[Maas-devel] State of RPC registration and security #2
Gavin Panella
gavin.panella at canonical.com
Thu Oct 9 23:13:31 UTC 2014
I think it's working. Doing some brief QA with:
lp:~allenap/maas/remove-cluster-register-op
lp:~allenap/maas/remove-cluster-startup-helper (packaging)
(Don't pay much attention to the names; they're both the end of
pipelines.)
seems to work. The cluster comes up and registers with the region okay.
There are some rough edges:
- When deleting a cluster, it is not disconnected from the region. This
is not a new bug, and it's not critical.
- Using `sudo maas-provision install-shared-secret` writes the file
root:root, 0640. We need it to be readable by MAAS, i.e. the "maas"
user. I'm reluctant to put that kind of behaviour into upstream
maas-provision because the user MAAS runs as is a system policy
decision. Perhaps we could flip the setgid bit on /var/lib/maas to
ensure that files therein are always in the maas group.
- There's still no nice way to obtain the secret from the region so that
you can install it on the clusters:
`maas-provision install-shared-secret` expects the secret hex-encoded.
It's stored unencoded on the filesystem. Copy-n-paste from the secret
file on the region to the prompt shown by `maas-provision ...` will
not work.
- /etc/init/maas-cluster-register.conf is not removed when installing
packages built from my branches. I have removed references to it in
the packaging, so I don't know what I've missed.
- Probably lots of other things.
Please review my branches, land them, try them out, reply to this email,
file bugs. I will work on any issues in the morning.
Gavin.
More information about the Maas-devel
mailing list