airship
/
maas
Code Issues Proposed changes

(fix) Fix static ports in MAAS ingress 

- Some residual static configuration was left in the MAAS ingress
  deployment template. Update it to render the ingress ports from
  endpoints and also to remove the TCP forwarder for the MAAS
  region API and instead use a standard Ingress resource.

Change-Id: I7764d48ea919147503e9bf2521c52cb6f0028538
This commit is contained in:
Scott Hussey 2018-11-21 09:47:18 -06:00 committed by Dan Crank
parent 2aaca3f60b
commit 617607e426
9 changed files with 41 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
charts/maas/templates/bin/_maas-vip-configure.sh.tpl
View File

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/sh
{{/* {{/*
Copyright 2018 The Openstack-Helm Authors. Copyright 2018 The Openstack-Helm Authors.
@ -18,20 +18,20 @@ limitations under the License.*/}}
set -ex set -ex
COMMAND="${@:-start}" COMMAND="${*:-start}"
function kernel_modules () { kernel_modules () {
chroot /mnt/host-rootfs modprobe dummy chroot /mnt/host-rootfs modprobe dummy
} }
function test_vip () { test_vip () {
ip addr show ${interface} | \ ip addr show ${interface} | \
awk "/inet / && /${interface}/{print \$2 }" | \ awk "/inet / && /${interface}/{print \$2 }" | \
awk -F '/' '{ print $1 }' | \ awk -F '/' '{ print $1 }' | \
grep -q "${addr%/*}" grep -q "${addr%/*}"
} }
function start () { start () {
kernel_modules kernel_modules
ip link show ${interface} > /dev/null || ip link add ${interface} type dummy ip link show ${interface} > /dev/null || ip link add ${interface} type dummy
if ! test_vip; then if ! test_vip; then
@ -40,11 +40,11 @@ function start () {
ip link set ${interface} up ip link set ${interface} up
} }
function sleep () { sleep () {
exec /usr/bin/dumb-init bash -c "while :; do sleep 2073600; done" exec /bin/sh -c "while :; do sleep 2073600; done"
} }
function stop () { stop () {
ip link show ${interface} > /dev/null || exit 0 ip link show ${interface} > /dev/null || exit 0
if test_vip; then if test_vip; then
ip addr del ${addr} dev ${interface} ip addr del ${addr} dev ${interface}

2
charts/maas/templates/configmap-etc.yaml
View File

@ -44,3 +44,5 @@ data:
drivers.yaml: | drivers.yaml: |
{{ tuple "etc/_drivers.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "etc/_drivers.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}
sleep-inittab: |
::sysinit:/tmp/maas-vip-configure.sh sleep

1
charts/maas/templates/configmap-ingress.yaml
View File

@ -22,7 +22,6 @@ kind: ConfigMap
metadata: metadata:
name: maas-ingress-services-tcp name: maas-ingress-services-tcp
data: data:
{{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-api"
{{ tuple "maas_region" "public" "region_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-proxy" {{ tuple "maas_region" "public" "region_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-proxy"
... ...
--- ---

19
charts/maas/templates/deployment-maas-ingress.yaml
View File

@ -168,7 +168,7 @@ spec:
initContainers: initContainers:
{{ tuple $envAll "maas_ingress" $mounts_maas_ingress_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll "maas_ingress" $mounts_maas_ingress_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: maas-ingress-vip-init - name: maas-ingress-vip-init
image: {{ .Values.images.tags.ingress }} image: {{ .Values.images.tags.ingress_vip }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext: securityContext:
@ -192,7 +192,7 @@ spec:
readOnly: true readOnly: true
containers: containers:
- name: maas-ingress-vip - name: maas-ingress-vip
image: {{ .Values.images.tags.ingress }} image: {{ .Values.images.tags.ingress_vip }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext: securityContext:
@ -201,8 +201,7 @@ spec:
- 'NET_ADMIN' - 'NET_ADMIN'
runAsUser: 0 runAsUser: 0
command: command:
- /tmp/maas-vip-configure.sh - /bin/init
- sleep
env: env:
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }} {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
volumeMounts: volumeMounts:
@ -210,6 +209,10 @@ spec:
name: maas-bin name: maas-bin
subPath: maas-vip-configure subPath: maas-vip-configure
readOnly: true readOnly: true
- mountPath: /etc/inittab
name: maas-etc
subPath: sleep-inittab
readOnly: true
lifecycle: lifecycle:
preStop: preStop:
exec: exec:
@ -240,9 +243,9 @@ spec:
- name: RELEASE_NAME - name: RELEASE_NAME
value: {{ .Release.Name | quote }} value: {{ .Release.Name | quote }}
- name: HTTP_PORT - name: HTTP_PORT
value: "8808" value: {{ tuple "maas_ingress" "podport" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: HTTPS_PORT - name: HTTPS_PORT
value: "8543" value: {{ tuple "maas_ingress" "podport" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: HEALTHZ_PORT - name: HEALTHZ_PORT
value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: STATUS_PORT - name: STATUS_PORT
@ -260,6 +263,10 @@ spec:
configMap: configMap:
name: maas-bin name: maas-bin
defaultMode: 0555 defaultMode: 0555
- name: maas-etc
configMap:
name: maas-etc
defaultMode: 0444
- name: host-rootfs - name: host-rootfs
hostPath: hostPath:
path: / path: /

4
charts/maas/templates/etc/_curtin_userdata.tpl
View File

@ -39,8 +39,8 @@ def find_ba_key(n):
{{ "{{" }}py: ba_files_url = ''.join([{{ quote $drydock_url }},'/bootactions/nodes/',node.hostname,'/files']){{ "}}" }} {{ "{{" }}py: ba_files_url = ''.join([{{ quote $drydock_url }},'/bootactions/nodes/',node.hostname,'/files']){{ "}}" }}
{{ "{{" }}if ba_key{{ "}}" }} {{ "{{" }}if ba_key{{ "}}" }}
drydock_00: ["sh", "-c", "echo Installing Drydock Boot Actions."] drydock_00: ["sh", "-c", "echo Installing Drydock Boot Actions."]
drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"] drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--no-check-certificate", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"]
drydock_02: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_files_url{{ "}}" }}", "-O", "/tmp/bootaction-files.tar.gz"] drydock_02: ["curtin", "in-target", "--", "wget", "--no-proxy", "--no-check-certificate", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_files_url{{ "}}" }}", "-O", "/tmp/bootaction-files.tar.gz"]
drydock_03: ["curtin", "in-target", "--", "sh", "-c", "tar --owner=root -xPzvf /tmp/bootaction-units.tar.gz > /tmp/bootaction-unit-names.txt"] drydock_03: ["curtin", "in-target", "--", "sh", "-c", "tar --owner=root -xPzvf /tmp/bootaction-units.tar.gz > /tmp/bootaction-unit-names.txt"]
drydock_04: ["curtin", "in-target", "--", "sh", "-c", "tar --owner=root -xPzvf /tmp/bootaction-files.tar.gz > /tmp/bootaction-file-names.txt"] drydock_04: ["curtin", "in-target", "--", "sh", "-c", "tar --owner=root -xPzvf /tmp/bootaction-files.tar.gz > /tmp/bootaction-file-names.txt"]
drydock_05: ["curtin", "in-target", "--", "sh", "-c", "xargs -a /tmp/bootaction-unit-names.txt -n 1 basename > /tmp/bootaction-unit-basenames.txt || echo 'Did not run basenames on units'"] drydock_05: ["curtin", "in-target", "--", "sh", "-c", "xargs -a /tmp/bootaction-unit-names.txt -n 1 basename > /tmp/bootaction-unit-basenames.txt || echo 'Did not run basenames on units'"]

4
charts/maas/templates/statefulset-rack.yaml
View File

@ -103,10 +103,6 @@ spec:
mountPath: /usr/local/bin/register-rack-controller.sh mountPath: /usr/local/bin/register-rack-controller.sh
subPath: register-rack-controller.sh subPath: register-rack-controller.sh
readOnly: true readOnly: true
- name: maas-etc
mountPath: /lib/systemd/system/register-rack-controller.service
subPath: register-rack-controller.service
readOnly: true
- name: rackd-state - name: rackd-state
mountPath: /etc/maas mountPath: /etc/maas
subPath: etc subPath: etc

3
charts/maas/values.yaml
View File

@ -79,7 +79,8 @@ images:
export_api_key: quay.io/airshipit/maas-region-controller:latest export_api_key: quay.io/airshipit/maas-region-controller:latest
maas_cache: quay.io/airshipit/sstream-cache:latest maas_cache: quay.io/airshipit/sstream-cache:latest
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0 ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0
ingress_vip: docker.io/busybox:latest
error_pages: gcr.io/google_containers/defaultbackend:1.0 error_pages: gcr.io/google_containers/defaultbackend:1.0
pull_policy: IfNotPresent pull_policy: IfNotPresent
local_registry: local_registry:

10
images/maas-rack-controller/2.3_hostheader.patch Normal file
View File

@ -0,0 +1,10 @@
1047c1047
< if family in {AF_INET, AF_INET6}:
---
> if family in {AF_INET6}:
1051a1052,1054
> info_url = info_url_base._replace(netloc=netloc)
> elif family in {AF_INET}:
> info_url = info_url_base
1054d1056
< info_url = info_url_base._replace(netloc=netloc)

4
images/maas-rack-controller/Dockerfile
View File

@ -52,8 +52,12 @@ RUN systemctl enable register-rack-controller.service
COPY 2.3_nic_filter.patch /tmp/2.3_nic_filter.patch COPY 2.3_nic_filter.patch /tmp/2.3_nic_filter.patch
# sh8121att: patch so that interfaces with MAC 00:00:00:00:00:00 omit the MAC address # sh8121att: patch so that interfaces with MAC 00:00:00:00:00:00 omit the MAC address
COPY 2.3_mac_address.patch /tmp/2.3_mac_address.patch COPY 2.3_mac_address.patch /tmp/2.3_mac_address.patch
# sh8121att: patch so query for RPC info contains proper Host header
copy 2.3_hostheader.patch /tmp/2.3_hostheader.patch
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/2.3_nic_filter.patch RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/2.3_nic_filter.patch
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch ipaddr.py < /tmp/2.3_mac_address.patch RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch ipaddr.py < /tmp/2.3_mac_address.patch
RUN cd /usr/lib/python3/dist-packages/provisioningserver/rpc && patch clusterservice.py < /tmp/2.3_hostheader.patch
# echo journalctl logs to the container's stdout # echo journalctl logs to the container's stdout
COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service