[Maas-devel] State of RPC registration and security #2
Reis, Christian Robottom
kiko at canonical.com
Thu Oct 9 23:56:35 UTC 2014
On Fri, Oct 10, 2014 at 12:13:31AM +0100, Gavin Panella wrote:
> it's working. Doing some brief QA with:
>
> lp:~allenap/maas/remove-cluster-register-op
> lp:~allenap/maas/remove-cluster-startup-helper (packaging)
Beautiful job. I'm building packages now and getting it deployed so I
can report back how well it works. Testing it is a bit of work for my
setup but I'll take the opportunity to do reproduction of the bugs filed
that are still incomplete.
> - When deleting a cluster, it is not disconnected from the region. This
> is not a new bug, and it's not critical.
I'm not sure what this implies. If the cluster is deleted.. what could
continue to happen if it's still connected? Would it continue to try to
work but fail? Is it not aware it's offline?
> - Using `sudo maas-provision install-shared-secret` writes the file
> root:root, 0640. We need it to be readable by MAAS, i.e. the "maas"
> user. I'm reluctant to put that kind of behaviour into upstream
> maas-provision because the user MAAS runs as is a system policy
> decision. Perhaps we could flip the setgid bit on /var/lib/maas to
> ensure that files therein are always in the maas group.
OIC. Hmm. Is there a way to find out what user the cluster will be run
as and DTRT?
> - There's still no nice way to obtain the secret from the region so that
> you can install it on the clusters:
>
> `maas-provision install-shared-secret` expects the secret hex-encoded.
> It's stored unencoded on the filesystem. Copy-n-paste from the secret
> file on the region to the prompt shown by `maas-provision ...` will
> not work.
Agreed. This is a wart that I'd like to see fixed, but let's see what
time we find next week for it.
> Please review my branches, land them, try them out, reply to this email,
> file bugs. I will work on any issues in the morning.
You rock! Thanks Gavin for sticking to it and getting the hard bits
thought out, implemented and tested. You set an inspiring standard with
this work, and I say that on the behalf of everybody who's been witness
to this.
--
Christian Robottom Reis | [+1] 612 888 4935 | http://launchpad.net/~kiko
Canonical VP Hyperscale | [+55 16] 9 9112 6430 | http://async.com.br/~kiko
More information about the Maas-devel
mailing list