[Bug 1352923] [NEW] MAAS 1.5 requires arbitrary high-numbered port connections between cluster and region controllers

Nick Moffitt nick.moffitt at canonical.com
Tue Aug 5 14:32:30 UTC 2014 

Public bug reported:

MAAS's separation of regions and clusters allows network admins to
centralise policy and interface while erecting management presence in
isolated networks.  This feature is most useful in situations where the
firewall policy walls off clusters more strictly.

MAAS 1.5 seems to require that the cluster controllers call back to the
region controller via arbitrary high-numbered ports.  I checked our
installation and could not find any specification of whcih ports in the
code or our local configuration, and only spotted them because our
firewall denied this traffic and caused node commissioning to fail.

I'm not familiar enough with twisted or the MAAS source enough to work
out why this is, but I suspected there were no defined ports when I
found the comment here:

    http://bazaar.launchpad.net/~maas-
maintainers/maas/1.5/view/head:/src/maasserver/rpc/regionservice.py#L177

            """Start listening on an ephemeral port."""

Unfortunately the exact situation that makes splitting out your cluster
controllers attractive is going to make this behaviour a deal-breaker.
Getting all unprivileged ports opened on a firewall is not something to
be done lightly.

I do not believe that MAAS 1.4 exhibited this behaviour.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: maas (not installed)
ProcVersionSignature: Ubuntu 3.13.0-32.57-generic 3.13.11.4
Uname: Linux 3.13.0-32-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.3
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Aug  5 15:24:02 2014
InstallationDate: Installed on 2014-05-29 (67 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: maas
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: maas (Ubuntu)
     Importance: Undecided
         Status: Confirmed


** Tags: amd64 apport-bug canonical-is trusty

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1352923

Title:
  MAAS 1.5 requires arbitrary high-numbered port connections between
  cluster and region controllers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1352923/+subscriptions

More information about the Ubuntu-server-bugs mailing list