Creating a web service for the MAAS webhook power driver

Introduction

MAAS contains many power drivers but there are always more BMC types out there that the MAAS team doesn’t have the time to implement, test, and maintain. Travis Glenn Hansen, from the MAAS community, proposed a branch to add a webhook driver to MAAS. We have accepted this branch and I extended it to be a bit more flexible. It is available in MAAS 2.9.2 and above.

While the MAAS team supports the webhook driver we cannot support the services it interacts with.

How MAAS Handles Power Actions

A machine managed by MAAS only requires network access to a rack controller. Machines never directly interact with the region controller or database. When a user performs a power action or MAAS goes to check on the power status of a machine MAAS has to first determine which rack controller to route the power request through. If the power_address contains an IP address MAAS finds a rack controller which is on the same subnet. If no rack controller is on the same subnet or the power_address is a hostname or FQDN the power request is sent to all rack controllers.

This algorithm is maintained with the webhook driver however MAAS itself cannot control what the remote service tries to communicate with.

Fields

In order to be as flexible as possible the webhook driver requires more fields then a typical power driver

  • power_on_uri - The URI to power on the machine, the System_id is included in the header of the request.
  • power_off_uri - The URI to power off the machine, the System_id is included in the header of the request.
  • power_query_uri - The URI to query the power status of a machine, the System_id is included in the header of the request.
  • power_on_regex - A regular expression MAAS will use to determine if the machine is on.
  • power_off_regex - A regular expression MAAS will use to determine if the machine is off.
  • power_user - An optional username to authenticate with.
  • power_pass - An optional password to authenticate with.
  • power_token - An optional token to authenticate with.
  • power_verify_ssl - Validate SSL connections with the system CA certificates.

Authentication

The webhook power driver supports two forms of authentication:

Both types send credentials in the header of each request. Cookie based authentication is not currently supported.

Example - Wake on LAN service

A frequent request we have received is to add a wake on LAN power driver. MAAS requires the ability to turn on, off, and query the status of a machine. Wake on LAN only allows you to turn on a machine which makes it unreliable for MAAS. Below is a web service which allows you to use a machine which is controlled via wake on LAN and a person. A few warnings

  • Don’t use this in production.
  • This service isn’t supported by me, the MAAS team, or Canonical.
  • Wake on LAN doesn’t always work, this service assumes it does.
  • Power status is based off of previous power actions. If there have been no previous actions the power status will be unknown.
  • When a power off command comes in the service will block until a person acknowledges that the machine has been turned off. The person will have 60s before a timeout occurs and an error will be reported to MAAS.
  • Don’t use this in production.

maas-wol

4 Likes