Go MAAS API Library

Add support to MAAS+TLS

Bug #1986737 reported by Pedro Guimarães on 2022-08-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Invalid	Undecided	Unassigned
	Go MAAS API Library	Invalid	Undecided	Unassigned

Bug Description

MAAS 3.2 has now support for TLS natively.

However, when trying to use a MAAS+TLS with Juju 2.9.33, I get the following error stack at bootstrap.

ERROR Forbidden
23:25:53 DEBUG cmd supercommand.go:537 error stack:
ServerError: 401 Unauthorized (Forbidden)
github.com/juju/gomaasapi/v2.Client.dispatchSingleRequest:129:
github.com/juju/gomaasapi/v2.(*controller)._getRaw:887:
github.com/juju/gomaasapi/v2.(*controller)._get:863:
github.com/juju/gomaasapi/v2.(*controller).checkCreds:766: Forbidden
github.com/juju/gomaasapi/v2.newControllerWithVersion:107:
github.com/juju/gomaasapi/v2.newControllerUnknownVersion:125:
github.com/juju/juju/provider/maas.(*maasEnviron).SetCloudSpec:323:
github.com/juju/juju/provider/maas.NewEnviron:140:
github.com/juju/juju/environs/bootstrap.PrepareController:131:
github.com/juju/juju/cmd/juju/commands.(*bootstrapCommand).Run:790:

If I disable TLS, the credentials work fine for bootstrap. I've also added the CA chain to the juju client machine.

Revision history for this message

Pedro Guimarães (pguimaraes) wrote on 2022-08-18:

There are two alternatives:
1) Adding the ca chain via cloud-init to the juju controller and directly to the node running juju client
2) Setting the ca chain in the ~/.local/share/juju/clouds.yaml, under the "ca-certificates" field

Setting this bug as invalid.

Changed in gomaasapi:
status:	New → Invalid
Changed in juju:
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.