We have been working on a MaaS proof-of-concept deployment at our organization and we currently have it working to the point that we can deploy to physical hosts in our datacenter, but I have a question about Network Discovery.
Though we currently have active network discovery enabled, there are no hosts being discovered. Since this is just a proof-of-concept, we do not yet have separate rack controllers. We have only one machine acting as both the MaaS region controller and rack controller, and it is on a separate vlan from the hosts it is deploying to. Our networking team has enabled the dhcp helper on the router where our hosts are, so MaaS is able to receive dhcp requests from (and serve dhcp addresses to) machines on that separate host vlan. But does active network discovery require that the rack controller be on the same subnet as the hosts it is discovering? Or is it possible to discovery hosts on other subnets?
From my understanding, network discovery happens mainly at layer 2 so your MAAS box would need to be setup on each vlan in your datacenter. This will also simplify your DHCP setup since you wonāt have to mess with DHCP relays or trying to route DHCP packets. In our setup, I made the interface on the switch that our maas box is connected to a trunk port so it has access to all vlans. (This could be restricted to only the necessary vlans if you want.) Then, I added the vlans to the interface of my MAAS box.
I spoke to our network engineer and hereās the feedback I received when I told him the MaaS server would need to see L2 traffic from all our vlans:
Iād initially say if weād like to go with this approach, we could create another small service network, put the MaaS host in it, ACL it to only what it needs, then span the needed compute networks to this host - the interfaces should have very strict iptables blocking them from unneeded L2 traffic (although this may not be possible depending on what MAAS needs to see)
Everything itās asking to do is what a rogue host would look for in breaching a network
Note Iām not sure how well a single host will deal with seeing ARP from 1000ās of hosts
@billwear Here is the āSubnetsā tab. VLAN 2436 is where the MAAS server lives, and the nodes that it is currently deploying to are on VLAN 2476. They have their DHCP requests relayed via a helper to the MAAS server.
Correct - if I manually enter the hardware information for a test node on 2476 into MAAS, I am able to commission it and deploy to it. I am also able to PXE boot a node on 2476 and it will get a DHCP address from MAAS so that MAAS can learn about it that way. The only part so far that is not working yet is the discovery (either active or passive). But also, you are correct that this is not the configuration we want long-term. This is our proof-of-concept setup for us to learn about MAAS and see if it would suit our future needs.
Hi Bill. I hope you all had an enjoyable holiday break. This is just a friendly reminder to have this question back on your radar. Thanks.
I have another stalled question here as well, if you or any of your colleagues have advice about the āFailed installing package(s) for 20-maas-01-install-lldpdā error that Iām seeing:
@billwear I just wanted to check in one more time to see if thereās any update here before this thread gets automatically closed due to inactivity like my other ticket (6507) did.