(fix) Fix static ports in MAAS ingress

- Some residual static configuration was left in the MAAS ingress deployment template. Update it to render the ingress ports from endpoints and also to remove the TCP forwarder for the MAAS region API and instead use a standard Ingress resource. Change-Id: I7764d48ea919147503e9bf2521c52cb6f0028538
2018-11-21 09:47:18 -06:00 · 2018-11-21 09:47:18 -06:00 · 617607e426
commit 617607e426
parent 2aaca3f60b
9 changed files with 41 additions and 22 deletions
--- a/charts/maas/templates/bin/_maas-vip-configure.sh.tpl
+++ b/charts/maas/templates/bin/_maas-vip-configure.sh.tpl
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh

 {{/*
 Copyright 2018 The Openstack-Helm Authors.
@ -18,20 +18,20 @@ limitations under the License.*/}}

 set -ex

-COMMAND="${@:-start}"
+COMMAND="${*:-start}"

-function kernel_modules () {
+kernel_modules () {
  chroot /mnt/host-rootfs modprobe dummy
 }

-function test_vip () {
+test_vip () {
  ip addr show ${interface} | \
    awk "/inet / && /${interface}/{print \$2 }" | \
    awk -F '/' '{ print $1 }' | \
    grep -q "${addr%/*}"
 }

-function start () {
+start () {
  kernel_modules
  ip link show ${interface} > /dev/null || ip link add ${interface} type dummy
  if ! test_vip; then
@ -40,11 +40,11 @@ function start () {
  ip link set ${interface} up
 }

-function sleep () {
-  exec /usr/bin/dumb-init bash -c "while :; do sleep 2073600; done"
+sleep () {
+  exec /bin/sh -c "while :; do sleep 2073600; done"
 }

-function stop () {
+stop () {
  ip link show ${interface} > /dev/null || exit 0
  if test_vip; then
   ip addr del ${addr} dev ${interface}
--- a/charts/maas/templates/configmap-etc.yaml
+++ b/charts/maas/templates/configmap-etc.yaml
@ -44,3 +44,5 @@ data:
  drivers.yaml: |
 {{ tuple "etc/_drivers.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- end }}
+  sleep-inittab: |
+    ::sysinit:/tmp/maas-vip-configure.sh sleep
--- a/charts/maas/templates/configmap-ingress.yaml
+++ b/charts/maas/templates/configmap-ingress.yaml
@ -22,7 +22,6 @@ kind: ConfigMap
 metadata:
  name: maas-ingress-services-tcp
 data:
-  {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-api"
  {{ tuple "maas_region" "public" "region_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}: "{{- .Release.Namespace -}}/{{- tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}}:region-proxy"
 ...
 ---
--- a/charts/maas/templates/deployment-maas-ingress.yaml
+++ b/charts/maas/templates/deployment-maas-ingress.yaml
@ -168,7 +168,7 @@ spec:
      initContainers:
 {{ tuple $envAll "maas_ingress" $mounts_maas_ingress_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: maas-ingress-vip-init
-          image: {{ .Values.images.tags.ingress }}
+          image: {{ .Values.images.tags.ingress_vip }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
          securityContext:
@ -192,7 +192,7 @@ spec:
              readOnly: true
      containers:
        - name: maas-ingress-vip
-          image: {{ .Values.images.tags.ingress }}
+          image: {{ .Values.images.tags.ingress_vip }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.maas_ingress_vip | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
          securityContext:
@ -201,8 +201,7 @@ spec:
                - 'NET_ADMIN'
            runAsUser: 0
          command:
-            - /tmp/maas-vip-configure.sh
-            - sleep
+            - /bin/init
          env:
 {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.network.maas_ingress | indent 12 }}
          volumeMounts:
@ -210,6 +209,10 @@ spec:
              name: maas-bin
              subPath: maas-vip-configure
              readOnly: true
+            - mountPath: /etc/inittab
+              name: maas-etc
+              subPath: sleep-inittab
+              readOnly: true
          lifecycle:
            preStop:
              exec:
@ -240,9 +243,9 @@ spec:
            - name: RELEASE_NAME
              value: {{ .Release.Name | quote }}
            - name: HTTP_PORT
-              value: "8808"
+              value: {{ tuple "maas_ingress" "podport" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
            - name: HTTPS_PORT
-              value: "8543"
+              value: {{ tuple "maas_ingress" "podport" "https" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
            - name: HEALTHZ_PORT
              value: {{ tuple "maas_ingress" "podport" "healthz" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
            - name: STATUS_PORT
@ -260,6 +263,10 @@ spec:
          configMap:
            name: maas-bin
            defaultMode: 0555
+        - name: maas-etc
+          configMap:
+            name: maas-etc
+            defaultMode: 0444
        - name: host-rootfs
          hostPath:
            path: /
--- a/charts/maas/templates/etc/_curtin_userdata.tpl
+++ b/charts/maas/templates/etc/_curtin_userdata.tpl
@ -39,8 +39,8 @@ def find_ba_key(n):
 {{ "{{" }}py: ba_files_url = ''.join([{{ quote $drydock_url }},'/bootactions/nodes/',node.hostname,'/files']){{ "}}" }}
 {{ "{{" }}if ba_key{{ "}}" }}
  drydock_00: ["sh", "-c", "echo Installing Drydock Boot Actions."]
-  drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"]
-  drydock_02: ["curtin", "in-target", "--", "wget", "--no-proxy", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_files_url{{ "}}" }}", "-O", "/tmp/bootaction-files.tar.gz"]
+  drydock_01: ["curtin", "in-target", "--", "wget", "--no-proxy", "--no-check-certificate", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_units_url{{ "}}" }}", "-O", "/tmp/bootaction-units.tar.gz"]
+  drydock_02: ["curtin", "in-target", "--", "wget", "--no-proxy", "--no-check-certificate", "--header=X-Bootaction-Key: {{ "{{" }}ba_key{{ "}}" }}", "{{ "{{" }}ba_files_url{{ "}}" }}", "-O", "/tmp/bootaction-files.tar.gz"]
  drydock_03: ["curtin", "in-target", "--", "sh", "-c", "tar --owner=root -xPzvf /tmp/bootaction-units.tar.gz > /tmp/bootaction-unit-names.txt"]
  drydock_04: ["curtin", "in-target", "--", "sh", "-c", "tar --owner=root -xPzvf /tmp/bootaction-files.tar.gz > /tmp/bootaction-file-names.txt"]
  drydock_05: ["curtin", "in-target", "--", "sh", "-c", "xargs -a /tmp/bootaction-unit-names.txt -n 1 basename > /tmp/bootaction-unit-basenames.txt || echo 'Did not run basenames on units'"]
--- a/charts/maas/templates/statefulset-rack.yaml
+++ b/charts/maas/templates/statefulset-rack.yaml
@ -103,10 +103,6 @@ spec:
              mountPath: /usr/local/bin/register-rack-controller.sh
              subPath: register-rack-controller.sh
              readOnly: true
-            - name: maas-etc
-              mountPath: /lib/systemd/system/register-rack-controller.service
-              subPath: register-rack-controller.service
-              readOnly: true
            - name: rackd-state
              mountPath: /etc/maas
              subPath: etc
--- a/charts/maas/values.yaml
+++ b/charts/maas/values.yaml
@ -79,7 +79,8 @@ images:
    export_api_key: quay.io/airshipit/maas-region-controller:latest
    maas_cache: quay.io/airshipit/sstream-cache:latest
    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
-    ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
+    ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0
+    ingress_vip: docker.io/busybox:latest
    error_pages: gcr.io/google_containers/defaultbackend:1.0
  pull_policy: IfNotPresent
  local_registry:
--- a/images/maas-rack-controller/2.3_hostheader.patch
+++ b/images/maas-rack-controller/2.3_hostheader.patch
@ -0,0 +1,10 @@
+1047c1047
+<             if family in {AF_INET, AF_INET6}:
+---
+>             if family in {AF_INET6}:
+1051a1052,1054
+>                 info_url = info_url_base._replace(netloc=netloc)
+>             elif family in {AF_INET}:
+>                 info_url = info_url_base
+1054d1056
+<             info_url = info_url_base._replace(netloc=netloc)
--- a/images/maas-rack-controller/Dockerfile
+++ b/images/maas-rack-controller/Dockerfile
@ -52,8 +52,12 @@ RUN systemctl enable register-rack-controller.service
 COPY 2.3_nic_filter.patch /tmp/2.3_nic_filter.patch
 # sh8121att: patch so that interfaces with MAC 00:00:00:00:00:00 omit the MAC address
 COPY 2.3_mac_address.patch /tmp/2.3_mac_address.patch
+# sh8121att: patch so query for RPC info contains proper Host header
+copy 2.3_hostheader.patch /tmp/2.3_hostheader.patch
+
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/2.3_nic_filter.patch
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch ipaddr.py < /tmp/2.3_mac_address.patch
+RUN cd /usr/lib/python3/dist-packages/provisioningserver/rpc && patch clusterservice.py < /tmp/2.3_hostheader.patch

 # echo journalctl logs to the container's stdout
 COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service