[13:10] <mup> Bug #1777443 opened: Got 500 http error when using MAAS Api <MAAS:New> <https://launchpad.net/bugs/1777443>
[18:46] <PatrickD_> Hi, trying to get MAAS HA working, with SSL. But it looks like the address is converted to ipv6 and used in the URL (https://[::ffff:10.10.10.10]/MAAS/) which fails because the cert is not valid. Any idea ?
[18:48] <roaksoax> PatrickD_: https://docs.maas.io/2.4/en/installconfig-network-ssl
[18:51] <PatrickD_> yes, I did that. But when accessing the interface, rackd tries to connect to the API using https://[ipv6]/MAAS/rpc and fails the cert check.
[18:51] <roaksoax> PatrickD_: what's maas_url on rackd.conf ?
[18:52] <PatrickD_> https://domain.name/MAAS
[18:53] <roaksoax> PatrickD_: that's probably because domain.name is resolving to the IPv6?
[18:54] <PatrickD_> no it doesn't. It resolves to ipv4 only. in rpc/clusterservice.py it looks like it transfers the name to IP (v6). ~line 1043
[18:56] <roaksoax> PatrickD_: does the region have any IPv6 address ?
[18:57] <PatrickD_> link local
[18:57] <PatrickD_> no, only loopback
[18:59] <roaksoax> PatrickD_: oh so maas uses: [::ffff:10.10.10.10]
[18:59] <roaksoax> PatrickD_: that's fine
[18:59] <roaksoax> PatrickD_: that's expected
[18:59] <roaksoax> that doesn't mean we are using ipv6, but for maas to support Ipv6 we need to do that
[19:00] <PatrickD_> So how it is supposed to check the cert validity using https://[::::ffff:10.10.10.10]/MAAS/rpc ?
[19:01] <roaksoax> PatrickD_: you are welcome to file a bug on that, although, we currently only support ssl for front-facing users and not inter-controller communication
[19:01] <roaksoax> PatrickD_: but please do file abug
[19:04] <PatrickD_> Ah, I see :) Makes sense now. We will file a bug. It means we will need 2 IPs for API. 1 for inter-controller and 1 for front-facing, with redirection of 80 to 443.
[19:10] <roaksoax> PatrickD_: yeah, so for inter-rack communication it would seem we would just have to use the domain instead of changing as you described
[19:12] <PatrickD_> We will file the bug tomorrow :) Thanks for your help ! (And thanks for MAAS too ;)