This PS updates MAAS (focal) to 3.0.2.
Version 3.0.2 includes the fix for ipv6 address issue in dhcpd.conf
https://bugs.launchpad.net/maas/+bug/2027621
Change-Id: Ifbbd546d7f2ba548c231180851c90594d971b7c1
Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
Due to cve-2022-4886 the default pathType for an ingress should be
either "Exact" or "Prefix". This allows for more strict path validation by
the admission controller.
Change-Id: I1089bd5c893685fe3b2bcd6868da2f2b761e144f
Update helm toolkit reference
Update helm toolkit ref so that ingress will be created with a pathType
of Prefix.
https: //review.opendev.org/c/openstack/openstack-helm-infra/+/905757
Change-Id: Iccedcd7b15b2da9ed35748af9809def69b7ae6da
* Allow any recursion and cache queries for named svc
* Bump maas v3 to the actual version
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Change-Id: I16a4ec843dc73a2349e8603d4200920599eab918
The named and nginx processes both try to use all available CPUs. In
addition, there is a bug in named that sometimes causes it to spin on a
FUTEX, pegging the CPU.
This change constrains those processes to a single CPU (overridable in
values.yaml), and includes /etc/bind/bind.keys in named.conf to avoid
the CPU spike.
Change-Id: I4a278023f5c0dd5e7bdee46891591b278f2ddcad
This patchset adds ca-certificates to the maas-rack-controller and
maas-region-controller docker images, so the new ISRG Root X1
certificate will be included.
Change-Id: Ia721b14ddc7d9e12d422f482a2e2d7f6f2c09b37
Updates the helm installation script to download and install v2.17.0
from get.helm.sh (instead of v2.14 from storage.googleapis.com).
Change-Id: I5e0ccfc60ff976f7a8d89a9a66ad6da0785a9f2b
This change renames the various patch files to reflect that they are
based on diffs against MAAS 2.8. Files that were previously listed as
2.3_*.patch originally were created against MAAS 2.3, but this is not
particularly relevant anymore.
Change-Id: I93ca4fc414f0983be62f0a8bae8ec699f3d4e7a0
Adding said label, that's already defined, to the deployments themselves.
This will enable Armada to properly wait for certain percentages of the
deployment replicas to be ready prior to proceeding. Prior to this change,
there wasn't a way to select these deployments via labels.
Change-Id: I4d8e479eb40e4395a4e3b79bbc9df651aa4e12e7
Sometimes the ephemeral environment needs additional cloud-init data.
This change allows user-data sections to be added to the default files
in /etc/maas/preseeds: enlist, commissioning, and curtin.
For example, to resolve issues with 'apt-get update' failures during
enlistment, something like this may be necessary:
conf:
cloudconfig:
override: true
sections:
bootcmd:
- "rm -fr /var/lib/apt/lists"
Change-Id: I817006a799003ace3f35d02507489720b0f9079b
For any host mounts that include /var/lib/kubelet, use HostToContainer
mountPropagation, which avoids creating extra references to mounts in
other containers.
Affects the following resources:
* maas-ingress deployment
Change-Id: I8f8239dc868e30d0203cb994b0eb6a615f40d87b
The upstream Helm chart repos have moved permanently, causing a failure
when running "make helm-serve": 'Error: error initializing: Looks like
"https://kubernetes-charts.storage.googleapis.com" is not a valid chart
repository or cannot be reached'.
This change skips the chart refresh, since the upstream charts are not
used anyway.
Change-Id: Ic146e09dca6a7d72607a794984376d0fa9bc5475
Since we introduced chart version check in gates, requirements are not
satisfied with strict check of 0.1.0
Change-Id: I74df8053fadaf5a3f07d6fd947161886f01c728b
This updates the maas chart to include the pod
security context on the pod template.
This also adds the container security context to set
readOnlyRootFilesystem flag
Change-Id: I1eba6ab3a7c27ddcb3e8ddc8e743b91dc5e521c3
This change allows extra late_commands to be added to the curtin
userdata, which are executed before the node is rebooted at the end of
the deployment. This can be useful to install packages or perform other
customization.
One sample use-case is the installation of specific kernel module
packages that match the target kernel image, in cases where the
ephemeral environment uses a different kernel version.
Change-Id: I80084c544f6a7dafd6aa84c8041cf86bdc3b9f4b
The existing drivers.yaml rendered by the MAAS chart is missing the
top-level 'drivers' key, so it doesn't actually work. This change fixes
the rendering of the file, and adds a comment in values.yaml about where
to look for additional information about where and how the file is used:
https://github.com/maas/maas/blob/2.3.5/src/maasserver/third_party_drivers.py
Change-Id: I940c8a57d3e404a101de5c1ea92f8a467319dbaa
Use apt to install python3-pip, and use pip3 in event system has
both pip2 and pip3 installed. Use apt to install setuptools for
Ansible's consumption.
Change-Id: I041d4cdfda670339cfbbc75d280c8d9071227f3b
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
When using 'make USE_PROXY=true', the 'docker build' is executed with
the correct proxy-related build-args, but the Dockerfile does not
actually consume them.
This change updates the Dockerfiles to accept the following ARGs:
HTTP_PROXY, HTTPS_PROXY, NO_PROXY (upper or lowercase)
Change-Id: I6888d1f15f430e73338c269784ded9a0dea6c9ce
MAAS uses MBR for boot disks smaller than 2 TiB. This change provides an
option to force the use of GPT, regardless of boot disk size. The chart
value is: conf.maas.force_gpt=true.
The 2 TiB "threshold" for when GPT is required is simply lowered to 0:
https://github.com/maas/maas/blob/2.3/src/maasserver/models/partitiontable.py#L51-L53
This change could be accomplished with a patch to the maas-region image
directly, but then it would not be configurable, and it may not be
useful for all users. Using sed in the startup script seems like a fair
solution.
Change-Id: I87d3f4b9c97048cdef383cbd15c5a16ac219066b
Using `exit 0` in the ntpd stub causes some unwanted log warnings:
maas.service_monitor[151]: [warn] Service 'ntp' is on but not in the
expected state of 'running', its current state is 'exited'.
This change allows the stub to respond appropriately to 'systemctl
status ntpd' and 'systemctl restart ntpd' and keeps MAAS happier.
Change-Id: I41b95051ce595fb9001f4104a1abb48b66a657c4