From 7f50e96ff37cbfd95611066eded6a715509b4e7e Mon Sep 17 00:00:00 2001 From: Scott Hussey Date: Thu, 10 Jan 2019 21:12:10 -0600 Subject: [PATCH] Open MAAS proxy ACL - Allow requests from any source through the MAAS proxy so that traffic routed through maas-ingress will work Change-Id: I91e40789ad45c0ea75c54eccbf37931156b224e3 --- images/maas-region-controller/2.3_proxy_acl.patch | 10 ++++++++++ images/maas-region-controller/Dockerfile | 5 +++++ 2 files changed, 15 insertions(+) create mode 100644 images/maas-region-controller/2.3_proxy_acl.patch diff --git a/images/maas-region-controller/2.3_proxy_acl.patch b/images/maas-region-controller/2.3_proxy_acl.patch new file mode 100644 index 0000000..0de535e --- /dev/null +++ b/images/maas-region-controller/2.3_proxy_acl.patch @@ -0,0 +1,10 @@ +18,24c18 +< http_access allow maas_proxy_manager localhost +< http_access deny maas_proxy_manager +< http_access deny !Safe_ports +< http_access deny CONNECT !SSL_ports +< http_access allow localnet +< http_access allow localhost +< http_access deny all +--- +> http_access allow all diff --git a/images/maas-region-controller/Dockerfile b/images/maas-region-controller/Dockerfile index e008e35..2552422 100644 --- a/images/maas-region-controller/Dockerfile +++ b/images/maas-region-controller/Dockerfile @@ -69,12 +69,17 @@ COPY 2.3_bios_grub_preseed.patch /tmp/2.3_bios_grub_preseed.patch COPY 2.3_maas_enlist.patch /tmp/2.3_maas_enlist.patch # sh8121att: patch so that interfaces with MAC 00:00:00:00:00:00 omit the MAC address COPY 2.3_mac_address.patch /tmp/2.3_mac_address.patch +# sh8121att: allow all requests via the proxy to allow it to work +# behind ingress +COPY 2.3_proxy_acl.patch /tmp/2.3_proxy_acl.patch RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/2.3_route.patch RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/2.3_kernel_package.patch RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch partition.py < /tmp/2.3_bios_grub_partition.patch RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_storage.py < /tmp/2.3_bios_grub_preseed.patch RUN cd /usr/lib/python3/dist-packages/metadataserver/user_data/templates/snippets && patch maas_enlist.sh < /tmp/2.3_maas_enlist.patch RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch ipaddr.py < /tmp/2.3_mac_address.patch +RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch ipaddr.py < /tmp/2.3_mac_address.patch +RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/proxy && patch maas-proxy.conf.template < /tmp/2.3_proxy_acl.patch COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service RUN mkdir -p /etc/systemd/system/basic.target.wants ;\