airship/maas
Code Issues Proposed changes
maas/images/maas-region-controller/Dockerfile
Phil Sphicas b648edfe40 Deploy MAAS 2.8 on Ubuntu bionic 
Image changes:
* base image ubuntu:18.04
* MAAS version 2.8.6-8602-g.07cdffcaa-0ubuntu1~18.04.1 from ppa/2.8
* default contents of /var/lib/maas are archived in /opt/maas
* updated patches:
  - 2.3_bios_grub_partition.patch, changed in maas [0]
  - 2.3_partitiontable_does_not_exist.patch, changed in maas [1] [2]
  - 2.3_secure_headers.patch, updated for twisted 17.9.0 [3]
* removed patches:
  - 2.3_bios_grub_preseed.patch, changed in maas, now N/A [0]
  - 2.3_hostheader.patch, fixed in maas [4]
  - 2.3_maas_enlist.patch, fixed in maas [5]
  - 2.3_mac_address.patch, fixed in maas [6]
* new patches:
  - 2.8_maas_ipmi_autodetect_tool.patch, enlistment reliability
* reformatted patches due to blackening change [1]:
  - 2.3_configure_ipmi_user.patch
  - 2.3_ipmi_error.patch
  - 2.3_kernel_package.patch, custom req to specify kernel package
  - 2.3_nic_filter.patch, custom req to ignore cali* interfaces
  - 2.3_region_secret_rotate.patch
  - 2.3_route.patch

Chart changes:
* maas-region podport is 5240
* maas config option http_boot is no longer configurable [7]
* start script restores some default files into /var/lib/maas
* register-rack-controller script removes old files in /etc/maas
* enlist userdata now matches commissioning/curtin userdata [8]
* force_gpt option is removed [9], as GPT is now the default
* update to configure remote_syslog in import resources job [10]
* enlist_commissioning is disabled for backwards compatibility [11]

0: d8e234eb09
1: db30bb39fa
2: 665feb7575
3: https://github.com/twisted/twisted/blob/twisted-17.9.0/src/twisted/web/server.py
4: 573da69729
5: d390a1da6a
6: 34631c2fe5
7: 0e94c26a53
8: 22641cffcc
9: 97c25a0486
10: d67c359c7b
11: 51b9712c20

Change-Id: I0685d76cf083ff5aa33c8db552059721289d5c53
2021-08-03 21:56:23 +00:00

86 lines
3.9 KiB
Docker
Raw Blame History

ARG FROM=ubuntu:18.04
FROM ${FROM}
LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode'
LABEL org.opencontainers.image.url='https://airshipit.org'
LABEL org.opencontainers.image.documentation='https://github.com/openstack/airship-maas'
LABEL org.opencontainers.image.source='https://git.openstack.org/openstack/airship-maas'
LABEL org.opencontainers.image.vendor='The Airship Authors'
LABEL org.opencontainers.image.licenses='Apache-2.0'
ARG HTTP_PROXY
ARG HTTPS_PROXY
ARG NO_PROXY
ARG http_proxy
ARG https_proxy
ARG no_proxy
ENV DEBIAN_FRONTEND noninteractive
ENV container docker
ENV MAAS_VERSION 2.8.6-8602-g.07cdffcaa-0ubuntu1~18.04.1
RUN apt-get -qq update \
&& apt-get install -y \
avahi-daemon \
jq \
patch \
software-properties-common \
sudo \
systemd \
# Don't start any optional services except for the few we need.
# (specifically, don't start avahi-daemon)
&& find /etc/systemd/system \
/lib/systemd/system \
-path '*.wants/*' \
-not -name '*journald*' \
-not -name '*systemd-tmpfiles*' \
-not -name '*systemd-user-sessions*' \
-exec rm \{} \; \
&& systemctl set-default multi-user.target \
# Install maas from the ppa
&& add-apt-repository -yu ppa:maas/2.8 \
&& apt-get install -y \
maas-region-api=$MAAS_VERSION \
# tcpdump is required by /usr/lib/maas/beacon-monitor
tcpdump \
&& rm -rf /var/lib/apt/lists/*
# Preserve the directory structure, permissions, and contents of /var/lib/maas
RUN mkdir -p /opt/maas/ && tar -cvzf /opt/maas/var-lib-maas.tgz /var/lib/maas
# 2.3 workarounds
COPY 2.3_route.patch /tmp/2.3_route.patch
COPY 2.3_kernel_package.patch /tmp/2.3_kernel_package.patch
COPY 2.3_bios_grub_partition.patch /tmp/2.3_bios_grub_partition.patch
# sh8121att: allow all requests via the proxy to allow it to work
# behind ingress
COPY 2.3_proxy_acl.patch /tmp/2.3_proxy_acl.patch
# Patch to add retrying to MaaS BMC user setup, and improve exception handling
COPY 2.3_configure_ipmi_user.patch /tmp/2.3_configure_ipmi_user.patch
COPY 2.3_secure_headers.patch /tmp/2.3_secure_headers.patch
COPY 2.3_region_secret_rotate.patch /tmp/2.3_region_secret_rotate.patch
COPY 2.3_partitiontable_does_not_exist.patch /tmp/2.3_partitiontable_does_not_exist.patch
# Avoid enlistment failures due to exceptions during moonshot detect attempts
COPY 2.8_maas_ipmi_autodetect_tool.patch /tmp/2.8_maas_ipmi_autodetect_tool.patch
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/2.3_route.patch
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/2.3_kernel_package.patch
RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch partition.py < /tmp/2.3_bios_grub_partition.patch
RUN cd /usr/lib/python3/dist-packages/maasserver && patch security.py < /tmp/2.3_region_secret_rotate.patch
RUN cd /usr/lib/python3/dist-packages/metadataserver/user_data/templates/snippets && patch maas_ipmi_autodetect.py < /tmp/2.3_configure_ipmi_user.patch
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/proxy && patch maas-proxy.conf.template < /tmp/2.3_proxy_acl.patch
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/2.3_secure_headers.patch
RUN cd /usr/lib/python3/dist-packages/maasserver/api && patch partitions.py < /tmp/2.3_partitiontable_does_not_exist.patch
RUN cd /usr/lib/python3/dist-packages/metadataserver/user_data/templates/snippets/ && patch maas_ipmi_autodetect_tool.py < /tmp/2.8_maas_ipmi_autodetect_tool.patch
# echo journalctl logs to the container's stdout
COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
RUN systemctl enable journalctl-to-tty.service
# quiet sudo for the maas user
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
# initalize systemd
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
View Git Blame Copy Permalink