Merge "Merge remote-tracking branch 'gerrit/master' into f/centos76" into f/centos76

This commit is contained in:
Zuul 2018-12-20 20:41:03 +00:00 committed by Gerrit Code Review
commit 2141fc213e
29 changed files with 341 additions and 284 deletions

View File

@ -1,2 +1,2 @@
SRC_DIR="files" SRC_DIR="files"
TIS_PATCH_VER=1 TIS_PATCH_VER=2

View File

@ -27,10 +27,11 @@ package StarlingX configuration files of dhcp to system folder.
%{__install} -d %{buildroot}%{dhcpconfdir} %{__install} -d %{buildroot}%{dhcpconfdir}
%{__install} -p -m 0755 dhclient-enter-hooks %{buildroot}%{dhcpconfdir}/dhclient-enter-hooks %{__install} -p -m 0755 dhclient-enter-hooks %{buildroot}%{dhcpconfdir}/dhclient-enter-hooks
%{__install} -p -m 0644 dhclient.conf %{buildroot}%{dhcpconfdir}/dhclient.conf %{__install} -p -m 0644 dhclient.conf %{buildroot}%{dhcpconfdir}/dhclient.conf
ln -s %{dhcpconfdir}/dhclient-enter-hooks %{buildroot}%{_sysconfdir}/dhclient-enter-hooks
%post %post
%files %files
%config(noreplace) %{dhcpconfdir}/dhclient.conf %config(noreplace) %{dhcpconfdir}/dhclient.conf
%{dhcpconfdir}/dhclient-enter-hooks %{dhcpconfdir}/dhclient-enter-hooks
%{_sysconfdir}/dhclient-enter-hooks

View File

@ -11,36 +11,30 @@ diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index 14da097..904e3ad 100644 index 14da097..904e3ad 100644
--- a/SPECS/dhcp.spec --- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec +++ b/SPECS/dhcp.spec
@@ -111,6 +115,14 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch @@ -111,6 +115,11 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch
Patch71: dhcp-4.2.5-centos-branding.patch Patch71: dhcp-4.2.5-centos-branding.patch
+# WRS +# WRS
+Patch101: support-disable-nsupdate.patch +Patch101: dhclient-restrict-interfaces-to-command-line.patch
+Patch102: dhclient-restrict-interfaces-to-command-line.patch +Patch102: dhclient-ipv6-bind-to-interface.patch
+Patch103: dhclient-ipv6-bind-to-interface.patch +Patch103: dhclient-ipv6-conditionally-set-hostname.patch
+Patch104: dhclient-ipv6-conditionally-set-hostname.patch
+Patch105: dhclient-handle-wrs-install-uuid.patch
+Patch106: dhclient-dhcp6-wrs-install-uuid.patch
+ +
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: libtool BuildRequires: libtool
@@ -439,6 +451,14 @@ rm -rf includes/isc-dhcp @@ -439,6 +451,11 @@ rm -rf includes/isc-dhcp
%patch70 -p1 -b .reference_overflow %patch70 -p1 -b .reference_overflow
%patch71 -p1 %patch71 -p1
+# WRS +# WRS
+%patch101 -p1 +%patch101 -p1
+%patch102 -p1 +%patch102 -p1
+%patch103 -p1 +%patch103 -p1
+%patch104 -p1
+%patch105 -p1
+%patch106 -p1
+ +
# Update paths in all man pages # Update paths in all man pages
for page in client/dhclient.conf.5 client/dhclient.leases.5 \ for page in client/dhclient.conf.5 client/dhclient.leases.5 \
client/dhclient-script.8 client/dhclient.8 ; do client/dhclient-script.8 client/dhclient.8 ; do
-- --
2.7.4 2.7.4

View File

@ -1,41 +0,0 @@
From 70d970536ec4312be28c7c39b20fe90199c495e0 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:26 -0400
Subject: [PATCH 6/7] WRS: Patch106: dhclient-dhcp6-wrs-install-uuid.patch
---
client/scripts/linux | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/client/scripts/linux b/client/scripts/linux
index ddf50e8..c4ab9a1 100755
--- a/client/scripts/linux
+++ b/client/scripts/linux
@@ -77,15 +77,22 @@ exit_with_hooks() {
exit $exit_status
}
+# Select wrs-install-uuid from ipv4 or ipv6
+if [ -n "$new_dhcp6_wrs_install_uuid" ]; then
+ wrs_install_uuid=$new_dhcp6_wrs_install_uuid
+else
+ wrs_install_uuid=$new_wrs_install_uuid
+fi
+
# Enforce wrs-install-uuid on management and infrastrucure interfaces
source /etc/platform/platform.conf
-if [ -n "$new_wrs_install_uuid" ]; then
+if [ -n "$wrs_install_uuid" ]; then
if [ "$nodetype" == "controller" ]; then
source /etc/build.info
file="/www/pages/feed/rel-$SW_VERSION/install_uuid"
INSTALL_UUID=$(cat "$file")
fi
- if [ "$INSTALL_UUID" != "$new_wrs_install_uuid" ]; then
+ if [ "$INSTALL_UUID" != "$wrs_install_uuid" ]; then
exit 1
fi
elif [ "$interface" == "$management_interface" -o \
--
1.9.1

View File

@ -1,42 +0,0 @@
From d6daacb050008d473b986f574434f9b8ae7139e4 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:23 -0400
Subject: [PATCH 5/7] WRS: Patch105: dhclient-handle-wrs-install-uuid.patch
---
client/scripts/linux | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/client/scripts/linux b/client/scripts/linux
index 59e764f..ddf50e8 100755
--- a/client/scripts/linux
+++ b/client/scripts/linux
@@ -77,6 +77,25 @@ exit_with_hooks() {
exit $exit_status
}
+# Enforce wrs-install-uuid on management and infrastrucure interfaces
+source /etc/platform/platform.conf
+if [ -n "$new_wrs_install_uuid" ]; then
+ if [ "$nodetype" == "controller" ]; then
+ source /etc/build.info
+ file="/www/pages/feed/rel-$SW_VERSION/install_uuid"
+ INSTALL_UUID=$(cat "$file")
+ fi
+ if [ "$INSTALL_UUID" != "$new_wrs_install_uuid" ]; then
+ exit 1
+ fi
+elif [ "$interface" == "$management_interface" -o \
+ "$interface" == "$infrastructure_interface" ]; then
+ if [ "$nodetype" != "controller" -o \
+ -e "/etc/platform/.initial_config_complete" ]; then
+ exit 1
+ fi
+fi
+
# Invoke the local dhcp client enter hooks, if they exist.
if [ -f /etc/dhclient-enter-hooks ]; then
exit_status=0
--
1.9.1

View File

@ -1,42 +0,0 @@
From 1a60b6e068a6f6289a48bd8281d116ed6a51f03e Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:12 -0400
Subject: [PATCH 1/7] WRS: Patch101: support-disable-nsupdate.patch
---
server/dhcpd.c | 2 ++
server/failover.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/server/dhcpd.c b/server/dhcpd.c
index 67fec83..7523093 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -424,8 +424,10 @@ main(int argc, char **argv) {
trace_srandom = trace_type_register ("random-seed", (void *)0,
trace_seed_input,
trace_seed_stop, MDL);
+#if defined (NSUPDATE)
trace_ddns_init();
#endif
+#endif
#if defined (PARANOIA)
/* get user and group info if those options were given */
diff --git a/server/failover.c b/server/failover.c
index 8944102..d26adfa 100644
--- a/server/failover.c
+++ b/server/failover.c
@@ -5290,7 +5290,9 @@ isc_result_t dhcp_failover_process_bind_update (dhcp_failover_state_t *state,
*/
if (msg->binding_status == FTS_ACTIVE &&
(chaddr_changed || ident_changed)) {
+#if defined (NSUPDATE)
(void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
+#endif
if (lease->scope != NULL)
binding_scope_dereference(&lease->scope, MDL);
--
1.9.1

View File

@ -130,7 +130,7 @@ AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS AcceptEnv XMODIFIERS
# override default of no subsystems # override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis # Example of overriding settings on a per-user basis
#Match User anoncvs #Match User anoncvs

View File

@ -60,8 +60,8 @@ while read line; do
# be logged # be logged
if [ ${nodetype} == "controller" ]; then if [ ${nodetype} == "controller" ]; then
_configuration_flag_file="/var/run/.controller_config_complete" _configuration_flag_file="/var/run/.controller_config_complete"
elif [ ${nodetype} == "compute" ]; then elif [ ${nodetype} == "worker" ]; then
_configuration_flag_file="/var/run/.compute_config_complete" _configuration_flag_file="/var/run/.worker_config_complete"
elif [ ${nodetype} == "storage" ]; then elif [ ${nodetype} == "storage" ]; then
_configuration_flag_file="/var/run/.storage_config_complete" _configuration_flag_file="/var/run/.storage_config_complete"
else else

View File

@ -49,12 +49,12 @@
+ end + end
+end +end
+ +
+Facter.add('is_compute_subfunction') do +Facter.add('is_worker_subfunction') do
+ confine :kernel => :linux + confine :kernel => :linux
+ +
+ setcode do + setcode do
+ if release = Facter::Util::FileRead.read('/etc/platform/platform.conf') + if release = Facter::Util::FileRead.read('/etc/platform/platform.conf')
+ match = release.match(/^subfunction\=.*compute/) ? true : false + match = release.match(/^subfunction\=.*worker/) ? true : false
+ end + end
+ end + end
+end +end

View File

@ -0,0 +1,32 @@
From 0cc8e6f6a7db603c534fc6d6a3d36c212446e8c2 Mon Sep 17 00:00:00 2001
From: Tao Liu <tao.liu@windriver.com>
Date: Wed, 12 Dec 2018 14:39:12 -0500
Subject: [PATCH 1/1] Remove compute reserved VM huge pages
---
SPECS/puppet-nova.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/puppet-nova.spec b/SPECS/puppet-nova.spec
index 367de7b..3554bd2 100644
--- a/SPECS/puppet-nova.spec
+++ b/SPECS/puppet-nova.spec
@@ -20,6 +20,7 @@ Patch0008: 0008-Adding-pci_weight_multiple-to-nova-scheduler-filter.patch
Patch0009: 0009-Remove-SerialConsole-from-NovaConf.patch
Patch0010: 0010-Remove-compute-huge.patch
Patch0011: 0011-Provide-a-way-to-set-mem_stats_period_seconds.patch
+Patch0012: 0012-Remove-compute-reserved-VM-huge-pages.patch
BuildArch: noarch
@@ -51,6 +52,7 @@ Puppet module for OpenStack Nova
%patch0009 -p1
%patch0010 -p1
%patch0011 -p1
+%patch0012 -p1
find . -type f -name ".*" -exec rm {} +
find . -size 0 -exec rm {} +
--
1.8.3.1

View File

@ -9,3 +9,4 @@
0009-Remove-SerialConsole-from-NovaConf.patch 0009-Remove-SerialConsole-from-NovaConf.patch
0010-Remove-compute-huge.patch 0010-Remove-compute-huge.patch
0011-Provide-a-way-to-set-mem_stats_period_seconds.patch 0011-Provide-a-way-to-set-mem_stats_period_seconds.patch
0012-Remove-compute-reserved-VM-huge-pages.patch

View File

@ -0,0 +1,112 @@
From b5e101b0a02e4693f57b42ac487621685f839bee Mon Sep 17 00:00:00 2001
From: Tao Liu <tao.liu@windriver.com>
Date: Thu, 29 Nov 2018 10:48:37 -0600
Subject: [PATCH 1/1] Remove compute reserved VM huge pages
---
.../compute_reserved_config/ini_setting.rb | 22 ----------------------
lib/puppet/type/compute_reserved_config.rb | 19 -------------------
manifests/compute.pp | 18 ------------------
3 files changed, 59 deletions(-)
delete mode 100644 lib/puppet/provider/compute_reserved_config/ini_setting.rb
delete mode 100644 lib/puppet/type/compute_reserved_config.rb
diff --git a/lib/puppet/provider/compute_reserved_config/ini_setting.rb b/lib/puppet/provider/compute_reserved_config/ini_setting.rb
deleted file mode 100644
index e7d142f..0000000
--- a/lib/puppet/provider/compute_reserved_config/ini_setting.rb
+++ /dev/null
@@ -1,22 +0,0 @@
-Puppet::Type.type(:compute_reserved_config).provide(
- :ini_setting,
- :parent => Puppet::Type.type(:ini_setting).provider(:ruby)
-) do
-
- def section
- resource[:name].split('/', 2).first
- end
-
- def setting
- resource[:name].split('/', 2).last
- end
-
- def separator
- '='
- end
-
- def file_path
- '/etc/nova/compute_reserved.conf'
- end
-
-end
diff --git a/lib/puppet/type/compute_reserved_config.rb b/lib/puppet/type/compute_reserved_config.rb
deleted file mode 100644
index fa9d441..0000000
--- a/lib/puppet/type/compute_reserved_config.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-Puppet::Type.newtype(:compute_reserved_config) do
-
- ensurable
-
- newparam(:name, :namevar => true) do
- desc 'Section/setting name to manage from compute_reserved.conf'
- newvalues(/\S*\/\S+/)
- end
-
- newproperty(:value) do
- desc 'The value of the setting to be defined.'
- munge do |value|
- value = value.to_s.strip
- value.capitalize! if value =~ /^(true|false)$/i
- value
- end
- end
-
-end
diff --git a/manifests/compute.pp b/manifests/compute.pp
index 719729a..62f3ac2 100644
--- a/manifests/compute.pp
+++ b/manifests/compute.pp
@@ -148,9 +148,6 @@
# for shared machine processes
# Defaults to undef
#
-# [*compute_reserved_vm_memory_2M*]
-# [*compute_reserved_vm_memory_1G*]
-#
# DEPRECATED
#
# [*pci_passthrough*]
@@ -194,8 +191,6 @@ class nova::compute (
$consecutive_build_service_disable_threshold = $::os_service_default,
# WRS PARAMETERS
$shared_pcpu_map = undef,
- $compute_reserved_vm_memory_2M = '()',
- $compute_reserved_vm_memory_1G = '()',
# DEPRECATED PARAMETERS
$pci_passthrough = undef,
) {
@@ -253,19 +248,6 @@ class nova::compute (
'DEFAULT/shared_pcpu_map': value => join(any2array($shared_pcpu_map), ',');
}
- ## Only override build default if value is provided at runtime.
- ## Setting to () has effect of calculating maximum 2M hugepages.
- if ($compute_reserved_vm_memory_2M and ($compute_reserved_vm_memory_2M != '()')) {
- compute_reserved_config {
- '/COMPUTE_VM_MEMORY_2M' : value => $compute_reserved_vm_memory_2M;
- }
- }
- if ($compute_reserved_vm_memory_1G and ($compute_reserved_vm_memory_1G != '()')) {
- compute_reserved_config {
- '/COMPUTE_VM_MEMORY_1G' : value => $compute_reserved_vm_memory_1G;
- }
- }
-
ensure_resource('nova_config', 'DEFAULT/allow_resize_to_same_host', { value => $allow_resize_to_same_host })
if ($vnc_enabled) {
--
1.8.3.1

View File

@ -1,3 +0,0 @@
VERSION=18.03.1
MODULE=docker-ce
TIS_PATCH_VER=1

View File

@ -1,36 +0,0 @@
commit b86683a477f4d40e09501b6953a89c634bd9de75
Author: Shoaib Nasir <shoaib.nasir@windriver.com>
Date: Mon May 14 15:32:06 2018 -0400
WRS: 0001-Update-package-versioning-for-TIS-format.patch
diff --git a/SPECS/docker-ce.spec b/SPECS/docker-ce.spec
index 82b5042..36d2980 100644
--- a/SPECS/docker-ce.spec
+++ b/SPECS/docker-ce.spec
@@ -1,6 +1,8 @@
+%global _version 18.03.1
+
Name: docker-ce
Version: %{_version}
-Release: %{_release}%{?dist}
+Release: 1%{?_tis_dist}.%{tis_patch_ver}
Summary: The open-source application container engine
Group: Tools/Docker
License: ASL 2.0
@@ -59,6 +61,7 @@ depending on a particular stack or provider.
%setup -q -c -n src -a 1
%build
+export PBR_VERSION=%{version}
export DOCKER_GITCOMMIT=%{_gitcommit}
mkdir -p /go/src/github.com/docker
rm -f /go/src/github.com/docker/cli
@@ -79,6 +82,7 @@ engine/bundles/dynbinary-daemon/dockerd -v
%install
# install binary
+export PBR_VERSION=%{version}
install -d $RPM_BUILD_ROOT/%{_bindir}
install -p -m 755 cli/build/docker $RPM_BUILD_ROOT/%{_bindir}/docker
install -p -m 755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) $RPM_BUILD_ROOT/%{_bindir}/dockerd

View File

@ -1 +0,0 @@
0001-Update-package-versioning-for-TIS-format.patch

View File

@ -1 +0,0 @@
mirror:Source/docker-ce-18.03.1.ce-1.el7.centos.src.rpm

View File

@ -16,4 +16,4 @@ COPY_LIST="$PKG_BASE/src/LICENSE \
$PKG_BASE/src/example.py \ $PKG_BASE/src/example.py \
$PKG_BASE/src/example.conf" $PKG_BASE/src/example.conf"
TIS_PATCH_VER=2 TIS_PATCH_VER=3

View File

@ -11,7 +11,7 @@
# platform core usable since the previous sample. # platform core usable since the previous sample.
# #
# Init Function: # Init Function:
# - if 'compute_reserved.conf exists then query/store PLATFORM_CPU_LIST # - if 'worker_reserved.conf exists then query/store PLATFORM_CPU_LIST
# #
############################################################################ ############################################################################
import os import os
@ -24,7 +24,7 @@ PASS = 0
FAIL = 1 FAIL = 1
PATH = '/proc/cpuinfo' PATH = '/proc/cpuinfo'
COMPUTE_RESERVED_CONF = '/etc/nova/compute_reserved.conf' WORKER_RESERVED_CONF = '/etc/platform/worker_reserved.conf'
PLUGIN = 'platform cpu usage plugin' PLUGIN = 'platform cpu usage plugin'
@ -63,8 +63,8 @@ def init_func():
collectd.info('%s init function for %s' % (PLUGIN, c.hostname)) collectd.info('%s init function for %s' % (PLUGIN, c.hostname))
raw_list = "" raw_list = ""
if os.path.exists(COMPUTE_RESERVED_CONF): if os.path.exists(WORKER_RESERVED_CONF):
with open(COMPUTE_RESERVED_CONF, 'r') as infile: with open(WORKER_RESERVED_CONF, 'r') as infile:
for line in infile: for line in infile:
if 'PLATFORM_CPU_LIST' in line: if 'PLATFORM_CPU_LIST' in line:
val = line.split("=") val = line.split("=")

View File

@ -11,7 +11,7 @@
# platform core usable since the previous sample. # platform core usable since the previous sample.
# #
# Init Function: # Init Function:
# - if 'compute_reserved.conf exists then query/store PLATFORM_CPU_LIST # - if 'worker_reserved.conf exists then query/store PLATFORM_CPU_LIST
# #
############################################################################ ############################################################################
import os import os
@ -74,16 +74,26 @@ def config_func(config):
(PLUGIN, obj.cmd)) (PLUGIN, obj.cmd))
# Get the platform cpu list and number of cpus reported by /proc/cpuinfo # Load the hostname and kernel memory 'overcommit' setting.
def init_func(): def init_func():
# get current hostname # get current hostname
obj.hostname = os.uname()[1] obj.hostname = os.uname()[1]
# get strict setting
#
# a value of 0 means "heuristic overcommit"
# a value of 1 means "always overcommit"
# a value of 2 means "don't overcommit".
#
# set strict true strict=1 if value is = 2
# otherwise strict is false strict=0 (default)
fn = '/proc/sys/vm/overcommit_memory' fn = '/proc/sys/vm/overcommit_memory'
if os.path.exists(fn): if os.path.exists(fn):
with open(fn, 'r') as infile: with open(fn, 'r') as infile:
for line in infile: for line in infile:
obj.strict = int(line) if int(line) == 2:
obj.strict = 1
break break
collectd.info("%s strict:%d" % (PLUGIN, obj.strict)) collectd.info("%s strict:%d" % (PLUGIN, obj.strict))

View File

@ -10,13 +10,13 @@
NAME=$(basename $0) NAME=$(basename $0)
OPTIONS_CHANGED_FLAG=/var/run/.mlx4_cx3_reboot_required OPTIONS_CHANGED_FLAG=/var/run/.mlx4_cx3_reboot_required
COMPUTE_CONFIG_COMPLETE=/var/run/.compute_config_complete WORKER_CONFIG_COMPLETE=/var/run/.worker_config_complete
function LOG { function LOG {
logger "$NAME: $*" logger "$NAME: $*"
} }
if [ -f $OPTIONS_CHANGED_FLAG ] && [ -f $COMPUTE_CONFIG_COMPLETE ]; then if [ -f $OPTIONS_CHANGED_FLAG ] && [ -f $WORKER_CONFIG_COMPLETE ]; then
LOG "mlx4_core options has been changed. Failing goenabled check." LOG "mlx4_core options has been changed. Failing goenabled check."
exit 1 exit 1
fi fi

View File

@ -12,14 +12,14 @@ debounce = 20 ; number of seconds that a process needs to remain
startuptime = 5 ; Seconds to wait after process start before starting the debounce monitor startuptime = 5 ; Seconds to wait after process start before starting the debounce monitor
mode = passive ; Monitoring mode: passive (default) or active mode = passive ; Monitoring mode: passive (default) or active
; passive: process death monitoring (default: always) ; passive: process death monitoring (default: always)
; active : heartbeat monitoring, i.e. request / response messaging ; active : heartbeat monitoring, i.e. request / response messaging
; ignore : do not monitor or stop monitoring ; ignore : do not monitor or stop monitoring
subfunction = compute ; Optional label. subfunction = worker ; Optional label.
; Manage this process in the context of a combo host subfunction ; Manage this process in the context of a combo host subfunction
; Choices: compute or storage. ; Choices: worker or storage.
; when specified pmond will wait for ; when specified pmond will wait for
; /var/run/.compute_config_complete or ; /var/run/.worker_config_complete or
; /var/run/.storage_config_complete ; /var/run/.storage_config_complete
; ... before managing this process with the specified subfunction ; ... before managing this process with the specified subfunction
; Excluding this label will cause this process to be managed by default on startup ; Excluding this label will cause this process to be managed by default on startup

View File

@ -12,14 +12,14 @@ debounce = 20 ; number of seconds that a process needs to remain
startuptime = 5 ; Seconds to wait after process start before starting the debounce monitor startuptime = 5 ; Seconds to wait after process start before starting the debounce monitor
mode = passive ; Monitoring mode: passive (default) or active mode = passive ; Monitoring mode: passive (default) or active
; passive: process death monitoring (default: always) ; passive: process death monitoring (default: always)
; active : heartbeat monitoring, i.e. request / response messaging ; active : heartbeat monitoring, i.e. request / response messaging
; ignore : do not monitor or stop monitoring ; ignore : do not monitor or stop monitoring
subfunction = compute ; Optional label. subfunction = worker ; Optional label.
; Manage this process in the context of a combo host subfunction ; Manage this process in the context of a combo host subfunction
; Choices: compute or storage. ; Choices: worker or storage.
; when specified pmond will wait for ; when specified pmond will wait for
; /var/run/.compute_config_complete or ; /var/run/.worker_config_complete or
; /var/run/.storage_config_complete ; /var/run/.storage_config_complete
; ... before managing this process with the specified subfunction ; ... before managing this process with the specified subfunction
; Excluding this label will cause this process to be managed by default on startup ; Excluding this label will cause this process to be managed by default on startup

View File

@ -312,6 +312,14 @@ static int tpm_engine_init(ENGINE * e)
* N.B: This assumes that the kernel-modules-tpm * N.B: This assumes that the kernel-modules-tpm
* pkg is installed with the modified tpm_crb KLM * pkg is installed with the modified tpm_crb KLM
*/ */
if ((result = p_tpm2_Set_Property(hContext,
TPM_INTERFACE_TYPE, "dev"))) {
DBG("Failed to set Resource Manager in context (%p): rc %d",
hContext, (int)result);
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE);
goto err;
}
if ((result = p_tpm2_Set_Property(hContext, if ((result = p_tpm2_Set_Property(hContext,
TPM_DEVICE, "/dev/tpmrm0"))) { TPM_DEVICE, "/dev/tpmrm0"))) {
DBG("Failed to set Resource Manager in context (%p): rc %d", DBG("Failed to set Resource Manager in context (%p): rc %d",

View File

@ -7,6 +7,8 @@
# TPM setup (both active controller and remote) # TPM setup (both active controller and remote)
export TPM_INTERFACE_TYPE=dev
CERTIFICATE_FILE="server-cert.pem" CERTIFICATE_FILE="server-cert.pem"
LOGFILE="/etc/ssl/private/.install.log" LOGFILE="/etc/ssl/private/.install.log"
ORIGINAL_KEY=$1 ORIGINAL_KEY=$1
@ -53,8 +55,7 @@ declare -a helper_scripts=("tss2_createprimary"
"tss2_contextsave" "tss2_contextsave"
"tss2_evictcontrol" "tss2_evictcontrol"
"tss2_flushcontext" "tss2_flushcontext"
"create_tpm2_key" "create_tpm2_key")
"resourcemgr")
for src in "${helper_scripts[@]}"; do for src in "${helper_scripts[@]}"; do
if ! type "$src" &>/dev/null; then if ! type "$src" &>/dev/null; then
error_exit "ERROR: Cannot find $src. Needed for TPM configuration" error_exit "ERROR: Cannot find $src. Needed for TPM configuration"
@ -62,41 +63,6 @@ for src in "${helper_scripts[@]}"; do
done done
} }
startResourceMgr () {
resourcemgr &>> $LOGFILE 2>&1 &
# ensure the resourcemgr is started
for i in {1..5}
do
sleep 0.5
MGR_RUNNING=`pidof resourcemgr`
if [ ! -z $MGR_RUNNING ]; then
break
fi
done
[ ! -z $MGR_RUNNING ] || error_exit "Unable to start TPM resourcemgr"
# check to see if the resourcemgr port is open
IS_OPEN=0
for i in {1..5}
do
sleep 0.5
_test=`netstat -an | grep $RESOURCEMGR_DEFAULT_PORT | grep -i listen`
if [ ! -z "$_test" ]; then
IS_OPEN=1
break
fi
done
[ $IS_OPEN -ne 0 ] || error_exit "Unable to initialize resourcemgr"
}
stopResourceMgr () {
# Kill any previous instances of resourcemgr
pkill -c -TERM resourcemgr &> /dev/null 2>&1
}
### Main ### ### Main ###
# remove previous object context # remove previous object context
rm -f $TPM_OBJECT_CONTEXT &> /dev/null rm -f $TPM_OBJECT_CONTEXT &> /dev/null
@ -115,14 +81,10 @@ if [ "$TPM_VERSION" != "2.0" ]; then
error_exit "ERROR: TPM Device is not version 2.0 compatible" error_exit "ERROR: TPM Device is not version 2.0 compatible"
fi fi
# Start the Intel ResourceMgr to clear the NV # Clear the NV
# as well as all stale transient handles in # as well as all stale transient handles in
# the endorsement hierarchy. # the endorsement hierarchy.
# Since ResourceMgr has a number of stability, tss2_clear -hi l
# and security issues, we will stop it after it
# initializes the NV and Handle space
startResourceMgr
stopResourceMgr
# Create the Endorsement Primary Key hierarchy which will be used # Create the Endorsement Primary Key hierarchy which will be used
# for wrapping the private key. Use RSA as the primary key encryption # for wrapping the private key. Use RSA as the primary key encryption
@ -136,14 +98,14 @@ PRIMARY_HANDLE="0x$PRIMARY_HANDLE"
# be persistently stored in TPM NV. # be persistently stored in TPM NV.
# evict the persistent handle if it exists previously # evict the persistent handle if it exists previously
tss2_evictcontrol -hi o -ho $TPM_KEY_HIERARCHY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE tss2_evictcontrol -hi o -ho $TPM_KEY_HIERARCHY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE
tss2_evictcontrol -hi o -ho $PRIMARY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE &>> $LOGFILE tss2_evictcontrol -hi o -ho $PRIMARY_HANDLE -hp $TPM_KEY_HIERARCHY_HANDLE >> $LOGFILE
[ $? -eq 0 ] || error_exit "Unable to persist Key Hierarchy in TPM memory" [ $? -eq 0 ] || error_exit "Unable to persist Key Hierarchy in TPM memory"
tss2_flushcontext -ha $PRIMARY_HANDLE tss2_flushcontext -ha $PRIMARY_HANDLE
# wrap the original private key in TPM's Endorsement key hierarchy # wrap the original private key in TPM's Endorsement key hierarchy
# this will generate a TSS key blob in ASN 1 encoding # this will generate a TSS key blob in ASN 1 encoding
create_tpm2_key -p $TPM_KEY_HIERARCHY_HANDLE -w $ORIGINAL_KEY $TPM_OBJECT_CONTEXT &>> $LOGFILE create_tpm2_key -p $TPM_KEY_HIERARCHY_HANDLE -w $ORIGINAL_KEY $TPM_OBJECT_CONTEXT >> $LOGFILE
[ $? -eq 0 ] || error_exit "Unable to wrap provided private key into TPM Key Hierarchy" [ $? -eq 0 ] || error_exit "Unable to wrap provided private key into TPM Key Hierarchy"
# the apps will also need to the public key, place it in # the apps will also need to the public key, place it in

View File

@ -46,6 +46,7 @@ install -m 755 collect_patching.sh %{buildroot}%{_sysconfdir}/collect.d/collect_
install -m 755 collect_coredump.sh %{buildroot}%{_sysconfdir}/collect.d/collect_coredump install -m 755 collect_coredump.sh %{buildroot}%{_sysconfdir}/collect.d/collect_coredump
install -m 755 collect_crash.sh %{buildroot}%{_sysconfdir}/collect.d/collect_crash install -m 755 collect_crash.sh %{buildroot}%{_sysconfdir}/collect.d/collect_crash
install -m 755 collect_ima.sh %{buildroot}%{_sysconfdir}/collect.d/collect_ima install -m 755 collect_ima.sh %{buildroot}%{_sysconfdir}/collect.d/collect_ima
install -m 755 collect_fm.sh %{buildroot}%{_sysconfdir}/collect.d/collect_fm
install -m 755 etc.exclude %{buildroot}%{_sysconfdir}/collect/etc.exclude install -m 755 etc.exclude %{buildroot}%{_sysconfdir}/collect/etc.exclude
install -m 755 run.exclude %{buildroot}%{_sysconfdir}/collect/run.exclude install -m 755 run.exclude %{buildroot}%{_sysconfdir}/collect/run.exclude

View File

@ -0,0 +1,41 @@
#! /bin/bash
#
# SPDX-License-Identifier: Apache-2.0
#
# Loads Up Utilities and Commands Variables
source /usr/local/sbin/collect_parms
source /usr/local/sbin/collect_utils
SERVICE="alarms"
LOGFILE="${extradir}/${SERVICE}.info"
function is_service_active {
active=`sm-query service management-ip | grep "enabled-active"`
if [ -z "$active" ] ; then
return 0
else
return 1
fi
}
###############################################################################
# Only Controller
###############################################################################
if [ "$nodetype" = "controller" ] ; then
is_service_active
if [ "$?" = "0" ] ; then
exit 0
fi
echo "${hostname}: System Alarm List .: ${LOGFILE}"
# These go into the SERVICE.info file
delimiter ${LOGFILE} "fm alarm-list"
fm alarm-list 2>>${COLLECT_ERROR_LOG} >> ${LOGFILE}
fi
exit 0

View File

@ -1176,7 +1176,7 @@ def getPlatformCores(node, cpe):
logging.basicConfig(filename="/tmp/livestream.log", filemode="a", format="%(asctime)s %(levelname)s %(message)s", level=logging.INFO) logging.basicConfig(filename="/tmp/livestream.log", filemode="a", format="%(asctime)s %(levelname)s %(message)s", level=logging.INFO)
core_list = list() core_list = list()
try: try:
with open("/etc/nova/compute_reserved.conf", "r") as f: with open("/etc/platform/worker_reserved.conf", "r") as f:
for line in f: for line in f:
if line.startswith("PLATFORM_CPU_LIST"): if line.startswith("PLATFORM_CPU_LIST"):
core_list = line.split("=")[1].replace("\"", "").strip("\n").split(",") core_list = line.split("=")[1].replace("\"", "").strip("\n").split(",")

View File

@ -9,4 +9,4 @@
# #
# Note: Sourced from scripts, so needs to be bash-able # Note: Sourced from scripts, so needs to be bash-able
# #
PLATFORM_RELEASE="18.10" PLATFORM_RELEASE="19.01"

View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Copyright (c) 2017 Wind River Systems, Inc. # Copyright (c) 2017-2018 Wind River Systems, Inc.
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
@ -9,9 +9,12 @@
# $1 - listening port of remote log server # $1 - listening port of remote log server
PORT=$1 PORT=$1
DEFAULT_PRIORITY=1
function is_loopback { function is_loopback {
# (from include/uapi/linux/if.h) # (from include/uapi/linux/if.h)
IFF_LOOPBACK=$((1<<3)) # IFF_LOOPBACK = 1<<3 = 8. Using a left shifted syntax can confuse bashate.
IFF_LOOPBACK=8
# get the interface flags # get the interface flags
FLAGS=`cat /sys/class/net/$DEV/flags` FLAGS=`cat /sys/class/net/$DEV/flags`
@ -26,7 +29,8 @@ function is_loopback {
function log { function log {
# It seems that syslog isn't yet running, so append directly to the syslog file # It seems that syslog isn't yet running, so append directly to the syslog file
echo `date +%FT%T.%3N` `hostname` CGCS_TC_SETUP: $@ >> /var/log/platform.log local FILE=/var/log/platform.log
echo `date +%FT%T.%3N` `hostname` CGCS_TC_SETUP: $@ >> $FILE
} }
function test_valid_speed { function test_valid_speed {
@ -44,14 +48,10 @@ function test_valid_speed {
function get_dev_speed { function get_dev_speed {
# If the link doesn't come up we won't go enabled, so here we can # If the link doesn't come up we won't go enabled, so here we can
# afford to wait forever for the link. # afford to wait forever for the link.
while true while true; do
do if [ -e /sys/class/net/$1/bonding ]; then
if [ -e /sys/class/net/$1/bonding ] for VAL in `cat /sys/class/net/$1/lower_*/speed`; do
then if test_valid_speed $VAL; then
for VAL in `cat /sys/class/net/$1/lower_*/speed`
do
if test_valid_speed $VAL
then
log slave for bond link $1 reported speed $VAL log slave for bond link $1 reported speed $VAL
echo $VAL echo $VAL
return 0 return 0
@ -59,24 +59,24 @@ function get_dev_speed {
log slave for bond link $1 reported invalid speed $VAL log slave for bond link $1 reported invalid speed $VAL
fi fi
done done
log all slaves for bond link $1 reported invalid speeds, will sleep 30 sec and try again log all slaves for bond link $1 reported invalid speeds, \
will sleep 30 sec and try again
else else
VAL=`cat /sys/class/net/$1/speed` VAL=`cat /sys/class/net/$1/speed`
if test_valid_speed $VAL if test_valid_speed $VAL; then
then
log link $1 reported speed $VAL log link $1 reported speed $VAL
echo $VAL echo $VAL
return 0 return 0
else else
log link $1 returned invalid speed $VAL, will sleep 30 sec and try again log link $1 returned invalid speed $VAL, \
will sleep 30 sec and try again
fi fi
fi fi
sleep 30 sleep 30
done done
} }
if [ -f /etc/platform/platform.conf ] if [ -f /etc/platform/platform.conf ]; then
then
source /etc/platform/platform.conf source /etc/platform/platform.conf
else else
exit 0 exit 0
@ -94,8 +94,7 @@ LOG_CBW=20
# 1:40 = default class from cgcs_tc_setup.sh # 1:40 = default class from cgcs_tc_setup.sh
# 1:60 = LOG class # 1:60 = LOG class
if [ $nodetype == "controller" ] if [ $nodetype == "controller" ]; then
then
# Add class and filters to the oam interface # Add class and filters to the oam interface
DEV=$oam_interface DEV=$oam_interface
SPEED=$(get_dev_speed $DEV) SPEED=$(get_dev_speed $DEV)
@ -105,17 +104,22 @@ then
# create new qdiscs, classes and LOG filters # create new qdiscs, classes and LOG filters
tc qdisc add dev $DEV root handle 1: htb default 40 tc qdisc add dev $DEV root handle 1: htb default 40
tc class add dev $DEV parent 1: classid 1:1 htb rate ${SPEED}mbit burst 15k quantum 60000 tc class add dev $DEV parent 1: classid 1:1 htb rate ${SPEED}mbit \
burst 15k quantum 60000
AC="tc class add dev $DEV parent 1:1 classid" AC="tc class add dev $DEV parent 1:1 classid"
$AC 1:40 htb rate $((${DEFAULT_BW}*${SPEED}/100))mbit burst 15k ceil $((${DEFAULT_CBW}*${SPEED}/100))mbit quantum 60000 $AC 1:40 htb rate $((${DEFAULT_BW}*${SPEED}/100))mbit burst 15k \
$AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000 ceil $((${DEFAULT_CBW}*${SPEED}/100))mbit quantum 60000
$AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k \
ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000
tc qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10 tc qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10
tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10 tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip dport ${PORT} 0xffff flowid 1:60 tc filter add dev $DEV protocol ip parent 1:0 prio $DEFAULT_PRIORITY \
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip sport ${PORT} 0xffff flowid 1:60 u32 match ip dport ${PORT} 0xffff flowid 1:60
tc filter add dev $DEV protocol ip parent 1:0 prio $DEFAULT_PRIORITY \
u32 match ip sport ${PORT} 0xffff flowid 1:60
fi fi
@ -128,12 +132,69 @@ then
exit 0 exit 0
fi fi
function infra_exists {
if [ -z "$infrastructure_interface" ]; then
return 1
else
return 0
fi
}
function is_consolidated {
if ! infra_exists; then
return 1
else
local INFRA=$infrastructure_interface
local MGMT=$management_interface
# determine whether the management interface is a parent of the
# infrastructure interface based on name.
# eg. this matches enp0s8 to enp0s8.10 but not enp0s88
if [[ $INFRA =~ $MGMT[\.][0-9]+$ ]]; then
return 0
fi
return 1
fi
}
function is_vlan {
if [ -f /proc/net/vlan/$DEV ]; then
return 0
else
return 1
fi
}
function get_mgmt_tc_filter_priority {
local PRIORITY=$DEFAULT_PRIORITY
if is_consolidated
then
if ! is_vlan
then
# If we have a consolidated VLAN interface, we must set the
# priority to $DEFAULT_PRIORITY + 1 for the underlying
# ethernet interface, as it will already have
# $DEFAULT_PRIORITY filters to catch high priority
# infra traffic
PRIORITY=$(($DEFAULT_PRIORITY + 1))
fi
fi
echo $PRIORITY
return 0
}
SPEED=$(get_dev_speed $DEV) SPEED=$(get_dev_speed $DEV)
PRIORITY=$(get_mgmt_tc_filter_priority)
AC="tc class add dev $DEV parent 1:1 classid" AC="tc class add dev $DEV parent 1:1 classid"
$AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000 $AC 1:60 htb rate $((${LOG_BW}*${SPEED}/100))mbit burst 15k \
ceil $((${LOG_CBW}*${SPEED}/100))mbit quantum 60000
tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10 tc qdisc add dev $DEV parent 1:60 handle 60: sfq perturb 10
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip dport ${PORT} 0xffff flowid 1:60 tc filter add dev $DEV protocol ip parent 1:0 prio $PRIORITY \
tc filter add dev $DEV protocol ip parent 1:0 prio 1 u32 match ip sport ${PORT} 0xffff flowid 1:60 u32 match ip dport ${PORT} 0xffff flowid 1:60
tc filter add dev $DEV protocol ip parent 1:0 prio $PRIORITY \
u32 match ip sport ${PORT} 0xffff flowid 1:60