airship/maas
Code Issues Proposed changes

Fix ingress_disable_gui handling for region_api

Browse Source 
When ingress_disable_gui is set to true, the
/MAAS/ws path was not being routed to the
region_api service, which is necessary for MAAS
CLI and other non-GUI interactions. This change
adds the required path routing to ensure that the
/MAAS/ws endpoint is correctly directed to the
region_api service.

Also include a minor fix or noble images
publishing.

Change-Id: I76bcc2513dc1d6f42c1fbac53535d7ed34328ca7
Signed-off-by: Sergiy Markin <smarkin@mirantis.com>
This commit is contained in:
Sergiy Markin
2025-10-17 00:53:22 +00:00
parent 4067d6461a
commit df71afd59e
6 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.zuul.yaml
View File

@@ -200,7 +200,7 @@
- "^images/.*"
vars:
publish: true
distro: ubuntu_jammy
distro: ubuntu_noble
tags:
dynamic:
branch: true

28
charts/maas/templates/ingress-region.yaml
View File

@@ -35,6 +35,27 @@ spec:
http:
paths:
{{- if .Values.conf.maas.ingress_disable_gui }}
- path: /MAAS/version
pathType: Exact
backend:
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS
pathType: Exact
backend:
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/
pathType: Exact
backend:
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/api
pathType: Prefix
backend:
@@ -63,6 +84,13 @@ spec:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/ws
pathType: Prefix
backend:
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
{{- else if (and .Values.conf.maas.ingress_disable_gui .Values.conf.maas.tls.enabled) }}
- path: /MAAS/api
pathType: Prefix

2
charts/maas/values.yaml
View File

@@ -437,6 +437,7 @@ pod:
add:
- "DAC_READ_SEARCH"
- "NET_ADMIN"
- "NET_BIND_SERVICE"
- "SYS_ADMIN"
- "SYS_PTRACE"
- "SYS_RESOURCE"
@@ -453,6 +454,7 @@ pod:
add:
- "SYS_ADMIN"
- "NET_ADMIN"
- "NET_BIND_SERVICE"
- "SYS_PTRACE"
- "SYS_TIME"
- "SYS_RESOURCE"

1
images/maas-rack-controller-noble/Dockerfile
View File

@@ -34,6 +34,7 @@ RUN apt-get -qq update \
sudo \
systemd \
ca-certificates \
chrony \
# Don't start any optional services except for the few we need.
# (specifically, don't start avahi-daemon, isc-dhcp-server, or libvirtd)
&& find /etc/systemd/system \

1
images/maas-region-controller-noble/Dockerfile
View File

@@ -33,6 +33,7 @@ RUN apt-get -qq update \
cron \
ca-certificates \
bind9-dnsutils \
chrony \
# Don't start any optional services except for the few we need.
# (specifically, don't start avahi-daemon)
&& find /etc/systemd/system \

17
images/maas-region-controller-noble/override.chrony.conf
View File

@@ -1,3 +1,16 @@
[Service]
ExecStartPre=-mkdir -p /var/log/chrony
ExecStartPre=-chown root /var/run/chrony
# Run chrony as the package user on Noble
User=_chrony
Group=avahi
# Let systemd create writable runtime dir for that user
RuntimeDirectory=chrony
RuntimeDirectoryMode=0777
RuntimeDirectoryPreserve=yes
# Defensive: ensure dir exists with correct owner (no-op if already created)
ExecStartPre=-/usr/bin/install -d -o _chrony -g avahi -m 0777 /run/chrony
# Caps needed inside container (matches your pod securityContext)
CapabilityBoundingSet=CAP_SYS_TIME CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_SYS_TIME CAP_NET_BIND_SERVICE