StarlingX

  1. Bug #1856740
  2. Comment #7

Comment 7 for bug 1856740

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-puppet (f/centos8)

Reviewed: https://review.opendev.org/705852
Committed: https://git.openstack.org/cgit/starlingx/stx-puppet/commit/?id=e1f095eb112f76a133734a17f01afeb9828ebaf2
Submitter: Zuul
Branch: f/centos8

commit fc7b9b3d8d811fd50427b584dae5b7488947bb03
Author: Angie Wang <email address hidden>
Date: Tue Jan 28 13:57:52 2020 -0500

    Fix the image download failure on IPv6 system

    "crictl pull" failed to pull images on IPv6 system with
    proxy setting since Containerd doesn't work with the
    NO_PROXY environment variable that has IPv6 addresses
    with square brackets. This commit updates to strip out
    the square brackets from NO_PROXY environment variable.

    Change-Id: I6bb5ad0379f576f66d77a90dfdca94f5e0f28f0c
    Closes-Bug: 1859835
    Signed-off-by: Angie Wang <email address hidden>

commit 950670ac1f0bfaa43e29eeb3ffda71a94de66520
Author: Jim Somerville <email address hidden>
Date: Mon Jan 27 17:09:52 2020 -0500

    Security: Add nospectre_v1 to the security params

    Most of the v1 mitigation is baked into the kernel and not
    optional. The swapgs barriers are, however, optional.
    They have a negative performance impact so we disable them
    by using the nospectre_v1 kernel bootarg.

    Partial-Bug: 1860193
    Depends-On: https://review.opendev.org/#/c/704406
    Change-Id: Iaa11ba3f430fc064ebda679cf290474d3be413da
    Signed-off-by: Jim Somerville <email address hidden>

commit 83775d38804fb665af518127051b37a1daf31e36
Author: David Sullivan <email address hidden>
Date: Wed Jan 15 23:50:23 2020 -0500

    Install secondary controller nodes with kubeadm join

    Kubeadm init is no longer supported for installing secondary nodes in an
    HA kubernetes cluster. kubeadm join with the --controller-plane option
    should be used.

    Change-Id: I21a30b9e871d05c59a19e33a9d278f0217682da6
    Closes-Bug: 1846829
    Depends-On: https://review.opendev.org/702797
    Signed-off-by: David Sullivan <email address hidden>

commit c94fa4a0174b96e0716d39bbea7e6fbbbee415a9
Author: Shuicheng Lin <email address hidden>
Date: Thu Jan 23 02:45:31 2020 +0800

    Fix duplex system controller-1 fail to boot after unlock

    It is due to controller-1 doesn't have /opt/platform/config folder.
    And cause puppet failure due to using non-exist file as source.
    Restrict the code for worker node only, since controller node
    already has ca cert in the ssl folder.

    Test:
    Pass simplex/duplex/multi node deployment with vm created.

    Closes-Bug: 1860529
    Change-Id: I808ee15e5c78ebead114219d0ec428fb45cc9128
    Signed-off-by: Shuicheng Lin <email address hidden>

commit 27f167eb14a04bc67ecca59af3b617c115522101
Author: Angie Wang <email address hidden>
Date: Wed Jan 15 16:15:26 2020 -0500

    Remove puppet-manifests code made obsolete by ansible

    As a result of switch to Ansible, remove the obsolete erb
    templates and remove the dependency of is_initial_config_primary
    facter.

    Change-Id: I4ca6525f01a37da971dc66a11ee99ea4e115e3ad
    Partial-Bug: 1834218
    Depends-On: https://review.opendev.org/#/c/703517/
    Signed-off-by: Angie Wang <email address hidden>

commit 3bb532eb39fbfaf6c46d8be13c6111313dd3d581
Author: Robert Church <email address hidden>
Date: Thu Jan 16 02:43:29 2020 -0500

    Provide a specific route runtime class

    In an effort to optimize the time required to update interface routes,
    restructure the platform::interfaces class to extract creating resources
    for routes and addresses into separate classes. This allows the route
    specific resources and dependencies to be called from a dedicated
    runtime class.

    Change-Id: Ieba501a6bd86164599eff97b9fe73d847740df68
    Story: 2007101
    Task: 38156
    Signed-off-by: Robert Church <email address hidden>

commit 58bc99d89110a27d4e91393c7466904ecc8b1404
Author: Robert Church <email address hidden>
Date: Thu Jan 16 02:36:55 2020 -0500

    Purge filebucket contents after every apply

    Since filebucket doesn't have a built in cleanup mechanism, filebucket
    entries will continually grow over time as puppet implements file
    changes. Eventually, this will have space and inode impacts on the root
    filesystem.

    To avoid these issues on long running systems, remove the contents of
    the filebucket directory after every apply.

    Change-Id: I02519b9f61b0c1b95ceeca073448f42851ed9551
    Story: 2007101
    Task: 38155
    Signed-off-by: Robert Church <email address hidden>

commit 1b5372b52cd58042e9623d6e9e076fc2d430f312
Author: Bart Wensley <email address hidden>
Date: Mon Jan 20 12:28:20 2020 -0600

    Configure keystone http timeouts for dcmanager

    The dcmanager currently has no http_connect_timeout set for
    keystone connections. That can result in an attempt to contact
    keystone (e.g. to get a token) taking several minutes to
    timeout if the keystone api is not reachable (e.g. if a subcloud
    is powered down).

    Changing the http_connect_timeout to 10s and configuring
    http_request_max_retries as 3 (that is also the default but
    adding this to the puppet module allows for easy changes in the
    future).

    Change-Id: I6a62846e7f4e75e9b2f0705f59818243ea909e41
    Partial-Bug: 1854894
    Signed-off-by: Bart Wensley <email address hidden>

commit 7b2726ed1b235471172e1e2002a1c0981870f039
Author: Lin Shuicheng <email address hidden>
Date: Sun Jan 19 01:56:49 2020 +0000

    Revert "Revert "Add Kata Container support in StarlingX""

    This reverts commit 0f9dd0491b6847c069f77f5dac418a638bb25712.

    Depends-On: https://review.opendev.org/703263
    Change-Id: I81fe7f8502d14ba6e414fafddff6252f0eea8e5d
    Signed-off-by: Shuicheng Lin <email address hidden>

commit 0f9dd0491b6847c069f77f5dac418a638bb25712
Author: Don Penney <email address hidden>
Date: Tue Jan 14 20:38:41 2020 +0000

    Revert "Add Kata Container support in StarlingX"

    This reverts commit 0dd7219a17f27bb35678bc2e3cf5961bedf59f07.

    Reverting due to https://bugs.launchpad.net/starlingx/+bug/1859686

    Change-Id: I6b7d3bcb392275a53bfe93c306e3b462b393f3a1

commit 130919c096d3699022f9994957253e11b861b834
Author: Tyler Smith <email address hidden>
Date: Thu Jan 9 15:12:22 2020 -0500

    Removing service catalog insertion from dcorch proxy

    requests going through the dcorch proxy were having the entire service
    catalog tacked on during the authtoken filter stage, this was resulting
    in the header size growing too large for sysinv to handle the forwarded
    requests.

    This commit sets keystone_authtoken/include_service_catalog to False in
    the dcorch settings to prevent this.

    Tested by installing a subcloud, bringing online and managing, as well
    as doing sysinv queries to SystemController. I've tested with 200
    subclouds in dcmanager without issue.

    Change-Id: Ic47c062bd8b5376084d27a9378c131650d9ec2da
    Closes-Bug: 1856740
    Signed-off-by: Tyler Smith <email address hidden>

commit ab8a592a996d20dc5b0ec393f47a0012250aa260
Author: marvin <email address hidden>
Date: Thu Nov 21 18:27:16 2019 +0800

    Monitor the datanetwork for non-OpenStack work node

    Update the lmon to support datanetwork interface monitoring
    and use collectd to control the alarm information. Now lmon
    will obtain the list of interfaces from /etc/lmon/lmon.conf
    which can be generated by puppet.

    Change-Id: I45fd056bd71f2ff9b49b52b8143e43179f18e03c
    Story: #2002948
    Task: #37326
    Depends-on: https://review.opendev.org/#/c/694927
    Signed-off-by: marvin <email address hidden>

commit 99d07a29865b4099acce95d3c8ee5b00e05d495c
Author: Don Penney <email address hidden>
Date: Thu Jan 2 17:42:00 2020 -0500

    Generate DNF repo config files from puppet

    Update the patching manifest to generate the DNF repo config files.

    Depends-On: https://review.opendev.org/700961
    Change-Id: I9f21ae4bd20b7a1c861f9ac06e47cec579940438
    Story: 2006227
    Task: 37934
    Signed-off-by: Don Penney <email address hidden>

commit 0dd7219a17f27bb35678bc2e3cf5961bedf59f07
Author: Shuicheng Lin <email address hidden>
Date: Fri Sep 27 23:33:31 2019 +0800

    Add Kata Container support in StarlingX

    1. add config for containerd
    2. switch kubernetes to use containerd as CRI.

    Story: 2006145
    Task: 36835
    Depends-On: https://review.opendev.org/685211
    Change-Id: I4beab0725bd069ca5394049ad898a0899ce00d1b
    Signed-off-by: Shuicheng Lin <email address hidden>

commit e86f8b90fd71c6c2df5613ac83dcb9a357f5a364
Author: Mingyuan Qi <email address hidden>
Date: Thu Oct 31 11:16:01 2019 +0800

    Rotate k8s certificate automatically

    By default, k8s cluster certificates generated by kubeadm have 1
    year expiration. After certificates expired, k8s will not rotate
    them automatically.

    This commit checks the cert expiration date every day and rotates
    them automatically if they expires within 90 days. After cert
    renewed, all the k8s master component configurations will be updated.

    An alarm will be sent to fm to notify the administrator to
    reboot the controllers or renew the certs manually if the automatic
    process fails.

    Change-Id: I383120b8904857bcf09ad6ca999900ce8eda9b95
    Closes-Bug: 1838659
    Depends-On: https://review.opendev.org/#/c/696224/
    Depends-On: https://review.opendev.org/#/c/698624/
    Signed-off-by: Mingyuan Qi <email address hidden>