The named and nginx processes both try to use all available CPUs. In
addition, there is a bug in named that sometimes causes it to spin on a
FUTEX, pegging the CPU.
This change constrains those processes to a single CPU (overridable in
values.yaml), and includes /etc/bind/bind.keys in named.conf to avoid
the CPU spike.
Change-Id: I4a278023f5c0dd5e7bdee46891591b278f2ddcad
Sometimes the ephemeral environment needs additional cloud-init data.
This change allows user-data sections to be added to the default files
in /etc/maas/preseeds: enlist, commissioning, and curtin.
For example, to resolve issues with 'apt-get update' failures during
enlistment, something like this may be necessary:
conf:
cloudconfig:
override: true
sections:
bootcmd:
- "rm -fr /var/lib/apt/lists"
Change-Id: I817006a799003ace3f35d02507489720b0f9079b
This updates the maas chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag
Change-Id: I1eba6ab3a7c27ddcb3e8ddc8e743b91dc5e521c3
This change allows extra late_commands to be added to the curtin
userdata, which are executed before the node is rebooted at the end of
the deployment. This can be useful to install packages or perform other
customization.
One sample use-case is the installation of specific kernel module
packages that match the target kernel image, in cases where the
ephemeral environment uses a different kernel version.
Change-Id: I80084c544f6a7dafd6aa84c8041cf86bdc3b9f4b
The existing drivers.yaml rendered by the MAAS chart is missing the
top-level 'drivers' key, so it doesn't actually work. This change fixes
the rendering of the file, and adds a comment in values.yaml about where
to look for additional information about where and how the file is used:
https://github.com/maas/maas/blob/2.3.5/src/maasserver/third_party_drivers.py
Change-Id: I940c8a57d3e404a101de5c1ea92f8a467319dbaa
MAAS uses MBR for boot disks smaller than 2 TiB. This change provides an
option to force the use of GPT, regardless of boot disk size. The chart
value is: conf.maas.force_gpt=true.
The 2 TiB "threshold" for when GPT is required is simply lowered to 0:
https://github.com/maas/maas/blob/2.3/src/maasserver/models/partitiontable.py#L51-L53
This change could be accomplished with a patch to the maas-region image
directly, but then it would not be configurable, and it may not be
useful for all users. Using sed in the startup script seems like a fair
solution.
Change-Id: I87d3f4b9c97048cdef383cbd15c5a16ac219066b
Provide a knob to adjust some less-common MAAS configuration settings.
Changes the default values as follows: disables network discovery, sets
the active subnet mapping interval to 0 (from 10800 seconds), marks the
intro as completed, and disables Google analytics.
Refer to `maas $PROFILE maas set-config -h` for the list of available
configuration items.
Change-Id: I46d348ef5777e22ebeb7a062e5f6061d9ad61a1c
Provide the ability to overwrite the default logging level.
Use 'info' as the default with log_level attribute.
Change-Id: I4bfd82a568c1eaad7de891bd103b3f8ff032e589
Uplifts the ingress-nginx-controller image to 0.26.1, including the
required chart modifications for RBAC, new options for stream and
profiler ports, and a change in the default status port from 18080
to 10246.
Change-Id: Ia0b33a739ea180de45b7e3920968d12ea651a573
- Addition of a NodeSelector into the MAAS API helm test pod spec,
to assist it getting placed onto the correct set of nodes.
Change-Id: I31ca107a20f358760b77cadeef1a7f01bd8eb885
The patch introduces network policy configuration similar
to openstack-helm services. It allows users to configure
policies depending on the environment.
* Network policies are disabled by default.
* When enabled default policies allow all ingress and
egress traffic (i.e. policy set to {}), this may be
changed in future patch-sets.
Change-Id: I288ad9ad82d4820d70cccd26b73d3c1a44862f9e
Run the maas-ingress and maas-ingress-vip containers with the
'www-data' (33) user
Run the maas-ingress-errors container with the error-page image [0],
from [1] which already runs as nobody user.
[0] Dockerfile.404-server-with-metrics
[1] https://github.com/kubernetes/ingress-gce
Change-Id: Idf3791a958017d512bb3f5015b59452e2831b1b3
- Add a new pod running syslog to receive syslog
messages containing the console logs of bootstrapping
nodes. This aids in troubleshooting without requiring
accessing the OOB console.
- Add a UDP forwarder to the MAAS ingress controller
as nodes attempt to send syslogs to UDP 514 of the region
controller
Change-Id: I3f508225f4394a90c6f2534a51f262b42c1afa4e
- Create a new monitor service to detect when maas-ingress
Pods are ready
- Add maas-ingress dependency for maas-region and anything depending
on it
- Add the admin user bootstrap as a dependency on the apikey export
and MAAS configuration/import jobs
Change-Id: I4d15526b77b5dd51267bbb07e6fcc624d5eee17a
- deployment-ingress-errors.yaml
This updates the maas chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem to true
Change-Id: Id377f31aacc65e8ba31a360d9283fda225e7732a
- MAAS does not allow you to turn off the gui which
may be desired in some scenarios. Use Ingress rules
to do so optionally.
Change-Id: I22f637ebd2dbbd7c552fd4644bcf27cc9b9661d8
- If the error pages service doesn't have endpoints, ingress
will start up a default service. Allow the port for this
service to be tunable.
Change-Id: I3f60a7cb47570459da99fcd854c453e81330b052
- Some residual static configuration was left in the MAAS ingress
deployment template. Update it to render the ingress ports from
endpoints and also to remove the TCP forwarder for the MAAS
region API and instead use a standard Ingress resource.
Change-Id: I7764d48ea919147503e9bf2521c52cb6f0028538
All containers were already running in non-privileged
containers except region-controller and rack-controller.
Both of those require privileged containers but
can still function with the docker-default apparmor
profile applied.
This PS uses the new, more generic HTK snippet name
(see https://review.openstack.org/613703).
Change-Id: Icaa720f05b18f4264ae7098b427fe5f639cba2c6
- Create two replicas of rack and region pods
- Use required anti-affinity between rack pods
- Remove the MAAS ingress controller from the rack pod
and into dedicated deployment
- Update rack registration script to harvest the systemid
from the underlying host when available
Change-Id: I41e21b7bb5256d04b37a70fbd2088c617b5d239a
Upgrades to the MAAS chart to allow for the Pods
running the rack and region services to work across
all control plane hosts.
Change-Id: I84c856599a1122a2b4a64242a7cea357887b0462
- When specifying the list of upstream DNS or NTP servers
to configure MAAS with, use YAML sequences rather than
forcing a string
Change-Id: If0da29c0ad2c7299250ecba120bca54920e54052
Looks like new version of MAAS has fixed long standing bug
https://bugs.launchpad.net/maas/+bug/1779712
This will match internal MAAS ports to NodePort.
Change-Id: I639a4c492eb80545c69fd132d3b2dc4cca524933
1) UCP -> Airship
2) readthedocs.org -> readthedocs.io (there is redirect)
3) http -> https
4) attcomdev -> airshipit (repo on quay.io)
5) att-comdev -> openstack/airship-* (repo on github/openstack git)
6) many URLs have been verified and adjusted to be current
7) no need for 'en/latest/' path in URL of the RTD
8) added more info to some setup.cfg and setup.py files
9) ucp-integration docs are now in airship-in-a-bottle
10) various other minor fixes
Change-Id: I8fe2ac12a3e104309e818d956313693c3ba6f7cc
This PS updates the maas chart to support modern helm toolkits.
Change-Id: Id70343afdec622dc84b89b0d7f496e9ef498ea6b
Signed-off-by: Pete Birley <pete@port.direct>
- Use a statefulset and PVC to make rackd systemid assignment
stateful between pod restarts. This is to alleviate instability
in MAAS upgrades.
Change-Id: Iea5c3d3897b561d4ba479203ee6aec5885282e1a