[enhacement] SSL doesn't work for inter-controller communication

Bug #1777712 reported by Patrick Desnoyers on 2018-06-19
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Undecided
Unassigned

Bug Description

Version : MAAS 2.4

In rackd.conf, you can't use https:// because the name will be converted to https://[::::ffff:ipv4-IP]/MAAS/rpc and fail cert check.

See /usr/lib/python3/dist-packages/provisioningserver/rpc/clusterservice.py
line 1050 and following.

Resulting in :

Jun 18 17:46:15 inf-p-mas001 sh[558]: 2018-06-18 17:46:15 provisioningserver.rpc.clusterservice: [critical] Failed to contact region. (While requesting RPC info at b'https://[::ffff:10.10.128.1]/MAAS/rpc/').
Jun 18 17:46:15 inf-p-mas001 sh[558]: Traceback (most recent call last):
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/provisioningserver/rpc/clusterservice.py", line 1023, in _tryUpdate
Jun 18 17:46:15 inf-p-mas001 sh[558]: d = maybeDeferred(self._doUpdate).addErrback(
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/twisted/internet/defer.py", line 150, in maybeDeferred
Jun 18 17:46:15 inf-p-mas001 sh[558]: result = f(*args, **kw)
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/twisted/internet/defer.py", line 1532, in unwindGenerator
Jun 18 17:46:15 inf-p-mas001 sh[558]: return _inlineCallbacks(None, gen, Deferred())
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/twisted/internet/defer.py", line 1386, in _inlineCallbacks
Jun 18 17:46:15 inf-p-mas001 sh[558]: result = g.send(result)
Jun 18 17:46:15 inf-p-mas001 sh[558]: --- <exception caught here> ---
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/provisioningserver/rpc/clusterservice.py", line 1060, in _doUpdate
Jun 18 17:46:15 inf-p-mas001 sh[558]: info = yield self._fetch_rpc_info(info_url)
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/provisioningserver/rpc/clusterservice.py", line 1124, in _fetch_rpc_info
Jun 18 17:46:15 inf-p-mas001 sh[558]: Headers({b'User-Agent': [fullyQualifiedName(cls)]}))
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/twisted/web/client.py", line 1649, in request
Jun 18 17:46:15 inf-p-mas001 sh[558]: endpoint = self._getEndpoint(parsedURI)
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/twisted/web/client.py", line 1633, in _getEndpoint
Jun 18 17:46:15 inf-p-mas001 sh[558]: return self._endpointFactory.endpointForURI(uri)
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/twisted/web/client.py", line 1510, in endpointForURI
Jun 18 17:46:15 inf-p-mas001 sh[558]: uri.port)
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/twisted/web/client.py", line 944, in creatorForNetloc
Jun 18 17:46:15 inf-p-mas001 sh[558]: trustRoot=self._trustRoot)
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/twisted/internet/_sslverify.py", line 1289, in optionsForClientTLS
Jun 18 17:46:15 inf-p-mas001 sh[558]: return ClientTLSOptions(hostname, certificateOptions.getContext())
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/twisted/internet/_sslverify.py", line 1152, in __init__
Jun 18 17:46:15 inf-p-mas001 sh[558]: self._hostnameBytes = _idnaBytes(hostname)
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/twisted/internet/_idna.py", line 30, in _idnaBytes
Jun 18 17:46:15 inf-p-mas001 sh[558]: return idna.encode(text)
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/idna/core.py", line 355, in encode
Jun 18 17:46:15 inf-p-mas001 sh[558]: result.append(alabel(label))
Jun 18 17:46:15 inf-p-mas001 sh[558]: File "/usr/lib/python3/dist-packages/idna/core.py", line 265, in alabel
Jun 18 17:46:15 inf-p-mas001 sh[558]: raise IDNAError('The label {0} is not a valid A-label'.format(label))
Jun 18 17:46:15 inf-p-mas001 sh[558]: idna.core.IDNAError: The label b'::ffff:10' is not a valid A-label
Jun 18 17:46:15 inf-p-mas001 sh[558]:

summary: - SSL doesn't work for inter-controller communication
+ [enhacement] SSL doesn't work for inter-controller communication
Changed in maas:
status: New → Triaged
milestone: none → 2.5.0
tags: added: enhancement
tags: added: wishlist
Changed in maas:
milestone: 2.5.0 → next
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers