[Bug 1304613] [NEW] nodes can't get out to the internet beyond the maas server by default

Jeff Lane jeffrey.lane at canonical.com
Tue Apr 8 19:16:57 UTC 2014 

Public bug reported:

by default, there's no way for a node started by maas to talk to the
internet.   There is also no way on the maas dashboard that I can see
that allows me to control this sort of network behaviour either.

For now, we are using a shell script to start NAT rules in iptables so
that a node can actually talk to the internet.

Scenario one:

node commissioned and started, uses d-i to do a basic install.  This
works fine however, if you have the pressed do something like add a PPA
for some different packages during late_command, you can never complete
installation because add-apt-repository can't talk to the outside.  And
if you add the repo manually, I do not believe you can actually pull the
packages from ppa.launchpad.net.

Scenario two:
node commissioned and started, using fast-path install.  After fast-path is done and note reboots, you ssh into the node and want to add the PPA manually and install packages.  This is impossible because again, add-apt-repository fails to get stuff from launchpad.net.

Solution to both, for now, is to set up NAT with the following rules:

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
/sbin/iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: maas 1.5+bzr2227-0ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-23.45-generic 3.13.8
Uname: Linux 3.13.0-23-generic x86_64
ApportVersion: 2.14.1-0ubuntu1
Architecture: amd64
Date: Tue Apr  8 15:11:12 2014
InstallationDate: Installed on 2014-01-13 (85 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140113)
PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: maas
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: maas (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1304613

Title:
  nodes can't get out to the internet beyond the maas server by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1304613/+subscriptions

More information about the Ubuntu-server-bugs mailing list