This update introduces support for application dependencies on
specified software patches. This allows sysinv to query patch states
and to report application dependencies, to block removal of required
patches.
APIs introduced:
is_applied: Provide a list of patch IDs. Returns True if ALL patches
are in Applied (fully applied/installed) state, False if any are
not.
report_app_dependencies: Provide an app name-version string and list
of patches.
* Apps are dropped by reporting app name with no patch list / empty
list.
* Triggers sync with patch-controller neighbour (ie. standby
controller)
query_app_dependencies: Query for dict of app => patch list, for all
reported apps.
On patch removal, the patch-controller checks to see if the patch
being removed is required by any applications. Reject the removal,
if so.
* Provide backdoor --skipappcheck option to skip this dependency
check.
Change-Id: I6b0dcf3c88312677a95c7eb860cb3b30779554d0
Story: 2005248
Task: 30318
Signed-off-by: Don Penney <don.penney@windriver.com>
There were several example patch templates that demonstrated
how to patch some of the openstack processes.
Most of those openstack processes have been removed from bare
metal, so these scripts have been updated or removed.
Story: 2004764
Task: 30343
Change-Id: Ie6339d9f2dbf12e7d1a2b689676cca866b844a83
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
If a user attempts to generate a patch without specifying
any packages, raise an exception to avoid malformed patches.
Additionally, very small files (like a patch with no packages)
appear to be handled differently by the API handler, passing
a cStringIO object for small files and a file object for files
that are about 1K or larger. For robustness, the upload
handler is updated to do a hasattr('fileno') check in order
to protect against an unhandled exception for small files.
Change-Id: Ie1e730a183a27850ba8567f31aea603459b59d45
Closes-Bug: 1803022
Signed-off-by: Don Penney <don.penney@windriver.com>
The sw-patch init script is called by the 'sw-patch install-local'
command with a restart option to trigger the patch-agent to
install patches, as there is no communications between the
patch-agent and patch-controller at this point. However, the
init script was not checking for failures reported by the
patch-agent when it tries to install patches.
In the case of #1819496, the lighttpd server was not running,
due to a temporary config change at the time. As a result, the
patch-agent was unable to communicate with the patching repo,
and failed to install the patch. Because the init script was
not checking for failures, the failure went unreported to the user.
This update adds checks to the sw-patch init script, in order
to report the failure back to the user.
Change-Id: Id8d69bef3a5c6c2f81d56f4b26752d084f9a7ff2
Closes-Bug: 1819496
Signed-off-by: Don Penney <don.penney@windriver.com>
The wsgiref.simple_server is used by patching for handling
API requests. When uploading files, the server opens a file
handle for the temporary resource, but does not close it.
Instead, it's left to periodic garbage collection to free the
resources. Until garbage collection, however, this means
disk space is still in use for the deleted temporary file,
as the handle is left open.
This update adds a call to gc.collect() after the call
to simple_server.handle_request() to immediately free all
unused resources.
Change-Id: Ie39213dad540448cede46cc8e580d31582419dcc
Closes-Bug: 1797977
Signed-off-by: Don Penney <don.penney@windriver.com>
Use network-online.target rather than network.target for
patching services dependencies. This is to ensure that
all interfaces, such as LAG for example, are up before
the patch services attempt any communications to esnure
there are no unrecoverable disruptions.
Change-Id: I7a20e6faaa6c9fffee0636cc5cb474b98dc88253
Closes-Bug: 1798093
Signed-off-by: Don Penney <don.penney@windriver.com>
This unsuppresses the flake8 check
H301 more than one import per line
This has no functional change.
It just enables the check and fixes the imports
Story: 2004515
Task: 29377
Change-Id: I15e13703949c5dfe27ff6f68be5dfcf467ffbe80
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
Add http_port to tsconfig and update patch URL
Story: 2004642
Task: 29263
Depends-On: https://review.openstack.org/#/c/634237/
Change-Id: Ic34a66ae90d345b16922fa6031631dfb04f67afa
Signed-off-by: Tao Liu <tao.liu@windriver.com>
Replace patch compute references to to worker.
Replace the compute configuration flags in tsconfig.
Tests Performed:
Non-containerized deployment
AIO-SX: Sanity and Nightly automated test suite
AIO-DX: Sanity and Nightly automated test suite
2+2 System: Sanity and Nightly automated test suite
2+2 System: Horizon Patch Orchestration
Kubernetes deployment:
AIO-SX: Create, delete, reboot and rebuild instances
2+2+2 System: worker nodes are unlock enable and no alarms
patch_build.sh with the following options:
'--worker', '--worker-lowlatency",
'--controller-worker'
'--controller-worker-lowlatency'
Story: 2004022
Task: 27013
Depends-On: https://review.openstack.org/#/c/624452/
Change-Id: If6f7bb6a73db54203941a9657f9152453d270e86
Signed-off-by: Tao Liu <tao.liu@windriver.com>
A prior update config for python2/3 compatibility resulted
in config values being set as unicode rather than strings. This
ended up breaking patching on IPv6 systems, as the lib,
if_nametoindex function used by patching in configuration of its
multicast addresses does not properly handle unicode.
As a result, the patching daemons were unable to communicate with
each other.
This update to tsconfig/config casts the values as str() to
restore it to the previous behaviour.
Closes-Bug:1800195
Change-Id: Ie7ac29728e81d2e5fcb80cde34d723c1480566d0
Signed-off-by: Sun Austin <austin.sun@intel.com>
This update adds hooks to the spec files for the following packages
to generate wheels for the python modules:
- cgcs-patch
- patch-alarm
- requests-toolbelt
- tsconfig
Change-Id: Ibdae0a338a1af493ac522757b61bbd6df1da941e
Story: 2003907
Task: 27529
Signed-off-by: Don Penney <don.penney@windriver.com>
Fix below errors
E128 continuation line under-indented for visual indent
E305 expected 2 blank lines after class or function definition, found 1
E502 the backslash is redundant between brackets
E722 do not use bare except'
E741 ambiguous variable name 'xxxxx'
E999 SyntaxError: invalid token
Change-Id: Ic826a70aed2cda984cbafedae154c4812bfa37b5
Story: 2003429
Task: 24624
Signed-off-by: Sun Austin <austin.sun@intel.com>
Use io.StringIO to replace StringIO.StringIO, and use unicode as StringIO()
can only handle unicode strings.
Story: 2003429
Task: 24618
Change-Id: Ie2ced7bba00d11b1698422cbe495abc0fbab7637
Signed-off-by: chenyan <yan.chen@intel.com>
Signed-off-by: Sun Austin <austin.sun@intel.com>
Use flake8 to replace pep8 because pep8 is invalid from the log.
enable pep8/flake8 voting and suppress flake8 Errors(fix later)
Story: 2003429
Task: 24623
Change-Id: I79e9def77dc0c8ce74403d4ba846b35ae5aa487b
Signed-off-by: chenyan <yan.chen@intel.com>
Signed-off-by: Sun Austin <austin.sun@intel.com>
For Python 3.0, "oldoctinteger" isn't supported already, and an exception
will be raised if a literal has a leading "0" and a second character
which is a digit.
Change-Id: I1cb8abda9a59fb68b066cddcc4cb394fa56060aa
Story: 2003433
Task: 25734
Signed-off-by: zhangyangyang <zhangyangyang@unionpay.com>
This reverts commit 2d1e3b7981.
This update causes an import failure for the sw-patch CLI command,
as the "builtins" module is not currently part of the load.
Change-Id: I9f71f001dd36ccd769b888fbf45cba105e7bcde2
Closes-bug: 1790166
This update adds pylint to tox and zuul for stx-updates and resolves
most warnings and errors, with some disabled for future resolution.
Change-Id: Ic853202e4793bf89d687b50cbd740d364db85189
Story: 2003371
Task: 24832
Signed-off-by: Don Penney <don.penney@windriver.com>
This update addresses existing bashate and pep8 warnings in
cgcs-patch, patch-alarm, and tsconfig. The bulk of these updates
are style and spacing changes, such as whitespace style conventions.
Story: 2003371
Task: 24433
Change-Id: I44b26d24788907bac0730a952d70ed4bafb87d90
Signed-off-by: Don Penney <don.penney@windriver.com>
A Day One bug in the patching apply/remove semantic checks around the
required patches means the specified list of patches can be truncated
in certain scenarios. A local variable used in a for-loop iteration
has the same name as another local variable in a slightly broader scope,
causing the broader scoped variable to be overwritten in certain
scenarios.
The APIs have semantics that are intended to do the following checks:
- From every patch in the arg list, build up a list of required patches.
- if a required patch is in the arg list, it doesn't get added to the
"required patches" dict, since it's being operated on
- Loop over the required patches dict, checking the states
- This is where the bug exists, as the loop inadvertently overwrites
the patch list
So the following scenarios will work fine and not have an issue:
- No patches are applied on the system, all patches being applied in one
command. The required patches dict is empty, because all patches are
in the argument list, so the patch list does not get corrupted.
- Patches are applied one by one on the system. The patch list gets
overwritten, but it's overwritten with the same single patch.
The following scenario runs into problems:
- Some patches applied on the system. Two or more patches, at least one
of which has dependencies, and dependency lists are not complete lists
of all previous patches. The patch list is corrupted with a partial
list of patches, and not all specified patches end up getting applied.
Story: 2002859
Task: 22808
Change-Id: I09ce3af9ede39f163a3ddd1fc64fc154716d1d60
Signed-off-by: Don Penney <don.penney@windriver.com>
Signed-off-by: Jack Ding <jack.ding@windriver.com>
Part of the project to remove cgcs references.
Replace and shorten the path the needlessly long and
complex "addons/wr-cgcs/layers/cgcs" path with just "stx".
This update just fixes up paths found in scripts, comments
and config files.
Depends-On: https://review.openstack.org/579954
Depends-On: https://review.openstack.org/579957
Depends-On: https://review.openstack.org/580170
Change-Id: I1c8f022bcf3e7eaca88c19c902484ef79811a07b
Signed-off-by: Scott Little <scott.little@windriver.com>
Problem: modify_patch.sh was signature unaware.
When it was used to promote a patch to 'rel' status,
it would be re-assembled with a 'dev' signing key,
regardless of which key was used to sign the original
patch.
Solution: Make modify_patch.sh aware of signatures,
and force it to try and use the same signature as was
already in use. This may require it to submit the patch
to the signing server. If signing failes, the overall
patch modification will fail.
Change-Id: I5319062b910259f4eaff3df1504216f09536c84e
Signed-off-by: Scott Little <scott.little@windriver.com>
Zuul