Merge pull request #7355 from xcat2/master

Merge from master to 2.16 branch for 2.16.5 release. (1)

.github/workflows/xcat_test.yml

@@ -0,0 +1,9 @@
+name: xcat_test
+on: [pull_request, workflow_dispatch]
+jobs:
+  xcat_pr_test:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+      - run: sudo apt-get install -y fakeroot reprepro devscripts debhelper libcapture-tiny-perl libjson-perl libsoap-lite-perl libdbi-perl libcgi-pm-perl quilt openssh-server dpkg looptools genometools software-properties-common
+      - run: perl github_action_xcat_test.pl

Version

@@ -1 +1 @@
-2.16.4
+2.16.5

build-ubunturepo

@@ -105,7 +105,7 @@ for package in ${packages[@]}; do
 done
 
 # Supported distributions
-dists="saucy trusty utopic xenial bionic"
+dists="saucy trusty utopic xenial bionic focal"
 
 c_flag=            # xcat-core (trunk-delvel) path
 d_flag=            # xcat-dep (trunk) path

builddep.sh

@@ -239,9 +239,22 @@ if ! $GREP -q '%_gpg_name' $MACROS 2>/dev/null; then
 	echo '%_gpg_name xCAT Automatic Signing Key' >> $MACROS
 fi
 
-# Sign the rpms that are not already signed.  The "standard input reopened" warnings are normal.
-echo "===> Signing RPMs..."
-$XCATCOREDIR/build-utils/rpmsign.exp `find . -type f -name '*.rpm'` | grep -v -E '(already contains identical signature|was already signed|rpm --quiet --resign|WARNING: standard input reopened)'
+# Sign the rpms that are not already signed. The "standard input reopened" warnings are normal.
+# First, sign all non RH9 RPMS with DEFAULT algorithm, if running this script on RH7, most likely it will be SHA1
+echo "===> Signing RPMs with DEFAULT algorithm..."
+$XCATCOREDIR/build-utils/rpmsign.exp `find . -type f -name '*.rpm' ! -path './rh9/*'` | grep -v -E '(already contains identical signature|was already signed|rpm --quiet --resign|WARNING: standard input reopened)'
+
+# Update $MACROS file so that RPMS will be signed with SHA256 algorithm
+if ! $GREP -q '%_gpg_sign_cmd' $MACROS 2>/dev/null; then
+	echo '%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}' >> $MACROS
+fi
+
+# Second, sign all RH9 RPMS with SHA256 algorithm
+echo "===> Signing RH9 RPMs with SHA265 algorithm..."
+$XCATCOREDIR/build-utils/rpmsign.exp `find rh9 -type f -name '*.rpm'` | grep -v -E '(already contains identical signature|was already signed|rpm --quiet --resign|WARNING: standard input reopened)'
+
+# Remove SHA256 algorithm statement from $MACROS file, back to DEFAULT
+sed -i '/__gpg_sign_cmd/d' $MACROS
 
 # Create the repodata dirs
 echo "===> Creating repodata directories..."

docs/source/advanced/hierarchy/databases/mysql_remove.rst

@@ -12,10 +12,10 @@ If you no longer want to use MySQL/MariaDB to maintain ``xcatdb``, and like to s
 
       XCATBYPASS=1 restorexCATdb -p ~/xcat-dbback
 
-*  Change to PostgreSQL, following documentation: :doc:`/advanced/hierarchy/databases/postgres_install`
+*  To switch to PostgreSQL, follow: :doc:`/advanced/hierarchy/databases/postgres_install`
 
 
-*  Change back to default xCAT database, SQLite (**Note**:  xCAT Hierarchy cluster will no longer work)
+*  To switch to default xCAT database, SQLite (**Note**:  xCAT Hierarchy cluster will no longer work):
 
   #. Stop the ``xcatd`` daemon on the management node. ::
 
@@ -33,7 +33,7 @@ If you no longer want to use MySQL/MariaDB to maintain ``xcatdb``, and like to s
 
        mysql> drop user xcatadm;
 
-  #. Move, or remove, the  ``/etc/xcat/cfglog`` file as it points xCAT to MySQL/MariaDB.  (without this file, xCAT defaults to SQLite): ::
+  #. Move, or remove, the  ``/etc/xcat/cfgloc`` file as it points xCAT to MySQL/MariaDB.  (without this file, xCAT defaults to SQLite): ::
 
       rm /etc/xcat/cfgloc
 

docs/source/advanced/hierarchy/databases/postgres_remove.rst

@@ -32,9 +32,9 @@ To remove ``xcatdb`` completely from the PostgreSQL database and restore xCAT da
       rm -rf *
       exit
 
-#. Move, or remove, the  ``/etc/xcat/cfglog`` file as it points xCAT to PostgreSQL.  (without this file, xCAT defaults to SQLite): ::
+#. Move, or remove, the  ``/etc/xcat/cfgloc`` file as it points xCAT to PostgreSQL.  (without this file, xCAT defaults to SQLite): ::
 
-      mv /etc/xcat/cfgloc /etc/xcat/cfglog.postgres
+      mv /etc/xcat/cfgloc /etc/xcat/cfgloc.postgres
 
 #. Restore the PostgreSQL database into SQLite: ::
 

docs/source/advanced/security/ssl_config.rst

@@ -1,17 +1,16 @@
 OpenSSL Configuration
 =====================
 
-xCAT does not ship OpenSSL RPMS nor does it statically link to any OpenSSL libraries.  Communication between the xCAT client and daemon utilizes OpenSSL and the administrator can configure SSL_version and SSL_cipher that should be used by xCAT daemons.
+xCAT does not ship OpenSSL RPMS nor does it statically link to any OpenSSL libraries.  Communication between the xCAT client and daemon utilizes OpenSSL and the administrator can configure the SSL_version and SSL_cipher that should be used by xCAT daemons.
 
-The configuration is stored in the xCAT site table using the ``site.xcatsslversion`` and ``site.xcatsslciphers`` variables.
+The configuration is stored in the xCAT site table using the ``site.xcatsslversion`` and ``site.xcatsslciphers`` attributes.
 
 Configuration
 -------------
 
-``site.xcatsslversion`` is the ``SSL_version`` option ``xcatd`` used and passed to ``IO::Socket::SSL->start_SSL()``. By default, this value is set to empty. In this case, ``xcatd`` will use ``SSLv23:!SSLv2:!SSLv3:!TLSv1`` internally. For more detail, see https://metacpan.org/pod/IO::Socket::SSL
-By default, xCAT ships with an empty value for ``site.xcatsslversion``. In this case, ``xcatd`` will use ``SSLv23:!SSLv2:!SSLv3:!TLSv1`` internally.
+``site.xcatsslversion`` is the ``SSL_version`` option used by ``xcatd`` and passed to ``IO::Socket::SSL->start_SSL()``. See https://metacpan.org/pod/IO::Socket::SSL for more information. By default, xCAT ships with an empty value for ``site.xcatsslversion``. In this case, ``xcatd`` will use ``SSLv23:!SSLv2:!SSLv3:!TLSv1`` internally.
 
-Here is an example of change ``site.xcatsslversoin`` to a different value. Say, TLS 1.2 is preferred. ::
+Here is an example of changing ``site.xcatsslversion`` to a different value, ``TLSv1_2``, for example. ::
 
     chtab key=xcatsslversion site.value=TLSv1_2
 
@@ -23,8 +22,7 @@ After making any changes to these configuration values, ``xcatd`` must be restar
 
     service restart xcatd
 
-
-If any mistakes have been made and communication is lost to xCAT, use ``XCATBYPASS`` to fix/remove the bad configuration: ::
+If any mistakes have been made and communication is lost to xCAT, use ``XCATBYPASS`` to fix the bad configuration: ::
 
     XCATBYPASS=1 tabedit site
 

docs/source/conf.py

@@ -49,7 +49,7 @@
 
 # General information about the project.
 project = u'xCAT'
-copyright = u'2015-2021, IBM Corporation'
+copyright = u'2015-2022, IBM Corporation'
 author = u'IBM Corporation'
 
 # The version info for the project you're documenting, acts as replacement for
@@ -59,7 +59,7 @@
 # The short X.Y version.
 version = '2'
 # The full version, including alpha/beta/rc tags.
-release = '2.16.4'
+release = '2.16.5'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

docs/source/guides/admin-guides/manage_clusters/common/deployment/additionalpkg/nonubuntu_os_pkg.rst

@@ -77,31 +77,33 @@ where **/install/post/custom/<distro>/myotherlist** is another package list file
 
 Note: the trailing **"#"** character at the end of the line. It is important to specify this character for correct pkglist parsing.
 
-Group/Pattern Names
-'''''''''''''''''''
+Module/Group/Pattern Names
+''''''''''''''''''''''''''
 
-It is only supported for stateful deployment.
+.. note:: On SLES pattern names are not supported for diskless deployment
 
-In Linux, a groups of rpms can be packaged together into one package. It is called a group on RedHat, CentOS, Fedora and Scientific Linux. To get the list of available groups, run
+On Linux, groups of rpms can be packaged together into one package. It can be a module or a group on RedHat, CentOS, Fedora and Scientific Linux. To get the list of available groups, run
 
 * **[RHEL]** ::
 
-   yum grouplist
+   yum group list
+   yum module list
 
 * **[SLES]** ::
 
    zypper se -t pattern
 
-You can specify in this file the group/pattern names by adding a **'@'** and a space before the group/pattern names. For example: ::
+You can specify module/group/pattern names by adding a **'@'** before the module/group/pattern names. For example: ::
 
-    @ base
+    @base
+    @Security Tools
+    @ruby:2.6
 
 Remove RPMs After Installing
 ''''''''''''''''''''''''''''
 
-It is only supported for stateful deployment.
-
-You can specify in this file that certain rpms to be removed after installing the new software. This is done by adding **'-'** before the rpm names you want to remove. For example: ::
+You can specify that certain rpms to be removed after installing the new software. This is done by adding **'-'** before the rpm names you want to remove. For example: ::
 
     -ntp
+    -@ruby:2.6
 

docs/source/guides/admin-guides/manage_clusters/common/deployment/generate_img.rst

@@ -1,51 +1,49 @@
 Generate Diskless Image
 =======================
 
-The ``copycds`` command copies the contents of the Linux media to ``/install/<os>/<arch>`` so that it will be available for installing nodes or creating diskless images.  After executing ``copycds``, there are several ``osimage`` definitions created by default.  Run ``tabdump osimage`` to view these images: ::
+The ``copycds`` command copies the contents of the Linux media to ``/install/<os>/<arch>`` so that it will be available for installing nodes or creating diskless images.  After executing ``copycds``, there are several ``osimage`` definitions created by default.  Run ``lsdef -t osimage`` to view these images: ::
 
-        tabdump osimage
+        lsdef -t osimage
 
 The output should be similar to the following: ::
 
-        "rhels7.1-ppc64le-install-compute",,"compute","linux",,"install",,"rhels7.1-ppc64le",,,"Linux","rhels7.1","ppc64le",,,,,,,,
-        "rhels7.1-ppc64le-install-service",,"service","linux",,"install",,"rhels7.1-ppc64le",,,"Linux","rhels7.1","ppc64le",,,,,,,,
-        "rhels7.1-ppc64le-stateful-mgmtnode",,"compute","linux",,"install",,"rhels7.1-ppc64le",,,"Linux","rhels7.1","ppc64le",,,,,,,,
-        "rhels7.1-ppc64le-netboot-compute",,"compute","linux",,"netboot",,"rhels7.1-ppc64le",,,"Linux","rhels7.1","ppc64le",,,,,,,,
+        rhels8.5.0-ppc64le-install-compute  (osimage)
+        rhels8.5.0-ppc64le-install-service  (osimage)
+        rhels8.5.0-ppc64le-netboot-compute  (osimage)
 
-The ``netboot-compute`` is the default **diskless** osimage created rhels7.1 ppc64le.  Run ``genimage`` to generate a diskless image based on the "rhels7.1-ppc64le-netboot-compute" definition: ::
+The ``netboot-compute`` is the default **diskless** osimage created for rhels8.5 ppc64le.  Run ``genimage`` to generate a diskless image based on the `rhels8.5.0-ppc64le-netboot-compute` definition: ::
 
-        genimage rhels7.1-ppc64le-netboot-compute
+        genimage rhels8.5.0-ppc64le-netboot-compute
 
 Before packing the diskless image, you have the opportunity to change any files in the image by changing to the ``rootimgdir`` and making modifications.  (e.g. ``/install/netboot/rhels7.1/ppc64le/compute/rootimg``).
 
-However it's recommended that all changes to the image are made via post install scripts so that it's easily repeatable. Although, instead, we recommend that you make all changes to the image via your postinstall script, so that it is repeatable.  Refer to :doc:`/guides/admin-guides/manage_clusters/ppc64le/diskless/customize_image/pre_post_script` for more details.
+However it's recommended that all changes to the image are made via post install scripts so that it's easily repeatable. Refer to :doc:`/guides/admin-guides/manage_clusters/ppc64le/diskless/customize_image/pre_post_script` for more details.
 
 
 Pack Diskless Image
 ===================
 
-After you run ``genimage`` to create the image, you can go ahead to pack the image to create the ramdisk: ::
+After running ``genimage`` to create the image, run ``packimage`` to create the ramdisk: ::
 
-        packimage rhels7.1-ppc64le-netboot-compute
+        packimage rhels8.5.0-ppc64le-netboot-compute
 
 Export and Import Image
 =======================
 
 Overview
 --------
 
-Note: There is a current restriction that exported 2.7 xCAT images cannot be imported on 2.8 xCAT `<https://sourceforge.net/p/xcat/bugs/3813/>`_. This is no longer a restrictions, if you are running xCAT 2.8.3 or later.
+.. note:: There is a current restriction that exported 2.7 xCAT images cannot be imported on 2.8 xCAT `<https://sourceforge.net/p/xcat/bugs/3813/>`_.
 
 We want to create a system of making xCAT images more portable so that they can be shared and prevent people from reinventing the wheel. While every install is unique there are some things that can be shared among different sites to make images more portable. In addition, creating a method like this allows us to create snap shots of images we may find useful to revert to in different situations.
 
-Image exporting and importing are supported for stateful (diskful) and stateless (diskless) clusters.  The following documentation will show how to use :doc:`imgexport </guides/admin-guides/references/man1/imgexport.1>` to export images and :doc:`imgimport </guides/admin-guides/references/man1/imgimport.1>` to import images.
+Image exporting and importing is supported for stateful (diskful) and stateless (diskless) clusters.  The following documentation will show how to use :doc:`imgexport </guides/admin-guides/references/man1/imgexport.1>` to export images and :doc:`imgimport </guides/admin-guides/references/man1/imgimport.1>` to import images.
 
 
 Exporting an image
 ------------------
 
-1, The user has a working image and the image is defined in the osimage table and linuximage table.
-  example: ::
+Working image::
 
         lsdef -t osimage myimage
         Object name: myimage
@@ -64,34 +62,28 @@ Exporting an image
         provmethod=netboot
         rootimgdir=/install/netboot/sles12/ppc64le/compute1
         synclists=/install/custom/netboot/sles/compute1.list
-2, The user runs the imgexport command.
-  example: ::
+
+Run the ``imgexport`` command::
 
         imgexport myimage -p node1 -e /install/postscripts/myscript1 -e /install/postscripts/myscript2
-        (-p and -e are optional)
 
-A bundle file called myimage.tgz will be created under the current directory. The bundle file contains the ramdisk, boot kernel, the root image and all the configuration files for generating the image for a diskless cluster. For diskful, it contains the kickstart/autoyast configuration file. (see appendix). The -p flag puts the names of the postscripts for node1 into the image bundle. The -e flags put additional files into the bundle. In this case two postscripts myscript1 and myscript2 are included.
+A bundle file called `myimage.tgz` will be created under the current directory. The bundle file contains the ramdisk, boot kernel, the root image and all the configuration files for generating the image for a diskless node. For diskful, it contains the kickstart/autoyast configuration file. (see appendix). The optional **-p** flag puts the names of the postscripts for node1 into the image bundle. The optional **-e** flags put additional files into the bundle. In this case two postscripts `myscript1` and `myscript2` are included.
 This image can now be used on other systems.
 
 Importing an image
 ------------------
 
-#. User downloads a image bundle file from somewhere. (Sumavi.com will be hosting many of these).
-#. User runs the imgimport command.
-
-  example: ::
+#. Download the image bundle file generated by the ``imgexport``.
+#. Run the ``imgimport`` command.::
 
         imgimport myimage.tgz -p group1
-        (-p is optional)
 
-This command fills out the osimage and linuximage tables, and populates file directories with appropriate files from the image bundle file such as ramdisk, boot kernel, root image, configuration files for diskless. Any additional files that come with the bundle file will also be put into the appropriate directories. If -p flag is specified, the postscript names that come with the image will be put the into the postscripts table for the given node or group.
+This command fills out the osimage and linuximage tables, and populates file directories with appropriate files from the image bundle file such as ramdisk, boot kernel, root image, configuration files for diskless. Any additional files that come with the bundle file will also be put into the appropriate directories. If optional **-p** flag is specified, the postscript names that come with the image will be put the into the postscripts table for the given node or group.
 
 Copy an image to a new image name on the MN
 -------------------------------------------
 
-Very often, the user wants to make a copy of an existing image on the same xCAT mn as a start point to make modifications. In this case, you can run imgexport first as described on chapter 2, then run imgimport with -f flag to change the profile name of the image. That way the image will be copied into a different directory on the same xCAT mn.
-
-  example: ::
+Very often, the user wants to make a copy of an existing image on the same xCAT MN as a start point to make modifications. In this case, you can run ``imgexport`` first as described above, then run imgimport with **-f** flag to change the profile name of the image. That way the image will be copied into a different directory on the same xCAT MN.::
 
         imgimport myimage.tgz -p group1 -f compute2
 
@@ -100,37 +92,34 @@ Modify an image (optional)
 
 Skip this section if you want to use the image as is.
 
-1, The use can modify the image to fit his/her own need. The following can be modified.
+1. You can modify the image to fit your needs. The following can be modified.
 
-* Modify .pkglist file to add or remove packages that are from the os distro
+  * ``.pkglist`` file to add or remove packages that are from the os distro
 
-* Modify .otherpkgs.pkglist to add or remove packages from other sources. Refer to ``Using_Updatenode`` for details
+  * ``.otherpkgs.pkglist`` to add or remove packages from other sources. Refer to :doc:`Using updatenode </guides/admin-guides/manage_clusters/ppc64le/updatenode>` for details
 
-* For diskful, modify the .tmpl file to change the kickstart/autoyast configuration
+  * For diskful, ``.tmpl`` file to change the kickstart/autoyast configuration
 
-* Modify .synclist file to change the files that are going to be synchronized to the nodes
+  * ``.synclist`` file to change the files that are going to be synchronized to the nodes
 
-* Modify the postscripts table for the nodes to be deployed
+  * postscripts table for the nodes to be deployed
 
-* Modify the osimage and/or linuximage tables for the location of the source rpms and the rootimage location
+  * the osimage and/or linuximage tables for the location of the source rpms and the rootimage location
 
-2, Run genimage: ::
+2. Run ``genimage``: ::
 
         genimage image_name
 
-3, Run packimage: ::
+3. Run ``packimage``: ::
 
         packimage image_name
 
 Deploying nodes
 ---------------
 
-You can change the provmethod of the node to the new image_name if different: ::
-
-        chdef <noderange> provmethod=<image_name>
-        nodeset <noderange> osimage=<image_name>
+You can now deploy the node with the new `<image_name>` ::
 
-and the node is ready to deploy.
+        rinstall <noderange> osimage=<image_name>
 
 Appendix
 --------
@@ -144,7 +133,7 @@ You can only export/import one image at a time. Each tarball will have the follo
 manifest.xml
 ~~~~~~~~~~~~
 
-The manifest.xml will be analogous to an autoyast or windows unattend.xml file where it tells xCAT how to store the items. The following is an example for a diskless cluster: ::
+The ``manifest.xml`` will be analogous to an autoyast or windows ``unattend.xml`` file where it tells xCAT how to store the items. The following is an example for a diskless cluster: ::
 
         manifest.xml:
 
@@ -207,5 +196,5 @@ For diskless: ::
              x.exlist
 
 
-Note: Although the postscripts names can be exported by using the -p flag. The postscripts themselves are not included in the bundle file by default. The use has to use -e flag to get them included one by one if needed.
+.. note:: Although the postscripts names can be exported by using the **-p** flag, the postscripts themselves are not included in the bundle file by default. Use **-e** flag to get them included one by one if needed.