Enabling maas tls requires restart of juju controllers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
If juju is setup bootstrapped to a maas cloud without tls and then tls is enabled in maas later on, I would expect that simply running `juju update-cloud ...` will be. However it turns out that I need to restart the juju controllers as well to get it working.
Here are the steps I took:
1. bootstrap maas cloud to juju
```
cat clouds.yaml
clouds:
maas_cloud:
type: maas
auth-types: [oauth1]
endpoint: http://<maas-vip>:80/MAAS
```
2. enable tls after the fact with maas following [1], which at this time is
```
maas config-tls enable /var/snap/
maas login $PROFILE https://<maas-fqdn-
```
NOTE ^ I need to maas re-login otherwise certain commands like maas machine read work but `maas subnets read` does not work.
3. write a new cloud yaml with the endpoint updated and the cert chain added
```
cat << EOF > maas-cloud-tls.yaml
maas_cloud:
type: maas
auth-types: [oauth1]
endpoint: https://<maas-fqdn-
ca-certificates:
- |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
...
EOF
```
4. update cloud
```
juju update-cloud maas_cloud -f maas-cloud-tls.yaml
# accept for both client and controller
```
5. run juju spaces (to mimic maas subnets read)
```
juju spaces
ERROR cannot list spaces: getting environ: creating environ for model "maas-infra" (1e82964a-
```
NOTE that this ca cert chain has been updated on the controller vm themselves so the vms trust it
6. rolling restart `jujud-
7. juju spaces works then, and I even tested further with a juju deploy,etc...
Here are the relevant versions:
- juju 2.9.44 (server + client)
- maas 3.2/stable (3.2.9-
[1] https:/
Speaking to Joseph, they mentioned its possibly relating to transport in the MAAS client (gomaasapi) itself