Upgrade MAAS
This PS upgrades maas to version 3.2 (focal) and also adds maas version 3.4 (jammy) Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com> Change-Id: If5fffa59f547d4b19d7c0f086204800e9144d952
This commit is contained in:
parent
ba3657c0c1
commit
a2cc9609d1
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,3 +1,5 @@
|
|||||||
# Distribution / packaging
|
# Distribution / packaging
|
||||||
build/
|
build/
|
||||||
*.tgz
|
*.tgz
|
||||||
|
charts/deps/
|
||||||
|
!charts/deps/.gitkeep
|
||||||
|
@ -15,7 +15,8 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
description: Chart to run Canonical MaaS
|
description: Chart to run Canonical MaaS
|
||||||
name: maas
|
name: maas
|
||||||
version: 0.1.5
|
version: 0.1.6
|
||||||
|
appVersion: 3.2.9
|
||||||
home: https://docs.ubuntu.com/maas
|
home: https://docs.ubuntu.com/maas
|
||||||
sources:
|
sources:
|
||||||
- https://git.launchpad.net/maas
|
- https://git.launchpad.net/maas
|
||||||
|
6
charts/maas/requirements.lock
Normal file
6
charts/maas/requirements.lock
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
dependencies:
|
||||||
|
- name: helm-toolkit
|
||||||
|
repository: file://../deps/helm-toolkit
|
||||||
|
version: 0.2.54
|
||||||
|
digest: sha256:ffbfe5c88704dc3f39eaea0b97f2355de43e9667bec2385bd1a0bc5771ff32f3
|
||||||
|
generated: "2023-08-11T09:29:34.123882-04:00"
|
19
charts/maas/templates/bin/_enable-tls.sh.tpl
Normal file
19
charts/maas/templates/bin/_enable-tls.sh.tpl
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
maas config-tls enable --yes --port 5240 --cacert /etc/maas/ssl/ca.crt /etc/maas/ssl/tls.key /etc/maas/ssl/tls.crt
|
@ -23,173 +23,161 @@ JOB_TIMEOUT=${JOB_TIMEOUT:-900}
|
|||||||
RETRY_TIMER=${RETRY_TIMER:-30}
|
RETRY_TIMER=${RETRY_TIMER:-30}
|
||||||
|
|
||||||
function timer {
|
function timer {
|
||||||
retry_wait=$1
|
retry_wait=$1
|
||||||
shift
|
shift
|
||||||
|
|
||||||
while [[ ${JOB_TIMEOUT} -gt 0 ]]
|
while [[ ${JOB_TIMEOUT} -gt 0 ]]; do
|
||||||
do
|
"$@"
|
||||||
"$@"
|
rc=$?
|
||||||
rc=$?
|
if [ $rc -eq 0 ]; then
|
||||||
if [ $rc -eq 0 ]
|
return $rc
|
||||||
then
|
else
|
||||||
return $rc
|
JOB_TIMEOUT=$((JOB_TIMEOUT - retry_wait))
|
||||||
else
|
sleep $retry_wait
|
||||||
JOB_TIMEOUT=$(($JOB_TIMEOUT - $retry_wait))
|
fi
|
||||||
sleep $retry_wait
|
done
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
return 124
|
return 124
|
||||||
}
|
}
|
||||||
|
|
||||||
function import_resources {
|
function import_resources {
|
||||||
check_for_download
|
check_for_download
|
||||||
rc=$?
|
rc=$?
|
||||||
|
|
||||||
if [ $rc -ne 0 ]
|
if [ $rc -ne 0 ]; then
|
||||||
then
|
echo "Starting image import try ${import_tries}..."
|
||||||
echo "Starting image import try ${import_tries}..."
|
maas ${ADMIN_USERNAME} boot-resources import
|
||||||
maas ${ADMIN_USERNAME} boot-resources import
|
sleep 30
|
||||||
sleep 30
|
check_for_download
|
||||||
check_for_download
|
rc=$?
|
||||||
rc=$?
|
fi
|
||||||
fi
|
|
||||||
|
|
||||||
return $rc
|
return $rc
|
||||||
}
|
}
|
||||||
|
|
||||||
function start_import {
|
function start_import {
|
||||||
timer "$RETRY_TIMER" import_resources
|
timer "$RETRY_TIMER" import_resources
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_for_download {
|
function check_for_download {
|
||||||
if maas ${ADMIN_USERNAME} boot-resources is-importing | grep -q 'true';
|
if maas ${ADMIN_USERNAME} boot-resources is-importing | grep -q 'true'; then
|
||||||
then
|
echo -e '\nBoot resources currently importing\n'
|
||||||
echo -e '\nBoot resources currently importing\n'
|
return 1
|
||||||
return 1
|
else
|
||||||
else
|
synced_imgs=$(maas ${ADMIN_USERNAME} boot-resources read | tail -n +1 | jq '.[] | select( .type | contains("Synced")) | .name ' | grep -c $MAAS_DEFAULT_DISTRO)
|
||||||
synced_imgs=$(maas ${ADMIN_USERNAME} boot-resources read | tail -n +1 | jq ".[] | select( .type | contains(\"Synced\")) | .name " | grep -c $MAAS_DEFAULT_DISTRO)
|
if [[ $synced_imgs -gt 0 ]]; then
|
||||||
if [[ $synced_imgs -gt 0 ]]
|
echo 'Boot resources have completed importing'
|
||||||
then
|
return 0
|
||||||
echo 'Boot resources have completed importing'
|
else
|
||||||
return 0
|
echo 'Import failed!'
|
||||||
else
|
return 1
|
||||||
echo 'Import failed!'
|
fi
|
||||||
return 1
|
fi
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_then_set_single {
|
function check_then_set_single {
|
||||||
option="$1"
|
option="$1"
|
||||||
value="$2"
|
value="$2"
|
||||||
|
|
||||||
cur_val=$(maas ${ADMIN_USERNAME} maas get-config name=${option} | tail -1 | tr -d '"')
|
cur_val=$(maas ${ADMIN_USERNAME} maas get-config name=${option} | tail -1 | tr -d '"')
|
||||||
desired_val=$(echo ${value} | tr -d '"')
|
desired_val=$(echo ${value} | tr -d '"')
|
||||||
|
|
||||||
if [[ $cur_val != $desired_val ]]
|
if [[ $cur_val != $desired_val ]]; then
|
||||||
then
|
echo "Setting MAAS option ${option} to ${desired_val}"
|
||||||
echo "Setting MAAS option ${option} to ${desired_val}"
|
maas ${ADMIN_USERNAME} maas set-config name=${option} value=${desired_val}
|
||||||
maas ${ADMIN_USERNAME} maas set-config name=${option} value=${desired_val}
|
return $?
|
||||||
return $?
|
else
|
||||||
else
|
echo "MAAS option ${option} already set to ${cur_val}"
|
||||||
echo "MAAS option ${option} already set to ${cur_val}"
|
return 0
|
||||||
return 0
|
fi
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_then_set {
|
function check_then_set {
|
||||||
option=$1
|
option=$1
|
||||||
value=$2
|
value=$2
|
||||||
|
|
||||||
timer "$RETRY_TIMER" check_then_set_single "$option" "$value"
|
timer "$RETRY_TIMER" check_then_set_single "$option" "$value"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Get rack controllers reporting a healthy rackd
|
# Get rack controllers reporting a healthy rackd
|
||||||
function get_active_rack_controllers {
|
function get_active_rack_controllers {
|
||||||
maas ${ADMIN_USERNAME} rack-controllers read | jq -r 'map({"system_id":.system_id,"service_set":(.service_set[] | select(.name=="rackd"))}) | map(select(.service_set.status == "running")) | .[] | .system_id'
|
maas ${ADMIN_USERNAME} rack-controllers read | jq -r 'map({"system_id":.system_id,"service_set":(.service_set[] | select(.name=="rackd"))}) | map(select(.service_set.status == "running")) | .[] | .system_id'
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_for_rack_sync_single {
|
function check_for_rack_sync_single {
|
||||||
sync_list=""
|
sync_list=""
|
||||||
|
|
||||||
rack_list=$(get_active_rack_controllers)
|
rack_list=$(get_active_rack_controllers)
|
||||||
for rack_id in ${rack_list}
|
for rack_id in ${rack_list}; do
|
||||||
do
|
selected_imgs=$(maas ${ADMIN_USERNAME} rack-controller list-boot-images ${rack_id} | tail -n +1 | jq ".images[] | select( .name | contains(\"${MAAS_DEFAULT_DISTRO}\")) | .name")
|
||||||
selected_imgs=$(maas ${ADMIN_USERNAME} rack-controller list-boot-images ${rack_id} | tail -n +1 | jq ".images[] | select( .name | contains(\"${MAAS_DEFAULT_DISTRO}\")) | .name")
|
synced_ctlr=$(maas ${ADMIN_USERNAME} rack-controller list-boot-images ${rack_id} | tail -n +1 | jq '.status == "synced"')
|
||||||
synced_ctlr=$(maas ${ADMIN_USERNAME} rack-controller list-boot-images ${rack_id} | tail -n +1 | jq '.status == "synced"')
|
if [[ $synced_ctlr == "true" && -n ${selected_imgs} ]]; then
|
||||||
if [[ $synced_ctlr == "true" && ! -z ${selected_imgs} ]]
|
sync_list=$(echo -e "${sync_list}\n${rack_id}" | sort | uniq)
|
||||||
then
|
else
|
||||||
sync_list=$(echo -e "${sync_list}\n${rack_id}" | sort | uniq)
|
maas ${ADMIN_USERNAME} rack-controller import-boot-images ${rack_id}
|
||||||
else
|
fi
|
||||||
maas ${ADMIN_USERNAME} rack-controller import-boot-images ${rack_id}
|
if [[ $(echo -e "${rack_list}" | sort | uniq | grep -v '^$') == $(echo -e "${sync_list}" | sort | uniq | grep -v '^$') ]]; then
|
||||||
fi
|
return 0
|
||||||
if [[ $(echo -e "${rack_list}" | sort | uniq | grep -v '^$' ) == $(echo -e "${sync_list}" | sort | uniq | grep -v '^$') ]]
|
fi
|
||||||
then
|
done
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_for_rack_sync {
|
function check_for_rack_sync {
|
||||||
timer "$RETRY_TIMER" check_for_rack_sync_single
|
timer "$RETRY_TIMER" check_for_rack_sync_single
|
||||||
}
|
}
|
||||||
|
|
||||||
function configure_proxy {
|
function configure_proxy {
|
||||||
check_then_set enable_http_proxy ${MAAS_PROXY_ENABLED}
|
check_then_set enable_http_proxy ${MAAS_PROXY_ENABLED}
|
||||||
check_then_set use_peer_proxy ${MAAS_PEER_PROXY_ENABLED}
|
check_then_set use_peer_proxy ${MAAS_PEER_PROXY_ENABLED}
|
||||||
check_then_set http_proxy ${MAAS_PROXY_SERVER}
|
check_then_set http_proxy ${MAAS_PROXY_SERVER}
|
||||||
check_then_set maas_proxy_port ${MAAS_INTERNAL_PROXY_PORT}
|
check_then_set maas_proxy_port ${MAAS_INTERNAL_PROXY_PORT}
|
||||||
}
|
}
|
||||||
|
|
||||||
function configure_ntp {
|
function configure_ntp {
|
||||||
check_then_set ntp_servers ${MAAS_NTP_SERVERS}
|
check_then_set ntp_servers ${MAAS_NTP_SERVERS}
|
||||||
check_then_set ntp_external_only ${MAAS_NTP_EXTERNAL_ONLY}
|
check_then_set ntp_external_only ${MAAS_NTP_EXTERNAL_ONLY}
|
||||||
}
|
}
|
||||||
|
|
||||||
function configure_dns {
|
function configure_dns {
|
||||||
check_then_set dnssec_validation ${MAAS_DNS_DNSSEC_REQUIRED}
|
check_then_set dnssec_validation ${MAAS_DNS_DNSSEC_REQUIRED}
|
||||||
check_then_set upstream_dns ${MAAS_DNS_SERVERS}
|
check_then_set upstream_dns ${MAAS_DNS_SERVERS}
|
||||||
}
|
}
|
||||||
|
|
||||||
function configure_syslog {
|
function configure_syslog {
|
||||||
check_then_set remote_syslog ${MAAS_REMOTE_SYSLOG}
|
check_then_set remote_syslog ${MAAS_REMOTE_SYSLOG}
|
||||||
}
|
}
|
||||||
|
|
||||||
function configure_images {
|
function configure_images {
|
||||||
check_for_rack_sync
|
check_for_rack_sync
|
||||||
|
|
||||||
if [[ $? -eq 124 ]]
|
if [[ $? -eq 124 ]]; then
|
||||||
then
|
echo "Timed out waiting for rack controller sync."
|
||||||
echo "Timed out waiting for rack controller sync."
|
return 1
|
||||||
return 1
|
fi
|
||||||
fi
|
|
||||||
|
|
||||||
check_then_set default_osystem ${MAAS_DEFAULT_OS}
|
check_then_set default_osystem ${MAAS_DEFAULT_OS}
|
||||||
check_then_set commissioning_distro_series ${MAAS_DEFAULT_DISTRO}
|
check_then_set commissioning_distro_series ${MAAS_DEFAULT_DISTRO}
|
||||||
check_then_set default_distro_series ${MAAS_DEFAULT_DISTRO}
|
check_then_set default_distro_series ${MAAS_DEFAULT_DISTRO}
|
||||||
check_then_set default_min_hwe_kernel ${MAAS_DEFAULT_KERNEL}
|
check_then_set default_min_hwe_kernel ${MAAS_DEFAULT_KERNEL}
|
||||||
}
|
}
|
||||||
|
|
||||||
function configure_boot_sources {
|
function configure_boot_sources {
|
||||||
if [[ $USE_IMAGE_CACHE == 'true' ]]
|
if [[ $USE_IMAGE_CACHE == 'true' ]]; then
|
||||||
then
|
maas ${ADMIN_USERNAME} boot-source update 1 url=http://localhost:8888/maas/images/ephemeral-v3/daily/
|
||||||
maas ${ADMIN_USERNAME} boot-source update 1 url=http://localhost:8888/maas/images/ephemeral-v3/daily/
|
fi
|
||||||
fi
|
|
||||||
|
|
||||||
selected_releases="$(maas ${ADMIN_USERNAME} boot-source-selections read 1 | jq -r '.[] | .release')"
|
selected_releases="$(maas ${ADMIN_USERNAME} boot-source-selections read 1 | jq -r '.[] | .release')"
|
||||||
|
|
||||||
if ! echo "${selected_releases}" | grep -q "${MAAS_DEFAULT_DISTRO}"
|
if ! echo "${selected_releases}" | grep -q "${MAAS_DEFAULT_DISTRO}"; then
|
||||||
then
|
# Need to start an import to get the availability data
|
||||||
# Need to start an import to get the availability data
|
maas "$ADMIN_USERNAME" boot-resources import
|
||||||
maas "$ADMIN_USERNAME" boot-resources import
|
if ! maas ${ADMIN_USERNAME} boot-source-selections create 1 os="${MAAS_DEFAULT_OS}" \
|
||||||
if ! maas ${ADMIN_USERNAME} boot-source-selections create 1 os="${MAAS_DEFAULT_OS}" \
|
release="${MAAS_DEFAULT_DISTRO}" arches="amd64" subarches='*' labels='*' | grep -q 'Success'; then
|
||||||
release="${MAAS_DEFAULT_DISTRO}" arches="amd64" subarches='*' labels='*' | grep -q 'Success'; then
|
return 1
|
||||||
return 1
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function create_extra_commissioning_script {
|
function create_extra_commissioning_script {
|
||||||
@ -215,21 +203,24 @@ EOF
|
|||||||
}
|
}
|
||||||
|
|
||||||
function configure_extra_settings {
|
function configure_extra_settings {
|
||||||
{{- range $k, $v := .Values.conf.maas.extra_settings }}
|
{{- range $k, $v := .Values.conf.maas.extra_settings }}
|
||||||
check_then_set {{$k}} {{$v}}
|
check_then_set {{$k}} {{$v}}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
: No additional MAAS config
|
: No additional MAAS config
|
||||||
{{- end }}
|
{{- end }}
|
||||||
}
|
}
|
||||||
|
|
||||||
function maas_login {
|
function maas_login {
|
||||||
KEY=$(maas-region apikey --username=${ADMIN_USERNAME})
|
KEY=$(maas-region apikey --username=${ADMIN_USERNAME})
|
||||||
if [ -z "$KEY" ]
|
if [ -z "$KEY" ]; then
|
||||||
then
|
return 1
|
||||||
return 1
|
fi
|
||||||
fi
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
maas login ${ADMIN_USERNAME} ${MAAS_ENDPOINT} $KEY
|
maas login --cacerts /usr/local/share/ca-certificates/maas-ca.crt ${ADMIN_USERNAME} ${MAAS_ENDPOINT} $KEY
|
||||||
return $?
|
{{- else }}
|
||||||
|
maas login ${ADMIN_USERNAME} ${MAAS_ENDPOINT} $KEY
|
||||||
|
{{- end }}
|
||||||
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
timer "$RETRY_TIMER" maas_login
|
timer "$RETRY_TIMER" maas_login
|
||||||
@ -245,10 +236,9 @@ create_extra_commissioning_script
|
|||||||
timer "$RETRY_TIMER" configure_boot_sources
|
timer "$RETRY_TIMER" configure_boot_sources
|
||||||
start_import
|
start_import
|
||||||
|
|
||||||
if [[ $? -eq 0 ]]
|
if [[ $? -eq 0 ]]; then
|
||||||
then
|
configure_images
|
||||||
configure_images
|
|
||||||
else
|
else
|
||||||
echo "Image import FAILED!"
|
echo "Image import FAILED!"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
@ -18,78 +18,74 @@
|
|||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
function check_boot_images {
|
function check_boot_images {
|
||||||
if maas local boot-resources is-importing | grep -q 'true';
|
if maas local boot-resources is-importing | grep -q 'true'; then
|
||||||
then
|
echo -e '\nBoot resources currently importing\n'
|
||||||
echo -e '\nBoot resources currently importing\n'
|
return 1
|
||||||
return 1
|
else
|
||||||
else
|
synced_imgs=$(maas local boot-resources read | tr -d '\n' | grep -oE '{[^}]+}' | grep ubuntu | grep -c Synced)
|
||||||
synced_imgs=$(maas local boot-resources read | tr -d '\n' | grep -oE '{[^}]+}' | grep ubuntu | grep -c Synced)
|
if [[ $synced_imgs -gt 0 ]]; then
|
||||||
if [[ $synced_imgs -gt 0 ]]
|
echo 'Boot resources have completed importing'
|
||||||
then
|
return 0
|
||||||
echo 'Boot resources have completed importing'
|
else
|
||||||
return 0
|
return 1
|
||||||
else
|
fi
|
||||||
return 1
|
fi
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_rack_controllers {
|
function check_rack_controllers {
|
||||||
rack_cnt=$(maas local rack-controllers read | grep -c hostname)
|
rack_cnt=$(maas local rack-controllers read | grep -c hostname)
|
||||||
if [[ $rack_cnt -gt 0 ]]
|
if [[ $rack_cnt -gt 0 ]]; then
|
||||||
then
|
echo "Found $rack_cnt rack controllers."
|
||||||
echo "Found $rack_cnt rack controllers."
|
return 0
|
||||||
return 0
|
else
|
||||||
else
|
return 1
|
||||||
return 1
|
fi
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_admin_api {
|
function check_admin_api {
|
||||||
if maas local version read;
|
if maas local version read; then
|
||||||
then
|
echo 'Admin API is responding'
|
||||||
echo 'Admin API is responding'
|
return 0
|
||||||
return 0
|
else
|
||||||
else
|
return 1
|
||||||
return 1
|
fi
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function establish_session {
|
function establish_session {
|
||||||
maas login local ${MAAS_URL} ${MAAS_API_KEY}
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
return $?
|
maas login --cacerts /usr/local/share/ca-certificates/maas-ca.crt local ${MAAS_URL} ${MAAS_API_KEY}
|
||||||
|
{{- else }}
|
||||||
|
maas login local ${MAAS_URL} ${MAAS_API_KEY}
|
||||||
|
{{- end }}
|
||||||
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
establish_session
|
establish_session
|
||||||
|
|
||||||
if [[ $? -ne 0 ]]
|
if [[ $? -ne 0 ]]; then
|
||||||
then
|
echo "MAAS API login FAILED!"
|
||||||
echo "MAAS API login FAILED!"
|
exit 1
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
check_boot_images
|
check_boot_images
|
||||||
|
|
||||||
if [[ $? -eq 1 ]]
|
if [[ $? -eq 1 ]]; then
|
||||||
then
|
echo "Image import test FAILED!"
|
||||||
echo "Image import test FAILED!"
|
exit 1
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
check_rack_controllers
|
check_rack_controllers
|
||||||
|
|
||||||
if [[ $? -eq 1 ]]
|
if [[ $? -eq 1 ]]; then
|
||||||
then
|
echo "Rack controller query FAILED!"
|
||||||
echo "Rack controller query FAILED!"
|
exit 1
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
check_admin_api
|
check_admin_api
|
||||||
|
|
||||||
if [[ $? -eq 1 ]]
|
if [[ $? -eq 1 ]]; then
|
||||||
then
|
echo "Admin API response FAILED!"
|
||||||
echo "Admin API response FAILED!"
|
exit 1
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "MAAS Validation SUCCESS!"
|
echo "MAAS Validation SUCCESS!"
|
||||||
|
32
charts/maas/templates/certificate-maas-ingress.yaml
Normal file
32
charts/maas/templates/certificate-maas-ingress.yaml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.conf.maas.tls.enabled .Values.conf.maas.tls.create .Values.cert_manager.enabled .Values.cert_manager.create }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: {{ .Values.secrets.maas_ingress_cert }}
|
||||||
|
spec:
|
||||||
|
secretName: {{ .Values.secrets.maas_ingress_cert }}
|
||||||
|
commonName: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
|
||||||
|
issuerRef:
|
||||||
|
kind: {{ .Values.cert_manager.issuer.kind }}
|
||||||
|
name: {{ .Values.cert_manager.issuer.name }}
|
||||||
|
dnsNames:
|
||||||
|
- {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
|
||||||
|
{{ end }}
|
35
charts/maas/templates/certificate-maas.yaml
Normal file
35
charts/maas/templates/certificate-maas.yaml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.conf.maas.tls.enabled .Values.conf.maas.tls.create .Values.cert_manager.enabled }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: {{ .Values.secrets.maas_cert }}
|
||||||
|
spec:
|
||||||
|
secretName: {{ .Values.secrets.maas_cert }}
|
||||||
|
commonName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||||
|
issuerRef:
|
||||||
|
kind: {{ .Values.cert_manager.issuer.kind }}
|
||||||
|
name: {{ .Values.cert_manager.issuer.name }}
|
||||||
|
dnsNames:
|
||||||
|
- {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||||
|
- {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}.{{ .Release.Namespace }}
|
||||||
|
- {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}.{{ .Release.Namespace }}.svc
|
||||||
|
- {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||||
|
{{ end }}
|
@ -49,3 +49,7 @@ data:
|
|||||||
{{ tuple "bin/_maas-vip-configure.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_maas-vip-configure.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
start-syslog.sh: |
|
start-syslog.sh: |
|
||||||
{{ tuple "bin/_start-syslog.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_start-syslog.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
enable-tls.sh: |
|
||||||
|
{{ tuple "bin/_enable-tls.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
{{ end }}
|
||||||
|
@ -15,7 +15,7 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
{{- if .Values.manifests.rack_statefulset }}
|
{{- if and .Values.manifests.maas_ingress .Values.manifests.rack_statefulset }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $labels := tuple $envAll "maas" "ingress-errors" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
|
{{- $labels := tuple $envAll "maas" "ingress-errors" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
|
||||||
{{- $serviceAccountName := "maas-ingress-errors" }}
|
{{- $serviceAccountName := "maas-ingress-errors" }}
|
||||||
|
@ -20,8 +20,17 @@ apiVersion: networking.k8s.io/v1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: maas-region-api
|
name: maas-region-api
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.network.region_api.ingress.annotations | indent 8 }}
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: {{ .Values.network.region_api.ingress.classes.cluster | quote }}
|
ingressClassName: {{ .Values.network.region_api.ingress.classes.cluster | quote }}
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
tls:
|
||||||
|
- secretName: maas-region-api-tls
|
||||||
|
hosts:
|
||||||
|
- {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
|
||||||
|
{{ end }}
|
||||||
rules:
|
rules:
|
||||||
- host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
|
- host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
|
||||||
http:
|
http:
|
||||||
|
79
charts/maas/templates/job-enable-tls.yaml
Normal file
79
charts/maas/templates/job-enable-tls.yaml
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- $serviceAccountName := "maas-enable-tls" }}
|
||||||
|
{{ tuple $envAll "enable_tls" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: maas-enable-tls
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "maas" "enable-tls" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
|
annotations:
|
||||||
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{ tuple $envAll "maas" "enable-tls" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||||
|
annotations:
|
||||||
|
{{ dict "envAll" $envAll "podName" "maas-enable-tls" "containerNames" (list "init" "maas-enable-tls") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
||||||
|
spec:
|
||||||
|
{{ dict "envAll" $envAll "application" "enable_tls" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||||
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }}
|
||||||
|
initContainers:
|
||||||
|
{{ tuple $envAll "enable_tls" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||||
|
containers:
|
||||||
|
- name: maas-enable-tls
|
||||||
|
image: {{ .Values.images.tags.enable_tls }}
|
||||||
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.enable_tls | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
{{ dict "envAll" $envAll "application" "enable_tls" "container" "maas_enable_tls" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
|
command:
|
||||||
|
- /tmp/enable-tls.sh
|
||||||
|
volumeMounts:
|
||||||
|
- name: maas-bin
|
||||||
|
mountPath: /tmp/enable-tls.sh
|
||||||
|
subPath: enable-tls.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: maas-etc
|
||||||
|
mountPath: /etc/maas/regiond.conf
|
||||||
|
subPath: regiond.conf
|
||||||
|
readOnly: true
|
||||||
|
- name: maas-tls
|
||||||
|
mountPath: /etc/maas/ssl
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
- name: maas-bin
|
||||||
|
configMap:
|
||||||
|
name: maas-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
- name: maas-etc
|
||||||
|
configMap:
|
||||||
|
name: maas-etc
|
||||||
|
defaultMode: 0444
|
||||||
|
- name: maas-tls
|
||||||
|
secret:
|
||||||
|
secretName: {{ .Values.secrets.maas_cert }}
|
||||||
|
defaultMode: 0444
|
||||||
|
{{ end }}
|
@ -116,6 +116,12 @@ spec:
|
|||||||
mountPath: /etc/maas/regiond.conf
|
mountPath: /etc/maas/regiond.conf
|
||||||
subPath: regiond.conf
|
subPath: regiond.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
- name: ca-cert
|
||||||
|
mountPath: /usr/local/share/ca-certificates/maas-ca.crt
|
||||||
|
subPath: maas-ca.crt
|
||||||
|
readOnly: true
|
||||||
|
{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: maas-bin
|
- name: maas-bin
|
||||||
configMap:
|
configMap:
|
||||||
@ -125,3 +131,11 @@ spec:
|
|||||||
configMap:
|
configMap:
|
||||||
name: maas-etc
|
name: maas-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
- name: ca-cert
|
||||||
|
secret:
|
||||||
|
secretName: {{ .Values.secrets.maas_cert }}
|
||||||
|
items:
|
||||||
|
- key: ca.crt
|
||||||
|
path: maas-ca.crt
|
||||||
|
{{ end }}
|
||||||
|
29
charts/maas/templates/secret-maas-tls.yaml
Normal file
29
charts/maas/templates/secret-maas-tls.yaml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if and .Values.conf.maas.tls.enabled .Values.conf.maas.tls.create (eq .Values.cert_manager.enabled false) }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ .Values.secrets.certificate }}
|
||||||
|
type: kubernetes/tls
|
||||||
|
data:
|
||||||
|
ca.crt: {{ .Values.conf.maas.tls.ca | b64enc }}
|
||||||
|
tls.crt: {{ .Values.conf.maas.tls.cert | b64enc }}
|
||||||
|
tls.key: {{ .Values.conf.maas.tls.key | b64enc }}
|
||||||
|
{{ end }}
|
@ -24,6 +24,10 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: http
|
||||||
port: 80
|
port: 80
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
- name: https
|
||||||
|
port: 443
|
||||||
|
{{- end }}
|
||||||
selector:
|
selector:
|
||||||
{{ tuple . "maas" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple . "maas" "ingress" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
...
|
...
|
||||||
|
@ -155,6 +155,12 @@ spec:
|
|||||||
mountPath: /etc/bind/named.conf.options
|
mountPath: /etc/bind/named.conf.options
|
||||||
subPath: named.conf.options
|
subPath: named.conf.options
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
- name: ca-cert
|
||||||
|
mountPath: /usr/local/share/ca-certificates/maas-ca.crt
|
||||||
|
subPath: maas-ca.crt
|
||||||
|
readOnly: true
|
||||||
|
{{ end }}
|
||||||
{{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
{{- if not .Values.conf.maas.cgroups.disable_cgroups_rack }}
|
{{- if not .Values.conf.maas.cgroups.disable_cgroups_rack }}
|
||||||
@ -185,6 +191,14 @@ spec:
|
|||||||
configMap:
|
configMap:
|
||||||
name: maas-etc
|
name: maas-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
- name: ca-cert
|
||||||
|
secret:
|
||||||
|
secretName: {{ .Values.secrets.maas_cert }}
|
||||||
|
items:
|
||||||
|
- key: ca.crt
|
||||||
|
path: maas-ca.crt
|
||||||
|
{{ end }}
|
||||||
{{ if $mounts_maas_rack.volumes }}{{ toYaml $mounts_maas_rack.volumes | indent 8 }}{{ end }}
|
{{ if $mounts_maas_rack.volumes }}{{ toYaml $mounts_maas_rack.volumes | indent 8 }}{{ end }}
|
||||||
volumeClaimTemplates:
|
volumeClaimTemplates:
|
||||||
- metadata:
|
- metadata:
|
||||||
|
@ -179,6 +179,12 @@ spec:
|
|||||||
mountPath: /etc/default/bind9
|
mountPath: /etc/default/bind9
|
||||||
subPath: named
|
subPath: named
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
- name: ca-cert
|
||||||
|
mountPath: /usr/local/share/ca-certificates/maas-ca.crt
|
||||||
|
subPath: maas-ca.crt
|
||||||
|
readOnly: true
|
||||||
|
{{ end }}
|
||||||
{{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
|
{{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
{{- if not .Values.conf.maas.cgroups.disable_cgroups_region }}
|
{{- if not .Values.conf.maas.cgroups.disable_cgroups_region }}
|
||||||
@ -203,6 +209,14 @@ spec:
|
|||||||
- name: maas-region-secret
|
- name: maas-region-secret
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .Values.secrets.maas_region.name }}
|
secretName: {{ .Values.secrets.maas_region.name }}
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
- name: ca-cert
|
||||||
|
secret:
|
||||||
|
secretName: {{ .Values.secrets.maas_cert }}
|
||||||
|
items:
|
||||||
|
- key: ca.crt
|
||||||
|
path: maas-ca.crt
|
||||||
|
{{ end }}
|
||||||
{{- if $mounts_maas_region.volumes }}{{ toYaml $mounts_maas_region.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_maas_region.volumes }}{{ toYaml $mounts_maas_region.volumes | indent 8 }}{{ end }}
|
||||||
{{- if .Values.manifests.maas_syslog }}
|
{{- if .Values.manifests.maas_syslog }}
|
||||||
volumeClaimTemplates:
|
volumeClaimTemplates:
|
||||||
|
@ -38,7 +38,11 @@ spec:
|
|||||||
- name: maas-api-test
|
- name: maas-api-test
|
||||||
env:
|
env:
|
||||||
- name: 'MAAS_URL'
|
- name: 'MAAS_URL'
|
||||||
value: {{ tuple "maas_region" "internal" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
|
{{- if empty .Values.conf.maas.url.maas_url }}
|
||||||
|
value: {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
|
||||||
|
{{- else }}
|
||||||
|
value: {{ .Values.conf.maas.url.maas_url }}
|
||||||
|
{{- end }}
|
||||||
- name: 'MAAS_API_KEY'
|
- name: 'MAAS_API_KEY'
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
@ -54,10 +58,24 @@ spec:
|
|||||||
mountPath: /tmp/maas-test.sh
|
mountPath: /tmp/maas-test.sh
|
||||||
subPath: maas-test.sh
|
subPath: maas-test.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
- name: ca-cert
|
||||||
|
mountPath: /usr/local/share/ca-certificates/maas-ca.crt
|
||||||
|
subPath: maas-ca.crt
|
||||||
|
readOnly: true
|
||||||
|
{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: maas-bin
|
- name: maas-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: maas-bin
|
name: maas-bin
|
||||||
defaultMode: 0555
|
defaultMode: 0555
|
||||||
|
{{- if .Values.conf.maas.tls.enabled }}
|
||||||
|
- name: ca-cert
|
||||||
|
secret:
|
||||||
|
secretName: {{ .Values.secrets.maas_cert }}
|
||||||
|
items:
|
||||||
|
- key: ca.crt
|
||||||
|
path: maas-ca.crt
|
||||||
|
{{ end }}
|
||||||
...
|
...
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -74,6 +74,12 @@ dependencies:
|
|||||||
endpoint: internal
|
endpoint: internal
|
||||||
- service: maas_ingress
|
- service: maas_ingress
|
||||||
endpoint: monitor
|
endpoint: monitor
|
||||||
|
enable_tls:
|
||||||
|
jobs:
|
||||||
|
- maas-bootstrap-admin-user
|
||||||
|
services:
|
||||||
|
- service: maas_region
|
||||||
|
endpoint: internal
|
||||||
|
|
||||||
network_policy:
|
network_policy:
|
||||||
maas:
|
maas:
|
||||||
@ -108,6 +114,7 @@ images:
|
|||||||
ingress_vip: docker.io/busybox:latest
|
ingress_vip: docker.io/busybox:latest
|
||||||
error_pages: gcr.io/google_containers/ingress-gce-404-server-with-metrics-amd64:v1.6.0
|
error_pages: gcr.io/google_containers/ingress-gce-404-server-with-metrics-amd64:v1.6.0
|
||||||
maas_syslog: quay.io/airshipit/maas-region-controller:latest
|
maas_syslog: quay.io/airshipit/maas-region-controller:latest
|
||||||
|
enable_tls: quay.io/airshipit/maas-region-controller:latest
|
||||||
pull_policy: IfNotPresent
|
pull_policy: IfNotPresent
|
||||||
local_registry:
|
local_registry:
|
||||||
# TODO(portdirect): this chart does not yet support local image cacheing
|
# TODO(portdirect): this chart does not yet support local image cacheing
|
||||||
@ -263,8 +270,8 @@ conf:
|
|||||||
proxy_server: null
|
proxy_server: null
|
||||||
images:
|
images:
|
||||||
default_os: 'ubuntu'
|
default_os: 'ubuntu'
|
||||||
default_image: 'bionic'
|
default_image: 'focal'
|
||||||
default_kernel: 'ga-18.04'
|
default_kernel: 'ga-20.04'
|
||||||
credentials:
|
credentials:
|
||||||
secret:
|
secret:
|
||||||
namespace: maas
|
namespace: maas
|
||||||
@ -294,6 +301,12 @@ conf:
|
|||||||
# system user for console login/recovery in early phases of deployment
|
# system user for console login/recovery in early phases of deployment
|
||||||
system_user: 'root'
|
system_user: 'root'
|
||||||
system_passwd: 'password'
|
system_passwd: 'password'
|
||||||
|
tls:
|
||||||
|
enabled: false
|
||||||
|
create: false
|
||||||
|
ca: ""
|
||||||
|
cert: ""
|
||||||
|
key: ""
|
||||||
drivers: null
|
drivers: null
|
||||||
#### If you populates drivers, it will replace the 3rd party driver
|
#### If you populates drivers, it will replace the 3rd party driver
|
||||||
#### info that comes with MaaS. see structure below if it is needed
|
#### info that comes with MaaS. see structure below if it is needed
|
||||||
@ -341,6 +354,8 @@ secrets:
|
|||||||
name: maas-region-secret
|
name: maas-region-secret
|
||||||
value: 3858f62230ac3c915f300c664312c63f
|
value: 3858f62230ac3c915f300c664312c63f
|
||||||
ssh_key: ssh-private-key
|
ssh_key: ssh-private-key
|
||||||
|
maas_cert: maas-region-api-tls
|
||||||
|
maas_ingress_cert: maas-region-api-ingress-tls
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
mandatory_access_control:
|
mandatory_access_control:
|
||||||
@ -659,7 +674,6 @@ endpoints:
|
|||||||
syslog:
|
syslog:
|
||||||
public: 514
|
public: 514
|
||||||
podport: 514
|
podport: 514
|
||||||
|
|
||||||
maas_db:
|
maas_db:
|
||||||
auth:
|
auth:
|
||||||
admin:
|
admin:
|
||||||
@ -722,3 +736,10 @@ endpoints:
|
|||||||
default: http
|
default: http
|
||||||
host_fqdn_override:
|
host_fqdn_override:
|
||||||
default: null
|
default: null
|
||||||
|
|
||||||
|
cert_manager:
|
||||||
|
enabled: false
|
||||||
|
create: false
|
||||||
|
issuer:
|
||||||
|
kind: ClusterIssuer
|
||||||
|
name: ca-issuer
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
index d76fcfa9a..d198e90b9 100644
|
index d76fcfa..d198e90 100644
|
||||||
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
@@ -13,8 +13,8 @@ empty-zones-enable no;
|
@@ -13,8 +13,8 @@ empty-zones-enable no;
|
@ -1,5 +1,5 @@
|
|||||||
diff --git a/src/provisioningserver/drivers/power/ipmi.py b/src/provisioningserver/drivers/power/ipmi.py
|
diff --git a/src/provisioningserver/drivers/power/ipmi.py b/src/provisioningserver/drivers/power/ipmi.py
|
||||||
index acf284e9d..edcaf9e41 100644
|
index 70201e8..26625e2 100644
|
||||||
--- a/src/provisioningserver/drivers/power/ipmi.py
|
--- a/src/provisioningserver/drivers/power/ipmi.py
|
||||||
+++ b/src/provisioningserver/drivers/power/ipmi.py
|
+++ b/src/provisioningserver/drivers/power/ipmi.py
|
||||||
@@ -155,6 +155,13 @@ IPMI_ERRORS = {
|
@@ -155,6 +155,13 @@ IPMI_ERRORS = {
|
||||||
@ -16,12 +16,12 @@ index acf284e9d..edcaf9e41 100644
|
|||||||
"could not find inband device": {
|
"could not find inband device": {
|
||||||
"message": (
|
"message": (
|
||||||
"An inband device could not be found."
|
"An inband device could not be found."
|
||||||
@@ -283,7 +290,7 @@ class IPMIPowerDriver(PowerDriver):
|
@@ -308,7 +315,7 @@ class IPMIPowerDriver(PowerDriver):
|
||||||
),
|
),
|
||||||
]
|
]
|
||||||
ip_extractor = make_ip_extractor("power_address")
|
ip_extractor = make_ip_extractor("power_address")
|
||||||
- wait_time = (4, 8, 16, 32)
|
- wait_time = (4, 8, 16, 32)
|
||||||
+ wait_time = (4, 4, 8, 8, 16, 16, 32, 32)
|
+ wait_time = (4, 4, 8, 8, 16, 16, 32, 32)
|
||||||
|
|
||||||
def detect_missing_packages(self):
|
def detect_missing_packages(self):
|
||||||
if not shell.has_command_available("ipmipower"):
|
if not shell.has_command_available("ipmipower"):
|
@ -1,8 +1,8 @@
|
|||||||
diff --git a/src/provisioningserver/utils/network.py b/src/provisioningserver/utils/network.py
|
diff --git a/src/provisioningserver/utils/network.py b/src/provisioningserver/utils/network.py
|
||||||
index d8c781e38..3d2e6264c 100644
|
index 7895227..0f665ad 100644
|
||||||
--- a/src/provisioningserver/utils/network.py
|
--- a/src/provisioningserver/utils/network.py
|
||||||
+++ b/src/provisioningserver/utils/network.py
|
+++ b/src/provisioningserver/utils/network.py
|
||||||
@@ -1129,6 +1129,8 @@ def get_all_interfaces_definition(
|
@@ -1128,6 +1128,8 @@ def get_all_interfaces_definition(
|
||||||
# interfaces for guests. By themselves, they're not useful for MAAS to
|
# interfaces for guests. By themselves, they're not useful for MAAS to
|
||||||
# manage.
|
# manage.
|
||||||
"tunnel",
|
"tunnel",
|
@ -1,12 +1,12 @@
|
|||||||
diff --git a/src/provisioningserver/drivers/power/redfish.py b/src/provisioningserver/drivers/power/redfish.py
|
diff --git a/src/provisioningserver/drivers/power/redfish.py b/src/provisioningserver/drivers/power/redfish.py
|
||||||
index 334ea2ca8..f38b05b8c 100644
|
index 19d9ecd..0075997 100644
|
||||||
--- a/src/provisioningserver/drivers/power/redfish.py
|
--- a/src/provisioningserver/drivers/power/redfish.py
|
||||||
+++ b/src/provisioningserver/drivers/power/redfish.py
|
+++ b/src/provisioningserver/drivers/power/redfish.py
|
||||||
@@ -151,6 +151,7 @@ class RedfishPowerDriver(RedfishPowerDriverBase):
|
@@ -170,6 +170,7 @@ class RedfishPowerDriver(RedfishPowerDriverBase):
|
||||||
make_setting_field("node_id", "Node ID", scope=SETTING_SCOPE.NODE),
|
make_setting_field("node_id", "Node ID", scope=SETTING_SCOPE.NODE),
|
||||||
]
|
]
|
||||||
ip_extractor = make_ip_extractor("power_address")
|
ip_extractor = make_ip_extractor("power_address")
|
||||||
+ wait_time = (4, 8, 16, 32)
|
+ wait_time = (4, 8, 16, 32)
|
||||||
|
|
||||||
def detect_missing_packages(self):
|
def detect_missing_packages(self):
|
||||||
# no required packages
|
# no required packages
|
@ -1,12 +1,12 @@
|
|||||||
diff --git a/src/twisted/web/server.py b/src/twisted/web/server.py
|
diff --git a/src/twisted/web/server.py b/src/twisted/web/server.py
|
||||||
index 23e3e408e..8e3e5b772 100644
|
index 23e3e40..8e3e5b7 100644
|
||||||
--- a/src/twisted/web/server.py
|
--- a/src/twisted/web/server.py
|
||||||
+++ b/src/twisted/web/server.py
|
+++ b/src/twisted/web/server.py
|
||||||
@@ -178,7 +178,6 @@ class Request(Copyable, http.Request, components.Componentized):
|
@@ -178,7 +178,6 @@ class Request(Copyable, http.Request, components.Componentized):
|
||||||
self.site = self.channel.site
|
self.site = self.channel.site
|
||||||
|
|
||||||
# set various default headers
|
# set various default headers
|
||||||
- self.setHeader(b'server', version)
|
- self.setHeader(b'server', version)
|
||||||
self.setHeader(b'date', http.datetimeToString())
|
self.setHeader(b'date', http.datetimeToString())
|
||||||
|
|
||||||
# Resource Identification
|
# Resource Identification
|
@ -18,7 +18,7 @@ ARG no_proxy
|
|||||||
ENV DEBIAN_FRONTEND noninteractive
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
ENV container docker
|
ENV container docker
|
||||||
|
|
||||||
ENV MAAS_VERSION 1:3.0.1-10052-g.82c730c57-0ubuntu1~20.04.1
|
ENV MAAS_VERSION 1:3.2.9-12055-g.c3d5597a7-0ubuntu1~20.04.1
|
||||||
|
|
||||||
RUN apt-get -qq update \
|
RUN apt-get -qq update \
|
||||||
&& apt-get install -y \
|
&& apt-get install -y \
|
||||||
@ -43,7 +43,7 @@ RUN apt-get -qq update \
|
|||||||
-exec rm \{} \; \
|
-exec rm \{} \; \
|
||||||
&& systemctl set-default multi-user.target \
|
&& systemctl set-default multi-user.target \
|
||||||
# Install maas from the ppa
|
# Install maas from the ppa
|
||||||
&& add-apt-repository -yu ppa:maas/3.0 \
|
&& add-apt-repository -yu ppa:maas/3.2 \
|
||||||
&& apt-get install -y \
|
&& apt-get install -y \
|
||||||
maas-rack-controller=$MAAS_VERSION \
|
maas-rack-controller=$MAAS_VERSION \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
@ -56,20 +56,20 @@ COPY scripts/register-rack-controller.service /lib/systemd/system/register-rack-
|
|||||||
RUN systemctl enable register-rack-controller.service
|
RUN systemctl enable register-rack-controller.service
|
||||||
|
|
||||||
# Patch so that Calico interfaces are ignored
|
# Patch so that Calico interfaces are ignored
|
||||||
COPY 3.0_nic_filter.patch /tmp/3.0_nic_filter.patch
|
COPY 3.2_nic_filter.patch /tmp/3.2_nic_filter.patch
|
||||||
COPY 3.0_secure_headers.patch /tmp/3.0_secure_headers.patch
|
COPY 3.2_secure_headers.patch /tmp/3.2_secure_headers.patch
|
||||||
# Patch so maas knows that "BMC error" is retriable
|
# Patch so maas knows that "BMC error" is retriable
|
||||||
COPY 3.0_ipmi_error.patch /tmp/3.0_ipmi_error.patch
|
COPY 3.2_ipmi_error.patch /tmp/3.2_ipmi_error.patch
|
||||||
# Patch to space redfish request retries apart a bit, to avoid overwhelming the BMC
|
# Patch to space redfish request retries apart a bit, to avoid overwhelming the BMC
|
||||||
COPY 3.0_redfish_retries.patch /tmp/3.0_redfish_retries.patch
|
COPY 3.2_redfish_retries.patch /tmp/3.2_redfish_retries.patch
|
||||||
# Patch to allow any recursion and cache queries
|
# Patch to allow any recursion and cache queries
|
||||||
COPY 3.0_allow_query.patch /tmp/3.0_allow_query.patch
|
COPY 3.2_allow_query.patch /tmp/3.2_allow_query.patch
|
||||||
|
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/3.0_nic_filter.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/3.2_nic_filter.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.0_secure_headers.patch
|
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.2_secure_headers.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/3.0_ipmi_error.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/3.2_ipmi_error.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/3.0_redfish_retries.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/3.2_redfish_retries.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/3.0_allow_query.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/3.2_allow_query.patch
|
||||||
|
|
||||||
# echo journalctl logs to the container's stdout
|
# echo journalctl logs to the container's stdout
|
||||||
COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
index d76fcfa9a..d198e90b9 100644
|
index d76fcfa..d198e90 100644
|
||||||
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
@@ -13,8 +13,8 @@ empty-zones-enable no;
|
@@ -13,8 +13,8 @@ empty-zones-enable no;
|
27
images/maas-rack-controller-jammy/3.4_ipmi_error.patch
Normal file
27
images/maas-rack-controller-jammy/3.4_ipmi_error.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
diff --git a/src/provisioningserver/drivers/power/ipmi.py b/src/provisioningserver/drivers/power/ipmi.py
|
||||||
|
index f3f0806..c115e53 100644
|
||||||
|
--- a/src/provisioningserver/drivers/power/ipmi.py
|
||||||
|
+++ b/src/provisioningserver/drivers/power/ipmi.py
|
||||||
|
@@ -155,6 +155,13 @@ IPMI_ERRORS = {
|
||||||
|
),
|
||||||
|
"exception": PowerConnError,
|
||||||
|
},
|
||||||
|
+ "BMC error": {
|
||||||
|
+ "message": (
|
||||||
|
+ "Device not responding correctly while performing power action."
|
||||||
|
+ " MAAS performed several retries. Please wait and try again."
|
||||||
|
+ ),
|
||||||
|
+ "exception": PowerConnError,
|
||||||
|
+ },
|
||||||
|
"could not find inband device": {
|
||||||
|
"message": (
|
||||||
|
"An inband device could not be found."
|
||||||
|
@@ -308,7 +315,7 @@ class IPMIPowerDriver(PowerDriver):
|
||||||
|
),
|
||||||
|
]
|
||||||
|
ip_extractor = make_ip_extractor("power_address")
|
||||||
|
- wait_time = (4, 8, 16, 32)
|
||||||
|
+ wait_time = (4, 4, 8, 8, 16, 16, 32, 32)
|
||||||
|
|
||||||
|
def detect_missing_packages(self):
|
||||||
|
if not shell.has_command_available("ipmipower"):
|
13
images/maas-rack-controller-jammy/3.4_nic_filter.patch
Normal file
13
images/maas-rack-controller-jammy/3.4_nic_filter.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/src/provisioningserver/utils/network.py b/src/provisioningserver/utils/network.py
|
||||||
|
index d6fb989..f4ece75 100644
|
||||||
|
--- a/src/provisioningserver/utils/network.py
|
||||||
|
+++ b/src/provisioningserver/utils/network.py
|
||||||
|
@@ -1169,6 +1169,8 @@ def get_all_interfaces_definition(
|
||||||
|
# interfaces for guests. By themselves, they're not useful for MAAS to
|
||||||
|
# manage.
|
||||||
|
"tunnel",
|
||||||
|
+ # Always exclude non-specific ethernet interfaces.
|
||||||
|
+ "ethernet",
|
||||||
|
]
|
||||||
|
if not running_in_container():
|
||||||
|
# When not running in a container, we should be able to identify
|
12
images/maas-rack-controller-jammy/3.4_redfish_retries.patch
Normal file
12
images/maas-rack-controller-jammy/3.4_redfish_retries.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff --git a/src/provisioningserver/drivers/power/redfish.py b/src/provisioningserver/drivers/power/redfish.py
|
||||||
|
index 2be490e..482bf4a 100644
|
||||||
|
--- a/src/provisioningserver/drivers/power/redfish.py
|
||||||
|
+++ b/src/provisioningserver/drivers/power/redfish.py
|
||||||
|
@@ -170,6 +170,7 @@ class RedfishPowerDriver(RedfishPowerDriverBase):
|
||||||
|
make_setting_field("node_id", "Node ID", scope=SETTING_SCOPE.NODE),
|
||||||
|
]
|
||||||
|
ip_extractor = make_ip_extractor("power_address")
|
||||||
|
+ wait_time = (4, 8, 16, 32)
|
||||||
|
|
||||||
|
def detect_missing_packages(self):
|
||||||
|
# no required packages
|
12
images/maas-rack-controller-jammy/3.4_secure_headers.patch
Normal file
12
images/maas-rack-controller-jammy/3.4_secure_headers.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff --git a/src/twisted/web/server.py b/src/twisted/web/server.py
|
||||||
|
index d30156b..3a04ecb 100644
|
||||||
|
--- a/src/twisted/web/server.py
|
||||||
|
+++ b/src/twisted/web/server.py
|
||||||
|
@@ -206,7 +206,6 @@ class Request(Copyable, http.Request, components.Componentized):
|
||||||
|
self.site = self.channel.site
|
||||||
|
|
||||||
|
# set various default headers
|
||||||
|
- self.setHeader(b"server", version)
|
||||||
|
self.setHeader(b"date", http.datetimeToString())
|
||||||
|
|
||||||
|
# Resource Identification
|
85
images/maas-rack-controller-jammy/Dockerfile
Normal file
85
images/maas-rack-controller-jammy/Dockerfile
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
ARG FROM=ubuntu:20.04
|
||||||
|
FROM ${FROM}
|
||||||
|
|
||||||
|
LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode'
|
||||||
|
LABEL org.opencontainers.image.url='https://airshipit.org'
|
||||||
|
LABEL org.opencontainers.image.documentation='https://github.com/openstack/airship-maas'
|
||||||
|
LABEL org.opencontainers.image.source='https://git.openstack.org/openstack/airship-maas'
|
||||||
|
LABEL org.opencontainers.image.vendor='The Airship Authors'
|
||||||
|
LABEL org.opencontainers.image.licenses='Apache-2.0'
|
||||||
|
|
||||||
|
ARG HTTP_PROXY
|
||||||
|
ARG HTTPS_PROXY
|
||||||
|
ARG NO_PROXY
|
||||||
|
ARG http_proxy
|
||||||
|
ARG https_proxy
|
||||||
|
ARG no_proxy
|
||||||
|
|
||||||
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
|
ENV container docker
|
||||||
|
|
||||||
|
ENV MAAS_VERSION 1:3.4.0-14321-g.1027c7664-0ubuntu1~22.04.1
|
||||||
|
|
||||||
|
RUN apt-get -qq update \
|
||||||
|
&& apt-get install -y \
|
||||||
|
avahi-daemon \
|
||||||
|
isc-dhcp-server \
|
||||||
|
jq \
|
||||||
|
libvirt-clients \
|
||||||
|
libvirt-daemon-system\
|
||||||
|
patch \
|
||||||
|
software-properties-common \
|
||||||
|
sudo \
|
||||||
|
systemd \
|
||||||
|
ca-certificates \
|
||||||
|
# Don't start any optional services except for the few we need.
|
||||||
|
# (specifically, don't start avahi-daemon, isc-dhcp-server, or libvirtd)
|
||||||
|
&& find /etc/systemd/system \
|
||||||
|
/lib/systemd/system \
|
||||||
|
-path '*.wants/*' \
|
||||||
|
-not -name '*journald*' \
|
||||||
|
-not -name '*systemd-tmpfiles*' \
|
||||||
|
-not -name '*systemd-user-sessions*' \
|
||||||
|
-exec rm \{} \; \
|
||||||
|
&& systemctl set-default multi-user.target \
|
||||||
|
# Install maas from the ppa
|
||||||
|
&& add-apt-repository -yu ppa:maas/3.4 \
|
||||||
|
&& apt-get install -y \
|
||||||
|
maas-rack-controller=$MAAS_VERSION \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# Preserve the directory structure, permissions, and contents of /var/lib/maas
|
||||||
|
RUN mkdir -p /opt/maas/ && tar -cvzf /opt/maas/var-lib-maas.tgz /var/lib/maas
|
||||||
|
|
||||||
|
# register ourselves with the region controller
|
||||||
|
COPY scripts/register-rack-controller.service /lib/systemd/system/register-rack-controller.service
|
||||||
|
RUN systemctl enable register-rack-controller.service
|
||||||
|
|
||||||
|
# Patch so that Calico interfaces are ignored
|
||||||
|
COPY 3.4_nic_filter.patch /tmp/3.4_nic_filter.patch
|
||||||
|
COPY 3.4_secure_headers.patch /tmp/3.4_secure_headers.patch
|
||||||
|
# Patch so maas knows that "BMC error" is retriable
|
||||||
|
COPY 3.4_ipmi_error.patch /tmp/3.4_ipmi_error.patch
|
||||||
|
# Patch to space redfish request retries apart a bit, to avoid overwhelming the BMC
|
||||||
|
COPY 3.4_redfish_retries.patch /tmp/3.4_redfish_retries.patch
|
||||||
|
# Patch to allow any recursion and cache queries
|
||||||
|
COPY 3.4_allow_query.patch /tmp/3.4_allow_query.patch
|
||||||
|
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/3.4_nic_filter.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.4_secure_headers.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/3.4_ipmi_error.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/3.4_redfish_retries.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/3.4_allow_query.patch
|
||||||
|
|
||||||
|
# echo journalctl logs to the container's stdout
|
||||||
|
COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
||||||
|
RUN systemctl enable journalctl-to-tty.service
|
||||||
|
|
||||||
|
# quiet sudo for the maas user
|
||||||
|
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
|
||||||
|
|
||||||
|
# avoid triggering bind9 high cpu utilization bug
|
||||||
|
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf && /usr/lib/maas/maas-common setup-dns
|
||||||
|
|
||||||
|
# initalize systemd
|
||||||
|
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
1
images/maas-rack-controller-jammy/README.md
Normal file
1
images/maas-rack-controller-jammy/README.md
Normal file
@ -0,0 +1 @@
|
|||||||
|
[![Docker Repository on Quay](https://quay.io/repository/airshipit/maas-rack/status "Docker Repository on Quay")](https://quay.io/repository/airshipit/maas-rack) Ubuntu MaaS Rack Controller
|
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Journald console log streamer
|
||||||
|
Requires=systemd-journald.service
|
||||||
|
After=systemd-journald.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Restart=always
|
||||||
|
RestartSec=0
|
||||||
|
ExecStart=/bin/journalctl -f
|
||||||
|
StandardOutput=tty
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=basic.target
|
@ -0,0 +1,12 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Register with MaaS Region Controller
|
||||||
|
Wants=network-online.target
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
PassEnvironment=MAAS_ENDPOINT MAAS_REGION_SECRET MAAS_API_KEY HOST_MOUNT_PATH
|
||||||
|
ExecStart=/usr/local/bin/register-rack-controller.sh
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/src/maasserver/models/partition.py b/src/maasserver/models/partition.py
|
|
||||||
index 62895f83b..832b1db4c 100644
|
|
||||||
--- a/src/maasserver/models/partition.py
|
|
||||||
+++ b/src/maasserver/models/partition.py
|
|
||||||
@@ -248,7 +248,7 @@ class Partition(CleanSave, TimestampedModel):
|
|
||||||
return idx + 1
|
|
||||||
elif arch == "ppc64el" and block_device.id == boot_disk.id:
|
|
||||||
return idx + 2
|
|
||||||
- elif arch == "amd64" and bios_boot_method != "uefi":
|
|
||||||
+ elif arch == "amd64" and bios_boot_method != "uefi" and block_device.id == boot_disk.id:
|
|
||||||
if block_device.type == "physical":
|
|
||||||
# Delay the `type` check because it can cause a query. Only
|
|
||||||
# physical block devices get the bios_grub partition.
|
|
15
images/maas-region-controller-focal/3.2_allow_query.patch
Normal file
15
images/maas-region-controller-focal/3.2_allow_query.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
index d76fcfa..d198e90 100644
|
||||||
|
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
@@ -13,8 +13,8 @@ empty-zones-enable no;
|
||||||
|
allow-query { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_recursion}}
|
||||||
|
-allow-recursion { trusted; };
|
||||||
|
+allow-recursion { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_query_cache}}
|
||||||
|
-allow-query-cache { trusted; };
|
||||||
|
+allow-query-cache { any; };
|
||||||
|
{{endif}}
|
@ -0,0 +1,12 @@
|
|||||||
|
diff --git a/src/maasserver/models/partition.py b/src/maasserver/models/partition.py
|
||||||
|
index 84a8fba..c62f25f 100644
|
||||||
|
--- a/src/maasserver/models/partition.py
|
||||||
|
+++ b/src/maasserver/models/partition.py
|
||||||
|
@@ -211,6 +211,7 @@ class Partition(CleanSave, TimestampedModel):
|
||||||
|
arch == "amd64"
|
||||||
|
and bios_boot_method != "uefi"
|
||||||
|
and block_device.type == "physical"
|
||||||
|
+ and block_device.id == boot_disk.id
|
||||||
|
)
|
||||||
|
if need_prep_partition or need_bios_grub:
|
||||||
|
index = 2
|
@ -1,10 +1,10 @@
|
|||||||
diff --git a/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py b/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py
|
diff --git a/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py b/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py
|
||||||
index 42e4c79e4..11df96313 100755
|
index 02e900d..411832a 100755
|
||||||
--- a/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py
|
--- a/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py
|
||||||
+++ b/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py
|
+++ b/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py
|
||||||
@@ -396,6 +396,29 @@ class IPMI(BMCConfig):
|
@@ -184,6 +184,29 @@ class IPMIBase(BMCConfig):
|
||||||
return first_unused
|
return first_unused
|
||||||
|
|
||||||
def add_bmc_user(self):
|
def add_bmc_user(self):
|
||||||
+ """Create/configure an IPMI user, but with several tries"""
|
+ """Create/configure an IPMI user, but with several tries"""
|
||||||
+ attempt = 1
|
+ attempt = 1
|
||||||
@ -32,7 +32,7 @@ index 42e4c79e4..11df96313 100755
|
|||||||
if not self.username:
|
if not self.username:
|
||||||
self.username = "maas"
|
self.username = "maas"
|
||||||
user_number = self._pick_user_number(self.username)
|
user_number = self._pick_user_number(self.username)
|
||||||
@@ -417,7 +440,7 @@ class IPMI(BMCConfig):
|
@@ -205,7 +228,7 @@ class IPMIBase(BMCConfig):
|
||||||
if self._bmc_config[user_number].get(key) != value:
|
if self._bmc_config[user_number].get(key) != value:
|
||||||
self._bmc_set(user_number, key, value)
|
self._bmc_set(user_number, key, value)
|
||||||
except Exception:
|
except Exception:
|
||||||
@ -41,12 +41,12 @@ index 42e4c79e4..11df96313 100755
|
|||||||
else:
|
else:
|
||||||
self.password = password
|
self.password = password
|
||||||
# Not all user settings are available on all BMC keys, its
|
# Not all user settings are available on all BMC keys, its
|
||||||
@@ -432,8 +455,6 @@ class IPMI(BMCConfig):
|
@@ -220,8 +243,6 @@ class IPMIBase(BMCConfig):
|
||||||
"Yes",
|
"Yes",
|
||||||
)
|
)
|
||||||
return
|
return
|
||||||
- print("ERROR: Unable to add BMC user!", file=sys.stderr)
|
- print("ERROR: Unable to add BMC user!", file=sys.stderr)
|
||||||
- sys.exit(1)
|
- sys.exit(1)
|
||||||
|
|
||||||
def _config_ipmi_lan_channel_settings(self):
|
def _bmc_get_config(self, section=None):
|
||||||
"""Enable IPMI-over-Lan (Lan_Channel) if it is disabled"""
|
"""Fetch and cache all BMC settings."""
|
@ -1,16 +1,15 @@
|
|||||||
diff --git a/src/maasserver/preseed.py b/src/maasserver/preseed.py
|
diff --git a/src/maasserver/preseed.py b/src/maasserver/preseed.py
|
||||||
index f9ba34a18..a9f41b9c2 100644
|
index c692969..c20facf 100644
|
||||||
--- a/src/maasserver/preseed.py
|
--- a/src/maasserver/preseed.py
|
||||||
+++ b/src/maasserver/preseed.py
|
+++ b/src/maasserver/preseed.py
|
||||||
@@ -232,7 +232,27 @@ def compose_curtin_kernel_preseed(node):
|
@@ -250,7 +250,26 @@ def compose_curtin_kernel_preseed(node):
|
||||||
The BootResourceFile table contains a mapping between hwe kernels and
|
if node.get_osystem() == "custom":
|
||||||
Ubuntu package names. If this mapping is missing we fall back to letting
|
return []
|
||||||
Curtin figure out which kernel should be installed"""
|
|
||||||
+
|
|
||||||
+ # previous logic to retrieve kpackage parameter
|
+ # previous logic to retrieve kpackage parameter
|
||||||
kpackage = BootResource.objects.get_kpackage_for_node(node)
|
kpackage = BootResource.objects.get_kpackage_for_node(node)
|
||||||
+
|
+
|
||||||
+ # determine if this node has kernel parameters applied by drydock
|
+ # determine if thie node has kernel parameters applied by drydock
|
||||||
+ # and override kpackage if we discover the right properties
|
+ # and override kpackage if we discover the right properties
|
||||||
+ kernel_opt_tag = "%s_kp" % (node.hostname)
|
+ kernel_opt_tag = "%s_kp" % (node.hostname)
|
||||||
+ if kernel_opt_tag in node.tag_names():
|
+ if kernel_opt_tag in node.tag_names():
|
@ -1,5 +1,5 @@
|
|||||||
diff --git a/src/maasserver/api/partitions.py b/src/maasserver/api/partitions.py
|
diff --git a/src/maasserver/api/partitions.py b/src/maasserver/api/partitions.py
|
||||||
index 5a413fb3b..6a5ad8b47 100644
|
index dd1b431..235c03f 100644
|
||||||
--- a/src/maasserver/api/partitions.py
|
--- a/src/maasserver/api/partitions.py
|
||||||
+++ b/src/maasserver/api/partitions.py
|
+++ b/src/maasserver/api/partitions.py
|
||||||
@@ -99,7 +99,7 @@ class PartitionsHandler(OperationsHandler):
|
@@ -99,7 +99,7 @@ class PartitionsHandler(OperationsHandler):
|
@ -1,17 +1,17 @@
|
|||||||
diff --git a/src/maasserver/models/ownerdata.py b/src/maasserver/models/ownerdata.py
|
diff --git a/src/maasserver/models/ownerdata.py b/src/maasserver/models/ownerdata.py
|
||||||
index 5d26041ca..0e208f264 100644
|
index 2cbaa9d..14eeb69 100644
|
||||||
--- a/src/maasserver/models/ownerdata.py
|
--- a/src/maasserver/models/ownerdata.py
|
||||||
+++ b/src/maasserver/models/ownerdata.py
|
+++ b/src/maasserver/models/ownerdata.py
|
||||||
@@ -18,7 +18,7 @@ from django.db.models import (
|
@@ -17,7 +17,7 @@ from django.db.models import (
|
||||||
from maasserver import DefaultMeta
|
|
||||||
from maasserver.models.cleansave import CleanSave
|
from maasserver.models.cleansave import CleanSave
|
||||||
|
|
||||||
-DATA_KEY_RE = re.compile(r"[\w.-]+$")
|
-DATA_KEY_RE = re.compile(r"[\w.-]+$")
|
||||||
+#DATA_KEY_RE = re.compile(r"[\w.-]+$")
|
+#DATA_KEY_RE = re.compile(r"[\w.-]+$")
|
||||||
|
|
||||||
|
|
||||||
class OwnerDataManager(Manager):
|
class OwnerDataManager(Manager):
|
||||||
@@ -33,8 +33,8 @@ class OwnerDataManager(Manager):
|
@@ -32,8 +32,8 @@ class OwnerDataManager(Manager):
|
||||||
if value is None:
|
if value is None:
|
||||||
to_remove.add(key)
|
to_remove.add(key)
|
||||||
else:
|
else:
|
||||||
@ -19,6 +19,6 @@ index 5d26041ca..0e208f264 100644
|
|||||||
- raise ValueError("Invalid character in key name")
|
- raise ValueError("Invalid character in key name")
|
||||||
+ # if not DATA_KEY_RE.match(key):
|
+ # if not DATA_KEY_RE.match(key):
|
||||||
+ # raise ValueError("Invalid character in key name")
|
+ # raise ValueError("Invalid character in key name")
|
||||||
|
|
||||||
self.update_or_create(
|
self.update_or_create(
|
||||||
node=node, key=key, defaults={"value": value}
|
node=node, key=key, defaults={"value": value}
|
@ -1,5 +1,5 @@
|
|||||||
diff --git a/src/maasserver/security.py b/src/maasserver/security.py
|
diff --git a/src/maasserver/security.py b/src/maasserver/security.py
|
||||||
index a9420e504..61c6f00c6 100644
|
index a9420e5..7973120 100644
|
||||||
--- a/src/maasserver/security.py
|
--- a/src/maasserver/security.py
|
||||||
+++ b/src/maasserver/security.py
|
+++ b/src/maasserver/security.py
|
||||||
@@ -96,11 +96,11 @@ def get_shared_secret_txn():
|
@@ -96,11 +96,11 @@ def get_shared_secret_txn():
|
||||||
@ -16,6 +16,5 @@ index a9420e504..61c6f00c6 100644
|
|||||||
+ # secret and set it in the database (set_config function)
|
+ # secret and set it in the database (set_config function)
|
||||||
+ secret = secret_on_fs
|
+ secret = secret_on_fs
|
||||||
+ Config.objects.set_config("rpc_shared_secret", to_hex(secret))
|
+ Config.objects.set_config("rpc_shared_secret", to_hex(secret))
|
||||||
|
|
||||||
return secret
|
return secret
|
||||||
|
|
@ -1,13 +1,17 @@
|
|||||||
diff --git a/src/maasserver/preseed_network.py b/src/maasserver/preseed_network.py
|
diff --git a/src/maasserver/preseed_network.py b/src/maasserver/preseed_network.py
|
||||||
index 3851424fc..8bfa90e7d 100644
|
index 7660feb..dae412d 100644
|
||||||
--- a/src/maasserver/preseed_network.py
|
--- a/src/maasserver/preseed_network.py
|
||||||
+++ b/src/maasserver/preseed_network.py
|
+++ b/src/maasserver/preseed_network.py
|
||||||
@@ -309,7 +309,7 @@ class InterfaceConfiguration:
|
@@ -308,7 +308,11 @@ class InterfaceConfiguration:
|
||||||
|
|
||||||
def _get_matching_routes(self, source):
|
def _get_matching_routes(self, source):
|
||||||
"""Return all route objects matching `source`."""
|
"""Return all route objects matching `source`."""
|
||||||
- return {route for route in self.routes if route.source == source}
|
- return {route for route in self.routes if route.source == source}
|
||||||
+ return {route for route in self.routes if str(route.source.cidr) == str(source.cidr)}
|
+ return {
|
||||||
|
+ route
|
||||||
|
+ for route in self.routes
|
||||||
|
+ if str(route.source.cidr) == str(source.cidr)
|
||||||
|
+ }
|
||||||
|
|
||||||
def _generate_addresses(self, version=1):
|
def _generate_addresses(self, version=1):
|
||||||
"""Generate the various addresses needed for this interface."""
|
"""Generate the various addresses needed for this interface."""
|
@ -1,12 +1,12 @@
|
|||||||
diff --git a/src/twisted/web/server.py b/src/twisted/web/server.py
|
diff --git a/src/twisted/web/server.py b/src/twisted/web/server.py
|
||||||
index 23e3e408e..8e3e5b772 100644
|
index 23e3e40..8e3e5b7 100644
|
||||||
--- a/src/twisted/web/server.py
|
--- a/src/twisted/web/server.py
|
||||||
+++ b/src/twisted/web/server.py
|
+++ b/src/twisted/web/server.py
|
||||||
@@ -178,7 +178,6 @@ class Request(Copyable, http.Request, components.Componentized):
|
@@ -178,7 +178,6 @@ class Request(Copyable, http.Request, components.Componentized):
|
||||||
self.site = self.channel.site
|
self.site = self.channel.site
|
||||||
|
|
||||||
# set various default headers
|
# set various default headers
|
||||||
- self.setHeader(b'server', version)
|
- self.setHeader(b'server', version)
|
||||||
self.setHeader(b'date', http.datetimeToString())
|
self.setHeader(b'date', http.datetimeToString())
|
||||||
|
|
||||||
# Resource Identification
|
# Resource Identification
|
@ -18,7 +18,7 @@ ARG no_proxy
|
|||||||
ENV DEBIAN_FRONTEND noninteractive
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
ENV container docker
|
ENV container docker
|
||||||
|
|
||||||
ENV MAAS_VERSION 1:3.0.1-10052-g.82c730c57-0ubuntu1~20.04.1
|
ENV MAAS_VERSION 1:3.2.9-12055-g.c3d5597a7-0ubuntu1~20.04.1
|
||||||
|
|
||||||
RUN apt-get -qq update \
|
RUN apt-get -qq update \
|
||||||
&& apt-get install -y \
|
&& apt-get install -y \
|
||||||
@ -41,7 +41,7 @@ RUN apt-get -qq update \
|
|||||||
-exec rm \{} \; \
|
-exec rm \{} \; \
|
||||||
&& systemctl set-default multi-user.target \
|
&& systemctl set-default multi-user.target \
|
||||||
# Install maas from the ppa
|
# Install maas from the ppa
|
||||||
&& add-apt-repository -yu ppa:maas/3.0 \
|
&& add-apt-repository -yu ppa:maas/3.2 \
|
||||||
&& apt-get install -y \
|
&& apt-get install -y \
|
||||||
maas-region-api=$MAAS_VERSION \
|
maas-region-api=$MAAS_VERSION \
|
||||||
# tcpdump is required by /usr/lib/maas/beacon-monitor
|
# tcpdump is required by /usr/lib/maas/beacon-monitor
|
||||||
@ -52,32 +52,32 @@ RUN apt-get -qq update \
|
|||||||
RUN mkdir -p /opt/maas/ && tar -cvzf /opt/maas/var-lib-maas.tgz /var/lib/maas
|
RUN mkdir -p /opt/maas/ && tar -cvzf /opt/maas/var-lib-maas.tgz /var/lib/maas
|
||||||
|
|
||||||
# MAAS workarounds
|
# MAAS workarounds
|
||||||
COPY 3.0_route.patch /tmp/3.0_route.patch
|
COPY 3.2_route.patch /tmp/3.2_route.patch
|
||||||
COPY 3.0_kernel_package.patch /tmp/3.0_kernel_package.patch
|
COPY 3.2_kernel_package.patch /tmp/3.2_kernel_package.patch
|
||||||
COPY 3.0_bios_grub_partition.patch /tmp/3.0_bios_grub_partition.patch
|
COPY 3.2_bios_grub_partition.patch /tmp/3.2_bios_grub_partition.patch
|
||||||
# sh8121att: allow all requests via the proxy to allow it to work
|
# sh8121att: allow all requests via the proxy to allow it to work
|
||||||
# behind ingress
|
# behind ingress
|
||||||
COPY 3.0_proxy_acl.patch /tmp/3.0_proxy_acl.patch
|
COPY 3.2_proxy_acl.patch /tmp/3.2_proxy_acl.patch
|
||||||
# Patch to add retrying to MaaS BMC user setup, and improve exception handling
|
# Patch to add retrying to MaaS BMC user setup, and improve exception handling
|
||||||
COPY 3.0_configure_ipmi_user.patch /tmp/3.0_configure_ipmi_user.patch
|
COPY 3.2_configure_ipmi_user.patch /tmp/3.2_configure_ipmi_user.patch
|
||||||
COPY 3.0_secure_headers.patch /tmp/3.0_secure_headers.patch
|
COPY 3.2_secure_headers.patch /tmp/3.2_secure_headers.patch
|
||||||
COPY 3.0_region_secret_rotate.patch /tmp/3.0_region_secret_rotate.patch
|
COPY 3.2_region_secret_rotate.patch /tmp/3.2_region_secret_rotate.patch
|
||||||
COPY 3.0_partitiontable_does_not_exist.patch /tmp/3.0_partitiontable_does_not_exist.patch
|
COPY 3.2_partitiontable_does_not_exist.patch /tmp/3.2_partitiontable_does_not_exist.patch
|
||||||
# Allow tags with '/' symbols
|
# Allow tags with '/' symbols
|
||||||
COPY 3.0_regex_tags.patch /tmp/3.0_regex_tags.patch
|
COPY 3.2_regex_tags.patch /tmp/3.2_regex_tags.patch
|
||||||
# Patch to allow any recursion and cache queries
|
# Patch to allow any recursion and cache queries
|
||||||
COPY 3.0_allow_query.patch /tmp/3.0_allow_query.patch
|
COPY 3.2_allow_query.patch /tmp/3.2_allow_query.patch
|
||||||
|
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/3.0_route.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/3.2_route.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/3.0_kernel_package.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/3.2_kernel_package.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch partition.py < /tmp/3.0_bios_grub_partition.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch partition.py < /tmp/3.2_bios_grub_partition.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver && patch security.py < /tmp/3.0_region_secret_rotate.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver && patch security.py < /tmp/3.2_region_secret_rotate.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/metadataserver/builtin_scripts/commissioning_scripts && patch bmc_config.py < /tmp/3.0_configure_ipmi_user.patch
|
RUN cd /usr/lib/python3/dist-packages/metadataserver/builtin_scripts/commissioning_scripts && patch bmc_config.py < /tmp/3.2_configure_ipmi_user.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/proxy && patch maas-proxy.conf.template < /tmp/3.0_proxy_acl.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/proxy && patch maas-proxy.conf.template < /tmp/3.2_proxy_acl.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.0_secure_headers.patch
|
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.2_secure_headers.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver/api && patch partitions.py < /tmp/3.0_partitiontable_does_not_exist.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver/api && patch partitions.py < /tmp/3.2_partitiontable_does_not_exist.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch ownerdata.py < /tmp/3.0_regex_tags.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch ownerdata.py < /tmp/3.2_regex_tags.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/3.0_allow_query.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/3.2_allow_query.patch
|
||||||
|
|
||||||
# echo journalctl logs to the container's stdout
|
# echo journalctl logs to the container's stdout
|
||||||
COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
||||||
|
15
images/maas-region-controller-jammy/3.4_allow_query.patch
Normal file
15
images/maas-region-controller-jammy/3.4_allow_query.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
index d76fcfa..d198e90 100644
|
||||||
|
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
@@ -13,8 +13,8 @@ empty-zones-enable no;
|
||||||
|
allow-query { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_recursion}}
|
||||||
|
-allow-recursion { trusted; };
|
||||||
|
+allow-recursion { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_query_cache}}
|
||||||
|
-allow-query-cache { trusted; };
|
||||||
|
+allow-query-cache { any; };
|
||||||
|
{{endif}}
|
@ -0,0 +1,12 @@
|
|||||||
|
diff --git a/src/maasserver/models/partition.py b/src/maasserver/models/partition.py
|
||||||
|
index 2d09666..9c2dfa6 100644
|
||||||
|
--- a/src/maasserver/models/partition.py
|
||||||
|
+++ b/src/maasserver/models/partition.py
|
||||||
|
@@ -211,6 +211,7 @@ class Partition(CleanSave, TimestampedModel):
|
||||||
|
arch == "amd64"
|
||||||
|
and bios_boot_method != "uefi"
|
||||||
|
and block_device.type == "physical"
|
||||||
|
+ and block_device.id == boot_disk.id
|
||||||
|
)
|
||||||
|
if need_prep_partition or need_bios_grub:
|
||||||
|
index = 2
|
@ -0,0 +1,52 @@
|
|||||||
|
diff --git a/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py b/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py
|
||||||
|
index 38ba140..36e0bb8 100755
|
||||||
|
--- a/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py
|
||||||
|
+++ b/src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py
|
||||||
|
@@ -185,6 +185,29 @@ class IPMIBase(BMCConfig):
|
||||||
|
return first_unused
|
||||||
|
|
||||||
|
def add_bmc_user(self):
|
||||||
|
+ """Create/configure an IPMI user, but with several tries"""
|
||||||
|
+ attempt = 1
|
||||||
|
+ max_attempts = 5
|
||||||
|
+ backoff_amount = 30
|
||||||
|
+ exceptions_caught = []
|
||||||
|
+ while attempt <= max_attempts:
|
||||||
|
+ print("INFO: Attempt to add IPMI BMC user - %s" % attempt)
|
||||||
|
+ try:
|
||||||
|
+ self._add_bmc_user()
|
||||||
|
+ except Exception as e:
|
||||||
|
+ exceptions_caught.append(e)
|
||||||
|
+ if (attempt + 1) > max_attempts:
|
||||||
|
+ # This is our last attempt, exiting
|
||||||
|
+ print("ERROR: Unable to add BMC user!\n{}".format(exceptions_caught), file=sys.stderr)
|
||||||
|
+ sys.exit(1)
|
||||||
|
+
|
||||||
|
+ if self.password is None:
|
||||||
|
+ time.sleep(attempt * backoff_amount)
|
||||||
|
+ else:
|
||||||
|
+ return
|
||||||
|
+ attempt += 1
|
||||||
|
+
|
||||||
|
+ def _add_bmc_user(self):
|
||||||
|
if not self.username:
|
||||||
|
self.username = "maas"
|
||||||
|
user_number = self._pick_user_number(self.username)
|
||||||
|
@@ -206,7 +229,7 @@ class IPMIBase(BMCConfig):
|
||||||
|
if self._bmc_config[user_number].get(key) != value:
|
||||||
|
self._bmc_set(user_number, key, value)
|
||||||
|
except Exception:
|
||||||
|
- pass
|
||||||
|
+ raise
|
||||||
|
else:
|
||||||
|
self.password = password
|
||||||
|
# Not all user settings are available on all BMC keys, its
|
||||||
|
@@ -221,8 +244,6 @@ class IPMIBase(BMCConfig):
|
||||||
|
"Yes",
|
||||||
|
)
|
||||||
|
return
|
||||||
|
- print("ERROR: Unable to add BMC user!", file=sys.stderr)
|
||||||
|
- sys.exit(1)
|
||||||
|
|
||||||
|
def _bmc_get_config(self, section=None):
|
||||||
|
"""Fetch and cache all BMC settings."""
|
31
images/maas-region-controller-jammy/3.4_kernel_package.patch
Normal file
31
images/maas-region-controller-jammy/3.4_kernel_package.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
diff --git a/src/maasserver/preseed.py b/src/maasserver/preseed.py
|
||||||
|
index a7ba9f8..9a30021 100644
|
||||||
|
--- a/src/maasserver/preseed.py
|
||||||
|
+++ b/src/maasserver/preseed.py
|
||||||
|
@@ -248,7 +248,26 @@ def compose_curtin_kernel_preseed(node):
|
||||||
|
if node.get_osystem() == "custom":
|
||||||
|
return []
|
||||||
|
|
||||||
|
+ # previous logic to retrieve kpackage parameter
|
||||||
|
kpackage = BootResource.objects.get_kpackage_for_node(node)
|
||||||
|
+
|
||||||
|
+ # determine if thie node has kernel parameters applied by drydock
|
||||||
|
+ # and override kpackage if we discover the right properties
|
||||||
|
+ kernel_opt_tag = "%s_kp" % (node.hostname)
|
||||||
|
+ if kernel_opt_tag in node.tag_names():
|
||||||
|
+
|
||||||
|
+ # the tag exists, retrieve it
|
||||||
|
+ kernel_opts = node.tags.get(name=kernel_opt_tag).kernel_opts
|
||||||
|
+
|
||||||
|
+ # parse the string and find our package param value
|
||||||
|
+ # e.g. kernel_package=linux-image-4.15.0-34-generic
|
||||||
|
+ kparams = kernel_opts.split()
|
||||||
|
+ kdict = dict(
|
||||||
|
+ kparam.split("=", 1) for kparam in kparams if "=" in kparam
|
||||||
|
+ )
|
||||||
|
+ if "kernel_package" in kdict:
|
||||||
|
+ kpackage = kdict["kernel_package"]
|
||||||
|
+
|
||||||
|
if kpackage:
|
||||||
|
kernel_config = {"kernel": {"package": kpackage, "mapping": {}}}
|
||||||
|
return [yaml.safe_dump(kernel_config)]
|
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/src/maasserver/api/partitions.py b/src/maasserver/api/partitions.py
|
||||||
|
index 4302d8d..f0e51c8 100644
|
||||||
|
--- a/src/maasserver/api/partitions.py
|
||||||
|
+++ b/src/maasserver/api/partitions.py
|
||||||
|
@@ -99,7 +99,7 @@ class PartitionsHandler(OperationsHandler):
|
||||||
|
device = BlockDevice.objects.get_block_device_or_404(
|
||||||
|
system_id, device_id, request.user, NodePermission.view
|
||||||
|
)
|
||||||
|
- partition_table = device.partitiontable_set.get()
|
||||||
|
+ partition_table = device.get_partitiontable()
|
||||||
|
if partition_table is None:
|
||||||
|
return []
|
||||||
|
else:
|
10
images/maas-region-controller-jammy/3.4_proxy_acl.patch
Normal file
10
images/maas-region-controller-jammy/3.4_proxy_acl.patch
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
18,24c18
|
||||||
|
< http_access allow maas_proxy_manager localhost
|
||||||
|
< http_access deny maas_proxy_manager
|
||||||
|
< http_access deny !Safe_ports
|
||||||
|
< http_access deny CONNECT !SSL_ports
|
||||||
|
< http_access allow localnet
|
||||||
|
< http_access allow localhost
|
||||||
|
< http_access deny all
|
||||||
|
---
|
||||||
|
> http_access allow all
|
24
images/maas-region-controller-jammy/3.4_regex_tags.patch
Normal file
24
images/maas-region-controller-jammy/3.4_regex_tags.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
diff --git a/src/maasserver/models/ownerdata.py b/src/maasserver/models/ownerdata.py
|
||||||
|
index 2cbaa9d..f8cbeb5 100644
|
||||||
|
--- a/src/maasserver/models/ownerdata.py
|
||||||
|
+++ b/src/maasserver/models/ownerdata.py
|
||||||
|
@@ -17,7 +17,7 @@ from django.db.models import (
|
||||||
|
|
||||||
|
from maasserver.models.cleansave import CleanSave
|
||||||
|
|
||||||
|
-DATA_KEY_RE = re.compile(r"[\w.-]+$")
|
||||||
|
+#DATA_KEY_RE = re.compile(r"[\w.-]+$")
|
||||||
|
|
||||||
|
|
||||||
|
class OwnerDataManager(Manager):
|
||||||
|
@@ -32,8 +32,8 @@ class OwnerDataManager(Manager):
|
||||||
|
if value is None:
|
||||||
|
to_remove.add(key)
|
||||||
|
else:
|
||||||
|
- if not DATA_KEY_RE.match(key):
|
||||||
|
- raise ValueError("Invalid character in key name")
|
||||||
|
+ # if not DATA_KEY_RE.match(key):
|
||||||
|
+ # raise ValueError("Invalid character in key name")
|
||||||
|
|
||||||
|
self.update_or_create(
|
||||||
|
node=node, key=key, defaults={"value": value}
|
17
images/maas-region-controller-jammy/3.4_route.patch
Normal file
17
images/maas-region-controller-jammy/3.4_route.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
diff --git a/src/maasserver/preseed_network.py b/src/maasserver/preseed_network.py
|
||||||
|
index c1e516c..f90aa4d 100644
|
||||||
|
--- a/src/maasserver/preseed_network.py
|
||||||
|
+++ b/src/maasserver/preseed_network.py
|
||||||
|
@@ -307,7 +307,11 @@ class InterfaceConfiguration:
|
||||||
|
|
||||||
|
def _get_matching_routes(self, source):
|
||||||
|
"""Return all route objects matching `source`."""
|
||||||
|
- return {route for route in self.routes if route.source == source}
|
||||||
|
+ return {
|
||||||
|
+ route
|
||||||
|
+ for route in self.routes
|
||||||
|
+ if str(route.source.cidr) == str(source.cidr)
|
||||||
|
+ }
|
||||||
|
|
||||||
|
def _generate_addresses(self):
|
||||||
|
"""Generate the various addresses needed for this interface."""
|
12
images/maas-region-controller-jammy/3.4_secure_headers.patch
Normal file
12
images/maas-region-controller-jammy/3.4_secure_headers.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff --git a/src/twisted/web/server.py b/src/twisted/web/server.py
|
||||||
|
index d30156b..3a04ecb 100644
|
||||||
|
--- a/src/twisted/web/server.py
|
||||||
|
+++ b/src/twisted/web/server.py
|
||||||
|
@@ -206,7 +206,6 @@ class Request(Copyable, http.Request, components.Componentized):
|
||||||
|
self.site = self.channel.site
|
||||||
|
|
||||||
|
# set various default headers
|
||||||
|
- self.setHeader(b"server", version)
|
||||||
|
self.setHeader(b"date", http.datetimeToString())
|
||||||
|
|
||||||
|
# Resource Identification
|
91
images/maas-region-controller-jammy/Dockerfile
Normal file
91
images/maas-region-controller-jammy/Dockerfile
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
ARG FROM=ubuntu:20.04
|
||||||
|
FROM ${FROM}
|
||||||
|
|
||||||
|
LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode'
|
||||||
|
LABEL org.opencontainers.image.url='https://airshipit.org'
|
||||||
|
LABEL org.opencontainers.image.documentation='https://github.com/openstack/airship-maas'
|
||||||
|
LABEL org.opencontainers.image.source='https://git.openstack.org/openstack/airship-maas'
|
||||||
|
LABEL org.opencontainers.image.vendor='The Airship Authors'
|
||||||
|
LABEL org.opencontainers.image.licenses='Apache-2.0'
|
||||||
|
|
||||||
|
ARG HTTP_PROXY
|
||||||
|
ARG HTTPS_PROXY
|
||||||
|
ARG NO_PROXY
|
||||||
|
ARG http_proxy
|
||||||
|
ARG https_proxy
|
||||||
|
ARG no_proxy
|
||||||
|
|
||||||
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
|
ENV container docker
|
||||||
|
|
||||||
|
ENV MAAS_VERSION 1:3.4.0-14321-g.1027c7664-0ubuntu1~22.04.1
|
||||||
|
|
||||||
|
RUN apt-get -qq update \
|
||||||
|
&& apt-get install -y \
|
||||||
|
avahi-daemon \
|
||||||
|
jq \
|
||||||
|
patch \
|
||||||
|
software-properties-common \
|
||||||
|
sudo \
|
||||||
|
systemd \
|
||||||
|
cron \
|
||||||
|
ca-certificates \
|
||||||
|
# Don't start any optional services except for the few we need.
|
||||||
|
# (specifically, don't start avahi-daemon)
|
||||||
|
&& find /etc/systemd/system \
|
||||||
|
/lib/systemd/system \
|
||||||
|
-path '*.wants/*' \
|
||||||
|
-not -name '*journald*' \
|
||||||
|
-not -name '*systemd-tmpfiles*' \
|
||||||
|
-not -name '*systemd-user-sessions*' \
|
||||||
|
-exec rm \{} \; \
|
||||||
|
&& systemctl set-default multi-user.target \
|
||||||
|
# Install maas from the ppa
|
||||||
|
&& add-apt-repository -yu ppa:maas/3.4 \
|
||||||
|
&& apt-get install -y \
|
||||||
|
maas-region-api=$MAAS_VERSION \
|
||||||
|
# tcpdump is required by /usr/lib/maas/beacon-monitor
|
||||||
|
tcpdump \
|
||||||
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# Preserve the directory structure, permissions, and contents of /var/lib/maas
|
||||||
|
RUN mkdir -p /opt/maas/ && tar -cvzf /opt/maas/var-lib-maas.tgz /var/lib/maas
|
||||||
|
|
||||||
|
# MAAS workarounds
|
||||||
|
COPY 3.4_route.patch /tmp/3.4_route.patch
|
||||||
|
COPY 3.4_kernel_package.patch /tmp/3.4_kernel_package.patch
|
||||||
|
COPY 3.4_bios_grub_partition.patch /tmp/3.4_bios_grub_partition.patch
|
||||||
|
# sh8121att: allow all requests via the proxy to allow it to work
|
||||||
|
# behind ingress
|
||||||
|
COPY 3.4_proxy_acl.patch /tmp/3.4_proxy_acl.patch
|
||||||
|
# Patch to add retrying to MaaS BMC user setup, and improve exception handling
|
||||||
|
COPY 3.4_configure_ipmi_user.patch /tmp/3.4_configure_ipmi_user.patch
|
||||||
|
COPY 3.4_secure_headers.patch /tmp/3.4_secure_headers.patch
|
||||||
|
COPY 3.4_partitiontable_does_not_exist.patch /tmp/3.4_partitiontable_does_not_exist.patch
|
||||||
|
# Allow tags with '/' symbols
|
||||||
|
COPY 3.4_regex_tags.patch /tmp/3.4_regex_tags.patch
|
||||||
|
# Patch to allow any recursion and cache queries
|
||||||
|
COPY 3.4_allow_query.patch /tmp/3.4_allow_query.patch
|
||||||
|
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/3.4_route.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/3.4_kernel_package.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch partition.py < /tmp/3.4_bios_grub_partition.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/metadataserver/builtin_scripts/commissioning_scripts && patch bmc_config.py < /tmp/3.4_configure_ipmi_user.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/proxy && patch maas-proxy.conf.template < /tmp/3.4_proxy_acl.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.4_secure_headers.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/maasserver/api && patch partitions.py < /tmp/3.4_partitiontable_does_not_exist.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch ownerdata.py < /tmp/3.4_regex_tags.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/3.4_allow_query.patch
|
||||||
|
|
||||||
|
# echo journalctl logs to the container's stdout
|
||||||
|
COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
||||||
|
RUN systemctl enable journalctl-to-tty.service
|
||||||
|
|
||||||
|
# quiet sudo for the maas user
|
||||||
|
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
|
||||||
|
|
||||||
|
# avoid triggering bind9 high cpu utilization bug
|
||||||
|
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf && /usr/lib/maas/maas-common setup-dns
|
||||||
|
|
||||||
|
# initalize systemd
|
||||||
|
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
1
images/maas-region-controller-jammy/README.md
Normal file
1
images/maas-region-controller-jammy/README.md
Normal file
@ -0,0 +1 @@
|
|||||||
|
[![Docker Repository on Quay](https://quay.io/repository/airshipit/maas-rack/status "Docker Repository on Quay")](https://quay.io/repository/airshipit/maas-region) Ubuntu MaaS Region Controller
|
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Journald console log streamer
|
||||||
|
Requires=systemd-journald.service
|
||||||
|
After=systemd-journald.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Restart=always
|
||||||
|
RestartSec=0
|
||||||
|
ExecStart=/bin/journalctl -f
|
||||||
|
StandardOutput=tty
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=basic.target
|
Loading…
Reference in New Issue
Block a user