=== frankban|afk is now known as frankban [13:10] Bug #1777443 opened: Got 500 http error when using MAAS Api === frankban is now known as frankban|afk [18:46] Hi, trying to get MAAS HA working, with SSL. But it looks like the address is converted to ipv6 and used in the URL (https://[::ffff:10.10.10.10]/MAAS/) which fails because the cert is not valid. Any idea ? [18:48] PatrickD_: https://docs.maas.io/2.4/en/installconfig-network-ssl [18:51] yes, I did that. But when accessing the interface, rackd tries to connect to the API using https://[ipv6]/MAAS/rpc and fails the cert check. [18:51] PatrickD_: what's maas_url on rackd.conf ? [18:52] https://domain.name/MAAS [18:53] PatrickD_: that's probably because domain.name is resolving to the IPv6? [18:54] no it doesn't. It resolves to ipv4 only. in rpc/clusterservice.py it looks like it transfers the name to IP (v6). ~line 1043 [18:56] PatrickD_: does the region have any IPv6 address ? [18:57] link local [18:57] no, only loopback [18:59] PatrickD_: oh so maas uses: [::ffff:10.10.10.10] [18:59] PatrickD_: that's fine [18:59] PatrickD_: that's expected [18:59] that doesn't mean we are using ipv6, but for maas to support Ipv6 we need to do that [19:00] So how it is supposed to check the cert validity using https://[::::ffff:10.10.10.10]/MAAS/rpc ? [19:01] PatrickD_: you are welcome to file a bug on that, although, we currently only support ssl for front-facing users and not inter-controller communication [19:01] PatrickD_: but please do file abug [19:04] Ah, I see :) Makes sense now. We will file a bug. It means we will need 2 IPs for API. 1 for inter-controller and 1 for front-facing, with redirection of 80 to 443. [19:10] PatrickD_: yeah, so for inter-rack communication it would seem we would just have to use the domain instead of changing as you described [19:12] We will file the bug tomorrow :) Thanks for your help ! (And thanks for MAAS too ;)