MAAS

[wishlist, enhacement] Support for custom proxy rules

Bug #1814080 reported by Alvaro Uria
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
MAAS
Invalid
Undecided
Unassigned

Bug Description

When MAAS' own proxy is used, /var/lib/maas/maas-proxy.conf is generated from the template at /usr/lib/python3/dist-packages/provisioningserver/templates/proxy/maas-proxy.conf.template

Sometimes, customers need extra rules to be allowed (ie. a single IP from a different network block to have access to a certain resource). In those cases, maas-proxy.conf.template is manually modified to avoid custom changes to be overwritten.

As a wishlist, very useful to about 5 BootStack customers now, a textarea could be added to the settings section to allow custom Squid ACLs. This could present a security risk, so as an alternative, a more complex form could be added to allow "acl" text input (only the network blocks) as well as limited http_access allow and deny rules.

Michael Skalka (mskalka)
tags: added: cpe-onsite
Andres Rodriguez (andreserl)
Changed in maas:
milestone: none → 2.6.0
status: New → Triaged
milestone: 2.6.0 → next
Revision history for this message
Andres Rodriguez (andreserl) wrote :

Hi Alvaro,

Can you please details what custom rules where you looking MAAS to support?

Revision history for this message
Andres Rodriguez (andreserl) wrote :

Please provide all of the things you would need to customize.

Changed in maas:
status: Triaged → Incomplete
summary: - Support for custom proxy rules
+ [wishlist] Support for custom proxy rules
summary: - [wishlist] Support for custom proxy rules
+ [wishlist, enhacement] Support for custom proxy rules
Andres Rodriguez (andreserl)
tags: added: proxy wishlist
Revision history for this message
Björn Tillenius (bjornt) wrote :

Hi Alvaro. We've started to track feature request on discourse instead, https://discourse.maas.io/, since it's a better forum for that.

Could you please post your request there instead? Don't forget to add the actual use case your trying to support. If possible, we'd like to avoid custom text config and instead making a nicer UI that removes the risk of the user breaking the proxy configuration.

If all you need are ACLs, I'm sure we could do it without having the user write any squid config, but it depends on exactly what you're trying to achieve.

Changed in maas:
status: Incomplete → Invalid
Björn Tillenius (bjornt)
Changed in maas:
milestone: next → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.