* Allow any recursion and cache queries for named svc
* Bump maas v3 to the actual version
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I16a4ec843dc73a2349e8603d4200920599eab918
The named and nginx processes both try to use all available CPUs. In
addition, there is a bug in named that sometimes causes it to spin on a
FUTEX, pegging the CPU.
This change constrains those processes to a single CPU (overridable in
values.yaml), and includes /etc/bind/bind.keys in named.conf to avoid
the CPU spike.
Change-Id: I4a278023f5c0dd5e7bdee46891591b278f2ddcad
This patchset adds ca-certificates to the maas-rack-controller and
maas-region-controller docker images, so the new ISRG Root X1
certificate will be included.
Change-Id: Ia721b14ddc7d9e12d422f482a2e2d7f6f2c09b37
This change renames the various patch files to reflect that they are
based on diffs against MAAS 2.8. Files that were previously listed as
2.3_*.patch originally were created against MAAS 2.3, but this is not
particularly relevant anymore.
Change-Id: I93ca4fc414f0983be62f0a8bae8ec699f3d4e7a0
When using 'make USE_PROXY=true', the 'docker build' is executed with
the correct proxy-related build-args, but the Dockerfile does not
actually consume them.
This change updates the Dockerfiles to accept the following ARGs:
HTTP_PROXY, HTTPS_PROXY, NO_PROXY (upper or lowercase)
Change-Id: I6888d1f15f430e73338c269784ded9a0dea6c9ce
MAAS rack and region controllers poll the status of services every
minute, cluttering the logs with messages like the ones below. This
change turns disables sudo logging for the maas user.
sudo[10061]: maas : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl status ntp
sudo[10061]: pam_unix(sudo:session): session opened for user root by (uid=0)
sudo[10061]: pam_unix(sudo:session): session closed for user root
Change-Id: I18547c5248cf73743cd8c0f26c471854540936eb
An API request for the list of partitions associated with a block device
should simply return an empty list if there are no partitions. Instead,
we get an maasserver.models.partitiontable.DoesNotExist exception. This
patch allows the API server to respond correctly.
Before:
maas admin partitions read x76dma 9
PartitionTable matching query does not exist.
After:
maas admin partitions read x76dma 9
Success.
Machine-readable output follows:
[]
Reference:
https://old-docs.maas.io/2.3/en/api#get-api20nodessystem_idblockdevicesdevice_idpartitions
Change-Id: I427a17686e257bbcc89843dead60f297b4903489
- The 'Server' header on a HTTP response can be considered
an information disclosure vulnerability.
Change-Id: I3b3f00005a61aa19199955d0d4549d81bc30c4d6
When using tags with kernel_opts that contain standalone flags (e.g.
debug, rcu_nocb_poll, etc.), or anything not of the form param=value,
deployments fail with the following error:
Failed to render preseed: dictionary update sequence element #x has
length 1; 2 is required
This patchset accommodates these kernel flags, and also params with
multiple '=' signs (root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
Change-Id: I14cf1ca1e6a23e5fedf61e4a6b57bbc57cafc971
Avoid patching ipaddr.py twice. The currently duplicated section in
get_ip_addr() does not cause any problems, but it's a good idea to
clean it up:
# Exclude interfaces that have duplicate MACs
# such as OVS gretap and erspan interfaces
ifaces = { k: v
for k, v in ifaces.items()
if v.get('mac', '') != '00:00:00:00:00:00'}
# Exclude interfaces that have duplicate MACs
# such as OVS gretap and erspan interfaces
ifaces = { k: v
for k, v in ifaces.items()
if v.get('mac', '') != '00:00:00:00:00:00'}
Change-Id: Ia2be1e204246a320a45a00ec66f7e65c2880ba5c
It has been observed that MaaS will fail to enlist/commission/deploy
nodes if it fails to set up its own user in the BMC during cloud
init. This patch set adds a git patch file to update the MaaS source
code in order to retry setting up the MaaS BMC user if it fails.
This patch set also adds to the exception message sent when MaaS
fails to set up a BMC user.
Change-Id: I475988875acffac620302fae3eed8d236a5a46f7
- Allow requests from any source through the MAAS proxy
so that traffic routed through maas-ingress will work
Change-Id: I91e40789ad45c0ea75c54eccbf37931156b224e3
- maas-enlist does not work with hyphenated domains. Backport from
upstream fix.
- Ignore MAC addresses of '00:00:00:00:00:00' to fix issue of OVS
break MAAS controller registration
Change-Id: I26b09bb35ef3bfc9424188dbf9fccf0ca3199441
A previous patchset introduced a new kernel
param option 'kernel_package.' This patch corrects
the logic in that so that the parameter is not a
required parameter - and if absent falls back to
the traditional MaaS behavior which will select the
latest kernel from the appropriate line.
Change-Id: Icc62b27e0f39914fb73fb9f655d9b7b0b6c6f489
Looks like new version of MAAS has fixed long standing bug
https://bugs.launchpad.net/maas/+bug/1779712
This will match internal MAAS ports to NodePort.
Change-Id: I639a4c492eb80545c69fd132d3b2dc4cca524933
MaaS 2.3.5 added bios grub partition changes that no
longer cared for the size of the storage device nor
whether it was a boot device. This patch effectively
restores the original behavior which was also
reintroduced in MaaS 2.4.0.
Change-Id: I8b7b38fe42b005a656e6c5cab615c144b6a90b22
1) Use OCI Image Specs for labels instead of custom 'commit-id=xxxxx'
or legacy "Label Schema"
2) Fix missing git commit id labels on images (.revision)
3) Add human-readable title (.title) of the image, URL (.url), and
a few other properties (annotations) according to the latest Specs
Change-Id: I8ee3aef8d64efe6237f630caab3683f7137d4e68
by tagging a node with a tag of 'kernel_package' with
a value of the explicit package name which will drive
the curtin installer.
Change-Id: I67c8395c30bcb538859947f7406a433fb18a981b
1) UCP -> Airship
2) readthedocs.org -> readthedocs.io (there is redirect)
3) http -> https
4) attcomdev -> airshipit (repo on quay.io)
5) att-comdev -> openstack/airship-* (repo on github/openstack git)
6) many URLs have been verified and adjusted to be current
7) no need for 'en/latest/' path in URL of the RTD
8) added more info to some setup.cfg and setup.py files
9) ucp-integration docs are now in airship-in-a-bottle
10) various other minor fixes
Change-Id: I8fe2ac12a3e104309e818d956313693c3ba6f7cc
l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.
Change-Id: I9a9d63329bea2b562f297705dc51661896a592f2
This PS updates the charts and images for running systemd in a more
kubernetes friendly way:
- The hosts cgroupfs is mounted in read only
- Required mounts are created (tmp tmp/lock)
- A tty is created for the container
- A unit is added to each image that streams journald to stdout
Follow up patches will improve the image builds, create cgroups in an
init container, and also drop unrequired privileges from the containers
in addition to compatibility with recent helm-toolkits.
Change-Id: If3b0df28fea967c5ff67df51e1e95bc74f906222
Signed-off-by: Pete Birley <pete@port.direct>
- Add a selection to explicitly choose the Ubuntu release
- Add a gate for rack controller image sync before attempting to
configure ephemeral image selection
Change-Id: Id8397d79fa5d136d78923f838c624283fad3d769
- Bug 1729715 causes a regiond exception due to infinite
recursion. Apply a proposed patch to attempt a fix.
Change-Id: I025cdddfa7f6786e327987e2a245980a54d5ffd3
- Hot-patch MaaS code so that the cloud-init
network configuration YAML places static routes
within the interface configuration that is the
source network for the route. this should fix route
volatility on deployment caused by the default behavior
of all static routes going to the bottom of the network
configuration and thus being attached to the last interface
defined
Change-Id: Ibe04000dafc21b37386777968c43e1b34e1a9838
MAAS hard codes the proxy URL passed to
bootstrapping nodes w/ port 8000. The proxy
URL needs to support the nodeport standard
currently used.
- Patch MAAS to render the apt proxy url using
maas_url from regiond.conf
- Use hardcoded port 31800 instead of 8000
Change-Id: I9d2ed35fb3947be51bc9c9e2b5f13f1144b4e927
This is a temporary workaround patch
to resolve https://bugs.launchpad.net/maas/+bug/1743005
- Update chart to point at patched image sthussey/maas-region:2.3_patch
Change-Id: I8c631da1b4b555523485d666cea22cb2dbaeff26
- Move Dockerfile for MaaS region controller to this repo
- Move Dockerfile for MaaS rack controller to this repo
- Create Makefile with standard UCP entrypoints for image building
- Clean up chart to pass 'make lint'
- Update Dockerfiles to pin apt packages to explicit maas version
Change-Id: I4a540b16a4f75f4a1aae1eb9cfb1bb7a16de18d6