MAAS

The region controller assumes the first cluster to connect is the "local" cluster

Bug #1104215 reported by Raphaël Badin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Fix Released
Critical
Raphaël Badin
1.2
Fix Released
Critical
Raphaël Badin
MAAS 12.10-stabilization

Bug Description

The first cluster controller to connect to the region is assumed to be the local (i.e. running on the same machine as the region) cluster controller. It is automatically accepted and the hostname sent to the nodes handled by this cluster will be the one used by the region controller itself.

Two problems:
- accepting a remote cluster is a security risk
- if the first cluster to connect is not the one installed alongside the region (i.e. if "maas-region-controller" is installed separately and a cluster controller is installed on another machine), the pxe config information sent by this cluster to the nodes will contain a wrong address (it will contain the address of the region controller).

Either we fix these 2 problems or we force the installation of a cluster controller alongside the region controller (i.e. we make 'maas-region-controller' depend on 'maas-cluster-controller').

See original description

Related branches

lp:~rvb/maas/bug-1104215
Gavin Panella (community): Approve
Diff: 219 lines (+103/-3)
5 files modified
src/maas/settings.py (+5/-0)
src/maasserver/api.py (+16/-2)
src/maasserver/tests/test_api.py (+32/-1)
src/maasserver/utils/__init__.py (+23/-0)
src/maasserver/utils/tests/test_utils.py (+27/-0)
lp:~rvb/maas/bug-1104215-1.2
Raphaël Badin (community): Approve
Diff: 219 lines (+103/-3)
5 files modified
src/maas/settings.py (+5/-0)
src/maasserver/api.py (+16/-2)
src/maasserver/tests/test_api.py (+32/-1)
src/maasserver/utils/__init__.py (+23/-0)
src/maasserver/utils/tests/test_utils.py (+27/-0)
Revision history for this message
Raphaël Badin (rvb) wrote :

More info here: https://bugs.launchpad.net/maas/+bug/1103195/comments/3

Revision history for this message
Gavin Panella (allenap) wrote :

Also see: https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1103195/comments/8
and: https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1103195/comments/9

Revision history for this message
Gavin Panella (allenap) wrote :

> > To ensure that we accept as "master" only the cluster controller
> > on the local machine, can the region compare the UUID it's given
> > against the UUID it can see on the filesystem?
>
> A simpler way (which we already use to know if we need to update
> nodegroup.maas_url or not when a cluster connects) is to see if the
> cluster connects from 'localhost' or a remote host.

Is nodegroup.maas_url the URL that the cluster uses to talk to the
region? I can't remember the reason we don't update maas_url if the
cluster connects from localhost.

Also, connecting from localhost is a very weak form of authentication.
Presumably the cluster UUID is protected by filesystem permissions,
and so gives us a stronger way to verify the cluster.

Revision history for this message
Julian Edwards (julian-edwards) wrote :

I'm good with Gavin's suggestion here.

Changed in maas:
importance: Undecided → Critical
assignee: nobody → Raphaël Badin (rvb)
Revision history for this message
Julian Edwards (julian-edwards) wrote :

And I forgot to say, I think that matching on connections from localhost would be a massive security hole, so let's not do that :)

Raphaël Badin (rvb)
description: updated
Raphaël Badin (rvb)
Changed in maas:
status: Triaged → In Progress
Raphaël Badin (rvb)
Changed in maas:
status: In Progress → Fix Committed
Julian Edwards (julian-edwards)
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.