No support for adding custom certificate chains
Bug #1517180 reported by
Mike McCracken
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Invalid
|
Low
|
Unassigned | ||
cloud-init |
Expired
|
Wishlist
|
Unassigned | ||
curtin |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
In a MAAS behind a proxy that uses a self-signed certificate, when machines provisioned using maas attempt to contact e.g. https:/
Suggested solution borrowed from an email from kirkland:
On the MAAS administrative configuration page, we should add a small
section where the MAAS admin can copy/paste/edit any certificate
chains that they want to add to machines provisioned by MAAS. These
certs should then be inserted into /etc/ssl/certs by cloud-init or
curtin on initial install (depending on the earliest point at which
the cert might be needed).
Changed in maas: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
milestone: | none → next |
tags: | added: cpe-onsite |
Changed in maas: | |
status: | Invalid → New |
To post a comment you must log in.
This is probably more useful in curtin, but I could see it being useful in cloud-init as well.
I expect this is more useful in curtin long-term, since those deploying in an environment with its own PKI infrastructure will be the primary users of this feature.
Having this in cloud-init would be good in case the certificates are needed during commissioning (i.e. to reach a TLS-protected MAAS URL), but I see that as lower priority.
Bottom line: for us to consider adding this feature to MAAS, it will probably need to be available in curtin first.