MAAS

Enable native TLS support

Bug #1906328 reported by Jose Delarosa
30
This bug affects 6 people
Affects Status Importance Assigned to Milestone
MAAS
Fix Released
Wishlist
Unassigned
MAAS 3.2.0-beta5

Bug Description

It would be very beneficial to have native support for TLS encryption for the web UI in MAAS. Though a solution [0] using a reverse proxy server is available, it can be a burden or difficult to deploy and configure this proxy server as part of an automated MAAS/Juju deployments.

Even if the reverse proxy server can be added as a Juju application, it would make the most sense to just add TLS support in MAAS proper.

[0] https://maas.io/docs/ssl

Revision history for this message
Lee Trager (ltrager) wrote :

I wrote a spec up a few months ago to add SSL support to MAAS, including using MAAS as a CA. It didn't get on the roadmap but I agree it is something we should do.

https://docs.google.com/document/d/1Dt1U_lSTRg0h1_8RFfNgxcDUF71W_elSWkYMEx83tUc/edit#heading=h.oncww1139tq8

Changed in maas:
importance: Undecided → Wishlist
status: New → Triaged
Revision history for this message
Eric Stumbo (ericstumbo) wrote :

This is something that should be enabled. On a single node deployment native support would make deployments much easier over deploying another machine as the TLS LB for encrypting and decrypting. I can remember when MaaS had this built in but was removed somewhere during its lifetime.

The user should have the ability to turn this on or off depending on deployment type. For example our development and QA environment are single node machines but PROD is a HA cluster. In Prod I understand the need for external load balancers acting as a TLS encryption/decryption application but in QA or DEV it seems like extra steps for something that used to or needs to be included.

Jose Delarosa (jdelaros1)
summary: - Enable native TLS support in web UI
+ Enable native TLS support
Revision history for this message
Adam Collard (adam-collard) wrote (last edit ):

We worked on this in 3.2 - user docs at https://maas.io/docs/how-to-enable-tls-encryption#heading--how-to-use-maas-native-tls

Changed in maas:
milestone: none → 3.2.0
status: Triaged → Fix Committed
Christian Grabowski (cgrabowski)
Changed in maas:
milestone: 3.2.0 → 3.2.0-beta5
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.