From 044ae309f61af460e972c026b172a647155058a8 Mon Sep 17 00:00:00 2001 From: olgashtivelman <33713489+olgashtivelman@users.noreply.github.com> Date: Tue, 25 Sep 2018 11:11:02 +0300 Subject: [PATCH 01/47] UB-1491: Add log message for flex detach (#208) This PR is needed for the automated testing of the idempotent issues. (yes its known that this is not good, but that is the current state of the automation hopefully this could be avoided and changed in the future) the automation needs there to be a WWN in the warning message so in order to not make multiple calls to ubiquity server there was small refactor done . --- controller/controller.go | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/controller/controller.go b/controller/controller.go index 2c2254ec6..2da376d5c 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -886,14 +886,23 @@ func (c *Controller) doDetach(detachRequest k8sresources.FlexVolumeDetachRequest if host == "" { // only when triggered during unmount var err error - host, err = c.getHostAttached(detachRequest.Name, detachRequest.Context) + + // TODO: if the automation will stop using loggin authenticatin and the WWN here is no longer needed we can + // we can go back to using regulat getHostAttached and remove getHostAttachUsingConfig. + getVolumeConfigRequest := resources.GetVolumeConfigRequest{Name: detachRequest.Name, Context: detachRequest.Context} + volumeConfig, err := c.Client.GetVolumeConfig(getVolumeConfigRequest) if err != nil { - return c.logger.ErrorRet(err, "getHostAttached failed") + return c.logger.ErrorRet(err, "getVolumeConfig failed.", logs.Args{{"vol", detachRequest.Name}}) + } + + host, err = c.getHostAttachUsingConfig(volumeConfig) + if err != nil { + return c.logger.ErrorRet(err, "getHostAttached failed.") } if host == "" { // this means that the host is not attached to anything so no reason to call detach - c.logger.Warning(fmt.Sprintf("Vol: %s is not attahced to any host. so no detach action is called.", detachRequest.Name)) + c.logger.Warning(fmt.Sprintf("Idempotent issue encoutered - vol is not attached to any host. so no detach action is called"), logs.Args{{"vol wwn", volumeConfig["Wwn"]}}) return nil } } @@ -926,6 +935,16 @@ func (c *Controller) doIsAttached(isAttachedRequest k8sresources.FlexVolumeIsAtt return isAttached, nil } +func (c *Controller) getHostAttachUsingConfig(volumeConfig map[string]interface{}) (string, error){ + attachTo, ok := volumeConfig[resources.ScbeKeyVolAttachToHost].(string) + if !ok { + return "", c.logger.ErrorRet(fmt.Errorf("GetVolumeConfig is missing info"), "GetVolumeConfig missing info.", logs.Args{{"arg", resources.ScbeKeyVolAttachToHost}}) + } + c.logger.Debug("", logs.Args{{"volumeConfig", volumeConfig}, {"attachTo", attachTo}}) + + return attachTo, nil +} + func (c *Controller) getHostAttached(volName string, requestContext resources.RequestContext) (string, error) { defer c.logger.Trace(logs.DEBUG)() @@ -934,14 +953,8 @@ func (c *Controller) getHostAttached(volName string, requestContext resources.Re if err != nil { return "", c.logger.ErrorRet(err, "Client.GetVolumeConfig failed") } - - attachTo, ok := volumeConfig[resources.ScbeKeyVolAttachToHost].(string) - if !ok { - return "", c.logger.ErrorRet(err, "GetVolumeConfig missing info", logs.Args{{"arg", resources.ScbeKeyVolAttachToHost}}) - } - c.logger.Debug("", logs.Args{{"volumeConfig", volumeConfig}, {"attachTo", attachTo}}) - - return attachTo, nil + + return c.getHostAttachUsingConfig(volumeConfig) } func getVolumeForMountpoint(mountpoint string, volumes []resources.Volume) (resources.Volume, error) { From de32637605451b3fd04073cd574faf2ffd45c4f0 Mon Sep 17 00:00:00 2001 From: olgasht Date: Tue, 25 Sep 2018 11:25:59 +0300 Subject: [PATCH 02/47] Ub-599: fiscover by sg_ibq continue on bad mpath device --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index 1c934f803..fd59be03e 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: a91d9984ae76f7a15cb18b5e0c318bc8d85a350e + version: 19891dbfbc526a5f56e87bcccb6342f638dd8080 subpackages: - remote - resources From ccb3bb4360558c1c19cc7721187cc080403400e9 Mon Sep 17 00:00:00 2001 From: olgashtivelman <33713489+olgashtivelman@users.noreply.github.com> Date: Tue, 25 Sep 2018 11:30:25 +0300 Subject: [PATCH 03/47] Fix/ub 1431 fix glog errors in provisioner (#212) currently there are errors filling the provisioner logs that look like this: ERROR: logging before flag.Parse: I0716 13:33:58.655590 1 controller.go:1063] volume "ibm-ubiquity-db" deleted from database ERROR: logging before flag.Parse: I0716 13:34:00.224200 1 controller.go:826] volume "ibm-ubiquity-db" for claim "ubiquity/ibm- they seem to be caused by some change in glog (used by kuberentes) this small fix removes them from the log. (fix was taking from : https://github.com/cloudnativelabs/kube-router/commit/78a0aeb39793c86a7fcb9688bf63a72a6cbb4f90 ) --- cmd/provisioner/main/main.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cmd/provisioner/main/main.go b/cmd/provisioner/main/main.go index 20a9f4ee3..b3e9a279f 100644 --- a/cmd/provisioner/main/main.go +++ b/cmd/provisioner/main/main.go @@ -30,6 +30,7 @@ import ( "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" "os" + "flag" ) var ( @@ -39,6 +40,11 @@ var ( func main() { + /* this is fixing an existing issue with glog in kuberenetes in version 1.9 + if we ever move to a newer code version this can be removed. + */ + flag.CommandLine.Parse([]string{}) + ubiquityConfig, err := k8sutils.LoadConfig() if err != nil { panic(fmt.Errorf("Failed to load config %#v", err)) From d72c1c2bd8f63884fb18049e73ded52bcda0405d Mon Sep 17 00:00:00 2001 From: olgasht Date: Thu, 27 Sep 2018 13:33:39 +0300 Subject: [PATCH 04/47] UB-1406: remove mountpoint safely --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index fd59be03e..05d7930d7 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 19891dbfbc526a5f56e87bcccb6342f638dd8080 + version: 6cf91681a933db96cfb78c05f3f27c20cba9f8af subpackages: - remote - resources From e09caec6254bfaf88787d3f5078791715cffe582 Mon Sep 17 00:00:00 2001 From: Yadavendra Yadav Date: Thu, 4 Oct 2018 18:27:59 +0530 Subject: [PATCH 05/47] UB-1503: epic1 : Fix ubiqutiy flex Mount API to fetch the right Scale PV mountpoint (#209) - Added idempotent changes for IsAttached/Attach/Detach operations. - For SpectrumScale backend IsAttached/Attach/Detach will return "Not Supported". - fixed lnpath for spectrum scale - Added new function getMountpointForVolume which will return apprpriate mountpoint based on respective backends. - Added UT for changes Additional changes pulled in this PR because of rebase. - UB-1491: Add log message for flex detach (#208) - Ub-599: fiscover by sg_ibq continue on bad mpath device - Fix/ub 1431 fix glog errors in provisioner (#212) --- controller/controller.go | 165 ++++++++++++++++++++++++++-------- controller/controller_test.go | 144 +++++++++++++++++++++++++++++ controller/errors.go | 12 +++ glide.yaml | 2 +- 4 files changed, 284 insertions(+), 39 deletions(-) diff --git a/controller/controller.go b/controller/controller.go index 2da376d5c..c9a4f6eee 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -39,6 +39,7 @@ const( k8sMountPointvolumeDirectoryName = "ibm~ubiquity-k8s-flex" FlexSuccessStr = "Success" FlexFailureStr = "Failure" + FlexNotSupportedStr = "Not supported" ) //Controller this is a structure that controls volume management @@ -126,9 +127,25 @@ func (c *Controller) Attach(attachRequest k8sresources.FlexVolumeAttachRequest) defer logs.GetDeleteFromMapFunc(go_id) defer c.logger.Trace(logs.DEBUG)() var response k8sresources.FlexVolumeResponse + var err error c.logger.Debug("", logs.Args{{"request", attachRequest}}) - err := c.doAttach(attachRequest) + getVolumeRequest := resources.GetVolumeRequest{Name:attachRequest.Name} + volume, err := c.Client.GetVolume(getVolumeRequest) + + if err != nil { + errormsg := fmt.Sprintf("Failed to get Volume details [%s]", attachRequest.Name) + response = c.failureFlexVolumeResponse(err, errormsg) + return response + } + + //TODO: later we should consider to get the volume backend by using the attachRequest.opts instead of calling to ubiquity server + if (volume.Backend == resources.SpectrumScale) { + response = c.notSupportedFlexVolumeResponse("Flex Attach API is not supported for spectrum-scale backend, because the backend assume that volume is already attached to all nodes") + return response + } + + err = c.doAttach(attachRequest) if err != nil { msg := fmt.Sprintf("Failed to attach volume [%s]", attachRequest.Name) response = c.failureFlexVolumeResponse(err, msg) @@ -178,8 +195,38 @@ func (c *Controller) IsAttached(isAttachedRequest k8sresources.FlexVolumeIsAttac defer logs.GetDeleteFromMapFunc(go_id) defer c.logger.Trace(logs.DEBUG)() var response k8sresources.FlexVolumeResponse + var volume resources.Volume + var err error c.logger.Debug("", logs.Args{{"request", isAttachedRequest}}) + volName, ok := isAttachedRequest.Opts["volumeName"] + + if !ok { + err := fmt.Errorf("volumeName not found in isAttachedRequest") + response = c.failureFlexVolumeResponse(err, "") + return response + } + + getVolumeRequest := resources.GetVolumeRequest{Name: volName} + if volume, err = c.Client.GetVolume(getVolumeRequest); err != nil { + if strings.Contains(err.Error(), resources.VolumeNotFoundErrorMsg) { + warningMsg := fmt.Sprintf("%s (backend error=%v)", IdempotentIsAttachedSkipOnVolumeNotExistWarnigMsg, err) + c.logger.Warning(warningMsg) + response = k8sresources.FlexVolumeResponse{ + Status: "Success", + Attached: false, + Message: warningMsg, + } + return response + } + return c.failureFlexVolumeResponse(err, "") + } + + if (volume.Backend == resources.SpectrumScale) { + response = c.notSupportedFlexVolumeResponse("Flex IsAttached API is not supported for spectrum-scale backend, because the backend assume that volume is always attached") + return response + } + isAttached, err := c.doIsAttached(isAttachedRequest) if err != nil { msg := fmt.Sprintf("Failed to check IsAttached volume [%s]", isAttachedRequest.Name) @@ -202,6 +249,8 @@ func (c *Controller) Detach(detachRequest k8sresources.FlexVolumeDetachRequest) defer logs.GetDeleteFromMapFunc(go_id) defer c.logger.Trace(logs.DEBUG)() var response k8sresources.FlexVolumeResponse + var volume resources.Volume + var err error c.logger.Debug("", logs.Args{{"request", detachRequest}}) if detachRequest.Version == k8sresources.KubernetesVersion_1_5 { @@ -210,7 +259,22 @@ func (c *Controller) Detach(detachRequest k8sresources.FlexVolumeDetachRequest) Status: "Success", } } else { - err := c.doDetach(detachRequest, true) + getVolumeRequest := resources.GetVolumeRequest{Name: detachRequest.Name} + if volume, err = c.Client.GetVolume(getVolumeRequest); err != nil { + if strings.Contains(err.Error(), resources.VolumeNotFoundErrorMsg) { + warningMsg := fmt.Sprintf("%s (backend error=%v)", IdempotentDetachSkipOnVolumeNotExistWarnigMsg, err) + c.logger.Warning(warningMsg) + return c.successFlexVolumeResponse(warningMsg) + } + return c.failureFlexVolumeResponse(err, "") + } + + if (volume.Backend == resources.SpectrumScale) { + response = c.notSupportedFlexVolumeResponse("Flex Detach API is not supported for spectrum-scale backend, because the backend assume that volume is always remain attached") + return response + } + + err = c.doDetach(detachRequest, true) if err != nil { msg := fmt.Sprintf( "Failed to detach volume [%s] from host [%s]. Error: %#v", @@ -330,6 +394,16 @@ func (c *Controller) failureFlexVolumeResponse(err error, additionalMsg string) return response } +func (c *Controller) notSupportedFlexVolumeResponse(msg string) k8sresources.FlexVolumeResponse { + defer c.logger.Trace(logs.DEBUG)() + response := k8sresources.FlexVolumeResponse{ + Status: FlexNotSupportedStr, + Message: msg, + } + c.logger.Info(fmt.Sprintf("%#v", response)) + return response +} + func (c *Controller) checkSlinkBeforeUmount(k8sPVDirectoryPath string, realMountedPath string) (bool, error) { /* Return @@ -383,7 +457,8 @@ func (c *Controller) getRealMountpointForPvByBackend(volumeBackend string, volum if volumeBackend == resources.SCBE { return fmt.Sprintf(resources.PathToMountUbiquityBlockDevices, volumeConfig["Wwn"].(string)), nil } else if volumeBackend == resources.SpectrumScale { - return "", &BackendNotImplementedGetRealMountpointError{Backend: volumeBackend} + return volumeConfig["mountpoint"].(string), nil + //TODO: scale should remove the mountpoint } else { return "", &PvBackendNotSupportedError{Backend: volumeBackend} } @@ -475,8 +550,16 @@ func (c *Controller) Unmount(unmountRequest k8sresources.FlexVolumeUnmountReques if err := c.doUnmount(k8sPVDirectoryPath, volume.Backend, volumeConfig, mounter); err != nil { return c.failureFlexVolumeResponse(err, "") } + + if (volume.Backend == resources.SpectrumScale) { + return c.successFlexVolumeResponse("") + } else if (volume.Backend == resources.SCBE) { // Do legacy detach (means trigger detach as part of the umount from the k8s node) - if err := c.doLegacyDetach(unmountRequest); err != nil { + if err := c.doLegacyDetach(unmountRequest); err != nil { + return c.failureFlexVolumeResponse(err, "") + } + } else { + err = c.logger.ErrorRet(&PvBackendNotSupportedError{Backend: volume.Backend}, "failed") return c.failureFlexVolumeResponse(err, "") } @@ -519,7 +602,33 @@ func (c *Controller) getMounterForBackend(backend string, requestContext resourc return c.mounterPerBackend[backend], nil } -func (c *Controller) prepareUbiquityMountRequest(mountRequest k8sresources.FlexVolumeMountRequest) (resources.MountRequest, error) { +func (c *Controller) getMountpointForVolume(mountRequest k8sresources.FlexVolumeMountRequest, volumeConfig map[string]interface{}, volumeBackend string) (string, error) { + + defer c.logger.Trace(logs.DEBUG)() + + var volumeMountPoint string + var ok bool + + if (volumeBackend == resources.SpectrumScale) { + volumeMountPoint, ok = volumeConfig["mountpoint"].(string) + if !ok { + return "", c.logger.ErrorRet(&SpectrumScaleMissingMntPtVolumeError{VolumeName: mountRequest.MountDevice}, "failed") + } + } else if (volumeBackend == resources.SCBE) { + wwn, ok := mountRequest.Opts["Wwn"] + if !ok { + err := fmt.Errorf(MissingWwnMountRequestErrorStr) + return "", c.logger.ErrorRet(err, "failed") + } + volumeMountPoint = fmt.Sprintf(resources.PathToMountUbiquityBlockDevices, wwn) + } else { + return "", c.logger.ErrorRet(&PvBackendNotSupportedError{Backend: volumeBackend}, "failed") + } + + return volumeMountPoint, nil +} + +func (c *Controller) prepareUbiquityMountRequest(mountRequest k8sresources.FlexVolumeMountRequest, volumeBackend string) (resources.MountRequest, error) { /* Prepare the mounter.Mount request */ @@ -532,32 +641,29 @@ func (c *Controller) prepareUbiquityMountRequest(mountRequest k8sresources.FlexV return resources.MountRequest{}, c.logger.ErrorRet(err, "Client.GetVolumeConfig failed") } - // Prepare request for mounter - step2 generate the designated mountpoint for this volume. - // TODO should be agnostic to the backend, currently its scbe oriented. - wwn, ok := mountRequest.Opts["Wwn"] - if !ok { - err = fmt.Errorf(MissingWwnMountRequestErrorStr) - return resources.MountRequest{}, c.logger.ErrorRet(err, "failed") + volumeMountpoint, err := c.getMountpointForVolume(mountRequest, volumeConfig, volumeBackend) + if err != nil { + return resources.MountRequest{}, err } - volumeMountpoint := fmt.Sprintf(resources.PathToMountUbiquityBlockDevices, wwn) + ubMountRequest := resources.MountRequest{Mountpoint: volumeMountpoint, VolumeConfig: volumeConfig, Context: mountRequest.Context} return ubMountRequest, nil } -func (c *Controller) getMounterByPV(mountRequest k8sresources.FlexVolumeMountRequest) (resources.Mounter, error) { +func (c *Controller) getMounterByPV(mountRequest k8sresources.FlexVolumeMountRequest) (resources.Mounter, string, error) { defer c.logger.Trace(logs.DEBUG)() getVolumeRequest := resources.GetVolumeRequest{Name: mountRequest.MountDevice, Context: mountRequest.Context} volume, err := c.Client.GetVolume(getVolumeRequest) if err != nil { - return nil, c.logger.ErrorRet(err, "GetVolume failed") + return nil, "", c.logger.ErrorRet(err, "GetVolume failed") } mounter, err := c.getMounterForBackend(volume.Backend, mountRequest.Context) if err != nil { - return nil, c.logger.ErrorRet(err, "getMounterForBackend failed") + return nil, "", c.logger.ErrorRet(err, "getMounterForBackend failed") } - return mounter, nil + return mounter, volume.Backend, nil } func getK8sPodsBaseDir(k8sMountPoint string) (string, error ){ @@ -653,16 +759,16 @@ func (c *Controller) doMount(mountRequest k8sresources.FlexVolumeMountRequest) ( return "", c.logger.ErrorRet(&k8sVersionNotSupported{mountRequest.Version}, "failed") } - mounter, err := c.getMounterByPV(mountRequest) + mounter, volumeBackend, err := c.getMounterByPV(mountRequest) if err != nil { return "", c.logger.ErrorRet(err, "getMounterByPV failed") } - ubMountRequest, err := c.prepareUbiquityMountRequest(mountRequest) + ubMountRequest, err := c.prepareUbiquityMountRequest(mountRequest, volumeBackend) if err != nil { return "", c.logger.ErrorRet(err, "prepareUbiquityMountRequest failed") } - + err = checkSlinkAlreadyExistsOnMountPoint(ubMountRequest.Mountpoint, mountRequest.MountPath, c.logger, c.exec) if err != nil { return "", c.logger.ErrorRet(err, "Failed to check if other links point to mountpoint") @@ -676,23 +782,6 @@ func (c *Controller) doMount(mountRequest k8sresources.FlexVolumeMountRequest) ( return mountpoint, nil } -func (c *Controller) getK8sPVDirectoryByBackend(mountedPath string, k8sPVDirectory string) string { - /* - mountedPath is the original device mountpoint (e.g /ubiquity/) - The function return the k8sPVDirectory based on the backend. - */ - - // TODO route between backend by using the volume backend instead of using /ubiquity hardcoded in the mountpoint - ubiquityMountPrefix := fmt.Sprintf(resources.PathToMountUbiquityBlockDevices, "") - var lnPath string - if strings.HasPrefix(mountedPath, ubiquityMountPrefix) { - lnPath = k8sPVDirectory - } else { - lnPath, _ = path.Split(k8sPVDirectory) // TODO verify why Scale backend use this split? - } - return lnPath -} - func (c *Controller) doAfterMount(mountRequest k8sresources.FlexVolumeMountRequest, mountedPath string) error { /* Create symbolic link instead of the k8s PV directory that will point to the ubiquity mountpoint. @@ -722,7 +811,7 @@ func (c *Controller) doAfterMount(mountRequest k8sresources.FlexVolumeMountReque var k8sPVDirectoryPath string var err error - k8sPVDirectoryPath = c.getK8sPVDirectoryByBackend(mountedPath, mountRequest.MountPath) + k8sPVDirectoryPath = mountRequest.MountPath // Identify the PV directory by using Lstat and then handle all idempotent cases (use Lstat to get the dir or slink detail and not the evaluation of it) fileInfo, err := c.exec.Lstat(k8sPVDirectoryPath) @@ -953,7 +1042,7 @@ func (c *Controller) getHostAttached(volName string, requestContext resources.Re if err != nil { return "", c.logger.ErrorRet(err, "Client.GetVolumeConfig failed") } - + return c.getHostAttachUsingConfig(volumeConfig) } diff --git a/controller/controller_test.go b/controller/controller_test.go index 48123a185..64d0cfc59 100644 --- a/controller/controller_test.go +++ b/controller/controller_test.go @@ -65,6 +65,28 @@ var _ = Describe("Controller", func() { Expect(initResponse.Device).To(Equal("")) }) + Context(".Attach", func() { + It("fails when Attach fails to get volume details", func() { + fakeClient.GetVolumeReturns(resources.Volume{}, fmt.Errorf("GetVolume error")) + opts := map[string]string{} + host := "fakehost" + AttachRequest := k8sresources.FlexVolumeAttachRequest{"vol1", host, opts, "version", resources.RequestContext{}} + attachResponse := controller.Attach(AttachRequest) + Expect(attachResponse.Status).To(Equal("Failure")) + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + }) + + It("Attach should return Not supported for SpectrumScale backend", func() { + fakeClient.GetVolumeReturns(resources.Volume{Name: "pv1", Backend: "spectrum-scale", Mountpoint: "fake"}, nil) + opts := map[string]string{} + host := "fakehost" + AttachRequest := k8sresources.FlexVolumeAttachRequest{"vol1", host, opts, "version", resources.RequestContext{}} + attachResponse := controller.Attach(AttachRequest) + Expect(attachResponse.Status).To(Equal("Not supported")) + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + }) + }) + //Context(".Attach", func() { // // It("fails when attachRequest does not have volumeName", func() { @@ -203,6 +225,47 @@ var _ = Describe("Controller", func() { Expect(mountResponse.Status).To(Equal(ctl.FlexFailureStr)) }) + It("should fail to prepareUbiquityMountRequest if GetVolumeConfig does not contain mountpoint for spectrumscale backend", func() { + fakeClient.GetVolumeReturns(resources.Volume{Name: "pv1", Backend: "spectrum-scale", Mountpoint: "fake"}, nil) + byt := []byte(`{"fake":"fake"}`) + var dat map[string]interface{} + if err := json.Unmarshal(byt, &dat); err != nil { + panic(err) + } + fakeClient.GetVolumeConfigReturns(dat, nil) + mountRequest := k8sresources.FlexVolumeMountRequest{MountPath: "/pod/pv1", MountDevice: "pv1", Opts: map[string]string{}} + + mountResponse := controller.Mount(mountRequest) + + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + Expect(fakeMounterFactory.GetMounterPerBackendCallCount()).To(Equal(1)) + Expect(fakeClient.GetVolumeConfigCallCount()).To(Equal(1)) + Expect(fakeMounter.MountCallCount()).To(Equal(0)) + Expect(mountResponse.Message).To(Equal(ctl.SpectrumScaleMissingMntPtVolumeErrorStr+" volume=[pv1]")) + Expect(mountResponse.Status).To(Equal(ctl.FlexFailureStr)) + }) + + + It("should fail to prepareUbiquityMountRequest if GetVolumeConfig does not contain valid backend", func() { + fakeClient.GetVolumeReturns(resources.Volume{Name: "pv1", Backend: "fake", Mountpoint: "fake"}, nil) + byt := []byte(`{"fake":"fake"}`) + var dat map[string]interface{} + if err := json.Unmarshal(byt, &dat); err != nil { + panic(err) + } + fakeClient.GetVolumeConfigReturns(dat, nil) + mountRequest := k8sresources.FlexVolumeMountRequest{MountPath: "/pod/pv1", MountDevice: "pv1", Opts: map[string]string{}} + + mountResponse := controller.Mount(mountRequest) + + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + Expect(fakeMounterFactory.GetMounterPerBackendCallCount()).To(Equal(1)) + Expect(fakeClient.GetVolumeConfigCallCount()).To(Equal(1)) + Expect(fakeMounter.MountCallCount()).To(Equal(0)) + Expect(mountResponse.Message).To(Equal(ctl.PvBackendNotSupportedErrorStr+" backend=[fake]")) + Expect(mountResponse.Status).To(Equal(ctl.FlexFailureStr)) + }) + It("should fail if mounter.Mount failed (doMount)", func() { errstr := "TODO set error in mounter" fakeClient.GetVolumeReturns(resources.Volume{Name: "pv1", Backend: "scbe", Mountpoint: "fake"}, nil) @@ -504,6 +567,7 @@ var _ = Describe("Controller", func() { err := fmt.Errorf("an Error has occured") fakeExec.GetGlobFilesReturns(nil, err) controller = ctl.NewControllerWithClient(testLogger, ubiquityConfig, fakeClient, fakeExec, fakeMounterFactory) + fakeClient.GetVolumeReturns(resources.Volume{Name: "pv1", Backend: "scbe", Mountpoint: "fake"}, nil) mountRequest := k8sresources.FlexVolumeMountRequest{MountPath: mountPoint, MountDevice: "pv1", Opts: map[string]string{"Wwn": "fake"}, Version: k8sresources.KubernetesVersion_1_6OrLater} mountResponse := controller.Mount(mountRequest) @@ -955,10 +1019,90 @@ var _ = Describe("Controller", func() { }) }) */ + + Context(".IsAttached", func() { + var ( + host string + ) + BeforeEach(func() { + host = "fakehost" + }) + + It("IsAttached should return success with Attached as false when GetVolume Fails with VolumeNotFoundErrorMsg ", func() { + fakeClient.GetVolumeReturns(resources.Volume{}, &resources.VolumeNotFoundError{VolName: "pv1"}) + opts := make(map[string]string) + opts["volumeName"] = "pv1" + isAttachedRequest := k8sresources.FlexVolumeIsAttachedRequest{"", host, opts, resources.RequestContext{}} + isAttachResponse := controller.IsAttached(isAttachedRequest) + Expect(isAttachResponse.Status).To(Equal("Success")) + Expect(isAttachResponse.Attached).To(Equal(false)) + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + }) + + It("IsAttached should fail when GetVolume Fails with error other then VolumeNotFoundError.", func() { + fakeClient.GetVolumeReturns(resources.Volume{}, fmt.Errorf("GetVolume error")) + opts := make(map[string]string) + opts["volumeName"] = "pv1" + isAttachedRequest := k8sresources.FlexVolumeIsAttachedRequest{"", host, opts, resources.RequestContext{}} + isAttachResponse := controller.IsAttached(isAttachedRequest) + Expect(isAttachResponse.Status).To(Equal("Failure")) + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + }) + + + It("IsAttached should return Not supported for SpectrumScale backend", func() { + fakeClient.GetVolumeReturns(resources.Volume{Name: "pv1", Backend: "spectrum-scale", Mountpoint: "fake"}, nil) + opts := make(map[string]string) + opts["volumeName"] = "pv1" + isAttachedRequest := k8sresources.FlexVolumeIsAttachedRequest{"", host, opts, resources.RequestContext{}} + isAttachResponse := controller.IsAttached(isAttachedRequest) + Expect(isAttachResponse.Status).To(Equal("Not supported")) + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + }) + + It("IsAttached should fail since Request options does not contain volume name", func() { + fakeClient.GetVolumeReturns(resources.Volume{Name: "pv1", Backend: "spectrum-scale", Mountpoint: "fake"}, nil) + opts := make(map[string]string) + isAttachedRequest := k8sresources.FlexVolumeIsAttachedRequest{"", host, opts, resources.RequestContext{}} + isAttachResponse := controller.IsAttached(isAttachedRequest) + Expect(isAttachResponse.Status).To(Equal("Failure")) + Expect(fakeClient.GetVolumeCallCount()).To(Equal(0)) + }) + + }) + Context(".Detach", func() { BeforeEach(func() { }) + + It("Detach should return success when GetVolume Fails with VolumeNotFoundError ", func() { + fakeClient.GetVolumeReturns(resources.Volume{}, &resources.VolumeNotFoundError{VolName: "vol1"}) + host := "fakehost" + detachRequest := k8sresources.FlexVolumeDetachRequest{"vol1", host, "version", resources.RequestContext{}} + detachResponse := controller.Detach(detachRequest) + Expect(detachResponse.Status).To(Equal("Success")) + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + }) + + It("Detach should fail when GetVolume Fails with error other than VolumeNotFoundError ", func() { + fakeClient.GetVolumeReturns(resources.Volume{}, fmt.Errorf("GetVolume error")) + host := "fakehost" + detachRequest := k8sresources.FlexVolumeDetachRequest{"vol1", host, "version", resources.RequestContext{}} + detachResponse := controller.Detach(detachRequest) + Expect(detachResponse.Status).To(Equal("Failure")) + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + }) + + It("Detach should return Not supported for SpectrumScale backend", func() { + fakeClient.GetVolumeReturns(resources.Volume{Name: "pv1", Backend: "spectrum-scale", Mountpoint: "fake"}, nil) + host := "fakehost" + detachRequest := k8sresources.FlexVolumeDetachRequest{"vol1", host, "version", resources.RequestContext{}} + detachResponse := controller.Detach(detachRequest) + Expect(detachResponse.Status).To(Equal("Not supported")) + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + }) + It("calling detach works as expected when volume is attached to the host", func() { dat := make(map[string]interface{}) host := "host1" diff --git a/controller/errors.go b/controller/errors.go index 671884900..01f2081a0 100644 --- a/controller/errors.go +++ b/controller/errors.go @@ -79,6 +79,8 @@ func (e *k8sPVDirectoryIsNotDirNorSlinkError) Error() string { } const IdempotentUnmountSkipOnVolumeNotExistWarnigMsg = "Unmount operation requested to work on not exist volume. Assume its idempotent issue - so skip Unmount." +const IdempotentIsAttachedSkipOnVolumeNotExistWarnigMsg = "IsAttached operation requested to work on not exist volume. Assume its idempotent issue - so skip IsAttached." +const IdempotentDetachSkipOnVolumeNotExistWarnigMsg = "Detach operation requested to work on not exist volume. Assume its idempotent issue - so skip Detach." const K8sPVDirectoryIsNotSlinkErrorStr = "k8s PV directory, k8s-mountpoint, is not slink." @@ -134,3 +136,13 @@ func (e *WrongK8sDirectoryPathError) Error() string { return fmt.Sprintf(PVIsAlreadyUsedByAnotherPodMessage + "k8smountdir=[%s]", e.k8smountdir) } +const SpectrumScaleMissingMntPtVolumeErrorStr = "MountPoint Missing in Volume Config." + +type SpectrumScaleMissingMntPtVolumeError struct { + VolumeName string +} + +func (e *SpectrumScaleMissingMntPtVolumeError) Error() string { + return fmt.Sprintf(SpectrumScaleMissingMntPtVolumeErrorStr+" volume=[%s]", e.VolumeName) +} + diff --git a/glide.yaml b/glide.yaml index 05d7930d7..1766b72fa 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 6cf91681a933db96cfb78c05f3f27c20cba9f8af + version: 422904c4c777d359341f22687ab6e3c9b459c470 subpackages: - remote - resources From 76f4e6da537936590aa48b98e3fef65cd943311d Mon Sep 17 00:00:00 2001 From: olgasht Date: Thu, 11 Oct 2018 09:44:05 +0300 Subject: [PATCH 06/47] UB- 1491: fix typo in log message --- controller/controller.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controller/controller.go b/controller/controller.go index 2da376d5c..96175f1ae 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -902,7 +902,7 @@ func (c *Controller) doDetach(detachRequest k8sresources.FlexVolumeDetachRequest if host == "" { // this means that the host is not attached to anything so no reason to call detach - c.logger.Warning(fmt.Sprintf("Idempotent issue encoutered - vol is not attached to any host. so no detach action is called"), logs.Args{{"vol wwn", volumeConfig["Wwn"]}}) + c.logger.Warning(fmt.Sprintf("Idempotent issue encountered - vol is not attached to any host. so no detach action is called"), logs.Args{{"vol wwn", volumeConfig["Wwn"]}}) return nil } } From 3899b52dd649e8cd1e92e1dc7813180d712f2ceb Mon Sep 17 00:00:00 2001 From: Shay Berman Date: Tue, 16 Oct 2018 09:17:46 +0300 Subject: [PATCH 07/47] Adding service account + clusterRole + clustertolebinding for Ubiqutiy --- .../ubiquity-clusterrolebindings-k8s.yml | 12 +++++++ .../yamls/ubiquity-clusterroles.yml | 36 +++++++++++++++++++ .../yamls/ubiquity-serviceaccount.yml | 4 +++ 3 files changed, 52 insertions(+) create mode 100644 scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterrolebindings-k8s.yml create mode 100644 scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml create mode 100644 scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-serviceaccount.yml diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterrolebindings-k8s.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterrolebindings-k8s.yml new file mode 100644 index 000000000..c112f2440 --- /dev/null +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterrolebindings-k8s.yml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ubiquity +subjects: + - kind: ServiceAccount + name: ubiquity + namespace: ubiquity # Note: its the only hardcoded ubiquity namespace (consider to use Values) +roleRef: + kind: ClusterRole + name: ubiquity + apiGroup: rbac.authorization.k8s.io diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml new file mode 100644 index 000000000..ce5d7e29a --- /dev/null +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml @@ -0,0 +1,36 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ubiquity +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + # Needed for ubiqutiy provisioner in order to manage PVs. + + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "create", "delete"] + # Needed for the installer\Helm in order to create the first ubiqutiy-db PVC. + + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + # Needed for ubiqutiy provisioner in order to create PVCs. + + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "delete"] + # Needed for the installer\Helm in order to manage its secrets. + # Note: we can tune that only for ubiquity namespace (as Role instead inside ClusterRole) + + - apiGroups: ["extensions", "apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch", "update"] + # Needed for the installer\Helm in order to manage uninstall ordering ubiqutiy-db before provisioner and flex. + # Note: we can tune that only for ubiquity namespace (as Role instead inside ClusterRole) + + - apiGroups: [""] + resources: ["events"] + verbs: ["watch", "create", "update", "patch"] + # Potentially needed for k8s events. \ No newline at end of file diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-serviceaccount.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-serviceaccount.yml new file mode 100644 index 000000000..69b80e273 --- /dev/null +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-serviceaccount.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ubiquity From 458f094a7d57825f95990bdf84ae0e12d530d330 Mon Sep 17 00:00:00 2001 From: Shay Berman Date: Tue, 16 Oct 2018 09:45:30 +0300 Subject: [PATCH 08/47] add support for service account and roles inside the installer and ubiqutiy cli status --- .../ubiquity_cli.sh | 5 ++++ .../ubiquity_installer.sh | 26 +++++++++++++++++++ .../ubiquity_lib.sh | 4 +++ .../ubiquity_uninstall.sh | 4 +++ 4 files changed, 39 insertions(+) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh index cc73547cd..2911cdd76 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh @@ -154,6 +154,11 @@ function status() rc=0 flags="$1" + cmd="kubectl get $nsf $flags serviceaccount/ubiquity clusterroles/ubiquity clusterrolebindings/ubiquity" + echo $cmd + echo '---------------------------------------------------------------------' + $cmd || rc=$? + cmd="kubectl get $flags storageclass | egrep \"ubiquity|^NAME\"" echo $cmd echo '---------------------------------------------------------------------' diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index 79e47ee66..1bcf9b263 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -378,6 +378,8 @@ function create_only_namespace_and_services() fi fi + create_serviceaccount_and_clusterroles + # Creating ubiquity service if ! kubectl get $nsf service ${UBIQUITY_SERVICE_NAME} >/dev/null 2>&1; then kubectl create $nsf -f ${YML_DIR}/ubiquity-service.yml @@ -393,6 +395,30 @@ function create_only_namespace_and_services() fi } +function create_serviceaccount_and_clusterroles() +{ + # Creating ubiquity service account + if ! kubectl get $nsf serviceaccount ${UBIQUITY_SERVICEACCOUNT_NAME} >/dev/null 2>&1; then + kubectl create $nsf -f ${YML_DIR}/ubiquity-serviceaccount.yml + else + echo "${UBIQUITY_SERVICEACCOUNT_NAME} serviceaccount already exists,skipping serviceaccount creation" + fi + + # Creating ubiquity clusterRoles + if ! kubectl get $nsf clusterroles ${UBIQUITY_CLUSTERROLES_NAME} >/dev/null 2>&1; then + kubectl create $nsf -f ${YML_DIR}/ubiquity-clusterroles.yml + else + echo "${UBIQUITY_CLUSTERROLES_NAME} clusterRoles already exists,skipping clusterRoles creation" + fi + + # Creating ubiquity clusterRolesBindings + if ! kubectl get $nsf clusterrolebindings ${UBIQUITY_CLUSTERROLESBINDING_NAME} >/dev/null 2>&1; then + kubectl create $nsf -f ${YML_DIR}/ubiquity-clusterrolebindings-k8s.yml + else + echo "${UBIQUITY_CLUSTERROLESBINDING_NAME} clusterrolebindings already exists,skipping clusterrolebindings creation" + fi +} + function create_configmap_and_credentials_secrets() { if ! kubectl get $nsf configmap ubiquity-configmap >/dev/null 2>&1; then diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh index 27b6dedd1..350b314d8 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh @@ -24,6 +24,10 @@ NO_RESOURCES_STR="No resources found." PVC_GOOD_STATUS=Bound UBIQUITY_DEFAULT_NAMESPACE="ubiquity" UBIQUITY_SERVICE_NAME="ubiquity" +UBIQUITY_SERVICEACCOUNT_NAME="ubiquity" +UBIQUITY_CLUSTERROLES_NAME="ubiquity" +UBIQUITY_CLUSTERROLESBINDING_NAME="ubiquity" +UBIQUITY_SERVICEACCOUNT_NAME="ubiquity" UBIQUITY_DB_SERVICE_NAME="ubiquity-db" PRODUCT_NAME="IBM Storage Enabler for Containers" EXIT_WAIT_TIMEOUT_MESSAGE="Error: Script exits due to wait timeout." diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh index 24fb4c4ff..61780169c 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh @@ -131,6 +131,10 @@ $kubectl_delete -f ${YML_DIR}/../${UBIQUITY_DB_CRED_YML} $kubectl_delete -f $YML_DIR/ubiquity-service.yml $kubectl_delete -f $YML_DIR/ubiquity-db-service.yml $kubectl_delete -f $YML_DIR/ubiquity-namespace.yml +$kubectl_delete -f $YML_DIR/ubiquity-clusterrolebindings-k8s.yml +$kubectl_delete -f $YML_DIR/ubiquity-clusterroles.yml +$kubectl_delete -f $YML_DIR/ubiquity-serviceaccount.yml +$kubectl_delete -f $YML_DIR/ubiquity-namespace.yml echo "" echo "\"$PRODUCT_NAME\" uninstall finished." From 5f8e7e7b43b23a39608e8eae15fdacae5acd7c76 Mon Sep 17 00:00:00 2001 From: shay-berman Date: Wed, 17 Oct 2018 11:14:04 +0300 Subject: [PATCH 09/47] phase1 - Ubiquity Helm Chart (#213) (UB-1548) - Provide a basic helm chart for ubiqutiy instead of the the original ubiquity_installer.sh script. - This phase1 helm chart is just the baseline - and currently it has some limitations that mentioned in the PR #213. --- .../.helmignore | 21 +++ .../Chart.yaml | 5 + .../README.md | 4 + .../templates/NOTES.txt | 0 .../templates/k8s-config-configmap.yml | 10 ++ .../templates/scbe-credentials-secret.yml | 14 ++ .../templates/storage-class.yml | 13 ++ .../templates/ubiquity-configmap.yml | 54 ++++++ .../ubiquity-db-credentials-secret.yml | 20 +++ .../templates/ubiquity-db-deployment.yml | 64 +++++++ .../templates/ubiquity-db-pvc.yml | 16 ++ .../templates/ubiquity-db-service.yml | 14 ++ .../templates/ubiquity-deployment.yml | 169 ++++++++++++++++++ .../templates/ubiquity-k8s-flex-daemonset.yml | 113 ++++++++++++ .../ubiquity-k8s-provisioner-deployment.yml | 77 ++++++++ .../templates/ubiquity-service.yml | 14 ++ .../values.yaml | 75 ++++++++ 17 files changed, 683 insertions(+) create mode 100644 helm_chart/ibm_storage_enabler_for_containers/.helmignore create mode 100644 helm_chart/ibm_storage_enabler_for_containers/Chart.yaml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/README.md create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/NOTES.txt create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/k8s-config-configmap.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-credentials-secret.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-service.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-service.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/values.yaml diff --git a/helm_chart/ibm_storage_enabler_for_containers/.helmignore b/helm_chart/ibm_storage_enabler_for_containers/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm_chart/ibm_storage_enabler_for_containers/Chart.yaml b/helm_chart/ibm_storage_enabler_for_containers/Chart.yaml new file mode 100644 index 000000000..b502be165 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for IBM Storage Enabler for Containers +name: ibm-storage-enalber-for-containers +version: 2.0.0 diff --git a/helm_chart/ibm_storage_enabler_for_containers/README.md b/helm_chart/ibm_storage_enabler_for_containers/README.md new file mode 100644 index 000000000..1ec282f76 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/README.md @@ -0,0 +1,4 @@ +Helm Chart for IBM Storage Enabler for Containers + +Before installing this Helm Chart you must preform the prerequisite mentioned in IBM Storage Enabler for Containers user guide. +https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Connect&release=All&platform=Linux&function=all diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/NOTES.txt b/helm_chart/ibm_storage_enabler_for_containers/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/k8s-config-configmap.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/k8s-config-configmap.yml new file mode 100644 index 000000000..561d0eedf --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/k8s-config-configmap.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: k8s-config + labels: + product: ibm-storage-enabler-for-containers +data: + # TODO later on we will replace this with service account and RBAC, but for phase1 its good enough + config: | +{{ .Files.Get "config" | indent 4 }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml new file mode 100644 index 000000000..4da97a824 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: scbe-credentials + labels: + product: ibm-storage-enabler-for-containers +# Spectrum Connect(previously known as SCBE) credentials needed for ubiquity, ubiquity-k8s-provisioner deployments, And ubiquity-k8s-flex daemonset. +type: Opaque +data: + # Base64-encoded username defined for the IBM Storage Enabler for Containers interface in Spectrum Connect. + username: {{ .Values.spectrumConnect.connectionInfo.username | b64enc | quote }} + + # Base64-encoded password defined for the IBM Storage Enabler for Containers interface in Spectrum Connect. + password: {{ .Values.spectrumConnect.connectionInfo.password | b64enc | quote }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml new file mode 100644 index 000000000..79f5807d4 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml @@ -0,0 +1,13 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote }} + labels: + product: ibm-storage-enabler-for-containers +# annotations: +# storageclass.beta.kubernetes.io/is-default-class: "true" +provisioner: "ubiquity/flex" +parameters: + profile: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.params.spectrumConnectServiceName | quote }} + fstype: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.params.fsType | quote }} # xfs or ext4 + backend: "scbe" \ No newline at end of file diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml new file mode 100644 index 000000000..682281590 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: ConfigMap +metadata: +# IBM Storage Enabler for Containers Kubernetes daemonset and deployments settings. + name: ubiquity-configmap + labels: + product: ibm-storage-enabler-for-containers +data: + # The keys below are used by ubiquity deployment + # ----------------------------------------------- + # IP or FQDN of Spectrum Connect(previously known as SCBE) server. + SCBE-MANAGEMENT-IP: {{ .Values.spectrumConnect.connectionInfo.fqdn | quote }} + + # Communication port of Spectrum Connect server. Optional parameter with default value set at 8440. + SCBE-MANAGEMENT-PORT: {{ .Values.spectrumConnect.connectionInfo.port | quote }} + + # Default Spectrum Connect storage service to be used, if not specified by the plugin. + SCBE-DEFAULT-SERVICE: {{ .Values.spectrumConnect.backendConfig.DefaultStorageService | quote }} + + # The size for a new volume if not specified by the user when creating a new volume. Optional parameter with default value set at 1GB. + DEFAULT-VOLUME-SIZE: {{ .Values.spectrumConnect.backendConfig.newVolumeDefaults.size | quote }} + + # A prefix for any new volume created on the storage system. Default value is None. + UBIQUITY-INSTANCE-NAME: {{ .Values.spectrumConnect.backendConfig.instanceName | quote }} + + # File system type. Optional parameter with two allowed values: ext4 or xfs. Default value is ext4. + DEFAULT-FSTYPE: {{ .Values.spectrumConnect.backendConfig.newVolumeDefaults.fsType | quote }} + + # DB pv name. + IBM-UBIQUITY-DB-PV-NAME: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.ubiquityDbPvName | quote }} + + # The following keys are used by ubiquity, ubiquity-k8s-provisioner deployments, And ubiquity-k8s-flex daemon-set + # ---------------------------------------------------------------------------------------------------------------------------- + # Flex log path. Allow to configure it, just make sure the the new path exist on all the minons and update the hostpath in the Flex daemonset + FLEX-LOG-DIR: {{ .Values.genericConfig.logging.flexLogDir | quote }} + + # Maxlog size(MB) for rotate + FLEX-LOG-ROTATE-MAXSIZE: "50" + + # Log level. Allowed values: debug, info, error. + LOG-LEVEL: {{ .Values.genericConfig.logging.logLevel | quote }} + + # SSL verification mode. Allowed values: require (no validation is required) and verify-full (user-provided certificates). + SSL-MODE: {{ .Values.spectrumConnect.connectionInfo.sslMode | quote }} + + + # The following keys are used by the ubiquity-k8s-flex daemonset + # -------------------------------------------------------------- + # The IP address of the ubiquity service object. The ubiquity_installer.sh automatically updates this field during the initial installation. + # The user must update this key manually if the ubiqutiy service object IP was changed. + UBIQUITY-IP-ADDRESS: {{ .Values.genericConfig.ubiquityIpAddress | quote }} + + # Allowed values: true or false. Set to true if the nodes have FC connectivity. + SKIP-RESCAN-ISCSI: {{ .Values.spectrumConnect.backendConfig.skipRescanIscsi | quote }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-credentials-secret.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-credentials-secret.yml new file mode 100644 index 000000000..ce8b7239e --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-credentials-secret.yml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ubiquity-db-credentials + labels: + product: ibm-storage-enabler-for-containers + # Ubiquity database credentials needed for ubiquity and ubiquity-db deployments + # Attention: + # These settings will configure the database properties during the initial installation. + # If these settings need to be changed after installation, configure them manually in the ubiqutiy-db postgres as well. +type: Opaque +data: + # Base64-encoded username to be set for the ubiquity-db deployment. + username: {{ .Values.genericConfig.ubiquityDbCredentials.username | b64enc | quote }} + + # Base64-encoded password to be set for the ubiquity-db deployment. + password: {{ .Values.genericConfig.ubiquityDbCredentials.password | b64enc | quote }} + + # Base64-encoded database name ("dWJpcXVpdHk=" base64 is "ubiquity") to be created for the ubiquity-db deployment. + dbname: "dWJpcXVpdHk=" diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml new file mode 100644 index 000000000..65624b43d --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml @@ -0,0 +1,64 @@ +apiVersion: "extensions/v1beta1" +kind: Deployment +metadata: + name: ubiquity-db + labels: + product: ibm-storage-enabler-for-containers +spec: + replicas: 1 + template: + metadata: + labels: + app: ubiquity-db + product: ibm-storage-enabler-for-containers + spec: + containers: + - name: ubiquity-db + image: {{ .Values.images.ubiquitydb }} + ports: + - containerPort: 5432 + name: ubiq-db-port # no more then 15 chars + env: + - name: UBIQUITY_DB_USERNAME + valueFrom: + secretKeyRef: + name: ubiquity-db-credentials + key: username + + - name: UBIQUITY_DB_PASSWORD + valueFrom: + secretKeyRef: + name: ubiquity-db-credentials + key: password + + - name: UBIQUITY_DB_NAME + valueFrom: + secretKeyRef: + name: ubiquity-db-credentials + key: dbname + + volumeMounts: + - name: ibm-ubiquity-db + mountPath: "/var/lib/postgresql/data" + subPath: "ibm-ubiquity" +{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} + - name: ubiquity-db-private-certificate + mountPath: /var/lib/postgresql/ssl/private/ +{{ end }} + + volumes: + - name: ibm-ubiquity-db + persistentVolumeClaim: + claimName: ibm-ubiquity-db +{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} + - name: ubiquity-db-private-certificate + secret: + secretName: ubiquity-db-private-certificate + items: + - key: ubiquity-db.key + path: ubiquity-db.key + mode: 0600 + - key: ubiquity-db.crt + path: ubiquity-db.crt + mode: 0600 +{{ end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml new file mode 100644 index 000000000..de134bf3a --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml @@ -0,0 +1,16 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: "ibm-ubiquity-db" + annotations: + volume.beta.kubernetes.io/storage-class: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote }} + labels: + pv-name: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.ubiquityDbPvName | quote }} # Ubiquity provisioner will create a PV with dedicated name (by default its ibm-ubiquity-db) + product: ibm-storage-enabler-for-containers + +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi \ No newline at end of file diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-service.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-service.yml new file mode 100644 index 000000000..adea78eaf --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-service.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: ubiquity-db + labels: + app: ubiquity-db + product: ibm-storage-enabler-for-containers +spec: + ports: + - port: 5432 + protocol: TCP + targetPort: 5432 + selector: + app: ubiquity-db diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml new file mode 100644 index 000000000..75c797c49 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml @@ -0,0 +1,169 @@ +apiVersion: "extensions/v1beta1" +kind: Deployment +metadata: + name: ubiquity + labels: + product: ibm-storage-enabler-for-containers +spec: + replicas: 1 + template: + metadata: + labels: + app: ubiquity + product: ibm-storage-enabler-for-containers + spec: + containers: + - name: ubiquity + image: {{ .Values.images.ubiquity }} + ports: + - containerPort: 9999 + name: ubiquity-port + env: + ### Spectrum Connect(previously known as SCBE) connectivity parameters: + ############################################# + - name: SCBE_USERNAME + valueFrom: + secretKeyRef: + name: scbe-credentials + key: username + + - name: SCBE_PASSWORD + valueFrom: + secretKeyRef: + name: scbe-credentials + key: password + + - name: SCBE_SSL_MODE # Values : require/verify-full + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SSL-MODE + + - name: SCBE_MANAGEMENT_IP + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SCBE-MANAGEMENT-IP + + - name: SCBE_MANAGEMENT_PORT + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SCBE-MANAGEMENT-PORT + + + + ### Ubiquity Spectrum Connect(previously known as SCBE) backend parameters: + ##################################### + - name: SCBE_DEFAULT_SERVICE + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SCBE-DEFAULT-SERVICE + + - name: DEFAULT_VOLUME_SIZE + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: DEFAULT-VOLUME-SIZE + + - name: UBIQUITY_INSTANCE_NAME + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: UBIQUITY-INSTANCE-NAME + + - name: DEFAULT_FSTYPE # ext4 or xfs + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: DEFAULT-FSTYPE + + - name: IBM_UBIQUITY_DB_PV_NAME + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: IBM-UBIQUITY-DB-PV-NAME + + + + ### Ubiquity generic parameters: + ################################ + - name: LOG_LEVEL # debug / info / error + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: LOG-LEVEL + + - name: PORT # Ubiquity port + value: "9999" + - name: LOG_PATH # Ubiquity log file directory + value: "/tmp" + - name: DEFAULT_BACKEND # "IBM Storage Enabler for Containers" supports "scbe" (Spectrum Connect) as its backend. + value: "scbe" + + + + ### Ubiquity DB parameters: + ########################### + - name: UBIQUITY_DB_PSQL_HOST # Ubiquity DB hostname, should point to the ubiquity-db service name + value: "ubiquity-db" + - name: UBIQUITY_DB_PSQL_PORT # Ubiquity DB port, should point to the ubiquity-db port + value: "5432" + - name: UBIQUITY_DB_CONNECT_TIMEOUT + value: "3" + + - name: UBIQUITY_DB_USERNAME + valueFrom: + secretKeyRef: + name: ubiquity-db-credentials + key: username + + - name: UBIQUITY_DB_PASSWORD + valueFrom: + secretKeyRef: + name: ubiquity-db-credentials + key: password + + - name: UBIQUITY_DB_NAME + valueFrom: + secretKeyRef: + name: ubiquity-db-credentials + key: dbname + + - name: UBIQUITY_DB_SSL_MODE # Values : require/verify-full. The default is disable # TODO verify-full + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SSL-MODE + +{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} + volumeMounts: + - name: ubiquity-private-certificate + mountPath: /var/lib/ubiquity/ssl/private + readOnly: true + - name: ubiquity-public-certificates + mountPath: /var/lib/ubiquity/ssl/public + readOnly: true + + volumes: + - name: ubiquity-private-certificate + secret: + secretName: ubiquity-private-certificate + items: + - key: ubiquity.crt + path: ubiquity.crt + mode: 0600 + - key: ubiquity.key + path: ubiquity.key + mode: 0600 + - name: ubiquity-public-certificates + configMap: + name: ubiquity-public-certificates + items: + - key: ubiquity-db-trusted-ca.crt + path: ubiquity-db-trusted-ca.crt + - key: scbe-trusted-ca.crt + path: scbe-trusted-ca.crt +{{ end }} + diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml new file mode 100644 index 000000000..8e894498f --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml @@ -0,0 +1,113 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: ubiquity-k8s-flex + labels: + app: ubiquity-k8s-flex + product: ibm-storage-enabler-for-containers +spec: + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + name: ubiquity-k8s-flex + product: ibm-storage-enabler-for-containers + spec: + tolerations: # Create flex Pods also on master nodes (even if there are NoScheduled nodes) + # Some k8s versions use dedicated key for toleration of the master and some use node-role.kubernetes.io/master key. + - key: dedicated + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + containers: + - name: ubiquity-k8s-flex + image: {{ .Values.images.flex }} + env: + - name: UBIQUITY_PORT # Ubiquity port, should point to the ubiquity service port + value: "9999" + + - name: UBIQUITY_BACKEND # "IBM Storage Enabler for Containers" supports "scbe" (IBM Spectrum Connect) as its backend. + value: "scbe" + + - name: FLEX_LOG_DIR # /var/log default + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: FLEX-LOG-DIR + + - name: FLEX_LOG_ROTATE_MAXSIZE # 50MB default + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: FLEX-LOG-ROTATE-MAXSIZE + + - name: LOG_LEVEL # debug / info / error + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: LOG-LEVEL + + - name: UBIQUITY_USERNAME + valueFrom: + secretKeyRef: + name: scbe-credentials + key: username + + - name: UBIQUITY_PASSWORD + valueFrom: + secretKeyRef: + name: scbe-credentials + key: password + + - name: UBIQUITY_PLUGIN_SSL_MODE # require / verify-full + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SSL-MODE + + - name: UBIQUITY_IP_ADDRESS # The ubiquity service IP. The flex pod will update this IP inside the flex config file + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: UBIQUITY-IP-ADDRESS + + - name: SKIP_RESCAN_ISCSI # boolean + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SKIP-RESCAN-ISCSI + + + + command: ["./setup_flex.sh"] + volumeMounts: + - name: host-k8splugindir + mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec + + - name: flex-log-dir + mountPath: {{ .Values.genericConfig.logging.flexLogDir | quote }} +{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} + - name: ubiquity-public-certificates + mountPath: /var/lib/ubiquity/ssl/public + readOnly: true +{{ end }} + volumes: + - name: host-k8splugindir + hostPath: + path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec # This directory must exist on the host + + - name: flex-log-dir + hostPath: + path: {{ .Values.genericConfig.logging.flexLogDir | quote }} # This directory must exist on the host +{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} + - name: ubiquity-public-certificates + configMap: + name: ubiquity-public-certificates + items: + - key: ubiquity-trusted-ca.crt + path: ubiquity-trusted-ca.crt +{{ end }} + +# nodeSelector: # use this tag to target specific nodes in the cluster for flex installation diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml new file mode 100644 index 000000000..5a9835dc3 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml @@ -0,0 +1,77 @@ +apiVersion: "extensions/v1beta1" +kind: Deployment +metadata: + name: ubiquity-k8s-provisioner + labels: + product: ibm-storage-enabler-for-containers +spec: + replicas: 1 + template: + metadata: + labels: + app: ubiquity-k8s-provisioner + product: ibm-storage-enabler-for-containers + spec: + containers: + - name: ubiquity-k8s-provisioner + image: {{ .Values.images.provisioner }} + env: + - name: UBIQUITY_ADDRESS # Ubiquity hostname, should point to the ubiquity service name + value: "ubiquity" + - name: UBIQUITY_PORT # Ubiquity port, should point to the ubiquity service port + value: "9999" + - name: KUBECONFIG + value: "/tmp/k8sconfig/config" + - name: RETRIES # number of retries on failure + value: "1" + - name: LOG_PATH # provisioner log file directory + value: "/tmp" + - name: BACKENDS # "IBM Storage Enabler for Containers" supports "scbe" (IBM Spectrum Connect) as its backend. + value: "scbe" + + - name: LOG_LEVEL # debug / info / error + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: LOG-LEVEL + + - name: UBIQUITY_USERNAME + valueFrom: + secretKeyRef: + name: scbe-credentials + key: username + + - name: UBIQUITY_PASSWORD + valueFrom: + secretKeyRef: + name: scbe-credentials + key: password + + - name: UBIQUITY_PLUGIN_SSL_MODE # require / verify-full + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SSL-MODE + + volumeMounts: + - name: k8s-config + mountPath: /tmp/k8sconfig +{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} + - name: ubiquity-public-certificates + mountPath: /var/lib/ubiquity/ssl/public + readOnly: true +{{ end }} + + volumes: + - name: k8s-config + configMap: + name: k8s-config +{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} + - name: ubiquity-public-certificates + configMap: + name: ubiquity-public-certificates + items: + - key: ubiquity-trusted-ca.crt + path: ubiquity-trusted-ca.crt +{{ end }} + diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-service.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-service.yml new file mode 100644 index 000000000..3f3e37a07 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-service.yml @@ -0,0 +1,14 @@ +#apiVersion: v1 +#kind: Service +#metadata: +# name: ubiquity +# labels: +# app: ubiquity +# product: ibm-storage-enabler-for-containers +#spec: +# ports: +# - port: 9999 +# protocol: TCP +# targetPort: 9999 +# selector: +# app: ubiquity diff --git a/helm_chart/ibm_storage_enabler_for_containers/values.yaml b/helm_chart/ibm_storage_enabler_for_containers/values.yaml new file mode 100644 index 000000000..7e8e95174 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/values.yaml @@ -0,0 +1,75 @@ +# ---------------------------------------------------- +# Helm chart to install IBM storage Enabler for Containers. +# ---------------------------------------------------- + +images: + ubiquity: ibmcom/ibm-storage-enabler-for-containers:2.0.0 + ubiquitydb: ibmcom/ibm-storage-enabler-for-containers-db:2.0.0 + provisioner: ibmcom/ibm-storage-dynamic-provisioner-for-kubernetes:2.0.0 + flex: ibmcom/ibm-storage-flex-volume-for-kubernetes:2.0.0 + +spectrumConnect: + connectionInfo: + ## IP\FQDN and port of Spectrum Connect server. + fqdn: + port: + + ## Username and password defined for IBM Storage Enabler for Containers interface in Spectrum Connect. + username: + password: + + # SSL verification mode. Allowed values: require (no validation is required) and verify-full (user-provided certificates). + sslMode: require + + backendConfig: + # A prefix for any new volume created on the storage system. + instanceName: + # Allowed values: true or false. Set to true if the nodes have FC connectivity. + skipRescanIscsi: false + # Default Spectrum Connect storage service to be used, if not specified by the storage class. + DefaultStorageService: + + newVolumeDefaults: + # The fstype of a new volume if not specified by the user in the storage class. + # File system type. Allowed values: ext4 or xfs. + fsType: ext4 + # The default volume size (in GB) if not specified by the user when creating a new volume. + size: 1 + + dbPvConfig: + # Ubiquity database PV name. For Spectrum Virtualize and Spectrum Accelerate, use default value "ibm-ubiquity-db". + # For DS8000 Family, use "ibmdb" instead and make sure UBIQUITY_INSTANCE_NAME_VALUE value length does not exceed 8 chars. + ubiquityDbPvName: ibm-ubiquity-db + + storageClassForDbPv: + # Parameters to create the first Storage Class that also be used by ubiquity for ibm-ubiquity-db PVC. + storageClassName: + params: + # Storage Class profile parameter should point to the Spectrum Connect storage service name + spectrumConnectServiceName: + # Storage Class file-system type, Allowed values: ext4 or xfs. + fsType: ext4 + +genericConfig: + # The IP address of the ubiquity service object. + # The user must update this key manually if the ubiqutiy service object IP was changed. + ubiquityIpAddress: + + logging: + # Log level. Allowed values: debug, info, error. + logLevel: info + # Flex log directory. If you change the default, then make the new path exist on all the nodes and update the Flex daemonset hostpath according. + flexLogDir: /var/log + + ubiquityDbCredentials: + # Username and password for the deployment of ubiquity-db database. Note : Do not use the "postgres" username, because it already exists. + username: + password: + +# k8sApiServerAccess: +# # The provisioner will use it to access API server in order to create\delete\view PVCs +# +# # server from the .kube/config +# server: +# # token from kubectl -n default get secret $(kubectl -n default get secret | grep service-account | awk '{print $1}') -o yaml | grep token: | awk '{print $2}' | base64 -d +# token: From 3c6b002f8ef21ea47e0afd02d9d1486891b6192e Mon Sep 17 00:00:00 2001 From: shay-berman Date: Thu, 18 Oct 2018 14:25:22 +0300 Subject: [PATCH 10/47] Spectrumscale epic2 (#216) align ubiquity-k8s with changed from ubiquity dev branch --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index 1766b72fa..ac25073e3 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 422904c4c777d359341f22687ab6e3c9b459c470 + version: 1a9cae43fc45e57019989c11737eb34d8a38db0d subpackages: - remote - resources From 3d7b83cde2b63326a0729dccf44d87114922e39f Mon Sep 17 00:00:00 2001 From: Shay Berman Date: Thu, 18 Oct 2018 16:38:36 +0300 Subject: [PATCH 11/47] fix uninstall extra namespace deletion --- .../ubiquity_uninstall.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh index 61780169c..c7c5c8759 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh @@ -130,7 +130,6 @@ $kubectl_delete -f ${YML_DIR}/../${SCBE_CRED_YML} $kubectl_delete -f ${YML_DIR}/../${UBIQUITY_DB_CRED_YML} $kubectl_delete -f $YML_DIR/ubiquity-service.yml $kubectl_delete -f $YML_DIR/ubiquity-db-service.yml -$kubectl_delete -f $YML_DIR/ubiquity-namespace.yml $kubectl_delete -f $YML_DIR/ubiquity-clusterrolebindings-k8s.yml $kubectl_delete -f $YML_DIR/ubiquity-clusterroles.yml $kubectl_delete -f $YML_DIR/ubiquity-serviceaccount.yml From fd0be19fbf5d9c9687674397a8a8b9360a4ed708 Mon Sep 17 00:00:00 2001 From: shay-berman Date: Mon, 22 Oct 2018 16:02:45 +0300 Subject: [PATCH 12/47] Upgrade to Alpine 3.8 and ca-certificates-20171114-r3 (#217) --- Dockerfile.Flex | 4 ++-- Dockerfile.Provisioner | 4 ++-- glide.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile.Flex b/Dockerfile.Flex index 77e487533..abbca14fe 100644 --- a/Dockerfile.Flex +++ b/Dockerfile.Flex @@ -7,8 +7,8 @@ COPY . . RUN CGO_ENABLED=1 GOOS=linux go build -tags netgo -v -a --ldflags '-w -linkmode external -extldflags "-static"' -installsuffix cgo -o ubiquity-k8s-flex cmd/flex/main/cli.go -FROM alpine:3.7 -RUN apk --no-cache add ca-certificates=20171114-r0 +FROM alpine:3.8 +RUN apk --no-cache add ca-certificates=20171114-r3 ENV UBIQUITY_PLUGIN_VERIFY_CA=/var/lib/ubiquity/ssl/public/ubiquity-trusted-ca.crt WORKDIR /root/ COPY --from=0 /go/src/github.com/IBM/ubiquity-k8s/ubiquity-k8s-flex . diff --git a/Dockerfile.Provisioner b/Dockerfile.Provisioner index 680c35707..ae57eabc4 100644 --- a/Dockerfile.Provisioner +++ b/Dockerfile.Provisioner @@ -7,8 +7,8 @@ COPY . . RUN CGO_ENABLED=1 GOOS=linux go build -tags netgo -v -a --ldflags '-w -linkmode external -extldflags "-static"' -installsuffix cgo -o ubiquity-k8s-provisioner cmd/provisioner/main/main.go -FROM alpine:3.7 -RUN apk --no-cache add ca-certificates=20171114-r0 +FROM alpine:3.8 +RUN apk --no-cache add ca-certificates=20171114-r3 ENV UBIQUITY_PLUGIN_VERIFY_CA=/var/lib/ubiquity/ssl/public/ubiquity-trusted-ca.crt WORKDIR /root/ COPY --from=0 /go/src/github.com/IBM/ubiquity-k8s/ubiquity-k8s-provisioner . diff --git a/glide.yaml b/glide.yaml index ac25073e3..41de00036 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 1a9cae43fc45e57019989c11737eb34d8a38db0d + version: 1c0104b66f5f882340b1b5d7d3e0a6a269a1d5a7 subpackages: - remote - resources From de2491a20e3c2a56ddec51dd9a176440737bb3c4 Mon Sep 17 00:00:00 2001 From: Shay Berman Date: Wed, 24 Oct 2018 16:32:59 +0300 Subject: [PATCH 13/47] change KUBECONFIG to empty so it will take it from service account and add pod spec serviceAccount: ubiquity --- .../yamls/ubiquity-k8s-provisioner-deployment.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml index 4c59d0611..c209131e0 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml @@ -12,6 +12,7 @@ spec: app: ubiquity-k8s-provisioner product: ibm-storage-enabler-for-containers spec: + serviceAccount: ubiquity # In order to get the server API token from the service account. containers: - name: ubiquity-k8s-provisioner image: UBIQUITY_K8S_PROVISIONER_IMAGE @@ -20,8 +21,8 @@ spec: value: "ubiquity" - name: UBIQUITY_PORT # Ubiquity port, should point to the ubiquity service port value: "9999" - - name: KUBECONFIG - value: "/tmp/k8sconfig/config" + - name: KUBECONFIG # A file path to k8s config file that will be used by the provisioner to access API server for PVC managment. If empty the provisioner will use the pod spec service account token instead of dedicated file. + value: "" # No need to use ubiquity-configmap because its a deprecated option. We moved to service account. - name: RETRIES # number of retries on failure value: "1" - name: LOG_PATH # provisioner log file directory From c0e9fb0798055eff1934844d361c4dd8d151e92c Mon Sep 17 00:00:00 2001 From: Shay Berman Date: Wed, 24 Oct 2018 16:34:18 +0300 Subject: [PATCH 14/47] minimize clusterroles as needed for provisioner (drop secret, deployment) and add update update for event --- .../yamls/ubiquity-clusterroles.yml | 24 +++++-------------- 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml index ce5d7e29a..96e26eccc 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml @@ -6,31 +6,19 @@ rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - # Needed for ubiqutiy provisioner in order to manage PVs. + # Needed for ubiquity provisioner in order to manage PVs. - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "create", "delete"] - # Needed for the installer\Helm in order to create the first ubiqutiy-db PVC. + verbs: ["get", "list", "watch", "update"] + # Needed for ubiquity provisioner in order to manage PVCs. - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - # Needed for ubiqutiy provisioner in order to create PVCs. - - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "create", "delete"] - # Needed for the installer\Helm in order to manage its secrets. - # Note: we can tune that only for ubiquity namespace (as Role instead inside ClusterRole) - - - apiGroups: ["extensions", "apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch", "update"] - # Needed for the installer\Helm in order to manage uninstall ordering ubiqutiy-db before provisioner and flex. - # Note: we can tune that only for ubiquity namespace (as Role instead inside ClusterRole) + # Needed for ubiquity provisioner as part of the provisioning of PVCs. - apiGroups: [""] resources: ["events"] - verbs: ["watch", "create", "update", "patch"] - # Potentially needed for k8s events. \ No newline at end of file + verbs: ["watch", "create", "list", "update", "patch"] + # Needed for ubiquity provisioner in order to manage PVC events. From 9661a54155ffb6df236ce3c0554a95fe4b528ebd Mon Sep 17 00:00:00 2001 From: Shay Berman Date: Thu, 25 Oct 2018 16:42:57 +0300 Subject: [PATCH 15/47] remove the \-k flag from the installer and any k8s-config related referances --- .../ubiquity_cli.sh | 2 +- .../ubiquity_installer.sh | 36 +++++-------------- .../ubiquity_uninstall.sh | 4 +-- .../ubiquity-k8s-provisioner-deployment.yml | 9 ++--- 4 files changed, 13 insertions(+), 38 deletions(-) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh index 2911cdd76..6474bc74b 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh @@ -167,7 +167,7 @@ function status() pvname=`kubectl get $nsf pvc ${UBIQUITY_DB_PVC_NAME} --no-headers -o custom-columns=name:spec.volumeName` - cmd="kubectl get $nsf $flags secret/ubiquity-db-credentials secret/scbe-credentials cm/k8s-config cm/ubiquity-configmap pv/$pvname pvc/ibm-ubiquity-db svc/ubiquity svc/ubiquity-db daemonset/ubiquity-k8s-flex deploy/ubiquity deploy/ubiquity-db deploy/ubiquity-k8s-provisioner" + cmd="kubectl get $nsf $flags secret/ubiquity-db-credentials secret/scbe-credentials cm/ubiquity-configmap pv/$pvname pvc/ibm-ubiquity-db svc/ubiquity svc/ubiquity-db daemonset/ubiquity-k8s-flex deploy/ubiquity deploy/ubiquity-db deploy/ubiquity-k8s-provisioner" echo $cmd echo '---------------------------------------------------------------------' $cmd || rc=$? diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index 1bcf9b263..15d3dd31d 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -36,9 +36,7 @@ # # Installation # 1. Install IBM Storage Enabler for Containers without its database by running this command: -# $> ./ubiquity_installer.sh -s install -k < Kubernetes configuration file >. -# Note: ubiqutiy-k8s-provisioner uses the Kubernetes configuration file(given by -k flag) to access the Kubernetes API server. -# Usually, Kubernetes configuration file is located either in the ~/.kube/config or /etc/kubernetes directory. +# $> ./ubiquity_installer.sh -s install # # 2. Manually restart the kubelet on all the Kubernetes nodes. # @@ -56,10 +54,8 @@ USAGE $cmd -s -s update-ymls -c Replace the placeholders from -c in the relevant yml files. Flag -c is mandatory for this step - -s install -k [-n ] + -s install [-n ] Installs all $PRODUCT_NAME components in orderly fashion (except for ubiquity-db). - Flag -k for ubiquity-k8s-provisioner. - Usually, this file is stored in the ~/.kube/config or in /etc/kubernetes directory. Flag -n . By default, it is \"ubiquity\" namespace. -s create-ubiquity-db [-n ] Creates the ubiquity-db deployment, waiting for its creation. @@ -89,22 +85,19 @@ function install() # # The install step creates the following components:: # 1. Namespace "ubiquity" (skip, if already exists) + # ServiceAccount, ClusterRoles and ClusterRolesBinding (skip, if already exists) # 2. Service(clusterIP type) "ubiquity" (skip, if already exists) # 3. Service(clusterIP type) "ubiquity-db" (skip, if already exists) # 4. ConfigMap "ubiquity-configmap" (skip, if already exists) # 5. Secret "scbe-credentials" (skip, if already exists) # 6. Secret "ubiquity-db-credentials" (skip, if already exists) - # 3. Deployment "ubiquity" - # 4. ConfigMap "k8s-config" (skip, if already exists) - # 5. Deployment "ubiquity-k8s-provisioner" - # 6. StorageClass (skip, if already exists) - # 7. PVC "ibm-ubiquity-db" - # 8. DaemonSet "ubiquity-k8s-flex" + # 7. Deployment "ubiquity" + # 8. Deployment "ubiquity-k8s-provisioner" + # 9. StorageClass (skip, if already exists) + # 10. PVC "ibm-ubiquity-db" + # 11. DaemonSet "ubiquity-k8s-flex" ######################################################################## - [ -z "$KUBECONF" ] && { echo "Error: Missing -k flag for STEP [$STEP]"; exit 4; } || : - [ ! -f "$KUBECONF" ] && { echo "Error : $KUBECONF not found."; exit 3; } || : - echo "Starting installation \"$PRODUCT_NAME\"..." echo "Installing on the namespace [$NS]." @@ -114,12 +107,6 @@ function install() kubectl create $nsf -f ${YML_DIR}/${UBIQUITY_DEPLOY_YML} wait_for_deployment ubiquity 20 5 $NS - echo "Creating ${K8S_CONFIGMAP_FOR_PROVISIONER} for ubiquity-k8s-provisioner from file [$KUBECONF]." - if ! kubectl get $nsf cm/${K8S_CONFIGMAP_FOR_PROVISIONER} > /dev/null 2>&1; then - kubectl create $nsf configmap ${K8S_CONFIGMAP_FOR_PROVISIONER} --from-file $KUBECONF - else - echo "Skipping the creation of ${K8S_CONFIGMAP_FOR_PROVISIONER} ConfigMap, because it already exists" - fi kubectl create $nsf -f ${YML_DIR}/${UBIQUITY_PROVISIONER_DEPLOY_YML} wait_for_deployment ubiquity-k8s-provisioner 20 5 $NS @@ -310,7 +297,7 @@ function create-services() echo " (2) Create secrets and ConfigMap to store the certificates and trusted CA files by running::" echo " $> $0 -s create-secrets-for-certificates -t -n $NS" echo " Complete the installation:" - echo " (1) $> $0 -s install -k -n $NS" + echo " (1) $> $0 -s install -n $NS" echo " (2) Manually restart kubelet service on all kubernetes nodes to reload the new FlexVolume driver" echo " (3) $> $0 -s create-ubiquity-db -n $NS" echo "" @@ -458,7 +445,6 @@ YML_DIR="$scripts/yamls" SANITY_YML_DIR="$scripts/yamls/sanity_yamls" UTILS=$scripts/ubiquity_lib.sh UBIQUITY_DB_PVC_NAME=ibm-ubiquity-db -K8S_CONFIGMAP_FOR_PROVISIONER=k8s-config steps="update-ymls install create-ubiquity-db create-services create-secrets-for-certificates" [ ! -f $UTILS ] && { echo "Error: $UTILS file is not found"; exit 3; } @@ -467,7 +453,6 @@ steps="update-ymls install create-ubiquity-db create-services create-secrets-for # Handle flags NS="$UBIQUITY_DEFAULT_NAMESPACE" # Set as the default namespace to_deploy_ubiquity_db="false" -KUBECONF="" #~/.kube/config CONFIG_SED_FILE="" STEP="" CERT_DIR="" @@ -479,9 +464,6 @@ while getopts ":dc:k:s:n:t:h" opt; do c) CONFIG_SED_FILE=$OPTARG ;; - k) - KUBECONF=$OPTARG - ;; s) STEP=$OPTARG found=false diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh index c7c5c8759..1adc10b29 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh @@ -29,10 +29,10 @@ # 2. PVC for the ibm-ubiquity-db. Wait until the deletion of PVC and PV is complete. # 3. Storage class that match for the UbiquityDB PVC # 4. ubiquity-k8s-provisioner deployment -# 5. k8s-config configmap # 6. ubiquity-k8s-flex daemonset # 7. ubiquity deployment # 8. ubiquity service +# ServiceAccount, ClusterRoles and ClusterRolesBinding # 9. ubiquity-db service # # Note: The script deletes the ubiquity-k8s-flex daemonset, but it does not delete the Flex driver from the nodes. @@ -59,7 +59,6 @@ scripts=$(dirname $0) YML_DIR="./yamls" UBIQUITY_DB_PVC_NAME=ibm-ubiquity-db UTILS=$scripts/ubiquity_lib.sh -K8S_CONFIGMAP_FOR_PROVISIONER=k8s-config FLEX_K8S_DIR=/usr/libexec/kubernetes/kubelet-plugins/volume/exec/ibm~ubiquity-k8s-flex # Handle flags @@ -120,7 +119,6 @@ wait_for_item_to_delete pvc ${UBIQUITY_DB_PVC_NAME} 10 3 "" $NS # Second phase: Delete all the stateless components $kubectl_delete -f ${YML_DIR}/storage-class.yml $kubectl_delete -f $YML_DIR/${UBIQUITY_PROVISIONER_DEPLOY_YML} -$kubectl_delete configmap ${K8S_CONFIGMAP_FOR_PROVISIONER} $kubectl_delete -f $YML_DIR/${UBIQUITY_FLEX_DAEMONSET_YML} diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml index c209131e0..c146d256c 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml @@ -54,19 +54,14 @@ spec: name: ubiquity-configmap key: SSL-MODE - volumeMounts: - - name: k8s-config - mountPath: /tmp/k8sconfig # Certificate Set : use the below volumeMounts only if predefine certificate given +# Cert # volumeMounts: # Cert # - name: ubiquity-public-certificates # Cert # mountPath: /var/lib/ubiquity/ssl/public # Cert # readOnly: true - volumes: - - name: k8s-config - configMap: - name: k8s-config # Certificate Set : use the below volumes only if predefine certificate given +# Cert # volumes: # Cert # - name: ubiquity-public-certificates # Cert # configMap: # Cert # name: ubiquity-public-certificates From e676f2daf7f5ac39b377d72762567353a46c9cf6 Mon Sep 17 00:00:00 2001 From: Shay Berman Date: Thu, 25 Oct 2018 17:34:16 +0300 Subject: [PATCH 16/47] rename serviceaccount, clusterroles and binds name from ubiquity to ubiquity-k8s-provisioner --- .../ubiquity_installer.sh | 6 +++--- .../ubiquity_uninstall.sh | 6 +++--- ...yml => ubiquity-k8s-provisioner-clusterrolebindings.yml} | 6 +++--- ...rroles.yml => ubiquity-k8s-provisioner-clusterroles.yml} | 2 +- .../yamls/ubiquity-k8s-provisioner-deployment.yml | 2 +- ...ount.yml => ubiquity-k8s-provisioner-serviceaccount.yml} | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) rename scripts/installer-for-ibm-storage-enabler-for-containers/yamls/{ubiquity-clusterrolebindings-k8s.yml => ubiquity-k8s-provisioner-clusterrolebindings.yml} (73%) rename scripts/installer-for-ibm-storage-enabler-for-containers/yamls/{ubiquity-clusterroles.yml => ubiquity-k8s-provisioner-clusterroles.yml} (95%) rename scripts/installer-for-ibm-storage-enabler-for-containers/yamls/{ubiquity-serviceaccount.yml => ubiquity-k8s-provisioner-serviceaccount.yml} (58%) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index 15d3dd31d..788fd59a6 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -386,21 +386,21 @@ function create_serviceaccount_and_clusterroles() { # Creating ubiquity service account if ! kubectl get $nsf serviceaccount ${UBIQUITY_SERVICEACCOUNT_NAME} >/dev/null 2>&1; then - kubectl create $nsf -f ${YML_DIR}/ubiquity-serviceaccount.yml + kubectl create $nsf -f ${YML_DIR}/ubiquity-k8s-provisioner-serviceaccount.yml else echo "${UBIQUITY_SERVICEACCOUNT_NAME} serviceaccount already exists,skipping serviceaccount creation" fi # Creating ubiquity clusterRoles if ! kubectl get $nsf clusterroles ${UBIQUITY_CLUSTERROLES_NAME} >/dev/null 2>&1; then - kubectl create $nsf -f ${YML_DIR}/ubiquity-clusterroles.yml + kubectl create $nsf -f ${YML_DIR}/ubiquity-k8s-provisioner-clusterroles.yml else echo "${UBIQUITY_CLUSTERROLES_NAME} clusterRoles already exists,skipping clusterRoles creation" fi # Creating ubiquity clusterRolesBindings if ! kubectl get $nsf clusterrolebindings ${UBIQUITY_CLUSTERROLESBINDING_NAME} >/dev/null 2>&1; then - kubectl create $nsf -f ${YML_DIR}/ubiquity-clusterrolebindings-k8s.yml + kubectl create $nsf -f ${YML_DIR}/ubiquity-k8s-provisioner-clusterrolebindings.yml else echo "${UBIQUITY_CLUSTERROLESBINDING_NAME} clusterrolebindings already exists,skipping clusterrolebindings creation" fi diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh index 1adc10b29..3c49a51c9 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh @@ -128,9 +128,9 @@ $kubectl_delete -f ${YML_DIR}/../${SCBE_CRED_YML} $kubectl_delete -f ${YML_DIR}/../${UBIQUITY_DB_CRED_YML} $kubectl_delete -f $YML_DIR/ubiquity-service.yml $kubectl_delete -f $YML_DIR/ubiquity-db-service.yml -$kubectl_delete -f $YML_DIR/ubiquity-clusterrolebindings-k8s.yml -$kubectl_delete -f $YML_DIR/ubiquity-clusterroles.yml -$kubectl_delete -f $YML_DIR/ubiquity-serviceaccount.yml +$kubectl_delete -f $YML_DIR/ubiquity-k8s-provisioner-clusterrolebindings.yml +$kubectl_delete -f $YML_DIR/ubiquity-k8s-provisioner-clusterroles.yml +$kubectl_delete -f $YML_DIR/ubiquity-k8s-provisioner-serviceaccount.yml $kubectl_delete -f $YML_DIR/ubiquity-namespace.yml echo "" diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterrolebindings-k8s.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterrolebindings.yml similarity index 73% rename from scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterrolebindings-k8s.yml rename to scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterrolebindings.yml index c112f2440..23e19e0d7 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterrolebindings-k8s.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterrolebindings.yml @@ -1,12 +1,12 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: ubiquity + name: ubiquity-k8s-provisioner subjects: - kind: ServiceAccount - name: ubiquity + name: ubiquity-k8s-provisioner namespace: ubiquity # Note: its the only hardcoded ubiquity namespace (consider to use Values) roleRef: kind: ClusterRole - name: ubiquity + name: ubiquity-k8s-provisioner apiGroup: rbac.authorization.k8s.io diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterroles.yml similarity index 95% rename from scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml rename to scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterroles.yml index 96e26eccc..5cc012361 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-clusterroles.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterroles.yml @@ -1,7 +1,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: ubiquity + name: ubiquity-k8s-provisioner rules: - apiGroups: [""] resources: ["persistentvolumes"] diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml index c146d256c..5fd3973eb 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml @@ -12,7 +12,7 @@ spec: app: ubiquity-k8s-provisioner product: ibm-storage-enabler-for-containers spec: - serviceAccount: ubiquity # In order to get the server API token from the service account. + serviceAccount: ubiquity-k8s-provisioner # In order to get the server API token from the service account. containers: - name: ubiquity-k8s-provisioner image: UBIQUITY_K8S_PROVISIONER_IMAGE diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-serviceaccount.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-serviceaccount.yml similarity index 58% rename from scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-serviceaccount.yml rename to scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-serviceaccount.yml index 69b80e273..415c14b24 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-serviceaccount.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-serviceaccount.yml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: ubiquity + name: ubiquity-k8s-provisioner From da836c822abf19c6d48b96cd31ae69880b312ebc Mon Sep 17 00:00:00 2001 From: Shay Berman Date: Sun, 28 Oct 2018 13:49:25 +0200 Subject: [PATCH 17/47] Add product label on the SA,CR, CRB objects + add log collect to these objects --- .../ubiquity_cli.sh | 10 +++++++--- .../ubiquity_installer.sh | 1 + .../ubiquity-k8s-provisioner-clusterrolebindings.yml | 2 ++ .../yamls/ubiquity-k8s-provisioner-clusterroles.yml | 2 ++ .../yamls/ubiquity-k8s-provisioner-serviceaccount.yml | 2 ++ 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh index 6474bc74b..c408e3812 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh @@ -128,15 +128,19 @@ function collect_logs() files_to_collect="${files_to_collect} ${logdir}/${flex_pod}.log" done - describe_label_cmd="kubectl describe $nsf ns,all,cm,secret,storageclass,pvc,ds -l product=${UBIQUITY_LABEL}" + describe_label_cmd="kubectl describe $nsf ns,all,cm,secret,storageclass,pvc,ds,serviceaccount -l product=${UBIQUITY_LABEL}" echo "$describe_label_cmd" $describe_label_cmd > $describe_all_per_label 2>&1 || : + describe_clusterroles="kubectl describe clusterroles/ubiquity-k8s-provisioner clusterrolebindings/ubiquity-k8s-provisioner" + echo "$describe_clusterroles" + $describe_clusterroles >> $describe_all_per_label 2>&1 || : + describe_pv_cmd="kubectl describe $nsf pv $UBIQUITY_DB_PVC_NAME" echo "$describe_pv_cmd" $describe_pv_cmd >> $describe_all_per_label 2>&1 || : - get_label_cmd="kubectl get $nsf ns,all,cm,secret,storageclass,pvc,ds -l product=${UBIQUITY_LABEL}" + get_label_cmd="kubectl get $nsf ns,all,cm,secret,storageclass,pvc,ds,serviceaccount -l product=${UBIQUITY_LABEL}" echo "$get_label_cmd" $get_label_cmd > $get_all_per_label 2>&1 || : @@ -154,7 +158,7 @@ function status() rc=0 flags="$1" - cmd="kubectl get $nsf $flags serviceaccount/ubiquity clusterroles/ubiquity clusterrolebindings/ubiquity" + cmd="kubectl get $nsf $flags serviceaccount/ubiquity-k8s-provisioner clusterroles/ubiquity-k8s-provisioner clusterrolebindings/ubiquity-k8s-provisioner" echo $cmd echo '---------------------------------------------------------------------' $cmd || rc=$? diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index 788fd59a6..6bad4036e 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -456,6 +456,7 @@ to_deploy_ubiquity_db="false" CONFIG_SED_FILE="" STEP="" CERT_DIR="" +# TODO need to remove -k flag when automation is ready to drop it. while getopts ":dc:k:s:n:t:h" opt; do case $opt in d) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterrolebindings.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterrolebindings.yml index 23e19e0d7..750fd0ce8 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterrolebindings.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterrolebindings.yml @@ -2,6 +2,8 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: ubiquity-k8s-provisioner + labels: + product: ibm-storage-enabler-for-containers subjects: - kind: ServiceAccount name: ubiquity-k8s-provisioner diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterroles.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterroles.yml index 5cc012361..9b2856188 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterroles.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-clusterroles.yml @@ -2,6 +2,8 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: ubiquity-k8s-provisioner + labels: + product: ibm-storage-enabler-for-containers rules: - apiGroups: [""] resources: ["persistentvolumes"] diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-serviceaccount.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-serviceaccount.yml index 415c14b24..f05765dce 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-serviceaccount.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-serviceaccount.yml @@ -2,3 +2,5 @@ apiVersion: v1 kind: ServiceAccount metadata: name: ubiquity-k8s-provisioner + labels: + product: ibm-storage-enabler-for-containers From a3af28feb4f942d17bc31d95c53c34fe5e7fafb8 Mon Sep 17 00:00:00 2001 From: olgasht Date: Wed, 31 Oct 2018 13:12:25 +0200 Subject: [PATCH 18/47] update glide # --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index 41de00036..65920cc5f 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 1c0104b66f5f882340b1b5d7d3e0a6a269a1d5a7 + version: 724a3695c36430646253856459a1f61e6f98949b subpackages: - remote - resources From d2e73f5df48bb68f1695f4779ead4869ced11933 Mon Sep 17 00:00:00 2001 From: olgashtivelman <33713489+olgashtivelman@users.noreply.github.com> Date: Wed, 31 Oct 2018 13:49:17 +0200 Subject: [PATCH 19/47] UB-15151: fixed instlaler to be in one floe (#219) --- .../ubiquity_installer.sh | 37 +++---------------- 1 file changed, 5 insertions(+), 32 deletions(-) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index 79e47ee66..cb3bfb445 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -35,16 +35,11 @@ # $> ./ubiquity_installer.sh -s update-ymls -c ubiquity_installer.conf. # # Installation -# 1. Install IBM Storage Enabler for Containers without its database by running this command: +# 1. Install IBM Storage Enabler for Containers by running this command: # $> ./ubiquity_installer.sh -s install -k < Kubernetes configuration file >. # Note: ubiqutiy-k8s-provisioner uses the Kubernetes configuration file(given by -k flag) to access the Kubernetes API server. # Usually, Kubernetes configuration file is located either in the ~/.kube/config or /etc/kubernetes directory. # -# 2. Manually restart the kubelet on all the Kubernetes nodes. -# -# 3. Install the IBM Storage Enabler for Containers database(ubiquity-db) by running this command: -# $> ./ubiquity_installer.sh -s create-ubiquity-db. -# # ------------------------------------------------------------------------- function usage() @@ -57,13 +52,10 @@ USAGE $cmd -s Replace the placeholders from -c in the relevant yml files. Flag -c is mandatory for this step -s install -k [-n ] - Installs all $PRODUCT_NAME components in orderly fashion (except for ubiquity-db). + Installs all $PRODUCT_NAME components in orderly fashion. Flag -k for ubiquity-k8s-provisioner. Usually, this file is stored in the ~/.kube/config or in /etc/kubernetes directory. Flag -n . By default, it is \"ubiquity\" namespace. - -s create-ubiquity-db [-n ] - Creates the ubiquity-db deployment, waiting for its creation. - Use this option after finishing the installation and manually restarting the kubelets on the nodes. Steps required for SSL_MODE=verify-full: -s create-services [-n ] @@ -151,20 +143,7 @@ function install() flex_missing=true fi - - - if [ "${to_deploy_ubiquity_db}" == "true" ]; then - create-ubiquity-db - else - echo "" - echo "\"$PRODUCT_NAME\" Installation finished, but the deployment is not ready yet." - echo " Perform the following: " - [ "$flex_missing" = "true" ] && echo " (0) Verify that ubiquity-k8s-flex daemonset pod runs on all nodes including all masters. If not, check why." - echo " (1) Manually restart the kubelet service on all Kubernetes nodes to reload the new FlexVolume driver." - echo " (2) Deploy ubiquity-db by $> $0 -s create-ubiquity-db -n $NS" - echo " Note : View status by $> ./ubiquity_cli.sh -a status -n $NS" - echo "" - fi + create-ubiquity-db } # STEP function @@ -279,7 +258,7 @@ function create-ubiquity-db() ## Creates deployment for ubiquity-db ######################################## - echo "Creating ubiquity-db deployment... (Assuming that the IBM Storage Kubernetes FlexVolume(ubiquity-k8s-flex) plugin is already loaded on all the nodes)" + echo "Creating ubiquity-db deployment..." kubectl create --namespace $NS -f ${YML_DIR}/${UBIQUITY_DB_DEPLOY_YML} echo "Waiting for deployment [ubiquity-db] to be created..." wait_for_deployment ubiquity-db 50 5 $NS @@ -311,8 +290,6 @@ function create-services() echo " $> $0 -s create-secrets-for-certificates -t -n $NS" echo " Complete the installation:" echo " (1) $> $0 -s install -k -n $NS" - echo " (2) Manually restart kubelet service on all kubernetes nodes to reload the new FlexVolume driver" - echo " (3) $> $0 -s create-ubiquity-db -n $NS" echo "" } @@ -433,23 +410,19 @@ SANITY_YML_DIR="$scripts/yamls/sanity_yamls" UTILS=$scripts/ubiquity_lib.sh UBIQUITY_DB_PVC_NAME=ibm-ubiquity-db K8S_CONFIGMAP_FOR_PROVISIONER=k8s-config -steps="update-ymls install create-ubiquity-db create-services create-secrets-for-certificates" +steps="update-ymls install create-services create-secrets-for-certificates" [ ! -f $UTILS ] && { echo "Error: $UTILS file is not found"; exit 3; } . $UTILS # include utils for wait function and status # Handle flags NS="$UBIQUITY_DEFAULT_NAMESPACE" # Set as the default namespace -to_deploy_ubiquity_db="false" KUBECONF="" #~/.kube/config CONFIG_SED_FILE="" STEP="" CERT_DIR="" while getopts ":dc:k:s:n:t:h" opt; do case $opt in - d) - to_deploy_ubiquity_db="true" - ;; c) CONFIG_SED_FILE=$OPTARG ;; From 545231606813bfd47d0458b094cf5fc94dd16a34 Mon Sep 17 00:00:00 2001 From: Deepak Ghuge Date: Thu, 1 Nov 2018 12:48:29 +0530 Subject: [PATCH 20/47] Spectrumscale epic3 Unified Installer (#220) Unified Installer - added new storage class yaml for spectrum scale : storage-class-spectrumscale.yml - added new configuration file for spectrum scale : ubiquity_installer_scale.conf - added new secret file for spectrum scale : spectrumscale-credentials-secret.yml - added spectrum scale specific parameter in configmap, deployment yml - installer will be used to install either spectrum scale or scbe not both - added functions to find backend to be installed from configmap and configuration file - backend to be installed is decided based on value of SPECTRUMSCALE_MANAGEMENT_IP and SCBE_MANAGEMENT_IP - secret will be create based on backend - added spectrum-scale ca-cert in configmap based on backend - removed check for username and password from flex setup - default backend will be updated in configmap based on backend being installed. - SKIP_RESCAN_ISCSI_VALUE set to false in case of spectrum scale --- glide.yaml | 2 +- .../spectrumscale-credentials-secret.yml | 14 ++ .../ubiquity-configmap.yml | 16 +- .../ubiquity_cli.sh | 12 +- .../ubiquity_installer.sh | 180 ++++++++++++++++-- .../ubiquity_installer_scale.conf | 65 +++++++ .../ubiquity_lib.sh | 3 +- .../ubiquity_uninstall.sh | 1 + .../yamls/storage-class-spectrumscale.yml | 14 ++ .../yamls/ubiquity-deployment.yml | 75 ++++++-- .../yamls/ubiquity-k8s-flex-daemonset.yml | 22 +-- .../ubiquity-k8s-provisioner-deployment.yml | 20 +- scripts/setup_flex.sh | 7 +- 13 files changed, 372 insertions(+), 59 deletions(-) create mode 100644 scripts/installer-for-ibm-storage-enabler-for-containers/spectrumscale-credentials-secret.yml create mode 100644 scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf create mode 100644 scripts/installer-for-ibm-storage-enabler-for-containers/yamls/storage-class-spectrumscale.yml diff --git a/glide.yaml b/glide.yaml index 65920cc5f..de4a881fa 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 724a3695c36430646253856459a1f61e6f98949b + version: ae6a0a55dd776cfac7fa96c973b9f7691e2c6e2a subpackages: - remote - resources diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/spectrumscale-credentials-secret.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/spectrumscale-credentials-secret.yml new file mode 100644 index 000000000..15107e4c9 --- /dev/null +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/spectrumscale-credentials-secret.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: spectrumscale-credentials + labels: + product: ibm-storage-enabler-for-containers +# Spectrum Scale management API Server(GUI) credentials needed for ubiquity. +type: Opaque +data: + # Base64-encoded username defined for the IBM Storage Enabler for Containers interface in Spectrum Scale. + username: "SPECTRUMSCALE_USERNAME_VALUE" + + # Base64-encoded password defined for the IBM Storage Enabler for Containers interface in Spectrum Scale. + password: "SPECTRUMSCALE_PASSWORD_VALUE" diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml index f1761d6e1..964766c2f 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml @@ -9,7 +9,7 @@ data: # The keys below are used by ubiquity deployment # ----------------------------------------------- # IP or FQDN of Spectrum Connect(previously known as SCBE) server. - SCBE-MANAGEMENT-IP: SCBE_MANAGEMENT_IP_VALUE + SCBE-MANAGEMENT-IP: "SCBE_MANAGEMENT_IP_VALUE" # Communication port of Spectrum Connect server. Optional parameter with default value set at 8440. SCBE-MANAGEMENT-PORT: "SCBE_MANAGEMENT_PORT_VALUE" @@ -29,6 +29,20 @@ data: # DB pv name. IBM-UBIQUITY-DB-PV-NAME: IBM_UBIQUITY_DB_PV_NAME_VALUE + # IP or FQDN of Spectrum Scale Management API server(GUI). + SPECTRUMSCALE-MANAGEMENT-IP: "SPECTRUMSCALE_MANAGEMENT_IP_VALUE" + + # Communication port of Spectrum Scale Management API server(GUI). + SPECTRUMSCALE-MANAGEMENT-PORT: "SPECTRUMSCALE_MANAGEMENT_PORT_VALUE" + + # Default Filesystem for creating pvc + SPECTRUMSCALE-DEFAULT-FILESYSTEM-NAME: "SPECTRUMSCALE_DEFAULT_FILESYSTEM_NAME_VALUE" + + # SSL verification mode for communication between Ubiquity and Spectrum Scale GUI. Allowed values: require (no validation is required) and verify-full (user-provided certificates). + SPECTRUMSCALE-SSL-MODE: "SPECTRUMSCALE_SSL_MODE_VALUE" + + # Default Ubiquity Backend + DEFAULT-BACKEND: "DEFAULT_BACKEND_VALUE" # The following keys are used by ubiquity, ubiquity-k8s-provisioner deployments, And ubiquity-k8s-flex daemon-set # ---------------------------------------------------------------------------------------------------------------------------- diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh index cc73547cd..8fb0855ae 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_cli.sh @@ -162,11 +162,21 @@ function status() pvname=`kubectl get $nsf pvc ${UBIQUITY_DB_PVC_NAME} --no-headers -o custom-columns=name:spec.volumeName` - cmd="kubectl get $nsf $flags secret/ubiquity-db-credentials secret/scbe-credentials cm/k8s-config cm/ubiquity-configmap pv/$pvname pvc/ibm-ubiquity-db svc/ubiquity svc/ubiquity-db daemonset/ubiquity-k8s-flex deploy/ubiquity deploy/ubiquity-db deploy/ubiquity-k8s-provisioner" + cmd="kubectl get $nsf $flags secret/ubiquity-db-credentials cm/k8s-config cm/ubiquity-configmap pv/$pvname pvc/ibm-ubiquity-db svc/ubiquity svc/ubiquity-db daemonset/ubiquity-k8s-flex deploy/ubiquity deploy/ubiquity-db deploy/ubiquity-k8s-provisioner" echo $cmd echo '---------------------------------------------------------------------' $cmd || rc=$? + isitscbe=`kubectl get $nsf configmap ubiquity-configmap -o jsonpath="{.data.SCBE-MANAGEMENT-IP}"` + if [ ! -z "$isitscbe" ]; then + kubectl get $nsf $flags secret/scbe-credentials || rc=$? + fi + + isitscale=`kubectl get $nsf configmap ubiquity-configmap -o jsonpath="{.data.SPECTRUMSCALE-MANAGEMENT-IP}"` + if [ ! -z "$isitscale" ]; then + kubectl get $nsf $flags secret/spectrumscale-credentials || rc=$? + fi + echo "" cmd="kubectl get $nsf $flags pod | egrep \"^ubiquity|^NAME\"" echo $cmd diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index cb3bfb445..6b180fe8e 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -97,6 +97,14 @@ function install() [ -z "$KUBECONF" ] && { echo "Error: Missing -k flag for STEP [$STEP]"; exit 4; } || : [ ! -f "$KUBECONF" ] && { echo "Error : $KUBECONF not found."; exit 3; } || : + + # Check for backend to be installed and restrict more than one backend installation + backend_from_configmap=$(find_backend_from_configmap) + if [ "$backend_from_configmap" == "spectrumscale;spectrumconnect" ]; then + echo "ERROR: Both backends(scbe and spectrumscale) cannot be installed on same cluster at the same time." + exit 2 + fi + echo "Starting installation \"$PRODUCT_NAME\"..." echo "Installing on the namespace [$NS]." @@ -116,11 +124,22 @@ function install() wait_for_deployment ubiquity-k8s-provisioner 20 5 $NS # Create storage class and PVC, then wait for PVC and PV creation - if ! kubectl get $nsf -f ${YML_DIR}/storage-class.yml > /dev/null 2>&1; then - kubectl create $nsf -f ${YML_DIR}/storage-class.yml - else - echo "Skipping the creation of ${YML_DIR}/storage-class.yml storage class, because it already exists" + if [ "$backend_from_configmap" == "spectrumconnect" ]; then + if ! kubectl get $nsf -f ${YML_DIR}/storage-class.yml > /dev/null 2>&1; then + kubectl create $nsf -f ${YML_DIR}/storage-class.yml + else + echo "Skipping the creation of ${YML_DIR}/storage-class.yml storage class, because it already exists" + fi + fi + + if [ "$backend_from_configmap" == "spectrumscale" ]; then + if ! kubectl get $nsf -f ${YML_DIR}/storage-class-spectrumscale.yml > /dev/null 2>&1; then + kubectl create $nsf -f ${YML_DIR}/storage-class-spectrumscale.yml + else + echo "Skipping the creation of ${YML_DIR}/storage-class-spectrumscale.yml storage class, because it already exists" + fi fi + kubectl create $nsf -f ${YML_DIR}/ubiquity-db-pvc.yml echo "Waiting for ${UBIQUITY_DB_PVC_NAME} PVC to be created" wait_for_item pvc ${UBIQUITY_DB_PVC_NAME} ${PVC_GOOD_STATUS} 60 5 $NS @@ -191,11 +210,28 @@ function update-ymls() KEY_FILE_DICT['STORAGE_CLASS_NAME_VALUE']="${FIRST_STORAGECLASS_YML} ${PVCS_USES_STORAGECLASS_YML}" KEY_FILE_DICT['STORAGE_CLASS_PROFILE_VALUE']="${FIRST_STORAGECLASS_YML}" KEY_FILE_DICT['STORAGE_CLASS_FSTYPE_VALUE']="${FIRST_STORAGECLASS_YML}" + KEY_FILE_DICT['SPECTRUMSCALE_USERNAME_VALUE']="${SPECTRUMSCALE_CRED_YML}" + KEY_FILE_DICT['SPECTRUMSCALE_PASSWORD_VALUE']="${SPECTRUMSCALE_CRED_YML}" + KEY_FILE_DICT['SPECTRUMSCALE_MANAGEMENT_IP_VALUE']="${UBIQUITY_CONFIGMAP_YML}" + KEY_FILE_DICT['SPECTRUMSCALE_MANAGEMENT_PORT_VALUE']="${UBIQUITY_CONFIGMAP_YML}" + KEY_FILE_DICT['SPECTRUMSCALE_DEFAULT_FILESYSTEM_NAME_VALUE']="${UBIQUITY_CONFIGMAP_YML}" + KEY_FILE_DICT['SPECTRUMSCALE_SSL_MODE_VALUE']="${UBIQUITY_CONFIGMAP_YML}" - base64_placeholders="UBIQUITY_DB_USERNAME_VALUE UBIQUITY_DB_PASSWORD_VALUE UBIQUITY_DB_NAME_VALUE SCBE_USERNAME_VALUE SCBE_PASSWORD_VALUE" + base64_placeholders="UBIQUITY_DB_USERNAME_VALUE UBIQUITY_DB_PASSWORD_VALUE UBIQUITY_DB_NAME_VALUE SCBE_USERNAME_VALUE SCBE_PASSWORD_VALUE SPECTRUMSCALE_USERNAME_VALUE SPECTRUMSCALE_PASSWORD_VALUE" was_updated="false" # if there is nothing to update, exit with error + # Check for backend to be installed and restrict more than one backend installation + backend_from_configfile=$(find_backend_from_configfile) + if [ -z "$backend_from_configfile" ]; then + echo "ERROR: Either SCBE_MANAGEMENT_IP_VALUE or SPECTRUMSCALE_MANAGEMENT_IP_VALUE need to be populated with correct value to proceed further." + exit 2 + fi + if [ "$backend_from_configfile" == "spectrumscale;spectrumconnect" ]; then + echo "ERROR: Both backends(scbe and spectrumscale) cannot be installed on same cluster at the same time." + exit 2 + fi + read -p "Updating yml files with placeholders from ${CONFIG_SED_FILE} file. Are you sure (y/n): " yn if [ "$yn" != "y" ]; then echo "Skip updating the yml files with placeholder." @@ -236,6 +272,21 @@ function update-ymls() exit 2 fi + # Handling DEFAULT_BACKEND, Uncommenting Credentials based on backend, Handling backend initilization + ymls_to_updates="${YML_DIR}/${UBIQUITY_PROVISIONER_DEPLOY_YML} ${YML_DIR}/${UBIQUITY_FLEX_DAEMONSET_YML} ${YML_DIR}/${UBIQUITY_DEPLOY_YML}" + if [ "$backend_from_configfile" == "spectrumconnect" ]; then + sed -i "s|DEFAULT_BACKEND_VALUE|scbe|g" ${YML_DIR}/../ubiquity-configmap.yml + sed -i "s|SPECTRUMSCALE_MANAGEMENT_IP_VALUE||g" ${YML_DIR}/../ubiquity-configmap.yml + sed -i 's/^# SCBE Credentials #\(.*\)/\1 # SCBE Credentials #/g' ${ymls_to_updates} + fi + + if [ "$backend_from_configfile" == "spectrumscale" ]; then + sed -i "s|DEFAULT_BACKEND_VALUE|spectrum-scale|g" ${YML_DIR}/../ubiquity-configmap.yml + sed -i "s|SCBE_MANAGEMENT_IP_VALUE||g" ${YML_DIR}/../ubiquity-configmap.yml + sed -i "s|SKIP_RESCAN_ISCSI_VALUE|false|g" ${YML_DIR}/../ubiquity-configmap.yml + sed -i 's/^# SPECTRUMSCALE Credentials #\(.*\)/\1 # SPECTRUMSCALE Credentials #/g' ${ymls_to_updates} + fi + if [ "$ssl_mode" = "verify-full" ]; then ymls_to_updates="${YML_DIR}/${UBIQUITY_PROVISIONER_DEPLOY_YML} ${YML_DIR}/${UBIQUITY_FLEX_DAEMONSET_YML} ${YML_DIR}/${UBIQUITY_DEPLOY_YML} ${YML_DIR}/${UBIQUITY_DB_DEPLOY_YML}" @@ -245,6 +296,14 @@ function update-ymls() # this sed removes the comments from all the certificate lines in the yml files sed -i 's/^# Cert #\(.*\)/\1 # Cert #/g' ${ymls_to_updates} + # Removed the commentes on ca-cert based on backend + if [ "$backend_from_configfile" == "spectrumscale" ]; then + sed -i 's/^# SPECTRUMSCALE Cert #\(.*\)/\1 # SPECTRUMSCALE Cert #/g' ${ymls_to_updates} + fi + + if [ $backend_from_configfile == "spectrumconnect" ]; then + sed -i 's/^# SCBE Cert #\(.*\)/\1 # SCBE Cert #/g' ${ymls_to_updates} + fi echo " Certificate updates are completed." fi @@ -312,7 +371,37 @@ function create-secrets-for-certificates() echo "Creating secrets [ubiquity-private-certificate and ubiquity-db-private-certificate] and ConfigMap [ubiquity-public-certificates] based on files in directory $CERT_DIR" # Validating all certificate files in the $CERT_DIR directory - expected_cert_files="ubiquity.key ubiquity.crt ubiquity-db.key ubiquity-db.crt ubiquity-trusted-ca.crt ubiquity-db-trusted-ca.crt scbe-trusted-ca.crt " + expected_cert_files="ubiquity.key ubiquity.crt ubiquity-db.key ubiquity-db.crt ubiquity-trusted-ca.crt ubiquity-db-trusted-ca.crt" + backend_from_configmap=$(find_backend_from_configmap) + backend_cacert_file="" + if [ -z "$backend_from_configmap" ]; then + # Assuming configmap does not exist, so no possibility of finding for backend from configmap. + # check is ca-cert for spectrumscale exist in $CERT_DIR + if [ "-f $CERT_DIR/spectrumscale-trusted-ca.crt" ]; then + backend_cacert_file="spectrumscale-trusted-ca.crt" + fi + # check is ca-cert for scbe exist in $CERT_DIR + if [ "-f $CERT_DIR/scbe-trusted-ca.crt" ]; then + backend_cacert_file="scbe-trusted-ca.crt" + fi + + if [ -z "$backend_cacert_file" ]; then + echo "Error: Missing certificate file scbe-trusted-ca.crt or spectrumscale-trusted-ca.crt in directory $CERT_DIR." + echo " scbe-trusted-ca.crt is mandatory for enabling Ubiquity with SCBE backend." + echo " spectrumscale-trusted-ca.crt is mandatory for enabling Ubiquity with Spectrum Scale backend." + exit 2 + fi + else + if [ "$backend_from_configmap" == "spectrumscale" ]; then + backend_cacert_file=" spectrumscale-trusted-ca.crt" + fi + + if [ "$backend_from_configmap" == "spectrumconnect" ]; then + backend_cacert_file=" scbe-trusted-ca.crt" + fi + fi + expected_cert_files+=" $backend_cacert_file" + for certfile in $expected_cert_files; do if [ ! -f $CERT_DIR/$certfile ]; then echo "Error: Missing certificate file $CERT_DIR/$certfile in directory $CERT_DIR." @@ -321,7 +410,7 @@ function create-secrets-for-certificates() fi done - # Veryfying that secrets and ConfigMap do not exist before starting their creation + # Verifying that secrets and ConfigMap do not exist before starting their creation kubectl get secret $nsf ubiquity-db-private-certificate >/dev/null 2>&1 && already_exist "secret [ubiquity-db-private-certificate]" || : kubectl get secret $nsf ubiquity-private-certificate >/dev/null 2>&1 && already_exist "secret [ubiquity-private-certificate]" || : kubectl get configmap $nsf ubiquity-public-certificates >/dev/null 2>&1 && already_exist "configmap [ubiquity-public-certificates]" || : @@ -330,16 +419,22 @@ function create-secrets-for-certificates() cd $CERT_DIR kubectl create secret $nsf generic ubiquity-db-private-certificate --from-file=ubiquity-db.key --from-file=ubiquity-db.crt kubectl create secret $nsf generic ubiquity-private-certificate --from-file=ubiquity.key --from-file=ubiquity.crt - kubectl create configmap $nsf ubiquity-public-certificates --from-file=ubiquity-db-trusted-ca.crt=ubiquity-db-trusted-ca.crt --from-file=scbe-trusted-ca.crt=scbe-trusted-ca.crt --from-file=ubiquity-trusted-ca.crt=ubiquity-trusted-ca.crt - cd - + ca_cert_files="--from-file=ubiquity-db-trusted-ca.crt=ubiquity-db-trusted-ca.crt --from-file=ubiquity-trusted-ca.crt=ubiquity-trusted-ca.crt" + if [ $backend_cacert_file == "spectrumscale" ]; then + ca_cert_files+=" --from-file=spectrumscale-trusted-ca.crt=spectrumscale-trusted-ca.crt" + fi + + if [ $backend_cacert_file == "spectrumconnect" ]; then + ca_cert_files+=" --from-file=scbe-trusted-ca.crt=scbe-trusted-ca.crt" + fi + kubectl create configmap $nsf ubiquity-public-certificates $ca_cert_files + cd - kubectl get $nsf secrets/ubiquity-db-private-certificate secrets/ubiquity-private-certificate cm/ubiquity-public-certificates echo "" echo "Finished creating secrets and ConfigMap for $PRODUCT_NAME certificates." } - - function already_exist() { echo "Error: Secret $1 already exists. Delete it first."; exit 2; } function create_only_namespace_and_services() @@ -387,12 +482,25 @@ function create_configmap_and_credentials_secrets() else echo "ubiquity-configmap ConfigMap already exists,skipping ConfigMap creation" fi - if ! kubectl get $nsf secret scbe-credentials >/dev/null 2>&1; then - kubectl create $nsf -f ${YML_DIR}/../${SCBE_CRED_YML} - else - echo "scbe-credentials secret already exists,skipping secret creation" + + backend_from_configmap=$(find_backend_from_configmap) + if [ "$backend_from_configmap" == "spectrumconnect" ]; then + if ! kubectl get $nsf secret scbe-credentials >/dev/null 2>&1; then + kubectl create $nsf -f ${YML_DIR}/../${SCBE_CRED_YML} + else + echo "scbe-credentials secret already exists, skipping secret creation" + fi + fi + + if [ "$backend_from_configmap" == "spectrumscale" ]; then + if ! kubectl get $nsf secret spectrumscale-credentials >/dev/null 2>&1; then + kubectl create $nsf -f ${YML_DIR}/../${SPECTRUMSCALE_CRED_YML} + else + echo "spectrumscale-credentials secret already exists, skipping secret creation" + fi fi + if ! kubectl get $nsf secret ubiquity-db-credentials >/dev/null 2>&1; then kubectl create $nsf -f ${YML_DIR}/../${UBIQUITY_DB_CRED_YML} else @@ -400,6 +508,48 @@ function create_configmap_and_credentials_secrets() fi } +function find_backend_from_configmap() +{ + unset isitscale + unset isitscbe + backendtobeinstalled="" + + isitscale=`kubectl get $nsf configmap ubiquity-configmap -o jsonpath="{.data.SPECTRUMSCALE-MANAGEMENT-IP}" 2>/dev/null` + if [ ! -z "$isitscale" ]; then + backendtobeinstalled="spectrumscale" + fi + + isitscbe=`kubectl get $nsf configmap ubiquity-configmap -o jsonpath="{.data.SCBE-MANAGEMENT-IP}" 2>/dev/null` + if [ ! -z "$isitscbe" ] && [ -z "$backendtobeinstalled" ]; then + backendtobeinstalled="spectrumconnect" + elif [ ! -z "$isitscbe" ] && [ "$backendtobeinstalled" == "spectrumscale"]; then + backendtobeinstalled+=";spectrumconnect" + fi + + echo "$backendtobeinstalled" +} + +function find_backend_from_configfile() +{ + unset isitscale + unset isitscbe + backendtobeinstalled="" + + isitscale=`awk -F= '/^SPECTRUMSCALE_MANAGEMENT_IP_VALUE/ {print $2}' $CONFIG_SED_FILE` + if [ ! -z "$isitscale" ] && [ "$isitscale" != "VALUE" ]; then + backendtobeinstalled="spectrumscale" + fi + + isitscbe=`awk -F= '/^SCBE_MANAGEMENT_IP_VALUE/ {print $2}' $CONFIG_SED_FILE` + if [ ! -z "$isitscbe" ] && [ "$isitscbe" != "VALUE" ] && [ -z "$backendtobeinstalled" ]; then + backendtobeinstalled="spectrumconnect" + elif [ ! -z "$isitscbe" ] && [ "$isitscbe" != "VALUE" ] && [ "$backendtobeinstalled" == "spectrumscale" ]; then + backendtobeinstalled+=";spectrumconnect" + fi + + echo "$backendtobeinstalled" +} + ## MAIN ## ########## diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf new file mode 100644 index 000000000..27b10252b --- /dev/null +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf @@ -0,0 +1,65 @@ +# ---------------------------------------------------- +# Description: +# This is a configuration file for the ubiquity_installer.sh script. +# When run (# ubiquity_installer.sh -s update-ymls -c ), +# this script replaces the relevant values in all the yaml files of the installer. +# +# Attention: +# 1. Replace the "VALUE"s placeholder below with the relevant value for your environment. +# 2. Any change required after running this installer script must be performed manually in the corresponding *.yml file itself. +# ---------------------------------------------------- + +# The Docker images of IBM Storage Enabler for Containers. +UBIQUITY_IMAGE=ibmcom/ibm-storage-enabler-for-containers:1.2.0 +UBIQUITY_DB_IMAGE=ibmcom/ibm-storage-enabler-for-containers-db:1.2.0 +UBIQUITY_K8S_PROVISIONER_IMAGE=ibmcom/ibm-storage-dynamic-provisioner-for-kubernetes:1.2.0 +UBIQUITY_K8S_FLEX_IMAGE=ibmcom/ibm-storage-flex-volume-for-kubernetes:1.2.0 + +# Parameters in ubiquity-configmap.yml that impact on ubiquity deployment +#----------------------------------------------------------------- +# IP or FQDN of Spectrum Scale Management API server(GUI). +SPECTRUMSCALE_MANAGEMENT_IP_VALUE=VALUE + +# Communication port of Spectrum Scale Management API server(GUI). +SPECTRUMSCALE_MANAGEMENT_PORT_VALUE=443 + +# Default Filesystem for creating pvc +SPECTRUMSCALE_DEFAULT_FILESYSTEM_NAME_VALUE=VALUE + +# SSL verification mode for communication between Ubiquity and Spectrum Scale GUI. Allowed values: require (no validation is required) and verify-full (user-provided certificates). +SPECTRUMSCALE_SSL_MODE_VALUE=VALUE + +# Ubiquity database PV name. For Spectrum Virtualize and Spectrum Accelerate, use default value "ibm-ubiquity-db". +IBM_UBIQUITY_DB_PV_NAME_VALUE=ibm-ubiquity-db + +# Parameters in ubiquity-configmap.yml that impact on "ubiquity" and "ubiquity-k8s-provisioner" deployments, And "ubiquity-k8s-flex" daemonset +#----------------------------------------------------------------- +# Flex log directory. If you change the default, then make the new path exist on all the nodes and update the Flex daemonset hostpath according. +FLEX_LOG_DIR_VALUE=/var/log + +# Log level. Allowed values: debug, info, error. +LOG_LEVEL_VALUE=info + +# SSL verification mode. Allowed values: require (no validation is required) and verify-full (user-provided certificates). +SSL_MODE_VALUE=VALUE + + +# Parameters in scale-credentials-secret.yml that impact ubiquity +#----------------------------------------------------------------- +# Username and password defined for IBM Storage Enabler for Containers interface in Spectrum Scale. +SPECTRUMSCALE_USERNAME_VALUE=VALUE +SPECTRUMSCALE_PASSWORD_VALUE=VALUE + + +# Parameters in ubiquity-db-credentials-secret.yml that impact ubiquity and ubiquity-db deployments +#----------------------------------------------------------------- +# Username and password for the deployment of ubiquity-db database. Note : Do not use the "postgres" username, because it already exists. +UBIQUITY_DB_USERNAME_VALUE=ubiquity +UBIQUITY_DB_PASSWORD_VALUE=ubiquity + + +# Parameters to create the first Storage Class that also be used by ubiquity for ibm-ubiquity-db PVC. +# The parameters in the following files: yamls/storage-class-scale.yml, ubiquity-db-pvc.yml, sanity_yamls/sanity-pvc.yml +#----------------------------------------------------------------- +# Storage Class name +STORAGE_CLASS_NAME_VALUE=VALUE diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh index 27b6dedd1..a2d0476d0 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh @@ -28,6 +28,7 @@ UBIQUITY_DB_SERVICE_NAME="ubiquity-db" PRODUCT_NAME="IBM Storage Enabler for Containers" EXIT_WAIT_TIMEOUT_MESSAGE="Error: Script exits due to wait timeout." SCBE_CRED_YML=scbe-credentials-secret.yml +SPECTRUMSCALE_CRED_YML=spectrumscale-credentials-secret.yml UBIQUITY_DB_CRED_YML=ubiquity-db-credentials-secret.yml UBIQUITY_DEPLOY_YML=ubiquity-deployment.yml UBIQUITY_DB_DEPLOY_YML=ubiquity-db-deployment.yml @@ -289,4 +290,4 @@ function is_deployment_ok(){ [[ ${available} -ne ${replicas} ]] && return 3 # replicas not met return 0 # deployment is OK -} \ No newline at end of file +} diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh index 24fb4c4ff..34aa4b89b 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh @@ -127,6 +127,7 @@ $kubectl_delete -f $YML_DIR/${UBIQUITY_FLEX_DAEMONSET_YML} $kubectl_delete -f $YML_DIR/${UBIQUITY_DEPLOY_YML} $kubectl_delete -f ${YML_DIR}/../ubiquity-configmap.yml $kubectl_delete -f ${YML_DIR}/../${SCBE_CRED_YML} +$kubectl_delete -f ${YML_DIR}/../${SPECTRUMSCALE_CRED_YML} $kubectl_delete -f ${YML_DIR}/../${UBIQUITY_DB_CRED_YML} $kubectl_delete -f $YML_DIR/ubiquity-service.yml $kubectl_delete -f $YML_DIR/ubiquity-db-service.yml diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/storage-class-spectrumscale.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/storage-class-spectrumscale.yml new file mode 100644 index 000000000..257718927 --- /dev/null +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/storage-class-spectrumscale.yml @@ -0,0 +1,14 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: "STORAGE_CLASS_NAME_VALUE" + labels: + product: ibm-storage-enabler-for-containers +# annotations: +# storageclass.beta.kubernetes.io/is-default-class: "true" +provisioner: "ubiquity/flex" +parameters: + backend: "spectrum-scale" + filesystem: "SPECTRUMSCALE_DEFAULT_FILESYSTEM_NAME_VALUE" + fileset-type: "dependent" + type: fileset diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-deployment.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-deployment.yml index 5ffdfe9b4..80624c83a 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-deployment.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-deployment.yml @@ -21,17 +21,17 @@ spec: env: ### Spectrum Connect(previously known as SCBE) connectivity parameters: ############################################# - - name: SCBE_USERNAME - valueFrom: - secretKeyRef: - name: scbe-credentials - key: username - - - name: SCBE_PASSWORD - valueFrom: - secretKeyRef: - name: scbe-credentials - key: password +# SCBE Credentials # - name: SCBE_USERNAME +# SCBE Credentials # valueFrom: +# SCBE Credentials # secretKeyRef: +# SCBE Credentials # name: scbe-credentials +# SCBE Credentials # key: username + +# SCBE Credentials # - name: SCBE_PASSWORD +# SCBE Credentials # valueFrom: +# SCBE Credentials # secretKeyRef: +# SCBE Credentials # name: scbe-credentials +# SCBE Credentials # key: password - name: SCBE_SSL_MODE # Values : require/verify-full valueFrom: @@ -85,7 +85,46 @@ spec: name: ubiquity-configmap key: IBM-UBIQUITY-DB-PV-NAME + ### Ubiquity Spectrum Scale backend parameters: + ##################################### +# SPECTRUMSCALE Credentials # - name: SPECTRUMSCALE_REST_USER +# SPECTRUMSCALE Credentials # valueFrom: +# SPECTRUMSCALE Credentials # secretKeyRef: +# SPECTRUMSCALE Credentials # name: spectrumscale-credentials +# SPECTRUMSCALE Credentials # key: username + +# SPECTRUMSCALE Credentials # - name: SPECTRUMSCALE_REST_PASSWORD +# SPECTRUMSCALE Credentials # valueFrom: +# SPECTRUMSCALE Credentials # secretKeyRef: +# SPECTRUMSCALE Credentials # name: spectrumscale-credentials +# SPECTRUMSCALE Credentials # key: password + + - name: SPECTRUMSCALE_MANAGEMENT_IP + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SPECTRUMSCALE-MANAGEMENT-IP + + - name: SPECTRUMSCALE_MANAGEMENT_PORT + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SPECTRUMSCALE-MANAGEMENT-PORT + + - name: SPECTRUMSCALE_DEFAULT_FILESYSTEM_NAME + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SPECTRUMSCALE-DEFAULT-FILESYSTEM-NAME + + - name: SPECTRUMSCALE_FORCE_DELETE + value: "true" + - name: SPECTRUMSCALE_SSL_MODE + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SSL-MODE ### Ubiquity generic parameters: ################################ @@ -99,9 +138,12 @@ spec: value: "9999" - name: LOG_PATH # Ubiquity log file directory value: "/tmp" - - name: DEFAULT_BACKEND # "IBM Storage Enabler for Containers" supports "scbe" (Spectrum Connect) as its backend. - value: "scbe" + - name: DEFAULT_BACKEND + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: DEFAULT-BACKEND ### Ubiquity DB parameters: @@ -164,6 +206,7 @@ spec: # Cert # items: # Cert # - key: ubiquity-db-trusted-ca.crt # Cert # path: ubiquity-db-trusted-ca.crt -# Cert # - key: scbe-trusted-ca.crt -# Cert # path: scbe-trusted-ca.crt - +# SCBE Cert # - key: scbe-trusted-ca.crt +# SCBE Cert # path: scbe-trusted-ca.crt +# SPECTRUMSCALE Cert # - key: scbe-trusted-ca.crt +# SPECTRUMSCALE Cert # path: scbe-trusted-ca.crt diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-flex-daemonset.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-flex-daemonset.yml index 001acc352..64f4eb9f6 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-flex-daemonset.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-flex-daemonset.yml @@ -49,17 +49,17 @@ spec: name: ubiquity-configmap key: LOG-LEVEL - - name: UBIQUITY_USERNAME - valueFrom: - secretKeyRef: - name: scbe-credentials - key: username - - - name: UBIQUITY_PASSWORD - valueFrom: - secretKeyRef: - name: scbe-credentials - key: password +# SCBE Credentials # - name: UBIQUITY_USERNAME +# SCBE Credentials # valueFrom: +# SCBE Credentials # secretKeyRef: +# SCBE Credentials # name: scbe-credentials +# SCBE Credentials # key: username + +# SCBE Credentials # - name: UBIQUITY_PASSWORD +# SCBE Credentials # valueFrom: +# SCBE Credentials # secretKeyRef: +# SCBE Credentials # name: scbe-credentials +# SCBE Credentials # key: password - name: UBIQUITY_PLUGIN_SSL_MODE # require / verify-full valueFrom: diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml index 4c59d0611..92858b1c5 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml @@ -35,17 +35,17 @@ spec: name: ubiquity-configmap key: LOG-LEVEL - - name: UBIQUITY_USERNAME - valueFrom: - secretKeyRef: - name: scbe-credentials - key: username +# SCBE Credentials # - name: UBIQUITY_USERNAME +# SCBE Credentials # valueFrom: +# SCBE Credentials # secretKeyRef: +# SCBE Credentials # name: scbe-credentials +# SCBE Credentials # key: username - - name: UBIQUITY_PASSWORD - valueFrom: - secretKeyRef: - name: scbe-credentials - key: password +# SCBE Credentials # - name: UBIQUITY_PASSWORD +# SCBE Credentials # valueFrom: +# SCBE Credentials # secretKeyRef: +# SCBE Credentials # name: scbe-credentials +# SCBE Credentials # key: password - name: UBIQUITY_PLUGIN_SSL_MODE # require / verify-full valueFrom: diff --git a/scripts/setup_flex.sh b/scripts/setup_flex.sh index 7e2136202..106771af2 100755 --- a/scripts/setup_flex.sh +++ b/scripts/setup_flex.sh @@ -36,8 +36,9 @@ function generate_flex_conf_from_envs_and_install_it() function missing_env() { echo "Error: missing environment variable $1"; exit 1; } # Mandatory environment variable - [ -z "$UBIQUITY_USERNAME" ] && missing_env UBIQUITY_USERNAME || : - [ -z "$UBIQUITY_PASSWORD" ] && missing_env UBIQUITY_PASSWORD || : + # UBIQUITY_USERNAME and UBIQUITY_PASSWORD are not mandatory for Spectrum Scale hence commented + #[ -z "$UBIQUITY_USERNAME" ] && missing_env UBIQUITY_USERNAME || : + #[ -z "$UBIQUITY_PASSWORD" ] && missing_env UBIQUITY_PASSWORD || : [ -z "$UBIQUITY_IP_ADDRESS" ] && missing_env UBIQUITY_IP_ADDRESS || : # Other environment variable with default values @@ -153,4 +154,4 @@ tail -F ${FLEX_LOG_DIR}/${DRIVER}.log & while : ; do sleep 86400 # every 24 hours -done \ No newline at end of file +done From d3ed5e99cacdb6ad0052271759d3b6c396e790e1 Mon Sep 17 00:00:00 2001 From: shay-berman Date: Sun, 4 Nov 2018 15:32:15 +0200 Subject: [PATCH 21/47] UB-1535: fix merge PR 215 (#225) By mistake I merged https://github.com/IBM/ubiquity-k8s/pull/215 without github squash commits and without rebase before. So this commit fix this gap (instead of doing some reverts in dev, we decided to just fix it by this commit) --- .../ubiquity_installer.sh | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index 2b03b767a..d5ab1d371 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -36,10 +36,7 @@ # # Installation # 1. Install IBM Storage Enabler for Containers by running this command: -# $> ./ubiquity_installer.sh -s install -k < Kubernetes configuration file >. -# Note: ubiqutiy-k8s-provisioner uses the Kubernetes configuration file(given by -k flag) to access the Kubernetes API server. -# Usually, Kubernetes configuration file is located either in the ~/.kube/config or /etc/kubernetes directory. -# +# $> ./ubiquity_installer.sh -s install # ------------------------------------------------------------------------- function usage() @@ -52,7 +49,7 @@ USAGE $cmd -s Replace the placeholders from -c in the relevant yml files. Flag -c is mandatory for this step -s install [-n ] - Installs all $PRODUCT_NAME components in orderly fashion (except for ubiquity-db). + Installs all $PRODUCT_NAME components in orderly fashion Flag -n . By default, it is \"ubiquity\" namespace. Steps required for SSL_MODE=verify-full: @@ -95,6 +92,13 @@ function install() echo "Starting installation \"$PRODUCT_NAME\"..." echo "Installing on the namespace [$NS]." + # Check for backend to be installed and restrict more than one backend installation + backend_from_configmap=$(find_backend_from_configmap) + if [ "$backend_from_configmap" == "spectrumscale;spectrumconnect" ]; then + echo "ERROR: Both backends(scbe and spectrumscale) cannot be installed on same cluster at the same time." + exit 2 + fi + create_only_namespace_and_services create_configmap_and_credentials_secrets @@ -330,8 +334,6 @@ function create-services() echo " $> $0 -s create-secrets-for-certificates -t -n $NS" echo " Complete the installation:" echo " (1) $> $0 -s install -n $NS" - echo " (2) Manually restart kubelet service on all kubernetes nodes to reload the new FlexVolume driver" - echo " (3) $> $0 -s create-ubiquity-db -n $NS" echo "" } @@ -568,7 +570,6 @@ YML_DIR="$scripts/yamls" SANITY_YML_DIR="$scripts/yamls/sanity_yamls" UTILS=$scripts/ubiquity_lib.sh UBIQUITY_DB_PVC_NAME=ibm-ubiquity-db -K8S_CONFIGMAP_FOR_PROVISIONER=k8s-config steps="update-ymls install create-services create-secrets-for-certificates" [ ! -f $UTILS ] && { echo "Error: $UTILS file is not found"; exit 3; } From d8942dcf11f6a032255c4f5a6e00c35750acb339 Mon Sep 17 00:00:00 2001 From: olgashtivelman <33713489+olgashtivelman@users.noreply.github.com> Date: Wed, 7 Nov 2018 10:38:45 +0200 Subject: [PATCH 22/47] Fix/ub-1432 : check correctly pv existance during uninstall (#246) during ubiquity in install process we are waiting for all objects to be deleted. one of them is the PV object. the problem is that there are currently some cases which cause the PV to remain in kuberentes even though the PVC is deleted (idempotent delete issue) because of this it is needed to find another way to get the PV name instead of getting it from the PVC as we do now. so the solution here was to use the name in the ubiquity-configmap to check if a PV with this name remains. if the PV is still there we will stop the un-install process on this step no matter how many times it was invoked by the user until someone will intervene and remove the PV and fix the issue. --- .../ubiquity_uninstall.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh index bd308269f..3fbea392f 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh @@ -108,14 +108,13 @@ if kubectl get $nsf deployment ubiquity-db >/dev/null 2>&1; then wait_for_item_to_delete deployment ubiquity-db 10 4 "" $NS wait_for_item_to_delete pod "ubiquity-db-" 10 4 regex $NS # to match the prefix of the pod fi -pvname=`kubectl get $nsf pvc ${UBIQUITY_DB_PVC_NAME} --no-headers -o custom-columns=name:spec.volumeName` $kubectl_delete -f ${YML_DIR}/ubiquity-db-pvc.yml -echo "Waiting for PVC ${UBIQUITY_DB_PVC_NAME} and PV $pvname to be deleted, before deleting Ubiquity and Provisioner." +echo "Waiting for PVC ${UBIQUITY_DB_PVC_NAME} to be deleted, before deleting Ubiquity and Provisioner." wait_for_item_to_delete pvc ${UBIQUITY_DB_PVC_NAME} 10 3 "" $NS +pvname=`kubectl get -n ubiquity cm/ubiquity-configmap -o jsonpath="{.data['IBM-UBIQUITY-DB-PV-NAME']}"` +echo "Waiting for PV $pvname to be deleted, before deleting Ubiquity and Provisioner." [ -n "$pvname" ] && wait_for_item_to_delete pv $pvname 10 3 "" $NS - - # Second phase: Delete all the stateless components $kubectl_delete -f ${YML_DIR}/storage-class.yml $kubectl_delete -f $YML_DIR/${UBIQUITY_PROVISIONER_DEPLOY_YML} From ff001d11a591d2d26e81a473bc11430de049f316 Mon Sep 17 00:00:00 2001 From: shay-berman Date: Wed, 7 Nov 2018 14:33:54 +0200 Subject: [PATCH 23/47] Feature/UB-1603 Adding provisioner ServiceAccount and RBAC into helm chart (#247) Add provisioner service account, clusterRoles and clusterRoleBinding into the new helm chart (there is no more need for dedicated k8s-config file\configmap) In addition this commit drop the use of KUBECONFIG env in the provisioner, so the provisioner can get access to API server only via service account (no option to bring your own k8s config file any more). --- cmd/provisioner/main/main.go | 18 ++++-------- .../templates/k8s-config-configmap.yml | 10 ------- ...ty-k8s-provisioner-clusterrolebindings.yml | 16 +++++++++++ .../ubiquity-k8s-provisioner-clusterroles.yml | 28 +++++++++++++++++++ .../ubiquity-k8s-provisioner-deployment.yml | 15 ++-------- ...biquity-k8s-provisioner-serviceaccount.yml | 9 ++++++ .../values.yaml | 8 ------ .../ubiquity-k8s-provisioner-deployment.yml | 3 -- 8 files changed, 61 insertions(+), 46 deletions(-) delete mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/k8s-config-configmap.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-clusterrolebindings.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-clusterroles.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-serviceaccount.yml diff --git a/cmd/provisioner/main/main.go b/cmd/provisioner/main/main.go index b3e9a279f..b02e29330 100644 --- a/cmd/provisioner/main/main.go +++ b/cmd/provisioner/main/main.go @@ -19,6 +19,7 @@ package main import ( "fmt" + "flag" k8sresources "github.com/IBM/ubiquity-k8s/resources" k8sutils "github.com/IBM/ubiquity-k8s/utils" "github.com/IBM/ubiquity-k8s/volume" @@ -28,28 +29,24 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" - "k8s.io/client-go/tools/clientcmd" "os" - "flag" ) var ( provisioner = k8sresources.ProvisionerName - configFile = os.Getenv("KUBECONFIG") ) func main() { /* this is fixing an existing issue with glog in kuberenetes in version 1.9 - if we ever move to a newer code version this can be removed. - */ + if we ever move to a newer code version this can be removed. + */ flag.CommandLine.Parse([]string{}) ubiquityConfig, err := k8sutils.LoadConfig() if err != nil { panic(fmt.Errorf("Failed to load config %#v", err)) } - fmt.Printf("Starting ubiquity plugin with %s config file\n", configFile) err = os.MkdirAll(ubiquityConfig.LogPath, 0640) if err != nil { @@ -63,14 +60,9 @@ func main() { var config *rest.Config - if configFile != "" { - logger.Printf("Uses k8s configuration file name %s", configFile) - config, err = clientcmd.BuildConfigFromFlags("", configFile) - } else { - config, err = rest.InClusterConfig() - } + config, err = rest.InClusterConfig() if err != nil { - panic(fmt.Sprintf("Failed to create config: %v", err)) + panic(fmt.Sprintf("Failed to create k8s InClusterConfig: %v", err)) } clientset, err := kubernetes.NewForConfig(config) if err != nil { diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/k8s-config-configmap.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/k8s-config-configmap.yml deleted file mode 100644 index 561d0eedf..000000000 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/k8s-config-configmap.yml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: k8s-config - labels: - product: ibm-storage-enabler-for-containers -data: - # TODO later on we will replace this with service account and RBAC, but for phase1 its good enough - config: | -{{ .Files.Get "config" | indent 4 }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-clusterrolebindings.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-clusterrolebindings.yml new file mode 100644 index 000000000..d70f52495 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-clusterrolebindings.yml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ubiquity-k8s-provisioner + labels: + product: ibm-storage-enabler-for-containers + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: ubiquity-k8s-provisioner + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: ubiquity-k8s-provisioner + apiGroup: rbac.authorization.k8s.io diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-clusterroles.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-clusterroles.yml new file mode 100644 index 000000000..8e83aa46f --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-clusterroles.yml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ubiquity-k8s-provisioner + labels: + product: ibm-storage-enabler-for-containers + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + # Needed for ubiquity provisioner in order to manage PVs. + + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + # Needed for ubiquity provisioner in order to manage PVCs. + + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + # Needed for ubiquity provisioner as part of the provisioning of PVCs. + + - apiGroups: [""] + resources: ["events"] + verbs: ["watch", "create", "list", "update", "patch"] + # Needed for ubiquity provisioner in order to manage PVC events. diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml index 5a9835dc3..8dae1de69 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml @@ -12,6 +12,7 @@ spec: app: ubiquity-k8s-provisioner product: ibm-storage-enabler-for-containers spec: + serviceAccount: ubiquity-k8s-provisioner # In order to get the server API token from the service account. containers: - name: ubiquity-k8s-provisioner image: {{ .Values.images.provisioner }} @@ -20,21 +21,19 @@ spec: value: "ubiquity" - name: UBIQUITY_PORT # Ubiquity port, should point to the ubiquity service port value: "9999" - - name: KUBECONFIG - value: "/tmp/k8sconfig/config" - name: RETRIES # number of retries on failure value: "1" - name: LOG_PATH # provisioner log file directory value: "/tmp" - name: BACKENDS # "IBM Storage Enabler for Containers" supports "scbe" (IBM Spectrum Connect) as its backend. value: "scbe" - - name: LOG_LEVEL # debug / info / error valueFrom: configMapKeyRef: name: ubiquity-configmap key: LOG-LEVEL + # TODO : For Scale support we should choose the right credential - name: UBIQUITY_USERNAME valueFrom: secretKeyRef: @@ -53,20 +52,12 @@ spec: name: ubiquity-configmap key: SSL-MODE - volumeMounts: - - name: k8s-config - mountPath: /tmp/k8sconfig {{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} + volumeMounts: - name: ubiquity-public-certificates mountPath: /var/lib/ubiquity/ssl/public readOnly: true -{{ end }} - volumes: - - name: k8s-config - configMap: - name: k8s-config -{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} - name: ubiquity-public-certificates configMap: name: ubiquity-public-certificates diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-serviceaccount.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-serviceaccount.yml new file mode 100644 index 000000000..44742e2f4 --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-serviceaccount.yml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ubiquity-k8s-provisioner + labels: + product: ibm-storage-enabler-for-containers + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + diff --git a/helm_chart/ibm_storage_enabler_for_containers/values.yaml b/helm_chart/ibm_storage_enabler_for_containers/values.yaml index 7e8e95174..342f2cbe4 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/values.yaml +++ b/helm_chart/ibm_storage_enabler_for_containers/values.yaml @@ -65,11 +65,3 @@ genericConfig: # Username and password for the deployment of ubiquity-db database. Note : Do not use the "postgres" username, because it already exists. username: password: - -# k8sApiServerAccess: -# # The provisioner will use it to access API server in order to create\delete\view PVCs -# -# # server from the .kube/config -# server: -# # token from kubectl -n default get secret $(kubectl -n default get secret | grep service-account | awk '{print $1}') -o yaml | grep token: | awk '{print $2}' | base64 -d -# token: diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml index eaeca1649..7b2435598 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-provisioner-deployment.yml @@ -21,15 +21,12 @@ spec: value: "ubiquity" - name: UBIQUITY_PORT # Ubiquity port, should point to the ubiquity service port value: "9999" - - name: KUBECONFIG # A file path to k8s config file that will be used by the provisioner to access API server for PVC managment. If empty the provisioner will use the pod spec service account token instead of dedicated file. - value: "" # No need to use ubiquity-configmap because its a deprecated option. We moved to service account. - name: RETRIES # number of retries on failure value: "1" - name: LOG_PATH # provisioner log file directory value: "/tmp" - name: BACKENDS # "IBM Storage Enabler for Containers" supports "scbe" (IBM Spectrum Connect) as its backend. value: "scbe" - - name: LOG_LEVEL # debug / info / error valueFrom: configMapKeyRef: From 07da3c01db8d1772ae9d5e97476ca82bdeb951b7 Mon Sep 17 00:00:00 2001 From: olgashtivelman <33713489+olgashtivelman@users.noreply.github.com> Date: Sun, 11 Nov 2018 12:54:15 +0200 Subject: [PATCH 24/47] Fix/ub 1671 idempotent issues in delete (#249) in this PR the idempotent issues in the delete request are fixed. the issues are as follows: (in delete volume function in the provisioner) in get volume if volume does not exist error is returned then the operation should return success. comment : an assumption is made that if a volume is removed from the DB then it is definitely removed from the storage since the removal from the DB is the latter operation. --- volume/provision.go | 9 +++++++-- volume/provision_test.go | 9 +++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/volume/provision.go b/volume/provision.go index 880362de0..992e0a634 100644 --- a/volume/provision.go +++ b/volume/provision.go @@ -194,9 +194,14 @@ func (p *flexProvisioner) Delete(volume *v1.PersistentVolume) error { getVolumeRequest := resources.GetVolumeRequest{Name: volume.Name, Context: requestContext} volume, err := p.ubiquityClient.GetVolume(getVolumeRequest) if err != nil { - fmt.Printf("error-retrieving-volume-info") - return err + if strings.Contains(err.Error(), resources.VolumeNotFoundErrorMsg){ + p.logger.Warning("Idempotent issue while deleting volume : volume was not found in ubiquity DB", logs.Args{{"volume name", volume.Name}}) + return nil + } else{ + return p.logger.ErrorRet(err, "error retreiving volume information.", logs.Args{{"volume name", volume.Name}}) + } } + removeVolumeRequest := resources.RemoveVolumeRequest{Name: volume.Name, Context: requestContext} err = p.ubiquityClient.RemoveVolume(removeVolumeRequest) if err != nil { diff --git a/volume/provision_test.go b/volume/provision_test.go index c7492f7c9..2df6055c6 100644 --- a/volume/provision_test.go +++ b/volume/provision_test.go @@ -89,6 +89,15 @@ var _ = Describe("Provisioner", func() { Expect(err).ToNot(HaveOccurred()) Expect(fakeClient.RemoveVolumeCallCount()).To(Equal(1)) }) + It("succeeds when volume wasnot found in ubiquity DB", func() { + fakeClient.GetVolumeReturns(resources.Volume{}, &resources.VolumeNotFoundError{"vol1"}) + objectMeta := metav1.ObjectMeta{Name: "vol1"} + volume := v1.PersistentVolume{ObjectMeta: objectMeta} + err = provisioner.Delete(&volume) + Expect(err).ToNot(HaveOccurred()) + Expect(fakeClient.GetVolumeCallCount()).To(Equal(1)) + Expect(fakeClient.RemoveVolumeCallCount()).To(Equal(0)) + }) }) }) From 28cc0bfb079071683ff8dc91bda5ea633a11509a Mon Sep 17 00:00:00 2001 From: Deepak Ghuge Date: Mon, 12 Nov 2018 23:26:08 +0530 Subject: [PATCH 25/47] Spectrumscale template (#252) Added template for Spectrum Scale storage class. Added comments in the sanity-pvc yaml and pvc-template yaml. Removed the SPECTRUMSCALE-SSL-MODE as it was not referred in the installer. --- glide.yaml | 2 +- .../ubiquity-configmap.yml | 3 --- .../ubiquity_installer.sh | 1 - .../ubiquity_installer_scale.conf | 3 --- .../yamls/sanity_yamls/sanity-pvc.yml | 3 ++- .../yamls/templates/pvc-template.yml | 7 ++++--- .../storage-class-spectrumscale-template.yml | 20 +++++++++++++++++++ 7 files changed, 27 insertions(+), 12 deletions(-) create mode 100644 scripts/installer-for-ibm-storage-enabler-for-containers/yamls/templates/storage-class-spectrumscale-template.yml diff --git a/glide.yaml b/glide.yaml index de4a881fa..d4c0147cd 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: ae6a0a55dd776cfac7fa96c973b9f7691e2c6e2a + version: 593eab53c734ef364a7f8871651d1ab3ce5f0188 subpackages: - remote - resources diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml index 964766c2f..cb59fc0a8 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml @@ -38,9 +38,6 @@ data: # Default Filesystem for creating pvc SPECTRUMSCALE-DEFAULT-FILESYSTEM-NAME: "SPECTRUMSCALE_DEFAULT_FILESYSTEM_NAME_VALUE" - # SSL verification mode for communication between Ubiquity and Spectrum Scale GUI. Allowed values: require (no validation is required) and verify-full (user-provided certificates). - SPECTRUMSCALE-SSL-MODE: "SPECTRUMSCALE_SSL_MODE_VALUE" - # Default Ubiquity Backend DEFAULT-BACKEND: "DEFAULT_BACKEND_VALUE" diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index d5ab1d371..c035faa9b 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -200,7 +200,6 @@ function update-ymls() KEY_FILE_DICT['SPECTRUMSCALE_MANAGEMENT_IP_VALUE']="${UBIQUITY_CONFIGMAP_YML}" KEY_FILE_DICT['SPECTRUMSCALE_MANAGEMENT_PORT_VALUE']="${UBIQUITY_CONFIGMAP_YML}" KEY_FILE_DICT['SPECTRUMSCALE_DEFAULT_FILESYSTEM_NAME_VALUE']="${UBIQUITY_CONFIGMAP_YML}" - KEY_FILE_DICT['SPECTRUMSCALE_SSL_MODE_VALUE']="${UBIQUITY_CONFIGMAP_YML}" base64_placeholders="UBIQUITY_DB_USERNAME_VALUE UBIQUITY_DB_PASSWORD_VALUE UBIQUITY_DB_NAME_VALUE SCBE_USERNAME_VALUE SCBE_PASSWORD_VALUE SPECTRUMSCALE_USERNAME_VALUE SPECTRUMSCALE_PASSWORD_VALUE" diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf index 27b10252b..2da1d3042 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf @@ -26,9 +26,6 @@ SPECTRUMSCALE_MANAGEMENT_PORT_VALUE=443 # Default Filesystem for creating pvc SPECTRUMSCALE_DEFAULT_FILESYSTEM_NAME_VALUE=VALUE -# SSL verification mode for communication between Ubiquity and Spectrum Scale GUI. Allowed values: require (no validation is required) and verify-full (user-provided certificates). -SPECTRUMSCALE_SSL_MODE_VALUE=VALUE - # Ubiquity database PV name. For Spectrum Virtualize and Spectrum Accelerate, use default value "ibm-ubiquity-db". IBM_UBIQUITY_DB_PV_NAME_VALUE=ibm-ubiquity-db diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/sanity_yamls/sanity-pvc.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/sanity_yamls/sanity-pvc.yml index f17ed8d52..8b376a273 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/sanity_yamls/sanity-pvc.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/sanity_yamls/sanity-pvc.yml @@ -6,7 +6,8 @@ metadata: volume.beta.kubernetes.io/storage-class: "STORAGE_CLASS_NAME_VALUE" spec: accessModes: - - ReadWriteOnce # Currently Ubiquity scbe backend supports only ReadWriteOnce mode + - ReadWriteOnce # Currently Ubiquity scbe backend supports only ReadWriteOnce mode. + # Ubiquity Spectrum Scale backend supports ReadWriteOnce and ReadWriteMany mode. resources: requests: storage: 1Gi # Size in Gi unit only diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/templates/pvc-template.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/templates/pvc-template.yml index bb3a0483c..792c95034 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/templates/pvc-template.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/templates/pvc-template.yml @@ -11,13 +11,14 @@ metadata: # NOTE : User label only if you want to set the PV name (the default is PV=PVC-ID) # ------ #labels: - # pv-name: "ibm-ubiquity-db" # Ubiquity provisioner will create a PV with ibm-ubiquity-db instead of PVC-ID. + # pv-name: "" # Ubiquity provisioner will create a PV with instead of PVC-ID. spec: # NOTE : Use storageClassName only in k8s version 1.6+. For lower versions uses volume.beta.kubernetes.io/storage-class storageClassName: accessModes: - - ReadWriteOnce + - ReadWriteOnce # Currently Ubiquity scbe backend supports only ReadWriteOnce mode. + # Ubiquity Spectrum Scale backend supports ReadWriteOnce and ReadWriteMany mode. resources: requests: - storage: Gi \ No newline at end of file + storage: Gi diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/templates/storage-class-spectrumscale-template.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/templates/storage-class-spectrumscale-template.yml new file mode 100644 index 000000000..caa1c5966 --- /dev/null +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/templates/storage-class-spectrumscale-template.yml @@ -0,0 +1,20 @@ +# This is an IBM Storage Enabler for Containers Storage Class template. +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: "" + labels: + product: ibm-storage-enabler-for-containers +# annotations: +# storageclass.beta.kubernetes.io/is-default-class: "true" +#reclaimPolicy: "Retain" # Optional, Values: Delete[default] or Retain +provisioner: "ubiquity/flex" +parameters: + backend: "spectrum-scale" + filesystem: "" + type: "fileset" +# fileset-type: "" # Optional, Values: Independent[default] or dependent +# uid: "" # Optional +# gid: "" # Optional +# inode-limit: "" # Optional +# fileset: "" # Optional From f58be8be321c90e125bc14db39feeb6eca97b425 Mon Sep 17 00:00:00 2001 From: shay-berman Date: Thu, 15 Nov 2018 13:50:12 +0200 Subject: [PATCH 26/47] Feature/UB-1602 integrate Scale in the new helm chart (#248) UB-1602 : Support Spectrum Scale inside helm chart * if scale backend selected then only the scale specific params (configmap\flex\provisioner and ubiqutiy objects) will be defined in the templates and also only backend specific objects(storage class and secret) will be defined based on backend type. The same apply to spectrum connect backend type. Distinguish by {{ if .Values.spectrumConnect }} and {{ if .Values.spectrumScale }} * Create credential secret and storage class dedicated for Spectrum Scale * sslMode moved to generic section and align all if statement according Other items: * Add to Chart the maintainers, versions and sources. * Align the original installer config file to use v2.0.0 * Allow to set flex Tolerations and db NodeSelector * Set storage class in PVC using v1 spec storageClassName vs old annotation volume.beta.kubernetes.io/storage-class. * Align all Olga and Deepak code review comments (clearer if else states, allow to set storageclass as default, add empty line in EOF and more) --- .../Chart.yaml | 11 ++- .../templates/scbe-credentials-secret.yml | 2 + .../spectrumscale-credentials-secret.yml | 16 +++++ .../templates/storage-class-spectrumscale.yml | 18 +++++ .../templates/storage-class.yml | 10 ++- .../templates/ubiquity-configmap.yml | 38 +++++++++-- .../templates/ubiquity-db-deployment.yml | 12 ++-- .../templates/ubiquity-db-pvc.yml | 16 +++-- .../templates/ubiquity-deployment.yml | 68 ++++++++++++++++--- .../templates/ubiquity-k8s-flex-daemonset.yml | 32 +++++---- .../ubiquity-k8s-provisioner-deployment.yml | 9 +-- ...biquity-k8s-provisioner-serviceaccount.yml | 1 - .../values.yaml | 46 ++++++++++++- .../ubiquity_installer.conf | 8 +-- .../ubiquity_installer_scale.conf | 8 +-- 15 files changed, 238 insertions(+), 57 deletions(-) create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/spectrumscale-credentials-secret.yml create mode 100644 helm_chart/ibm_storage_enabler_for_containers/templates/storage-class-spectrumscale.yml diff --git a/helm_chart/ibm_storage_enabler_for_containers/Chart.yaml b/helm_chart/ibm_storage_enabler_for_containers/Chart.yaml index b502be165..993ef7787 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/Chart.yaml +++ b/helm_chart/ibm_storage_enabler_for_containers/Chart.yaml @@ -1,5 +1,12 @@ apiVersion: v1 -appVersion: "1.0" description: A Helm chart for IBM Storage Enabler for Containers name: ibm-storage-enalber-for-containers -version: 2.0.0 +version: 1.0.0 +appVersion: 2.0.0 +sources: + - https://github.com/ibm/ubiquity-k8s +maintainers: + - name: Shay Berman + email: bshay@il.ibm.com + - name: Guang Jiong GJ Lou + email: luogj@cn.ibm.com diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml index 4da97a824..02bc340dd 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml @@ -1,3 +1,4 @@ +{{- if .Values.spectrumConnect }} apiVersion: v1 kind: Secret metadata: @@ -12,3 +13,4 @@ data: # Base64-encoded password defined for the IBM Storage Enabler for Containers interface in Spectrum Connect. password: {{ .Values.spectrumConnect.connectionInfo.password | b64enc | quote }} +{{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/spectrumscale-credentials-secret.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/spectrumscale-credentials-secret.yml new file mode 100644 index 000000000..d208ae68f --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/spectrumscale-credentials-secret.yml @@ -0,0 +1,16 @@ +{{- if .Values.spectrumScale }} +apiVersion: v1 +kind: Secret +metadata: + name: spectrumscale-credentials + labels: + product: ibm-storage-enabler-for-containers +# Spectrum Scale management API Server(GUI) credentials needed for ubiquity. +type: Opaque +data: + # Base64-encoded username defined for Spectrum Scale system + username: {{ .Values.spectrumScale.connectionInfo.username | b64enc | quote }} + + # Base64-encoded password defined for Spectrum Scale system + password: {{ .Values.spectrumScale.connectionInfo.password | b64enc | quote }} +{{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class-spectrumscale.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class-spectrumscale.yml new file mode 100644 index 000000000..13426c35f --- /dev/null +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class-spectrumscale.yml @@ -0,0 +1,18 @@ +{{- if .Values.spectrumScale }} +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ .Values.spectrumScale.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote }} + labels: + product: ibm-storage-enabler-for-containers +{{- if .Values.spectrumScale.backendConfig.dbPvConfig.storageClassForDbPv.defaultClass }} + annotations: + storageclass.kubernetes.io/is-default-class: "true" +{{- end }} +provisioner: "ubiquity/flex" +parameters: + backend: "spectrum-scale" + filesystem: {{ .Values.spectrumScale.backendConfig.defaultFilesystemName | quote }} + fileset-type: "dependent" + type: fileset +{{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml index 79f5807d4..60d8d4de1 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml @@ -1,13 +1,17 @@ +{{- if .Values.spectrumConnect }} kind: StorageClass apiVersion: storage.k8s.io/v1beta1 metadata: name: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote }} labels: product: ibm-storage-enabler-for-containers -# annotations: -# storageclass.beta.kubernetes.io/is-default-class: "true" +{{- if .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.defaultClass }} + annotations: + storageclass.kubernetes.io/is-default-class: "true" +{{- end }} provisioner: "ubiquity/flex" parameters: profile: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.params.spectrumConnectServiceName | quote }} fstype: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.params.fsType | quote }} # xfs or ext4 - backend: "scbe" \ No newline at end of file + backend: "scbe" +{{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml index 682281590..233a4ea9a 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml @@ -8,6 +8,7 @@ metadata: data: # The keys below are used by ubiquity deployment # ----------------------------------------------- +{{- if .Values.spectrumConnect }} # IP or FQDN of Spectrum Connect(previously known as SCBE) server. SCBE-MANAGEMENT-IP: {{ .Values.spectrumConnect.connectionInfo.fqdn | quote }} @@ -26,8 +27,36 @@ data: # File system type. Optional parameter with two allowed values: ext4 or xfs. Default value is ext4. DEFAULT-FSTYPE: {{ .Values.spectrumConnect.backendConfig.newVolumeDefaults.fsType | quote }} + # Allowed values: true or false. Set to true if the nodes have FC connectivity. + SKIP-RESCAN-ISCSI: {{ .Values.spectrumConnect.backendConfig.skipRescanIscsi | quote }} + + # Default Ubiquity Backend + DEFAULT-BACKEND: scbe + # DB pv name. IBM-UBIQUITY-DB-PV-NAME: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.ubiquityDbPvName | quote }} +{{- end }} + + + +{{- if .Values.spectrumScale }} + # IP or FQDN of Spectrum Scale Management API server(GUI). + SPECTRUMSCALE-MANAGEMENT-IP: {{ .Values.spectrumScale.connectionInfo.fqdn | quote }} + + # Communication port of Spectrum Scale Management API server(GUI). + SPECTRUMSCALE-MANAGEMENT-PORT: {{ .Values.spectrumScale.connectionInfo.port | quote }} + + # Default Filesystem for creating pvc + SPECTRUMSCALE-DEFAULT-FILESYSTEM-NAME: {{ .Values.spectrumScale.backendConfig.defaultFilesystemName | quote }} + + # Default Ubiquity Backend + DEFAULT-BACKEND: spectrum-scale + + # DB pv name. + IBM-UBIQUITY-DB-PV-NAME: {{ .Values.spectrumScale.backendConfig.dbPvConfig.ubiquityDbPvName | quote }} +{{- end }} + + # The following keys are used by ubiquity, ubiquity-k8s-provisioner deployments, And ubiquity-k8s-flex daemon-set # ---------------------------------------------------------------------------------------------------------------------------- @@ -40,15 +69,12 @@ data: # Log level. Allowed values: debug, info, error. LOG-LEVEL: {{ .Values.genericConfig.logging.logLevel | quote }} - # SSL verification mode. Allowed values: require (no validation is required) and verify-full (user-provided certificates). - SSL-MODE: {{ .Values.spectrumConnect.connectionInfo.sslMode | quote }} - # The following keys are used by the ubiquity-k8s-flex daemonset # -------------------------------------------------------------- # The IP address of the ubiquity service object. The ubiquity_installer.sh automatically updates this field during the initial installation. # The user must update this key manually if the ubiqutiy service object IP was changed. - UBIQUITY-IP-ADDRESS: {{ .Values.genericConfig.ubiquityIpAddress | quote }} + UBIQUITY-IP-ADDRESS: {{ .Values.genericConfig.ubiquityIpAddress | quote }} # TODO this should be automatically set by post hook script(different PR) - # Allowed values: true or false. Set to true if the nodes have FC connectivity. - SKIP-RESCAN-ISCSI: {{ .Values.spectrumConnect.backendConfig.skipRescanIscsi | quote }} + # SSL verification mode. Allowed values: require (no validation is required) and verify-full (user-provided certificates). + SSL-MODE: {{ .Values.genericConfig.connectionInfo.sslMode | quote }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml index 65624b43d..64e6bf81b 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml @@ -12,6 +12,10 @@ spec: app: ubiquity-db product: ibm-storage-enabler-for-containers spec: + {{- if .Values.genericConfig.ubiquityDbNodeSelector }} + nodeSelector: +{{ toYaml .Values.ubiquityDbNodeSelector | indent 8}} + {{- end }} containers: - name: ubiquity-db image: {{ .Values.images.ubiquitydb }} @@ -41,16 +45,16 @@ spec: - name: ibm-ubiquity-db mountPath: "/var/lib/postgresql/data" subPath: "ibm-ubiquity" -{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} +{{- if eq .Values.genericConfig.connectionInfo.sslMode "verify-full" }} - name: ubiquity-db-private-certificate mountPath: /var/lib/postgresql/ssl/private/ -{{ end }} +{{- end }} volumes: - name: ibm-ubiquity-db persistentVolumeClaim: claimName: ibm-ubiquity-db -{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} +{{- if (eq .Values.genericConfig.connectionInfo.sslMode "verify-full") }} - name: ubiquity-db-private-certificate secret: secretName: ubiquity-db-private-certificate @@ -61,4 +65,4 @@ spec: - key: ubiquity-db.crt path: ubiquity-db.crt mode: 0600 -{{ end }} +{{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml index de134bf3a..ef81f0253 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml @@ -2,15 +2,23 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: "ibm-ubiquity-db" - annotations: - volume.beta.kubernetes.io/storage-class: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote }} labels: - pv-name: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.ubiquityDbPvName | quote }} # Ubiquity provisioner will create a PV with dedicated name (by default its ibm-ubiquity-db) + # Ubiquity provisioner will create a PV with dedicated name (by default its ibm-ubiquity-db) + pv-name: {{ if (.Values.spectrumConnect) }} + {{- .Values.spectrumConnect.backendConfig.dbPvConfig.ubiquityDbPvName | quote -}} +{{- else if (.Values.spectrumScale) }} + {{- .Values.spectrumScale.backendConfig.dbPvConfig.ubiquityDbPvName -}} +{{- end }} product: ibm-storage-enabler-for-containers spec: + storageClassName: {{ if (.Values.spectrumConnect) }} + {{- .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote -}} +{{- else if (.Values.spectrumScale) }} + {{- .Values.spectrumScale.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote -}} +{{- end }} accessModes: - ReadWriteOnce resources: requests: - storage: 20Gi \ No newline at end of file + storage: 20Gi diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml index 75c797c49..85c6ce4af 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml @@ -19,6 +19,7 @@ spec: - containerPort: 9999 name: ubiquity-port env: +{{- if .Values.spectrumConnect }} ### Spectrum Connect(previously known as SCBE) connectivity parameters: ############################################# - name: SCBE_USERNAME @@ -78,17 +79,61 @@ spec: configMapKeyRef: name: ubiquity-configmap key: DEFAULT-FSTYPE +{{- end }} - - name: IBM_UBIQUITY_DB_PV_NAME + +{{- if .Values.spectrumScale }} + + ### Ubiquity Spectrum Scale backend parameters: + ##################################### + - name: SPECTRUMSCALE_REST_USER + valueFrom: + secretKeyRef: + name: spectrumscale-credentials + key: username + + - name: SPECTRUMSCALE_REST_PASSWORD + valueFrom: + secretKeyRef: + name: spectrumscale-credentials + key: password + + - name: SPECTRUMSCALE_MANAGEMENT_IP valueFrom: configMapKeyRef: name: ubiquity-configmap - key: IBM-UBIQUITY-DB-PV-NAME + key: SPECTRUMSCALE-MANAGEMENT-IP + + - name: SPECTRUMSCALE_MANAGEMENT_PORT + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SPECTRUMSCALE-MANAGEMENT-PORT + + - name: SPECTRUMSCALE_DEFAULT_FILESYSTEM_NAME + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SPECTRUMSCALE-DEFAULT-FILESYSTEM-NAME + - name: SPECTRUMSCALE_FORCE_DELETE + value: "true" + - name: SPECTRUMSCALE_SSL_MODE + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: SSL-MODE +{{- end }} ### Ubiquity generic parameters: ################################ + - name: IBM_UBIQUITY_DB_PV_NAME + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: IBM-UBIQUITY-DB-PV-NAME + - name: LOG_LEVEL # debug / info / error valueFrom: configMapKeyRef: @@ -100,8 +145,10 @@ spec: - name: LOG_PATH # Ubiquity log file directory value: "/tmp" - name: DEFAULT_BACKEND # "IBM Storage Enabler for Containers" supports "scbe" (Spectrum Connect) as its backend. - value: "scbe" - + valueFrom: + configMapKeyRef: + name: ubiquity-configmap + key: DEFAULT-BACKEND ### Ubiquity DB parameters: @@ -131,13 +178,13 @@ spec: name: ubiquity-db-credentials key: dbname - - name: UBIQUITY_DB_SSL_MODE # Values : require/verify-full. The default is disable # TODO verify-full + - name: UBIQUITY_DB_SSL_MODE # Values : require/verify-full. The default is disable valueFrom: configMapKeyRef: name: ubiquity-configmap key: SSL-MODE -{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} +{{- if (eq .Values.genericConfig.connectionInfo.sslMode "verify-full") }} volumeMounts: - name: ubiquity-private-certificate mountPath: /var/lib/ubiquity/ssl/private @@ -163,7 +210,12 @@ spec: items: - key: ubiquity-db-trusted-ca.crt path: ubiquity-db-trusted-ca.crt + {{- if .Values.spectrumConnect }} - key: scbe-trusted-ca.crt path: scbe-trusted-ca.crt -{{ end }} - + {{- end }} + {{- if .Values.spectrumScale }} + - key: spectrumscale-trusted-ca.crt + path: spectrumscale-trusted-ca.crt + {{- end }} +{{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml index 8e894498f..39cb3165f 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml @@ -15,12 +15,17 @@ spec: product: ibm-storage-enabler-for-containers spec: tolerations: # Create flex Pods also on master nodes (even if there are NoScheduled nodes) + {{- if .Values.genericConfig.flexTolerations }} +{{ toYaml .Values.flexTolerations | indent 6}} + {{- else }} # Some k8s versions use dedicated key for toleration of the master and some use node-role.kubernetes.io/master key. - key: dedicated operator: Exists effect: NoSchedule - key: node-role.kubernetes.io/master effect: NoSchedule + {{- end }} + containers: - name: ubiquity-k8s-flex image: {{ .Values.images.flex }} @@ -49,10 +54,11 @@ spec: name: ubiquity-configmap key: LOG-LEVEL +{{- if .Values.spectrumConnect }} - name: UBIQUITY_USERNAME valueFrom: secretKeyRef: - name: scbe-credentials + name: scbe-credentials # TODO if we want scbe-credentials not to be hardcoded then we should put here a template. key: username - name: UBIQUITY_PASSWORD @@ -61,24 +67,24 @@ spec: name: scbe-credentials key: password - - name: UBIQUITY_PLUGIN_SSL_MODE # require / verify-full + - name: SKIP_RESCAN_ISCSI # boolean valueFrom: configMapKeyRef: name: ubiquity-configmap - key: SSL-MODE + key: SKIP-RESCAN-ISCSI +{{- end }} - - name: UBIQUITY_IP_ADDRESS # The ubiquity service IP. The flex pod will update this IP inside the flex config file + - name: UBIQUITY_PLUGIN_SSL_MODE # require / verify-full valueFrom: configMapKeyRef: name: ubiquity-configmap - key: UBIQUITY-IP-ADDRESS + key: SSL-MODE - - name: SKIP_RESCAN_ISCSI # boolean + - name: UBIQUITY_IP_ADDRESS # The ubiquity service IP. The flex pod will update this IP inside the flex config file valueFrom: configMapKeyRef: name: ubiquity-configmap - key: SKIP-RESCAN-ISCSI - + key: UBIQUITY-IP-ADDRESS command: ["./setup_flex.sh"] @@ -88,11 +94,11 @@ spec: - name: flex-log-dir mountPath: {{ .Values.genericConfig.logging.flexLogDir | quote }} -{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} +{{- if (eq .Values.genericConfig.connectionInfo.sslMode "verify-full") }} - name: ubiquity-public-certificates mountPath: /var/lib/ubiquity/ssl/public readOnly: true -{{ end }} +{{- end }} volumes: - name: host-k8splugindir hostPath: @@ -101,13 +107,11 @@ spec: - name: flex-log-dir hostPath: path: {{ .Values.genericConfig.logging.flexLogDir | quote }} # This directory must exist on the host -{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} +{{- if (eq .Values.genericConfig.connectionInfo.sslMode "verify-full") }} - name: ubiquity-public-certificates configMap: name: ubiquity-public-certificates items: - key: ubiquity-trusted-ca.crt path: ubiquity-trusted-ca.crt -{{ end }} - -# nodeSelector: # use this tag to target specific nodes in the cluster for flex installation +{{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml index 8dae1de69..ed4805cc5 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml @@ -33,7 +33,7 @@ spec: name: ubiquity-configmap key: LOG-LEVEL - # TODO : For Scale support we should choose the right credential +{{- if .Values.spectrumConnect }} # TODO consider to check if the secret exist instead - name: UBIQUITY_USERNAME valueFrom: secretKeyRef: @@ -45,6 +45,7 @@ spec: secretKeyRef: name: scbe-credentials key: password +{{- end }} - name: UBIQUITY_PLUGIN_SSL_MODE # require / verify-full valueFrom: @@ -52,7 +53,8 @@ spec: name: ubiquity-configmap key: SSL-MODE -{{ if and (.Values.spectrumConnect.connectionInfo.sslMode) (eq .Values.spectrumConnect.connectionInfo.sslMode "verify-full") }} + +{{- if (eq .Values.genericConfig.connectionInfo.sslMode "verify-full") }} volumeMounts: - name: ubiquity-public-certificates mountPath: /var/lib/ubiquity/ssl/public @@ -64,5 +66,4 @@ spec: items: - key: ubiquity-trusted-ca.crt path: ubiquity-trusted-ca.crt -{{ end }} - +{{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-serviceaccount.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-serviceaccount.yml index 44742e2f4..1e160cc1d 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-serviceaccount.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-serviceaccount.yml @@ -6,4 +6,3 @@ metadata: product: ibm-storage-enabler-for-containers release: {{ .Release.Name }} heritage: {{ .Release.Service }} - diff --git a/helm_chart/ibm_storage_enabler_for_containers/values.yaml b/helm_chart/ibm_storage_enabler_for_containers/values.yaml index 342f2cbe4..f5f778f35 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/values.yaml +++ b/helm_chart/ibm_storage_enabler_for_containers/values.yaml @@ -8,6 +8,8 @@ images: provisioner: ibmcom/ibm-storage-dynamic-provisioner-for-kubernetes:2.0.0 flex: ibmcom/ibm-storage-flex-volume-for-kubernetes:2.0.0 +## IBM Storage Enabler for Containers supports one of the following backend types: spectrumConnect OR spectrumScale. +## Select a backend that you intend to use and comment out the other backend section. spectrumConnect: connectionInfo: ## IP\FQDN and port of Spectrum Connect server. @@ -18,9 +20,6 @@ spectrumConnect: username: password: - # SSL verification mode. Allowed values: require (no validation is required) and verify-full (user-provided certificates). - sslMode: require - backendConfig: # A prefix for any new volume created on the storage system. instanceName: @@ -43,14 +42,52 @@ spectrumConnect: storageClassForDbPv: # Parameters to create the first Storage Class that also be used by ubiquity for ibm-ubiquity-db PVC. + # Note: The reclaimPolicy by default is Delete. One can change it manually if needed. storageClassName: + + ## Set StorageClass as the default StorageClass. Ignored if storageClass.create is false + defaultClass: false + params: # Storage Class profile parameter should point to the Spectrum Connect storage service name spectrumConnectServiceName: # Storage Class file-system type, Allowed values: ext4 or xfs. fsType: ext4 +## IBM storage Enabler for Containers supports two backend types: spectrumConnect OR spectrumScale. +## Please choose below only one backend and comment-out the other backend section. +#spectrumScale: +# connectionInfo: +# # IP\FQDN and port of Spectrum Scale Rest Management API server. +# fqdn: +# port: +# +# # Username and password defined for IBM Storage Enabler for Containers interface in Spectrum Scale. +# username: +# password: +# +# backendConfig: +# # Default Spectrum Scale Filesystem to be Used +# defaultFilesystemName: +# +# dbPvConfig: +# ubiquityDbPvName: ibm-ubiquity-db +# +# storageClassForDbPv: +# # Parameters to create the first Storage Class that also be used by ubiquity for ibm-ubiquity-db PVC. +# # Note: The reclaimPolicy by default is Delete. One can change it manually if needed. +# storageClassName: +# +# ## Set StorageClass as the default StorageClass. Ignored if storageClass.create is false +# defaultClass: false + + + genericConfig: + connectionInfo: + # SSL verification mode. Allowed values: require (no validation is required) and verify-full (user-provided certificates). SSL mode is for all communications between [flex||provisioner]<->ubiquity<->[SpectrumConnect||SpectrumScale]. + sslMode: require + # The IP address of the ubiquity service object. # The user must update this key manually if the ubiqutiy service object IP was changed. ubiquityIpAddress: @@ -65,3 +102,6 @@ genericConfig: # Username and password for the deployment of ubiquity-db database. Note : Do not use the "postgres" username, because it already exists. username: password: + + ## Optional: to set the node selector of the ubiqutiy-db deployment + #ubiquityDbNodeSelector: diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.conf b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.conf index 7a4a34523..7706c3560 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.conf +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.conf @@ -10,10 +10,10 @@ # ---------------------------------------------------- # The Docker images of IBM Storage Enabler for Containers. -UBIQUITY_IMAGE=ibmcom/ibm-storage-enabler-for-containers:1.2.0 -UBIQUITY_DB_IMAGE=ibmcom/ibm-storage-enabler-for-containers-db:1.2.0 -UBIQUITY_K8S_PROVISIONER_IMAGE=ibmcom/ibm-storage-dynamic-provisioner-for-kubernetes:1.2.0 -UBIQUITY_K8S_FLEX_IMAGE=ibmcom/ibm-storage-flex-volume-for-kubernetes:1.2.0 +UBIQUITY_IMAGE=ibmcom/ibm-storage-enabler-for-containers:2.0.0 +UBIQUITY_DB_IMAGE=ibmcom/ibm-storage-enabler-for-containers-db:2.0.0 +UBIQUITY_K8S_PROVISIONER_IMAGE=ibmcom/ibm-storage-dynamic-provisioner-for-kubernetes:2.0.0 +UBIQUITY_K8S_FLEX_IMAGE=ibmcom/ibm-storage-flex-volume-for-kubernetes:2.0.0 # Parameters in ubiquity-configmap.yml that impact on ubiquity deployment #----------------------------------------------------------------- diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf index 2da1d3042..d6769ca82 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer_scale.conf @@ -10,10 +10,10 @@ # ---------------------------------------------------- # The Docker images of IBM Storage Enabler for Containers. -UBIQUITY_IMAGE=ibmcom/ibm-storage-enabler-for-containers:1.2.0 -UBIQUITY_DB_IMAGE=ibmcom/ibm-storage-enabler-for-containers-db:1.2.0 -UBIQUITY_K8S_PROVISIONER_IMAGE=ibmcom/ibm-storage-dynamic-provisioner-for-kubernetes:1.2.0 -UBIQUITY_K8S_FLEX_IMAGE=ibmcom/ibm-storage-flex-volume-for-kubernetes:1.2.0 +UBIQUITY_IMAGE=ibmcom/ibm-storage-enabler-for-containers:2.0.0 +UBIQUITY_DB_IMAGE=ibmcom/ibm-storage-enabler-for-containers-db:2.0.0 +UBIQUITY_K8S_PROVISIONER_IMAGE=ibmcom/ibm-storage-dynamic-provisioner-for-kubernetes:2.0.0 +UBIQUITY_K8S_FLEX_IMAGE=ibmcom/ibm-storage-flex-volume-for-kubernetes:2.0.0 # Parameters in ubiquity-configmap.yml that impact on ubiquity deployment #----------------------------------------------------------------- From 8b8eb818a55d570fc89730a80ec762107ca7dd2a Mon Sep 17 00:00:00 2001 From: shay-berman Date: Tue, 20 Nov 2018 11:47:31 +0200 Subject: [PATCH 27/47] UB-1682: Feature/helm chart icon (#255) --- helm_chart/IBM_Spectrum_Connect_icon.png | Bin 0 -> 7734 bytes .../Chart.yaml | 1 + 2 files changed, 1 insertion(+) create mode 100644 helm_chart/IBM_Spectrum_Connect_icon.png diff --git a/helm_chart/IBM_Spectrum_Connect_icon.png b/helm_chart/IBM_Spectrum_Connect_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..8ea7e5d6940a4a7f9bda85c068cb6cc2dd394d3c GIT binary patch literal 7734 zcmeHM`9IX%+aJSZtTAG=&?1yFh$Oo<+1D{GV=1LfmZ=zI2@R5p`z~3^QWDK%DGgIo zmQkthWNXOO#KhN9W{@mdpKILD^ZX0XFV7F3*L>!Du5-?H&bgNN`#Pzv&bD&WYorkf zgq+>MeeMVZ5(|$CdIhxfCshdGM~Zy#@OcCRry+X8B8#mk2!z^@-98)7NHGDAcXnOV zvlYFMe}45?opHUMEO8TqC`Rw&@twmqB6P*AS3hseYe4VYDE614>J@9h6#)|FJLxOT zCC00)EG&2n7A~1|=R6Nf;&${HFTbL0TCcz|b`1h??hiczgLrGlL?E7EaESOvR2jsE zZG0r+t^NNuAvVyLCMd}1-Db5jB-P}OW2*Ubjg_XRyJH5Mk?Ip!E(MlRH{$i~sQErh zJ{GxCw(-WhC4rOlYQi^zUQ0G=ET^h3ts>=^$@*meu*K+yrg5Xbp?>mz^2CLkh=?<% zny@YIrIEFKvtP%|yG>x!pK1~hs4{3=GyZCcf|YQ_`Gw2Iz8$mCQuB7q`1+66^?Zu` z#y2;z#07G=dT{z9Y}8Kb!uU(=vQEHA)t3&5U<0es+bU zLU0(I5)C?MCK;=QD>Mu&KQ61>LzvB6$lsG3B|CJJET;DC)X9jlIH!$`<}1PuFyrN6 zGh%KJ=m?K?dslS@<}pExN*0qdGpjW@c=z6|XIH#q4~iEI7!-=LQAVfTlYD*>UzdNQ zQ&Og+u&vo2wz1Bf%rr4_WX2x|a!vZSmLqK4!bj@V>{Y%H>dD&cPn9Y4OxF4Rt(1~- z0F8CMYwtzrdarY~^bT1}Ip?wT%Uv|y-Q#SOXQAJ}9g?UrhguWyLoeL~^2&-hzm2d4 zffjDJIGjV|JY$jT3+5FojU<0u}AL(^>`T)c1gch;>y64>pTX@|> ztiSbWM3|5NUa8GTRu@WJtl|hOHTX#5Lg`qGECmDChm;gGGC+N9pIl{Q9{Pu3Cr^4&AIh8dLBhlM#IJm-tHz4sEAA8)GOQ z;N{7>M7G%yVs`VHptt%O{`)H}qC%q1?~?;a_w1vnf>Uk+XA?GxC*zak^E%mXtuvmb zlt#9x8982Bu~s8;R~jjTt$-W4p2-WZxj@Qf*xy-{!iF_k9SN3Glun@WhO@{v*mX5E z(O-q*nWTtW4PvX&rNjkU=`}C#0%t3#Om6=b{{q4~@72}zcP!CZqu1viOcGzyrk`x5 zzrwRRjQNQHhqkGOmOb4mpz#84kZmSouHY{h`#Cerf)#P4w{${VdP?SFKUb_-Z;!#1 zdiDNoP~f>fBLrP`=R{6Zp${9yk*St!Fr1RhX?SdZ=Yka0sA$3h9U?hWFWATtezId0 zZdJ34=ra5(0so!GdkBlWVal{QuF)qO6a*@&fr_0&>Jr`4`ob%ren^VdRebvfKMEVBSKH%nkr^-C{Xj7NyLT$Up<@K4oSHulKgxV|%%5Y~mj* zHLYG}ox7pAU6m(m?$3WNQqu}`>U;*HaLw)lA=j9_-$YJ##V_-$2Pj|75I&L2-mf4> za6HOzT9&_N&qNpAaB;O~pT0$ku&QfAW7U2>J;0qH<|@D7zRb}1$*+1KXnRXR`;EM+r?OyKQu!1PuOI+q~mLaAu?oHSN8pPtrFf z+cG2F8J%$(WosTa&3=pVk*lD~1FpBS^)+f*(!&$w$@Ea8e?}EKLWUwvWz{@%fLXU| z7fyZow1;^p{!}sNJWQI{67rBz5l?o@*g863LMlESlGhztwV8hpG2L-nG^@KHq^=o5 zP0K;`Jn9n7+Wf$GE*ShK;BQOa7lwp3HIC58i7_|pm2InOICrMYm-i%JO2vCkUCENA zS#4yNrPLk|cm23qAqVywuAqru^dHnF)`z^g`?Uu$)yED;IV1lVqYQ51(yagtK#IiJ zSjU3+xPwdQjruaa;<<;BPODRHraQ|wDKSIaHLTw5VfwA_i~m$Lu9Q*K$uEK2Nq^cX zk-NjE#?o~6x{Gm3tAFoB=15^jj+-A?Xli@M|7W;=vaG1nSG=~W&-{&EpnBh7RE1>q z-&f|})Um9h2S2BL*<@(f7*`iQbuu{IgUzX#)EmmAhdwRs!+)>nNZAn3-=FA2Y{9P! zI*&3`W2j45k`@e_{a?^}8TDRoialUNvkBE82WGE9sC((>KT45fMV)8W`+Nh{8#(w~ zLm~Cxgla{zf8|zw;@s7jYkKZKyYjNjrzGksA)%ty!ihlW$!#j!KkUY?`kf%Ieq!Lb zmRt*QRiK2^XiHS@et!sJUbBC^cbcXj8@Pwi#yY-qCODk(4YqhTt1?+SSz?qv{v@#r zdDPCT&bMU2c)(yLk=&3`er++h0P-lxiWK{|SE}#w6qnxGv@RH%*ZcpKWAy7#|6ZN( zC_=-T;XgmVJot8>PKTMCb2ZmojPvzesr{OZ6|S?Qb`|tU#?^xMZ)p_Z4Z)v!z!1*6fR+9$t_s^$IVddO~2V5TP@{N!OIhxYe z%);F?UZ__pogzuwOl*A=_Gvb_x2SXc&*XXlQYG;C;>Ru^Iw3^wI;>gFRVze7G82Mpr7rLfe$1`K>2(CLbU2KjKd=ON&0w!Q99pEsuIgbYI(AH zJXuFIIR}^@yu6LiUDM}zq~yJgYBRC^LkON_TUAbR5#`{$3T)IW@)^-& zg=gUPf7BStCX30q3gW8li43!_gUoo86OC6?E?S8i2IqI|hA5wUdne%lvq^D;yEsC? zUwr`Pu9BuFMY*9>A5h-Thm>@tXao`dyHXr=HH*fBIUT4nr{hV};f%TBDB07O$YN%y z=|8eQ8}IgFxp<}8-foJ#$5rD3>JpaMIOS)}8(A#x6rjSt$zpSJajC&KXuK?`hM0vS>PqMjOyLth%Jhj|ZSW3nZ@eHxUHl0kP+VHjZBId* zVNf(QKpwM>RrzAP`ypj%c02tymfd5%!u~k{+;;?WMxQk>(2s$OhG0){Gc z`PiMNnd$EF*Wd?!A#BvEU(=8xI?Y$;LmWAN0m76QxcyfU6qFoO#X(5g4IAD8G9S%X zWWae6qw@z09$_S>fPdC_S73ajPQ`n}*?YgC)2)i}-;3!yy_91!-4Q4*Z2ZctK7zQg zb2B{_MxEqO&lS7qyNsY+d6p)$pUs}8zBCk zz$%%JA6C)$MCX235u+4l+#5BF{|@4#?a_;u;8QwTEa(2ku{SPbOR}bG$2|U> z49-CQgTJ*mIQqy?|CrHOko7oe`giGx%sp=^G#4FvkFil7{C2DzOE0Vvdrjwc^gRrP zr^jJFr=ADC-v+Sa}o z;gq<_LrMV=>m`skRKOJ?YXZbK2}#*rtSqADqRv?OvFvNWXCKq~0hy8SNYg`INgK@| zJ{om%6vB=Dpk>1SqSkMF2$HA*xkEJW0_{@)3Yc8sIfyzm(a}gwX%MY7Mo5P$FnUKI zod7j|<4D=LuWYp*_-T+W@atkay^YT6$-L8qFb3g9QF<(2yyca8yD8otjcpZUt?7hy zc(KH%f&6Rql_!6CzUC$O%W6JU!IMs%sRTPIUALc zvaC4$m6Qt;@x)zF>jN1$uazpZfdy+-tSF~Zw2k=4?B)}qktS3nz^$r01aTgMkW7<} z5ZDZ8JTL{It`-mvN$vvmaFO71Z6YEq8`3XP5ciOq2b81!o=9(?*XdN5LTORb>sZOZ z=PP;rNMJLh*tHxXZ*gAQMGTEyxWNChw#=SDC?c?YCp`t0w^-M-4TlXB@|1A1Q?J~% z>9X(wbteEEeNrDHF^0ET#Wz+X6>!J1)fvxc4|s%>K~Dab5%%j`rt@)hzo-iMYa!pp zbn8qRJImO)FFoz5bCWL@@XKfW*=|#(xlNnaU^B`{i+`N7bxXFYat6Ys=^x&{+i%`M z4{cUwV6v7W1qaVc*DeYy|DI)k36+G#p4}P!NxE@x*&qlWg8TuUH#e?WeZT|MxbG{m zG(7)fZJr2#_y}r0>x_pbf;OIhPR!mT5rm%0dx3QP__JP?!C$6 zhEKnL+yCv8v=j2^AA)80s^KJx_7yOU@1q?~#YH`c<1;Q>xgSFO0U z_=Si9>-qd?l2h}@w#@bYA%Ud`SS*Oayyne#=8^ZEK|^=!UavJhzq(7mZcWMWxtVj9 zH(O{OLiso>ST4-_I4@-lpXkHSx>RT@8;7a%_9uEP*UheY28bM7&+1F)4dW@F2TJnk z)}PbJ4YkIWq$KXYpl|X*U2}0JuYWT!qtSySd>XWzh@(GYOae9$Gj5O~a*M$q6mbDN z)N39Tb+!_EbRu;tGa=Lm=QhpoSY4T252f>Sp6TwW+R)Lp@=wNt_MXl;3_mWg?w|J= z{vBUKwmCAlfUYKTFN~)@(nDJle{Vci{HJPnU&`&Q;mtXT)HHT`eP3X&7;V?q6Z198 zJY+rQqwX!*x5$Z8nWh1U;>nLQ!onwvhTQ1uV{&g@xV-&mIPh~T4`{^C& ziVWGee`z{7?ES}W@FA(M?aY2^nzRYYd&xaA@beXw;+0Y*34~O==GMq0YT6YOQurM^ z7O+Qo_qY1#Zf|BHCp}#b=0O)!-RzV>tn}^*U}l}|=A8HDZyw1e6P%f)H;Xzaf88St z7@YoV!MG}_zS@JsgxxU*@3K<^G^l9@?wj^^6xx=p@92vAp?XsV z_^_eX+%*htjne#&+b(**yW?&L?`8yLliN1fmgTeBadW}yC%@6e+4~#Y-G1tfnJ1^7 z%`FZck_ovIzK=O%Jw^`|KJPG^3-0u}O&>}lw@KNSRsU`)uP>ulPf+ZcL%`h^kWaU{ zD#!cW{V0XaJ2wfH5H4rD2y^YN4H}zQW&c%g2ba^`QXw{CO-(}}ty*3Vpl=0)yP|sC zPFl0~Z=mty(%Z^c&=InSCAEkW{XcG>34KaW&_Q%HD&jWD)Y^Y#tLJ(Rw~XF48tf0# zH{owG0dOtXQGSJnc+@{=$VQ!^@nXN<^Oo@v+oIGDETq6qQ2s54qFj#DXT5q!m8sQV z=1Xfl3Z<=;P17+rW)>-8dg4#PyV~rEBau|&y~^=_HXCaZ$F^{U#xe&YS{{7RQkOYV ziX>NEDU-qmZMSH#kc$cD@D}`xKTCCduzF!uj_GP^bcRwCRJ}SI(3Hsgt*CzBE zRVVe>C^I*KFe@~D2X#=Z+{nrmRhW{p9qL@iGnxK0|j%Ve{{xcr#2j-Rp-+WJyYDX64-AE_vL~Gx}h$mv!O$cpBMtLJ@l7HMTho& z%5NxeZlm$Olv1W++t=^uf#PKU1DlrxmoF9QcR#g*ZSwXI__SP?VA+RJ6;jAH(?JnL z3adz$UJbFDY@>Q%>wBR~W%@oVS-51NLbzOPPWPfz40=0ngXn|iCsxjjXD_X{ZqN;p zlywA=fg#J5wwJcfUX(_-EJ&75@lKJK`-iqCg@wlI^Pl$*bZL4|;FIL16>+`tG~TH1 z?-MpTI$@Dl$zs!$_hu)QIkeU{A9>Wdb%n93@N8DTE|>2vCIvVgL&6iWu{0 z&lI5Zt#_5+`lS34{yS)RiYha-uV}e-FW|EKcS#ZWp;iO9-0?iim`e#0fAu~@M9|gf zr!!}oew)JnA>f+Hk1vu_fUUOK?ka#eB{YfF`olkdklsYe!Uwogu>np%|1hCSYlWJ_ zrhg6z%B9tqzy;?XVQQYNg=&=8*U$H$G-*oK<0EI-8X_GMBmvLl2}>y;@fkMKd`q+c zx^+MhC!NJ^D~PTb7k>yO5a8JVf7`fx$@*(`GJi>Iim%X^yUV5)E`kwu` Date: Wed, 21 Nov 2018 15:19:58 +0200 Subject: [PATCH 28/47] Fix/ub-1675 support fc and iscsi (#254) in this PR the idea is to allow the user to use ISCSI + FC on the same kubernetes cluster. before this PR the user had to define a config parameter : skipRescanIscsI to define if they want to use ISCSI or not in ubiquity. this PR reomves this config and works under the assumption that if a user defined and installed iscsiadm on the node then this node should be connected to the storage system with ISCSI. also the existance of the iscsiadm command or a login to the storage will not fail the rescan and the mount\umount process! --- glide.yaml | 2 +- .../templates/ubiquity-configmap.yml | 3 --- .../templates/ubiquity-k8s-flex-daemonset.yml | 5 ----- helm_chart/ibm_storage_enabler_for_containers/values.yaml | 2 -- .../ubiquity-configmap.yml | 2 -- .../ubiquity_installer.conf | 6 ------ .../ubiquity_installer.sh | 2 -- .../yamls/ubiquity-k8s-flex-daemonset.yml | 7 ------- scripts/setup_flex.sh | 4 ---- utils/utils.go | 7 ------- utils/utils_test.go | 6 +----- 11 files changed, 2 insertions(+), 44 deletions(-) diff --git a/glide.yaml b/glide.yaml index d4c0147cd..f25354f29 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 593eab53c734ef364a7f8871651d1ab3ce5f0188 + version: b549f1ea6b8f9e985885b09a6b43a5020560c73e subpackages: - remote - resources diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml index 233a4ea9a..f5cdbdc62 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml @@ -27,9 +27,6 @@ data: # File system type. Optional parameter with two allowed values: ext4 or xfs. Default value is ext4. DEFAULT-FSTYPE: {{ .Values.spectrumConnect.backendConfig.newVolumeDefaults.fsType | quote }} - # Allowed values: true or false. Set to true if the nodes have FC connectivity. - SKIP-RESCAN-ISCSI: {{ .Values.spectrumConnect.backendConfig.skipRescanIscsi | quote }} - # Default Ubiquity Backend DEFAULT-BACKEND: scbe diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml index 39cb3165f..5ef135852 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml @@ -67,11 +67,6 @@ spec: name: scbe-credentials key: password - - name: SKIP_RESCAN_ISCSI # boolean - valueFrom: - configMapKeyRef: - name: ubiquity-configmap - key: SKIP-RESCAN-ISCSI {{- end }} - name: UBIQUITY_PLUGIN_SSL_MODE # require / verify-full diff --git a/helm_chart/ibm_storage_enabler_for_containers/values.yaml b/helm_chart/ibm_storage_enabler_for_containers/values.yaml index f5f778f35..0047d2f03 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/values.yaml +++ b/helm_chart/ibm_storage_enabler_for_containers/values.yaml @@ -23,8 +23,6 @@ spectrumConnect: backendConfig: # A prefix for any new volume created on the storage system. instanceName: - # Allowed values: true or false. Set to true if the nodes have FC connectivity. - skipRescanIscsi: false # Default Spectrum Connect storage service to be used, if not specified by the storage class. DefaultStorageService: diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml index cb59fc0a8..0cee35423 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity-configmap.yml @@ -62,5 +62,3 @@ data: # The user must update this key manually if the ubiqutiy service object IP was changed. UBIQUITY-IP-ADDRESS: "UBIQUITY_IP_ADDRESS_VALUE" - # Allowed values: true or false. Set to true if the nodes have FC connectivity. - SKIP-RESCAN-ISCSI: "SKIP_RESCAN_ISCSI_VALUE" diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.conf b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.conf index 7706c3560..7a7db8608 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.conf +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.conf @@ -40,12 +40,6 @@ DEFAULT_VOLUME_SIZE_VALUE=1 # For DS8000 Family, use "ibmdb" instead and make sure UBIQUITY_INSTANCE_NAME_VALUE value length does not exceed 8 chars. IBM_UBIQUITY_DB_PV_NAME_VALUE=ibm-ubiquity-db -# Parameter in ubiquity-configmap.yml that impact on "ubiquity-k8s-flex" daemonset -#----------------------------------------------------------------- -# Allowed values: true or false. Set to true if the nodes have FC connectivity. -SKIP_RESCAN_ISCSI_VALUE=false - - # Parameters in ubiquity-configmap.yml that impact on "ubiquity" and "ubiquity-k8s-provisioner" deployments, And "ubiquity-k8s-flex" daemonset #----------------------------------------------------------------- # Flex log directory. If you change the default, then make the new path exist on all the nodes and update the Flex daemonset hostpath according. diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index c035faa9b..b5ea6c6ec 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -186,7 +186,6 @@ function update-ymls() KEY_FILE_DICT['FLEX_LOG_DIR_VALUE']="${UBIQUITY_CONFIGMAP_YML} ${UBIQUITY_FLEX_DAEMONSET_YML}" KEY_FILE_DICT['LOG_LEVEL_VALUE']="${UBIQUITY_CONFIGMAP_YML}" KEY_FILE_DICT['SSL_MODE_VALUE']="${UBIQUITY_CONFIGMAP_YML}" - KEY_FILE_DICT['SKIP_RESCAN_ISCSI_VALUE']="${UBIQUITY_CONFIGMAP_YML}" KEY_FILE_DICT['DEFAULT_VOLUME_SIZE_VALUE']="${UBIQUITY_CONFIGMAP_YML}" KEY_FILE_DICT['SCBE_USERNAME_VALUE']="${SCBE_CRED_YML}" KEY_FILE_DICT['SCBE_PASSWORD_VALUE']="${SCBE_CRED_YML}" @@ -267,7 +266,6 @@ function update-ymls() if [ "$backend_from_configfile" == "spectrumscale" ]; then sed -i "s|DEFAULT_BACKEND_VALUE|spectrum-scale|g" ${YML_DIR}/../ubiquity-configmap.yml sed -i "s|SCBE_MANAGEMENT_IP_VALUE||g" ${YML_DIR}/../ubiquity-configmap.yml - sed -i "s|SKIP_RESCAN_ISCSI_VALUE|false|g" ${YML_DIR}/../ubiquity-configmap.yml sed -i 's/^# SPECTRUMSCALE Credentials #\(.*\)/\1 # SPECTRUMSCALE Credentials #/g' ${ymls_to_updates} fi diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-flex-daemonset.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-flex-daemonset.yml index 64f4eb9f6..fe5b130e1 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-flex-daemonset.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-k8s-flex-daemonset.yml @@ -73,13 +73,6 @@ spec: name: ubiquity-configmap key: UBIQUITY-IP-ADDRESS - - name: SKIP_RESCAN_ISCSI # boolean - valueFrom: - configMapKeyRef: - name: ubiquity-configmap - key: SKIP-RESCAN-ISCSI - - command: ["./setup_flex.sh"] volumeMounts: diff --git a/scripts/setup_flex.sh b/scripts/setup_flex.sh index 106771af2..2ebeac1f3 100755 --- a/scripts/setup_flex.sh +++ b/scripts/setup_flex.sh @@ -45,7 +45,6 @@ function generate_flex_conf_from_envs_and_install_it() [ -z "$FLEX_LOG_DIR" ] && FLEX_LOG_DIR=/var/log || : [ -z "$FLEX_LOG_ROTATE_MAXSIZE" ] && FLEX_LOG_ROTATE_MAXSIZE=50 || : [ -z "$LOG_LEVEL" ] && LOG_LEVEL=info || : - [ -z "$SKIP_RESCAN_ISCSI" ] && SKIP_RESCAN_ISCSI=false || : [ -z "$UBIQUITY_PLUGIN_USE_SSL" ] && UBIQUITY_PLUGIN_USE_SSL=true || : [ -z "$UBIQUITY_PLUGIN_SSL_MODE" ] && UBIQUITY_PLUGIN_SSL_MODE="verify-full" || : [ -z "$UBIQUITY_PORT" ] && UBIQUITY_PORT=9999 || : @@ -67,9 +66,6 @@ port = $UBIQUITY_PORT username = "$UBIQUITY_USERNAME" password = "$UBIQUITY_PASSWORD" -[ScbeRemoteConfig] -SkipRescanISCSI = $SKIP_RESCAN_ISCSI - [SslConfig] UseSsl = $UBIQUITY_PLUGIN_USE_SSL SslMode = "$UBIQUITY_PLUGIN_SSL_MODE" diff --git a/utils/utils.go b/utils/utils.go index bcde36048..f9fe33e76 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -36,13 +36,6 @@ func LoadConfig() (resources.UbiquityPluginConfig, error) { spectrumNFSConfig.ClientConfig = os.Getenv("SPECTRUM_NFS_REMOTE_CONFIG") config.SpectrumNfsRemoteConfig = spectrumNFSConfig - bool, err := strconv.ParseBool(os.Getenv("SCBE_SKIP_RESCAN_ISCSI")) - if err != nil { - config.ScbeRemoteConfig.SkipRescanISCSI = false - } else { - config.ScbeRemoteConfig.SkipRescanISCSI = bool - } - config.CredentialInfo = resources.CredentialInfo{UserName: os.Getenv("UBIQUITY_USERNAME"), Password: os.Getenv("UBIQUITY_PASSWORD")} return config, nil diff --git a/utils/utils_test.go b/utils/utils_test.go index 493ab12d2..ec552d287 100644 --- a/utils/utils_test.go +++ b/utils/utils_test.go @@ -21,7 +21,6 @@ var _ = Describe("Utils", func() { {"BACKENDS", "SCBE", "SCBE"}, {"UBIQUITY_PORT", "9999", "9999"}, {"UBIQUITY_ADDRESS", "9.9.9.9", "9.9.9.9"}, - {"SCBE_SKIP_RESCAN_ISCSI", "true", "true"}, {"UBIQUITY_USERNAME", "ubiquity", "ubiquity"}, {"UBIQUITY_PASSWORD", "ubiquity", "ubiquity"}, } @@ -37,7 +36,6 @@ var _ = Describe("Utils", func() { {"BACKENDS", "SCBE", "SCBE"}, {"UBIQUITY_PORT", "9999", "9999"}, {"UBIQUITY_ADDRESS", "9.9.9.9", "9.9.9.9"}, - {"SCBE_SKIP_RESCAN_ISCSI", "", "false"}, {"UBIQUITY_USERNAME", "ubiquity", "ubiquity"}, {"UBIQUITY_PASSWORD", "ubiquity", "ubiquity"}, } @@ -63,7 +61,6 @@ var _ = Describe("Utils", func() { {"BACKENDS", ubiquityConfig.Backends[0]}, {"UBIQUITY_PORT", strconv.Itoa(ubiquityConfig.UbiquityServer.Port)}, {"UBIQUITY_ADDRESS", ubiquityConfig.UbiquityServer.Address}, - {"SCBE_SKIP_RESCAN_ISCSI", strconv.FormatBool(ubiquityConfig.ScbeRemoteConfig.SkipRescanISCSI)}, {"UBIQUITY_USERNAME", ubiquityConfig.CredentialInfo.UserName}, {"UBIQUITY_PASSWORD", ubiquityConfig.CredentialInfo.Password}, } @@ -78,7 +75,7 @@ var _ = Describe("Utils", func() { }) - Context("Without set FLEX_LOG_ROTATE_MAXSIZE and SCBE_SKIP_RESCAN_ISCSI", func() { + Context("Without set FLEX_LOG_ROTATE_MAXSIZE", func() { BeforeEach(func() { for _, data := range tests2 { os.Setenv(data.envVar, data.in) @@ -98,7 +95,6 @@ var _ = Describe("Utils", func() { {"BACKENDS", ubiquityConfig.Backends[0]}, {"UBIQUITY_PORT", strconv.Itoa(ubiquityConfig.UbiquityServer.Port)}, {"UBIQUITY_ADDRESS", ubiquityConfig.UbiquityServer.Address}, - {"SCBE_SKIP_RESCAN_ISCSI", strconv.FormatBool(ubiquityConfig.ScbeRemoteConfig.SkipRescanISCSI)}, {"UBIQUITY_USERNAME", ubiquityConfig.CredentialInfo.UserName}, {"UBIQUITY_PASSWORD", ubiquityConfig.CredentialInfo.Password}, } From 1bcb67acdfeeb0c346b122c0c4ab69155a8c6909 Mon Sep 17 00:00:00 2001 From: olgasht Date: Wed, 21 Nov 2018 15:21:39 +0200 Subject: [PATCH 29/47] UB-1675: updated ubiquity version in glide.yaml --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index f25354f29..7cf95eb9f 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: b549f1ea6b8f9e985885b09a6b43a5020560c73e + version: b5bddd136a049339c92eb44fd5bb499215a22c44 subpackages: - remote - resources From f4e22020a938e390d7a394acc0edbf56b4791194 Mon Sep 17 00:00:00 2001 From: Deepak Ghuge Date: Mon, 26 Nov 2018 14:14:45 +0530 Subject: [PATCH 30/47] updating glide to latest dev (#258) updating glide.yml after merging PR#270 --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index 7cf95eb9f..875227c95 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: b5bddd136a049339c92eb44fd5bb499215a22c44 + version: 6e45b2d0b021608b0f07321d79504cbf4cbde403 subpackages: - remote - resources From 5d1fed54e03402f80373a0d95167057924180bea Mon Sep 17 00:00:00 2001 From: olgashtivelman <33713489+olgashtivelman@users.noreply.github.com> Date: Tue, 27 Nov 2018 10:13:38 +0200 Subject: [PATCH 31/47] Fix/ub-1550 fix provisioner error message (#259) change error: "panic: Error starting ubiquity client" to "panic: Error starting ubiquity provisioner" and add an error message to the provisioner log when the failure of the provisiner pod is caused by ubiquity pod not responding. --- cmd/provisioner/main/main.go | 2 +- volume/provision.go | 27 +++++++++++++++++++++++++-- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/cmd/provisioner/main/main.go b/cmd/provisioner/main/main.go index b02e29330..21f9adbda 100644 --- a/cmd/provisioner/main/main.go +++ b/cmd/provisioner/main/main.go @@ -89,7 +89,7 @@ func main() { flexProvisioner, err := volume.NewFlexProvisioner(logger, remoteClient, ubiquityConfig) if err != nil { logger.Printf("Error starting provisioner: %v", err) - panic("Error starting ubiquity client") + panic("Error starting ubiquity provisioner") } // Start the provision controller which will dynamically provision Ubiquity PVs diff --git a/volume/provision.go b/volume/provision.go index 992e0a634..56a7845ae 100644 --- a/volume/provision.go +++ b/volume/provision.go @@ -33,6 +33,9 @@ import ( "k8s.io/apimachinery/pkg/util/uuid" "k8s.io/api/core/v1" + "net" + "net/url" + "syscall" ) const ( @@ -93,9 +96,29 @@ func newFlexProvisionerInternal(logger *log.Logger, ubiquityClient resources.Sto logger.Printf("activating backend %s\n", config.Backends) err := provisioner.ubiquityClient.Activate(activateRequest) + if err != nil { + if isTimeOutError(err) { + // The log is here to advise the user on where to look for further information + logger.Printf("Cannot start ubiqutiy-k8s-provisioner due to failure of connectivity to Ubiquity pod.") + } + } + return provisioner, err } +func isTimeOutError(err error) bool { + if urlError, ok := err.(*url.Error); ok { + if opError, ok := urlError.Err.(*net.OpError); ok { + if sysErr, ok := opError.Err.(*os.SyscallError); ok { + if errno, ok := sysErr.Err.(syscall.Errno); ok && errno == syscall.ETIMEDOUT { + return true + } + } + } + } + return false +} + type flexProvisioner struct { logger logs.Logger identity types.UID @@ -194,10 +217,10 @@ func (p *flexProvisioner) Delete(volume *v1.PersistentVolume) error { getVolumeRequest := resources.GetVolumeRequest{Name: volume.Name, Context: requestContext} volume, err := p.ubiquityClient.GetVolume(getVolumeRequest) if err != nil { - if strings.Contains(err.Error(), resources.VolumeNotFoundErrorMsg){ + if strings.Contains(err.Error(), resources.VolumeNotFoundErrorMsg) { p.logger.Warning("Idempotent issue while deleting volume : volume was not found in ubiquity DB", logs.Args{{"volume name", volume.Name}}) return nil - } else{ + } else { return p.logger.ErrorRet(err, "error retreiving volume information.", logs.Args{{"volume name", volume.Name}}) } } From 77988f00d6eeb7ff3ffc58ab3fed372ca661a5cf Mon Sep 17 00:00:00 2001 From: olgasht Date: Thu, 29 Nov 2018 15:07:32 +0200 Subject: [PATCH 32/47] update glide # so not to fail the build jobs --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index 875227c95..2fb21e8a1 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 6e45b2d0b021608b0f07321d79504cbf4cbde403 + version: 3835cb84683fbcedf343b37b0d61673fce796773 subpackages: - remote - resources From 732a2e6c1b6aa17297264464a09f8dde795af806 Mon Sep 17 00:00:00 2001 From: Deepak Ghuge Date: Mon, 3 Dec 2018 22:19:31 +0530 Subject: [PATCH 33/47] fixing glide.yaml (#262) Fixing glide.yaml for PR#273 --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index 2fb21e8a1..e1b791bcd 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 3835cb84683fbcedf343b37b0d61673fce796773 + version: f37a22295ddae4d31e70209177df993e9d81fc5a subpackages: - remote - resources From 8ec9faad160c64a44cfab3c3c6d59d1bab27b0ce Mon Sep 17 00:00:00 2001 From: Deepak Ghuge Date: Wed, 5 Dec 2018 14:32:34 +0530 Subject: [PATCH 34/47] skip check of volume symlink for spectrum-scale backend Avoid checking volume symlink check spectrum-scale backend because of this change spectrum-scale can allow multiple PODs to mount same volume --- controller/controller.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/controller/controller.go b/controller/controller.go index 97974fb1d..b6e09b54e 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -769,9 +769,12 @@ func (c *Controller) doMount(mountRequest k8sresources.FlexVolumeMountRequest) ( return "", c.logger.ErrorRet(err, "prepareUbiquityMountRequest failed") } - err = checkSlinkAlreadyExistsOnMountPoint(ubMountRequest.Mountpoint, mountRequest.MountPath, c.logger, c.exec) - if err != nil { - return "", c.logger.ErrorRet(err, "Failed to check if other links point to mountpoint") + if (volumeBackend == resources.SCBE) { + + err = checkSlinkAlreadyExistsOnMountPoint(ubMountRequest.Mountpoint, mountRequest.MountPath, c.logger, c.exec) + if err != nil { + return "", c.logger.ErrorRet(err, "Failed to check if other links point to mountpoint") + } } mountpoint, err := mounter.Mount(ubMountRequest) From 565b817db8e87bfeda953a1402b5cc9488c1b01e Mon Sep 17 00:00:00 2001 From: shay-berman Date: Wed, 5 Dec 2018 12:22:04 +0200 Subject: [PATCH 35/47] UB-1677: installer automatic create rolebinding to ICP311 PSP (#263) --- .../ubiquity_installer.sh | 18 ++++++++++++++++++ .../ubiquity_lib.sh | 3 ++- .../ubiquity_uninstall.sh | 5 +++++ .../yamls/ubiquity-icp-rolebinding.yml | 15 +++++++++++++++ 4 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-icp-rolebinding.yml diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index b5ea6c6ec..a364e60ab 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -434,6 +434,8 @@ function create_only_namespace_and_services() create_serviceaccount_and_clusterroles + create_icp_rolebinding_if_needed + # Creating ubiquity service if ! kubectl get $nsf service ${UBIQUITY_SERVICE_NAME} >/dev/null 2>&1; then kubectl create $nsf -f ${YML_DIR}/ubiquity-service.yml @@ -449,6 +451,22 @@ function create_only_namespace_and_services() fi } +function create_icp_rolebinding_if_needed() +{ + # Only if clusterroles $ICP_CLUSTERROLES_FOR_PSP exist, then assuming its ICP 3.1.1+, then creates a bind for it. + if kubectl get $nsf clusterroles ${ICP_CLUSTERROLES_FOR_PSP} >/dev/null 2>&1; then + echo "Found ICP ${ICP_CLUSTERROLES_FOR_PSP} clusterroles object. Binding it to ${NS} namespace to enable ICP v3.1.1 and higher." + + # Creating ubiquity ubiquity-icp-rolebinding + if ! kubectl get $nsf clusterrolebindings ${UBIQUITY_ICP_CLUSTERROLESBINDING_NAME} >/dev/null 2>&1; then + kubectl create $nsf -f ${YML_DIR}/ubiquity-icp-rolebinding.yml + else + echo "${UBIQUITY_ICP_CLUSTERROLESBINDING_NAME} clusterrolebindings already exists,skipping clusterrolebindings creation" + fi + fi + +} + function create_serviceaccount_and_clusterroles() { # Creating ubiquity service account diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh index 1ba771998..941bc7c4c 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh @@ -38,7 +38,8 @@ UBIQUITY_DEPLOY_YML=ubiquity-deployment.yml UBIQUITY_DB_DEPLOY_YML=ubiquity-db-deployment.yml UBIQUITY_PROVISIONER_DEPLOY_YML=ubiquity-k8s-provisioner-deployment.yml UBIQUITY_FLEX_DAEMONSET_YML=ubiquity-k8s-flex-daemonset.yml - +ICP_CLUSTERROLES_FOR_PSP=ibm-anyuid-hostpath-clusterrole +UBIQUITY_ICP_CLUSTERROLESBINDING_NAME="ubiquity-icp-rolebinding" # Example: wait_for_item pvc pvc1 Bound 10 1 ubiquity # wait 10 seconds till timeout diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh index 3fbea392f..dca4e8eef 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_uninstall.sh @@ -128,6 +128,11 @@ $kubectl_delete -f ${YML_DIR}/../${SPECTRUMSCALE_CRED_YML} $kubectl_delete -f ${YML_DIR}/../${UBIQUITY_DB_CRED_YML} $kubectl_delete -f $YML_DIR/ubiquity-service.yml $kubectl_delete -f $YML_DIR/ubiquity-db-service.yml + +if kubectl get $nsf clusterroles ${ICP_CLUSTERROLES_FOR_PSP} >/dev/null 2>&1; then + $kubectl_delete -f $YML_DIR/ubiquity-icp-rolebinding.yml +fi + $kubectl_delete -f $YML_DIR/ubiquity-k8s-provisioner-clusterrolebindings.yml $kubectl_delete -f $YML_DIR/ubiquity-k8s-provisioner-clusterroles.yml $kubectl_delete -f $YML_DIR/ubiquity-k8s-provisioner-serviceaccount.yml diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-icp-rolebinding.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-icp-rolebinding.yml new file mode 100644 index 000000000..83e606019 --- /dev/null +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-icp-rolebinding.yml @@ -0,0 +1,15 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ubiquity-icp-rolebinding + labels: + product: ibm-storage-enabler-for-containers + namespace: ubiquity +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:serviceaccounts:ubiquity +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ibm-anyuid-hostpath-clusterrole From 7d1f990e5f0d7bb3e495161665b475969fd82afe Mon Sep 17 00:00:00 2001 From: shay-berman Date: Wed, 5 Dec 2018 13:12:52 +0200 Subject: [PATCH 36/47] Improvement/values.yml new layout - to align helm guidelines (#261) * new layout of values.yml file * Update all the templates according to the new layout. * Update all text in the values.yml file based on Dima feedback --- .../templates/scbe-credentials-secret.yml | 6 +- .../spectrumscale-credentials-secret.yml | 6 +- .../templates/storage-class-spectrumscale.yml | 10 +- .../templates/storage-class.yml | 10 +- .../templates/ubiquity-configmap.yml | 37 ++- .../ubiquity-db-credentials-secret.yml | 4 +- .../templates/ubiquity-db-deployment.yml | 15 +- .../templates/ubiquity-db-pvc.yml | 14 +- .../templates/ubiquity-deployment.yml | 17 +- .../templates/ubiquity-k8s-flex-daemonset.yml | 22 +- .../ubiquity-k8s-provisioner-deployment.yml | 11 +- .../values.yaml | 221 ++++++++++-------- 12 files changed, 205 insertions(+), 168 deletions(-) diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml index 02bc340dd..b390c8bc7 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/scbe-credentials-secret.yml @@ -1,4 +1,4 @@ -{{- if .Values.spectrumConnect }} +{{- if .Values.ubiquity.spectrumConnect }} apiVersion: v1 kind: Secret metadata: @@ -9,8 +9,8 @@ metadata: type: Opaque data: # Base64-encoded username defined for the IBM Storage Enabler for Containers interface in Spectrum Connect. - username: {{ .Values.spectrumConnect.connectionInfo.username | b64enc | quote }} + username: {{ .Values.ubiquity.spectrumConnect.connectionInfo.username | b64enc | quote }} # Base64-encoded password defined for the IBM Storage Enabler for Containers interface in Spectrum Connect. - password: {{ .Values.spectrumConnect.connectionInfo.password | b64enc | quote }} + password: {{ .Values.ubiquity.spectrumConnect.connectionInfo.password | b64enc | quote }} {{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/spectrumscale-credentials-secret.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/spectrumscale-credentials-secret.yml index d208ae68f..cc9dc6e0b 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/spectrumscale-credentials-secret.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/spectrumscale-credentials-secret.yml @@ -1,4 +1,4 @@ -{{- if .Values.spectrumScale }} +{{- if .Values.ubiquity.spectrumScale }} apiVersion: v1 kind: Secret metadata: @@ -9,8 +9,8 @@ metadata: type: Opaque data: # Base64-encoded username defined for Spectrum Scale system - username: {{ .Values.spectrumScale.connectionInfo.username | b64enc | quote }} + username: {{ .Values.ubiquity.spectrumScale.connectionInfo.username | b64enc | quote }} # Base64-encoded password defined for Spectrum Scale system - password: {{ .Values.spectrumScale.connectionInfo.password | b64enc | quote }} + password: {{ .Values.ubiquity.spectrumScale.connectionInfo.password | b64enc | quote }} {{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class-spectrumscale.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class-spectrumscale.yml index 13426c35f..fedbba616 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class-spectrumscale.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class-spectrumscale.yml @@ -1,18 +1,18 @@ -{{- if .Values.spectrumScale }} +{{- if .Values.ubiquityDb.persistence.storageClass.spectrumScale }} kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: - name: {{ .Values.spectrumScale.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote }} + name: {{ .Values.ubiquityDb.persistence.storageClass.storageClassName | quote }} labels: product: ibm-storage-enabler-for-containers -{{- if .Values.spectrumScale.backendConfig.dbPvConfig.storageClassForDbPv.defaultClass }} +{{- if .Values.ubiquityDb.persistence.storageClass.defaultClass }} annotations: storageclass.kubernetes.io/is-default-class: "true" {{- end }} provisioner: "ubiquity/flex" parameters: backend: "spectrum-scale" - filesystem: {{ .Values.spectrumScale.backendConfig.defaultFilesystemName | quote }} - fileset-type: "dependent" + filesystem: {{ .Values.ubiquity.spectrumScale.backendConfig.defaultFilesystemName | quote }} + fileset-type: "dependent" ## Not allow to change it via the values.yml file, because for the DB volume the storage class must be dependent. type: fileset {{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml index 60d8d4de1..c6045ad8a 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/storage-class.yml @@ -1,17 +1,17 @@ -{{- if .Values.spectrumConnect }} +{{- if .Values.ubiquity.spectrumConnect }} kind: StorageClass apiVersion: storage.k8s.io/v1beta1 metadata: - name: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote }} + name: {{ .Values.ubiquityDb.persistence.storageClass.storageClassName | quote }} labels: product: ibm-storage-enabler-for-containers -{{- if .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.defaultClass }} +{{- if .Values.ubiquityDb.persistence.storageClass.defaultClass }} annotations: storageclass.kubernetes.io/is-default-class: "true" {{- end }} provisioner: "ubiquity/flex" parameters: - profile: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.params.spectrumConnectServiceName | quote }} - fstype: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.params.fsType | quote }} # xfs or ext4 + profile: {{ .Values.ubiquityDb.persistence.storageClass.spectrumConnect.spectrumConnectServiceName | quote }} + fstype: {{ .Values.ubiquityDb.persistence.storageClass.spectrumConnect.fsType | quote }} # xfs or ext4 backend: "scbe" {{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml index f5cdbdc62..3d67507d3 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-configmap.yml @@ -8,70 +8,67 @@ metadata: data: # The keys below are used by ubiquity deployment # ----------------------------------------------- -{{- if .Values.spectrumConnect }} +{{- if .Values.ubiquity.spectrumConnect }} # IP or FQDN of Spectrum Connect(previously known as SCBE) server. - SCBE-MANAGEMENT-IP: {{ .Values.spectrumConnect.connectionInfo.fqdn | quote }} + SCBE-MANAGEMENT-IP: {{ .Values.ubiquity.spectrumConnect.connectionInfo.fqdn | quote }} # Communication port of Spectrum Connect server. Optional parameter with default value set at 8440. - SCBE-MANAGEMENT-PORT: {{ .Values.spectrumConnect.connectionInfo.port | quote }} + SCBE-MANAGEMENT-PORT: {{ .Values.ubiquity.spectrumConnect.connectionInfo.port | quote }} # Default Spectrum Connect storage service to be used, if not specified by the plugin. - SCBE-DEFAULT-SERVICE: {{ .Values.spectrumConnect.backendConfig.DefaultStorageService | quote }} + SCBE-DEFAULT-SERVICE: {{ .Values.ubiquity.spectrumConnect.backendConfig.DefaultStorageService | quote }} # The size for a new volume if not specified by the user when creating a new volume. Optional parameter with default value set at 1GB. - DEFAULT-VOLUME-SIZE: {{ .Values.spectrumConnect.backendConfig.newVolumeDefaults.size | quote }} + DEFAULT-VOLUME-SIZE: {{ .Values.ubiquity.spectrumConnect.backendConfig.newVolumeDefaults.size | quote }} # A prefix for any new volume created on the storage system. Default value is None. - UBIQUITY-INSTANCE-NAME: {{ .Values.spectrumConnect.backendConfig.instanceName | quote }} + UBIQUITY-INSTANCE-NAME: {{ .Values.ubiquity.spectrumConnect.backendConfig.instanceName | quote }} # File system type. Optional parameter with two allowed values: ext4 or xfs. Default value is ext4. - DEFAULT-FSTYPE: {{ .Values.spectrumConnect.backendConfig.newVolumeDefaults.fsType | quote }} + DEFAULT-FSTYPE: {{ .Values.ubiquity.spectrumConnect.backendConfig.newVolumeDefaults.fsType | quote }} # Default Ubiquity Backend DEFAULT-BACKEND: scbe - - # DB pv name. - IBM-UBIQUITY-DB-PV-NAME: {{ .Values.spectrumConnect.backendConfig.dbPvConfig.ubiquityDbPvName | quote }} {{- end }} -{{- if .Values.spectrumScale }} +{{- if .Values.ubiquity.spectrumScale }} # IP or FQDN of Spectrum Scale Management API server(GUI). - SPECTRUMSCALE-MANAGEMENT-IP: {{ .Values.spectrumScale.connectionInfo.fqdn | quote }} + SPECTRUMSCALE-MANAGEMENT-IP: {{ .Values.ubiquity.spectrumScale.connectionInfo.fqdn | quote }} # Communication port of Spectrum Scale Management API server(GUI). - SPECTRUMSCALE-MANAGEMENT-PORT: {{ .Values.spectrumScale.connectionInfo.port | quote }} + SPECTRUMSCALE-MANAGEMENT-PORT: {{ .Values.ubiquity.spectrumScale.connectionInfo.port | quote }} # Default Filesystem for creating pvc - SPECTRUMSCALE-DEFAULT-FILESYSTEM-NAME: {{ .Values.spectrumScale.backendConfig.defaultFilesystemName | quote }} + SPECTRUMSCALE-DEFAULT-FILESYSTEM-NAME: {{ .Values.ubiquity.spectrumScale.backendConfig.defaultFilesystemName | quote }} # Default Ubiquity Backend DEFAULT-BACKEND: spectrum-scale +{{- end }} # DB pv name. - IBM-UBIQUITY-DB-PV-NAME: {{ .Values.spectrumScale.backendConfig.dbPvConfig.ubiquityDbPvName | quote }} -{{- end }} + IBM-UBIQUITY-DB-PV-NAME: {{ .Values.ubiquityDb.persistence.pvName | quote }} # The following keys are used by ubiquity, ubiquity-k8s-provisioner deployments, And ubiquity-k8s-flex daemon-set # ---------------------------------------------------------------------------------------------------------------------------- # Flex log path. Allow to configure it, just make sure the the new path exist on all the minons and update the hostpath in the Flex daemonset - FLEX-LOG-DIR: {{ .Values.genericConfig.logging.flexLogDir | quote }} + FLEX-LOG-DIR: {{ .Values.ubiquityK8sFlex.flexLogDir | quote }} # Maxlog size(MB) for rotate FLEX-LOG-ROTATE-MAXSIZE: "50" # Log level. Allowed values: debug, info, error. - LOG-LEVEL: {{ .Values.genericConfig.logging.logLevel | quote }} + LOG-LEVEL: {{ .Values.globalConfig.logLevel | quote }} # The following keys are used by the ubiquity-k8s-flex daemonset # -------------------------------------------------------------- # The IP address of the ubiquity service object. The ubiquity_installer.sh automatically updates this field during the initial installation. # The user must update this key manually if the ubiqutiy service object IP was changed. - UBIQUITY-IP-ADDRESS: {{ .Values.genericConfig.ubiquityIpAddress | quote }} # TODO this should be automatically set by post hook script(different PR) + UBIQUITY-IP-ADDRESS: {{ .Values.ubiquityK8sFlex.ubiquityIpAddress | quote }} # TODO this should be automatically set by post hook script(different PR) # SSL verification mode. Allowed values: require (no validation is required) and verify-full (user-provided certificates). - SSL-MODE: {{ .Values.genericConfig.connectionInfo.sslMode | quote }} + SSL-MODE: {{ .Values.globalConfig.sslMode | quote }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-credentials-secret.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-credentials-secret.yml index ce8b7239e..415beaa55 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-credentials-secret.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-credentials-secret.yml @@ -11,10 +11,10 @@ metadata: type: Opaque data: # Base64-encoded username to be set for the ubiquity-db deployment. - username: {{ .Values.genericConfig.ubiquityDbCredentials.username | b64enc | quote }} + username: {{ .Values.ubiquityDb.dbCredentials.username | b64enc | quote }} # Base64-encoded password to be set for the ubiquity-db deployment. - password: {{ .Values.genericConfig.ubiquityDbCredentials.password | b64enc | quote }} + password: {{ .Values.ubiquityDb.dbCredentials.password | b64enc | quote }} # Base64-encoded database name ("dWJpcXVpdHk=" base64 is "ubiquity") to be created for the ubiquity-db deployment. dbname: "dWJpcXVpdHk=" diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml index 64e6bf81b..58b87df14 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml @@ -12,13 +12,18 @@ spec: app: ubiquity-db product: ibm-storage-enabler-for-containers spec: - {{- if .Values.genericConfig.ubiquityDbNodeSelector }} + {{- if .Values.ubiquityDb.nodeSelector }} nodeSelector: -{{ toYaml .Values.ubiquityDbNodeSelector | indent 8}} +{{ toYaml .Values.ubiquityDb.nodeSelector | indent 8}} {{- end }} containers: - name: ubiquity-db - image: {{ .Values.images.ubiquitydb }} + image: "{{ .Values.ubiquityDb.image.repository }}:{{ .Values.ubiquityDb.image.tag }}" + imagePullPolicy: {{ .Values.ubiquityDb.image.pullPolicy }} + {{- with .Values.ubiquityDb.resources }} + resources: +{{ toYaml . | indent 10 }} + {{- end }} ports: - containerPort: 5432 name: ubiq-db-port # no more then 15 chars @@ -45,7 +50,7 @@ spec: - name: ibm-ubiquity-db mountPath: "/var/lib/postgresql/data" subPath: "ibm-ubiquity" -{{- if eq .Values.genericConfig.connectionInfo.sslMode "verify-full" }} +{{- if eq .Values.globalConfig.sslMode "verify-full" }} - name: ubiquity-db-private-certificate mountPath: /var/lib/postgresql/ssl/private/ {{- end }} @@ -54,7 +59,7 @@ spec: - name: ibm-ubiquity-db persistentVolumeClaim: claimName: ibm-ubiquity-db -{{- if (eq .Values.genericConfig.connectionInfo.sslMode "verify-full") }} +{{- if (eq .Values.globalConfig.sslMode "verify-full") }} - name: ubiquity-db-private-certificate secret: secretName: ubiquity-db-private-certificate diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml index ef81f0253..518fc9f6f 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-pvc.yml @@ -4,21 +4,13 @@ metadata: name: "ibm-ubiquity-db" labels: # Ubiquity provisioner will create a PV with dedicated name (by default its ibm-ubiquity-db) - pv-name: {{ if (.Values.spectrumConnect) }} - {{- .Values.spectrumConnect.backendConfig.dbPvConfig.ubiquityDbPvName | quote -}} -{{- else if (.Values.spectrumScale) }} - {{- .Values.spectrumScale.backendConfig.dbPvConfig.ubiquityDbPvName -}} -{{- end }} + pv-name: {{ .Values.ubiquityDb.persistence.pvName | quote }} product: ibm-storage-enabler-for-containers spec: - storageClassName: {{ if (.Values.spectrumConnect) }} - {{- .Values.spectrumConnect.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote -}} -{{- else if (.Values.spectrumScale) }} - {{- .Values.spectrumScale.backendConfig.dbPvConfig.storageClassForDbPv.storageClassName | quote -}} -{{- end }} + storageClassName: {{ .Values.ubiquityDb.persistence.storageClass.storageClassName | quote }} accessModes: - ReadWriteOnce resources: requests: - storage: 20Gi + storage: {{ .Values.ubiquityDb.persistence.pvSize | quote }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml index 85c6ce4af..3979c688e 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-deployment.yml @@ -14,12 +14,17 @@ spec: spec: containers: - name: ubiquity - image: {{ .Values.images.ubiquity }} + image: "{{ .Values.ubiquity.image.repository }}:{{ .Values.ubiquity.image.tag }}" + imagePullPolicy: {{ .Values.ubiquity.image.pullPolicy }} ports: - containerPort: 9999 name: ubiquity-port + {{- with .Values.ubiquity.resources }} + resources: +{{ toYaml . | indent 10 }} + {{- end }} env: -{{- if .Values.spectrumConnect }} +{{- if .Values.ubiquity.spectrumConnect }} ### Spectrum Connect(previously known as SCBE) connectivity parameters: ############################################# - name: SCBE_USERNAME @@ -82,7 +87,7 @@ spec: {{- end }} -{{- if .Values.spectrumScale }} +{{- if .Values.ubiquity.spectrumScale }} ### Ubiquity Spectrum Scale backend parameters: ##################################### @@ -184,7 +189,7 @@ spec: name: ubiquity-configmap key: SSL-MODE -{{- if (eq .Values.genericConfig.connectionInfo.sslMode "verify-full") }} +{{- if (eq .Values.globalConfig.sslMode "verify-full") }} volumeMounts: - name: ubiquity-private-certificate mountPath: /var/lib/ubiquity/ssl/private @@ -210,11 +215,11 @@ spec: items: - key: ubiquity-db-trusted-ca.crt path: ubiquity-db-trusted-ca.crt - {{- if .Values.spectrumConnect }} + {{- if .Values.ubiquity.spectrumConnect }} - key: scbe-trusted-ca.crt path: scbe-trusted-ca.crt {{- end }} - {{- if .Values.spectrumScale }} + {{- if .Values.ubiquity.spectrumScale }} - key: spectrumscale-trusted-ca.crt path: spectrumscale-trusted-ca.crt {{- end }} diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml index 5ef135852..a4c80f666 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-flex-daemonset.yml @@ -15,8 +15,8 @@ spec: product: ibm-storage-enabler-for-containers spec: tolerations: # Create flex Pods also on master nodes (even if there are NoScheduled nodes) - {{- if .Values.genericConfig.flexTolerations }} -{{ toYaml .Values.flexTolerations | indent 6}} + {{- if .Values.ubiquityK8sFlex.tolerations }} +{{ toYaml .Values.ubiquityK8sFlex.tolerations | indent 6}} {{- else }} # Some k8s versions use dedicated key for toleration of the master and some use node-role.kubernetes.io/master key. - key: dedicated @@ -28,7 +28,13 @@ spec: containers: - name: ubiquity-k8s-flex - image: {{ .Values.images.flex }} + image: "{{ .Values.ubiquityK8sFlex.image.repository }}:{{ .Values.ubiquityK8sFlex.image.tag }}" + imagePullPolicy: {{ .Values.ubiquityK8sFlex.image.pullPolicy }} + {{- with .Values.ubiquityK8sFlex.resources }} + resources: +{{ toYaml . | indent 10 }} + {{- end }} + env: - name: UBIQUITY_PORT # Ubiquity port, should point to the ubiquity service port value: "9999" @@ -54,7 +60,7 @@ spec: name: ubiquity-configmap key: LOG-LEVEL -{{- if .Values.spectrumConnect }} +{{- if .Values.ubiquity.spectrumConnect }} - name: UBIQUITY_USERNAME valueFrom: secretKeyRef: @@ -88,8 +94,8 @@ spec: mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - name: flex-log-dir - mountPath: {{ .Values.genericConfig.logging.flexLogDir | quote }} -{{- if (eq .Values.genericConfig.connectionInfo.sslMode "verify-full") }} + mountPath: {{ .Values.ubiquityK8sFlex.flexLogDir | quote }} +{{- if (eq .Values.globalConfig.sslMode "verify-full") }} - name: ubiquity-public-certificates mountPath: /var/lib/ubiquity/ssl/public readOnly: true @@ -101,8 +107,8 @@ spec: - name: flex-log-dir hostPath: - path: {{ .Values.genericConfig.logging.flexLogDir | quote }} # This directory must exist on the host -{{- if (eq .Values.genericConfig.connectionInfo.sslMode "verify-full") }} + path: {{ .Values.ubiquityK8sFlex.flexLogDir | quote }} # This directory must exist on the host +{{- if (eq .Values.globalConfig.sslMode "verify-full") }} - name: ubiquity-public-certificates configMap: name: ubiquity-public-certificates diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml index ed4805cc5..8c09ae04e 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-k8s-provisioner-deployment.yml @@ -15,7 +15,12 @@ spec: serviceAccount: ubiquity-k8s-provisioner # In order to get the server API token from the service account. containers: - name: ubiquity-k8s-provisioner - image: {{ .Values.images.provisioner }} + image: "{{ .Values.ubiquityK8sProvisioner.image.repository }}:{{ .Values.ubiquityK8sProvisioner.image.tag }}" + imagePullPolicy: {{ .Values.ubiquityK8sProvisioner.image.pullPolicy }} + {{- with .Values.ubiquityK8sProvisioner.resources }} + resources: +{{ toYaml . | indent 10 }} + {{- end }} env: - name: UBIQUITY_ADDRESS # Ubiquity hostname, should point to the ubiquity service name value: "ubiquity" @@ -33,7 +38,7 @@ spec: name: ubiquity-configmap key: LOG-LEVEL -{{- if .Values.spectrumConnect }} # TODO consider to check if the secret exist instead +{{- if .Values.ubiquity.spectrumConnect }} # TODO consider to check if the secret exist instead - name: UBIQUITY_USERNAME valueFrom: secretKeyRef: @@ -54,7 +59,7 @@ spec: key: SSL-MODE -{{- if (eq .Values.genericConfig.connectionInfo.sslMode "verify-full") }} +{{- if (eq .Values.globalConfig.sslMode "verify-full") }} volumeMounts: - name: ubiquity-public-certificates mountPath: /var/lib/ubiquity/ssl/public diff --git a/helm_chart/ibm_storage_enabler_for_containers/values.yaml b/helm_chart/ibm_storage_enabler_for_containers/values.yaml index 0047d2f03..c6493f8ad 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/values.yaml +++ b/helm_chart/ibm_storage_enabler_for_containers/values.yaml @@ -1,105 +1,132 @@ -# ---------------------------------------------------- -# Helm chart to install IBM storage Enabler for Containers. -# ---------------------------------------------------- - -images: - ubiquity: ibmcom/ibm-storage-enabler-for-containers:2.0.0 - ubiquitydb: ibmcom/ibm-storage-enabler-for-containers-db:2.0.0 - provisioner: ibmcom/ibm-storage-dynamic-provisioner-for-kubernetes:2.0.0 - flex: ibmcom/ibm-storage-flex-volume-for-kubernetes:2.0.0 - -## IBM Storage Enabler for Containers supports one of the following backend types: spectrumConnect OR spectrumScale. -## Select a backend that you intend to use and comment out the other backend section. -spectrumConnect: - connectionInfo: - ## IP\FQDN and port of Spectrum Connect server. - fqdn: - port: - - ## Username and password defined for IBM Storage Enabler for Containers interface in Spectrum Connect. - username: - password: - - backendConfig: - # A prefix for any new volume created on the storage system. - instanceName: - # Default Spectrum Connect storage service to be used, if not specified by the storage class. - DefaultStorageService: - - newVolumeDefaults: - # The fstype of a new volume if not specified by the user in the storage class. - # File system type. Allowed values: ext4 or xfs. - fsType: ext4 - # The default volume size (in GB) if not specified by the user when creating a new volume. - size: 1 - - dbPvConfig: - # Ubiquity database PV name. For Spectrum Virtualize and Spectrum Accelerate, use default value "ibm-ubiquity-db". - # For DS8000 Family, use "ibmdb" instead and make sure UBIQUITY_INSTANCE_NAME_VALUE value length does not exceed 8 chars. - ubiquityDbPvName: ibm-ubiquity-db - - storageClassForDbPv: - # Parameters to create the first Storage Class that also be used by ubiquity for ibm-ubiquity-db PVC. - # Note: The reclaimPolicy by default is Delete. One can change it manually if needed. - storageClassName: - - ## Set StorageClass as the default StorageClass. Ignored if storageClass.create is false - defaultClass: false - - params: - # Storage Class profile parameter should point to the Spectrum Connect storage service name - spectrumConnectServiceName: - # Storage Class file-system type, Allowed values: ext4 or xfs. - fsType: ext4 - -## IBM storage Enabler for Containers supports two backend types: spectrumConnect OR spectrumScale. -## Please choose below only one backend and comment-out the other backend section. -#spectrumScale: -# connectionInfo: -# # IP\FQDN and port of Spectrum Scale Rest Management API server. -# fqdn: -# port: +# --------------------------------------------------------- +# Helm chart to install IBM Storage Enabler for Containers. +# Enables IBM Storage with Kubernetes by implementing Kubernetes Dynamic Provisioner and FlexVolume. # -# # Username and password defined for IBM Storage Enabler for Containers interface in Spectrum Scale. -# username: -# password: -# -# backendConfig: -# # Default Spectrum Scale Filesystem to be Used -# defaultFilesystemName: -# -# dbPvConfig: -# ubiquityDbPvName: ibm-ubiquity-db -# -# storageClassForDbPv: -# # Parameters to create the first Storage Class that also be used by ubiquity for ibm-ubiquity-db PVC. -# # Note: The reclaimPolicy by default is Delete. One can change it manually if needed. -# storageClassName: -# -# ## Set StorageClass as the default StorageClass. Ignored if storageClass.create is false -# defaultClass: false +# IBM Storage Enabler for Containers includes the following main images: +# - deployment/ubiquity : A mediator between IBM Storage and k8s FlexVolume \ Dynamic Provisioner. +# - deployment/ubiquity-db : Stores meta-data for the dynamic provisioned volumes. +# - deamonset/ubiquity-k8s-flex : Implements k8s FlexVolume driver. +# - deployment/ubiquity-k8s-provisioner : Implements k8s Dynamic Provisioner +# --------------------------------------------------------- + +ubiquity: + image: + repository: ibmcom/ibm-storage-enabler-for-containers + tag: "2.0.0" + pullPolicy: IfNotPresent + resources: {} + + ## IBM Storage Enabler for Containers supports one of the following backend types: spectrumConnect OR spectrumScale. + ## Select a backend that you intend to use and comment out the other backend section. + spectrumConnect: + connectionInfo: + ## IP\FQDN and port of Spectrum Connect server. + fqdn: + port: 8440 + ## Username and password defined for IBM Storage Enabler for Containers interface in Spectrum Connect. + username: + password: + + backendConfig: + # A prefix for any new volume created on the storage system. + instanceName: + # Default Spectrum Connect storage service to be used, if not specified by the storage class. + defaultStorageService: + newVolumeDefaults: + # The fstype of a new volume if not specified by the user in the storage class. + # File system type. Allowed values: ext4 or xfs. + fsType: ext4 + # The default volume size (in GB) if not specified by the user when creating a new volume. + size: 1 + + ## IBM Storage Enabler for Containers supports one of the following backend types: spectrumConnect OR spectrumScale. + ## Select a backend that you intend to use and comment out the other backend section. + #spectrumScale: + # connectionInfo: + # # IP\FQDN and port of Spectrum Scale RESTful API server. + # fqdn: + # port: 443 + # # Username and password defined for IBM Storage Enabler for Containers interface in Spectrum Scale. + # username: + # password: + # + # backendConfig: + # # Default Spectrum Scale filesystem to be used. + # defaultFilesystemName: + + +ubiquityDb: + image: + repository: ibmcom/ibm-storage-enabler-for-containers-db + tag: "2.0.0" + pullPolicy: IfNotPresent + resources: {} + nodeSelector: {} + dbCredentials: + # Username and password for the deployment of ubiquity-db database. Note: Do not use the "postgres" username, because it already exists. + username: ubiquity + password: ubiquity + + # The Helm installation has automatic boot strap of the ubiquity-db volume (PVC named ibm-ubiquity-db). + # The boot strap creates a storage class (see details below) and the PVC. + persistence: + # Ubiquity database PV name. For Spectrum Virtualize, Spectrum Accelerate and Spectrum Scale, use default value "ibm-ubiquity-db". + # For DS8000 Family, use "ibmdb" instead and make sure UBIQUITY_INSTANCE_NAME_VALUE value length does not exceed 8 chars. + pvName: ibm-ubiquity-db + pvSize: 20Gi + + storageClass: + # Parameters to create the first storage class that is also to be used by Ubiquity for ibm-ubiquity-db PVC. + # Note: The default reclaimPolicy is Delete. Can be changed manually if needed. + storageClassName: + + ## Set StorageClass as the default StorageClass. Ignored if storageClass.create is false. + defaultClass: false + + ## If ubiquity.spectrumConnect is set, the following parameters must be set as well. + spectrumConnect: + # Storage Class profile parameter must point to the Spectrum Connect storage service name. + spectrumConnectServiceName: + # Storage Class filesystem type. Allowed values: ext4 or xfs. + fsType: ext4 + + ## If ubiquity.spectrumScale is set, the following parameters must be set as well. + #spectrumScale: + # fileset-type: "dependent" #The value of 'fileset-type' parameter must be set to 'dependent'. + + +ubiquityK8sFlex: + image: + repository: ibmcom/ibm-storage-flex-volume-for-kubernetes + tag: "2.0.0" + pullPolicy: IfNotPresent + resources: {} + + ## By default, the toleration is set to run the Flex DeamonSet on all worker and master nodes. To define a different toleration, uncomment and apply the relevant toleration value. + #tolerations: {} + + ## Flex log directory. If the default value is changed, make sure that the new path exists on all the nodes and update the Flex DaemonSet hostpath accordingly. + flexLogDir: /var/log + ## The IP address of the ubiquity service object. + ## Update this key manually if the ubiquity service object IP was changed. + ubiquityIpAddress: +ubiquityK8sProvisioner: + ## RBAC and service account are set automatically for the Provisioner. + image: + repository: ibmcom/ibm-storage-dynamic-provisioner-for-kubernetes + tag: "2.0.0" + pullPolicy: IfNotPresent + resources: {} -genericConfig: - connectionInfo: - # SSL verification mode. Allowed values: require (no validation is required) and verify-full (user-provided certificates). SSL mode is for all communications between [flex||provisioner]<->ubiquity<->[SpectrumConnect||SpectrumScale]. - sslMode: require - # The IP address of the ubiquity service object. - # The user must update this key manually if the ubiqutiy service object IP was changed. - ubiquityIpAddress: +globalConfig: + # Log level. Allowed values: debug, info, error. + logLevel: info - logging: - # Log level. Allowed values: debug, info, error. - logLevel: info - # Flex log directory. If you change the default, then make the new path exist on all the nodes and update the Flex daemonset hostpath according. - flexLogDir: /var/log + # SSL verification mode. Allowed values: require (no validation is required) and verify-full (user-provided certificates). + # SSL mode is set for all communication paths between [flex||provisioner]<->ubiquity<->[SpectrumConnect||SpectrumScale]. + sslMode: require - ubiquityDbCredentials: - # Username and password for the deployment of ubiquity-db database. Note : Do not use the "postgres" username, because it already exists. - username: - password: - ## Optional: to set the node selector of the ubiqutiy-db deployment - #ubiquityDbNodeSelector: From 3f5540b09a1fa53d3764c6b5dd993ecd62eb8801 Mon Sep 17 00:00:00 2001 From: shay-berman Date: Wed, 5 Dec 2018 13:41:21 +0200 Subject: [PATCH 37/47] UB-1564: updated notices file (#260) * UB-1564: updated notices file --- glide.yaml | 2 +- ...ile_for_ibm_storage_enabler_for_containers | 3564 ++++++----------- 2 files changed, 1124 insertions(+), 2442 deletions(-) diff --git a/glide.yaml b/glide.yaml index e1b791bcd..5568bb5ef 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: f37a22295ddae4d31e70209177df993e9d81fc5a + version: aeb18c1099c1da385698f4ae40c385734ab472eb subpackages: - remote - resources diff --git a/scripts/notices_file_for_ibm_storage_enabler_for_containers b/scripts/notices_file_for_ibm_storage_enabler_for_containers index 34f4deb9f..cb2edee0d 100644 --- a/scripts/notices_file_for_ibm_storage_enabler_for_containers +++ b/scripts/notices_file_for_ibm_storage_enabler_for_containers @@ -4,10 +4,11 @@ Additional Software License Agreements and Notices This file details additional Software License Agreements and third party notices and information that are required to be reproduced for the following programs: -IBM Storage Enabler for Containers 1.2 -IBM Storage Kubernetes FlexVolume 1.2 -IBM Storage Kubernetes Dynamic Provisioner 1.2 - + +IBM Storage Enabler for Containers Version 2.0 +IBM Storage Kubernetes FlexVolume Version 2.0 +IBM Storage Kubernetes Dynamic Provisioner Version 2.0 +IBM Storage Enabler for Containers DB Version 2.0 =========================================================================== Section 1 - TERMS AND CONDITIONS FOR SEPARATELY LICENSED CODE @@ -23,144 +24,155 @@ section and not the terms of the license agreement for the Program. The following are Separately Licensed Code: -alpine-baselayout version 3.0.5 -apk-tools version 2.8.2 +alpine-baselayout version 3.1.0 +apk-tools version 2.10.1 +busybox version 1.28.4 CA-certificates 20171114 -busybox version 1.27.2 kubernetes incubator-external-storage commit level 92295a3 -kubernetes version 1.9.2 -libc-utils version 0.9.33.2 -pax-utils version 1.2.2 -ratelimit commit level 5b9ff86 -yaml.v2 commit level 53feefa +kubernetes version 1.9.2 +libressl version 2.7.4 +musl-utils version 1.1.19 +ratelimit commit level 5b9ff86 +scanelf version 1.2.3 +ssl_client version 1.28.4 +yaml.v2 commit level 53feefa @@@@@@@@@@@@ =========================================================================== -GNU LIBRARY GENERAL PUBLIC LICENSE VERSION 2 - -This Program includes some or all of the following Modifiable Third -Party Code that IBM obtained under the GNU Lesser General Public License -Version 2.1 +GNU LESSER GENERAL PUBLIC LICENSE VERSION 2.1: THE FOLLOWING TERMS AND +CONDITIONS APPLY to the listed components below which are licensed under +the GNU LESSER GENERAL PUBLIC LICENSE VERSION 2.1: - -Portions of libc-utils version 0.9.33.2 +Portions of Busybox version 1.28.4 --------------------------------------------------------------------------- -START of GNU Library GPL version 2 License +Start of GNU LGPL Version 2.1 License --------------------------------------------------------------------------- - GNU LIBRARY GENERAL PUBLIC LICENSE - Version 2, June 1991 + GNU LESSER GENERAL PUBLIC LICENSE + Version 2.1, February 1999 - Copyright (C) 1991 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + Copyright (C) 1991, 1999 Free Software Foundation, Inc. + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. -[This is the first released version of the library GPL. It is - numbered 2 because it goes with version 2 of the ordinary GPL.] +[This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.] - Preamble + Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. - This license, the Library General Public License, applies to some -specially designated Free Software Foundation software, and to any -other libraries whose authors decide to use it. You can use it for -your libraries, too. + This license, the Lesser General Public License, applies to some +specially designated software packages--typically libraries--of the +Free Software Foundation and other authors who decide to use it. You +can use it too, but we suggest you first think carefully about whether +this license or the ordinary General Public License is the better +strategy to use in any particular case, based on the explanations below. - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. + When we speak of free software, we are referring to freedom of use, +not price. Our General Public Licenses are designed to make sure that +you have the freedom to distribute copies of free software (and charge +for this service if you wish); that you receive source code or can get +it if you want it; that you can change the software and use pieces of +it in new free programs; and that you are informed that you can do +these things. To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if -you distribute copies of the library, or if you modify it. +distributors to deny you these rights or to ask you to surrender these +rights. These restrictions translate to certain responsibilities for +you if you distribute copies of the library or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source -code. If you link a program with the library, you must provide -complete object files to the recipients so that they can relink them -with the library, after making changes to the library and recompiling +code. If you link other code with the library, you must provide +complete object files to the recipients, so that they can relink them +with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. - Our method of protecting your rights has two steps: (1) copyright -the library, and (2) offer you this license which gives you legal + We protect your rights with a two-step method: (1) we copyright the +library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. - Also, for each distributor's protection, we want to make certain -that everyone understands that there is no warranty for this free -library. If the library is modified by someone else and passed on, we -want its recipients to know that what they have is not the original -version, so that any problems introduced by others will not reflect on -the original authors' reputations. + To protect each distributor, we want to make it very clear that +there is no warranty for the free library. Also, if the library is +modified by someone else and passed on, the recipients should know +that what they have is not the original version, so that the original +author's reputation will not be affected by problems that might be +introduced by others. - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that companies distributing free -software will individually obtain patent licenses, thus in effect -transforming the program into proprietary software. To prevent this, -we have made it clear that any patent must be licensed for everyone's -free use or not licensed at all. - - Most GNU software, including some libraries, is covered by the ordinary -GNU General Public License, which was designed for utility programs. This -license, the GNU Library General Public License, applies to certain -designated libraries. This license is quite different from the ordinary -one; be sure to read it in full, and don't assume that anything in it is -the same as in the ordinary license. - - The reason we have a separate public license for some libraries is that -they blur the distinction we usually make between modifying or adding to a -program and simply using it. Linking a program with a library, without -changing the library, is in some sense simply using the library, and is -analogous to running a utility program or application program. However, in -a textual and legal sense, the linked executable is a combined work, a -derivative of the original library, and the ordinary General Public License -treats it as such. - - Because of this blurred distinction, using the ordinary General -Public License for libraries did not effectively promote software -sharing, because most developers did not use the libraries. We -concluded that weaker conditions might promote sharing better. - - However, unrestricted linking of non-free programs would deprive the -users of those programs of all benefit from the free status of the -libraries themselves. This Library General Public License is intended to -permit developers of non-free programs to use free libraries, while -preserving your freedom as a user of such programs to change the free -libraries that are incorporated in them. (We have not seen how to achieve -this as regards changes in header files, but we have achieved it as regards -changes in the actual functions of the Library.) The hope is that this -will lead to faster development of free libraries. + Finally, software patents pose a constant threat to the existence of +any free program. We wish to make sure that a company cannot +effectively restrict the users of a free program by obtaining a +restrictive license from a patent holder. Therefore, we insist that +any patent license obtained for a version of the library must be +consistent with the full freedom of use specified in this license. + + Most GNU software, including some libraries, is covered by the +ordinary GNU General Public License. This license, the GNU Lesser +General Public License, applies to certain designated libraries, and +is quite different from the ordinary General Public License. We use +this license for certain libraries in order to permit linking those +libraries into non-free programs. + + When a program is linked with a library, whether statically or using +a shared library, the combination of the two is legally speaking a +combined work, a derivative of the original library. The ordinary +General Public License therefore permits such linking only if the +entire combination fits its criteria of freedom. The Lesser General +Public License permits more lax criteria for linking other code with +the library. + + We call this license the "Lesser" General Public License because it +does Less to protect the user's freedom than the ordinary General +Public License. It also provides other free software developers Less +of an advantage over competing non-free programs. These disadvantages +are the reason we use the ordinary General Public License for many +libraries. However, the Lesser license provides advantages in certain +special circumstances. + + For example, on rare occasions, there may be a special need to +encourage the widest possible use of a certain library, so that it becomes +a de-facto standard. To achieve this, non-free programs must be +allowed to use the library. A more frequent case is that a free +library does the same job as widely used non-free libraries. In this +case, there is little to gain by limiting the free library to free +software only, so we use the Lesser General Public License. + + In other cases, permission to use a particular library in non-free +programs enables a greater number of people to use a large body of +free software. For example, permission to use the GNU C Library in +non-free programs enables many more people to use the whole GNU +operating system, as well as its variant, the GNU/Linux operating +system. + + Although the Lesser General Public License is Less protective of the +users' freedom, it does ensure that the user of a program that is +linked with the Library has the freedom and the wherewithal to run +that program using a modified version of the Library. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The -former contains code derived from the library, while the latter only -works together with the library. - - Note that it is possible for a library to be covered by the ordinary -General Public License rather than by this special one. - +former contains code derived from the library, whereas the latter must +be combined with the library in order to run. - GNU LIBRARY GENERAL PUBLIC LICENSE + GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - 0. This License Agreement applies to any software library which -contains a notice placed by the copyright holder or other authorized -party saying it may be distributed under the terms of this Library -General Public License (also called "this License"). Each licensee is -addressed as "you". + 0. This License Agreement applies to any software library or other +program which contains a notice placed by the copyright holder or +other authorized party saying it may be distributed under the terms of +this Lesser General Public License (also called "this License"). +Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs @@ -200,7 +212,6 @@ Library. and you may at your option offer warranty protection in exchange for a fee. - 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 @@ -259,7 +270,6 @@ ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. - Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. @@ -311,8 +321,7 @@ distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. - - 6. As an exception to the Sections above, you may also compile or + 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit @@ -339,23 +348,31 @@ of these things: Library will not necessarily be able to recompile the application to use the modified definitions.) - b) Accompany the work with a written offer, valid for at + b) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a + copy of the library already present on the user's computer system, + rather than copying library functions into the executable, and (2) + will operate properly with a modified version of the library, if + the user installs one, as long as the modified version is + interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. - c) If distribution of the work is made by offering access to copy + d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. - d) Verify that the user has already received a copy of these + e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, -the source code distributed need not include anything that is normally -distributed (in either source or binary form) with the major +the materials to be distributed need not include anything that is +normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. @@ -404,10 +421,9 @@ Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to +You are not responsible for enforcing compliance by third parties with this License. - 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or @@ -448,7 +464,7 @@ excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new -versions of the Library General Public License from time to time. +versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. @@ -469,7 +485,7 @@ decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. - NO WARRANTY + NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. @@ -492,10 +508,9 @@ FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - END OF TERMS AND CONDITIONS - + END OF TERMS AND CONDITIONS - Appendix: How to Apply These Terms to Your New Libraries + How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that @@ -512,19 +527,19 @@ convey the exclusion of warranty; and each file should have at least the Copyright (C) This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public + modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. + Lesser General Public License for more details. - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free - Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - MA 02110-1301, USA + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. @@ -533,1953 +548,95 @@ school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the - library `Frob' (a library for tweaking knobs) written by James Random Hacker. + library `Frob' (a library for tweaking knobs) written + by James Random Hacker. , 1 April 1990 Ty Coon, President of Vice That's all there is to it! + + --------------------------------------------------------------------------- -END of GNU Library GPL version 2 License +END of GNU LGPL Version 2.1 License --------------------------------------------------------------------------- @@@@@@@@@@@@ =========================================================================== -GNU LESSER GENERAL PUBLIC LICENSE VERSION 2.1 +GNU LESSER GENERAL PUBLIC LICENSE VERSION 3.0: THE FOLLOWING TERMS AND +CONDITIONS APPLY to the listed components below which are licensed under +the GNU LESSER GENERAL PUBLIC LICENSE VERSION 3.0: -This Program includes some or all of the following Modifiable Third -Party Code that IBM obtained under the GNU Lesser General Public License -Version 2.1 - -Portions of Busybox version 1.27.2 -libc-utils version 0.9.33.2 -Portions of pax-utils version 1.2.2 +Portions of kubernetes version 1.9.2 +Portions of kubernetes incubator-external-storage commit level 92295a3 +ratelimit commit level 5b9ff86 +Portions of yaml.v2 commit level 53feefa ---------------------------------------------------------------------------- -Start of GNU LGPL Version 2.1 License --------------------------------------------------------------------------- - GNU LESSER GENERAL PUBLIC LICENSE - Version 2.1, February 1999 +As a special exception to the GNU Lesser General Public License version 3 +("LGPL3"), the copyright holders of this Library give you permission to +convey to a third party a Combined Work that links statically or dynamically +to this Library without providing any Minimal Corresponding Source or +Minimal Application Code as set out in 4d or providing the installation +information set out in section 4e, provided that you comply with the other +provisions of LGPL3 and provided that you meet, for the Application the +terms and conditions of the license(s) which apply to the Application. - Copyright (C) 1991, 1999 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +Except as stated in this special exception, the provisions of LGPL3 will +continue to comply in full to this Library. If you modify this Library, you +may apply this exception to your version of this Library, but you are not +obliged to do so. If you do not wish to do so, delete this exception +statement from your version. This exception does not (and cannot) modify any +license terms which apply to the Application, with which you must still +comply. + + + GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. -[This is the first released version of the Lesser GPL. It also counts - as the successor of the GNU Library Public License, version 2, hence - the version number 2.1.] - Preamble + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -Licenses are intended to guarantee your freedom to share and change -free software--to make sure the software is free for all its users. + 0. Additional Definitions. - This license, the Lesser General Public License, applies to some -specially designated software packages--typically libraries--of the -Free Software Foundation and other authors who decide to use it. You -can use it too, but we suggest you first think carefully about whether -this license or the ordinary General Public License is the better -strategy to use in any particular case, based on the explanations below. + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. - When we speak of free software, we are referring to freedom of use, -not price. Our General Public Licenses are designed to make sure that -you have the freedom to distribute copies of free software (and charge -for this service if you wish); that you receive source code or can get -it if you want it; that you can change the software and use pieces of -it in new free programs; and that you are informed that you can do -these things. + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. - To protect your rights, we need to make restrictions that forbid -distributors to deny you these rights or to ask you to surrender these -rights. These restrictions translate to certain responsibilities for -you if you distribute copies of the library or if you modify it. + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. - For example, if you distribute copies of the library, whether gratis -or for a fee, you must give the recipients all the rights that we gave -you. You must make sure that they, too, receive or can get the source -code. If you link other code with the library, you must provide -complete object files to the recipients, so that they can relink them -with the library after making changes to the library and recompiling -it. And you must show them these terms so they know their rights. + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". - We protect your rights with a two-step method: (1) we copyright the -library, and (2) we offer you this license, which gives you legal -permission to copy, distribute and/or modify the library. + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. - To protect each distributor, we want to make it very clear that -there is no warranty for the free library. Also, if the library is -modified by someone else and passed on, the recipients should know -that what they have is not the original version, so that the original -author's reputation will not be affected by problems that might be -introduced by others. + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. - Finally, software patents pose a constant threat to the existence of -any free program. We wish to make sure that a company cannot -effectively restrict the users of a free program by obtaining a -restrictive license from a patent holder. Therefore, we insist that -any patent license obtained for a version of the library must be -consistent with the full freedom of use specified in this license. - - Most GNU software, including some libraries, is covered by the -ordinary GNU General Public License. This license, the GNU Lesser -General Public License, applies to certain designated libraries, and -is quite different from the ordinary General Public License. We use -this license for certain libraries in order to permit linking those -libraries into non-free programs. - - When a program is linked with a library, whether statically or using -a shared library, the combination of the two is legally speaking a -combined work, a derivative of the original library. The ordinary -General Public License therefore permits such linking only if the -entire combination fits its criteria of freedom. The Lesser General -Public License permits more lax criteria for linking other code with -the library. - - We call this license the "Lesser" General Public License because it -does Less to protect the user's freedom than the ordinary General -Public License. It also provides other free software developers Less -of an advantage over competing non-free programs. These disadvantages -are the reason we use the ordinary General Public License for many -libraries. However, the Lesser license provides advantages in certain -special circumstances. - - For example, on rare occasions, there may be a special need to -encourage the widest possible use of a certain library, so that it becomes -a de-facto standard. To achieve this, non-free programs must be -allowed to use the library. A more frequent case is that a free -library does the same job as widely used non-free libraries. In this -case, there is little to gain by limiting the free library to free -software only, so we use the Lesser General Public License. - - In other cases, permission to use a particular library in non-free -programs enables a greater number of people to use a large body of -free software. For example, permission to use the GNU C Library in -non-free programs enables many more people to use the whole GNU -operating system, as well as its variant, the GNU/Linux operating -system. - - Although the Lesser General Public License is Less protective of the -users' freedom, it does ensure that the user of a program that is -linked with the Library has the freedom and the wherewithal to run -that program using a modified version of the Library. - - The precise terms and conditions for copying, distribution and -modification follow. Pay close attention to the difference between a -"work based on the library" and a "work that uses the library". The -former contains code derived from the library, whereas the latter must -be combined with the library in order to run. - - GNU LESSER GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License Agreement applies to any software library or other -program which contains a notice placed by the copyright holder or -other authorized party saying it may be distributed under the terms of -this Lesser General Public License (also called "this License"). -Each licensee is addressed as "you". - - A "library" means a collection of software functions and/or data -prepared so as to be conveniently linked with application programs -(which use some of those functions and data) to form executables. - - The "Library", below, refers to any such software library or work -which has been distributed under these terms. A "work based on the -Library" means either the Library or any derivative work under -copyright law: that is to say, a work containing the Library or a -portion of it, either verbatim or with modifications and/or translated -straightforwardly into another language. (Hereinafter, translation is -included without limitation in the term "modification".) - - "Source code" for a work means the preferred form of the work for -making modifications to it. For a library, complete source code means -all the source code for all modules it contains, plus any associated -interface definition files, plus the scripts used to control compilation -and installation of the library. - - Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running a program using the Library is not restricted, and output from -such a program is covered only if its contents constitute a work based -on the Library (independent of the use of the Library in a tool for -writing it). Whether that is true depends on what the Library does -and what the program that uses the Library does. - - 1. You may copy and distribute verbatim copies of the Library's -complete source code as you receive it, in any medium, provided that -you conspicuously and appropriately publish on each copy an -appropriate copyright notice and disclaimer of warranty; keep intact -all the notices that refer to this License and to the absence of any -warranty; and distribute a copy of this License along with the -Library. - - You may charge a fee for the physical act of transferring a copy, -and you may at your option offer warranty protection in exchange for a -fee. - - 2. You may modify your copy or copies of the Library or any portion -of it, thus forming a work based on the Library, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) The modified work must itself be a software library. - - b) You must cause the files modified to carry prominent notices - stating that you changed the files and the date of any change. - - c) You must cause the whole of the work to be licensed at no - charge to all third parties under the terms of this License. - - d) If a facility in the modified Library refers to a function or a - table of data to be supplied by an application program that uses - the facility, other than as an argument passed when the facility - is invoked, then you must make a good faith effort to ensure that, - in the event an application does not supply such function or - table, the facility still operates, and performs whatever part of - its purpose remains meaningful. - - (For example, a function in a library to compute square roots has - a purpose that is entirely well-defined independent of the - application. Therefore, Subsection 2d requires that any - application-supplied function or table used by this function must - be optional: if the application does not supply it, the square - root function must still compute square roots.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Library, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Library, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote -it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Library. - -In addition, mere aggregation of another work not based on the Library -with the Library (or with a work based on the Library) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may opt to apply the terms of the ordinary GNU General Public -License instead of this License to a given copy of the Library. To do -this, you must alter all the notices that refer to this License, so -that they refer to the ordinary GNU General Public License, version 2, -instead of to this License. (If a newer version than version 2 of the -ordinary GNU General Public License has appeared, then you can specify -that version instead if you wish.) Do not make any other change in -these notices. - - Once this change is made in a given copy, it is irreversible for -that copy, so the ordinary GNU General Public License applies to all -subsequent copies and derivative works made from that copy. - - This option is useful when you wish to copy part of the code of -the Library into a program that is not a library. - - 4. You may copy and distribute the Library (or a portion or -derivative of it, under Section 2) in object code or executable form -under the terms of Sections 1 and 2 above provided that you accompany -it with the complete corresponding machine-readable source code, which -must be distributed under the terms of Sections 1 and 2 above on a -medium customarily used for software interchange. - - If distribution of object code is made by offering access to copy -from a designated place, then offering equivalent access to copy the -source code from the same place satisfies the requirement to -distribute the source code, even though third parties are not -compelled to copy the source along with the object code. - - 5. A program that contains no derivative of any portion of the -Library, but is designed to work with the Library by being compiled or -linked with it, is called a "work that uses the Library". Such a -work, in isolation, is not a derivative work of the Library, and -therefore falls outside the scope of this License. - - However, linking a "work that uses the Library" with the Library -creates an executable that is a derivative of the Library (because it -contains portions of the Library), rather than a "work that uses the -library". The executable is therefore covered by this License. -Section 6 states terms for distribution of such executables. - - When a "work that uses the Library" uses material from a header file -that is part of the Library, the object code for the work may be a -derivative work of the Library even though the source code is not. -Whether this is true is especially significant if the work can be -linked without the Library, or if the work is itself a library. The -threshold for this to be true is not precisely defined by law. - - If such an object file uses only numerical parameters, data -structure layouts and accessors, and small macros and small inline -functions (ten lines or less in length), then the use of the object -file is unrestricted, regardless of whether it is legally a derivative -work. (Executables containing this object code plus portions of the -Library will still fall under Section 6.) - - Otherwise, if the work is a derivative of the Library, you may -distribute the object code for the work under the terms of Section 6. -Any executables containing that work also fall under Section 6, -whether or not they are linked directly with the Library itself. - - 6. As an exception to the Sections above, you may also combine or -link a "work that uses the Library" with the Library to produce a -work containing portions of the Library, and distribute that work -under terms of your choice, provided that the terms permit -modification of the work for the customer's own use and reverse -engineering for debugging such modifications. - - You must give prominent notice with each copy of the work that the -Library is used in it and that the Library and its use are covered by -this License. You must supply a copy of this License. If the work -during execution displays copyright notices, you must include the -copyright notice for the Library among them, as well as a reference -directing the user to the copy of this License. Also, you must do one -of these things: - - a) Accompany the work with the complete corresponding - machine-readable source code for the Library including whatever - changes were used in the work (which must be distributed under - Sections 1 and 2 above); and, if the work is an executable linked - with the Library, with the complete machine-readable "work that - uses the Library", as object code and/or source code, so that the - user can modify the Library and then relink to produce a modified - executable containing the modified Library. (It is understood - that the user who changes the contents of definitions files in the - Library will not necessarily be able to recompile the application - to use the modified definitions.) - - b) Use a suitable shared library mechanism for linking with the - Library. A suitable mechanism is one that (1) uses at run time a - copy of the library already present on the user's computer system, - rather than copying library functions into the executable, and (2) - will operate properly with a modified version of the library, if - the user installs one, as long as the modified version is - interface-compatible with the version that the work was made with. - - c) Accompany the work with a written offer, valid for at - least three years, to give the same user the materials - specified in Subsection 6a, above, for a charge no more - than the cost of performing this distribution. - - d) If distribution of the work is made by offering access to copy - from a designated place, offer equivalent access to copy the above - specified materials from the same place. - - e) Verify that the user has already received a copy of these - materials or that you have already sent this user a copy. - - For an executable, the required form of the "work that uses the -Library" must include any data and utility programs needed for -reproducing the executable from it. However, as a special exception, -the materials to be distributed need not include anything that is -normally distributed (in either source or binary form) with the major -components (compiler, kernel, and so on) of the operating system on -which the executable runs, unless that component itself accompanies -the executable. - - It may happen that this requirement contradicts the license -restrictions of other proprietary libraries that do not normally -accompany the operating system. Such a contradiction means you cannot -use both them and the Library together in an executable that you -distribute. - - 7. You may place library facilities that are a work based on the -Library side-by-side in a single library together with other library -facilities not covered by this License, and distribute such a combined -library, provided that the separate distribution of the work based on -the Library and of the other library facilities is otherwise -permitted, and provided that you do these two things: - - a) Accompany the combined library with a copy of the same work - based on the Library, uncombined with any other library - facilities. This must be distributed under the terms of the - Sections above. - - b) Give prominent notice with the combined library of the fact - that part of it is a work based on the Library, and explaining - where to find the accompanying uncombined form of the same work. - - 8. You may not copy, modify, sublicense, link with, or distribute -the Library except as expressly provided under this License. Any -attempt otherwise to copy, modify, sublicense, link with, or -distribute the Library is void, and will automatically terminate your -rights under this License. However, parties who have received copies, -or rights, from you under this License will not have their licenses -terminated so long as such parties remain in full compliance. - - 9. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Library or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Library (or any work based on the -Library), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Library or works based on it. - - 10. Each time you redistribute the Library (or any work based on the -Library), the recipient automatically receives a license from the -original licensor to copy, distribute, link with or modify the Library -subject to these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties with -this License. - - 11. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Library at all. For example, if a patent -license would not permit royalty-free redistribution of the Library by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Library. - -If any portion of this section is held invalid or unenforceable under any -particular circumstance, the balance of the section is intended to apply, -and the section as a whole is intended to apply in other circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 12. If the distribution and/or use of the Library is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Library under this License may add -an explicit geographical distribution limitation excluding those countries, -so that distribution is permitted only in or among countries not thus -excluded. In such case, this License incorporates the limitation as if -written in the body of this License. - - 13. The Free Software Foundation may publish revised and/or new -versions of the Lesser General Public License from time to time. -Such new versions will be similar in spirit to the present version, -but may differ in detail to address new problems or concerns. - -Each version is given a distinguishing version number. If the Library -specifies a version number of this License which applies to it and -"any later version", you have the option of following the terms and -conditions either of that version or of any later version published by -the Free Software Foundation. If the Library does not specify a -license version number, you may choose any version ever published by -the Free Software Foundation. - - 14. If you wish to incorporate parts of the Library into other free -programs whose distribution conditions are incompatible with these, -write to the author to ask for permission. For software which is -copyrighted by the Free Software Foundation, write to the Free -Software Foundation; we sometimes make exceptions for this. Our -decision will be guided by the two goals of preserving the free status -of all derivatives of our free software and of promoting the sharing -and reuse of software generally. - - NO WARRANTY - - 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO -WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. -EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR -OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY -KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE -LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME -THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN -WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY -AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU -FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR -CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE -LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING -RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A -FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF -SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH -DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Libraries - - If you develop a new library, and you want it to be of the greatest -possible use to the public, we recommend making it free software that -everyone can redistribute and change. You can do so by permitting -redistribution under these terms (or, alternatively, under the terms of the -ordinary General Public License). - - To apply these terms, attach the following notices to the library. It is -safest to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least the -"copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301 USA - -Also add information on how to contact you by electronic and paper mail. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the library, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the - library `Frob' (a library for tweaking knobs) written - by James Random Hacker. - - , 1 April 1990 - Ty Coon, President of Vice - -That's all there is to it! - - - ---------------------------------------------------------------------------- -END of GNU LGPL Version 2.1 License ---------------------------------------------------------------------------- - - - - -=========================================================================== -Start of Notices for LGPL v2.1 Licensed Codes -=========================================================================== - - -=========================================================================== -Notices for LIBC-Utils version 0.9.33.2 ---------------------------------------------------------------------------- - -Copyright (c) 1994-2000 Eric Youngdale, Peter MacDonald, David Engel, -Hongjiu Lu and Mitch D'Souza - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved. - -Developed at SunPro, a Sun Microsystems, Inc. business. -Permission to use, copy, modify, and distribute this -software is freely granted, provided that this notice -is preserved. - ---------------------------------------------------------------------------- - -Sun RPC is a product of Sun Microsystems, Inc. and is provided for -unrestricted use provided that this legend is included on all tape -media and as a part of the software program in whole or part. Users -may copy or modify Sun RPC without charge, but are not authorized -to license or distribute it to anyone else except as part of a product or -program developed by the user. - -SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE -WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR -PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - -Sun RPC is provided with no support and without any obligation on the -part of Sun Microsystems, Inc. to assist in its use, correction, -modification or enhancement. - -SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE -INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC -OR ANY PART THEREOF. - -In no event will Sun Microsystems, Inc. be liable for any lost revenue -or profits or other special, indirect and consequential damages, even if -Sun has been advised of the possibility of such damages. - -Sun Microsystems, Inc. -2550 Garcia Avenue -Mountain View, California 94043 - ---------------------------------------------------------------------------- - -Copyright (c) 1994-2000 Eric Youngdale, Peter MacDonald, - David Engel, Hongjiu Lu and Mitch D'Souza -Copyright (C) 2001-2004 Erik Andersen - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1983, 1993 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1997 The NetBSD Foundation, Inc. -All rights reserved. - -This code is derived from software contributed to The NetBSD Foundation -by Neil A. Carson and Mark Brinicombe - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: -This product includes software developed by the NetBSD -Foundation, Inc. and its contributors. -4. Neither the name of The NetBSD Foundation nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS -``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1989, 1993 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- -Copyright (c) 1983, 1989, 1993 - The Regents of the University of California. All rights reserved. -Copyright (c) 1982, 1986, 1993 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Portions Copyright (c) 1993 by Digital Equipment Corporation. - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies, and that -the name of Digital Equipment Corporation not be used in advertising or -publicity pertaining to distribution of the document or software without -specific, written prior permission. - -THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -SOFTWARE. - ---------------------------------------------------------------------------- - -Portions Copyright (c) 1996-1999 by Internet Software Consortium. - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -SOFTWARE. - ---------------------------------------------------------------------------- - -Copyright (C) 2001-2004 Erik Andersen - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - - ---------------------------------------------------------------------------- - -Copyright (C) 1994-2008 Axis Communications. -All rights reserved. -Copyright (C) 1999-2008 Axis Communications. -All rights reserved. -Copyright (C) 2002-2004, Axis Communications AB -All rights reserved - -Author: Tobias Anderberg, - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (C) 2000-2006 by Erik Andersen -Copyright (c) 1994-2000 Eric Youngdale, Peter MacDonald, - David Engel, Hongjiu Lu and Mitch D'Souza - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (C) 2005 by Joakim Tjernlund -Copyright (C) 2000-2006 by Erik Andersen -Copyright (c) 1994-2000 Eric Youngdale, Peter MacDonald, - David Engel, Hongjiu Lu and Mitch D'Souza - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (C) 2002, Steven J. Hill (sjhill@realitydiluted.com) - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (C) 2001-2002 David A. Schleef -Copyright (C) 2003-2004 Erik Andersen -Copyright (C) 2004 Joakim Tjernlund - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (C) 2002, Stefan Allius and - Eddie C. Dost - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (C) 2003, 2004, 2005 Paul Mundt - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (C) 2003 Paul Mundt - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1983 Regents of the University of California. -All rights reserved. - -Redistribution and use in source and binary forms are permitted -provided that the above copyright notice and this paragraph are -duplicated in all such forms and that any documentation, -advertising materials, and other materials related to such -distribution and use acknowledge that the software was developed -by the University of California, Berkeley. The name of the -University may not be used to endorse or promote products derived -from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - ---------------------------------------------------------------------------- - -Copyright (c) 2002 ARM Ltd -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. The name of the company may not be used to endorse or promote - products derived from this software without specific prior written - permission. - -THIS SOFTWARE IS PROVIDED BY ARM LTD ``AS IS'' AND ANY EXPRESS OR IMPLIED -WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -IN NO EVENT SHALL ARM LTD BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (C) 1991 by Pipeline Associates, Inc. All rights reserved. -Permission is granted to do *anything* you want with this file, -commercial or otherwise, provided this message remains intact. So there! -I would appreciate receiving any updates/patches/changes that anyone -makes, and am willing to be the repository for said changes (am I -making a big mistake?). - ---------------------------------------------------------------------------- - -Copyright (c) 2011 William Pitcock - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING -IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 2002 - 2005 Tony Finch . All rights reserved. - -This code is derived from software contributed to Berkeley by Dave Yost. -It was rewritten to support ANSI C by Tony Finch. The original version of -unifdef carried the following copyright notice. None of its code remains -in this version (though some of the names remain). - -Copyright (c) 1985, 1993 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1983, 1989 - The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1988 Stephen Deering. -Copyright (c) 1992, 1993 -The Regents of the University of California. All rights reserved. - -This code is derived from software contributed to Berkeley by -Stephen Deering of Stanford University. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1989 Carnegie Mellon University. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY CARNEGIE MELLON UNIVERSITY AND -CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -IN NO EVENT SHALL THE UNIVERSITY OR CONTRIBUTORS BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE -GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER -IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN -IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - ---------------------------------------------------------------------------- - - -Copyright (C) 1982, 1986 Regents of the University of California. -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1983, 1987, 1989 - The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1991, 1993 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1982, 1986 Regents of the University of California. -All rights reserved. - -This code is derived from software contributed to Berkeley by -Robert Elz at The University of Melbourne. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1982, 1986, 1988, 1993 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1982, 1986, 1993 -The Regents of the University of California. All rights reserved. -(c) UNIX System Laboratories, Inc. -All or some portions of this file are derived from material licensed -to the University of California by American Telephone and Telegraph -Co. or Unix System Laboratories, Inc. and are reproduced herein with -the permission of UNIX System Laboratories, Inc. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1987, 1993 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- -Copyright (C) 2004-2006 Atmel Corporation -All rights reserved. -Copyright (C) 2005-2007 Atmel Corporation -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (C) 2007 Tensilica Inc. -Copyright (c) 1994-2000 Eric Youngdale, Peter MacDonald, - David Engel, Hongjiu Lu and Mitch D'Souza -Copyright (C) 2001-2004 Erik Andersen - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. The name of the above contributors may not be - used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1987 Regents of the University of California. -All rights reserved. - -Redistribution and use in source and binary forms are permitted -provided that: (1) source distributions retain this entire copyright -notice and comment, and (2) distributions including binaries display -the following acknowledgement: ``This product includes software -developed by the University of California, Berkeley and its contributors'' -in the documentation or other materials provided with the distribution -and in all advertising materials mentioning features or use of this -software. Neither the name of the University nor the names of its -contributors may be used to endorse or promote products derived -from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - ---------------------------------------------------------------------------- - -Copyright (c) 1983, 1993 -The Regents of the University of California. All rights reserved. -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: -This product includes software developed by the University of -California, Berkeley and its contributors. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1993 Intel Corporation - -Intel hereby grants you permission to copy, modify, and distribute this -software and its documentation. Intel grants this permission provided -that the above copyright notice appears in all copies and that both the -copyright notice and this permission notice appear in supporting -documentation. In addition, Intel grants this permission provided that -you prominently mark as "not part of the original" any modifications -made to this software or documentation, and that the name of Intel -Corporation not be used in advertising or publicity pertaining to -distribution of the software or the documentation without specific, -written prior permission. - -Intel Corporation provides this AS IS, WITHOUT ANY WARRANTY, EXPRESS OR -IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY -OR FITNESS FOR A PARTICULAR PURPOSE. Intel makes no guarantee or -representations regarding the use of, or the results of the use of, -the software and documentation in terms of correctness, accuracy, -reliability, currentness, or otherwise; and you rely on the software, -documentation and results solely at your own risk. - -IN NO EVENT SHALL INTEL BE LIABLE FOR ANY LOSS OF USE, LOSS OF BUSINESS, -LOSS OF PROFITS, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES -OF ANY KIND. IN NO EVENT SHALL INTEL'S TOTAL LIABILITY EXCEED THE SUM -PAID TO INTEL FOR THE PRODUCT LICENSED HEREUNDER. - ---------------------------------------------------------------------------- - -Copyright (C) 1998 WIDE Project. -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. Neither the name of the project nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1983, 1993, 1994 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1980, 1993 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1985, 1993, 1994 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1990, 1993, 1994 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1983, 1988, 1993 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: -This product includes software developed by the University of -California, Berkeley and its contributors. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright 1996 David Mazieres . - -Modification and redistribution in source and binary forms is -permitted provided that due credit is given to the author and the -OpenBSD project by leaving this copyright notice intact. - - ---------------------------------------------------------------------------- - -Copyright (c) 1990, 1993 -The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -3. - -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -Copyright (c) 1994 David Burren -All rights reserved. - - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. Neither the name of the author nor the names of other contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - ---------------------------------------------------------------------------- - -"THE BEER-WARE LICENSE" (Revision 42): - wrote this file. As long as you retain this notice you -can do whatever you want with this stuff. If we meet some day, and you think -this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp - - - - -=========================================================================== -End of Notices for LGPL v2.1 Licensed Codes -=========================================================================== - - -@@@@@@@@@@@@ -=========================================================================== -GNU LESSER GENERAL PUBLIC LICENSE V3 - -This Program includes some or all of the following Modifiable Third -Party Code that IBM obtained under the GNU Lesser General Public License. - -Portions of kubernetes version 1.9.2 -Portions of kubernetes incubator-external-storage commit level 92295a3 -ratelimit commit level 5b9ff86 -Portions of yaml.v2 commit level 53feefa - ---------------------------------------------------------------------------- - -As a special exception to the GNU Lesser General Public License version 3 -("LGPL3"), the copyright holders of this Library give you permission to -convey to a third party a Combined Work that links statically or dynamically -to this Library without providing any Minimal Corresponding Source or -Minimal Application Code as set out in 4d or providing the installation -information set out in section 4e, provided that you comply with the other -provisions of LGPL3 and provided that you meet, for the Application the -terms and conditions of the license(s) which apply to the Application. - -Except as stated in this special exception, the provisions of LGPL3 will -continue to comply in full to this Library. If you modify this Library, you -may apply this exception to your version of this Library, but you are not -obliged to do so. If you do not wish to do so, delete this exception -statement from your version. This exception does not (and cannot) modify any -license terms which apply to the Application, with which you must still -comply. - - - GNU LESSER GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - - This version of the GNU Lesser General Public License incorporates -the terms and conditions of version 3 of the GNU General Public -License, supplemented by the additional permissions listed below. - - 0. Additional Definitions. - - As used herein, "this License" refers to version 3 of the GNU Lesser -General Public License, and the "GNU GPL" refers to version 3 of the GNU -General Public License. - - "The Library" refers to a covered work governed by this License, -other than an Application or a Combined Work as defined below. - - An "Application" is any work that makes use of an interface provided -by the Library, but which is not otherwise based on the Library. -Defining a subclass of a class defined by the Library is deemed a mode -of using an interface provided by the Library. - - A "Combined Work" is a work produced by combining or linking an -Application with the Library. The particular version of the Library -with which the Combined Work was made is also called the "Linked -Version". - - The "Minimal Corresponding Source" for a Combined Work means the -Corresponding Source for the Combined Work, excluding any source code -for portions of the Combined Work that, considered in isolation, are -based on the Application, and not on the Linked Version. - - The "Corresponding Application Code" for a Combined Work means the -object code and/or source code for the Application, including any data -and utility programs needed for reproducing the Combined Work from the -Application, but excluding the System Libraries of the Combined Work. - - 1. Exception to Section 3 of the GNU GPL. + 1. Exception to Section 3 of the GNU GPL. You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. @@ -3303,18 +1460,20 @@ END GNU General Public License version 3.0 @@@@@@@@@@@@ =========================================================================== -GNU GENERAL PUBLIC LICENSE V2 +GNU General Public License 2.0: THE FOLLOWING TERMS AND CONDITIONS +APPLY to the listed components below which are licensed under the GNU +General Public License 2.0: -This Program includes some or all of the following Modifiable Third -Party Code that IBM obtained under the GNU General Public License V2. - -alpine-baselayout version 3.0.5 -apk-tools version 2.8.2 +alpine-baselayout version 3.1.0 +apk-tools version 2.10.1 Portions of CA-certificates 20171114 -busybox version 1.27.2 +busybox version 1.28.4 +libressl version 2.7.4 Portions of kubernetes version 1.9.2 -Portions of libc-utils version 0.9.33.2 -pax-utils version 1.2.2 +Portions of libressl version 2.7.4 +Portions of musl-utils version 1.1.19 +scanelf version 1.2.3 +ssl_client version 1.28.4 --------------------------------------------------------------------------- START of GNU GPL version 2 License @@ -3673,7 +1832,7 @@ Start of Notices for GPL v2 Licensed Codes =========================================================================== -Notices for apk-tools version 2.8.2 +Notices for apk-tools version 2.10.1 --------------------------------------------------------------------------- Copyright (c) 2000-2004 Dag-Erling Coïdan Smørgrav @@ -3783,21 +1942,56 @@ are met: 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission -THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + + +=========================================================================== + +Notices for busybox version 1.28.4 + +Copyright (C) 1996-2006 Julian R Seward. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. The origin of this software must not be misrepresented; you must + not claim that you wrote the original software. If you use this + software in a product, an acknowledgment in the product + documentation would be appreciated but is not required. +3. Altered source versions must be plainly marked as such, and must + not be misrepresented as being the original software. +4. The name of the author may not be used to endorse or promote + products derived from this software without specific prior written + permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS +OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -=========================================================================== -Notices for busybox version 1.27.2 --------------------------------------------------------------------------- Copyright (c) 2001-2006, Gerrit Pape @@ -3814,7 +2008,7 @@ modification, are permitted provided that the following conditions are met: 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, @@ -3842,7 +2036,7 @@ are met: may be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND +THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE @@ -3856,11 +2050,19 @@ SUCH DAMAGE. --------------------------------------------------------------------------- + +Copyright (c) 1983, 1991 + The Regents of the University of California. All rights reserved. +Copyright (c) 1983, 1993 + The Regents of the University of California. All rights reserved. +Copyright (c) 1987, 1988 + The Regents of the University of California. All rights reserved. +Copyright (c) 1989 + The Regents of the University of California. All rights reserved. Copyright (c) 1991, 1993 The Regents of the University of California. All rights reserved. - -This code is derived from software contributed to Berkeley by -Kenneth Almquist. +Copyright (c) 1988, 1993, 1994 + The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -3874,11 +2076,12 @@ are met: 3. + California, Berkeley and its contributors. 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE @@ -3892,11 +2095,9 @@ SUCH DAMAGE. --------------------------------------------------------------------------- -Copyright (c) 1989, 1991, 1993, 1994 +Copyright (c) 1989, 1990, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. -This code is derived from software contributed to Berkeley by -Kenneth Almquist. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -3910,7 +2111,7 @@ are met: may be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE @@ -3924,237 +2125,208 @@ SUCH DAMAGE. --------------------------------------------------------------------------- -Copyright (c) 1988, 1993, 1994 - The Regents of the University of California. All rights reserved. +Copyright (c) 2002 by David I. Bell +Permission is granted to use, distribute, or modify this source, +provided that this copyright notice remains intact. -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. +--------------------------------------------------------------------------- -3. BSD Advertising Clause omitted per the July 22, 1999 licensing change - ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER +IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING +OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. --------------------------------------------------------------------------- -Copyright (c) 1989 The Regents of the University of California. -All rights reserved. -Copyright (c) 1990 The Regents of the University of California. -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. +Copyright (c) University of Delaware 1992-2009 -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. +Permission to use, copy, modify, and distribute this software and +its documentation for any purpose with or without fee is hereby +granted, provided that the above copyright notice appears in all +copies and that both the copyright notice and this permission +notice appear in supporting documentation, and that the name +University of Delaware not be used in advertising or publicity +pertaining to distribution of the software without specific, +written prior permission. The University of Delaware makes no +representations about the suitability this software for any +purpose. It is provided "as is" without express or implied warranty. --------------------------------------------------------------------------- -Copyright (c) 2002 by David I. Bell -Permission is granted to use, distribute, or modify this source, -provided that this copyright notice remains intact. +Copyright (c) 1988, 1989, 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000 + The Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that: (1) source code distributions +retain the above copyright notice and this paragraph in its entirety, (2) +distributions including binary code include the above copyright notice and +this paragraph in its entirety in the documentation or other materials +provided with the distribution, and (3) all advertising materials mentioning +features or use of this software display the following acknowledgement: +''This product includes software developed by the University of California, +Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +the University nor the names of its contributors may be used to endorse +or promote products derived from this software without specific prior +written permission. +THIS SOFTWARE IS PROVIDED ''AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. --------------------------------------------------------------------------- -Copyright (c) 1992, 1993 -The Regents of the University of California. All rights reserved. +Copyright (c) 2001 Aaron Lehmann -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: -3. BSD Advertising Clause omitted per the July 22, 1999 licensing change - ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. +=========================================================================== +Notices for libressl version 2.7.4 --------------------------------------------------------------------------- -Copyright (c) 1994 David Burren -All rights reserved. -Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet -this file should now *only* export crypt(), in order to make -binaries of libcrypt exportable from the USA + LibReSSL files are retained under the copyright of the authors. New + additions are ISC licensed as per OpenBSD's normal licensing policy, + or are placed in the public domain. -Adapted for FreeBSD-4.0 by Mark R V Murray -this file should now *only* export crypt_des(), in order to make -a module that can be optionally included in libcrypt. + The OpenSSL code is distributed under the terms of the original OpenSSL + licenses which follow: -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. Neither the name of the author nor the names of other contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. + LICENSE ISSUES + ============== -THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. In case of any license issues + related to OpenSSL please contact openssl-core@openssl.org. ---------------------------------------------------------------------------- + OpenSSL License + --------------- -Copyright (c) 1983,1991 The Regents of the University of California. -All rights reserved. +==================================================================== +Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by the University of - California, Berkeley and its contributors. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. +3. All advertising materials mentioning features or use of this + software must display the following acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ---------------------------------------------------------------------------- +4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + endorse or promote products derived from this software without + prior written permission. For written permission, please contact + openssl-core@openssl.org. + +5. Products derived from this software may not be called "OpenSSL" + nor may "OpenSSL" appear in their names without prior written + permission of the OpenSSL Project. + +6. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (http://www.openssl.org/)" -Copyright (c) 2003, 2004 Henning Brauer -Copyright (c) 2004 Alexander Guy +THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. +==================================================================== -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. +This product includes cryptographic software written by Eric Young +(eay@cryptsoft.com). This product includes software written by Tim +Hudson (tjh@cryptsoft.com). -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER -IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ---------------------------------------------------------------------------- -Copyright (c) University of Delaware 1992-2009 + Original SSLeay License + ----------------------- -Permission to use, copy, modify, and distribute this software and -its documentation for any purpose with or without fee is hereby -granted, provided that the above copyright notice appears in all -copies and that both the copyright notice and this permission -notice appear in supporting documentation, and that the name -University of Delaware not be used in advertising or publicity -pertaining to distribution of the software without specific, -written prior permission. The University of Delaware makes no -representations about the suitability this software for any -purpose. It is provided "as is" without express or implied warranty. +Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +All rights reserved. ---------------------------------------------------------------------------- +This package is an SSL implementation written +by Eric Young (eay@cryptsoft.com). +The implementation was written so as to conform with Netscapes SSL. -Copyright (c) 1989 The Regents of the University of California. -All rights reserved. +This library is free for commercial and non-commercial use as long as +the following conditions are aheared to. The following conditions +apply to all code found in this distribution, be it the RC4, RSA, +lhash, DES, etc., code; not just the SSL code. The SSL documentation +included with this distribution is covered by the same copyright terms +except that the holder is Tim Hudson (tjh@cryptsoft.com). -This code is derived from software contributed to Berkeley by -Mike Muuss. +Copyright remains Eric Young's, and as such any Copyright notices in +the code are not to be removed. +If this package is used in a product, Eric Young should be given attribution +as the author of the parts of the library used. +This can be in the form of a textual message at program startup or +in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -1. Redistributions of source code must retain the above copyright +1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + "This product includes cryptographic software written by + Eric Young (eay@cryptsoft.com)" + The word 'cryptographic' can be left out if the rouines from the library + being used are not cryptographic related :-). +4. If you include any Windows specific code (or a derivative thereof) from + the apps directory (application code) you must include an acknowledgement: + "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -3. - -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -4163,32 +2335,37 @@ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +The licence and distribution terms for any publically available version or +derivative of this code cannot be changed. i.e. this code cannot simply be +copied and put under another distribution licence +[including the GNU Public Licence.] + --------------------------------------------------------------------------- -Copyright (c) 1988, 1989, 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000 - The Regents of the University of California. All rights reserved. +Copyright © 2005-2014 Rich Felker, et al. -Busybox port by Vladimir Oleynik (C) 2005 +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that: (1) source code distributions -retain the above copyright notice and this paragraph in its entirety, (2) -distributions including binary code include the above copyright notice and -this paragraph in its entirety in the documentation or other materials -provided with the distribution, and (3) all advertising materials mentioning -features or use of this software display the following acknowledgement: -``This product includes software developed by the University of California, -Lawrence Berkeley Laboratory and its contributors.'' Neither the name of -the University nor the names of its contributors may be used to endorse -or promote products derived from this software without specific prior -written permission. -THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED -WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. ---------------------------------------------------------------------------- +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -Copyright (c) 2001 Aaron Lehmann + + +Copyright © 2005-2014 Rich Felker, et al. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the @@ -4211,7 +2388,51 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. --------------------------------------------------------------------------- -Copyright (c) 1983, 1993 The Regents of the University of California. +Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved. + +Developed at SunPro, a Sun Microsystems, Inc. business. Permission to +use, copy, modify, and distribute this software is freely granted, +provided that this notice is preserved. + +--------------------------------------------------------------------------- + +Copyright (c) 2008 Stephen L. Moshier + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +--------------------------------------------------------------------------- + +Copyright (c) 2005 Bruce D. Evans and Steven G. Kargl +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +--------------------------------------------------------------------------- +Copyright (c) 2005 David Schultz +Copyright (c) 2007 David Schultz +Copyright (c) 2011 David Schultz +Copyright (c) 2005-2008 David Schultz +Copyright (c) 2005-2011 David Schultz All rights reserved. Redistribution and use in source and binary forms, with or without @@ -4223,17 +2444,10 @@ are met: notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. BSD Advertising Clause omitted per the July 22, 1999 licensing change - ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -4244,11 +2458,9 @@ SUCH DAMAGE. --------------------------------------------------------------------------- -Copyright (c) 1989, 1993, 1994 -The Regents of the University of California. All rights reserved. - -This code is derived from software contributed to Berkeley by -Kim Letkeman. +Copyright (c) 1994 David Burren +Copyright (c) 2000,2002,2010,2012 Solar Designer +All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -4258,14 +2470,14 @@ are met: 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. Neither the name of the University nor the names of its contributors +3. Neither the name of the author nor the names of other contributors may be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -4276,7 +2488,7 @@ SUCH DAMAGE. --------------------------------------------------------------------------- -Copyright (c) 1987, 1988 Regents of the University of California. +Copyright (c) 2003 Poul-Henning Kamp All rights reserved. Redistribution and use in source and binary forms, with or without @@ -4287,18 +2499,11 @@ are met: 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgment: - This product includes software developed by the University of - California, Berkeley and its contributors. -4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -4307,16 +2512,92 @@ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +--------------------------------------------------------------------------- +Copyright (c) 2001-2009 Ville Laurikari +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS +``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +--------------------------------------------------------------------------- + +Copyright (C) 2004 by Sun Microsystems, Inc. All rights reserved. +Copyright (C) 2004 Sun Microsystems, Inc. All rights reserved. + +Permission to use, copy, modify, and distribute this +software is freely granted, provided that this notice +is preserved. + +--------------------------------------------------------------------------- + +Copyright (C) 2011 by Valentin Ochs + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to +deal in the Software without restriction, including without limitation the +rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +sell copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +IN THE SOFTWARE. -=========================================================================== -Notices for pax-utils version 1.2.2 --------------------------------------------------------------------------- -THE BEER-WARE LICENSE (Revision 42): -As long as you retain this notice you can do whatever you want with this -stuff. If we meet some day, and you think this stuff is worth it, -you can buy me a beer in return. Ned Ludd. --solarx +Copyright (C) 2008 The Android Open Source Project +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS +OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. @@ -4329,21 +2610,23 @@ End of Notices for GPL v2 Licensed Codes @@@@@@@@@@@@ ========================================================================== Offer to obtain source code for GNU GPL and GNU LGPL licensed software -distributed with the IBM Storage Enabler for Containers 1.2, IBM -Storage Kubernetes FlexVolume 1.2 and IBM Storage Kubernetes Dynamic -Provisioner 1.2: - - -alpine-baselayout version 3.0.5 -apk-tools version 2.8.2 -busybox version 1.27.2 +distributed with the IBM Storage Enabler for Containers, IBM Storage +Kubernetes FlexVolume, IBM Storage Kubernetes Dynamic Provisioner, IBM +Storage Enabler for Containers DB, and IBM Storage Enabler for Containers +Helm Utils Version 2.0: + +alpine-baselayout version 3.1.0 +apk-tools version 2.10.1 +busybox version 1.28.4 CA-certificates 20171114 kubernetes incubator-external-storage commit level 92295a3 -kubernetes version 1.9.2 -libc-utils version 0.9.33.2 -pax-utils version 1.2.2 -ratelimit commit level 5b9ff86 -yaml.v2 commit level 53feefa +kubernetes version 1.9.2 +libressl version 2.7.4 +musl-utils version 1.1.19 +ratelimit commit level 5b9ff86 +scanelf version 1.2.3 +ssl_client version 1.28.4 +yaml.v2 commit level 53feefa Source code for the above listed licensed software is available upon written request to the following address: @@ -4361,8 +2644,8 @@ END OF Offer for GNU GPL and LGPL Source Code =========================================================================== END OF TERMS AND CONDITIONS FOR SEPARATELY LICENSED CODE for IBM Storage -Enabler for Containers 1.2, IBM Storage Kubernetes FlexVolume 1.2, -and IBM Storage Kubernetes Dynamic Provisioner 1.2 +Enabler for Containers 2.0, IBM Storage Kubernetes FlexVolume 2.0, +and IBM Storage Kubernetes Dynamic Provisioner 2.0 =========================================================================== @@ -4398,6 +2681,7 @@ of the Apache License Version 2.0: btree commit level e89373f concurrent version 1.0.3 +Portions of Curl version 7.61.1 glog commit level 23def4e gnostic commit level 0c51083 gofuzz commit level 44d8105 @@ -7316,148 +5600,459 @@ terms and conditions of the following license(s): --------------------------------------------------------------------------- -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +======================================================================= +END OF alpine-keys version 2.1 NOTICES AND INFORMATION +======================================================================= + + +@@@@@@@@@@@@ +=========================================================================== +CA-Certificates version 20171114: The Program includes +CA-Certificates version 20171114 software. IBM obtained the +CA-Certificates version 20171114 software under the terms and +conditions of the following license(s): + +--------------------------------------------------------------------------- + + Copyright (c) 2013-2014 Timo Teräs + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +======================================================================= +END OF CA-Certificates version 20171114 NOTICES AND INFORMATION +======================================================================= + + +@@@@@@@@@@@@ +=========================================================================== +context version 1.1.1: The Program includes context version 1.1.1 +software. IBM obtained the context version 1.1.1 software under the +terms and conditions of the following license(s): + +--------------------------------------------------------------------------- + +Copyright (c) 2012 Rodrigo Moraes. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +======================================================================= +END OF context version 1.1.1 NOTICES AND INFORMATION +======================================================================= + + +@@@@@@@@@@@@ +=========================================================================== +crypto commit level 81e9090: The Program includes crypto commit level +81e9090 software. IBM obtained the crypto commit level 81e9090 +software under the terms and conditions of the following license(s): + +--------------------------------------------------------------------------- + +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +======================================================================= +END OF crypto commit level 81e9090 NOTICES AND INFORMATION +======================================================================= + + +@@@@@@@@@@@@ +=========================================================================== +curl version 7.61.1: The Program includes curl version 7.61.1 +software. IBM obtained the curl version 7.61.1 software under the +terms and conditions of the following license(s): + +--------------------------------------------------------------------------- + +Copyright (c) 1996 - 2018, Daniel Stenberg, , and many +contributors, see the THANKS file. + +All rights reserved. + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF +THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +Except as contained in this notice, the name of a copyright holder shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization of +the copyright holder. + +--------------------------------------------------------------------------- + +Copyright 2009, John Malmberg +Copyright 2011, John Malmberg +Copyright 2012, John Malmberg +Copyright 2013, John Malmberg +Copyright 2014, John Malmberg + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +--------------------------------------------------------------------------- + +Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +Copyright (c) 2004 - 2017 Daniel Stenberg +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +--------------------------------------------------------------------------- + +Copyright (c) 1998, 1999, 2017 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). + +Copyright (C) 2001 - 2015, Daniel Stenberg, , et al. + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +--------------------------------------------------------------------------- +Copyright (C) 2013, 2017, Linus Nielsen Feltzing +Copyright (C) 2012 - 2018, Steve Holme, +Copyright (C) 1998 - 2016, Vijay Panghal, , et al. +Copyright (C) 2018 Jeroen Ooms +Copyright (c) 2001-2004 Damien Miller +Copyright (C) 2010, Howard Chu, +Copyright (C) 1998 - 2018, Florin Petriuc, +Copyright (C) 2017 - 2018 Red Hat, Inc. +Copyright (C) 2015, Jay Satiro, . + -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. +All rights reserved. + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF +THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. - -======================================================================= -END OF alpine-keys version 2.1 NOTICES AND INFORMATION -======================================================================= - - -@@@@@@@@@@@@ -=========================================================================== -CA-Certificates version 20171114: The Program includes -CA-Certificates version 20171114 software. IBM obtained the -CA-Certificates version 20171114 software under the terms and -conditions of the following license(s): +Except as contained in this notice, the name of a copyright holder shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization of +the copyright holder. --------------------------------------------------------------------------- - Copyright (c) 2013-2014 Timo Teräs - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: +Copyright (c) 2003 The OpenEvidence Project. All rights reserved. -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +1. Redistributions of source code must retain the above copyright + notice, this list of conditions, the following disclaimer, + and the original OpenSSL and SSLeay Licences below. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions, the following disclaimer + and the original OpenSSL and SSLeay Licences below in + the documentation and/or other materials provided with the + distribution. -======================================================================= -END OF CA-Certificates version 20171114 NOTICES AND INFORMATION -======================================================================= +3. All advertising materials mentioning features or use of this + software must display the following acknowledgments: + "This product includes software developed by the Openevidence Project + for use in the OpenEvidence Toolkit. (http://www.openevidence.org/)" + This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (https://www.openssl.org/)" + This product includes cryptographic software written by Eric Young + (eay@cryptsoft.com). This product includes software written by Tim + Hudson (tjh@cryptsoft.com)." + +4. The names "OpenEvidence Toolkit" and "OpenEvidence Project" must not be + used to endorse or promote products derived from this software without + prior written permission. For written permission, please contact + openevidence-core@openevidence.org. +5. Products derived from this software may not be called "OpenEvidence" + nor may "OpenEvidence" appear in their names without prior written + permission of the OpenEvidence Project. -@@@@@@@@@@@@ -=========================================================================== -context version 1.1.1: The Program includes context version 1.1.1 -software. IBM obtained the context version 1.1.1 software under the -terms and conditions of the following license(s): +6. Redistributions of any form whatsoever must retain the following + acknowledgments: + "This product includes software developed by the OpenEvidence Project + for use in the OpenEvidence Toolkit (http://www.openevidence.org/) + This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (https://www.openssl.org/)" + This product includes cryptographic software written by Eric Young + (eay@cryptsoft.com). This product includes software written by Tim + Hudson (tjh@cryptsoft.com)." + +THIS SOFTWARE IS PROVIDED BY THE OpenEvidence PROJECT ``AS IS'' AND ANY +EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenEvidence PROJECT OR +ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. --------------------------------------------------------------------------- -Copyright (c) 2012 Rodrigo Moraes. All rights reserved. +Copyright (c) 2003 The OpenEvidence Project. All rights reserved. Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. +modification, are permitted provided that the following conditions +are met: -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +1. Redistributions of source code must retain the above copyright + notice, this list of conditions, the following disclaimer, + and the original OpenSSL and SSLeay Licences below. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions, the following disclaimer + and the original OpenSSL and SSLeay Licences below in + the documentation and/or other materials provided with the + distribution. -======================================================================= -END OF context version 1.1.1 NOTICES AND INFORMATION -======================================================================= +3. All advertising materials mentioning features or use of this + software must display the following acknowledgments: + "This product includes software developed by the Openevidence Project + for use in the OpenEvidence Toolkit. (http://www.openevidence.org/)" + This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (https://www.openssl.org/)" + This product includes cryptographic software written by Eric Young + (eay@cryptsoft.com). This product includes software written by Tim + Hudson (tjh@cryptsoft.com)." + +4. The names "OpenEvidence Toolkit" and "OpenEvidence Project" must not be + used to endorse or promote products derived from this software without + prior written permission. For written permission, please contact + openevidence-core@openevidence.org. +5. Products derived from this software may not be called "OpenEvidence" + nor may "OpenEvidence" appear in their names without prior written + permission of the OpenEvidence Project. -@@@@@@@@@@@@ -=========================================================================== -crypto commit level 81e9090: The Program includes crypto commit level -81e9090 software. IBM obtained the crypto commit level 81e9090 -software under the terms and conditions of the following license(s): +6. Redistributions of any form whatsoever must retain the following + acknowledgments: + "This product includes software developed by the OpenEvidence Project + for use in the OpenEvidence Toolkit (http://www.openevidence.org/) + This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (https://www.openssl.org/)" + This product includes cryptographic software written by Eric Young + (eay@cryptsoft.com). This product includes software written by Tim + Hudson (tjh@cryptsoft.com)." + +THIS SOFTWARE IS PROVIDED BY THE OpenEvidence PROJECT ``AS IS'' AND ANY +EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenEvidence PROJECT OR +ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. --------------------------------------------------------------------------- -Copyright (c) 2009 The Go Authors. All rights reserved. +Copyright (c) 1983, 2016 Regents of the University of California. +All rights reserved. Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. +4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. ======================================================================= -END OF crypto commit level 81e9090 NOTICES AND INFORMATION +END OF curl version 7.61.1 NOTICES AND INFORMATION ======================================================================= @@ -7966,8 +6561,73 @@ END OF inflection commit level 0414036 NOTICES AND INFORMATION @@@@@@@@@@@@ =========================================================================== -libressl version 2.6.3: The Program includes libressl version 2.6.3 -software. IBM obtained the libressl version 2.6.3 software under the +libc-utils version 0.7.1: The Program includes libc-utils version +0.7.1 software. IBM obtained the libc-utils version 0.7.1 software +under the terms and conditions of the following license(s): + +--------------------------------------------------------------------------- + +Copyright (c) 1991, 1993 +The Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +--------------------------------------------------------------------------- + +Copyright 2002 Niels Provos +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +======================================================================= +END OF libc-utils version 0.7.1 NOTICES AND INFORMATION +======================================================================= + + +@@@@@@@@@@@@ +=========================================================================== +libressl version 2.7.4: The Program includes libressl version 2.7.4 +software. IBM obtained the libressl version 2.7.4 software under the terms and conditions of the following license(s): --------------------------------------------------------------------------- @@ -8185,6 +6845,7 @@ Copyright (c) 2014 The OpenSSL Project. All rights reserved. Copyright (c) 2015 The OpenSSL Project. All rights reserved. Copyright (c) 2016 The OpenSSL Project. All rights reserved. Copyright (c) 2017 The OpenSSL Project. All rights reserved. +Copyright (c) 2017 The OpenSSL Project. All rights reserved. Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. @@ -8238,9 +6899,12 @@ Copyright (c) 2000, 2002, 2014 The OpenSSL Project. All rights reserved Copyright (c) 2002, 2003, 2015 The OpenSSL Project. All rights reserved Copyright (c) 2006, 2009, 2013 The OpenSSL Project. All rights reserved. Copyright (c) 2000, 2001, 2002, 2003 The OpenSSL Project. All rights reserved. -Copyright (c) 2002, 2003, 2006-2009, 2013-2015 The OpenSSL Project. All rights reserved. - +Copyright (c) 2002, 2003, 2006-2009, 2013-2015 The OpenSSL Project. +All rights reserved. Copyright (c) 2006, 2009, 2010, 2013 The OpenSSL Project. All rights reserved. +Copyright (c) 2006, 2009, 2010, 2013, 2018 The OpenSSL Project. +All rights reserved. +Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project. All rights reserved. @@ -8396,6 +7060,7 @@ Copyright (c) 2016, 2017 Joel Sing Copyright (c) 2017 Doug Hogan Copyright (c) 2016 Bob Beck Copyright (c) 2017 Bob Beck +Copyright (c) 2018 Bob Beck Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -8412,6 +7077,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ------------------------------------------------------------------------ Copyright (c) 2016, 2017 Joel Sing +Copyright (c) 2018 Joel Sing Copyright (c) 2017 Doug Hogan Permission to use, copy, modify, and distribute this software for any @@ -8513,6 +7179,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Copyright (c) 2016 Ingo Schwarze Copyright (c) 2017 Ingo Schwarze + Copyright (c) 2018 Ingo Schwarze Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -9535,9 +8202,25 @@ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +--------------------------------------------------------------------------- + +Copyright (c) 2018 Theo Buehler + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + ======================================================================= -END OF libressl version 2.6.3 NOTICES AND INFORMATION +END OF libressl version 2.7.4 NOTICES AND INFORMATION ======================================================================= @@ -9656,8 +8339,8 @@ END OF mergo commit level 6633656 NOTICES AND INFORMATION @@@@@@@@@@@@ =========================================================================== -musl version 1.1.18: The Program includes musl version 1.1.18 -software. IBM obtained the musl version 1.1.18 software under the +musl version 1.1.19: The Program includes musl version 1.1.19 +software. IBM obtained the musl version 1.1.19 software under the terms and conditions of the following license(s): --------------------------------------------------------------------------- @@ -9898,7 +8581,7 @@ SUCH DAMAGE. ======================================================================= -END OF musl version 1.1.18 NOTICES AND INFORMATION +END OF musl version 1.1.19 NOTICES AND INFORMATION ======================================================================= @@ -10024,8 +8707,8 @@ INFORMATION @@@@@@@@@@@@ =========================================================================== -OpenSSL version 1.0.2o: The Program includes OpenSSL version 1.0.2o -software. IBM obtained the OpenSSL version 1.0.2o software under the +OpenSSL version 1.0.2p: The Program includes OpenSSL version 1.0.2p +software. IBM obtained the OpenSSL version 1.0.2p software under the terms and conditions of the following license(s): --------------------------------------------------------------------------- @@ -10546,7 +9229,7 @@ Copyright (c) 2004 Kungliga Tekniska Högskolan ======================================================================= -END OF OpenSSL version 1.0.2o NOTICES AND INFORMATION +END OF OpenSSL version 1.0.2p NOTICES AND INFORMATION ======================================================================= @@ -12039,8 +10722,7 @@ END Mozilla Public License, Version 2.0 ===================================================================== END OF NOTICES AND INFORMATION FOR IBM Storage Enabler for -Containers Version 1.2, IBM Storage Kubernetes FlexVolume -Version 1.2, IBM Storage Kubernetes Dynamic Provisioner -Version 1.2 +Containers, Kubermetes FlexVolume, Kubermetes Dynamic +Provisioner, and Enabler for Containers DB Version 2.0 ===================================================================== From 2b9a55f2c7130a031c21196c0df196bbe7dddf04 Mon Sep 17 00:00:00 2001 From: olgasht Date: Wed, 5 Dec 2018 13:42:14 +0200 Subject: [PATCH 38/47] UB-1734: updated glide# --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index 5568bb5ef..a7192c31d 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: aeb18c1099c1da385698f4ae40c385734ab472eb + version: 95e25e89f30d43ef4cf7c287fe4efc4370563f56 subpackages: - remote - resources From b98b53576e757767ee640d650377c27818a9faaa Mon Sep 17 00:00:00 2001 From: Ran Harel Date: Wed, 5 Dec 2018 13:46:44 +0200 Subject: [PATCH 39/47] UB-1731 - update the yaml files to point to new cert location mount point --- .../templates/ubiquity-db-deployment.yml | 2 +- .../yamls/ubiquity-db-deployment.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml index 64e6bf81b..00832efd1 100644 --- a/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml +++ b/helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-deployment.yml @@ -47,7 +47,7 @@ spec: subPath: "ibm-ubiquity" {{- if eq .Values.genericConfig.connectionInfo.sslMode "verify-full" }} - name: ubiquity-db-private-certificate - mountPath: /var/lib/postgresql/ssl/private/ + mountPath: /var/lib/postgresql/ssl/provided/ {{- end }} volumes: diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-db-deployment.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-db-deployment.yml index b80fa3647..147d7d9ab 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-db-deployment.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-db-deployment.yml @@ -43,7 +43,7 @@ spec: subPath: "ibm-ubiquity" # Certificate Set : use the below volumeMounts only if predefine certificate given # Cert # - name: ubiquity-db-private-certificate -# Cert # mountPath: /var/lib/postgresql/ssl/private/ +# Cert # mountPath: /var/lib/postgresql/ssl/provided/ volumes: - name: ibm-ubiquity-db persistentVolumeClaim: @@ -58,4 +58,4 @@ spec: # Cert # mode: 0600 # Cert # - key: ubiquity-db.crt # Cert # path: ubiquity-db.crt -# Cert # mode: 0600 \ No newline at end of file +# Cert # mode: 0600 From 8cfc1b556e3d8e72cd0097712bbe1c92da59a88d Mon Sep 17 00:00:00 2001 From: olgashtivelman <33713489+olgashtivelman@users.noreply.github.com> Date: Wed, 5 Dec 2018 13:55:15 +0200 Subject: [PATCH 40/47] Fix/ub 1722 soft link issue on uncleared node (#265) in this PR the issue that is solved is the following: as part of the mount there is a check made to see if there are any solf links pointing to the desired mount point ( to /ubiquity/WWN) -this is needed in order to not allow 2 pods to be attached to the same PVC. an issue may accur when one of those soft links is not actually active (for example of a pod moving to another node in the cluster and back to the original one due to shutdowns) - this is what this PR solves. beside checking if any soft links exists - a check is made to see if the mount point is mounted. if it is then this is a valid solf link and the current mount should fail. otherwise the current mount can continue un-interrupted. --- controller/controller.go | 34 +++++++++++++++++- controller/controller_internal_test.go | 49 ++++++++++++++++++++++++++ glide.yaml | 2 +- 3 files changed, 83 insertions(+), 2 deletions(-) diff --git a/controller/controller.go b/controller/controller.go index b6e09b54e..24b6eb92b 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -685,6 +685,28 @@ func getK8sPodsBaseDir(k8sMountPoint string) (string, error ){ return tempMountPoint, nil } +func checkMountPointIsMounted(mountPoint string, logger logs.Logger, executer utils.Executor) (bool, error){ + defer logger.Trace(logs.INFO, logs.Args{{"mountPoint", mountPoint}})() + + mountPointStat, err := executer.Stat(mountPoint) + if err != nil{ + return false, logger.ErrorRet(err, "Failed to get stat from k8s slink file.", logs.Args{{"k8sMountPoint", mountPoint}}) + } + + + rootDirStat, err := executer.Lstat(filepath.Dir(mountPoint)) + if err != nil{ + return false, logger.ErrorRet(err, "Failed to get stat from root directory.", logs.Args{{"directory", mountPoint}}) + } + + if executer.GetDeviceForFileStat(mountPointStat) != executer.GetDeviceForFileStat(rootDirStat){ + return true, nil + } + + return false, nil +} + + func checkSlinkAlreadyExistsOnMountPoint(mountPoint string, k8sMountPoint string, logger logs.Logger, executer utils.Executor) (error){ /* the mountpoint parameter is the actual mountpoint we are pointing to: /ubiquity/WWN @@ -729,7 +751,17 @@ func checkSlinkAlreadyExistsOnMountPoint(mountPoint string, k8sMountPoint string isSameFile := executer.IsSameFile(fileStat, mountStat) if isSameFile{ - slinks = append(slinks, file) + isInUse, err := checkMountPointIsMounted(mountPoint, logger, executer) + if err != nil { + logger.Warning("Failed to check whether slink is in use.", logs.Args{{"file", file}}) + continue + } + if isInUse{ + slinks = append(slinks, file) + } else { + logger.Warning("Found a different Pod that uses the same PVC, but the slink is pointing to a directory that is NOT mounted. It may be a stale POD", logs.Args{{"pod directory", k8sMountPoint}, {"link target directory", mountPoint}}) + } + } } diff --git a/controller/controller_internal_test.go b/controller/controller_internal_test.go index 1676f5be5..5c3cbf909 100644 --- a/controller/controller_internal_test.go +++ b/controller/controller_internal_test.go @@ -64,12 +64,23 @@ var _ = Describe("controller_internal_tests", func() { }) It("should return an error if this mountpoint already has links", func() { file := "/tmp/file1" + fakeExecutor.GetDeviceForFileStatReturnsOnCall(0, 12) + fakeExecutor.GetDeviceForFileStatReturnsOnCall(1, 15) fakeExecutor.GetGlobFilesReturns([]string{file}, nil) fakeExecutor.IsSameFileReturns(true) err:= checkSlinkAlreadyExistsOnMountPoint("mountPoint", mountPoint, logs.GetLogger(), fakeExecutor) Expect(err).ToNot(BeNil()) Expect(err).To(Equal(&PVIsAlreadyUsedByAnotherPod{"mountPoint", []string{file}})) }) + It("should not return an error if this mountpoint already has links that are not mounted", func() { + file := "/tmp/file1" + fakeExecutor.GetDeviceForFileStatReturnsOnCall(0, 12) + fakeExecutor.GetDeviceForFileStatReturnsOnCall(1, 12) + fakeExecutor.GetGlobFilesReturns([]string{file}, nil) + fakeExecutor.IsSameFileReturns(true) + err:= checkSlinkAlreadyExistsOnMountPoint("mountPoint", mountPoint, logs.GetLogger(), fakeExecutor) + Expect(err).To(BeNil()) + }) It("should return no errors if this mountpoint has only one links and it is the current pvc", func() { file := mountPoint fakeExecutor.GetGlobFilesReturns([]string{file}, nil) @@ -104,5 +115,43 @@ var _ = Describe("controller_internal_tests", func() { Expect(err).ToNot(HaveOccurred()) }) }) + Context(".checkMountPointIsMounted", func() { + var ( + fakeExecutor *fakes.FakeExecutor + mountPoint string + errstrObj error + ) + BeforeEach(func() { + fakeExecutor = new(fakes.FakeExecutor) + mountPoint = "/ubiquity/6001738CFC9035E8000000000091E219" + errstrObj = fmt.Errorf("An error ooccured") + }) + It("should return error if fails to get stat of mountpoint", func() { + fakeExecutor.StatReturnsOnCall(0, nil, errstrObj) + _, err := checkMountPointIsMounted(mountPoint, logs.GetLogger(), fakeExecutor) + Expect(err).To(HaveOccurred()) + Expect(err).To(Equal(errstrObj)) + }) + It("should return error if fails to get lstat of mountpoint/..", func() { + fakeExecutor.LstatReturnsOnCall(0, nil, errstrObj) + _, err := checkMountPointIsMounted(mountPoint, logs.GetLogger(), fakeExecutor) + Expect(err).To(HaveOccurred()) + Expect(err).To(Equal(errstrObj)) + }) + It("should return true if directory is mounted", func() { + fakeExecutor.GetDeviceForFileStatReturnsOnCall(0, 12) + fakeExecutor.GetDeviceForFileStatReturnsOnCall(1, 15) + res, err := checkMountPointIsMounted(mountPoint, logs.GetLogger(), fakeExecutor) + Expect(err).NotTo(HaveOccurred()) + Expect(res).To(BeTrue()) + }) + It("should return false if directory is not mounted", func() { + fakeExecutor.GetDeviceForFileStatReturnsOnCall(0, 12) + fakeExecutor.GetDeviceForFileStatReturnsOnCall(1, 12) + res, err := checkMountPointIsMounted(mountPoint, logs.GetLogger(), fakeExecutor) + Expect(err).NotTo(HaveOccurred()) + Expect(res).To(BeFalse()) + }) + }) }) diff --git a/glide.yaml b/glide.yaml index a7192c31d..4b605803c 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 95e25e89f30d43ef4cf7c287fe4efc4370563f56 + version: e698dedd85e5e3cc7f59f3ce1a1320c9b471ea21 subpackages: - remote - resources From 89ca21a88c38c558fec12c5431c80af14a0acd98 Mon Sep 17 00:00:00 2001 From: Ran Harel Date: Wed, 5 Dec 2018 17:01:53 +0200 Subject: [PATCH 41/47] UB-1731 - updated glide file --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index e1b791bcd..d42bff415 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: f37a22295ddae4d31e70209177df993e9d81fc5a + version: 3d199e2bb3a36ebe5615923b9015bc0d3f1a5cbb subpackages: - remote - resources From 1aefaf16a2fa5181cf9271543582c3209f14b595 Mon Sep 17 00:00:00 2001 From: Shay Berman Date: Wed, 5 Dec 2018 21:03:34 +0200 Subject: [PATCH 42/47] fix notices file with openssl 1.0.2q --- glide.yaml | 2 +- scripts/notices_file_for_ibm_storage_enabler_for_containers | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/glide.yaml b/glide.yaml index d42bff415..d24d20b2c 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 3d199e2bb3a36ebe5615923b9015bc0d3f1a5cbb + version: df516f6f4aa90b0a9836ae1f2e23dc2a43317ac4 subpackages: - remote - resources diff --git a/scripts/notices_file_for_ibm_storage_enabler_for_containers b/scripts/notices_file_for_ibm_storage_enabler_for_containers index cb2edee0d..cfeaf205d 100644 --- a/scripts/notices_file_for_ibm_storage_enabler_for_containers +++ b/scripts/notices_file_for_ibm_storage_enabler_for_containers @@ -8707,8 +8707,8 @@ INFORMATION @@@@@@@@@@@@ =========================================================================== -OpenSSL version 1.0.2p: The Program includes OpenSSL version 1.0.2p -software. IBM obtained the OpenSSL version 1.0.2p software under the +OpenSSL version 1.0.2q: The Program includes OpenSSL version 1.0.2q +software. IBM obtained the OpenSSL version 1.0.2q software under the terms and conditions of the following license(s): --------------------------------------------------------------------------- @@ -9229,7 +9229,7 @@ Copyright (c) 2004 Kungliga Tekniska Högskolan ======================================================================= -END OF OpenSSL version 1.0.2p NOTICES AND INFORMATION +END OF OpenSSL version 1.0.2q NOTICES AND INFORMATION ======================================================================= From d6ff33c37d60fd2e1af0e476b74438440c5b11c9 Mon Sep 17 00:00:00 2001 From: shay-berman Date: Wed, 5 Dec 2018 22:39:20 +0200 Subject: [PATCH 43/47] Update README to v2.0.0 (#257) - Align README file with version 2.0.0 (adding scale support, fix some syntax and new URL) - improve the scale md file with up to date examples by @deeghuge - Align glide with latest ubiquity --- README.md | 14 +- glide.yaml | 2 +- ibm-block-storage-via-sc.md | 10 +- ibm-spectrum-scale.md | 393 ++++++++++++++++++++++++++++++++---- 4 files changed, 368 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index 39e17ac67..995ef3536 100644 --- a/README.md +++ b/README.md @@ -7,14 +7,16 @@ This project includes components for managing [Kubernetes persistent storage](ht - Ubiquity Dynamic Provisioner for creating and deleting persistent volumes - Ubiquity FlexVolume Driver CLI for attaching and detaching persistent volumes -Currently, the following storage systems use Ubiquity: +The IBM official solution for Kubernetes, based on the Ubiquity project, is referred to as IBM Storage Enabler for Containers. You can download the installation package and its documentation from [IBM Fix Central](http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Storage+Enabler+for+Containers&release=All&platform=All&function=all&source=fc). + +Ubiquity supports the following storage systems: * IBM block storage. - The IBM block storage is supported for Kubernetes via IBM Spectrum Connect (3.4.0), previously known as IBM Spectrum Control Base Edition. Ubiquity communicates with the IBM storage systems through Spectrum Connect. Spectrum Connect creates a storage profile (for example, gold, silver or bronze) and makes it available for Kubernetes. For details about supported storage systems, refer to the latest Spectrum Connect release notes. + IBM block storage is supported for Kubernetes via IBM Spectrum Connect. Ubiquity communicates with the IBM storage systems through Spectrum Connect. Spectrum Connect creates a storage profile (for example, gold, silver or bronze) and makes it available for Kubernetes. - The IBM official solution for Kubernetes, based on the Ubiquity project, is referred to as IBM Storage Enabler for Containers. You can download the installation package and its documentation from [IBM Fix Central](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Connect&release=All&platform=Linux&function=all). For details on the IBM Storage Enabler for Containers, see the relevant sections in the Spectrum Connect user guide. +* IBM Spectrum Scale -* IBM Spectrum Scale, for testing only. + IBM Spectrum Scale file storage is supported for Kubernetes. Ubiquity communicates with IBM Spectrum Scale system directly via IBM Spectrum Scale management API v2. The code is provided as is, without warranty. Any issue will be handled on a best-effort basis. @@ -22,9 +24,9 @@ The code is provided as is, without warranty. Any issue will be handled on a bes ![Ubiquity Overview](images/ubiquity_architecture_draft_for_github.jpg) -Deployment description: +Main deployment description: * Ubiquity Kubernetes Dynamic Provisioner (ubiquity-k8s-provisioner) runs as a Kubernetes deployment with replica=1. - * Ubiquity Kubernetes FlexVolume (ubiquity-k8s-flex) runs as a Kubernetes daemonset on all the worker and master nodes. + * Ubiquity Kubernetes FlexVolume (ubiquity-k8s-flex) runs as a Kubernetes daemonset in all the worker and master nodes. * Ubiquity (ubiquity) runs as a Kubernetes deployment with replica=1. * Ubiquity database (ubiquity-db) runs as a Kubernetes deployment with replica=1. diff --git a/glide.yaml b/glide.yaml index d24d20b2c..12fcf9d1e 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: df516f6f4aa90b0a9836ae1f2e23dc2a43317ac4 + version: f203222e3190aca3de0bf851316a2de3b68efcad subpackages: - remote - resources diff --git a/ibm-block-storage-via-sc.md b/ibm-block-storage-via-sc.md index 380929c25..c4c304306 100644 --- a/ibm-block-storage-via-sc.md +++ b/ibm-block-storage-via-sc.md @@ -236,8 +236,8 @@ The creation of a Pod/Deployment causes the FlexVolume to: * Attach the volume to the host (This action triggered from the controller-manager on the master node.) * Rescan and discover the multipath device of the new volume * Create xfs or ext4 filesystem on the device (if filesystem does not exist on the volume) -* Mount the new multipath device on /ubiquity/[WWN of the volume] -* Create a symbolic link /var/lib/kubelet/pods/[POD-ID]/volumes/ibm~ubiquity-k8s-flex/[PVC-ID] -> /ubiquity/[WWN of the volume] +* Mount the new multipath device on `/ubiquity/[WWN of the volume]` +* Create a symbolic link `/var/lib/kubelet/pods/[POD-ID]/volumes/ibm~ubiquity-k8s-flex/[PVC-ID]` -> `/ubiquity/[WWN of the volume]` For example, to create a Pod `pod1` that uses the PVC `pvc1` that was already created: ```bash @@ -310,8 +310,8 @@ lrwxrwxrwx. 1 root root 42 Aug 13 22:41 pvc-254e4b5e-805d-11e7-a42b-005056a46c49 ### Deleting a Pod The Kuberenetes delete Pod command: -* Removes symbolic link /var/lib/kubelet/pods/[POD-ID]/volumes/ibm~ubiquity-k8s-flex/[PVC-ID] -> /ubiquity/[WWN of the volume] -* Unmounts the new multipath device on /ubiquity/[WWN of the volume] +* Removes symbolic link `/var/lib/kubelet/pods/[POD-ID]/volumes/ibm~ubiquity-k8s-flex/[PVC-ID]` -> `/ubiquity/[WWN of the volume]` +* Unmounts the new multipath device on `/ubiquity/[WWN of the volume]` * Removes the multipath device of the volume * Detaches (unmaps) the volume from the host * Rescans with cleanup mode to remove the physical device files of the detached volume @@ -411,7 +411,7 @@ Filesystem Size Used Available Use% Mounted on COOL ``` -- Delete the POD so Kubernetes will reschedule the POD on a diffrent node (node1) +- Delete the POD so Kubernetes will reschedule the POD on a different node (node1) ```bash #> kubectl delete pod $pod pod "sanity-deployment-75f959859f-dh979" deleted diff --git a/ibm-spectrum-scale.md b/ibm-spectrum-scale.md index a4e49044d..74b599dd2 100644 --- a/ibm-spectrum-scale.md +++ b/ibm-spectrum-scale.md @@ -1,57 +1,372 @@ # IBM Spectrum Scale -* [Deployment Prerequisities](#deployment-prerequisities) -* [Configuration](#configuring-ubiquity-docker-plugin-with-ubiquity-and-spectrum-scale) -* [Volume Creation](#volume-creation-using-spectrum-scale-storage-system) - * [Fileset Volumes](#creating-fileset-volumes) - * [Independent Fileset Volumes](#creating-independent-fileset-volumes) - * [Lightweight Volumes](#creating-lightweight-volumes) - * [Fileset with Quota Volumes](#creating-fileset-with-quota-volumes) +IBM Spectrum Scale can be used as persistent storage for Kubernetes via Ubiquity service. Ubiquity communicates with the IBM Spectrum Scale through IBM Spectrum Scale management api version 2. Filesets are created on IBM Spectrum Scale and made available for Ubiquity FlexVolume and Ubiquity Dynamic Provisioner. -## Deployment Prerequisities - * Spectrum-Scale - Ensure the Spectrum Scale client (NSD client) is installed and part of a Spectrum Scale cluster. - * NFS - Ensure hosts support mounting NFS file systems. +# Usage examples for Ubiquity Dynamic Provisioner and FlexVolume +The IBM official solution for Kubernetes, based on the Ubiquity project, is referred to as IBM Storage Enabler for Containers. You can download the installation package and its documentation (including full usage examples) from [IBM Fix Central](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Connect&release=All&platform=Linux&function=all). -## Ubiquity Dynamic Provisioner +Usage examples index: +* [Example 1 : Basic flow for running a stateful container in a pod](#example-1--basic-flow-for-running-a-stateful-container-with-ubiquity-volume) +* [Example 2 : Basic flow breakdown](#example-2--basic-flow-breakdown) +* [Example 3 : Deployment fail over](#example-3--deployment-fail-over-example) - -## Volume Creation usage -Volumes are dynamically provisioned by the dynamic provisioner. In order to have this functionality we need to create a storageClass that refers to the provisioner. Afterwards, we need to create PersistentVolumeClaims (PVC) that will be handled by the provisioner. -The provisioner will create volumes and bind them to the PVC. -### Available Storage Classes -These storage classes are described in the YAML files in `deploy` folder: -* spectrum-scale-fileset - described in `deploy/storage_class_fileset.yml`, it allows the dynamic provisioner to create volumes out of Spectrum Scale filesets. -* spectrum-scale-fileset-lightweight - described in `deploy/storage_class_lightweight.yml`, it allows the dynamic provisioner to create volumes out of sub-directories of filesets. +## Example 1 : Basic flow for running a stateful container with Ubiquity volume +Flow overview: +1. Create a StorageClass `spectrumscale-primaryfs` that refers to IBM Spectrum Scale filesystem `primaryfs`. +2. Create a PVC `pvc1` that uses the StorageClass `spectrumscale-primaryfs`. +3. Create a Pod `pod1` with container `container1` that uses PVC `pvc1`. +3. Write some data into file `/data/myDATA` in `pod1\container1`. +4. Delete the `pod1` and then create a new `pod1` with the same PVC and verify that the file `/data/myDATA` still exists. +5. Delete the `pod1` `pvc1`, `pv` and `spectrumscale-primaryfs`. -* spectrum-scale-fileset-nfs - described in `deploy/storage_class_fileset_nfs.yml`, it allows the dynamic provisioner to create volumes out of Spectrum Scale filesets based on NFS. +Relevant yml files (`storage-class-primaryfs.yml`, `pvc1.yml` and `pod1.yml`): +```bash +#> cat storage-class-primaryfs.yml pvc1.yml pod1.yml +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: "spectrumscale-primaryfs" + labels: + product: ibm-storage-enabler-for-containers +provisioner: "ubiquity/flex" +parameters: + backend: "spectrum-scale" + filesystem: "primaryfs" + type: fileset + + +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: "pvc1" +spec: + storageClassName: "spectrumscale-primaryfs" + accessModes: + - ReadWriteOnce # Ubiquity spectrum-scale backend supports ReadWriteOnce and ReadWriteMany mode. + resources: + requests: + storage: 1Gi # Size in Gi unit only + + +kind: Pod +apiVersion: v1 +metadata: + name: pod1 # Pod name +spec: + containers: + - name: container1 # Container name + image: alpine:latest + command: [ "/bin/sh", "-c", "--" ] + args: [ "while true; do sleep 30; done;" ] + volumeMounts: + - name: vol1 + mountPath: "/data" # Where to mount the vol1(pvc1) + restartPolicy: "Never" + volumes: + - name: vol1 + persistentVolumeClaim: + claimName: pvc1 +``` + +Running the basic flow: +```bash +#> kubectl create -f storage-class-primaryfs.yml -f pvc1.yml -f pod1.yml +storageclass "spectrumscale-primaryfs" created +persistentvolumeclaim "pvc1" created +pod "pod1" created + +#### Wait for PV to be created and pod1 to be in the Running state... + +#> kubectl get storageclass spectrumscale-primaryfs +NAME PROVISIONER AGE +spectrumscale-primaryfs ubiquity/flex 1m + +#> kubectl get pvc pvc1 +NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE +pvc1 Bound pvc-2073e8fd-f0bd-11e8-a8f1-000c29e45a24 1Gi RWO spectrumscale-primaryfs 1m + +#> kubectl get pv pvc-2073e8fd-f0bd-11e8-a8f1-000c29e45a24 +NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE +pvc-2073e8fd-f0bd-11e8-a8f1-000c29e45a24 1Gi RWO Delete Bound default/pvc1 spectrumscale-primaryfs 2m + +#> kubectl get pod pod1 +NAME READY STATUS RESTARTS AGE +pod1 1/1 Running 0 2m + +#> kubectl exec pod1 -c container1 -- sh -c "dd if=/dev/zero of=/data/myDATA bs=10M count=1" + +#> kubectl exec pod1 -c container1 -- sh -c "ls -l /data/myDATA" +-rw-r--r-- 1 root root 10485760 Nov 25 14:24 /data/myDATA + +#> kubectl delete -f pod1.yml +pod "pod1" deleted + +#### Wait for pod1 deletion... + +#> kubectl get pod pod1 +Error from server (NotFound): pods "pod1" not found + +#> kubectl create -f pod1.yml +pod "pod1" created + +#### Wait for pod1 to be in the Running state... + +#> kubectl get pod pod1 +NAME READY STATUS RESTARTS AGE +pod1 1/1 Running 0 46s + +#### Verify the /data/myDATA still exist + +#> kubectl exec pod1 -c container1 -- sh -c "ls -l /data/myDATA" +-rw-r--r-- 1 root root 10485760 Nov 25 14:24 /data/myDATA + +### Delete pod1, pvc1, pv and the spectrumscale-primaryfs +#> kubectl delete -f pod1.yml -f pvc1.yml -f storage-class-primaryfs.yml +pod "pod1" deleted +persistentvolumeclaim "pvc1" deleted +storageclass "spectrumscale-primaryfs" deleted +``` + + +## Example 2 : Basic flow breakdown +This section describes separate steps of the generic flow in greater detail. + + +### Creating a StorageClass +Create a StorageClass named `spectrumscale-primaryfs` that refers to a IBM Spectrum Scale filesystem `primaryfs` with fileset quota enabled. As a result, every volume from this StorageClass will be provisioned on the IBM Spectrum Scale and each volume is a fileset in a IBM Spectrum Scale filesystem. +```bash +#> cat storage-class-primaryfs.yml +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: "spectrumscale-primaryfs" + labels: + product: ibm-storage-enabler-for-containers +provisioner: "ubiquity/flex" +parameters: + backend: "spectrum-scale" + filesystem: "primaryfs" + type: fileset + +#> kubectl create -f storage-class-primaryfs.yml +storageclass "spectrumscale-primaryfs" created +``` + +List the newly created StorageClass: +```bash +#> kubectl get storageclass spectrumscale-primaryfs +NAME PROVISIONER AGE +spectrumscale-primaryfs ubiquity/flex 1m +``` + +### Creating a PersistentVolumeClaim +Create a PVC `pvc1` with size `1Gi` that uses the `spectrumscale-primaryfs` StorageClass: +```bash +#> cat pvc1.yml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: "pvc1" +spec: + storageClassName: "spectrumscale-primaryfs" + accessModes: + - ReadWriteOnce # Ubiquity IBM Spectrum Scale backend supports ReadWriteOnce and ReadWriteMany mode. + resources: + requests: + storage: 1Gi # Size in Gi unit only + +#> kubectl create -f pvc1.yml +persistentvolumeclaim "pvc1 created +``` + +Ubiquity Dynamic Provisioner automatically creates a PersistentVolume (PV) and binds it to the PVC. The PV name will be PVC-ID. The volume name on the storage will be `[PVC-ID]`. + +List a PersistentVolumeClaim and PersistentVolume +```bash +#> kubectl get pvc pvc1 +NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE +pvc1 Bound pvc-2073e8fd-f0bd-11e8-a8f1-000c29e45a24 1Gi RWO spectrumscale-primaryfs 1m -### Usage example: -In order to test the dynamic provisioner create a storage class: +#> kubectl get pv pvc-2073e8fd-f0bd-11e8-a8f1-000c29e45a24 +NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE +pvc-2073e8fd-f0bd-11e8-a8f1-000c29e45a24 1Gi RWO Delete Bound default/pvc1 spectrumscale-primaryfs 2m +``` + +### Create a Pod with an Ubiquity volume +The creation of a Pod/Deployment causes the FlexVolume to create a symbolic link /var/lib/kubelet/pods/[POD-ID]/volumes/ibm~ubiquity-k8s-flex/[PVC-ID] -> [fileset linkpath] + +For example, to create a Pod `pod1` that uses the PVC `pvc1` that was already created: +```bash +#> cat pod1.yml +kind: Pod +apiVersion: v1 +metadata: + name: pod1 # Pod name +spec: + containers: + - name: container1 # Container name + image: alpine:latest + command: [ "/bin/sh", "-c", "--" ] + args: [ "while true; do sleep 30; done;" ] + volumeMounts: + - name: vol1 + mountPath: "/data" # Where to mount the vol1(pvc1) + restartPolicy: "Never" + volumes: + - name: vol1 + persistentVolumeClaim: + claimName: pvc1 + +#> kubectl create -f pod1.yml +pod "pod1" created +``` + +Display the newly created `pod1` and write data to the persistent volume of `pod1`: +```bash +#> kubectl get pod pod1 +NAME READY STATUS RESTARTS AGE +pod1 1/1 Running 0 16m + +#> kubectl exec pod1 -c container1 -- sh -c "df -h /data" +Filesystem Size Used Available Use% Mounted on +primaryfs 100.0G 4.5G 95.5G 4% /data + +#> kubectl exec pod1 -c container1 -- sh -c "dd if=/dev/zero of=/data/myDATA bs=10M count=1" + +#> kubectl exec pod1 -c container1 -- sh -c "ls -l /data/myDATA" +-rw-r--r-- 1 root root 10485760 Nov 25 14:24 /data/myDATA +``` + +### Deleting a Pod +The Kuberenetes delete Pod command: +* Removes symbolic link /var/lib/kubelet/pods/[POD-ID]/volumes/ibm~ubiquity-k8s-flex/[PVC-ID] -> [fileset link path] + +For example: +```bash +#> kubectl delete pod pod1 +pod "pod1" deleted +``` + +### Removing a volume +Removing the PVC deletes the PVC and its PV. + +For example: +```bash +#> kubectl delete -f pvc1.yml +persistentvolumeclaim "pvc1" deleted +``` + +### Removing a StorageClass +For example: ```bash -kubectl create -f deploy/storage_class_fileset.yml +#> kubectl delete -f storage-class-primaryfs.yml +storageclass "spectrumscale-primaryfs" deleted ``` -The class is referring to `ubiquity/flex` as its provisioner. So this provisioner should be up and running in order to be able to dynamically create volumes. -`filesystem` parameter refers to the name of the filesystem to be used by the dynamic provisioner to create the volume. `backend` parameter is used to select the backend used by the system. -The `type` parameter is used to specify the type of volumes to be provisioned by spectrum-scale backend. -The following snippet shows a sample persistent volume claim for using dynamic provisioning: +## Example 3 : Deployment fail over example +This section describes how to run stateful Pod with k8s Deployment object and how the kubernetes schedule the pod on different node when the pod is deleted. + + +### Create the StorageClass (same as previous example). +```bash +#> kubectl create -f storage-class-primaryfs.yml +storageclass "spectrumscale-primaryfs" created +``` +### Create the PVC (same as previous example) ```bash -kubectl create -f deploy/pvc_fileset.yml +#> kubectl create -f pvc1.yml +persistentvolumeclaim "pvc1" created ``` -The claim is referring to `spectrum-scale-fileset` as the storage class to be used. -A persistent volume should be dynamically created and bound to the claim. +### Create Kubernetes Deployment with stateful POD (on node6) and write some data inside. +```bash +#> cat deployment1.yml +apiVersion: "extensions/v1" +kind: Deployment +metadata: + name: deployment1 +spec: + replicas: 1 + template: + metadata: + labels: + app: deployment1 + spec: + containers: + - name: container1 + image: alpine:latest + command: [ "/bin/sh", "-c", "--" ] + args: [ "while true; do sleep 30; done;" ] + volumeMounts: + - name: pvc + mountPath: "/data" + volumes: + - name: pvc + persistentVolumeClaim: + claimName: pvc1 + +#> kubectl create -f deployment1.yml +deployment "deployment1" created +#> kubectl get -o wide deploy,pod +NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR +deploy/deployment1 1 1 1 1 1m container1 alpine:latest app=deployment1 -## Ubiquity FlexVolume CLI +NAME READY STATUS RESTARTS AGE IP NODE +po/deployment1-df6dd77d4-6kb7k 1/1 Running 0 1m 10.244.3.48 node6 -### Configuring Ubiquity Docker Plugin with Ubiquity and Spectrum Scale - - In case you need Spectrum Scale with NFS connectivity add this 2 lines into the ubiquity-client.conf file. - -```toml -[SpectrumNfsRemoteConfig] -ClientConfig = "192.168.1.0/24(Access_Type=RW,Protocols=3:4,Transports=TCP:UDP)" +#> pod=`kubectl get pod | awk '/deployment1/{print $1}'` +#> echo $pod +deployment1-df6dd77d4-6kb7k + +#> kubectl exec $pod -- /bin/sh -c "echo COOL > /data/file" +#> kubectl exec $pod -- /bin/sh -c "cat /data/file" +COOL ``` -Where the ClientConfig contains the CIDR that the node where the volume will be mounted belongs to. + +### Delete the POD so Kubernetes will reschedule the POD on a diffrent node(node5). +```bash +#> kubectl delete pod $pod +pod "deployment1-df6dd77d4-6kb7k" deleted +#> kubectl get -o wide deploy,pod +NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR +deploy/deployment1 1 1 1 0 4m container1 alpine:latest app=deployment1 + +NAME READY STATUS RESTARTS AGE IP NODE +po/deployment1-df6dd77d4-6kb7k 1/1 Terminating 0 4m 10.244.3.48 node6 +po/deployment1-df6dd77d4-ngfdp 0/1 ContainerCreating 0 23s node5 + +############# +## Wait a few seconds +############# + +#> kubectl get -o wide deploy,pod +NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR +deploy/deployment1 1 1 1 1 5m container1 alpine:latest app=deployment1 + +NAME READY STATUS RESTARTS AGE IP NODE +po/deployment1-df6dd77d4-ngfdp 1/1 Running 0 1m 10.244.2.47 node5 + +############# +## Now check data remains +############# +#> pod=`kubectl get pod | awk '/deployment1/{print $1}'` +#> echo $pod +deployment1-df6dd77d4-ngfdp +#> kubectl exec $pod -- /bin/sh -c "cat /data/file" +COOL + +``` + +### Tier down the Deployment, PVC, PV and StorageClass. +```bash +#> kubectl delete -f deployment1.yml -f pvc1.yml -f storage-class-primaryfs.yml +deployment "deployment1" deleted +persistentvolumeclaim "pvc1" deleted +storageclass "spectrumscale-primaryfs" deleted +``` + +
+ +**Note:** For detailed usage examples, refer to the IBM Storage Enabler for Containers [user guide](https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Connect&release=All&platform=Linux&function=all). From effd2c3049a86c8a30c78762db2e13bb033bc63f Mon Sep 17 00:00:00 2001 From: shay-berman Date: Thu, 6 Dec 2018 13:40:27 +0200 Subject: [PATCH 44/47] Fixing installer for ssl-mode=verify-full (#268) Fixed installer for ssl-mode=verify-full Fixed the steps mentioned at the end of create-secrets-for-certificates step Fixed the names used by create_serviceaccount_and_clusterroles for existence check --- .../ubiquity_installer.sh | 17 +++++++++-------- .../ubiquity_lib.sh | 7 +++---- .../yamls/ubiquity-deployment.yml | 4 ++-- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh index a364e60ab..7a4a21d26 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_installer.sh @@ -326,11 +326,12 @@ function create-services() echo "Finished creating namespace, ${UBIQUITY_SERVICE_NAME} service and ${UBIQUITY_DB_SERVICE_NAME} service" echo "Attention: To complete the $PRODUCT_NAME installation with SSL_MODE=verify-full:" echo " Prerequisite:" - echo " (1) Generate dedicated certificates for 'ubiquity', 'ubiquity-db' and SCBE, using specific file names" + echo " (1) Generate dedicated certificates for 'ubiquity','ubiquity-db' and SCBE/SPECTRUMSCALE, using specific file names" echo " (2) Create secrets and ConfigMap to store the certificates and trusted CA files by running::" echo " $> $0 -s create-secrets-for-certificates -t -n $NS" echo " Complete the installation:" - echo " (1) $> $0 -s install -n $NS" + echo " (1) $> $0 -s update-ymls -c -n $NS" + echo " (2) $> $0 -s install -n $NS" echo "" } @@ -359,11 +360,11 @@ function create-secrets-for-certificates() if [ -z "$backend_from_configmap" ]; then # Assuming configmap does not exist, so no possibility of finding for backend from configmap. # check is ca-cert for spectrumscale exist in $CERT_DIR - if [ "-f $CERT_DIR/spectrumscale-trusted-ca.crt" ]; then + if [ -f "$CERT_DIR/spectrumscale-trusted-ca.crt" ]; then backend_cacert_file="spectrumscale-trusted-ca.crt" fi # check is ca-cert for scbe exist in $CERT_DIR - if [ "-f $CERT_DIR/scbe-trusted-ca.crt" ]; then + if [ -f "$CERT_DIR/scbe-trusted-ca.crt" ]; then backend_cacert_file="scbe-trusted-ca.crt" fi @@ -375,11 +376,11 @@ function create-secrets-for-certificates() fi else if [ "$backend_from_configmap" == "spectrumscale" ]; then - backend_cacert_file=" spectrumscale-trusted-ca.crt" + backend_cacert_file="spectrumscale-trusted-ca.crt" fi if [ "$backend_from_configmap" == "spectrumconnect" ]; then - backend_cacert_file=" scbe-trusted-ca.crt" + backend_cacert_file="scbe-trusted-ca.crt" fi fi expected_cert_files+=" $backend_cacert_file" @@ -403,11 +404,11 @@ function create-secrets-for-certificates() kubectl create secret $nsf generic ubiquity-private-certificate --from-file=ubiquity.key --from-file=ubiquity.crt ca_cert_files="--from-file=ubiquity-db-trusted-ca.crt=ubiquity-db-trusted-ca.crt --from-file=ubiquity-trusted-ca.crt=ubiquity-trusted-ca.crt" - if [ $backend_cacert_file == "spectrumscale" ]; then + if [ $backend_cacert_file == "spectrumscale-trusted-ca.crt" ]; then ca_cert_files+=" --from-file=spectrumscale-trusted-ca.crt=spectrumscale-trusted-ca.crt" fi - if [ $backend_cacert_file == "spectrumconnect" ]; then + if [ $backend_cacert_file == "scbe-trusted-ca.crt" ]; then ca_cert_files+=" --from-file=scbe-trusted-ca.crt=scbe-trusted-ca.crt" fi kubectl create configmap $nsf ubiquity-public-certificates $ca_cert_files diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh index 941bc7c4c..5bac969e0 100755 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/ubiquity_lib.sh @@ -24,10 +24,9 @@ NO_RESOURCES_STR="No resources found." PVC_GOOD_STATUS=Bound UBIQUITY_DEFAULT_NAMESPACE="ubiquity" UBIQUITY_SERVICE_NAME="ubiquity" -UBIQUITY_SERVICEACCOUNT_NAME="ubiquity" -UBIQUITY_CLUSTERROLES_NAME="ubiquity" -UBIQUITY_CLUSTERROLESBINDING_NAME="ubiquity" -UBIQUITY_SERVICEACCOUNT_NAME="ubiquity" +UBIQUITY_SERVICEACCOUNT_NAME="ubiquity-k8s-provisioner" +UBIQUITY_CLUSTERROLES_NAME="ubiquity-k8s-provisioner" +UBIQUITY_CLUSTERROLESBINDING_NAME="ubiquity-k8s-provisioner" UBIQUITY_DB_SERVICE_NAME="ubiquity-db" PRODUCT_NAME="IBM Storage Enabler for Containers" EXIT_WAIT_TIMEOUT_MESSAGE="Error: Script exits due to wait timeout." diff --git a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-deployment.yml b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-deployment.yml index 80624c83a..5bc8cc535 100644 --- a/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-deployment.yml +++ b/scripts/installer-for-ibm-storage-enabler-for-containers/yamls/ubiquity-deployment.yml @@ -208,5 +208,5 @@ spec: # Cert # path: ubiquity-db-trusted-ca.crt # SCBE Cert # - key: scbe-trusted-ca.crt # SCBE Cert # path: scbe-trusted-ca.crt -# SPECTRUMSCALE Cert # - key: scbe-trusted-ca.crt -# SPECTRUMSCALE Cert # path: scbe-trusted-ca.crt +# SPECTRUMSCALE Cert # - key: spectrumscale-trusted-ca.crt +# SPECTRUMSCALE Cert # path: spectrumscale-trusted-ca.crt From 4cfc44d309e5e47fd541f9b479654d5efb4fca66 Mon Sep 17 00:00:00 2001 From: shay-berman Date: Thu, 6 Dec 2018 15:19:48 +0200 Subject: [PATCH 45/47] Update glide.yml with ubiquity repo (#270) Due to master merge conflict. --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index 12fcf9d1e..6376ae47b 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: f203222e3190aca3de0bf851316a2de3b68efcad + version: ae2f7c461899526ccdfb69a597e2ef2eecbb5ff8 subpackages: - remote - resources From ec15e456f338bbe08d01896b0fc5293f280b52be Mon Sep 17 00:00:00 2001 From: olgasht Date: Thu, 13 Dec 2018 10:33:44 +0200 Subject: [PATCH 46/47] Update glide yaml after changes to : UB-1761, UB-1760, UB-1757, UB-1543 --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index 6376ae47b..212a7fd9c 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: ae2f7c461899526ccdfb69a597e2ef2eecbb5ff8 + version: 81950e3745565235bedf3d600eee9a5cded53158 subpackages: - remote - resources From 05ef19024cfeff1eb408dd7c78bf9e29dbfb9223 Mon Sep 17 00:00:00 2001 From: Shay Berman Date: Wed, 19 Dec 2018 11:17:16 +0200 Subject: [PATCH 47/47] glide.yml update with latest ubiquity repo from master --- glide.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glide.yaml b/glide.yaml index 212a7fd9c..987dad662 100644 --- a/glide.yaml +++ b/glide.yaml @@ -110,7 +110,7 @@ import: subpackages: - lib - package: github.com/IBM/ubiquity - version: 81950e3745565235bedf3d600eee9a5cded53158 + version: e031aec6d2ae42da94d3a9ba0c4922a2dc470e5b subpackages: - remote - resources