MAAS

Power and Pod drivers need way to accept private keys and certificates

Bug #1878311 reported by Lee Trager
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Invalid
Undecided
Lee Trager
MAAS 2.8.0rc1

Bug Description

MAAS 2.8 will require user a user provided private key and certificate to access LXD. I have started to work on a branch which does this and noticed that both power and pod drivers can only have text, password, or choice fields. The private key and certificate are both files with multiple lines.

generating credentials:
openssl req -newkey rsa:4096 -nodes -keyout lxd.key -out lxd.csr
openssl x509 -signkey lxd.key -in lxd.csr -req -days 365 -out lxd.crt

Example private key:

-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCkSLkq7+ZeMwST
pXpAzvwGrCAT9SNc6vHOSlcoV9ebSlKvRrBNc/mzBk3kG0dNP0sP3igs8YdCQbXQ
M4Fy9nKmwf4NuB/h8A+YM1F7aH0p+a3qzNfDwf7GILHbFGAlC2o/jkNUctBLBjR+
g0Q1pQi9Wtm1jCLBo3I1FMwmugvOTB4vSAv8kW5CEXLf9gr5gcgWszlFt0jP0vq3
hHwJyVBvyAPWuPKh2YbXyra5/P1LZmTG0JdeBr68yiF9TT0DHbN0SzSs0FdlBuTS
v0zgQ4rfX61USE5VylFP+bZ+VjBErW39VRl3D3jOgtDNd0nyHK7Jn/ErUrIy9auq
3Tc/UfDwQYptTE9Nb2VI4tL6+yh1NEMAm5m7XJLxSJ48iwbYFq6o+QlVf8CIHqrF
C/Bsy3CnXjVlAU+UYoKl3YlN89uYYJE6XwvdjPdnvR7al3TJvw6PIrnu/ic9B2Nh
c9Xx5esjgSreIQ4VE/qiAYxuyF0ekwiQTUbNTbxJfTF7Z3f8+3uvKqkf0haOqH2Z
Na/p5lqbQgdDA1EsEr+VyiirYQiNbT9l/1iC20sQ86e64COGIiOhofuvKFvIhLcp
x7TjNm/WbfFD7X6XiETVj0Mr4CyF5ZhgTvspUjx0SNt9NkJ/Go+oi+tTOAxPi1WG
zUTYEKRg8c1h4hhp+RSZAmwdemmvjwIDAQABAoICAQCi1IXbne4qPczyfph+teks
v9wHi/hh92h1/E8I6JAGFhOAMMM78ZBztfLr/XGdifdfIeWWLkrPDAwl8XcDuGuJ
B0xE0tOfAG6kf3DqrXUpbpTH3gKZv6VDQVKnfzmQXhEQL3Ritm3nfp33KyonNY1F
CVAx1lT4soTXQebbF5nt/poIaROgYZD0IRFIFDlqdg0ZGsjQZcrgWhAwZzr+BDAa
qxfK8oNikhVJu12DWNLBshp+yG7PPkY9Huc0p6KqfPzKbmQmSVXmB4AztnJ+8dMq
dU159TTXaXFQoIQWEl1DJNaYuolD7eziWtyUWgDL3UwNAd9q/ksroT5mW16P/yqb
kQHRBRozMqhICNAR7bVcQpHEY/id7FSvQSq2Lq4WjRgJeIPZysssZ4qYSxBzvOyL
Ja0CFwjAdowztlRQHk/dPt1k72fpH6NrJ0PLSdRinM/E9Oc8TxTRpfawcvGUQkhs
8hltBYR4wpkPN8PF38liLVWoo7J5w8cq7CerpzdGrnOI+E22lrH4d6OOebzBb0T4
RGLC9HUnlRcZZ1eusgH9xWav0ms6zAcZUZVJ82cYcehtuAQbKYF2mTiFa1y7T7Np
T59tSUj8vTIHD5rcy8baXszeTIAHb4K6KeQLoA7MldJgFpBpoW4DPBMfSX/wqr8T
C7qh0bWdutPEfeiLTBHIoQKCAQEAzekqQj7bbwCqX/LfoG8cNvnjkoT3DwROFeMY
/4dBTz/dVu3g3c17DnHKfm0lc/1ZEz6JrJEBkbv8ntmHZbkmDsgrxXNNCC7JR7tO
s3xRCvtgYAvVOVv+yEEhhr70qPdclaBb0XzlGeUFimbOpV7lr0+2W84KzKObC1Qo
2hG9T6/y3NIrc8YRtULPjkC1T8+HbRwFTheX53ei4D7BzG/1G4YrreVPgpdwZ5oR
TZdUvAtslOsiCrRKIYeMlOUotRj67zURm2EbdnPs9mvWVPUYKnosEzCgaoLPcEQC
dXanugWkDtpJrDjtspuT1q7czHgr3y08A6qs8sARU2Gncn2lcQKCAQEAzD9OdvyT
w+ZSKx2Df302Aj1KVcxFcbDAxcS642ciPKpaxkz+XdH/GvA3Jecyhv+Qcl3Rb1HW
Y05oAJhRDL7ScHPG661dB8hcFJOjGtnsKwbWEWj5NdbKot9+iA1xcerilJNyZ6Yp
IopKjAvnUm9DmDc91AcM3QWouJi0jSjGvY6w0QT2iM4Hun9z1w2s1Hi80MHMo0Xd
69fJvltQBZl9kNJ7Nh1S5tAltImeZJIpDDQGVvjiaPQstsePN0281Cl0zG4u99H9
S+iHxDR81G5e2M0Zs2nCFoRPjA0oZGp6hurbmqh21irhE2VJHdF8rzGESfyum1mX
A+uVAHyiDN4k/wKCAQEAhzvVd0CVGWgUfYOjf1i57RldbwNIx2IKbrGB34DTUdsd
4VPF1aZ4ZVoypanFaVJAyDTQcrehkjcmiKVRGWvqJNcueDVrqC4iH6xS2eqRx2al
Oy9KUKusv5SXEkojoT0kX1i8NO+T/9e8NdOjcFTNAMCXgd/mk9P3pg8V7XKtJMLn
/ENEKnsxchx4+HJjIhGoXe6DRXCVYX3fSOuumDgHgJYz5beu6pPPTRuQtaboDcBr
BbsP1nvmG/NMTxXaEGZhl+0ArU2vnbIxNP5J++4kevFWNRxAnvNejdr8ymytZ60A
vIh8zlFtO1qWU+7wMJHULnUk7zuO7rdaKar/MGB44QKCAQAzKfSc596YJz0UIduL
9zCtVO8nGPmYZj+UCxkJ2A8ChWYh4K2jkPRHqj8WVpkYqjJkA85wBV8gF0cERyOe
frq2grok1ZPFXFJ8sRMdqdN4X8kGKXasHvc536SRrlRpxf4mW90/y6boSR4tgNnc
k5SqL8RkNbPqNf2y6EXqSnmmiHUQlx6u3HWhKUY6a+mMfAZIgROjHuBdsPuPnM4p
6O5EdgV5Y9UdjqyzUfoElXyE2w9vf/8vbWM6Ejl1EBsqRoxEnaFUYR0Dg+dmpgNT
L6bAxngWsnp1K4XFvpIMvYOeAn0qe+Lw+WLSef/b4VtLg6rw4cRXlBS5Xa1Apvft
I0S/AoIBAQCZKqVaxEpZfGhclULf9eTpz3mjI3MiUrkmYF/K5EF6lMPk+jXHF9Jb
bSH7Bx4X8BdaC39UF/BJjYCdUAkWR5sjrVeh3NuJ3V5GS1YzoWZlTAH8Hu/9qQRS
/PnG+1kxRdd4YxiH7T6/2IgOwHUyaBleDDAKfriwK3Bz+U5fAITSVnf8baHDw0Dl
j1dSFC4seTS+ls5EzRb03KA9iP7iYmpMi0sZ+F1MkNZg66LM8AmDx+u2ougrqfYz
JyAwZ52EGofD75wdDsLjGHqmKgaCGL5AN3GYgIYW8w+mcc7iRRfDhg3sfAjDgYHx
Pc1KvZjKAFynBZza4wScLoU4MALx+3be
-----END PRIVATE KEY-----

Example certificate:

-----BEGIN CERTIFICATE-----
MIIFJTCCAw0CFC9wa2popJ9WRu49ghRKgElyqfgAMA0GCSqGSIb3DQEBCwUAME8x
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEhMB8G
A1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTIwMDUxMzAxMTgyNFoX
DTIxMDUxMzAxMTgyNFowTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYD
VQQHDAdTZWF0dGxlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQw
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCkSLkq7+ZeMwSTpXpAzvwG
rCAT9SNc6vHOSlcoV9ebSlKvRrBNc/mzBk3kG0dNP0sP3igs8YdCQbXQM4Fy9nKm
wf4NuB/h8A+YM1F7aH0p+a3qzNfDwf7GILHbFGAlC2o/jkNUctBLBjR+g0Q1pQi9
Wtm1jCLBo3I1FMwmugvOTB4vSAv8kW5CEXLf9gr5gcgWszlFt0jP0vq3hHwJyVBv
yAPWuPKh2YbXyra5/P1LZmTG0JdeBr68yiF9TT0DHbN0SzSs0FdlBuTSv0zgQ4rf
X61USE5VylFP+bZ+VjBErW39VRl3D3jOgtDNd0nyHK7Jn/ErUrIy9auq3Tc/UfDw
QYptTE9Nb2VI4tL6+yh1NEMAm5m7XJLxSJ48iwbYFq6o+QlVf8CIHqrFC/Bsy3Cn
XjVlAU+UYoKl3YlN89uYYJE6XwvdjPdnvR7al3TJvw6PIrnu/ic9B2Nhc9Xx5esj
gSreIQ4VE/qiAYxuyF0ekwiQTUbNTbxJfTF7Z3f8+3uvKqkf0haOqH2ZNa/p5lqb
QgdDA1EsEr+VyiirYQiNbT9l/1iC20sQ86e64COGIiOhofuvKFvIhLcpx7TjNm/W
bfFD7X6XiETVj0Mr4CyF5ZhgTvspUjx0SNt9NkJ/Go+oi+tTOAxPi1WGzUTYEKRg
8c1h4hhp+RSZAmwdemmvjwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBZOWpROCc/
cvShhcegDpnrRUG8W9eXpkU4VSdPMyerKaj/hqW4dgQXYuPcpQuhh+XzwmTLwGzl
IpcCqzx05oIXZ+RrLFEd2iN0yPOVH+Qt8OBDFhQsGyAxHbExMmjGicKjNRc0vVHC
yXTrOPaFA703/FNhQiYHosdiXPED4h/kDE2GYgtatjLgoK348/sYkmZl3YkhwD58
q5QdgwKq0VhqCa0tg1NxMm8/0I0PSs4URiLJTyyMWm/0v5PpgjYdwjG9xvL/SXd7
rjFX6+JtKXfZOoclRbbv4gTyM8WZOlIZMM6NJj2/i8ZqTHWxUzsJtmP0XhcWB3Dn
Qk7o+sOXQ/3PHdhAzxcMqWjZ6jW3mIFB07PK5ChplOMg+qo9r3WeMXMWOH3k3f1i
X6DPs5I/phTWsRxv2LOYJ/txNNdwBNHPQPFeqBtqgm74uQWuJ+KjaSapCtvX8hlK
suHBAHPYbQjbueOL1AUK9YJgPXFHzFhAfoyOfS9fv/G9f4XBCpynzQWUpEKBhfih
6FteiWYGYmrlVeolJ//+4zMU5CWdQI5p0ckv9qQkXOkQqABsGWb53u9TAxgOCsxd
36a25QSuWVC1vVf4652HJ6j9mtlihRFO0HpegoCZvtKLXspOK/cC7fUBYComoMFt
34kMqqCkOeT77R57nw/2LZmTfCCjSRv7lA==
-----END CERTIFICATE-----

Tags: ui
Revision history for this message
Lee Trager (ltrager) wrote :
Changed in maas:
milestone: none → 2.8.0rc1
Revision history for this message
Lee Trager (ltrager) wrote :
Download full text (9.6 KiB)

Note the size of the private key and certificate will defer based on the key size the user specifies. For example:

openssl req -newkey rsa:8192 -nodes -keyout lxd.key -out lxd.csr
openssl x509 -signkey lxd.key -in lxd.csr -req -days 365 -out lxd.crt

Private key:
-----BEGIN PRIVATE KEY-----
MIISQgIBADANBgkqhkiG9w0BAQEFAASCEiwwghIoAgEAAoIEAQC5YsGRbSDMruP6
8vqoCn5QP49dj/QQKQVPmgEpSLO1lELWK++xibq882faOaxnE3Y6Q+ZuNQPmLcax
p8J6MMYTlbdNIBxrsDFO6nZc+wlraGWw9THXxiJ11kE/UG2GXXZ9D0GmUZHAL0u+
1EsaUdsVDyuCwGF/lFewQkAryY2v9HgZTvn0rVwacWLFkMLjG0MfttCKCWRa7RUA
PY2Uy8I2dye7FTh5bdUx2A454CYR0KP/dWma9LCZKetitoCkRdX867buH5PrRMnY
NbVK1bET38dDqzoz9o0vxuCieghPz4WrYDkDIQhbGSM0VtEFvpACgQ/NZztNXne2
AUMCI0+CndKzKBP2BG280DO488T1KCtC0Gcn6vpdNDCD9/ixq6LZWNkEbdBPBmce
UCJEqwLmSj2nSDRJP4CpipIqnkXKbFVF5rEC4rGA4SlHb/crbGgiDNP8ZTLNE7r5
d/lM5SFgQjU6RR+tAIqWtnBTMbC7WOrcJ30iWrAXCrpovUXxAz7gnUP0gYxxvaw5
JvcGRwGmKgQVqjNqqQjvMTLzux9U11LNfOau9bfYk3s+74f/OAe2HNLChZU1WRzn
Qw81TWeNyK8cQyUsrXuXmULy484YdQmf9Xt0G20TzAc1tYsgHiI/1uzpPVaQmxzr
YQ66iJJYqN3dYerjli+xmhpYdJZuVpn+PdEyMZJmGD8BJENulXy9fgmErDDRmJ0v
5qBfYWI+8Gxw4XsVQ0Xxaasl2lBYC0GLe3ne6H1VIWsdgA9HQy1TPlOjIIIArngQ
wJxh+2ea6xxJZYzt59eWdL65wX7prO1ftCLxpNDcseMFjPjnktiA8KK761KCEyMr
ekIxGzOVZrQblTwPTQM7CyaQ2sgvsEVK7uLY5NzeZkK3nBWj/+wxVLm5Z4eCtwuS
oKCWlO5t7rz9+Di0kdTkKUIZ3OkpQP1XqOU0RpKuyF5C8kkoLiSD0/ilLDVNZ43m
3jhyaF3NU89aGSF7UpzESmUKA97PyXdH+Sv8iTtUdh+i2b1YUcavvlwD/GrMWQHV
hcCAx8dzq4M6BMMDd/C/Ja78JsTzFdSwVlm94FLhXf6jc4MnlQpvYGqMQU6mtU+o
LlfmcBRBtkP3WX6HVTE0aWmgh0CVUMZUfJCiTlzXXXfm2/DKBAhY6/Oy61UwvE4s
aR1diTFA9b5iKmbhBq8RBzZljejhF68RYHJKGusebxmukMaDBPFrIeWa/tsDOi8a
6cBxviPjAO1tw+O4P3QOuBTzTBW2h5xdi94mYEDZkw92G9I5tX9ITUqzMphyCOSS
Gv+L/MNKJjHB0cBe/3wd6xINyTdljeryzNyg6VcUvYZwSylyGLX7crdKa7zqK09Z
ePDbI8EtAgMBAAECggQAa3C+umfCoJ2jZyc2+fjK5/tOPW1Wh58egtnAXorSDCRW
8AUar4wg+60dvS27qyluVapQfAKhtd9FzmRpo6NsyKD2UO6RSiAdE51y58Rd2y/v
77TLJECibCS2P9l/AGZea3BSHfAcRoOipIAo3qIeFIBsOSUB3Iy+nVpoEniHczh9
+jz5RELMpE6ebd3N9Q0xw8mR5s42qTPJ/g+uZFQKxMId9qD/z/BFpNOQux4bMiv3
P/BuOe4iA0J2NwmKWKpYsHJz3GHUun9tc6782Ngr/latB5zO6Jq1jMD4I3ISKx8c
WwwzPosAaruQ2Z6PGYMttyXRYLu5dMeRHZxxl2WbiRmqqUZK+0PpzYnk0AYHWgXj
vJ9Hiaz3WNkMXQ9zxJSylsCVVanHFmWhkcHjemSaE5lnTfHcy67QBHJY7/Y2gHB0
o0RlxkRXl1fnMo3DdBkp6MICgb6syInszPQpOdV5mG4GpzS0fPFZYKtvQegEgy+v
PdRtA2IHt/Lxwg4f4OR+pnK+lZAXMzw3+g+JDsxMOl8TavLvRZudn/KlkvgZ2nPI
e2stzqx91jjzLrBn4xQ38+WUiEQfC4IP7D/DKqMnptZuFjUb8F7CyEN8t4QrR6Vc
5KXC3LGgb97JNul2LjEIrHMFbs+rwbcD9a6UeKr6FgQYQVukZC4Aii/DoQxAusTd
O+ZZfrKDgZcbEiPa8MLOXdUCkSnHFLK21/LzgiCNAZ9ZGW9CQN1GSgY0KMUjDGpH
KwS7EJoO5PDQ+IUPfxrt/bdNA5yb00fKQ3ExYtPgWuojlR5sPD+jrZVT3ssTzCWd
BndRlBldGZ2eJ3wxXj1q/97hoNI5SWH3U9L0FGZtOdOBJ6Iya6u184JTVf23uJ3Y
n7zSLLBwTu5GPnYKuErRx2NoctgWGRssXB5YsneqoqLq+HRXZHJjD/Hl7uTyrx/B
9DnoDwwo7CwhwvtMpuEqg130CO/deXmvF8HxXdWwb2OLn5qWlZw+XBr6pZvOyjB/
5Wo7PvGn0PGx/YG+7DgvthzyL5EDqknclkNIOy/MVJ0TrJCHGdFGoNjypnC74lCY
mhmFgjUORs9OZxzUXq5mO1NPoP1JHckz4B2+vIy9geZwZ9M1tziP8ibAlESOE2e/
bf3rOfdJwa04z39xn8Dc56APTnnWJZcMroVQSfxrW4/k7mPJyn4v9oa4utOk+TRg
ZKCq2aiR77gRgeDQsAqSrAgLjPGLBIEzSOuYXLL953pfJ039aAc4Sr/9KyHo4t3w
8v/Ei0XVg2760RrG29KyzfsqnLFfcSEfc9urNZKAF8TtTHc3M9U6Bs6cyZ2WhnEU
oRVTsWCbQK+Wz06an7HzZvjzaJJYoWt1J+oVXiNZyQKCAgEA5OV6xay087htcfXu
+hUBQhS05yXdYV8x22PNodQI32/DoW0tH7hbT1RQWZ6TycL...

Read more...

Adam Collard (adam-collard)
Changed in maas:
assignee: nobody → Lee Trager (ltrager)
Lee Trager (ltrager)
Changed in maas:
status: New → Opinion
status: Opinion → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.