MAAS installation (snap/2.9/CLI)

2.7 2.8 2.9 3.0
Snap CLI ~ UI CLI ~ UI CLI ~ UI CLI ~ UI
Packages CLI ~ UI CLI ~ UI CLI ~ UI CLI ~ UI

The minimum requirements for the machines that run MAAS vary widely depending on local implementation and usage. Below, you will find resource estimates based on MAAS components and operating system (Ubuntu Server). We consider both a test configuration (for proof of concept) and a production environment.

Two questions you might have:

  1. What are the requirements for a test environment?
  2. What are the requirements for a production environment?

Requirements for a test environment

Here is a proof-of-concept scenario, with all MAAS components installed on a single host. This scenario assumes two complete sets of images (latest two Ubuntu LTS releases) for a single architecture (amd64).

Memory (MB) CPU (GHz) Disk (GB)
Region controller (minus PostgreSQL) 512 0.5 5
PostgreSQL 512 0.5 5
Rack controller 512 0.5 5
Ubuntu Server (including logs) 512 0.5 5

Based on this table, the approximate requirements for this scenario are 2 GB memory, 2 GHz CPU, and 20 GB of disk space.

Requirements for a production environment

Here is a production scenario designed to handle a high number of sustained client connections. This scenario implements both high availability (region and rack) and load balancing (region). MAAS reserves extra space for images (database and rack controller), while some images, such as those for Microsoft Windows, may require a lot more – so plan accordingly.

Memory (MB) CPU (GHz) Disk (GB)
Region controller (minus PostgreSQL) 2048 2.0 5
PostgreSQL 2048 2.0 20
Rack controller 2048 2.0 20
Ubuntu Server (including logs) 512 0.5 5

So, based on the above, the approximate requirements for this scenario are:

  1. A region controller (including PostgreSQL) installed on one host, with 4.5 GB memory, 4.5 GHz CPU, and 45 GB of disk space.
  2. A duplicate region controller (including PostgreSQL) on a second host, also with 4.5 GB memory, 4.5 GHz CPU, and 45 GB of disk space.
  3. A rack controller installed on a third host, with 2.5 GB memory, 2.5 GHz CPU, and 40 GB of disk space.
  4. A duplicate rack controller on a fourth host, also with 2.5 GB memory, 2.5 GHz CPU, and 40 GB of disk space.

The tables above refer to MAAS infrastructure only. They do not cover the resources needed by subsequently-added nodes. Note that machines should have IPMI-based BMC controllers for power cycling, see Power management for more details.

Some examples of factors that influence hardware specifications include:

  1. the number of connecting clients (client activity)
  2. how you decide to distribute services
  3. whether or not you use high availability/load balancing.
  4. the number of images that you choose to store (disk space affecting PostgreSQL and the rack controller)

Also, this discussion does not take into account a possible local image mirror, which would be a large consumer of disk space.

One rack controller should only service 1000 machines or less, regardless of how you distribute them across subnets. There is no load balancing at the rack level, so you will need additional, independent rack controllers. Each controller must service its own subnet(s).

MAAS can be installed in either of two configurations: test or production. The test configuration uses a small PostgreSQL database (in a separate snap), designed for use with MAAS. The full-up production configuration uses a separate PostgreSQL database for performance and scalability. This article will walk you through both install methods.

Thirteen questions you may have:

  1. How do I install (but not initialise) the MAAS 2.9 snap?
  2. How do I upgrade my 2.8 snap to version 2.9?
  3. What are MAAS initialisation modes?
  4. How do I initialise MAAS for a test or proof-of-concept configuration?
  5. How do I initialise MAAS for a production configuration?
  6. How do I migrate an existing snap install?
  7. What if I want to manually export the MAAS database to an existing PostgreSQL server?
  8. How can I check the service status of my MAAS configuration?
  9. How do I re-initialise MAAS, if I want to?
  10. How can I discover additional init options?
  11. Give me an example of initialising MAAS
  12. Tell me about the MAAS URL
  13. Tell me about the shared secret

If you have installed bind9 or have it running, you will need to uninstall it before installing MAAS. You can check with ps aux | grep named to see if it’s running. The bind9 daemon interferes with MAAS operation and creates a number of unusual, hard-to-debug errors – but don’t worry, MAAS provides DNS and can work with existing DNS servers.

Installing MAAS from the snap

Snaps are containerised software packages. To install MAAS from a snap simply enter the following:

$ sudo snap install --channel=2.9/stable maas

After entering your password, the snap will download and install from the 2.9 stable channel – though MAAS needs initialising before it’s ready to go.

Upgrading MAAS from 2.8

If you want to upgrade from a 2.8 snap to 2.9, and you are using a region+rack configuration, use this command:

$ sudo snap refresh --channel=2.9/stable maas

After entering your password, the snap will refresh from the 2.9 stable channel. You will not need to re-initialise MAAS.

If you are using a multi-node maas deployment with separate regions and racks, you should first run the upgrade command above for rack nodes, then for region nodes.

MAAS initialisation modes

MAAS supports the following modes, which dictate what services will run on the local system:

Mode Region Rack Database Description
region X Region API server only
rack X Rack controller only
region+rack X X Region API server and rack controller
none Reinitialises MAAS and stops services

Initialising MAAS as a test configuration

We want to provide a more compact version for those who may be testing MAAS. To achieve this, we’re providing a separate snap, called maas-test-db, which provides a PostgreSQL database for use in testing and evaluating MAAS. The following instructions will help you take advantage of this test configuration.

Once MAAS is installed, you can use the --help flag with maas init to get relevant instructions:

$ sudo maas init --help
usage: maas init [-h] {region+rack,region,rack} . . .

Initialise MAAS in the specified run mode.

optional arguments:
  -h, --help            show this help message and exit

run modes:
  {region+rack,region,rack}
    region+rack         Both region and rack controllers
    region              Region controller only
    rack                Rack controller only

When installing region or rack+region modes, MAAS needs a
PostgreSQL database to connect to.

If you want to set up PostgreSQL for a non-production deployment on
this machine, and configure it for use with MAAS, you can install
the maas-test-db snap before running 'maas init':
    sudo snap install maas-test-db
    sudo maas init region+rack --database-uri maas-test-db:///

We’ll quickly walk through these instructions to confirm your understanding. First, install the maas-test-db snap:

sudo snap install maas-test-db

Note that this step installs a a running PostgreSQL and a MAAS-ready database instantiation. When it’s done, you can double check with a built-in PostgreSQL shell:

$ maas-test-db.psql
psql (10.6)
Type "help" for help.

postgres=# \l

This will produce a list of databases, one of which will be maasdb, owned by maas. Note that this database is still empty because MAAS is not yet initialised and, hence, is not yet using the database. Once this is done, you can run the maas init command:

sudo maas init region+rack --database-uri maas-test-db:///

After running for a moment, the command will prompt you for a MAAS URL; typically, you can use the default:

MAAS URL [default=http://10.45.222.159:5240/MAAS]:

When you’ve entered a suitable URL, or accepted the default, the following prompt will appear:

MAAS has been set up.

If you want to configure external authentication or use
MAAS with Canonical RBAC, please run

  sudo maas configauth

To create admins when not using external authentication, run

  sudo maas createadmin

Let’s assume you just want a local testing user named admin:

$ sudo maas createadmin
Username: admin
Password: ******
Again: ******
Email: admin@example.com
Import SSH keys [] (lp:user-id or gh:user-id): gh:yourusername

At this point, MAAS is basically set up and running. You can confirm this with sudo maas status. If you need an API key, you can obtain this with sudo maas apikey --username yourusername. Now you will be able to test and evaluate MAAS by going to the URL you entered or accepted above and entering your admin username and password.

Configuration verification

After a snap installation of MAAS, you can verify the currently-running configuration with:

sudo maas config

Initialise MAAS for a production configuration

To install MAAS in a production configuration, you need to setup PostgreSQL, as described below.

Setting up PostgreSQL from scratch

To set up PostgreSQL, even if it’s running on a different machine, you can use the following procedure:

  1. You will need to install PostgreSQL on the machine where you want to keep the database. This can be the same machine as the MAAS region/rack controllers or a totally separate machine. If PostgreSQL (version 10 or better) is already running on your target machine, you can skip this step. To install PostgreSQL, run these commands:

     sudo apt update -y
     sudo apt install -y postgresql
    
  2. You want to make sure you have a suitable PostgreSQL user, which can be accomplished with the following command, where $MAAS_DBUSER is your desired database username, and $MAAS_DBPASS is the intended password for that username. Note that if you’re executing this step in a LXD container (as root, which is the default), you may get a minor error, but the operation will still complete correctly.

     sudo -u postgres psql -c "CREATE USER \"$MAAS_DBUSER\" WITH ENCRYPTED PASSWORD '$MAAS_DBPASS'"
    
  3. Create the MAAS database with the following command, where $MAAS_DBNAME is your desired name for the MAAS database (typically known as maas). Again, if you’re executing this step in a LXD container as root, you can ignore the minor error that results.

     sudo -u postgres createdb -O "$MAAS_DBUSER" "$MAAS_DBNAME"
    
  4. Edit /etc/postgresql/10/main/pg_hba.conf and add a line for the newly created database, replacing the variables with actual names. You can limit access to a specific network by using a different CIDR than 0/0.

     host    $MAAS_DBNAME    $MAAS_DBUSER    0/0     md5
    
  5. You can then initialise MAAS via the following command:

     sudo maas init region+rack --database-uri "postgres://$MAAS_DBUSER:$MAAS_DBPASS@$HOSTNAME/$MAAS_DBNAME"
    

You should use localhost for $HOSTNAME if you’re running PostgreSQL on the same box as MAAS.

Don’t worry; if you leave out any of the database parameters, you’ll be prompted for those details.

Checking MAAS service status

You can check the status of running services with:

sudo maas status

Typically, the output looks something like this:

bind9                            RUNNING   pid 7999, uptime 0:09:17
dhcpd                            STOPPED   Not started
dhcpd6                           STOPPED   Not started
ntp                              RUNNING   pid 8598, uptime 0:05:42
postgresql                       RUNNING   pid 8001, uptime 0:09:17
proxy                            STOPPED   Not started
rackd                            RUNNING   pid 8000, uptime 0:09:17
regiond:regiond-0                RUNNING   pid 8003, uptime 0:09:17
regiond:regiond-1                RUNNING   pid 8008, uptime 0:09:17
regiond:regiond-2                RUNNING   pid 8005, uptime 0:09:17
regiond:regiond-3                RUNNING   pid 8015, uptime 0:09:17
tgt                              RUNNING   pid 8040, uptime 0:09:15

With MAAS installed and initialised, you can now open the web UI in your browser and begin your Configuration journey.

Example of MAAS initialisation

The following demonstrates the region+rack mode, a popular initialisation choice for MAAS:

sudo maas init region+rack

maas will ask for the MAAS URL:

MAAS URL [default=http://10.55.60.1:5240/MAAS]: http://192.168.122.1:5240/MAAS

If you also need to create an admin user, you can use:

sudo maas createadmin

which takes you through the following exchange:

Create first admin account:       
Username: admin
Password: ******
Again: ******
Email: admin@example.com
Import SSH keys [] (lp:user-id or gh:user-id): lp:petermatulis

You will use the username and password created above to access the web UI. If you enter a Launchpad or GitHub account name with associated SSH key, MAAS will import them automatically.

MAAS URL

All run modes (except none) prompt for a MAAS URL, interpreted differently depending on the mode:

  • region: Used to create a new region controller.
  • rack: Used to locate the region controller.

Shared secret

The ‘rack’ and ‘region+rack’ modes will additionally ask for a shared secret that will allow the new rack controller to register with the region controller.

Reinitialising MAAS

It is also possible to re-initialise MAAS to switch modes. For example, to switch from rack to region:

sudo maas init region

Additional init options

The init command can takes optional arguments. To list them, as well as read a brief description of each, you can enter:

sudo maas init --help

Once you’ve successfully installed MAAS (regardless of method), you can login to the MAAS CLI via the following process. First, generate the API-key for the user you’re going to employing:

sudo maas apikey --username=$PROFILE > api-key-file

Replace $PROFILE with whatever username you set during the createadmin part of the install process. Next, login with the following command:

maas login $PROFILE $MAAS_URL < api-key-file

Substitute $MAAS_URL with the URL that was returned to you when you initialised MAAS, for example, 192.168.43.251:5240/MAAS. Remember that, once you’ve logged in, you can get extensive CLI help with the command:

maas admin --help

Sample output is shown in the detail section below.

MAAS CLI help, sample output usage: maas admin [-h] COMMAND ...

Issue commands to the MAAS region controller at http://192.168.43.251:5240/MAAS/api/2.0/.

optional arguments:
-h, --help show this help message and exit

drill down:
COMMAND
account Manage the current logged-in user.
bcache-cache-set Manage bcache cache set on a machine.
bcache-cache-sets Manage bcache cache sets on a machine.
bcache Manage bcache device on a machine.
bcaches Manage bcache devices on a machine.
block-device Manage a block device on a machine.
block-devices Manage block devices on a machine.
boot-resource Manage a boot resource.
boot-resources Manage the boot resources.
boot-source Manage a boot source.
boot-source-selection
Manage a boot source selection.
boot-source-selections
Manage the collection of boot source selections.
boot-sources Manage the collection of boot sources.
commissioning-script
Manage a custom commissioning script.
commissioning-scripts
Manage custom commissioning scripts.
dhcpsnippet Manage an individual DHCP snippet.
dhcpsnippets Manage the collection of all DHCP snippets in MAAS.
dnsresource Manage dnsresource.
dnsresource-record Manage dnsresourcerecord.
dnsresource-records
Manage DNS resource records (e.g. CNAME, MX, NS, SRV,
TXT)
dnsresources Manage dnsresources.
device Manage an individual device.
devices Manage the collection of all the devices in the MAAS.
discoveries Query observed discoveries.
discovery Read or delete an observed discovery.
domain Manage domain.
domains Manage domains.
events Retrieve filtered node events.
fabric Manage fabric.
fabrics Manage fabrics.
fan-network Manage Fan Network.
fan-networks Manage Fan Networks.
file Manage a FileStorage object.
files Manage the collection of all the files in this MAAS.
ipaddresses Manage IP addresses allocated by MAAS.
iprange Manage IP range.
ipranges Manage IP ranges.
interface Manage a node’s or device’s interface.
interfaces Manage interfaces on a node.
license-key Manage a license key.
license-keys Manage the license keys.
maas Manage the MAAS server.
machine Manage an individual machine.
machines Manage the collection of all the machines in the MAAS.
network Manage a network.
networks Manage the networks.
node Manage an individual Node.
node-results Read the collection of commissioning script results.
node-script Manage or view a custom script.
node-script-result Manage node script results.
node-script-results
Manage node script results.
node-scripts Manage custom scripts.
nodes Manage the collection of all the nodes in the MAAS.
notification Manage an individual notification.
notifications Manage the collection of all the notifications in
MAAS.
package-repositories
Manage the collection of all Package Repositories in
MAAS.
package-repository Manage an individual package repository.
partition Manage partition on a block device.
partitions Manage partitions on a block device.
pod Manage an individual pod.
pods Manage the collection of all the pod in the MAAS.
rack-controller Manage an individual rack controller.
rack-controllers Manage the collection of all rack controllers in MAAS.
raid Manage a specific RAID (Redundant Array of Independent
Disks) on a machine.
raids Manage all RAIDs (Redundant Array of Independent
Disks) on a machine.
region-controller Manage an individual region controller.
region-controllers Manage the collection of all region controllers in
MAAS.
resource-pool Manage a resource pool.
resource-pools Manage resource pools.
sshkey Manage an SSH key.
sshkeys Manage the collection of all the SSH keys in this
MAAS.
sslkey Manage an SSL key.
sslkeys Operations on multiple keys.
space Manage space.
spaces Manage spaces.
static-route Manage static route.
static-routes Manage static routes.
subnet Manage subnet.
subnets Manage subnets.
tag Tags are properties that can be associated with a Node
and serve as criteria for selecting and allocating
nodes.
tags Manage all tags known to MAAS.
user Manage a user account.
users Manage the user accounts of this MAAS.
version Information about this MAAS instance.
vlan Manage a VLAN on a fabric.
vlans Manage VLANs on a fabric.
vm-host Manage an individual vm-host.
vm-hosts Manage the collection of all the vm-hosts in the MAAS.
vmfs-datastore Manage VMFS datastore on a machine.
vmfs-datastores Manage VMFS datastores on a machine.
volume-group Manage volume group on a machine.
volume-groups Manage volume groups on a machine.
zone Manage a physical zone.
zones Manage physical zones.

This is a profile. Any commands you issue on this profile will
operate on the MAAS region server.

The command information you see here comes from the region server’s
API; it may differ for different profiles. If you believe the API may
have changed, use the command’s ‘refresh’ sub-command to fetch the
latest version of this help information from the server.

Configuration

Configuring MAAS consists of four broad steps:

  1. Setting upstream DNS
  2. Importing an SSH key for your admin user
  3. Importing images
  4. Configuring DNS

This section will cover those four operations

Setting DNS

After logging in for the first time, you will need to set a number of system-wide configuration options. First up, you should configure DNS. You can check out the help for DNS settings, known in the CLI as a “DNS forwarder”:

maas $PROFILE maas set-config name=upstream_dns value="8.8.8.8"

Here, we’ve set the DNS forwarder to “8.8.8.8” (Google), which is a reliable value.

Setting SSH for the admin user

To add a public SSH key to a MAAS user account, type the following command:

maas $PROFILE sshkeys create "key=$SSH_KEY"

Importing images

Before going any further, it’s worthwhile to start the image import, as it can sometimes take a few minutes. You can see what images you already have downloaded with this command:

maas $PROFILE boot-resources read | jq -r '.[] | "\(.name)\t\(.architecture)"'

This command will return a list similar to the following:

grub-efi-signed/uefi        amd64/generic
grub-efi/uefi           arm64/generic
grub-ieee1275/open-firmware ppc64el/generic
pxelinux/pxe            i386/generic
ubuntu/bionic           amd64/ga-18.04
ubuntu/bionic           amd64/ga-18.04-lowlatency
ubuntu/bionic           amd64/hwe-18.04
ubuntu/bionic           amd64/hwe-18.04-edge
ubuntu/bionic           amd64/hwe-18.04-lowlatency
ubuntu/bionic           amd64/hwe-18.04-lowlatency-edge

Suppose you also want a version called “Trusty” – you can import a new image by first selecting it for download, like this:

maas $PROFILE boot-source-selections create 1 \ > os="ubuntu" release="trusty" arches="amd64" subarches="*" \ > labels="*"

which returns some JSON confirming your action:

Success.
Machine-readable output follows:
{
    "os": "ubuntu",
    "release": "trusty",
    "arches": [
        "amd64"
    ],
    "subarches": [
        "*"
    ],
    "labels": [
        "*"
    ],
    "boot_source_id": 1,
    "id": 2,
    "resource_uri": "/MAAS/api/2.0/boot-sources/1/selections/2/"
}

Once selected, you can start the image import with this command:

maas admin boot-resources import

which offers a shorter confirmation message:

Success.
Machine-readable output follows:
Import of boot resources started

Enabling DHCP

Once your image has been imported, you’ll want to get DHCP working, which means finding the untagged VLAN. In truth, it shouldn’t be too hard, because at this point, there still should only be one.

In order to turn on DHCP, you need to know two things besides the VLAN name (“untagged”): the fabric ID and the primary rack controller name. To start, all the fabrics will be on the same untagged VLAN, so any fabric will do. You can find a valid fabric ID by reading it from any subnet, so just pick one (e.g., 192.168.123.0/24) and find a usable fabric ID like this:

maas $PROFILE subnet read $SUBNET_CIDR | grep fabric_id

which returns (in this example):

"fabric_id": $FABRIC_ID,

Next, find the name of the primary rack controller. It’s usually fairly obvious, but for purposes of argument, assume that it’s not known. You can get it this way:

maas $PROFILE rack-controllers read | grep hostname | cut -d '"' -f 4

This returns a hostname, which we’ll call:

$RACK_CONTR_HOSTNAME

Finally, you need to create an IP range for DHCP, in this case, a dynamic range:

maas $PROFILE ipranges create type=dynamic start_ip=$START_IP end_ip=$END_IP

This command returns something similar to this sample output:

Success.
Machine-readable output follows:
{
    "subnet": {
        "name": "192.168.123.0/24",
        "description": "",
        "vlan": {
            "vid": 0,
            "mtu": 1500,
            "dhcp_on": false,
            "external_dhcp": null,
            "relay_vlan": null,
            "fabric": "fabric-2",
            "primary_rack": null,
            "name": "untagged",
            "id": 5003,
            "space": "undefined",
            "secondary_rack": null,
            "fabric_id": 2,
            "resource_uri": "/MAAS/api/2.0/vlans/5003/"
        },
        "cidr": "192.168.123.0/24",
        "rdns_mode": 2,
        "gateway_ip": null,
        "dns_servers": [],
        "allow_dns": true,
        "allow_proxy": true,
        "active_discovery": false,
        "managed": true,
        "id": 4,
        "space": "undefined",
        "resource_uri": "/MAAS/api/2.0/subnets/4/"
    },
    "type": "dynamic",
    "start_ip": "192.168.123.190",
    "end_ip": "192.168.123.253",
    "user": {
        "is_superuser": true,
        "username": "admin",
        "email": "admin@admin.com",
        "is_local": true,
        "resource_uri": "/MAAS/api/2.0/users/admin/"
    },
    "comment": "",
    "id": 1,
    "resource_uri": "/MAAS/api/2.0/ipranges/1/"
}

So you should now be able to turn on DHCP like this:

maas $PROFILE vlan update $FABRIC_ID untagged dhcp_on=True primary_rack=$RACK_CONTR_HOSTHNAME

If you’ve done everything correctly, you should see JSON output similar to this sample:

Success.
Machine-readable output follows:
{
    "vid": 0,
    "mtu": 1500,
    "dhcp_on": true,
    "external_dhcp": null,
    "relay_vlan": null,
    "fabric": "fabric-2",
    "space": "undefined",
    "primary_rack": "8dwnne",
    "secondary_rack": null,
    "name": "untagged",
    "fabric_id": 2,
    "id": 5003,
    "resource_uri": "/MAAS/api/2.0/vlans/5003/"
}

Spaces, fabrics, zones and subnets

Networks in large data centres can be very complex. MAAS offers comprehensive control over networking so that you have the flexibility to reconfigure racks and deploy machines as you see fit. You can isolate machine deployment not only with DNS domains, but also via subnets, spaces, zones, and fabrics. The links provide more details, but these are all basically collections:

  • subnet has the traditional meaning: a range of IP addresses covering a subset of IP addresses. Generally speaking , a subnet is a collection of IP addresses which includes at least two addresses.
  • a space is a collection of subnets that you can create with MAAS, understanding that each subnet can belong to only one space. Spaces allow multiple subnets to communicate without requiring a direct network path between them.
  • a zone is also an ad-hoc collection, but one which groups individual nodes, rather than subnets. MAAS allows you to create and edit zones at will.
  • a fabric is essentially a collection of trunked switches, allowing you to access a group of VLANs.

Here is a diagram that helps to illustrate these concepts:

VM hosts can give you greater control over your hardware. A VM host is a collection of individual virtual machines. You can use a VM host to compose machines into an abstraction of resources that functions like a physical machine – without building one!

There you have it: A quick tour of MAAS and its capabilities. Read on through the documentation to learn more.


Last updated 3 days ago.