190 Commits

Author SHA1 Message Date
Joshua Kraitberg
634f148735 Added sysinv_unlock_host_timeout for VIM
The timeout for unlock host during VIM strategies was extended.  This
change will provided the matching puppet config update.

TEST PLAN
PASS: On NFV runtime, config is updated

Partial-Bug: https://bugs.launchpad.net/starlingx/+bug/2098767
Depends-On: https://review.opendev.org/c/starlingx/nfv/+/942119
Change-Id: I996429eb7e3d2a8aba5762357ae7ad2b6cd60270
Signed-off-by: Joshua Kraitberg <joshua.kraitberg@windriver.com>
2025-02-18 15:46:53 -05:00
Vanathi.Selvaraju
6eb001865e Modify VIM Activate puppet configuration
Puppet configuration for VIM Activate retry
is changed from 120 secs to 30 secs to be
inline with VIM repo configuration.

TEST PLAN
PASSED: Upgrade from 24.09 to 25.09 with activation
        retries.

Story: 2011045
Task: 51650

Change-Id: Ia4f502ab371217aac06f98df45485b4b717bccf8
Signed-off-by: Vanathi.Selvaraju <vanathi.selvaraju@windriver.com>
2025-02-05 15:53:51 -05:00
Zuul
7c155fecb2 Merge "Fix root path for NFV-VIM Web Server" 2025-01-16 17:23:17 +00:00
Joshua Kraitberg
2a97501d08 Added NFV-VIM timeouts to puppet configuration
These timeouts were missing on systems upgraded from previous releases.

The absence of these timeouts can cause issues because default timeouts
do not always work out.

TEST PLAN
PASS: Run platform::nfv::runtime manifest on already affected system
* configs are updated
PASS: AIO-SX patch upgrade
* Post patch audit triggers platform::nfv::runtime
PASS: AIO-SX major upgrade
* Unlock triggers config updates

Closes-Bug: 2093793
Change-Id: Ie13534f548987a119499203574cbd403551c92a6
Signed-off-by: Joshua Kraitberg <joshua.kraitberg@windriver.com>
2025-01-11 02:30:24 +00:00
Reynaldo P Gomes
8bf0fcb447 Fix root path for NFV-VIM Web Server
This commit updates the base path for the web server.

TEST PLAN:
PASS: NFV configuration file with correct root path.
PASS: NFV-VIM Web Server responds successfully.

Closes-Bug: 2091942

Change-Id: I4f677303c893f7aefe6d281911c3deafcba1c32b
Signed-off-by: Reynaldo P Gomes <Reynaldo.PatroneGomes@windriver.com>
2024-12-17 11:57:00 -03:00
Wallysson Silva
74f90fc674 Escape $ character in dc configuration files
This ensures password containing a $ symbol can be read by
oslo_config. oslo_config supports variable substitution [1] and to
avoid substitution is need to escape $ with $$.

[1]: https://docs.openstack.org/oslo.config/latest/configuration/format.html#substitution

Test Plan:
- PASS: bootstrap a system controller with keystone admin password
containing $, dc services should start

Closes-Bug: 2089783
Change-Id: Icdbfae04b663bb9373116ff4967d4d78f57625c6
Signed-off-by: Wallysson Silva <wallysson.silva@windriver.com>
2024-11-27 15:54:13 -03:00
mmachado
020cfa9d63 Remove sw-patch-agent.service from manifests
sw-patch-agent service is to be disabled and must be removed
from patching and keystone manifests.

Depends-On: https://review.opendev.org/c/starlingx/config/+/936143

Test-Plan:
PASS: AIO-SX upgrade using sw-manager strategy
PASS: AIO-DX System Controller upgrade using strategy
PASS: subcloud upgrade using dcmanager strategy

Story: 2010676
Task: 51386

Change-Id: I201de8f2f2f4f16ad2d01933881a61f3ad41af7c
Signed-off-by: mmachado <mmachado@windriver.com>
2024-11-25 09:11:22 -03:00
Victor Romano
9240927b58 Adjust certmon parameters for scalability
To reduce the time it takes to audit subclouds by certmon, the
number of subclouds that can be audited in parallel was increased
from 4 to 20 and the timeout to check if it's possible to establish
a connection was reduced from 10 to 5.

Test plan:
  - PASS: Lock/unlock a system controller with these changes and
    verify the config file was correctly updated and certmon is
    auditing subclouds successfully

Partial-bug: 2085540

Change-Id: I01be5a7b50598e6ba97878e71eb84f1472673deb
Signed-off-by: Victor Romano <victor.gluzromano@windriver.com>
2024-10-29 10:58:03 -03:00
Zuul
372d7509d9 Merge "Fix Puppet NFV Cinder version configuration" 2024-10-21 18:08:02 +00:00
marantes
b48469793e Fix Puppet NFV Cinder version configuration
In addition to the information shared at [1], the default Cinder
version configuration has been updated to version 3, replacing the
deprecated version 2.

[1] https://review.opendev.org/c/starlingx/config/+/932563

TEST PLAN:

PASS - build-pkgs -c -p puppet-nfv
PASS - build-image
PASS - AIO-SX fresh install
PASS - Upload/Apply stx-openstack
PASS - 'openstack endpoint list' showing cinderv3

Depends-On: https://review.opendev.org/c/starlingx/config/+/932563
Partial-Bug: 2084683

Change-Id: I9f7cb76b763df14af767dce8569aea23c711b391
Signed-off-by: marantes <murillo.arantes@windriver.com>
2024-10-21 12:22:52 -03:00
Steven Webster
d74a25a7e7 Use IP address over FQDN for dcmanager rabbit/db connections
In the past few months, _most_ StarlingX services have moved
from static IP addressing to FQDN resolution, in support of
the management network reconfig feature.

While doing DC scalability testing, it was found that a transient
domain resolution (controller.internal) issue was found after
adding approximately 250 subclouds to the system and involved
the rabbitmq/RPC subsystem.

The error message returned was similar to:

"OSError: failed to resolve broker hostname"

The rabbitmq/amqp library is calling a _connect() function,
which in turn calls the python socket getaddrinfo()

Multiple attemps were made to reproduce the scenario in a
non-scaled lab by stressing the getaddrinfo(), getting
dnsmasq up to ~40 CPU usage, but the same error was not
returned.

Testing was done on the DC scale lab by manually changing the
rabbit and DB config files and this confirmed that using the static
floating IP (avoiding domain name resolution all-together
resolved the issue)

It was decided to revert the FQDN aspect of the dcmanager
and dcorch modules for now, as the management network
reconfiguration feature would not even apply to an
AIO-DX system controller at this time.  This may be
re-evaluated in the future at which point a deeper dive
into the rabbit/RPC usage should be considered.

Testing:

- Install an AIO-DX system controller and install a subcloud.
  Ensure the subcloud is managed and online.
- Ensure the dcmanager.conf and dcorch.conf commands use an IP
  address in their transport_url and database connection
  parameters.

Depends-On: https://review.opendev.org/c/starlingx/config/+/932013

Story: 2010722
Task: 48447

Change-Id: Icd067441dd08321936eb03498ff65241fac0010e
2024-10-09 22:24:03 -04:00
Victor Romano
8834a1fff6 Change DC configs for scalability
To better adjust with scalability improvements, this commit:
- Increase the number of postgresql connections from 1500
  to 10k.
- Set a new rule for the number of dcmanager state and audit workers
  to be defined based on physical CPU cores and system memory. Both
  can now vary from 2 to 8 based on said parameters.
- Set a new rule for the number of dcorch engine workers to be
  defined based on physical CPU cores and system memory. It
  can now vary from 2 to 6 based on said parameters.

Note: Since system controller is not using keystone that much anymore
      a following commit can reduce the number of workers.

Test plan:
  - PASS: Unlock ostree with hotfix and apply the changes. Reboot the
          system and verify the config files were regenerated with
          correct parameters.

Story: 2011106
Task: 51016

Change-Id: I3a15283bd84af1e982187c848a4c1893e9d95c35
Signed-off-by: Victor Romano <victor.gluzromano@windriver.com>
2024-09-13 17:05:49 -03:00
Zuul
d11aedd651 Merge "Disable dcagent user creation on SystemController" 2024-08-09 19:31:06 +00:00
Zuul
20c09b3819 Merge "Bind USM proxy API to controller.local" 2024-08-08 19:49:07 +00:00
Victor Romano
699a149e70 Disable dcagent user creation on SystemController
It's not necessary to have the dcagent keystone user present on
system controller. Its presence can cause problems during upgrade
as it would be necessary for the dcagent user in the subcloud to
have the same password as system controller upon creation (before
dcdbsync synching upon managing the subcloud).

Test plan:
  - PASS: Build a developer ISO. Deploy a DC system with 2 system
          controllers and 1 subcloud. Verify the dcagent user is
          created only on the subcloud.
  - PASS: Manage the subcloud and verify the dcagent service is
          working as expected.
  - PASS: Perform a network reconfiguration on the subcloud. Verify
          the operation finishes successfully.

Story: 2011106
Task: 50747

Change-Id: I13deb83f2e8b602fd8d733b999cf579d4db05034
Signed-off-by: Victor Romano <victor.gluzromano@windriver.com>
2024-08-08 16:02:45 -03:00
Victor Romano
2a8fcfc54b Add necessary information to build puppet-dcagent
The commit [1] that introduced puppet-dcagent did not include any
information to build the package and include it in the ISO. This
commit fixes this by including the entries in debian_pkg_dirs and
debian_iso_image.inc.

Test plan:
  - PASS: Build an ISO and verify the puppet-dcagent is indeed present
  - PASS: Deploy a full DC system with AIO-DX system controller and
          an AIO-SX subcloud and verify the systems are operational
          after completion.
  - PASS: Deploy a normal AIO-SX and verify the system is operational
          after completion.

[1]: https://review.opendev.org/c/starlingx/stx-puppet/+/923696

Story: 2011106
Task: 50687

Change-Id: I172128ade009bd334af13d773b16d5c35db1fd21
Signed-off-by: Victor Romano <victor.gluzromano@windriver.com>
2024-07-29 12:01:44 -03:00
Bin Qian
bca62dc3ea Bind USM proxy API to controller.local
With [1], bind the new USM proxy API service for SystemController region
to controller.local.

TCs:
    see TCs in [1]

[1] https://review.opendev.org/c/starlingx/distcloud/+/924969

Change-Id: I4ce7dd5a2ef3c875ed87a583bceb82ba51188c84
Signed-off-by: Bin Qian <Bin.Qian@windriver.com>
2024-07-28 01:50:17 +00:00
Victor Romano
f3cc3522b6 Add puppet-dcagent module and implementation
This commit adds a new module puppet-dcagent and make the necessary
changes to implement it.

The dcagent ports are:
 Internal API port:  8325
 Admin API port:     8326

Notes:
  - Since this new service will be used internally by dcmanager and
    dcorch only, no public port was created.
  - The sysinv change in [1] is used to enable this puppet code, so
    testing was done with it applied as well.

[1]: https://review.opendev.org/c/starlingx/config/+/923697

Test plan:
  - PASS: Bootstrap and unlock a subcloud. Verify that the endpoints
          were correctly configured, the dcagent.conf file has all
          necessary information and haproxy.conf includes the
          dcagent entry.
  - PASS: Launch the service and verify dcmanager can audit the
          subcloud with dcagent.
  - PASS: Bootstrap and unlock a system controller. Verify the
          Keystone user and service for dcagent were created without
          creating any endpoints.
  - PASS: Run 'sm-restart service dcagent-api' and verify the dcagent
          was correctly restarted and service is working as expected.
  - PASS: Induce a failure in dcagent code. Verify sm correctly
          restarts the service until the failure is corrected.

Depends-On: https://review.opendev.org/c/starlingx/distcloud/+/923752
Depends-On: https://review.opendev.org/c/starlingx/ha/+/923698

Story: 2011106
Task: 50561

Change-Id: Ie851b9926159702d5a72daa0aa015330f8b11664
Signed-off-by: Victor Romano <victor.gluzromano@windriver.com>
2024-07-25 16:17:37 -03:00
Scott Little
b3144d026c Remove CentOS/OpenSUSE build support
StarlingX stopped supporting CentOS builds in the after release 7.0.
This update will strip CentOS from our code base.  It will also remove
references to the failed OpenSUSE feature as well.

Story: 2011110
Task: 49961
Change-Id: Ibdaf1d43ab35382bd4d2b34ae9737a01b8ef9a5d
Signed-off-by: Scott Little <scott.little@windriver.com>
2024-04-26 14:16:56 -04:00
Zuul
aae3c5ad5e Merge "Revert "Add use_usm parameter to dcorch.conf"" 2024-03-13 14:44:37 +00:00
Zuul
8f4a787df0 Merge "Revert "Add use_usm parameters to dcmanager.conf"" 2024-02-29 17:16:12 +00:00
Hugo Nicodemos
749e901458 Revert "Add use_usm parameter to dcorch.conf"
This reverts commit 58cd7e1117782a9095186e1f7590715e8f174a85.

Reason for revert: The use_usm parameter is no longer needed; we have a new CLI command to execute USM.

Change-Id: I69e7962bca988d268b6cad508d495cbfa8833d86
2024-02-16 17:04:06 +00:00
Hugo Nicodemos
699db35a26 Revert "Add use_usm parameters to dcmanager.conf"
This reverts commit 0b3a11890aabe82e2d63757a36540fd202dfe103.

Reason for revert: The use_usm parameter is no longer needed; we have a new CLI command to execute USM.

Change-Id: I622b404340acb2f817b7f437cfbc2f6fcecacd00
2024-02-16 17:03:47 +00:00
rakshith mr
f44f40e7c6 Configure kubernetes cluster health periodic audit interval
This configures the sysinv config parameter for kubernetes
cluster health periodic audit interval.

Story: 2011037
Task: 49536

Change-Id: I5adee584e83a86787eb73a852fc0deac8cf29f34
Signed-off-by: rakshith mr <rakshith.mr@windriver.com>
2024-02-09 10:27:50 -05:00
Zuul
75b0b669f0 Merge "Remove rabbitmq dependencies from sysinv puppet" 2023-09-12 14:51:47 +00:00
Zuul
545f251d3e Merge "Update haproxy config to include keystone request retry." 2023-09-11 19:30:49 +00:00
Bezerra Filho, Moacir
86c4ab043b Update haproxy config to include keystone request retry.
- Add keywork retry_on in haproxy::backend
- Add values retry_on in keystone.pp
- Modified keystone_http_connect_timeout 10 to 15 in api.pp, api_proxy.pp, certalarm.pp and certmon.pp

this workaround solves:
- DC Scale | RR Patch Orchestration fails as it cannot retrieve patches for subcloud after the apply
- DC Patch - Parallel patch orchestration fails to establish connection to MGMT interface of subclouds
- Patch orchestration fail due to transient keystone errors

Test plan:
1. (PASSED) Patch Creation:
    - Construct a "reboot required" RR patch that encompasses the specified changes.
    - Generate an "in-service test" NRR patch.

2. (PASSED) Initial Setup:
    - Commission a DC system with over 500 subclouds.
    - Assert that the patch encompassing the fix is applied successfully on the DC.

3. (PASSED) Strategy Creation and RR Patch Deployment (Max 250 Subclouds):
    - Created a RR patch strategy with max_parallel_subclouds set to 250
    - Checked that the RR patch strategy is applied to all subclouds successfully.
    - Repeat this process in more 250 subclouds
    - Checked that the patch strategy is applied to all subclouds successfully.

4. (PASSED) Strategy Alteration and NRR Patch Deployment (Max 500 Subclouds):
    - Eliminate the existing patch strategy.
    - Initiate a NRR patch strategy, adjusting the max_parallel_subclouds parameter to 500.
    - Checked that the "in-service test" NRR patch is successfully applied across all subclouds and that no linked issues arise.

Closes-Bug: #2025646
Change-Id: I95e9c8f3cd904d7f637da2ea69a83fd7fa5f03a1
Signed-off-by: Bezerra Filho, Moacir <Moacir.BezerraFilho@windriver.com>
2023-09-08 13:13:07 +00:00
Samuel Toledo
3d5b46834a Remove rabbitmq dependencies from sysinv puppet
Continuing the efforts from [1], this review consists in removing all
dependencies related to amqp classes as well as initializations for
rabbitmq variables. This removal can be done because sysinv does not
use rabbitmq.

Test plan
PASS - Perform fresh install and bootstrap in an AIO-SX successfully
PASS - Perform fresh install and bootstrap in an AIO-DX successfully
PASS - Run any system command successfully (system host-list, system application-list, etc)

Story: 2010802
Task: 48578

[1] - https://storyboard.openstack.org/#!/story/2010802

Change-Id: I5da60b97ac8808d95d5b76ade065ea521e62e251
Signed-off-by: Samuel Toledo <samuel.presatoledo@windriver.com>
2023-08-31 19:43:12 +00:00
Christopher Souza
58cd7e1117 Add use_usm parameter to dcorch.conf
Add use_usm parameter to /etc/dcorch/dcorch.conf to be used
in a switch to choose between the usm and patching api. Once the usm
is fully integrated, this parameter will be removed.

Test Case:
Apply the change and restart the system controller and
ensure use_usm parameter is in /etc/dcorch/dcorch.conf

Story: 2010676
Task: 48610

Change-Id: I9ff6e3a7c5eaef81e0d6c9ca7529fe4c278275bc
Signed-off-by: Christopher Souza <Christopher.DeOliveiraSouza@windriver.com>
2023-08-22 17:49:51 +00:00
Zuul
0cd4024311 Merge "Add use_usm parameters to dcmanager.conf" 2023-08-02 18:56:40 +00:00
Christopher Souza
0b3a11890a Add use_usm parameters to dcmanager.conf
Add use_usm parameter to /etc/dcmanager/dcmanager.conf to be used
in a switch to choose between the usm and patching/sysinv api. Once the usm is fully integrated, this parameter will be removed.

Test Case:
Apply the change and restart the system controller and
ensure use_usm parameter is in /etc/dcmanager/dcmanager.conf

Story: 2010676
Task: 48530

Change-Id: I3cda0617c5b38edc82668d7f508e9f4876640bc7
Signed-off-by: Christopher Souza <Christopher.DeOliveiraSouza@windriver.com>
2023-08-02 13:08:07 +00:00
Al Bailey
b9a8e959bf Adding puppet-usm module
Unified Software Management (USM) needs a puppet module
to setup its authenticated endpoints, ports, etc..

The puppet-usm is not explicitly added to the ISO.
It gets pulled in through the puppet-manifests dependency.

Note: this follows the same algorithm and code paths that
are used for setting up patching through puppet.

The USM ports are:
 API port (private): 5493
 Controller port:    5494
 Agent port:         5495
 API port (auth):    5497
 Admin port (auth):  5498

Default URLS: (pre bootstrap these are not in keystone)
 Private URL http://127.0.0.1:5497/v1
 Public  URL http://127.0.0.1:15497/v1
 Admin   URL http://127.0.0.1:5497/v1

After bootstrap (DC mode) endpoints look like
 SystemController internal  http://192.168.204.2:25497/
 SystemController public    http://10.10.10.2:25497/
 SystemController admin     https://192.168.204.2:25498/

 RegionOne internal  http://192.168.204.2:5497
 RegionOne public    http://10.10.10.2:15497
 RegionOne admin     https://192.168.204.2:5498

Note: a sysinv change enables this puppet code and testing
was also done with that code.

Test Plan:
  PASS: Build/bootstrap/unlock AIO-SX
  PASS: Build/bootstrap/unlock STD (2 controllers)

Story: 2010676
Task: 48408
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: I263c4ca135ac9b8bf4383b74dd44754c043b7802
2023-07-20 15:45:19 +00:00
Luis Marquitti
2156f6e8e4 Remove deprecated parameter on puppet dc modules
During bootstrap of a DC system, the following warning was given:
"The password_hash parameter was deprecated and will be removed"
To solve this, 'password_hash' parameter was changed to 'password'
according to instructions on the deprecation notes:
https://docs.openstack.org/releasenotes/puppet-openstacklib/
victoria.html#deprecation-notes

Test Plan:
PASS: Build & Install
PASS: DC Successful Bootstrap
PASS: DC Successful Unlock
PASS: Verified that "The password_hash parameter was deprecated and will
be removed" warning was no longer present on puppet.log

Story: 2010757
Task: 48331
Change-Id: I4333ec880b69fa4aa82df0b1dbc3c19bcc860218
Signed-off-by: Luis Marquitti <luis.eduardoangelinimarquitti@windriver.com>
2023-07-06 11:41:05 -03:00
Thales Elero Cervi
6e4f3df557 Handle sysinv dpdk_elf_file configuration
As part of Debian migration, the sysinv procedure to check DPDK
compatibility for each host interface was also updated in order to make
it customizable in case one would like to use other virtual switch than
the delivered OVS with DPDK support [1].

For other virtual switches, that might or not rely on DPDK, the ELF
target that sysinv uses to verify interfaces compatibility must be
customizable and the query_pci_id script is already able to use custom
values [2].

This change adds to puppet the system configuration that will write, if
defined, the correct value for the ELF path. This platform parameter can
be overridden on the hiera data so puppet will update sysinv.conf
accordingly.
For now, when deploying StarlingX with vswitch_type=ovs-dpdk we will
override it to the query_pci_id script default value (i.e., the
/usr/sbin/ovs-vswitchd ELF) using the respective sysinv puppet module
and let it as an example for anyone that is later using a different
vswitch which requires this customization [3].

[1] https://review.opendev.org/c/starlingx/config/+/872979
[2] 2cd0b1e14a/sysinv/sysinv/sysinv/scripts/query_pci_id (L34)
[3] https://review.opendev.org/c/starlingx/config/+/887106

Test Plan:
PASS - Build puppet-manifest package
PASS - Build a custom stx ISO with the new package
PASS - Bootstrap AIO-SX virtual system (vswitch_type=none)
       and ensure the hiera data was not modified neither
       sysinv.conf was updated
PASS - Bootstrap AIO-SX virtual system (vswitch_type=ovs-dpdk)*
       and ensure the hiera data was modified correctly and
       sysinv.conf was updated accordingly
* A successful complete installation with ovs-dpdk is still blocked by
a bug that will be solved soon:
https://bugs.launchpad.net/starlingx/+bug/2008124

Story: 2010317
Task: 46389

Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: Iaf31d3b5e2fc03b4783473e4329a780a516a9d43
2023-06-30 10:03:43 -03:00
Luan Nunes Utimura
c365ae5f8a Disable guest plugin loading in VIM
Following the work previously done in [1] and [2] to deactivate
guest-related services in VIM, since they were no longer being utilized
and causing coredump issues in the platform, this commit changes the
default value for the `guest_plugin_disable` config variable so
that Puppet won't reinforce the guest plugin loading in VIM.

As reported in [3], loading this plugin while having some of its
services deactivated (or functionalities removed) has proven to be
a problem when stx-openstack is applied, as both nova-compute service
and hypervisor are caught in an enable/disable loop indefinitely after
the first host lock/unlock with the application applied.

[1] https://review.opendev.org/c/starlingx/nfv/+/869817
[2] https://review.opendev.org/c/starlingx/nfv/+/870538
[3] https://bugs.launchpad.net/starlingx/+bug/2015088

Test Plan (on AIO-SX):
PASS - Build puppet-nfv package
PASS - Build and install ISO
PASS - Upload and apply stx-openstack
PASS - Verify that the `guest_plugin_disable` configuration variable
       remains `True` after the application is applied:
       $ grep 'guest_plugin_disable' /etc/nfv/vim/config.ini
PASS - Lock and unlock controller-0
PASS - Verify that both nova-compute service and hypervisor are no
       longer intermittent after the unlock

Closes-Bug: 2015088

Signed-off-by: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>
Change-Id: Iaebc8cc37eabe7b2b685622a5772544b4bce21dc
2023-04-05 08:31:49 -03:00
Manoel Benedito Neto
9776ab519c Update debian packages for pkg-versioning
The Debian packaging meta_data file has been changed to reflect all the
latest git commits under the directory, pointed as usable, and to
improve pkg-versioning addressing the first commit as start point to
build packages.

This ensures that any new code submissions under those
directories will increment the versions.

The commit SHA 7b680ed0cf was choosen to be the SRC_BASE_SRCREV of the
puppet-sshd's metadata because is the commit that creates the debian
directory with build files structure.

Test Plan:
PASS: Verify package versions are updated as expected.
PASS: build-pkgs -c -p puppet-sshd

Story: 2010550
Task: 47500

Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
Change-Id: If7e46fc983b33dceb10ea1b2023f1b55aa95f96e
2023-03-07 16:42:01 -03:00
Al Bailey
1163f00050 Update puppet debian package ver based on git
Update debian package versions to use git commits for:
 - puppet-dcdbsync  (1.0.0-1.stx.1 -> 1.0.0-1.stx.2)
 - puppet-dcmanager (1.0.0-1.stx.1 -> 1.0.0-1.stx.4)
 - puppet-dcorch    (1.0.0-1.stx.1 -> 1.0.0-1.stx.5)
 - puppet-fm        (1.0.0-1.stx.1 -> 1.0.0-1.stx.5)
 - puppet-manifests (1.0.0-1.stx.5 -> 1.0.0-1.stx.477)
 - puppet-mtce      (1.0.0-1.stx.1 -> 1.0.0-1.stx.2)
 - puppet-nfv       (1.0.0-1.stx.1 -> 1.0.0-1.stx.2)
 - puppet-patching  (1.0.0-1.stx.0 -> 1.0.0-1.stx.2)
 - puppet-smapi     (1.0.0-1.stx.1 -> 1.0.0-1.stx.2)
 - puppet-sshd      (1.0.0-1.stx.1 -> 1.0.0-1.stx.2)
 - puppet-sysinv    (1.0.0-1.stx.1 -> 1.0.0-1.stx.17)

The Debian packaging has been changed to reflect all the
git commits under the directory, and not just the commits
to the metadata folder.

This ensures that any new code submissions under those
directories will increment the versions.

Test Plan:
  PASS: build-pkgs -p puppet-dcdbsync
  PASS: build-pkgs -p puppet-dcmanager
  PASS: build-pkgs -p puppet-dcorch
  PASS: build-pkgs -p puppet-fm
  PASS: build-pkgs -p puppet-manifests
  PASS: build-pkgs -p puppet-mtce
  PASS: build-pkgs -p puppet-nfv
  PASS: build-pkgs -p puppet-patching
  PASS: build-pkgs -p puppet-smapi
  PASS: build-pkgs -p puppet-sshd
  PASS: build-pkgs -p puppet-sysinv

Story: 2010550
Task: 47411
Task: 47412
Task: 47413
Task: 47414
Task: 47415
Task: 47416
Task: 47417
Task: 47418
Task: 47419

Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: Ie1606578e127cb39cc06506e11c5ba2d6a4c452c
2023-02-22 22:21:16 +00:00
Zuul
7737d05a21 Merge "Fix vim endpoint issue after an upgrade" 2023-01-04 15:27:19 +00:00
Al Bailey
3aed7448ab Update tox.ini to work with tox 4
This change will allow this repo to pass zuul now
that this has merged:
https://review.opendev.org/c/zuul/zuul-jobs/+/866943

Tox 4 deprecated whitelist_externals.
Replace whitelist_externals with allowlist_externals

Partial-Bug: #2000399

Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: I947f803712bd0dd482f9c35ba0a959f053584577
2022-12-27 01:28:45 +00:00
Marcelo de Castro Loebens
35d1a181ad Fix vim endpoint issue after an upgrade
Fixed a issue for Distributed Cloud where a new endpoint was being
created for vim instead of updated, mantaining the old http openstack
keystone endpoint in SystemController.

Test Plan:
PASS: On a DC environment, list endpoints for OpenStack. Enable https.
      Wait for puppet to apply the changes (might take a few minutes).
      Observe that vim's public endpoint for SystemController
      successfully changes from http to https, and no other public
      http endpoint for vim is mantained for SystemController region.
PASS: After running above test, disable https. Wait for puppet to
      apply the changes. Observe that vim's public endpoint for
      SystemController successfully changes from https to http, and
      no other public https endpoint for vim is
      mantained for SystemController region.
PASS: On a DC environment, list endpoints for OpenStack. Obtain
      keystone token from Identity API. Use it to make requests for vim
      newly created endpoints (admin and internal). The behavior should
      be consistent with StarlingX API reference for NFV VIM.

Closes-Bug: 1995951
Change-Id: I56f0c196c884ed40dbf2128598dd600fc413fed3
Signed-off-by: Marcelo de Castro Loebens <Marcelo.DeCastroLoebens@windriver.com>
2022-12-20 11:10:55 -04:00
Zuul
3c3f173bf7 Merge "Revert "Fix vim endpoint issue when https is enabled in DC"" 2022-12-09 19:13:40 +00:00
Marcelo de Castro Loebens
cf9ba345df Revert "Fix vim endpoint issue when https is enabled in DC"
This reverts commit ee095297f750d400d5013d2a6c8f9f7980b321c1.

Reason for revert: There was a side effect on environments 
after upgrades that caused the creation of wrongly configured
endpoints. In this scenario, no HTTPS endpoint would be 
created for Vim on SystemController, which is worse than 
previous behavior.

Depends-on: https://review.opendev.org/c/starlingx/config/+/867028

Change-Id: I1da34f647bbc403280f8d2d771b9fb27b39b7357
Signed-off-by: Marcelo de Castro Loebens <Marcelo.DeCastroLoebens@windriver.com>
2022-12-09 17:57:26 +00:00
Li Zhu
44d6185c48 Simplify sysinv password runtime for rehoming
This runtime is supposed to be only used for changing password in
/etc/sysinv/api-paste.ini, /etc/sysinv/sysinv.conf,
/etc/sysinv/cert-mon.conf and /etc/sysinv/cert-alarm.conf.

Test plan:
Passed - rehoming test for DX subcloud without host swact

Story: 2010230
Task: 46945

Signed-off-by: Li Zhu <li.zhu@windriver.com>
Change-Id: I7686c8e8e10f236b581b07cc0f33089ef3b2c7d8
2022-11-28 21:21:10 +00:00
Bruno Costa
098f6ce5ca Modify the audit interval of upgrade status to 180 seconds
The audit_upgrade_status method verifies if there is a system upgrade
running. If so, it takes actions based on its state. Note that the
system stays in each state for a long time but the periodicity of this
audit is 60 seconds, causing unecessary executions during each state.

After a research, we noticed that the appropriate time interval
for this audit is to be executed between 180 seconds interval. This
interval was choosen because upgrades are not frequenty done on the
system and they already take time to be executed.

This commit is a continuation of the study started at task 45616.

TEST PLAN:
PASS: rebuild the whole system into a fresh new ISO. Install,
bootstrap, and unlock it into a system with no crashes.
PASS: AIO-SX: verify that this audit and also all other audits are
being called during their periods. This process was done analyzing the
sysinv debug logs inside the system. From it, its possible to verify
all the audits being called.
PASS: follow the sysinv logs seeking for errors. No error was found.
PASS: AIO-SX: perform a system upgrade with this new interval.
PASS: AIO-DX: failed to perform a system upgrade with this new interval
(was expected to fail).

Story: 2010087
Task: 46000

Signed-off-by: Bruno Costa <bruno.costa@windriver.com>
Change-Id: Ia9b1b83face84e60c879fffb420e51a666a7c40c
2022-11-22 20:02:27 +00:00
Zuul
62be1718a8 Merge "Add sysinv ZeroMQ RPC backend configuration" 2022-11-17 15:51:24 +00:00
Alyson Deives Pereira
30482fc492 Add sysinv ZeroMQ RPC backend configuration
Add configuration variables for sysinv ZeroMQ-based RPC backend:
https://review.opendev.org/c/starlingx/config/+/859571

TEST PLAN:
PASS: Bootstrap and host-unlock on AIO-SX, AIO-DX, and Standard
PASS: Bootstrap and host-unlock on DC system-controller and subcloud
PASS: Backup & Restore on AIO-SX

Story: 2010087
Task: 46445

Signed-off-by: Alyson Deives Pereira <alyson.deivespereira@windriver.com>
Change-Id: Ibe1816df571aafe9813b99deea833cca99370cd2
2022-11-11 15:28:16 +00:00
Marcelo de Castro Loebens
ee095297f7 Fix vim endpoint issue when https is enabled in DC
Fixed a issue for Distributed Cloud where a new endpoint was being
created for vim instead of updated, mantaining the old http openstack
keystone endpoint in SystemController.

Test Plan:
PASS: On a DC environment, list endpoints for OpenStack. Enable https.
      Wait for puppet to apply the changes( might take a few minutes).
      Observe that vim's public endpoint for SystemController
      successfully changes from http to https, and no other public
      http endpoint for vim is mantained for SystemController region.
PASS: After running above test, disable https. Wait for puppet to
      apply the changes. Observe that vim's public endpoint for
      SystemController successfully changes from https to http, and
      no other public https endpoint for vim is
      mantained for SystemController region.
PASS: On a DC environment, list endpoints for OpenStack. Obtain
      keystone token from Identity API. Use it to make requests for vim
      newly created endpoints (admin and internal). The behavior should
      be consistent with StarlingX API reference for NFV VIM.

Closes-Bug: 1995951
Change-Id: I425e802c6c13f8e791579d7ce88c9c9bb2b13864
Signed-off-by: Marcelo de Castro Loebens <Marcelo.DeCastroLoebens@windriver.com>
2022-11-11 10:37:21 -04:00
Zuul
60c5be268b Merge "Modify _audit_device_image_update interval" 2022-09-13 12:52:08 +00:00
Zuul
573dbeb168 Merge "Modify _audit_kubernetes_labels interval" 2022-09-13 12:52:02 +00:00
Zuul
47574ccdc2 Merge "Modify kubernetes_local_secrets_audit interval" 2022-09-13 12:51:51 +00:00