* Install build artifacts to a fixed dir rather than attempting
to infer a location based on the Python binary location. That
was intended to work seamlessly in venvs, we'll burn that bridge
when we come to it, for now just put it all in
$DEST/usr/{include|lib}. This also removed the need for
root access for these files to allow the build steps to be performed
on laptops that may not otherwise run DevStack.
* Install systemd unit files directly to /etc/systemd/system
and skip the requirement to copy them a second time
* Add the declarations to settings for the devstack playbook to
handle plugin precedence order properly.
Change-Id: I5d68465384e000c05eb650a8358b70f7a7a6c293
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
devstack default user stack may not have permission to modify system
file /etc/hosts. use sudo to make sure the modification is done.
Change-Id: Iabe47cae88da9d70a1f7788c1847d99856963713
Closes-Bug: 1816520
Signed-off-by: Yi Wang <yi.c.wang@intel.com>
Use Openstack Barbican API to retrieve BMC passwords stored by SysInv.
See SysInv commit for details on how to write password to Barbican.
MTCE is going to find corresponding secret by host uuid and retrieve
secret payload associated with it. mtcSecretApi_get is used to find
secret reference, based on a hostname. mtcSecretApi_read is used to
read a password using the reference found on a prevoius step.
Also, did a little cleanup and removed old unused token handling code.
Depends-On: I7102a9662f3757c062ab310737f4ba08379d0100
Change-Id: I66011dc95bb69ff536bd5888c08e3987bd666082
Story: 2003108
Task: 27700
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
Add the base DevStack job and make sure bashate runs on
the devstack plugin files.
Begin to re-structure the plugin to match the common structure.
Add devstack/build.sh and split out the build steps into
separate functions in devstack/lib/stx-metal
This is complete, further work to be done in follow-up changes.
Change-Id: I05f6df758e18f182fb0a05731eddc6cb7f599e51
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
Add maintenance services as stx-metal plugin.
Enable services by both node type and metal components.
Target:
Mtce services are installed and active(running) in devstack.
Story: 2003161
Task: 23296
Change-Id: I2123c64fb1b70bd135e8945d7ff7f4f3691bdbcc
Signed-off-by: Mingyuan Qi <mingyuan.qi@intel.com>