How to better secure Machines against accidental re-deployments


#1

Guys,

I’m playing a lot with MaaS 2.5 in a lab, with OpenStack and Ceph Ansible.

Thing is, it’s SUPER easy to wipe out an entire environment with just one click: “Release”.

I’m planning to have a huge Ceph cluster where the MaaS might be used to deploy everything, like my lab.

After initial deployment, Maas CAN NOT re-deploy anything without manual intervention!

In a prod environment, PXE will not be the first boot, so, MaaS will not be able to re-deploy a server.

BUT, MaaS will still be able to “Release a Machine”, causing it to reboot, and also, maybe, erasing all of its devices.

My main question is:

How to not allow (ever) MaaS to wipe the storage devices when Releasing a Machine?

Cheers!
Thiago


#2

Hey Thiago,

You can use locks to prevent releasing or shutting off your production machines: https://docs.maas.io/2.5/en/intro-concepts#nodes

You can also choose your default disk erasure settings: https://docs.maas.io/2.5/en/installconfig-storage-erasure


#3

The only problem with locks is that it makes the hostname disappear from the GUI


#4

That sounds like a bug. Could you perhaps show an example and post to https://bugs.launchpad.net/maas?


#5

Reported bug for MaaS and I attach here also two screenshots from the machine list with a machined locked

and unlocked


#6

In addition to the good info from @szeestraten I would like to point out that you can’t (AFAICT) release a machine with a single click. You will always be asked whether or not you want to erase the disks and have to click on the release button a second time.

Cheers,
Lloyd