This PS updates MAAS (focal) to 3.0.2.
Version 3.0.2 includes the fix for ipv6 address issue in dhcpd.conf
https://bugs.launchpad.net/maas/+bug/2027621
Change-Id: Ifbbd546d7f2ba548c231180851c90594d971b7c1
Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
* Allow any recursion and cache queries for named svc
* Bump maas v3 to the actual version
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I16a4ec843dc73a2349e8603d4200920599eab918
The named and nginx processes both try to use all available CPUs. In
addition, there is a bug in named that sometimes causes it to spin on a
FUTEX, pegging the CPU.
This change constrains those processes to a single CPU (overridable in
values.yaml), and includes /etc/bind/bind.keys in named.conf to avoid
the CPU spike.
Change-Id: I4a278023f5c0dd5e7bdee46891591b278f2ddcad
This patchset adds ca-certificates to the maas-rack-controller and
maas-region-controller docker images, so the new ISRG Root X1
certificate will be included.
Change-Id: Ia721b14ddc7d9e12d422f482a2e2d7f6f2c09b37
This change renames the various patch files to reflect that they are
based on diffs against MAAS 2.8. Files that were previously listed as
2.3_*.patch originally were created against MAAS 2.3, but this is not
particularly relevant anymore.
Change-Id: I93ca4fc414f0983be62f0a8bae8ec699f3d4e7a0
When using 'make USE_PROXY=true', the 'docker build' is executed with
the correct proxy-related build-args, but the Dockerfile does not
actually consume them.
This change updates the Dockerfiles to accept the following ARGs:
HTTP_PROXY, HTTPS_PROXY, NO_PROXY (upper or lowercase)
Change-Id: I6888d1f15f430e73338c269784ded9a0dea6c9ce
MAAS rack and region controllers poll the status of services every
minute, cluttering the logs with messages like the ones below. This
change turns disables sudo logging for the maas user.
sudo[10061]: maas : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl status ntp
sudo[10061]: pam_unix(sudo:session): session opened for user root by (uid=0)
sudo[10061]: pam_unix(sudo:session): session closed for user root
Change-Id: I18547c5248cf73743cd8c0f26c471854540936eb
An API request for the list of partitions associated with a block device
should simply return an empty list if there are no partitions. Instead,
we get an maasserver.models.partitiontable.DoesNotExist exception. This
patch allows the API server to respond correctly.
Before:
maas admin partitions read x76dma 9
PartitionTable matching query does not exist.
After:
maas admin partitions read x76dma 9
Success.
Machine-readable output follows:
[]
Reference:
https://old-docs.maas.io/2.3/en/api#get-api20nodessystem_idblockdevicesdevice_idpartitions
Change-Id: I427a17686e257bbcc89843dead60f297b4903489
- The 'Server' header on a HTTP response can be considered
an information disclosure vulnerability.
Change-Id: I3b3f00005a61aa19199955d0d4549d81bc30c4d6
When using tags with kernel_opts that contain standalone flags (e.g.
debug, rcu_nocb_poll, etc.), or anything not of the form param=value,
deployments fail with the following error:
Failed to render preseed: dictionary update sequence element #x has
length 1; 2 is required
This patchset accommodates these kernel flags, and also params with
multiple '=' signs (root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
Change-Id: I14cf1ca1e6a23e5fedf61e4a6b57bbc57cafc971
Avoid patching ipaddr.py twice. The currently duplicated section in
get_ip_addr() does not cause any problems, but it's a good idea to
clean it up:
# Exclude interfaces that have duplicate MACs
# such as OVS gretap and erspan interfaces
ifaces = { k: v
for k, v in ifaces.items()
if v.get('mac', '') != '00:00:00:00:00:00'}
# Exclude interfaces that have duplicate MACs
# such as OVS gretap and erspan interfaces
ifaces = { k: v
for k, v in ifaces.items()
if v.get('mac', '') != '00:00:00:00:00:00'}
Change-Id: Ia2be1e204246a320a45a00ec66f7e65c2880ba5c
- Allow the image build to support any Ubuntu release, default
to Xenial to maintain default behavior
Change-Id: Iabb54f7bdc2f6436cc8964ae9a9e971e2ce20501
It has been observed that MaaS will fail to enlist/commission/deploy
nodes if it fails to set up its own user in the BMC during cloud
init. This patch set adds a git patch file to update the MaaS source
code in order to retry setting up the MaaS BMC user if it fails.
This patch set also adds to the exception message sent when MaaS
fails to set up a BMC user.
Change-Id: I475988875acffac620302fae3eed8d236a5a46f7
- The service to register the rack controller pod does not
have access to the MAAS_API_KEY env var so it fails to deregister
when needed.
Change-Id: I16bc63ef14a2dab463dfdca11b7e3ca13d508a9e
- Allow requests from any source through the MAAS proxy
so that traffic routed through maas-ingress will work
Change-Id: I91e40789ad45c0ea75c54eccbf37931156b224e3
- Some residual static configuration was left in the MAAS ingress
deployment template. Update it to render the ingress ports from
endpoints and also to remove the TCP forwarder for the MAAS
region API and instead use a standard Ingress resource.
Change-Id: I7764d48ea919147503e9bf2521c52cb6f0028538
- If the import job triggers before the rack controller pod(s)
have registered w/ the region controller, then it must fully timeout
and then reschedule to pass. Update it so that each time it checks for
rack controller image sync, it updates the list of all registered
rack controllers.
- Update register service to be part of Dockerfile so it can be
enabled.
Change-Id: I72e190d472ad259da65b2e583b2a16d8adf660f5
- maas-enlist does not work with hyphenated domains. Backport from
upstream fix.
- Ignore MAC addresses of '00:00:00:00:00:00' to fix issue of OVS
break MAAS controller registration
Change-Id: I26b09bb35ef3bfc9424188dbf9fccf0ca3199441
- Create two replicas of rack and region pods
- Use required anti-affinity between rack pods
- Remove the MAAS ingress controller from the rack pod
and into dedicated deployment
- Update rack registration script to harvest the systemid
from the underlying host when available
Change-Id: I41e21b7bb5256d04b37a70fbd2088c617b5d239a
A previous patchset introduced a new kernel
param option 'kernel_package.' This patch corrects
the logic in that so that the parameter is not a
required parameter - and if absent falls back to
the traditional MaaS behavior which will select the
latest kernel from the appropriate line.
Change-Id: Icc62b27e0f39914fb73fb9f655d9b7b0b6c6f489
Looks like new version of MAAS has fixed long standing bug
https://bugs.launchpad.net/maas/+bug/1779712
This will match internal MAAS ports to NodePort.
Change-Id: I639a4c492eb80545c69fd132d3b2dc4cca524933
MaaS 2.3.5 added bios grub partition changes that no
longer cared for the size of the storage device nor
whether it was a boot device. This patch effectively
restores the original behavior which was also
reintroduced in MaaS 2.4.0.
Change-Id: I8b7b38fe42b005a656e6c5cab615c144b6a90b22
1) Use OCI Image Specs for labels instead of custom 'commit-id=xxxxx'
or legacy "Label Schema"
2) Fix missing git commit id labels on images (.revision)
3) Add human-readable title (.title) of the image, URL (.url), and
a few other properties (annotations) according to the latest Specs
Change-Id: I8ee3aef8d64efe6237f630caab3683f7137d4e68
by tagging a node with a tag of 'kernel_package' with
a value of the explicit package name which will drive
the curtin installer.
Change-Id: I67c8395c30bcb538859947f7406a433fb18a981b
1) UCP -> Airship
2) readthedocs.org -> readthedocs.io (there is redirect)
3) http -> https
4) attcomdev -> airshipit (repo on quay.io)
5) att-comdev -> openstack/airship-* (repo on github/openstack git)
6) many URLs have been verified and adjusted to be current
7) no need for 'en/latest/' path in URL of the RTD
8) added more info to some setup.cfg and setup.py files
9) ucp-integration docs are now in airship-in-a-bottle
10) various other minor fixes
Change-Id: I8fe2ac12a3e104309e818d956313693c3ba6f7cc
Deploying Genesis kernel with a matching kernel to what MaaS provisions
to other nodes requires starting the container on Genesis and running
the `file` command on the boot-kernel in order to determine the kernel
version. This PS adds the `file` binary to the image.
Change-Id: Idddcc25916ba5b8b015cdde9bfe773443f158273
l is to let user customize the base image of the component
by passing FROM=myimage during the build process. This would let any
project leveraging Airship ensure that the base image is matching the
security requirements for that project and still use the same Dockerfile.
This will also ease the control of the /etc/apt/source.list
and thereby the result of apt-get update/upgrade procedure.
2. The above goal is achievable by using docker-ce feature such as:
ARG FROM="defaultbaseimage:xx"
FROM ${FROM}
For this reason, the installation of docker.io in the Zuul gating is beeing
replaced by docker-ce.
3. Third Goal is to bring consistency with the other compoenents leveraging
Helm such as the openstack-helm and potentially use bindep the same way
the LOCI images are to ensure
4. The new syntax in the Dockerfile is still commented out until the associated
image builder have been updated to use docker-ce as they have been for the LOCI
images.
Change-Id: I9a9d63329bea2b562f297705dc51661896a592f2
- Use a statefulset and PVC to make rackd systemid assignment
stateful between pod restarts. This is to alleviate instability
in MAAS upgrades.
Change-Id: Iea5c3d3897b561d4ba479203ee6aec5885282e1a
- Rearrange Dockerfile layers to run the systemd link
deletion statement to after the install of the libvirtd
package
Change-Id: I49b0cb4ef4ebf6e92d2f99a7137387a5018ed3b5
This PS updates the charts and images for running systemd in a more
kubernetes friendly way:
- The hosts cgroupfs is mounted in read only
- Required mounts are created (tmp tmp/lock)
- A tty is created for the container
- A unit is added to each image that streams journald to stdout
Follow up patches will improve the image builds, create cgroups in an
init container, and also drop unrequired privileges from the containers
in addition to compatibility with recent helm-toolkits.
Change-Id: If3b0df28fea967c5ff67df51e1e95bc74f906222
Signed-off-by: Pete Birley <pete@port.direct>
- Add support for optionally mounting a
private key for the maas user to access
remote hosts via ssh (e.g. virsh)
- Add libvirt-bin to the rack controller
Change-Id: I18efb6a6947a5a5f91800bf6494b7d9d15d8aaf2