Let administrators see the region secret in the MAAS UI, and provide instructions on how to register clusters.
Bug #1378993 reported by
Christian Reis
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Won't Fix
|
High
|
Unassigned |
Bug Description
With the new RPC security mechanism, the administrator will need to run a commandline utility on the cluster to set the correct secret for its region region. It would be a nice touch if the MAAS UI showed the secret, to admins only, in a way which could be disclosed and copy/pasted into a commandline on the cluster.
Changed in maas: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in maas: | |
milestone: | none → next |
Changed in maas: | |
milestone: | next → 1.7.1 |
Changed in maas: | |
milestone: | 1.7.1 → 1.7.2 |
Changed in maas: | |
milestone: | 1.7.2 → 1.7.3 |
Changed in maas: | |
milestone: | 1.7.3 → none |
status: | Incomplete → Won't Fix |
To post a comment you must log in.
Ummm this is a little odd. Let me explain:
The old celery-based startup script connected with the region using a self-generated UUID, which is how the region uniquely IDs each cluster.
Upon each cluster startup connection, the region looked at the cluster status and if it's unknown, it says "go away for now but I may let you in later", and a new cluster is flagged for the admin to accept or not. If it's known, then the cluster connection is either accepted or rejected depending on what the admin previously did. If it's accepted, the secrets are sent back to the cluster so it can complete the (secure) connection.
If this process has gone manual for RPC style, then I consider this a regression that needs to be fixed. The admin should not need to know any secrets, it was designed to be easy to use and automatic.