MAAS 3.1 has been released. Find out what’s new in 3.1.

How to manage networks

You can easily manage the basic networking elements of MAAS, including subnets, fabrics, VLANs, spaces, IP ranges, machine interfaces, and proxies. This section shows how to access and edit these elements.

This article will help you learn:

How to manage MAAS network elements

This section will show you:

How to enable network discovery

Network discovery can be disabled or re-enabled using the switch on the Network discovery dashboard.

To enable network discovery, enter the following at the command line:

maas $PROFILE maas set-config name=network_discovery value="enabled"

If successful, you should receive output similar to:

Success.
Machine-readable output follows:
OK

Network discovery can be disabled or re-enabled at any time with this CLI command.

How to toggle subnet management

To disable (or re-enable) subnet management, use the following procedure:

  1. Navigate to the ‘Subnets’ page and select the subnet.

  2. Press the ‘Edit’ button to allow changes; the ‘Managed allocation’ field will become a slide switch.

  3. Click the label (or the switch icon itself) to toggle between enabled (dark blue) and disabled (grey).

  4. Click ‘Save summary’.

The following screenshot illustrates this process.

How to access the main networking view

To access the main networking view visit the ‘Subnets’ page:

This main view can also be filtered either by fabrics or by spaces through the use of the ‘Group by’ drop-down.

To enable or disable subnet management:

maas $PROFILE subnet update $SUBNET_CIDR managed=false|true

For example, to disable subnet management:

maas $PROFILE subnet update 192.168.1.0/24 managed=false

You can use the subnets ID in place of the CIDR address.

How to determine fabric ID

To determine a fabric ID based on a subnet address:

FABRIC_ID=$(maas $PROFILE subnet read $SUBNET_CIDR \
    | grep fabric | cut -d ' ' -f 10 | cut -d '"' -f 2)

This may come in handy when you need a fabric ID for other CLI calls.

How to set a default gateway

To set the default gateway for a subnet:

maas $PROFILE subnet update $SUBNET_CIDR gateway_ip=$MY_GATEWAY

How to set a DNS server

To set the DNS server for a subnet:

maas $PROFILE subnet update $SUBNET_CIDR dns_servers=$MY_NAME SERVER

How to list available subnets

To view the list of available subnets, enter the following command:

maas admin subnets read | \
jq -r '(["FABRIC", "VLAN", "DHCP", "SUBNET"]
| (., map(length*"-"))),
(.[] | [.vlan.fabric, .vlan.name, .vlan.dhcp_on, .cidr])
| @tsv' \
| column -t

which produces output something like this:

FABRIC        VLAN      DHCP       SUBNET
------        ----      ---------  ------
Patient-Care  untagged  true       192.168.123.0/24
fabric-0      untagged  false      0.0.0.0/0
fabric-0      untagged  false      10.0.0.0/24
fabric-1      untagged  false      10.70.132.0/24
fabric-1      untagged  false      fd42:8b52:7114:9ef8::/64
fabric-3      untagged  true       192.168.43.0/24
fabric-3      untagged  true       2600:100d:b125:d5e9::/64
fabric-3      untagged  true       2600:100d:b120:3933::/64
fabric-3      untagged  true       2600:100d:b109:dee0::/64
fabric-3      untagged  true       2600:100d:b104:94c0::/64

How to display the subnet window

Clicking a subnet (here 192.168.100.0/24) will display its detail screen, which contains several sections, described below.

How to view the subnet summary

The Subnet summary section is the largest and most complex of the subnet configuration screens:

This screen presents the following configurable options:

  • Name: Subnet names can be any valid text string. By default, they are named with the CIDR of the subnet itself.

  • CIDR: This is the address parameter for the subnet. In keeping with standard CIDR notation, the number of bits of the prefix are indicated after the slash.

  • Gateway IP: This is the address of the default gateway for your subnet, which is the IP address that transfers packets to other subnets or networks. Typically, this is simply the first IP address in a block of addresses (the .1 address).

  • DNS: This is the address of a DNS (domain name server, or simply “name server”) for your subnet. It’s optional, but can be configured if desired.

  • Description: This field represents free form text that you can enter to describe your subnet, as needed to keep important notes attached to the definition of the subnet.

  • Managed allocation refers to the ability of MAAS to completely manage a subnet.

  • Active mapping instructs MAAS to scan the subnet every 3 hours to discover hosts that have not been discovered passively.

  • Proxy access instructs MAAS to allow clients from this subnet to access the MAAS proxy.

  • Allow DNS resolution allows subnet clients to use MAAS for DNS resolution.

  • Fabric: This field allows you to set the subnets fabric.

  • VLAN: This field allows you to set the subnets VLAN.

  • Space is presented for clarity, though spaces are managed at the VLAN level.

How to view utilisation

This section of the subnet page presents metrics regarding address usage by this subnet.

‘Subnet addresses’ shows the total number of addresses associated with the subnet, here 254. ‘Availability’ shows how many of those addresses are unused, and therefore “available”, here 189, which corresponds to a percentage of roughly 74% of the total. Finally, ‘Used’ shows the percentage that is used, here roughly 26%.

How to view subnet details

You can view the details of an individual subnet with the command:

maas $PROFILE subnet read $SUBNET_ID \
| jq -r '(["NAME","CIDR","GATEWAY","DNS","DISCOVERY","FABRIC","VLAN"]
| (., map(length*"-"))), ([.name,.cidr,.gateway_ip // "-", .allow_dns,.active_discovery,.vlan.name,.vlan.fabric]) | @tsv' | column -t

This command retrieves output similar to this:

NAME              CIDR              GATEWAY  DNS   DISCOVERY  FABRIC    VLAN
----              ----              -------  ---   ---------  ------    ----
192.168.123.0/24  192.168.123.0/24  -        true  false      untagged  default

If you don’t know the subnet ID, you can look it up like this:

maas $PROFILE subnets read \
| jq -r '(["NAME", "SUBNET_ID"]
| (., map(length*"-"))), (.[] | [.name, .id]) | @tsv' \
| column -t | grep $SUBNET_NAME

For example, if you’re using the “admin” profile, and your subnet name contains “192.168.123,” you could find the subnet ID with this command:

maas admin subnets read \
| jq -r '(["NAME", "SUBNET_ID"]
| (., map(length*"-"))), (.[] | [.name, .id]) | @tsv' \
| column -t | grep 192.168.123

How to manage static routes between subnets

To create a static route:

  1. Click the ‘Add static route’ button to reveal the edit pane.

  2. Enter a Gateway IP address.

  3. Select a destination subnet from the ‘Destination’ drop-down list.

  4. Edit the routing metric value if needed.

  5. Click ‘Add’ to activate the route.

Routes can be edited and removed using the icons to the right of each entry.

To create a static route between two subnets, use the following command:

maas admin static-routes create source=$SOURCE_SUBNET destination=$DEST_SUBNET \
gateway_ip=$GATEWAY_IP

How to view reserved ranges

The reserved ranges section of the subnet screen looks like this:

More details and instructions regarding these ranges can be found in IP ranges.

How to view used IP addresses

This section displays hosts (including controllers) associated with the used addresses along with related bits of host information.

How to set up a bridge with MAAS

At various times in your MAAS network, you may need to set up a bridge to connect between your machines and MAAS, as shown in this section.

It’s essential to enforce usage of IP addresses to avoid domain name conflicts, should different controllers resolve the same domain name with different IP addresses. You should also avoid using 127.0.0.1 when running multiple controllers, as it would confuse MAAS.

To configure a bridge with the MAAS UI:

  1. Select the machine you want to bridge.

  2. Switch to the “Network” tab.

  3. Select the network where you want to create the bridge and click “Create bridge:”

  1. Configure the bridge on a subnet MAAS controls (you may use any IP mode for the bridge):

When you’re done, it should look something like this:

Then you can deploy machines using this bridge.

NOTE that you can create an “Open switch” bridge if desired, and MAAS will create the netplan model for you.

You can use the MAAS CLI/API to configure a bridge via the following procedure:

  1. Select the interface on which you wish to configure the bridge. This example uses the boot interface, since the boot interface must be connected to a MAAS controlled network – but any interface is allowed:

     INTERFACE_ID=$(maas $PROFILE machine read $SYSTEM_ID | jq .boot_interface.id)
    
  2. Create the bridge:

      BRIDGE_ID=$(maas $PROFILE interfaces create-bridge $SYSTEM_ID name=br0 parent=$INTERFACE_ID | jq .id)
    
  3. Select the subnet where you want the bridge (this should be a MAAS controlled subnet):

     SUBNET_ID=$(maas $PROFILE subnets read | jq -r '.[] | select(.cidr == "10.0.0.0/24" and .managed == true).id')
    
  4. Connect the bridge to the subnet:

       maas $PROFILE interface link-subnet $SYSTEM_ID $BRIDGE_ID subnet=$SUBNET_ID mode="STATIC" ip_address="10.0.0.101"
    

How to set up a bridge with netplan

You can also use netplan to configure a bridge:

  1. Open your netplan configuration file. This should be in /etc/netplan. It could be called 50-cloud-init.yaml, netplan.yaml, or something else.

  2. Modify the file to add a bridge, using the following example as a guide:

network:
    bridges:
        br0:
            addresses:
            - 10.0.0.101/24
            gateway4: 10.0.0.1
            interfaces:
            - enp1s0
            mac address: 52:54:00:39:9d:f9
            mtu: 1500
            name servers:
                addresses:
                - 10.0.0.2
                search:
                - maas
            parameters:
                forward-delay: 15
                stp: false
    Ethernet's:
        enp1s0:
            match:
                mac address: 52:54:00:39:9d:f9
            mtu: 1500
            set-name: enp1s0
        enp2s0:
            match:
                mac address: 52:54:00:df:87:ac
            mtu: 1500
            set-name: enp2s0
        enp3s0:
            match:
                mac address: 52:54:00:a7:ac:46
            mtu: 1500
            set-name: enp3s0
    version: 2
  1. Apply the new configuration with netplan apply.
    zork

    How to manage machine interfaces

This section will explain the following procedures related to machine interfaces:

How to edit machine interfaces

From a machine’s “Interfaces” page, click the menu icon for the interface to be edited and select “Edit Physical” from the resulting menu:

The following window will appear:

Four modes determine how a subnet address is assigned when MAAS deploys the machine. You can select one of these modes by clicking on the “IP mode” drop-down menu.

  • Auto assign: MAAS will assign a random static address (iface eth0 inet static). The pool of available addresses depends on whether the subnet is managed or unmanaged (see Subnet management).

  • Static assign: The administrator will specify a static address using a secondary field.

  • DHCP: The machine leases a dynamic IP address, via either MAAS-managed DHCP or an external DHCP server.

  • Unconfigured: The interface is not configured.

Press the “Save” button to apply the changes.

If you want to edit the IP assignment mode of a network interface, the existing subnet link first needs to be removed.

Begin by finding the interface ID as well as the interface’s subnet link ID with the command:

maas $PROFILE node read $SYSTEM_ID

Once that’s done, proceed to unlink and link:

maas $PROFILE interface unlink-subnet $SYSTEM_ID $INTERFACE_ID id=$SUBNET_LINK_ID
maas $PROFILE interface link-subnet $SYSTEM_ID $INTERFACE_ID mode=$IP_MODE subnet=$SUBNET_CIDR [$OPTIONS]

For instance, to have interface 58, with subnet link 146, on machine exqn37 use DHCP on subnet 192.168.1.0/24:

maas $PROFILE interface unlink-subnet exqn37 58 id=146
maas $PROFILE interface link-subnet exqn37 58 mode=dhcp subnet=192.168.1.0/24

If instead of DHCP, you desire a static address, then the second command would look like this:

maas $PROFILE interface link-subnet exqn37 58 mode=static subnet=192.168.1.0/24 ip_address=192.168.1.113

See Concepts and terms for the definitions of reserved range types.

How to create a bond interface

A bond is created by selecting more than one interface and clicking the now-active “Create bond” button:

After clicking the “Create bond” button, the bond configuration pane will appear.

From the bond configuration pane, you can rename the bond, select a bond mode (see below), assign a MAC address to the aggregate device and attach one or more tags.

The interfaces aggregated into the bond interface are listed below the “Tags” field. Use the “Primary” column to select the interface to act as the primary device.

You can select from the following bonding modes on the “Bond mode” drop-down menu:

  • balance-rr: Transmit packets in sequential order from the first available slave through to the last. This mode provides load balancing and fault tolerance.

  • active-backup: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond’s MAC address is externally visible on only one port (network adaptor) to avoid confusing the switch.

  • balance-xor: Transmit based on the selected transmit hash policy. The default policy is simple, which means that an XOR operation selects packages. This XOR compares the source MAC address and the resultant XOR between the destination MAC address, the packet type identifier, and the modulo slave count.

  • broadcast: Transmit everything on all slave interfaces. This mode provides fault tolerance.

  • 802.3ad: Creates aggregation groups that share the same speed and duplex settings. This mode utilises all slaves in the active aggregation, following the IEEE 802.3ad specification.

  • balance-tlb: Adaptive transmit load balancing, channel bonding that does not require any special switch support.

  • balance-alb: Adaptive load balancing, includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic. This mode does not require any special switch support. ARP negotiation achieves load balancing in this case.

Press the “Save” button when you’re done.

The MAC address defaults to the MAC address of the primary interface.

A bond can be created with the following command:

maas $PROFILE interfaces create-bond $SYSTEM_ID name=$BOND_NAME \
parents=$IFACE1_ID mac_address=$MAC_ADDR \ 
parents=$IFACE2_ID bond_mode=$BOND_MODE \
bond_updelay=$BOND_UP bond_downdelay=$BOND_DOWN mtu=$MTU

Use the parents parameters to define which interfaces form the aggregate interface.

The bond_updelay and bond_downdelay parameters specify the number of milliseconds to wait before either enabling or disabling a slave after a failure has been detected.

The following is an example of create-bond in action:

maas admin interfaces create-bond 4efwb4 name=bond0 parents=4 \
mac_address=52:52:00:00:00:00 parents=15 bond_mode=802.3ad \
bond_updelay=200 bond_downdelay=200 mtu=9000

There are a wide range of bond parameters you can choose when creating a bond:

Parameter Type and description
mac_address Optional string. MAC address of the interface.
tags Optional string. Tags for the interface.
vlan Optional string. VLAN the interface is connected to. If not provided then the interface is considered disconnected.
parents Required integer. Parent interface ids that make this bond.
bond_miimon Optional integer. The link monitoring frequency in milliseconds. (Default: 100).
bond_downdelay Optional integer. Specifies the time, in milliseconds, to wait before disabling a slave after a link failure has been detected.
bond_updelay Optional integer. Specifies the time, in milliseconds, to wait before enabling a slave after a link recovery has been detected.
bond_lacp_rate Optional string. Option specifying the rate at which to ask the link partner to transmit LACPDU packets in 802.3ad mode. Available options are fast or slow. (Default: slow).
bond_xmit_hash_policy Optional string. The transmit hash policy to use for slave selection in balance-xor, 802.3ad, and tlb modes. Possible values are: layer2, layer2+3, layer3+4, encap2+3, encap3+4. (Default: layer2)
bond_num_grat_arp Optional integer. The number of peer notifications (IPv4 ARP or IPv6 Neighbour Advertisements) to be issued after a failover. (Default: 1)
mtu Optional integer. Maximum transmission unit.
accept_ra Optional Boolean. Accept router advertisements. (IPv6 only)
autoconf Optional Boolean. Perform stateless autoconfiguration. (IPv6 only)
bond_mode Optional string. The operating mode of the bond. (Default: active-backup).

Supported bonding modes include:

Mode Behaviour
balance-rr: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.
active-backup Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond’s MAC address is externally visible on only one port (network adaptor) to avoid confusing the switch.
balance-xor Transmit based on the selected transmit hash policy. The default policy is a simple [(source MAC address XOR’d with destination MAC address XOR packet type ID) modulo slave count].
broadcast Transmits everything on all slave interfaces. This mode provides fault tolerance.
802.3ad IEEE 802.3ad dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Uses all slaves in the active aggregator according to the 802.3ad specification.
balance-tlb Adaptive transmit load balancing: channel bonding that does not require any special switch support.
balance-alb Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation.

How to create a bridge interface

Press the “Save” button when you’re done.

Please use the UI interface to create a bridge interface. Select the “UI” dropdown above to see how.

How to delete an interface

An interface can only be deleted via the MAAS CLI. Choose the “CLI” dropdown above to see how.

A bridge interface is created with the following syntax:

maas $PROFILE interfaces create-bridge $SYSTEM_ID name=$BRIDGE_NAME \
parent=$IFACE_ID

Use parent to define the primary interface used for the bridge:

maas admin interfaces create-bridge 4efwb4 name=bridged0 parent=4

The following parameters may be applied when creating a bridge:

  • name: Optional string. Name of the interface.

  • mac_address: Optional string. MAC address of the interface.

  • tags: Optional string. Tags for the interface.

  • vlan: Optional string. VLAN the interface is connected to.

  • parent: Optional integer. Parent interface id for this bridge interface.

  • bridge_type: Optional string. The type of bridge to create. Possible values are: standard, ovs.

  • bridge_stp: Optional Boolean. Turn spanning tree protocol on or off. (Default: False).

  • bridge_fd: Optional integer. Set bridge forward delay to time seconds. (Default: 15).

  • mtu: Optional integer. Maximum transmission unit.

  • accept_ra: Optional Boolean. Accept router advertisements. (IPv6 only)

  • autoconf: Optional Boolean. Perform stateless autoconfiguration. (IPv6 only)

The “delete” command can be used to delete a bridge interface, a bond interface or a physical interface:

maas $PROFILE interface delete $SYSTEM_ID $IFACE_ID

For example:

maas admin interface delete 4efwb4 15

The following is output after the successful deletion of an interface:

Success.
Machine-readable output follows:

Note that while the label is presented, there is no machine-readable output expected after the successful execution of the delete command.

How to assign a network interface to a fabric

A network interface may be assigned to a fabric with the MAAS CLI only. Choose the “CLI” dropdown above to see how.

This task is made easier with the aid of the jq utility. It filters the maas command (JSON formatted) output and prints it in the desired way, which allows you to view and compare data quickly. Go ahead and install it:

sudo apt install jq

In summary, MAAS assigns an interface to a fabric by assigning it to a VLAN. First, we need to gather various bits of data.

List some information on all machines:

maas $PROFILE machines read | jq ".[] | \
    {hostname:.hostname, system_id: .system_id, status:.status}" --compact-output

Example output:

{"hostname":"machine1","system_id":"dfgnnd","status":4}
{"hostname":"machine2","system_id":"bkaf6e","status":6}
{"hostname":"machine4","system_id":"63wqky","status":6}
{"hostname":"machine3","system_id":"qwkmar","status":4}

You can only edit an interface when the corresponding machine has a status of ‘Ready’. This state is numerically denoted by the integer ‘4’.

List some information for all interfaces on the machine in question (identified by its system id ‘dfgnnd’):

maas $PROFILE interfaces read dfgnnd | jq ".[] | \
    {id:.id, name:.name, mac:.mac_address, vid:.vlan.vid, fabric:.vlan.fabric}" --compact-output

Example output:

{"id":8,"name":"eth0","mac":"52:54:00:01:01:01","vid":0,"fabric":"fabric-1"}
{"id":9,"name":"eth1","mac":"52:54:00:01:01:02","vid":null,"fabric":null}

List some information for all fabrics:

maas $PROFILE fabrics read | jq ".[] | \
    {name:.name, vlans:.vlans[] | {id:.id, vid:.vid}}" --compact-output

Example output:

{"name":"fabric-0","vlans":{"id":5001,"vid":0}}
{"name":"fabric-1","vlans":{"id":5002,"vid":0}}
{"name":"fabric-2","vlans":{"id":5003,"vid":0}}

This example will show how to move interface ‘8’ (on machine ‘dfgnnd’) from ‘fabric-1’ to ‘fabric-0’. Based on the gathered information, this will consist of changing the interface’s VLAN from ‘5002’ to ‘5001’:

maas $PROFILE interface update dfgnnd 8 vlan=5001 >/dev/null

Verify the operation by relisting information for the machine’s interface:

maas $PROFILE interfaces read dfgnnd | jq ".[] | \
    {id:.id, name:.name, mac:.mac_address, vid:.vlan.vid, fabric:.vlan.fabric}" --compact-output

The output shows that the interface is now on fabric-0:

{"id":8,"name":"eth0","mac":"52:54:00:01:01:01","vid":0,"fabric":"fabric-0"}
{"id":9,"name":"eth1","mac":"52:54:00:01:01:02","vid":null,"fabric":null}

How to discover interface identifiers

Interface identifiers can only be discovered via the MAAS CLI. Choose the “CLI” dropdown above to see how.

The MAAS CLI uses a numeric interface identifier for many interface operations. Use the following command to retrieve the identifier(s):

maas $PROFILE interfaces read $SYSTEM_ID

Look for either id or the number at the end of an interface’s resource URI, such as 15 in the following example output:

"id": 15,
"mac_address": "52:54:00:55:06:40",
...
"name": "ens9",
...
"resource_uri": "/MAAS/api/2.0/nodes/4efwb4/interfaces/15/"

How to create a VLAN interface

VLAN interfaces can only be created via the MAAS CLI. Select the “CLI” dropdown above to see how.

To create a VLAN interface, use the following syntax:

maas $PROFILE vlans create $FABRIC_ID name=$NAME vid=$VLAN_ID

For example, the following command creates a VLAN called 'Storage network:

maas admin vlans create 0 name="Storage network" vid=100

The above command generates the following output:

Success.
Machine-readable output follows:
{
    "vid": 100,
    "mtu": 1500,
    "dhcp_on": false,
    "external_dhcp": null,
    "relay_vlan": null,
    "name": "Storage network",
    "space": "undefined",
    "fabric": "fabric-0",
    "id": 5004,
    "primary_rack": null,
    "fabric_id": 0,
    "secondary_rack": null,
    "resource_uri": "/MAAS/api/2.0/vlans/5004/"
}

Be aware that the $VLAN_ID parameter does not indicate a VLAN ID that corresponds to the VLAN tag. You must first create the VLAN and then associate it with the interface:

maas $PROFILE interfaces create-vlan $SYSTEM_ID vlan=$OUTPUT_VLAN_ID \
parent=$IFACE_ID

OUTPUT_VLAN_ID corresponds to the id value output when MAAS created the VLAN.

The following example contains values that correspond to the output above:

maas admin interfaces create-vlan 4efwb4 vlan=5004 parent=4

The above command generates the following output:

Success.
Machine-readable output follows:
{
    "tags": [],
    "type": "vlan",
    "enabled": true,
    "system_id": "4efwb4",
    "id": 21,
    "children": [],
    "mac_address": "52:54:00:eb:f2:29",
    "params": {},
    "vlan": {
        "vid": 100,
        "mtu": 1500,
        "dhcp_on": false,
        "external_dhcp": null,
        "relay_vlan": null,
        "id": 5004,
        "secondary_rack": null,
        "fabric_id": 0,
        "space": "undefined",
        "fabric": "fabric-0",
        "name": "Storage network",
        "primary_rack": null,
        "resource_uri": "/MAAS/api/2.0/vlans/5004/"
    },
    "parents": [
        "ens3"
    ],
    "effective_mtu": 1500,
    "links": [
        {
            "id": 55,
            "mode": "link_up"
        }
    ],
    "discovered": null,
    "name": "ens3.100",
    "resource_uri": "/MAAS/api/2.0/nodes/4efwb4/interfaces/21/"
}

How to delete a VLAN interface

VLAN interfaces can only be deleted via the MAAS CLI. Select the “CLI” dropdown above to see how.

The following command outlines the syntax required to delete a VLAN interface from the command line:

maas $PROFILE vlan delete $FABRIC__ID $VLAN_ID

Using the values from previous examples, you executed this step as follows:

maas admin vlan delete 0 100

How to manage proxies

MAAS provides a way for its managed machines to use a proxy server when they need to access HTTP/HTTPS-based resources, such as the Ubuntu package archive.

There are three possible options:

  1. internal proxy (default)
  2. external proxy
  3. no proxy

Configuring a proxy with MAAS consists of enabling/disabling one of the above three options and enabling/disabling proxying on a specific subnet. This article will help you learn:

About the MAAS internal proxy

MAAS provides an internal proxy server. Although it is set up to work well with APT/package requests, it is effectively an HTTP caching proxy server. If you configure the MAAS region controller as the default gateway for the machines it manages then the proxy will work transparently (on TCP port 3128). Otherwise, machines will need to access it on TCP port 8000.

By default, the proxy is available to all hosts residing in any subnet detected by MAAS, not just MAAS-managed machines. It is therefore recommended to disable access to those subnets that represent untrusted networks.

MAAS manages its proxy. So although the active configuration, located in file /var/snap/maas/current/proxy, can be inspected, it is not to be hand-edited. The proxy is automatically installed with the MAAS snap.

MAAS manages its proxy. So although the active configuration, located in file /var/lib/maas/maas-proxy.conf, can be inspected, it is not to be hand-edited.

You must install the proxy on the same host as the region controller (via the ‘maas-proxy’ package).

MAAS manages its proxy. So although the active configuration, located in file /var/snap/maas/current/proxy, can be inspected, it is not to be hand-edited. The proxy is automatically installed with the MAAS snap.

MAAS manages its proxy. So although the active configuration, located in file /var/lib/maas/maas-proxy.conf, can be inspected, it is not to be hand-edited.

You must install the proxy on the same host as the region controller (via the ‘maas-proxy’ package).

MAAS manages its proxy. So although the active configuration, located in file /var/snap/maas/current/proxy, can be inspected, it is not to be hand-edited. The proxy is automatically installed with the MAAS snap.

MAAS manages its proxy. So although the active configuration, located in file /var/lib/maas/maas-proxy.conf, can be inspected, it is not to be hand-edited.

You must install the proxy on the same host as the region controller (via the ‘maas-proxy’ package).

MAAS manages its proxy. So although the active configuration, located in file /var/snap/maas/current/proxy, can be inspected, it is not to be hand-edited. The proxy is automatically installed with the MAAS snap.

MAAS manages its proxy. So although the active configuration, located in file /var/lib/maas/maas-proxy.conf, can be inspected, it is not to be hand-edited.

You must install the proxy on the same host as the region controller (via the ‘maas-proxy’ package).

How to create an external proxy

In the web UI, visit the ‘Settings’ page and select the ‘Network services’ tab. The ‘Proxy’ section is at the top. You can apply your changes by pressing the ‘Save’ button.

To enable the internal proxy, ensure that the checkbox adjacent to ‘MAAS Built-in’ is selected. This internal proxy is the default configuration.

To enable an external proxy, activate the ‘External’ checkbox and use the new field that is displayed to define the proxy’s URL (and port if necessary).

An upstream cache peer can be defined by enabling the ‘Peer’ checkbox and entering the external proxy URL into the field. With this enabled, machines will be configured to use the MAAS built-in proxy to download cached APT packages.

To prevent MAAS machines from using a proxy, enable the ‘Don’t use a proxy’ checkbox.

Enabling and disabling proxying, in general, is done via a Boolean option (‘true’ or ‘false’). The following command will disable proxying completely:

maas $PROFILE maas set-config name=enable_http_proxy value=false

To set an external proxy, ensure proxying is enabled (see above) and then define it:

maas $PROFILE maas set-config name=http_proxy value=$EXTERNAL_PROXY

For example,

maas $PROFILE maas set-config name=enable_http_proxy value=true
maas $PROFILE maas set-config name=http_proxy value=http://squid.example.com:3128/

Enabling and disabling proxying per subnet is done via a Boolean option (‘true’ or ‘false’). Here is how you can disable proxying on a per-subnet basis:

maas $PROFILE subnet update $SUBNET_CIDR allow_proxy=false

For example,

maas $PROFILE subnet update 192.168.0.0/22 allow_proxy=false

NOTE that the proxy service will still be running.

How to set up Network Time Protocol (NTP)

MAAS provides managed NTP services (with Chrony) for all region and rack controllers. This arrangement allows MAAS to both keep its controllers synchronised, and keep deployed machines synchronised as well. You can configure NTP on the ‘Network services’ tab of the ‘Settings’ page.

The region controller configures the NTP service to keep its time synchronised from one or more external sources. By default, the MAAS region controller uses ntp.ubuntu.com. Rack controllers also configure the NTP service, synchronising their time with the region controllers. Rack controllers also configure DHCP with the correct NTP information. Any machine on the network that obtains a DHCP lease from MA/snap/3AS will benefit from NTP support.

Setting an external NTP server

External sites, such as an existing NTP infrastructure, can be used directly as a time source for both rack controllers and machines.

You can specify an external site by choosing the NTP server(s) and selecting the ‘External Only’ option. The region controller always uses an external site.

On the ‘Settings’ page, select the ‘Network services’ tab and scroll down to the ‘NTP’ section:

Enter the address of the desired NTP server. Apply any changes by pressing the ‘Save’ button.

You can specify an external NTP server with two successive commands:

maas $PROFILE maas set-config name=ntp_servers value=$NTP_IP_ADDRESS

followed by:

maas admin maas set-config name=ntp_external_only value=true

Last updated 15 days ago.