When trying to install a python package, pip is not able to verify
the ssl cert. This change add --trusted-host parameter to pip so we're able to install the package from this specific host until we update the base image.
Test Plan:
PASS: Build image using docker build
Closes-Bug: 2065330
Change-Id: Iffcef09d97fc7e71339f357e748281ade86e52aa
Signed-off-by: Dostoievski Batista <dostoievski.albinobatista@windriver.com>
StarlingX is moving from Bullseye to Bookworm and intends to
use leading edge opensource redfishtool.
However, at this time, there is no publicly available version of
the latest redfishtool (version 1.1.8) in Bookworm or otherwise.
This update introduces a new package ; redfishtool version 1.1.8
This update also includes a github patch for a versioning update
that was released after version 1.1.8 was tagged. Without this
patch the installed version of redfishtool incorrectly reads 1.1.7.
Test Plan:
PASS: Verify build command 'build-pkgs -c -p redfishtool'
PASS: Verify build after manually removing the already downloaded
version of redfishtool 1.1.5
PASS: Verify build of newly created build env after manually
cherry-picking this update following the repo init/sync
PASS: Verify new redfishtool version is installed and reads as 1.1.8
PASS: Verify this new version passes acceptance testing across
a wide variety of servers manufacturers and models.
PASS: - provisioning with mtcAgent and hwmond processes.
PASS: - mtcAgent for power control
PASS: - hwmond for sensor monitoring
Story: 2010533
Task: 49991
Change-Id: I7bf2469033d2be3f0b693153b3b8ee86a63cc3b5
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
This change fixes two issues with the Isolated CPUs plugin.
1. Isolated CPU plugin systemd service does not start in the first
attempt following kubelet start.
2. Kubelet has intermittent communcation failure with
isolcpus_plugin, hence reports 0 allocatable isolated CPU devices.
The plugin communicates with the kubelet using RPC server at
/var/lib/kubelet/device-plugins/kubelet.sock, whereas kubelet
communicates with the plugin using socket file
/var/lib/kubelet/device-plugins/windriver.com-isolcpus.sock.
As per kubernetes' guidelines, plugin watches for removal or
renaming of file windriver.com-isolcpus.sock and restarts itself
in such an event.
Following events take place in the kubelet and the plugin after
they are started:
Plugin:
1. Create socket file windriver.com-isolcpus.sock.
2. Start serving on the socket file.
3. Register itself with the kubelet.
4. Start a watch on the socket file.
Kubelet: (events related to device plugin manager only)
1. Start device plugin registration server and wipes out
/var/lib/kubelet/device-plugins/windriver.com-isolcpus.sock
and /var/lib/kubelet/device-plugins/kubelet.sock.
2. Create kubelet.sock and start serving on it.
3. Register a plugin upon registration request.
4. Request device information to the plugin.
In a production environment, kubelet startup time varies and above
events when intermixed can take place in any sequence in time.
Plugin event 3 happening before kubelet event 2 causes plugin
to fail and is the root cause of the 1st issue mentioned above.
Plugin event 1 and 2 -> kubelet event 1 and 2 -> plugin event 3
-> kubelet event 3 and 4 causes kubelet to not find file
windriver.com-isolcpus.sock and causes 2nd issue mentioned above.
This change adds a wait to the isolcpu_plugin for the kubelet.sock
to be ready. This ensures that plugin directory wipe has completed
and is serving kubelet.sock hence fixing both the issues mentioned
above.
Test Plan:
On AIO-SX:
Pre-requisite: The label kube-cpu-mgr-policy=static is assigned to
the host with some CPUs reserved as
application-isolated.
PASS: Restart kubelet and check windriver.com/isolcpus device
capacity and allocatables are updated correctly.
(kubectl describe node)
PASS: Restart isol. CPU plugin and check windriver.com/isolcpus
device capacity and allocatables are updated correctly.
(kubectl describe node)
PASS: Reboot controller and check windriver.com/isolcpus
device capacity and allocatables are updated correctly.
(kubectl describe node)
PASS: Controller lock/unlock and and check windriver.com/isolcpus
device capacity and allocatables are updated correctly.
(kubectl describe node)
PASS: Remove file
/var/lib/kubelet/device-plugins/windriver.com-isolcpus.sock
and check windriver.com/isolcpus device capacity and
allocatables are updated correctly.
(kubectl describe node)
PASS: Rename file
/var/lib/kubelet/device-plugins/windriver.com-isolcpus.sock
and check windriver.com/isolcpus device capacity and
allocatables are updated correctly.
(kubectl describe node)
Note: Kubelet was patched to add a debug log after kubelet event 2
above. The log always appeared before the
'connection test success' info log in this change for all of
the above test cases. This issue is hard to reproduce without
patching kubelet and the plugin binary. So the fix cannot be
verified against the failure but can be better confirmed
through the log events.
Closes-Bug: 2064777
Change-Id: I9645af7609cab8703fe22e05125fbf2fcfb2d20c
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
This reverts commit bd90e442ac.
Reason for revert: DNS resolution for secondary pool is decided to be withdrawn.
Change-Id: Ib16289c3a9b5c321750a8c38b6972e93dc9579cf
Integrate a change from upstream linuxptp to downgrade the ptp4l log
message to debug when dus forward fails. Update the linuxptp patch
series accordingly.
If multiple management clients are used in the network and ptp4l
responded at least once over UDS, it will try to forward all management
responses received from network to the last UDS client. ptp4l doesn't
track the messages and doesn't know if they are responses to the UDS
client or other clients in the network. If the UDS client is no longer
running (receiving messages on its address), ptp4l logs "uds port:
management forward failed" error message. With frequent management
requests in the network this can lead to flooding of the system log.
Downgrade the error message to debug to disable it in the default log
level.
Test plan:
Pass: Verify package build
Pass: Verify ptp4l startup and basic operation
Pass: Verfiy "uds port" message is printed as at debug level
Closes-bug: 2064654
Change-Id: Ic778914d834f0d022d1c9f1df218940962ef93fe
Signed-off-by: Cole Walker <cole.walker@windriver.com>
Under high load, etcd /health check QGET times out occasionally.
This has been observed during IPsec enabled system deployment when
controller-1 is unlocked and drbd is synchronizing. In such cases
the etcd /health check timed out and causes uncontrolled swact.
This change increase the timeout value to 5s.
Test Plan (DX system):
PASS: etcd package build and image build.
PASS: controller-0 successfully installed, bootstrapped and unlocked,
with IPsec enabled.
PASS: controller-1 successfully installed, IPsec configed and enabled,
IPsec SAs established between controllers.
PASS: After controller-1 is unlocked, verify there is no uncontrolled
swact during drbd synchronization, and controller-1 comes up in
"enabled" and "available" state.
Story: 2010940
Task: 49930
Change-Id: I7ba66599de255c204157de82115a415d5568920d
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Switch to using "stage1" and "stage2" symlinks under
/var/lib/kubernetes to select versions for kubeadm, kubelet,
and kubectl.
We have been using bind mounts to select K8s versions, but they are not
well supported by Puppet and suffer from fragility since you cannot
remove a bind mount while an executable is still running from it. They
also need to be re-created when creating an OSTree hotfix.
Symlinks suffer from no such issues, they just need to be created in
a filesystem that is not managed by OSTree.
NOTE: This also requires the following two changes to go in at the same
time. All three must be in place for the symlinks to work properly.
https://review.opendev.org/c/starlingx/stx-puppet/+/916338https://review.opendev.org/c/starlingx/ansible-playbooks/+/916336
Story: 2011047
Task: 49915
TEST PLAN:
PASS:
Perform default install on AIO-SX, ensure no issues and K8s works as
expected.
PASS:
Perform default install on Standard lab, ensure no issues and K8s works
as expected.
PASS:
Install with K8s 1.24 on AIO-SX, do orchestrated upgrade covering
multiple K8s versions. Ensure no issues and K8s works as expected.
PASS:
Install with K8s 1.24 on Standard lab, do manual K8s upgrade, ensure
no issues and K8s works as expected.
PASS:
Do backup on AIO-SX while running K8s 1.25, ensure that after a restore
we are also running K8s 1.25. (NOTE: this test resulted in hitting
CGTS-55971 multiple times so the restore didn't complete successfully,
but the K8s symlinks were created as expected.)
Change-Id: Iffc4ed57c64c8cffd648345d7e03c7d9448ea891
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
Pods with namespace 'kube-system', or labeled with
'app.starlingx.io/component=platform' are identified as
'platform'. These have isolated cpu affinity cpuset when
kubelet cpu-manager 'static' policy is configured. This
decouples performance of application pods from the platform.
The new patch Identify-platform-pods-based-on-pod-or-namespace-labels
patch is used to identify platform pods using above criteria for
Kubernetes 1.25 and later. The hard-coded list of platform namespaces
is no longer required. The original hard-coded list is still kept
for Kubernetes 1.24 so we can phase in this change.
This will also fix the Kubernetes make test fail issue after merging
the review https://review.opendev.org/c/starlingx/integ/+/907637
This change also include the missed out patch
kubeadm-reduce-UpgradeManifestTimeout.patch for k8s 1.29.
Test Plan:
PASS: Run all Kubelet, kubeadm, kubectl make tests for affected code.
PASS: All affected versions of kubernetes package build successfully.
PASS: Create a pod with the platform label. Pod is classified as
a platform pod.
PASS: Create a pod without the platform label but in a namespace with
the platform label. Pod is classified as a platform pod.
PASS: Create a pod without the platform label and in a namespace
without the platform label. Pod is not classified as a platform
pod.
PASS: Verify correct cpuset affinity of platform vs application pods
after host lock/unlock
PASS: Verify kube-system namespace pods are correctly identified
as Platform
Closes-Bug: 2058042
Story: 2010612
Task: 49910
Change-Id: I0cc05c2e9057b64f9191317e72a1bf4d7b8d0771
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
Thinking about better tracking the Ceph Process States logs,
we have added some crucial information like PID, parental PID,
and the name of the parental process.
Also, some checking status INFO logs have been increased to DEBUG level.
yyyy-MM-dd HH:mm:ss.SSSSSS <script_path> <prefix> <log_level>: <message>
where, prefix = <pid_subshell> <ppid_name>[<ppid>] <name|optional>
Test Plan:
PASS: Checking the new logs pattern after using a new build.
PASS: Testing different scenarios and trying to track related SM
actions with logs in the ceph-process-states.log file.
Closes-Bug: 2063123
Change-Id: I218ae2316218d9548cd1b43d645ddfb338fd1bce
Signed-off-by: Hediberto Cavalcante da Silva <hediberto.cavalcantedasilva@windriver.com>
This reverts commit 424c00985e.
Reason for revert: The contents of the patch no longer match the
patch name, so this change is going to be implemented in a new patch.
Change-Id: I7b7c6d5e5d475c7900e0cef131eb6489104960ce
This commit adds host6 puppet module, that will be used to support
dual-stack on /etc/hosts file rendering.
Test Plan:
[PASS] AIO-SX deployment
- Test "dpkg -l puppet-module-uol-host6"
- check presence of /usr/share/puppet/modules/host6
Story: 2011027
Task: 49801
Change-Id: I0fde31808fe671892582a3cdb2764f8b8c7b48b8
Signed-off-by: Tara Nath Subedi <Tara.Subedi@windriver.com>
This change patches zmq GarbageCollector to use zmq.Context()
from eventlet.green instead of default zmq.Context().
It was identified that sysinv-agent process was hanged. It was blocked
on zmq garbage collector recv() call. Replacing the Garbage Collector to
use the green Context solves the issue.
Test Plan:
PASS: Build package with build-pkgs -p pyzmq
PASS: Build ISO
PASS: Install on lab, configure ACC100, backup system
PASS: Reinstall and restore system, then host-unlock
Closes-Bug: 2060867
Change-Id: I229a8a4c70ebb4d7056fa2ff60bfc910bf12b257
Signed-off-by: Alyson Deives Pereira <alyson.deivespereira@windriver.com>
This commit changes how we differentiate Helm charts when uploading new
StarlingX applications. The method previously used was based on
comparing SHA256 digests, which was causing the helm-upload script to
mistakenly report charts with the same implementation as different
after rebuilding them with no changes.
The new implementation uses the diff tool to perform such comparison so
that charts with the same implementation are reported as equals
regardless of whether they were rebuilt.
In addition, two new parameters were added to the helm-upload script:
* 'check-only': check if charts are valid without uploading them to
the given repository.
* 'upload-only': upload charts to the given repository bypassing the
preliminary checks.
The new parameters aim for more flexibility when integrating with other
pieces of software such as sysinv.
Test Plan:
PASS: build-pkgs -a && build-image
PASS: AIO-SX fresh install.
PASS: Update platform-integ-apps containing a rebuilt version of
ceph-pools-audit with no changes.
Confirm that the app was successfully updated.
PASS: Update platform-integ-apps containing a rebuilt version of
ceph-pools-audit containing changes to values.yaml but keeping the
same version number.
Confirm that the app update failed.
PASS: Run helm-upload with the 'check-only' parameter and confirm that
no charts were uploaded.
PASS: Run helm-upload with the 'upload-only' parameter and confirm that
charts were correctly uploaded.
PASS: Run helm-upload without the new parameters and confirm that the
original behavior was preserved.
Partial-Bug: 2053074
Change-Id: I45f6482118f5ecf9da1b51f21fbaf0db63eb321c
Signed-off-by: Igor Soares <Igor.PiresSoares@windriver.com>
This change allows ts2phc to be configured to ignore timing updates that
have a large offset spike in order to mitigate the resulting timing
skew.
In some circumstances on realtime systems with high CPU load, the
timestamp consumed by ts2phc can be delayed in reaching ts2phc and
results in the offset calculation attempting to speed the clock up by a
large margin.
This change causes ts2phc to ignore updates that would greatly skew the
clock when ts2phc is already in a synchronized state.
The global configuration option "max_phc_update_skip_cnt" is provided to
allow users to specify how many consecutive offset spike incidents will
be ignored before adjusting the clock. The default value is 120. The
behaviour can be disabled by setting max_phc_update_skip_cnt to 0.
This code is ported from a proposed upstream patch found here:
https://sourceforge.net/p/linuxptp/mailman/message/44114092/
Test-plan:
Pass: Verify linuxptp package build
Pass: Deploy ts2phc binary and verify system time sync
Pass: Manually trigger offset spike and verify that ts2phc maintains
stable time sync
Closes-bug: https://bugs.launchpad.net/starlingx/+bug/2059955
Change-Id: I13cd5c3440682ec9256e11449fe62d5fe28f66fa
Signed-off-by: Cole Walker <cole.walker@windriver.com>
Update version of Trident Installer to 24.02.0 to keep compatibility
with version 1.29 of k8s. Supports k8s from 1.24 to 1.29.
Test Plan:
- PASS: Tested Trident 24.02.0 installation and communication with
NetApp simulator.
- PASS: Tested the Trident update from version 23.10.0 to 24.02.0,
upgrading tridentctl client version and rerunning the
ansible-playbook to update the server version.
Story: 2011080
Task: 49784
Change-Id: Iaaf673f00fbc28c50f0bdacdb5a644000626f765
Signed-off-by: Erickson Silva de Oliveira <Erickson.SilvadeOliveira@windriver.com>
This change updates runc package from 1.1.7 to 1.1.12
and fixes the vulnerability issue - CVE-2024-21626.
https://nvd.nist.gov/vuln/detail/CVE-2024-21626
Test Plan:
PASS: runc package builds successfully
PASS: Build ISO successful with multiple kubernetes versions
PASS: Verify correct runc vesion on deployed system,
dpkg-query -f '${Version}' -W runc
PASS: Performed the K8s version upgrade from 1.24.4 to 1.28.4
PASS: Verify platform cpu occupancy is normal using
collectd.log and occtop tool
Closes-bug: https://bugs.launchpad.net/starlingx/+bug/2052401
Change-Id: Ia34c4a1bcab777a9af80e2b045960895f2bed976
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
This modifies kubeadm UpgradeManifestTimeout from 5 minutes default
to 3 minutes to reduce the unnecessary delay in retries during
kubeadm-upgrade-apply failures.
The typical control-plane upgrade of static pods is 75 to 85 seconds,
so 3 minutes gives adequate buffer to complete the operation.
TEST PLAN:
PASS: All Kubernetes packages build successfully from 1.24 to 1.28.
PASS: Perform k8s upgrade and verify kubeadm-upgrade-apply.log
shows the UpgradeManifestTimeout value as 3 minutes.
Partial-Bug: 2056326
Change-Id: Ief35c63dacc92af861525f03fa25ceb7b8253622
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
This change ports the following kubernetes 1.29.2 patches which were
refactored slightly to allow for upstream changes
The following patches were applied cleanly:
kubelet-sort-isolcpus-allocation-when-SMT-enabled.patch
kubelet-cpumanager-infra-pods-use-system-reserved-CP.patch
Affinity-of-guaranteed-pod-to-non-isolated-CPUs.patch
kubelet-CFS-quota-throttling-for-non-integer-cpulimit.patch
The following patches were refactored:
kubeadm-create-platform-pods-with-zero-CPU-resources.patch
kubernetes-make-isolcpus-allocation-SMT-aware.patch
kubelet-cpumanager-disable-CFS-quota-throttling.patch
kubelet-cpumanager-keep-normal-containers-off-reserv.patch
kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch
Test Plan:
PASS: Kubernetes package 1.29.2 builds properly.
PASS: Run all Kubelet, kubeadm, kubectl make tests for affected code.
Story: 2011047
Task: 49674
Change-Id: Ib24dc061a7da201650cc6550fd7bbed0aebe390c
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>
tzdata expires every 6-12 months.
Update to the latest tzdata, valid until Dec 2024
The new tzdata is supplied by upstream, we no longer need
to build it ourselves. We just need to be sure it is included
in the iso.
Verification:
- tzdata is no longer built
- build-iso and make sure it contains the new package
- check the package to ensure it contains the
expected leap-seconds.list file
- boot the iso and ensure nothing weird observed
regarding the date
- run "export TZ=/usr/share/zoneinfo/EST5EDT" followed
by the date command and ensure that it displays the
correct time for that timezone
Partial-Bug: 2054466
Change-Id: I765dc225f9b9f23799af662cd87fe94703857241
Signed-off-by: Scott Little <scott.little@windriver.com>
This change updates kubernetes package from 1.29.1 to 1.29.2
and it uses golang-1.21.7.
Test Plan:
PASS: kubernetes-1.29.2 package builds successfully
PASS: All packages build successfully
PASS: Build ISO successful with multiple kubernetes versions
PASS: For pkg-versioning, add a dummy commit to subdirectory
of kubernetes-1.29.2. Built package kubernetes-1.29.2
and verified that package version was incremented by 1.
PASS: Install the ISO as AIO-SX and verify the K8s 1.29.2 staged
binaries are present in the path /usr/local/kubernetes/1.29.2
Story: 2011047
Task: 49654
Depends-On: https://review.opendev.org/c/starlingx/compile/+/910697
Change-Id: Ib463753fe82527d64d7b0e5605895b0ed2c48e49
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
This change pulls in an upstream linuxptp fix to initialize the tm_isdst
variable.
An unitialized tm_isdst variable in ts2phc can result in mktime failing
and cause ts2phc to be unable to sync time with a "invalid master time
stamp" error.
The fault was intermittent based on the random value in the unitialized
variable. If it was read as a positive integer, mktime would fail and
the symptom would occur.
The upstream commit id is:
63fc1ef4fd5e5fc45dd4de3bf27920bb109a4357
Test plan:
Pass: Verify package build
Pass: Deploy updated ts2phc binary and perform repeated service
start/stops. The fault was not reproduced after 20 attempts.
Closes-bug: https://bugs.launchpad.net/starlingx/+bug/2055464
Change-Id: I9fb1722c6ab93f6bb9ec6cdc4fbe902a823b3e2e
Signed-off-by: Cole Walker <cole.walker@windriver.com>
This commit updates the containernetworking-plugins and
bond-cni pkgs to use golang-1.18.
Test Plan:
- PASS: downloader
- PASS: build pkgs
- PASS: build image
- PASS: the plugins are present at /var/opt/cni/bin/
- PASS: test the plugins' functionality
Story: 2010878
Task: 49619
Change-Id: Ie8e0f01502e74cf2fb7a4b3ba88c37b69609c297
Signed-off-by: Mohammad Issa <mohammad.issa@windriver.com>
The scripts in ifupdown-0.8.36 and ifupdown-extra-0.32, as they are
distributed, don't work correctly for detecting duplicate IP addresses
and gateway reachability in the interfaces. Because of this, error
messages are thrown in daemon.log even if error conditions don't exist.
This commit fixes the detection logic and also improves the log logic,
so that messages carry useful and accurate information.
Test plan
Systems: AIO-SX IPv4, AIO-SX IPv6
Scenarios without error/warning conditions
------------------------------------------
For these scenarios, OAM is over a regular ethernet interface, gateway
is reachable and there are no duplicate IP addresses. Log messages
must reflect this.
[PASS] mgmt and cluster-host over same eth port, pxe unassigned
[PASS] mgmt and cluster-host over same bond port, pxe unassigned
[PASS] mgmt and cluster-host over same vlan port, pxe unassigned
[PASS] mgmt and cluster-host over same vlan port, pxe assigned to
base eth
[PASS] mgmt and cluster-host over different vlan ports, pxe assigned
to base bond
Scenarios with error/warning conditions
---------------------------------------
For these scenarios, error/warning messages must appear and reflect
the real conditions.
[PASS] Cable disconnected in ethernet interface
[PASS] Cable disconnected in bonding interface
[PASS] Duplicate address in ethernet interface
[PASS] Duplicate address in vlan interface
[PASS] Duplicate address in bonding interface
[PASS] Missing gateway in ethernet interface
[PASS] Missing gateway in vlan interface
[PASS] Missing gateway in bonding interface
Closes-Bug: #2052534
Change-Id: Ie9152eff51f21bdcb8693f554eb696d63e2bab34
Signed-off-by: Lucas Ratusznei Fonseca <lucas.ratuszneifonseca@windriver.com>
This update added ipsec-server service to systemd preset config
to enable it on controllers.
Test Plan (DX system):
PASS: Install and bootstrap controller-0, verify ipsec-server is
"enabled" and "vendor preset: enabled" after first reboot and
bootstrap.
Story: 2010940
Task: 49583
Depends-On: https://review.opendev.org/c/starlingx/metal/+/907348
Change-Id: I41d4fdb9f9adc857234981e04de1a5a4e8af8721
Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
This adds kubernetes 1.29.1 package for Debian, this is built
using golang-1.21.6.
Taken from the previous version and modified the files for 1.29.1.
Test Plan:
PASS: kubernetes-1.29.1 package builds successfully
PASS: All packages build successfully
PASS: Build ISO successful with multiple kubernetes versions
PASS: For pkg-versioning, add a dummy commit to subdirectory
of kubernetes-1.29.1. Built package kubernetes-1.29.1
and verified that package version was incremented by 1.
PASS: Install the ISO as AIO-SX and verify the K8s 1.29.1 staged
binaries are present in the path /usr/local/kubernetes/1.29.1
Story: 2011047
Task: 49591
Depends-On: https://review.opendev.org/c/starlingx/compile/+/909068
Change-Id: I97b4a3a25ca93a2b414a1600f3ba8bd0f16b1e8c
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
This change updates kubernetes patch
kubelet-cpumanager-introduce-concept-of-isolated-CPU.patch
for supported kubernetes versions from 1.24 to 1.28.
Currently, for static CPU allocation, pods are identified
as platform pods using a hard-coded list of namespaces.
New method identifies a pod as a platform pod using label
assigned to it or its namespace.
Test Plan:
PASS: All affected versions of kubernetes package build successfully.
PASS: Create a pod with the platform label. Pod is classified as
a platform pod.
PASS: Create a pod without the platform label but in a namespace with
the platform label. Pod is classified as a platform pod.
PASS: Create a pod without the platform label and in a namespace
without the platform label. Pod is not classified as a platform
pod.
Depends-On: https://review.opendev.org/c/starlingx/config/+/907640
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/907641
Depends-On: https://review.opendev.org/c/starlingx/integ/+/908340
Depends-On: https://review.opendev.org/c/starlingx/integ/+/908958
Story: 2010612
Task: 47513
Change-Id: I654d466e51522b42a2e1d17a1828288089791b8f
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
This change covers up for the missed kubernetes version 1.24.4
in this change.
https://review.opendev.org/c/starlingx/integ/+/908340
Test Plan:
PASS: Kubernetes 1.24.4 package builds successfully.
Story: 2010878
Task: 49546
Change-Id: Iff11cd4ee8239bed5875100b4499216e80e27386
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
This update added strongswan IPSec daemon (charon) to systemd
preset config to enable it on all types of systems.
Test Plan (DX system):
PASS: Install and bootstrap controller-0, verify IPSec service is
"enabled" and "vendor preset: enabled" after first reboot and
bootstrap.
PASS: Unlock controller-0, verify IPSec service is enabled and
"vendor preset: enabled" after unlock.
PASS: Install controller-1, verify IPSec service is enabled and
"vendor preset: enabled" after first reboot.
Story: 2010940
Task: 49482
Co-Authored-By: Andy Ning <andy.ning@windriver.com>
Change-Id: I2bc122f080e33b87fd1b6535d1817df2a9cb0b52
Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>