[Maas-devel] juju's private-address, DNS, MAAS and postgresql

Mon Nov 11 11:48:53 UTC 2013

On Mon, Nov 11, 2013 at 9:23 AM, Andreas Hasenack <andreas at canonical.com>wrote:

>
>>
>> http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution
>>
>> It's correct policy to have that entry, it seems.
>>
>>
> Yeah, maybe. There is also this remark:
> "For a system with a permanent IP address and a fully qualified domain
> name (FQDN) <http://en.wikipedia.org/wiki/FQDN> provided by the Domain
> Name System (DNS) <http://en.wikipedia.org/wiki/Domain_Name_System>, that
> canonical <host_name>.<domain_name> should be used instead of just
> <host_name>."
>
>
> The *feels* like a bug in PG or its charm, to me.  Having said that I
>> did suggest once that we return IPs from MAAS's API instead of hostnames
>> but that was shot down.  I can't remember why, though.  Gavin?
>>
>>
> I think it's incorrect to return the CNAME, and have it be the hostname of
> the machine. It would be like having the www.company.com host have an
> actual "www.company.com" hostname.
>
> I'll search around what other systems to when hostnames are used for
> access control, if they do the sort of lookup that postgresql does or not.
>
>
ssh also fails when you use the CNAME in the "host=" parameter in
authorized_keys:

server:
Nov 11 11:45:49 wfaxq sshd[2332]: Authentication tried for ubuntu with
correct key but not from a permitted host (host=10-0-5-103.maaslocal,
ip=10.0.5.103).
Nov 11 11:45:49 wfaxq sshd[2332]: Connection closed by 10.0.5.103 [preauth]

/home/ubuntu/.ssh/authorized_keys:
from="k8q9m.maaslocal" ssh-rsa AAAAB3NzaC1yc2EA...

root at wfaxq:~# host k8q9m.maaslocal
k8q9m.maaslocal is an alias for 10-0-5-103.maaslocal.
10-0-5-103.maaslocal has address 10.0.5.103

That's exactly what happened with postgresql.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/maas-devel/attachments/20131111/06a206e9/attachment.html>