MAAS

MaaS Region advertises RPC endpoints based on something other than MaaS URL

Bug #1929084 reported by Matt Simmons
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Expired
Undecided
Unassigned

Bug Description

Trying to debug an issue where I'm building a secure tunnel to the Region server from the Rack server over the internet. The region server is on a 10.196.136.x/28, and has a wireguard network of 10.196.5.x/26:

    eth0: 10.196.36.132/28
    wg0: 10.196.5.193/26

I have the MaaS URL configured to:

    root@maas-poc1:/var/snap/maas# maas config
    Mode: region
    Settings:
    maas_url=http://10.196.5.193:5240/MAAS
    database_host=maas-poc1.postgres.mydomain
    database_port=5432
    database_name=maas-poc1
    database_user=myuser@maas-poc1
    database_pass=(hidden)

You can see that the URL is pointing to the IP on the wireguard interface.

When I curl the MAAS/rpc/ interface, though, the endpoints being advertised are for the eth0 network:

    # note that I'm connecting to the wireguard IP)
    # curl http://10.196.5.193:5240/MAAS/rpc/ 2>/dev/null | jq
    {
      "eventloops": {
        "maas-poc1:pid=12057": [
          [
            "10.196.36.132",
            5253
          ]
        ],
        "maas-poc1:pid=12058": [
          [
            "10.196.36.132",
            5252
          ]
        ],
        "maas-poc1:pid=12059": [
          [
            "10.196.36.132",
            5251
          ]
        ],
        "maas-poc1:pid=12060": [
          [
            "10.196.36.132",
            5250
          ]
        ]
      }
    }

I haven't been able to tell for certain if this is related to a getHost() in a Twisted call or not yet, but it seems likely that something in the backend RPC code is looking at either the hostname or just the IP on the default route. I wanted to get this in front of the people who were more familiar with the system than I am.

I am assuming this is unintended behavior, but if I'm doing something wrong, please let me know.

Thanks!

--Matt

Tags: regiond rpc
Revision history for this message
Alberto Donato (ack) wrote :

the MAAS URL is intended as the public-facing endpoint for talking to MAAS (via UI/API).

The regions advertise all of their IPs to racks so that they can figure out which IPs they can use to connect to regions.
Not all region IPs need to be reachable from each rack.

Are you seeing an actual issue with your setup?

Changed in maas:
status: New → Incomplete
Revision history for this message
Matt Simmons (standalonesa) wrote :

The issue is that the rack can only reach the region on the 10.196.5.x network, and that network is not advertised as an RPC endpoint.

Björn Tillenius (bjornt)
Changed in maas:
status: Incomplete → New
Revision history for this message
Björn Tillenius (bjornt) wrote :

maas_url is indeed intended to be the public facing address for the whole MAAS cluster. So the rack will use that to get /MAAS/rcp/ to get the the addresses for each individual region controller, so that the rack can connect to all of the region controllers, and not only one.

So, respecting maas_url won't work, because all of the region controllers would have the same IP.

But, the region should listen to all the interface, and advertise them. So the issue there is that the region doesn't listen on the wg0 interface.

Can you please provide the output for the 50-maas-01-commissioning commissioning script?

Also, how do you set up the wireguard tunnel?

Are you setting it up after MAAS is started? In that case, try restarting the region controller.

Changed in maas:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for MAAS because there has been no activity for 60 days.]

Changed in maas:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.