Disable ipv6 for bind9 named service
* Allow any recursion and cache queries for named svc * Bump maas v3 to the actual version Signed-off-by: Ruslan Aliev <raliev@mirantis.com> Change-Id: I16a4ec843dc73a2349e8603d4200920599eab918
This commit is contained in:
parent
565d20ee18
commit
eaabbb2722
@ -36,7 +36,7 @@ data:
|
|||||||
{{- if .Values.conf.bind.append -}}
|
{{- if .Values.conf.bind.append -}}
|
||||||
{{ .Values.conf.bind.append | indent 4 }}
|
{{ .Values.conf.bind.append | indent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
bind9: |
|
named: |
|
||||||
{{ tuple "etc/_bind9.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "etc/_bind9.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
nginx.conf: |
|
nginx.conf: |
|
||||||
{{ tuple "etc/_nginx.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "etc/_nginx.conf.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
{{/* file location: /etc/default/bind9 */}}
|
{{/* file location: /etc/default/named */}}
|
||||||
{{- $cpus := index .Values.conf.bind "cpus" -}}
|
{{- $cpus := index .Values.conf.bind "cpus" -}}
|
||||||
#
|
#
|
||||||
# run resolvconf?
|
# run resolvconf?
|
||||||
RESOLVCONF=no
|
RESOLVCONF=no
|
||||||
|
|
||||||
# startup options for the server
|
# startup options for the server
|
||||||
OPTIONS="-u bind {{- if $cpus }} -n {{ $cpus }}{{ end }}"
|
OPTIONS="-4 -u bind {{- if $cpus }} -n {{ $cpus }}{{ end }}"
|
||||||
|
@ -14,5 +14,5 @@
|
|||||||
|
|
||||||
options { directory "/var/cache/bind";
|
options { directory "/var/cache/bind";
|
||||||
auth-nxdomain no;
|
auth-nxdomain no;
|
||||||
listen-on-v6 { any; };
|
listen-on-v6 { none; };
|
||||||
include "/etc/bind/maas/named.conf.options.inside.maas"; };
|
include "/etc/bind/maas/named.conf.options.inside.maas"; };
|
||||||
|
@ -142,9 +142,17 @@ spec:
|
|||||||
mountPath: /var/lib/maas/http/nginx.conf
|
mountPath: /var/lib/maas/http/nginx.conf
|
||||||
subPath: nginx.conf
|
subPath: nginx.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: maas-etc
|
||||||
|
mountPath: /etc/default/named
|
||||||
|
subPath: named
|
||||||
|
readOnly: true
|
||||||
- name: maas-etc
|
- name: maas-etc
|
||||||
mountPath: /etc/default/bind9
|
mountPath: /etc/default/bind9
|
||||||
subPath: bind9
|
subPath: named
|
||||||
|
readOnly: true
|
||||||
|
- name: maas-etc
|
||||||
|
mountPath: /etc/bind/named.conf.options
|
||||||
|
subPath: named.conf.options
|
||||||
readOnly: true
|
readOnly: true
|
||||||
{{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
|
@ -169,9 +169,13 @@ spec:
|
|||||||
subPath: curtin
|
subPath: curtin
|
||||||
readOnly: true
|
readOnly: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
- name: maas-etc
|
||||||
|
mountPath: /etc/default/named
|
||||||
|
subPath: named
|
||||||
|
readOnly: true
|
||||||
- name: maas-etc
|
- name: maas-etc
|
||||||
mountPath: /etc/default/bind9
|
mountPath: /etc/default/bind9
|
||||||
subPath: bind9
|
subPath: named
|
||||||
readOnly: true
|
readOnly: true
|
||||||
{{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
|
{{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
|
15
images/maas-rack-controller-focal/3.0_allow_query.patch
Normal file
15
images/maas-rack-controller-focal/3.0_allow_query.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
index d76fcfa9a..d198e90b9 100644
|
||||||
|
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
@@ -13,8 +13,8 @@ empty-zones-enable no;
|
||||||
|
allow-query { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_recursion}}
|
||||||
|
-allow-recursion { trusted; };
|
||||||
|
+allow-recursion { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_query_cache}}
|
||||||
|
-allow-query-cache { trusted; };
|
||||||
|
+allow-query-cache { any; };
|
||||||
|
{{endif}}
|
@ -18,7 +18,7 @@ ARG no_proxy
|
|||||||
ENV DEBIAN_FRONTEND noninteractive
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
ENV container docker
|
ENV container docker
|
||||||
|
|
||||||
ENV MAAS_VERSION 1:3.0.0-10029-g.986ea3e45-0ubuntu1~20.04.1
|
ENV MAAS_VERSION 1:3.0.1-10052-g.82c730c57-0ubuntu1~20.04.1
|
||||||
|
|
||||||
RUN apt-get -qq update \
|
RUN apt-get -qq update \
|
||||||
&& apt-get install -y \
|
&& apt-get install -y \
|
||||||
@ -62,11 +62,14 @@ COPY 3.0_secure_headers.patch /tmp/3.0_secure_headers.patch
|
|||||||
COPY 3.0_ipmi_error.patch /tmp/3.0_ipmi_error.patch
|
COPY 3.0_ipmi_error.patch /tmp/3.0_ipmi_error.patch
|
||||||
# Patch to space redfish request retries apart a bit, to avoid overwhelming the BMC
|
# Patch to space redfish request retries apart a bit, to avoid overwhelming the BMC
|
||||||
COPY 3.0_redfish_retries.patch /tmp/3.0_redfish_retries.patch
|
COPY 3.0_redfish_retries.patch /tmp/3.0_redfish_retries.patch
|
||||||
|
# Patch to allow any recursion and cache queries
|
||||||
|
COPY 3.0_allow_query.patch /tmp/3.0_allow_query.patch
|
||||||
|
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/3.0_nic_filter.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/3.0_nic_filter.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.0_secure_headers.patch
|
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.0_secure_headers.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/3.0_ipmi_error.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/3.0_ipmi_error.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/3.0_redfish_retries.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/3.0_redfish_retries.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/3.0_allow_query.patch
|
||||||
|
|
||||||
# echo journalctl logs to the container's stdout
|
# echo journalctl logs to the container's stdout
|
||||||
COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
||||||
@ -76,7 +79,7 @@ RUN systemctl enable journalctl-to-tty.service
|
|||||||
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
|
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
|
||||||
|
|
||||||
# avoid triggering bind9 high cpu utilization bug
|
# avoid triggering bind9 high cpu utilization bug
|
||||||
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf
|
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf && /usr/lib/maas/maas-common setup-dns
|
||||||
|
|
||||||
# initalize systemd
|
# initalize systemd
|
||||||
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
||||||
|
15
images/maas-rack-controller/2.8_allow_query.patch
Normal file
15
images/maas-rack-controller/2.8_allow_query.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
index ba1aee316..ab5766210 100644
|
||||||
|
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
@@ -13,8 +13,8 @@ dnssec-validation {{dnssec_validation}};
|
||||||
|
allow-query { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_recursion}}
|
||||||
|
-allow-recursion { trusted; };
|
||||||
|
+allow-recursion { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_query_cache}}
|
||||||
|
-allow-query-cache { trusted; };
|
||||||
|
+allow-query-cache { any; };
|
||||||
|
{{endif}}
|
@ -61,11 +61,14 @@ COPY 2.8_secure_headers.patch /tmp/2.8_secure_headers.patch
|
|||||||
COPY 2.8_ipmi_error.patch /tmp/2.8_ipmi_error.patch
|
COPY 2.8_ipmi_error.patch /tmp/2.8_ipmi_error.patch
|
||||||
# Patch to space redfish request retries apart a bit, to avoid overwhelming the BMC
|
# Patch to space redfish request retries apart a bit, to avoid overwhelming the BMC
|
||||||
COPY 2.8_redfish_retries.patch /tmp/2.8_redfish_retries.patch
|
COPY 2.8_redfish_retries.patch /tmp/2.8_redfish_retries.patch
|
||||||
|
# Patch to allow any recursion and cache queries
|
||||||
|
COPY 2.8_allow_query.patch /tmp/2.8_allow_query.patch
|
||||||
|
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/2.8_nic_filter.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/2.8_nic_filter.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/2.8_secure_headers.patch
|
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/2.8_secure_headers.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/2.8_ipmi_error.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch ipmi.py < /tmp/2.8_ipmi_error.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/2.8_redfish_retries.patch
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/drivers/power && patch redfish.py < /tmp/2.8_redfish_retries.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/2.8_allow_query.patch
|
||||||
|
|
||||||
# echo journalctl logs to the container's stdout
|
# echo journalctl logs to the container's stdout
|
||||||
COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
||||||
@ -75,7 +78,7 @@ RUN systemctl enable journalctl-to-tty.service
|
|||||||
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
|
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
|
||||||
|
|
||||||
# avoid triggering bind9 high cpu utilization bug
|
# avoid triggering bind9 high cpu utilization bug
|
||||||
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf
|
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf && /usr/lib/maas/maas-common setup-dns
|
||||||
|
|
||||||
# initalize systemd
|
# initalize systemd
|
||||||
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
||||||
|
15
images/maas-region-controller-focal/3.0_allow_query.patch
Normal file
15
images/maas-region-controller-focal/3.0_allow_query.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
index d76fcfa9a..d198e90b9 100644
|
||||||
|
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
@@ -13,8 +13,8 @@ empty-zones-enable no;
|
||||||
|
allow-query { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_recursion}}
|
||||||
|
-allow-recursion { trusted; };
|
||||||
|
+allow-recursion { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_query_cache}}
|
||||||
|
-allow-query-cache { trusted; };
|
||||||
|
+allow-query-cache { any; };
|
||||||
|
{{endif}}
|
@ -18,7 +18,7 @@ ARG no_proxy
|
|||||||
ENV DEBIAN_FRONTEND noninteractive
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
ENV container docker
|
ENV container docker
|
||||||
|
|
||||||
ENV MAAS_VERSION 1:3.0.0-10029-g.986ea3e45-0ubuntu1~20.04.1
|
ENV MAAS_VERSION 1:3.0.1-10052-g.82c730c57-0ubuntu1~20.04.1
|
||||||
|
|
||||||
RUN apt-get -qq update \
|
RUN apt-get -qq update \
|
||||||
&& apt-get install -y \
|
&& apt-get install -y \
|
||||||
@ -65,6 +65,8 @@ COPY 3.0_region_secret_rotate.patch /tmp/3.0_region_secret_rotate.patch
|
|||||||
COPY 3.0_partitiontable_does_not_exist.patch /tmp/3.0_partitiontable_does_not_exist.patch
|
COPY 3.0_partitiontable_does_not_exist.patch /tmp/3.0_partitiontable_does_not_exist.patch
|
||||||
# Allow tags with '/' symbols
|
# Allow tags with '/' symbols
|
||||||
COPY 3.0_regex_tags.patch /tmp/3.0_regex_tags.patch
|
COPY 3.0_regex_tags.patch /tmp/3.0_regex_tags.patch
|
||||||
|
# Patch to allow any recursion and cache queries
|
||||||
|
COPY 3.0_allow_query.patch /tmp/3.0_allow_query.patch
|
||||||
|
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/3.0_route.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/3.0_route.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/3.0_kernel_package.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/3.0_kernel_package.patch
|
||||||
@ -75,6 +77,7 @@ RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/proxy && patc
|
|||||||
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.0_secure_headers.patch
|
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/3.0_secure_headers.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver/api && patch partitions.py < /tmp/3.0_partitiontable_does_not_exist.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver/api && patch partitions.py < /tmp/3.0_partitiontable_does_not_exist.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch ownerdata.py < /tmp/3.0_regex_tags.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch ownerdata.py < /tmp/3.0_regex_tags.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/3.0_allow_query.patch
|
||||||
|
|
||||||
# echo journalctl logs to the container's stdout
|
# echo journalctl logs to the container's stdout
|
||||||
COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
||||||
@ -84,7 +87,7 @@ RUN systemctl enable journalctl-to-tty.service
|
|||||||
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
|
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
|
||||||
|
|
||||||
# avoid triggering bind9 high cpu utilization bug
|
# avoid triggering bind9 high cpu utilization bug
|
||||||
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf
|
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf && /usr/lib/maas/maas-common setup-dns
|
||||||
|
|
||||||
# initalize systemd
|
# initalize systemd
|
||||||
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
||||||
|
15
images/maas-region-controller/2.8_allow_query.patch
Normal file
15
images/maas-region-controller/2.8_allow_query.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --git a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
index ba1aee316..ab5766210 100644
|
||||||
|
--- a/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
+++ b/src/provisioningserver/templates/dns/named.conf.options.inside.maas.template
|
||||||
|
@@ -13,8 +13,8 @@ dnssec-validation {{dnssec_validation}};
|
||||||
|
allow-query { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_recursion}}
|
||||||
|
-allow-recursion { trusted; };
|
||||||
|
+allow-recursion { any; };
|
||||||
|
{{endif}}
|
||||||
|
{{if not upstream_allow_query_cache}}
|
||||||
|
-allow-query-cache { trusted; };
|
||||||
|
+allow-query-cache { any; };
|
||||||
|
{{endif}}
|
@ -64,6 +64,8 @@ COPY 2.8_region_secret_rotate.patch /tmp/2.8_region_secret_rotate.patch
|
|||||||
COPY 2.8_partitiontable_does_not_exist.patch /tmp/2.8_partitiontable_does_not_exist.patch
|
COPY 2.8_partitiontable_does_not_exist.patch /tmp/2.8_partitiontable_does_not_exist.patch
|
||||||
# Avoid enlistment failures due to exceptions during moonshot detect attempts
|
# Avoid enlistment failures due to exceptions during moonshot detect attempts
|
||||||
COPY 2.8_maas_ipmi_autodetect_tool.patch /tmp/2.8_maas_ipmi_autodetect_tool.patch
|
COPY 2.8_maas_ipmi_autodetect_tool.patch /tmp/2.8_maas_ipmi_autodetect_tool.patch
|
||||||
|
# Patch to allow any recursion and cache queries
|
||||||
|
COPY 2.8_allow_query.patch /tmp/2.8_allow_query.patch
|
||||||
|
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/2.8_route.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/2.8_route.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/2.8_kernel_package.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/2.8_kernel_package.patch
|
||||||
@ -74,6 +76,7 @@ RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/proxy && patc
|
|||||||
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/2.8_secure_headers.patch
|
RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/2.8_secure_headers.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/maasserver/api && patch partitions.py < /tmp/2.8_partitiontable_does_not_exist.patch
|
RUN cd /usr/lib/python3/dist-packages/maasserver/api && patch partitions.py < /tmp/2.8_partitiontable_does_not_exist.patch
|
||||||
RUN cd /usr/lib/python3/dist-packages/metadataserver/user_data/templates/snippets/ && patch maas_ipmi_autodetect_tool.py < /tmp/2.8_maas_ipmi_autodetect_tool.patch
|
RUN cd /usr/lib/python3/dist-packages/metadataserver/user_data/templates/snippets/ && patch maas_ipmi_autodetect_tool.py < /tmp/2.8_maas_ipmi_autodetect_tool.patch
|
||||||
|
RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/dns && patch named.conf.options.inside.maas.template < /tmp/2.8_allow_query.patch
|
||||||
|
|
||||||
# echo journalctl logs to the container's stdout
|
# echo journalctl logs to the container's stdout
|
||||||
COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
|
||||||
@ -83,7 +86,7 @@ RUN systemctl enable journalctl-to-tty.service
|
|||||||
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
|
RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log
|
||||||
|
|
||||||
# avoid triggering bind9 high cpu utilization bug
|
# avoid triggering bind9 high cpu utilization bug
|
||||||
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf
|
RUN sed -i -e '$a\include "/etc/bind/bind.keys";' /etc/bind/named.conf && /usr/lib/maas/maas-common setup-dns
|
||||||
|
|
||||||
# initalize systemd
|
# initalize systemd
|
||||||
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
|
||||||
|
Loading…
Reference in New Issue
Block a user