Commit Graph

58 Commits

Author SHA1 Message Date
Anselme, Schubert (sa246v) d00ea5f796
Update MAAS to 3.0.2
This PS updates MAAS (focal) to 3.0.2.
Version 3.0.2 includes the fix for ipv6 address issue in dhcpd.conf
https://bugs.launchpad.net/maas/+bug/2027621

Change-Id: Ifbbd546d7f2ba548c231180851c90594d971b7c1
Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
2024-03-06 11:21:58 -05:00
Ruslan Aliev eaabbb2722 Disable ipv6 for bind9 named service
* Allow any recursion and cache queries for named svc
 * Bump maas v3 to the actual version

Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I16a4ec843dc73a2349e8603d4200920599eab918
2023-07-12 21:31:53 -05:00
Ruslan Aliev 003f7bf702 MAAS region & rack controller upgrade v3.0.0
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I87a86c920e49e53447c87bcff3c0fae08ebf267f
2023-03-13 02:20:28 -05:00
Ruslan Aliev 771db2bacb Add DEBIAN_FRONTEND noninteractive env var
sstream cache image

Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I7b8e5d4ff4e0f725f56871ccde7388d35b610b3a
2023-02-21 17:01:55 -06:00
Ruslan Aliev 23a2b557f1 Revert "Upgrading MAAS to v3"
This reverts commit 129d958a51.

Reason for revert: reverting back to 2.8.7 to modify chart

Change-Id: I68d3abfb19decc5eb470fcf43694506bc5edd4b6
2023-02-16 15:32:01 -06:00
Anselme, Schubbert (sa246v) 129d958a51
Upgrading MAAS to v3
Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
Change-Id: I4b5a5f6a7e21d790cce13a5ccff9819f517cad64
2022-11-23 12:55:52 -05:00
Phil Sphicas 50b3d68905 Control bind9 and nginx resource usage
The named and nginx processes both try to use all available CPUs. In
addition, there is a bug in named that sometimes causes it to spin on a
FUTEX, pegging the CPU.

This change constrains those processes to a single CPU (overridable in
values.yaml), and includes /etc/bind/bind.keys in named.conf to avoid
the CPU spike.

Change-Id: I4a278023f5c0dd5e7bdee46891591b278f2ddcad
2021-11-10 23:35:50 -08:00
anthony.bellino 760f1c97cf Fix: Update maas controller version to 2.8.7-8611-g.f2514168f-0ubuntu1~18.04.1
Change-Id: I3b2fa9a076ed2ac18a4c10da7554fda9c5b73b00
2021-10-05 13:11:51 -07:00
Crank, Daniel (dc6350) afd76b3c89 Add ca-certificates to images
This patchset adds ca-certificates to the maas-rack-controller and
maas-region-controller docker images, so the new ISRG Root X1
certificate will be included.

Change-Id: Ia721b14ddc7d9e12d422f482a2e2d7f6f2c09b37
2021-10-01 15:48:28 -05:00
Maximilian Weiss 2bddbbfb9d Update MAAS controller version to 2.8.7-8610-g.4a04daa43-0ubuntu1~18.04.1
Change-Id: Ia2cb9bbc0cb5a9333ffa3685536060d00985aa41
2021-09-21 15:33:27 +00:00
Phil Sphicas 2e94c847ac Adjust Redfish retry interval
Patch the redfish driver to retry requests less aggressively, using
values that match the IPMI driver [0], instead of the defaults [1].

This helps prevent HTTP 409 and HTTP 500 errors.

0: https://git.launchpad.net/maas/tree/src/provisioningserver/drivers/power/ipmi.py?h=2.8.6#n234
1: https://git.launchpad.net/maas/tree/src/provisioningserver/drivers/power/__init__.py?h=2.8.6#n42

Change-Id: Ia41aafd04a6b8439e04fdd6d9f867a79f74789e1
2021-08-03 21:56:31 +00:00
Phil Sphicas d6d9b4c857 Clean up names of patch files
This change renames the various patch files to reflect that they are
based on diffs against MAAS 2.8. Files that were previously listed as
2.3_*.patch originally were created against MAAS 2.3, but this is not
particularly relevant anymore.

Change-Id: I93ca4fc414f0983be62f0a8bae8ec699f3d4e7a0
2021-08-03 21:56:27 +00:00
Phil Sphicas b648edfe40 Deploy MAAS 2.8 on Ubuntu bionic
Image changes:
* base image ubuntu:18.04
* MAAS version 2.8.6-8602-g.07cdffcaa-0ubuntu1~18.04.1 from ppa/2.8
* default contents of /var/lib/maas are archived in /opt/maas
* updated patches:
  - 2.3_bios_grub_partition.patch, changed in maas [0]
  - 2.3_partitiontable_does_not_exist.patch, changed in maas [1] [2]
  - 2.3_secure_headers.patch, updated for twisted 17.9.0 [3]
* removed patches:
  - 2.3_bios_grub_preseed.patch, changed in maas, now N/A [0]
  - 2.3_hostheader.patch, fixed in maas [4]
  - 2.3_maas_enlist.patch, fixed in maas [5]
  - 2.3_mac_address.patch, fixed in maas [6]
* new patches:
  - 2.8_maas_ipmi_autodetect_tool.patch, enlistment reliability
* reformatted patches due to blackening change [1]:
  - 2.3_configure_ipmi_user.patch
  - 2.3_ipmi_error.patch
  - 2.3_kernel_package.patch, custom req to specify kernel package
  - 2.3_nic_filter.patch, custom req to ignore cali* interfaces
  - 2.3_region_secret_rotate.patch
  - 2.3_route.patch

Chart changes:
* maas-region podport is 5240
* maas config option http_boot is no longer configurable [7]
* start script restores some default files into /var/lib/maas
* register-rack-controller script removes old files in /etc/maas
* enlist userdata now matches commissioning/curtin userdata [8]
* force_gpt option is removed [9], as GPT is now the default
* update to configure remote_syslog in import resources job [10]
* enlist_commissioning is disabled for backwards compatibility [11]

0: d8e234eb09
1: db30bb39fa
2: 665feb7575
3: https://github.com/twisted/twisted/blob/twisted-17.9.0/src/twisted/web/server.py
4: 573da69729
5: d390a1da6a
6: 34631c2fe5
7: 0e94c26a53
8: 22641cffcc
9: 97c25a0486
10: d67c359c7b
11: 51b9712c20

Change-Id: I0685d76cf083ff5aa33c8db552059721289d5c53
2021-08-03 21:56:23 +00:00
Phil Sphicas 88353232aa Respect USE_PROXY=true for image builds
When using 'make USE_PROXY=true', the 'docker build' is executed with
the correct proxy-related build-args, but the Dockerfile does not
actually consume them.

This change updates the Dockerfiles to accept the following ARGs:
HTTP_PROXY, HTTPS_PROXY, NO_PROXY (upper or lowercase)

Change-Id: I6888d1f15f430e73338c269784ded9a0dea6c9ce
2020-06-11 15:22:09 +00:00
Phil Sphicas 25a71bc565 Eliminate sudo and pam_unix(sudo:session) log spam
MAAS rack and region controllers poll the status of services every
minute, cluttering the logs with messages like the ones below. This
change turns disables sudo logging for the maas user.

sudo[10061]:     maas : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl status ntp
sudo[10061]: pam_unix(sudo:session): session opened for user root by (uid=0)
sudo[10061]: pam_unix(sudo:session): session closed for user root

Change-Id: I18547c5248cf73743cd8c0f26c471854540936eb
2020-06-01 05:19:15 +00:00
Phil Sphicas a351d51b84 maas-region patch: PartitionTable does not exist
An API request for the list of partitions associated with a block device
should simply return an empty list if there are no partitions. Instead,
we get an maasserver.models.partitiontable.DoesNotExist exception. This
patch allows the API server to respond correctly.

Before:
maas admin partitions read x76dma 9
PartitionTable matching query does not exist.

After:
maas admin partitions read x76dma 9
Success.
Machine-readable output follows:
[]

Reference:
https://old-docs.maas.io/2.3/en/api#get-api20nodessystem_idblockdevicesdevice_idpartitions

Change-Id: I427a17686e257bbcc89843dead60f297b4903489
2020-05-03 02:04:18 +00:00
Chris Wedgwood 230c7e888a Disable avahi-daemon
avahi-daemon isn't useful or needed.  Disable.

Change-Id: Ic82c93e29e333477b06e0fc77edecdfdcb673531
2020-02-20 12:31:23 -06:00
Phil Sphicas 03ebbaaca3 maas-rack image: improve IPMI error handling
MAAS uses ipmipower to power nodes on and off. The ipmipower command
sometimes fails with the message:
    x.x.x.x: BMC error
but exits with return code of 0.

Because MAAS is not aware of this specific error, and is also not able
to detect the power state from the output, the built in retry logic is
not used, resulting in failed deployments or nodes in Power Error.

This patch adds "BMC error" to the list of known retriable errors, and
also adds additional retries.

Error strings from ipmipower 1.4:
http://git.savannah.gnu.org/cgit/freeipmi.git/tree/ipmipower/ipmipower_output.c?h=Release-1_4_0_branch#n52

IPMI_ERRORS known to MAAS 2.3:
https://git.launchpad.net/maas/tree/src/provisioningserver/drivers/power/ipmi.py?h=2.3#n50

Change-Id: Ia4b10e47855d67ba81e9ab800be3d780f8b38cac
2019-11-29 09:42:45 -08:00
Nishant Kumar d86e3fa479 Support rotation for maas region secret
More details on this bug - https://bugs.launchpad.net/maas/+bug/1850180

Change-Id: I52312ccec74a1973fdb7aebe3bfc6c0088004ad5
2019-10-30 20:26:20 +00:00
Scott Hussey a14389d411 Patch Twisted to secure response headers
- The 'Server' header on a HTTP response can be considered
  an information disclosure vulnerability.

Change-Id: I3b3f00005a61aa19199955d0d4549d81bc30c4d6
2019-10-10 17:32:32 -05:00
Zuul 418d66da10 Merge "fix: failed to render preseed with kernel flags (not k=v)" 2019-10-06 15:44:56 +00:00
Zuul 097af3779a Merge "Add retries to MaaS BMC user configuration" 2019-10-06 15:40:38 +00:00
Sphicas, Phil (ps3910) 06f63cc415 fix: failed to render preseed with kernel flags (not k=v)
When using tags with kernel_opts that contain standalone flags (e.g.
debug, rcu_nocb_poll, etc.), or anything not of the form param=value,
deployments fail with the following error:

Failed to render preseed: dictionary update sequence element #x has
length 1; 2 is required

This patchset accommodates these kernel flags, and also params with
multiple '=' signs (root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

Change-Id: I14cf1ca1e6a23e5fedf61e4a6b57bbc57cafc971
2019-10-05 20:02:09 -07:00
Sphicas, Phil (ps3910) 205c9e64ab trivial: maas-region container patches file twice
Avoid patching ipaddr.py twice. The currently duplicated section in
get_ip_addr() does not cause any problems, but it's a good idea to
clean it up:

    # Exclude interfaces that have duplicate MACs
    # such as OVS gretap and erspan interfaces
    ifaces = { k: v
               for k, v in ifaces.items()
               if v.get('mac', '') != '00:00:00:00:00:00'}
    # Exclude interfaces that have duplicate MACs
    # such as OVS gretap and erspan interfaces
    ifaces = { k: v
               for k, v in ifaces.items()
               if v.get('mac', '') != '00:00:00:00:00:00'}

Change-Id: Ia2be1e204246a320a45a00ec66f7e65c2880ba5c
2019-10-05 14:07:40 -07:00
Scott Hussey a8887a93b4 (cache) Configurable Ubuntu release
- Allow the image build to support any Ubuntu release, default
  to Xenial to maintain default behavior

Change-Id: Iabb54f7bdc2f6436cc8964ae9a9e971e2ce20501
2019-09-27 19:19:46 +00:00
Carter, Matt (mc981n) 48df9fd6f5 Add retries to MaaS BMC user configuration
It has been observed that MaaS will fail to enlist/commission/deploy
nodes if it fails to set up its own user in the BMC during cloud
init. This patch set adds a git patch file to update the MaaS source
code in order to retry setting up the MaaS BMC user if it fails.

This patch set also adds to the exception message sent when MaaS
fails to set up a BMC user.

Change-Id: I475988875acffac620302fae3eed8d236a5a46f7
2019-09-17 15:49:46 -05:00
Scott Hussey 8d56122554 (fix) Give systemd service access to env
- The service to register the rack controller pod does not
  have access to the MAAS_API_KEY env var so it fails to deregister
  when needed.

Change-Id: I16bc63ef14a2dab463dfdca11b7e3ca13d508a9e
2019-01-25 11:22:59 -06:00
Scott Hussey 7f50e96ff3 Open MAAS proxy ACL
- Allow requests from any source through the MAAS proxy
  so that traffic routed through maas-ingress will work

Change-Id: I91e40789ad45c0ea75c54eccbf37931156b224e3
2019-01-10 21:12:10 -06:00
Scott Hussey 617607e426 (fix) Fix static ports in MAAS ingress
- Some residual static configuration was left in the MAAS ingress
  deployment template. Update it to render the ingress ports from
  endpoints and also to remove the TCP forwarder for the MAAS
  region API and instead use a standard Ingress resource.

Change-Id: I7764d48ea919147503e9bf2521c52cb6f0028538
2018-12-07 22:18:45 +00:00
Scott Hussey b4d6562bba (fix) Fix import job race condition
- If the import job triggers before the rack controller pod(s)
  have registered w/ the region controller, then it must fully timeout
  and then reschedule to pass. Update it so that each time it checks for
  rack controller image sync, it updates the list of all registered
  rack controllers.
- Update register service to be part of Dockerfile so it can be
  enabled.

Change-Id: I72e190d472ad259da65b2e583b2a16d8adf660f5
2018-11-19 14:50:19 -06:00
Scott Hussey 2d71c24e0f [WIP] [fix] Patch issues in upstream MAAS
- maas-enlist does not work with hyphenated domains. Backport from
  upstream fix.
- Ignore MAC addresses of '00:00:00:00:00:00' to fix issue of OVS
  break MAAS controller registration

Change-Id: I26b09bb35ef3bfc9424188dbf9fccf0ca3199441
2018-11-15 16:42:47 -06:00
Scott Hussey 1c0485e3e6 Support MAAS HA
- Create two replicas of rack and region pods
- Use required anti-affinity between rack pods
- Remove the MAAS ingress controller from the rack pod
  and into dedicated deployment
- Update rack registration script to harvest the systemid
  from the underlying host when available

Change-Id: I41e21b7bb5256d04b37a70fbd2088c617b5d239a
2018-11-05 21:08:15 +00:00
Zuul e80d4e58eb Merge "Fix: git commit id labels on images" 2018-10-29 21:38:56 +00:00
Zuul 48c6c20a7f Merge "bugfix: Ensure kernel_package param is not required" 2018-10-19 16:06:50 +00:00
Alan Meadows 037bde9934 bugfix: Ensure kernel_package param is not required
A previous patchset introduced a new kernel
param option 'kernel_package.' This patch corrects
the logic in that so that the parameter is not a
required parameter - and if absent falls back to
the traditional MaaS behavior which will select the
latest kernel from the appropriate line.

Change-Id: Icc62b27e0f39914fb73fb9f655d9b7b0b6c6f489
2018-10-19 07:56:18 -07:00
Kaspars Skels e53cb2d237 Set MAAS internal proxy to 31800
Looks like new version of MAAS has fixed long standing bug
https://bugs.launchpad.net/maas/+bug/1779712

This will match internal MAAS ports to NodePort.

Change-Id: I639a4c492eb80545c69fd132d3b2dc4cca524933
2018-10-19 09:06:28 -05:00
Alan Meadows cdfb1737da Bugfix Bios Grub Partition Behavior
MaaS 2.3.5 added bios grub partition changes that no
longer cared for the size of the storage device nor
whether it was a boot device.  This patch effectively
restores the original behavior which was also
reintroduced in MaaS 2.4.0.

Change-Id: I8b7b38fe42b005a656e6c5cab615c144b6a90b22
2018-10-18 09:46:33 -07:00
Roman Gorshunov c3a364c153 Fix: git commit id labels on images
1) Use OCI Image Specs for labels instead of custom 'commit-id=xxxxx'
   or legacy "Label Schema"
2) Fix missing git commit id labels on images (.revision)
3) Add human-readable title (.title) of the image, URL (.url), and
   a few other properties (annotations) according to the latest Specs

Change-Id: I8ee3aef8d64efe6237f630caab3683f7137d4e68
2018-10-17 20:35:40 +02:00
Alan Meadows 52ddfdcf4d Add support for specific kernel package selection
by tagging a node with a tag of 'kernel_package' with
a value of the explicit package name which will drive
the curtin installer.

Change-Id: I67c8395c30bcb538859947f7406a433fb18a981b
2018-10-16 14:04:16 -07:00
Crank, Daniel (dc6350) 56521ab77c [470918] Update MaaS to 2.3.5
Updating MaaS to 2.3.5, as 2.3.0 appears to no longer be
available in the Ubuntu repo.

Change-Id: I5afb38d8e73485be1ab05a9ac2a18e1befe70152
2018-10-11 09:03:46 -05:00
Zuul 8cbbc1015a Merge "Add file package to sstream-cache image build" 2018-09-25 20:52:27 +00:00
Roman Gorshunov d5448b360e Fix: various documentation and URL fixes
1) UCP -> Airship
2) readthedocs.org -> readthedocs.io (there is redirect)
3) http -> https
4) attcomdev -> airshipit (repo on quay.io)
5) att-comdev -> openstack/airship-* (repo on github/openstack git)
6) many URLs have been verified and adjusted to be current
7) no need for 'en/latest/' path in URL of the RTD
8) added more info to some setup.cfg and setup.py files
9) ucp-integration docs are now in airship-in-a-bottle
10) various other minor fixes

Change-Id: I8fe2ac12a3e104309e818d956313693c3ba6f7cc
2018-09-24 12:53:27 +02:00
Anderson, Craig (ca846m) 0373276351 Add file package to sstream-cache image build
Deploying Genesis kernel with a matching kernel to what MaaS provisions
to other nodes requires starting the container on Genesis and running
the `file` command on the boot-kernel in order to determine the kernel
version. This PS adds the `file` binary to the image.

Change-Id: Idddcc25916ba5b8b015cdde9bfe773443f158273
2018-09-22 18:17:04 -07:00
Jerome Brette bfa8c97d3a Update Dockerfile to allow override of FROM variable
l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.

Change-Id: I9a9d63329bea2b562f297705dc51661896a592f2
2018-07-17 16:36:20 -05:00
Scott Hussey b09fee26b8 (fix) Make rackd stateful
- Use a statefulset and PVC to make rackd systemid assignment
  stateful between pod restarts. This is to alleviate instability
  in MAAS upgrades.

Change-Id: Iea5c3d3897b561d4ba479203ee6aec5885282e1a
2018-06-29 07:37:28 -05:00
Scott Hussey 7af3ee9347 (fix) Disable libvirt service
- Rearrange Dockerfile layers to run the systemd link
  deletion statement to after the install of the libvirtd
  package

Change-Id: I49b0cb4ef4ebf6e92d2f99a7137387a5018ed3b5
2018-06-25 12:56:56 -05:00
Pete Birley 426f8dacf3 MaaS: Slightly clean systemd and enable Stdout logging for journald
This PS updates the charts and images for running systemd in a more
kubernetes friendly  way:
 - The hosts cgroupfs is mounted in read only
 - Required mounts are created (tmp tmp/lock)
 - A tty is created for the container
 - A unit is added to each image that streams journald to stdout

Follow up patches will improve the image builds, create cgroups in an
init container, and also drop unrequired privileges from the containers
in addition to compatibility with recent helm-toolkits.

Change-Id: If3b0df28fea967c5ff67df51e1e95bc74f906222
Signed-off-by: Pete Birley <pete@port.direct>
2018-06-16 15:58:11 +00:00
Stacey Fletcher 8adc845af5 Add ARG to MAAS SimpleStream Dockerfile
This allows the simplestream repo to be passed at build time.

Change-Id: I7c854bd04366ec145f0ae5b7e3b166c2201ff740
2018-06-15 17:04:58 +00:00
Scott Hussey 90a5ed3e78 (zuul) Basic zuul gates
- Charting linting

Change-Id: I7c15ba455bab3d2c9d8b458de1d7ebe15e1c97a4
2018-06-01 11:57:45 -05:00
Scott Hussey 791e49c519 [Chart] support ssh private key
- Add support for optionally mounting a
  private key for the maas user to access
  remote hosts via ssh (e.g. virsh)
- Add libvirt-bin to the rack controller

Change-Id: I18efb6a6947a5a5f91800bf6494b7d9d15d8aaf2
2018-05-02 21:58:08 -05:00