From 617607e42690befae69c86ad9b21134fdd467cbb Mon Sep 17 00:00:00 2001 From: Scott Hussey Date: Wed, 21 Nov 2018 09:47:18 -0600 Subject: [PATCH] (fix) Fix static ports in MAAS ingress - Some residual static configuration was left in the MAAS ingress deployment template. Update it to render the ingress ports from endpoints and also to remove the TCP forwarder for the MAAS region API and instead use a standard Ingress resource. Change-Id: I7764d48ea919147503e9bf2521c52cb6f0028538 --- .../templates/bin/_maas-vip-configure.sh.tpl | 16 ++++++++-------- charts/maas/templates/configmap-etc.yaml | 2 ++ charts/maas/templates/configmap-ingress.yaml | 1 - .../templates/deployment-maas-ingress.yaml | 19 +++++++++++++------ .../maas/templates/etc/_curtin_userdata.tpl | 4 ++-- charts/maas/templates/statefulset-rack.yaml | 4 ---- charts/maas/values.yaml | 3 ++- .../maas-rack-controller/2.3_hostheader.patch | 10 ++++++++++ images/maas-rack-controller/Dockerfile | 4 ++++ 9 files changed, 41 insertions(+), 22 deletions(-) create mode 100644 images/maas-rack-controller/2.3_hostheader.patch diff --git a/charts/maas/templates/bin/_maas-vip-configure.sh.tpl b/charts/maas/templates/bin/_maas-vip-configure.sh.tpl index f1f6285..8c5d7b6 100644 --- a/charts/maas/templates/bin/_maas-vip-configure.sh.tpl +++ b/charts/maas/templates/bin/_maas-vip-configure.sh.tpl @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh {{/* Copyright 2018 The Openstack-Helm Authors. @@ -18,20 +18,20 @@ limitations under the License.*/}} set -ex -COMMAND="${@:-start}" +COMMAND="${*:-start}" -function kernel_modules () { +kernel_modules () { chroot /mnt/host-rootfs modprobe dummy } -function test_vip () { +test_vip () { ip addr show ${interface} | \ awk "/inet / && /${interface}/{print \$2 }" | \ awk -F '/' '{ print $1 }' | \ grep -q "${addr%/*}" } -function start () { +start () { kernel_modules ip link show ${interface} > /dev/null || ip link add ${interface} type dummy if ! test_vip; then @@ -40,11 +40,11 @@ function start () { ip link set ${interface} up } -function sleep () { - exec /usr/bin/dumb-init bash -c "while :; do sleep 2073600; done" +sleep () { + exec /bin/sh -c "while :; do sleep 2073600; done" } -function stop () { +stop () { ip link show ${interface} > /dev/null || exit 0 if test_vip; then ip addr del ${addr} dev ${interface} diff --git a/charts/maas/templates/configmap-etc.yaml b/charts/maas/templates/configmap-etc.yaml index 4a07137..d24a9b9 100644 --- a/charts/maas/templates/configmap-etc.yaml +++ b/charts/maas/templates/configmap-etc.yaml @@ -44,3 +44,5 @@ data: drivers.yaml: | {{ tuple "etc/_drivers.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} + sleep-inittab: | + ::sysinit:/tmp/maas-vip-configure.sh sleep diff --git a/charts/maas/templates/configmap-ingress.yaml b/charts/maas/templates/configmap-ingress.yaml index d2dde34..d959075 100644 --- a/charts/maas/templates/configmap-ingress.yaml +++ b/charts/maas/templates/configmap-ingress.yaml @@ -22,7 +22,6 @@ kind: ConfigMap metadata: name: maas-ingress-services-tcp data: - {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-api" {{ tuple "maas_region" "public" "region_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-proxy" ... --- diff --git a/charts/maas/templates/deployment-maas-ingress.yaml b/charts/maas/templates/deployment-maas-ingress.yaml index a46e597..842000e 100644 --- a/charts/maas/templates/deployment-maas-ingress.yaml +++ b/charts/maas/templates/deployment-maas-ingress.yaml @@ -168,7 +168,7 @@ spec: initContainers: {{ tuple $envAll "maas_ingress" $mounts_maas_ingress_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: maas-ingress-vip-init - image: {{ .Values.images.tags.ingress }} + image: {{ .Values.images.tags.ingress_vip }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} securityContext: @@ -192,7 +192,7 @@ spec: readOnly: true containers: - name: maas-ingress-vip - image: {{ .Values.images.tags.ingress }} + image: {{ .Values.images.tags.ingress_vip }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} securityContext: @@ -201,8 +201,7 @@ spec: - 'NET_ADMIN' runAsUser: 0 command: - - /tmp/maas-vip-configure.sh - - sleep + - /bin/init env: {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }} volumeMounts: @@ -210,6 +209,10 @@ spec: name: maas-bin subPath: maas-vip-configure readOnly: true + - mountPath: /etc/inittab + name: maas-etc + subPath: sleep-inittab + readOnly: true lifecycle: preStop: exec: @@ -240,9 +243,9 @@ spec: - name: RELEASE_NAME value: {{ .Release.Name | quote }} - name: HTTP_PORT - value: "8808" + value: {{ tuple "maas_ingress" "podport" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: HTTPS_PORT - value: "8543" + value: {{ tuple "maas_ingress" "podport" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: HEALTHZ_PORT value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: STATUS_PORT @@ -260,6 +263,10 @@ spec: configMap: name: maas-bin defaultMode: 0555 + - name: maas-etc + configMap: + name: maas-etc + defaultMode: 0444 - name: host-rootfs hostPath: path: / diff --git a/charts/maas/templates/etc/_curtin_userdata.tpl b/charts/maas/templates/etc/_curtin_userdata.tpl index 84ee704..421c54e 100644 --- a/charts/maas/templates/etc/_curtin_userdata.tpl +++ b/charts/maas/templates/etc/_curtin_userdata.tpl @@ -39,8 +39,8 @@ def find_ba_key(n): {{ "{{" }}py: ba_files_url = ''.join([{{ quote $drydock_url }},'/bootactions/nodes/',node.hostname,'/files']){{ "}}" }} {{ "{{" }}if ba_key{{ "}}" }} drydock_00: ["sh", "-c", "echo Installing Drydock Boot Actions."] - drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"] - drydock_02: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_files_url{{ "}}" }}", "-O", "/tmp/bootaction-files.tar.gz"] + drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--no-check-certificate", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"] + drydock_02: ["curtin", "in-target", "--", "wget", "--no-proxy", "--no-check-certificate", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_files_url{{ "}}" }}", "-O", "/tmp/bootaction-files.tar.gz"] drydock_03: ["curtin", "in-target", "--", "sh", "-c", "tar --owner=root -xPzvf /tmp/bootaction-units.tar.gz > /tmp/bootaction-unit-names.txt"] drydock_04: ["curtin", "in-target", "--", "sh", "-c", "tar --owner=root -xPzvf /tmp/bootaction-files.tar.gz > /tmp/bootaction-file-names.txt"] drydock_05: ["curtin", "in-target", "--", "sh", "-c", "xargs -a /tmp/bootaction-unit-names.txt -n 1 basename > /tmp/bootaction-unit-basenames.txt || echo 'Did not run basenames on units'"] diff --git a/charts/maas/templates/statefulset-rack.yaml b/charts/maas/templates/statefulset-rack.yaml index ea1dd0b..78e37ea 100644 --- a/charts/maas/templates/statefulset-rack.yaml +++ b/charts/maas/templates/statefulset-rack.yaml @@ -103,10 +103,6 @@ spec: mountPath: /usr/local/bin/register-rack-controller.sh subPath: register-rack-controller.sh readOnly: true - - name: maas-etc - mountPath: /lib/systemd/system/register-rack-controller.service - subPath: register-rack-controller.service - readOnly: true - name: rackd-state mountPath: /etc/maas subPath: etc diff --git a/charts/maas/values.yaml b/charts/maas/values.yaml index 1facbdf..c28e7e4 100644 --- a/charts/maas/values.yaml +++ b/charts/maas/values.yaml @@ -79,7 +79,8 @@ images: export_api_key: quay.io/airshipit/maas-region-controller:latest maas_cache: quay.io/airshipit/sstream-cache:latest dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 - ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0 + ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0 + ingress_vip: docker.io/busybox:latest error_pages: gcr.io/google_containers/defaultbackend:1.0 pull_policy: IfNotPresent local_registry: diff --git a/images/maas-rack-controller/2.3_hostheader.patch b/images/maas-rack-controller/2.3_hostheader.patch new file mode 100644 index 0000000..6cd77bd --- /dev/null +++ b/images/maas-rack-controller/2.3_hostheader.patch @@ -0,0 +1,10 @@ +1047c1047 +< if family in {AF_INET, AF_INET6}: +--- +> if family in {AF_INET6}: +1051a1052,1054 +> info_url = info_url_base._replace(netloc=netloc) +> elif family in {AF_INET}: +> info_url = info_url_base +1054d1056 +< info_url = info_url_base._replace(netloc=netloc) diff --git a/images/maas-rack-controller/Dockerfile b/images/maas-rack-controller/Dockerfile index 23e73da..9420ea3 100644 --- a/images/maas-rack-controller/Dockerfile +++ b/images/maas-rack-controller/Dockerfile @@ -52,8 +52,12 @@ RUN systemctl enable register-rack-controller.service COPY 2.3_nic_filter.patch /tmp/2.3_nic_filter.patch # sh8121att: patch so that interfaces with MAC 00:00:00:00:00:00 omit the MAC address COPY 2.3_mac_address.patch /tmp/2.3_mac_address.patch +# sh8121att: patch so query for RPC info contains proper Host header +copy 2.3_hostheader.patch /tmp/2.3_hostheader.patch + RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/2.3_nic_filter.patch RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch ipaddr.py < /tmp/2.3_mac_address.patch +RUN cd /usr/lib/python3/dist-packages/provisioningserver/rpc && patch clusterservice.py < /tmp/2.3_hostheader.patch # echo journalctl logs to the container's stdout COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service