| === frankban|afk is now known as frankban | ||
| mup | Bug #1777443 opened: Got 500 http error when using MAAS Api <MAAS:New> <https://launchpad.net/bugs/1777443> | 13:10 |
|---|---|---|
| === frankban is now known as frankban|afk | ||
| PatrickD_ | Hi, trying to get MAAS HA working, with SSL. But it looks like the address is converted to ipv6 and used in the URL (https://[::ffff:10.10.10.10]/MAAS/) which fails because the cert is not valid. Any idea ? | 18:46 |
| roaksoax | PatrickD_: https://docs.maas.io/2.4/en/installconfig-network-ssl | 18:48 |
| PatrickD_ | yes, I did that. But when accessing the interface, rackd tries to connect to the API using https://[ipv6]/MAAS/rpc and fails the cert check. | 18:51 |
| roaksoax | PatrickD_: what's maas_url on rackd.conf ? | 18:51 |
| PatrickD_ | https://domain.name/MAAS | 18:52 |
| roaksoax | PatrickD_: that's probably because domain.name is resolving to the IPv6? | 18:53 |
| PatrickD_ | no it doesn't. It resolves to ipv4 only. in rpc/clusterservice.py it looks like it transfers the name to IP (v6). ~line 1043 | 18:54 |
| roaksoax | PatrickD_: does the region have any IPv6 address ? | 18:56 |
| PatrickD_ | link local | 18:57 |
| PatrickD_ | no, only loopback | 18:57 |
| roaksoax | PatrickD_: oh so maas uses: [::ffff:10.10.10.10] | 18:59 |
| roaksoax | PatrickD_: that's fine | 18:59 |
| roaksoax | PatrickD_: that's expected | 18:59 |
| roaksoax | that doesn't mean we are using ipv6, but for maas to support Ipv6 we need to do that | 18:59 |
| PatrickD_ | So how it is supposed to check the cert validity using https://[::::ffff:10.10.10.10]/MAAS/rpc ? | 19:00 |
| roaksoax | PatrickD_: you are welcome to file a bug on that, although, we currently only support ssl for front-facing users and not inter-controller communication | 19:01 |
| roaksoax | PatrickD_: but please do file abug | 19:01 |
| PatrickD_ | Ah, I see :) Makes sense now. We will file a bug. It means we will need 2 IPs for API. 1 for inter-controller and 1 for front-facing, with redirection of 80 to 443. | 19:04 |
| roaksoax | PatrickD_: yeah, so for inter-rack communication it would seem we would just have to use the domain instead of changing as you described | 19:10 |
| PatrickD_ | We will file the bug tomorrow :) Thanks for your help ! (And thanks for MAAS too ;) | 19:12 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!