commit a3f18007ccad266810d5b02fffe51b7ef3b2463c
Author: Shuicheng Lin <email address hidden>
Date: Sun Jan 19 19:14:55 2020 +0800
Add Kata Container support
The patch is based on 431885231ae41256188a7c32f0f5351c4455707b
And is updated with kata 1.10 repo and 1.10.0-4.1 rpms.
1. add kata container 1.10 stable repo with kata 1.10.0-4.1 rpms.
kata-runtime is the main rpm, and other rpms including qemu
are the rpms required by kata-runtime.
2. upgrade containerd to 1.3.0
To support kata container, kubernetes need switch runtime from
dockershim to containerd. And need use containered with 1.3.0
in order to support secure private registry.
3. add crictl as the CLI for containerd.
- Use updated project name in titles/text
- Correct text for link to Storyboard (docs)
- Correct capitalization in section headings
- Correct formatting for section headings
The cgcs-users package provides a restricted shell ibsh (Iron Bars SHell)
that is no longer being referenced in StarlingX, so we can remove this
tarball from the download list.
commit 12c3dc47720bc8d011a746faf42b824caac8faa6
Author: Don Penney <email address hidden>
Date: Tue Jan 14 11:20:50 2020 -0500
Constrain more-itertools for build failure
A recent update to the more-itertools python module causes a failure
in the STX_BUILD_container_setup CENGN build job. This module dropped
python-2.7 support after its 5.0.0 release. The newest update causes a
failure due to code that does not work with 2.7.
This commit adds a builder-constraints.txt file that the Dockerfile
passes to the pip install command to constrain module versions during
setup of the build container, allowing us to constrain the
more-itertools version to 5.0.0, the last version to officially
support python 2.7.
Change-Id: I3432c204ecd7c4ddedd8a7dea14216d4ec31e0aa
Closes-Bug: 1859642
Signed-off-by: Don Penney <email address hidden>
commit 4cb7bee3f856f49d637d3030df23358bbe36e5e1
Author: Don Penney <email address hidden>
Date: Thu Jan 2 17:43:14 2020 -0500
Add DNF packages
Update the rpms_centos.lst file to include the DNF packages.
The patching framework currently uses the smart package manager for
managing in-release software updates, while CentOS 8 is using DNF. In
order to facilitate the upgrade to CentOS 8 and python3, the use of
smartpm by the patch-agent is being replaced with the python2 dnf
modules. This should allow for an easier transition to python3.
1. add kata container 1.9 stable repo with kata 1.9.2-7.1 rpms.
kata-runtime is the main rpm, and other rpms including qemu
are the rpms required by kata-runtime.
2. upgrade containerd to 1.3.0
To support kata container, kubernetes need switch runtime from
dockershim to containerd. And need use containered with 1.3.0
in order to support secure private registry.
3. add crictl as the CLI for containerd.
Switching python-eventlet and python-requests to binary RPMs
because we no longer need to patch these packages. Also
upversioning eventlet, which is necessary to support the
python kubernetes client.
Adding in python-dns and python2-monotonic as these are
required by the upversioned eventlet.
linux-firmware is brought forward due to a kernel spec file
build dependency.
CVE bug: CVE-2019-11810:kernel: a NULL pointer dereference in
drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
CVE bug: CVE-2019-11811: kernel: use-after-free in IPMI Edit
CVE bug: CVE-2019-14835: kernel: vhost-net: guest to host kernel
escape during migration
Reviewed: https:/ /review. opendev. org/705825 /git.openstack. org/cgit/ starlingx/ tools/commit/ ?id=43144cbe582 78d8a0857cc0fd5 5df2b6bb921a15
Committed: https:/
Submitter: Zuul
Branch: f/centos8
commit a3f18007ccad266 810d5b02fffe51b 7ef3b2463c
Author: Shuicheng Lin <email address hidden>
Date: Sun Jan 19 19:14:55 2020 +0800
Add Kata Container support
The patch is based on 431885231ae4125 6188a7c32f0f535 1c4455707b
And is updated with kata 1.10 repo and 1.10.0-4.1 rpms.
1. add kata container 1.10 stable repo with kata 1.10.0-4.1 rpms.
kata-runtime is the main rpm, and other rpms including qemu
are the rpms required by kata-runtime.
2. upgrade containerd to 1.3.0
To support kata container, kubernetes need switch runtime from
dockershim to containerd. And need use containered with 1.3.0
in order to support secure private registry.
3. add crictl as the CLI for containerd.
Story: 2006145
Task: 36744
Task: 36745
Task: 36746
Change-Id: I932e0dde0a0b48 257e4acd17d6550 f9ec5029555
Signed-off-by: Shuicheng Lin <email address hidden>
commit 0011f51e91a9b98 ef4c0150fc0ce60 8e022deb45
Author: Kristal Dale <email address hidden>
Date: Fri Jan 17 14:18:30 2020 -0800
Update landing pages for docs and release notes:
- Use updated project name in titles/text
- Correct text for link to Storyboard (docs)
- Correct capitalization in section headings
- Correct formatting for section headings
Change-Id: Id116b27f333e03 8802a706fadb474 84e68f837d8
Signed-off-by: Kristal Dale <email address hidden>
commit ac3e6bfe4aa9568 16a58cbe13a362e 0116776d1f
Author: Saul Wold <email address hidden>
Date: Thu Jan 16 09:59:27 2020 -0800
ibsh: remove tarball no longer used by cgcs-users
The cgcs-users package provides a restricted shell ibsh (Iron Bars SHell)
that is no longer being referenced in StarlingX, so we can remove this
tarball from the download list.
Story: 2007102 /review. opendev. org/702939 e26150e916335d5 8c2b60a8f67
Task: 38148
Depends-On: https:/
Change-Id: I6e1a25e7318eb3
Signed-off-by: Saul Wold <email address hidden>
commit 896fa6b227929bb 0b9b28e2a2ca7ea d7060963c0
Author: Don Penney <email address hidden>
Date: Wed Jan 15 23:48:42 2020 -0500
Drop python-smartpm from tarball-dl.lst
As python-smartpm is no longer required, it can now be dropped from
the tarball-dl.lst file.
Depends-On: https:/ /review. opendev. org/702791 bb68a71b83a23ad b888d1ece08
Change-Id: Ifc0a413688151e
Story: 2006227
Task: 38138
Signed-off-by: Don Penney <email address hidden>
commit 83709a0a384f92e 7042bb9f01e7b52 b8a4ba738a
Author: Don Penney <email address hidden>
Date: Tue Jan 14 20:38:59 2020 +0000
Revert "Add Kata Container support"
This reverts commit 431885231ae4125 6188a7c32f0f535 1c4455707b.
Reverting due to https:/ /bugs.launchpad .net/starlingx/ +bug/1859686
Change-Id: Id86981d6b854f5 f6f42b99e094b78 9af263105b7
commit 12c3dc47720bc8d 011a746faf42b82 4caac8faa6
Author: Don Penney <email address hidden>
Date: Tue Jan 14 11:20:50 2020 -0500
Constrain more-itertools for build failure
A recent update to the more-itertools python module causes a failure container_ setup CENGN build job. This module dropped
in the STX_BUILD_
python-2.7 support after its 5.0.0 release. The newest update causes a
failure due to code that does not work with 2.7.
This commit adds a builder- constraints. txt file that the Dockerfile
passes to the pip install command to constrain module versions during
setup of the build container, allowing us to constrain the
more-itertools version to 5.0.0, the last version to officially
support python 2.7.
Change-Id: I3432c204ecd7c4 ddedd8a7dea1421 6d4ec31e0aa
Closes-Bug: 1859642
Signed-off-by: Don Penney <email address hidden>
commit c23eddb3dc5fa57 f399d8687d715b7 6093e154e9
Author: VictorRodriguez <email address hidden>
Date: Thu Jan 9 17:12:21 2020 -0600
Fix bug in CVE html report generation
This patch fix a bug in the CVEs report generation. It needs to iterate
over the cves_w_errors list instead of cves_to_track
Closes-Bug: 1859482
Change-Id: Ic61acadf650733 b9d7a7d6763c99b 0f85394f1a2
Signed-off-by: VictorRodriguez <email address hidden>
commit 4cb7bee3f856f49 d637d3030df2335 8bbe36e5e1
Author: Don Penney <email address hidden>
Date: Thu Jan 2 17:43:14 2020 -0500
Add DNF packages
Update the rpms_centos.lst file to include the DNF packages.
The patching framework currently uses the smart package manager for
managing in-release software updates, while CentOS 8 is using DNF. In
order to facilitate the upgrade to CentOS 8 and python3, the use of
smartpm by the patch-agent is being replaced with the python2 dnf
modules. This should allow for an easier transition to python3.
Change-Id: Ie9d2387158833e 0f76504a6d764a6 9c209d01458
Story: 2006227
Task: 37933
Signed-off-by: Don Penney <email address hidden>
commit 431885231ae4125 6188a7c32f0f535 1c4455707b
Author: Shuicheng Lin <email address hidden>
Date: Fri Sep 27 23:03:46 2019 +0800
Add Kata Container support
1. add kata container 1.9 stable repo with kata 1.9.2-7.1 rpms.
kata-runtime is the main rpm, and other rpms including qemu
are the rpms required by kata-runtime.
2. upgrade containerd to 1.3.0
To support kata container, kubernetes need switch runtime from
dockershim to containerd. And need use containered with 1.3.0
in order to support secure private registry.
3. add crictl as the CLI for containerd.
Story: 2006145 4335cf8dd2a64fc 5233452dfbe
Task: 36744
Task: 36745
Task: 36746
Change-Id: I04076681decfa2
Signed-off-by: Shuicheng Lin <email address hidden>
commit d885f802e78dd2b 2f53628bfd9f381 e52050321f
Author: Bart Wensley <email address hidden>
Date: Fri Dec 20 10:26:18 2019 -0600
Switch eventlet and requests to binary RPMs
Switching python-eventlet and python-requests to binary RPMs
because we no longer need to patch these packages. Also
upversioning eventlet, which is necessary to support the
python kubernetes client.
Adding in python-dns and python2-monotonic as these are
required by the upversioned eventlet.
Change-Id: I8af559d90add35 d51ef7b10542641 69ea4134f3c /review. opendev. org/#/c/ 700195/
Story: 2006781
Task: 37583
Depends-On: https:/
Signed-off-by: Bart Wensley <email address hidden>
commit c69bc1ef1efb9b7 84caf0398b9d5b4 4a52b01d9c
Author: Robin Lu <email address hidden>
Date: Thu Nov 21 14:41:24 2019 +0800
Upgrade std/rt kernel to version 1062.1.2 for fixing CVE bug
To fix below kernel CVE, std/rt kernel will be upgraded to a 3.10.0- 1062.1. 2.el7.src. rpm /lists. centos. org/pipermail/ centos- announce/ 2019-October/ 023457. html rt-3.10. 0-1062. 1.2.rt56. 1025.el7. src.rpm /access. redhat. com/errata/ RHSA-2019: 2830
higher version than current version.
So we will upgrade kernel srpm to below version, which will
cover this issue.
std kernel: kernel-
https:/
rt kernel: kernel-
https:/
linux-firmware is brought forward due to a kernel spec file
build dependency.
CVE bug: CVE-2019- 11810:kernel: a NULL pointer dereference in scsi/megaraid/ megaraid_ sas_base. c leading to DoS
drivers/
CVE bug: CVE-2019-11811: kernel: use-after-free in IPMI Edit
CVE bug: CVE-2019-14835: kernel: vhost-net: guest to host kernel
escape during migration
Closes-Bug: 1849206
Closes-Bug: 1849209
Closes-Bug: 1847817
Change-Id: Ic8c107e4850d06 79470a4c8214c85 c6d9a800beb
Signed-off-by: Robin Lu <email address hidden>
commit 89edca84454d8ee 958b054c93c3931 9c4698ce95
Author: Martin, Chen <email address hidden>
Date: Fri Nov 1 15:32:48 2019 +0800
Add rook for ceph containerization to the tarball list.
Story: 2005527
Task: 37334
Change-Id: Ic13229981d511c 82496489815baac de4b6c60654
Signed-off-by: Martin, Chen <email address hidden>