* Allow any recursion and cache queries for named svc
* Bump maas v3 to the actual version
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I16a4ec843dc73a2349e8603d4200920599eab918
The named and nginx processes both try to use all available CPUs. In
addition, there is a bug in named that sometimes causes it to spin on a
FUTEX, pegging the CPU.
This change constrains those processes to a single CPU (overridable in
values.yaml), and includes /etc/bind/bind.keys in named.conf to avoid
the CPU spike.
Change-Id: I4a278023f5c0dd5e7bdee46891591b278f2ddcad
This patchset adds ca-certificates to the maas-rack-controller and
maas-region-controller docker images, so the new ISRG Root X1
certificate will be included.
Change-Id: Ia721b14ddc7d9e12d422f482a2e2d7f6f2c09b37
This change renames the various patch files to reflect that they are
based on diffs against MAAS 2.8. Files that were previously listed as
2.3_*.patch originally were created against MAAS 2.3, but this is not
particularly relevant anymore.
Change-Id: I93ca4fc414f0983be62f0a8bae8ec699f3d4e7a0
When using 'make USE_PROXY=true', the 'docker build' is executed with
the correct proxy-related build-args, but the Dockerfile does not
actually consume them.
This change updates the Dockerfiles to accept the following ARGs:
HTTP_PROXY, HTTPS_PROXY, NO_PROXY (upper or lowercase)
Change-Id: I6888d1f15f430e73338c269784ded9a0dea6c9ce
MAAS rack and region controllers poll the status of services every
minute, cluttering the logs with messages like the ones below. This
change turns disables sudo logging for the maas user.
sudo[10061]: maas : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl status ntp
sudo[10061]: pam_unix(sudo:session): session opened for user root by (uid=0)
sudo[10061]: pam_unix(sudo:session): session closed for user root
Change-Id: I18547c5248cf73743cd8c0f26c471854540936eb
- The 'Server' header on a HTTP response can be considered
an information disclosure vulnerability.
Change-Id: I3b3f00005a61aa19199955d0d4549d81bc30c4d6
- The service to register the rack controller pod does not
have access to the MAAS_API_KEY env var so it fails to deregister
when needed.
Change-Id: I16bc63ef14a2dab463dfdca11b7e3ca13d508a9e
- Some residual static configuration was left in the MAAS ingress
deployment template. Update it to render the ingress ports from
endpoints and also to remove the TCP forwarder for the MAAS
region API and instead use a standard Ingress resource.
Change-Id: I7764d48ea919147503e9bf2521c52cb6f0028538
- If the import job triggers before the rack controller pod(s)
have registered w/ the region controller, then it must fully timeout
and then reschedule to pass. Update it so that each time it checks for
rack controller image sync, it updates the list of all registered
rack controllers.
- Update register service to be part of Dockerfile so it can be
enabled.
Change-Id: I72e190d472ad259da65b2e583b2a16d8adf660f5
- maas-enlist does not work with hyphenated domains. Backport from
upstream fix.
- Ignore MAC addresses of '00:00:00:00:00:00' to fix issue of OVS
break MAAS controller registration
Change-Id: I26b09bb35ef3bfc9424188dbf9fccf0ca3199441
- Create two replicas of rack and region pods
- Use required anti-affinity between rack pods
- Remove the MAAS ingress controller from the rack pod
and into dedicated deployment
- Update rack registration script to harvest the systemid
from the underlying host when available
Change-Id: I41e21b7bb5256d04b37a70fbd2088c617b5d239a
1) Use OCI Image Specs for labels instead of custom 'commit-id=xxxxx'
or legacy "Label Schema"
2) Fix missing git commit id labels on images (.revision)
3) Add human-readable title (.title) of the image, URL (.url), and
a few other properties (annotations) according to the latest Specs
Change-Id: I8ee3aef8d64efe6237f630caab3683f7137d4e68
1) UCP -> Airship
2) readthedocs.org -> readthedocs.io (there is redirect)
3) http -> https
4) attcomdev -> airshipit (repo on quay.io)
5) att-comdev -> openstack/airship-* (repo on github/openstack git)
6) many URLs have been verified and adjusted to be current
7) no need for 'en/latest/' path in URL of the RTD
8) added more info to some setup.cfg and setup.py files
9) ucp-integration docs are now in airship-in-a-bottle
10) various other minor fixes
Change-Id: I8fe2ac12a3e104309e818d956313693c3ba6f7cc
l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.
Change-Id: I9a9d63329bea2b562f297705dc51661896a592f2
- Use a statefulset and PVC to make rackd systemid assignment
stateful between pod restarts. This is to alleviate instability
in MAAS upgrades.
Change-Id: Iea5c3d3897b561d4ba479203ee6aec5885282e1a
- Rearrange Dockerfile layers to run the systemd link
deletion statement to after the install of the libvirtd
package
Change-Id: I49b0cb4ef4ebf6e92d2f99a7137387a5018ed3b5
This PS updates the charts and images for running systemd in a more
kubernetes friendly way:
- The hosts cgroupfs is mounted in read only
- Required mounts are created (tmp tmp/lock)
- A tty is created for the container
- A unit is added to each image that streams journald to stdout
Follow up patches will improve the image builds, create cgroups in an
init container, and also drop unrequired privileges from the containers
in addition to compatibility with recent helm-toolkits.
Change-Id: If3b0df28fea967c5ff67df51e1e95bc74f906222
Signed-off-by: Pete Birley <pete@port.direct>
- Add support for optionally mounting a
private key for the maas user to access
remote hosts via ssh (e.g. virsh)
- Add libvirt-bin to the rack controller
Change-Id: I18efb6a6947a5a5f91800bf6494b7d9d15d8aaf2
- Move Dockerfile for MaaS region controller to this repo
- Move Dockerfile for MaaS rack controller to this repo
- Create Makefile with standard UCP entrypoints for image building
- Clean up chart to pass 'make lint'
- Update Dockerfiles to pin apt packages to explicit maas version
Change-Id: I4a540b16a4f75f4a1aae1eb9cfb1bb7a16de18d6