Browse Source

Open MAAS proxy ACL

- Allow requests from any source through the MAAS proxy
  so that traffic routed through maas-ingress will work

Change-Id: I91e40789ad45c0ea75c54eccbf37931156b224e3
Scott Hussey 3 months ago
parent
commit
7f50e96ff3

+ 10
- 0
images/maas-region-controller/2.3_proxy_acl.patch View File

@@ -0,0 +1,10 @@
1
+18,24c18
2
+< http_access allow maas_proxy_manager localhost
3
+< http_access deny maas_proxy_manager
4
+< http_access deny !Safe_ports
5
+< http_access deny CONNECT !SSL_ports
6
+< http_access allow localnet
7
+< http_access allow localhost
8
+< http_access deny all
9
+---
10
+> http_access allow all

+ 5
- 0
images/maas-region-controller/Dockerfile View File

@@ -69,12 +69,17 @@ COPY 2.3_bios_grub_preseed.patch /tmp/2.3_bios_grub_preseed.patch
69 69
 COPY 2.3_maas_enlist.patch /tmp/2.3_maas_enlist.patch
70 70
 # sh8121att: patch so that interfaces with MAC 00:00:00:00:00:00 omit the MAC address
71 71
 COPY 2.3_mac_address.patch /tmp/2.3_mac_address.patch
72
+# sh8121att: allow all requests via the proxy to allow it to work
73
+# behind ingress
74
+COPY 2.3_proxy_acl.patch /tmp/2.3_proxy_acl.patch
72 75
 RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/2.3_route.patch
73 76
 RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/2.3_kernel_package.patch
74 77
 RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch partition.py < /tmp/2.3_bios_grub_partition.patch
75 78
 RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_storage.py < /tmp/2.3_bios_grub_preseed.patch
76 79
 RUN cd /usr/lib/python3/dist-packages/metadataserver/user_data/templates/snippets && patch maas_enlist.sh < /tmp/2.3_maas_enlist.patch
77 80
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch ipaddr.py < /tmp/2.3_mac_address.patch
81
+RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch ipaddr.py < /tmp/2.3_mac_address.patch
82
+RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/proxy && patch maas-proxy.conf.template < /tmp/2.3_proxy_acl.patch
78 83
 
79 84
 COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
80 85
 RUN mkdir -p /etc/systemd/system/basic.target.wants ;\

Loading…
Cancel
Save