How to better secure Machines against accidental re-deployments


I’m playing a lot with MaaS 2.5 in a lab, with OpenStack and Ceph Ansible.

Thing is, it’s SUPER easy to wipe out an entire environment with just one click: “Release”.

I’m planning to have a huge Ceph cluster where the MaaS might be used to deploy everything, like my lab.

After initial deployment, Maas CAN NOT re-deploy anything without manual intervention!

In a prod environment, PXE will not be the first boot, so, MaaS will not be able to re-deploy a server.

BUT, MaaS will still be able to “Release a Machine”, causing it to reboot, and also, maybe, erasing all of its devices.

My main question is:

How to not allow (ever) MaaS to wipe the storage devices when Releasing a Machine?


Hey Thiago,

You can use locks to prevent releasing or shutting off your production machines:

You can also choose your default disk erasure settings:

The only problem with locks is that it makes the hostname disappear from the GUI

That sounds like a bug. Could you perhaps show an example and post to

Reported bug for MaaS and I attach here also two screenshots from the machine list with a machined locked

and unlocked

In addition to the good info from @szeestraten I would like to point out that you can’t (AFAICT) release a machine with a single click. You will always be asked whether or not you want to erase the disks and have to click on the release button a second time.