Ability to delay maas-*-controller configuration, until after install

Bug #1764991 reported by Dimitri John Ledkov
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
livecd-rootfs (Ubuntu)
Undecided
Unassigned
maas (Ubuntu)
Undecided
Unassigned

Bug Description

Subiquity is adding offline installation of capability, using livecd-rootfs squashfs that are generated in launchpad and shipped on the ISO.

These squashfsi have maas-rack-controller or maas meta-packages pre-installed.

Upon install, the contents of these are copied to target disk, and customized.

However, currently, this yields to the awkward situation that all MAASes installed this way, have identical secret / db password / uuid, which is not nice.

One option is for me to undo, all the things that maas-*-controller.postinst did at the end of squashfs generation. And then in post-install execute dpkg-reconfigure to complete initialisation of all the uuids / random passwords / etc.

I fear that "undoing" all the config changes myself, in livecd-rootfs, might be fragile, and may lag any changes that are done to in .postinst. Thus I wonder, if maas would be open to support a "dpkg-reconfigure later" mode.

Something like being sensitive to a stamp file [ ! -f /run/maas-no-configure ] and if that is true, not initialize dbconfig database, not generate db passwords, and so on.

Is this something maas packaging is willing to support? and I can work on providing such a matching change to the postinst & livecd-rootfs.

maas-rack-controller.postinst assesment:
* configure_logging is harmless
* configure_libdir is harmless
* configure_maas_url is harmless
  - debconf maas-url is not set
  - should be done at subiquity config time
* maas-rack upgrade-cluster
  - TODO not sure what that does on first install
  - It looks like "ugprade hooks"
  - I hope these are not doing anything on first-install (as in, these do not double up as initialisation, and are not UUID specific)
* configure_cluster_uuid
  - should be short-circuited
  - should be done at subiquity config time
* configure_cluster_authbind seems harmless
* upgrade_from_cluster_controller is harmless
* configure_shared_secret is harmless
  - debconf shard-secret is not set
  - should be done at subiquity config time

livecd-rootfs minimal action - drop /etc/maas/rackd.conf

maas-region-controller.postinst assesment:

* configure_mass_default_url maas/default-maas-url
  - may potentially be troublesome, as may encode networking details of the livecd-rootfs machine
  - should be short-circuited
  - should be done at subiquity config time
* dbc_go maas-region-controller
  ... and sync_migrate_db / configure_migrate_maas_dns
  ... and local_config_set
  - should be short-circuited
  - should be done at subiquity config time
* maas/username
  - mostly harmless
  - should be short-circuited
  - should be done at subiquity config time

livecd-rootfs minimal action
  - undo dbconfig-common, eg. purge for maas-region-controller?
  - drop database
  - drop database user
  - maas-region local_config_reset
  - drop secret, if any
  - drop uuid, if any
  - drop /etc/maas/regiond.conf

description: updated
description: updated
description: updated
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package livecd-rootfs - 2.524

---------------
livecd-rootfs (2.524) bionic; urgency=medium

  * Ensure MAAS squashfsi are clean of passwords. LP: #1764991.

livecd-rootfs (2.523) bionic; urgency=medium

  * Allow the configuration of model assertions independent of preseeding
    snaps.
  * Allow non-generic model assertions to be configured.
  * Don't include the name of the model assertion in the path we write it out
    to (LP: #1764541).

 -- Dimitri John Ledkov <email address hidden> Thu, 19 Apr 2018 21:23:30 +0100

Changed in livecd-rootfs (Ubuntu):
status: New → Fix Released
Changed in maas (Ubuntu):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers