In Canonical MaaS, there are several feature requests, filed bugs, and general frustration about gateways post-deployment. From the forums and bug requests I've seen and my opinion as well, people want one gateway for setting up PXE, but come deployment time, they want a different gateway so they can access the internet easier. While this may not be a solution for everyone, here are two ways that I've solved it. The first is a bit more Hocus Pocus, but I'll let you know just in case it helps. The second solution is what helped us 100% of the time and is used in our setup and is the ideal method. Physical setup
Solution 1 - Setting public interface firstThis first solution isn't really recommended because it doesn't always work correctly. But one thing I have noticed is that the gateway often times is assigned to the "first" network listed. So in our case, we might create a bridge for the public network so that it appears first in MaaS (see below as an example). In this example, the gateway should be assigned to br0 since it is at the top of the list. That said, this doesn't always work. So, lets go to the solution that really worked for us. Solution 2 - Getting the settings right Disclaimer: So I'm not a network guy, so please let me know if I'm butchering my explanation in the comments below or if you have a more optimal setting.
Lets take a look at the MaaS Settings first: Settings --> Network --> Proxy --> MAAS built-in Settings --> Network --> DNS --> Upstream DNS used to resolve domains not managed by this MAAS (space-separated IP addresses) --> Set to your DNS servers Settings --> Network --> DNS --> Enable DNSSEC validation of upstream zones --> Automatic Now lets look at the Public network (10.x.x.x) settings: Notes: These should be pretty standard and set according to your needs, but it should have a gateway IP, DNS set, I've enabled Proxy and DNS resolution, but you may not need it. Name --> 10.x.x.0/24 CIDR --> 10.x.x.0/24 Gateway IP --> 10.x.x.253 DNS --> Set to your DNS servers Managed allocation --> Enabled Proxy access --> Allowed Allow DNS resolution --> Allowed DHCP --> Disabled (everything is static on this network). I do NOT have any static routing, DHCP snippets or Reserved ranges here. Lastly, lets look at the Private network: Name --> 192.x.x.0/16 CIDR --> 192.x.x.0/16 Gateway IP --> -- DNS --> -- Managed allocation --> Enabled Proxy access --> Allowed Allow DNS resolution --> Allowed DHCP --> Enabled (MaaS controlled) Static Route --> Gateway IP: Region/rack controller IP on MaaS (i.e. 192.x.x.253) Destination: 10.x.x.0/24 Reserved Ranges --> Start IP & End IP are set for dynamic DHCP. DHCP Snippets --> Not set. Final thoughts: For me, not setting a gateway IP address on the private network but still having a static route was not obvious or intuitive and took a while to figure out. Likewise, deployments would fail if I didn't have both Proxy access and DNS resolution enabled. But this setting enables us to commission the servers and deploy servers. Post deployment I can immediately run `sudo apt update` and `ping google.com` without any issues. I hope this help someone out there. Please let me know if this helped you or if you have another solution on how you deploy!
David Andrew Gutman
11/15/2022 04:01:55 pm
thanks! This has been a huge pain in the butt for me, and I've used MAAS for years. Good explanation... although still baffled this isn't spelled out clearly in the documentation... or if so, Ive been missing it. This seems like a very common use case..
Reply
Your comment will be posted after it is approved.
Leave a Reply. |
AuthorJames Benson is an IT professional. Archives
August 2022
Categories
All
|