Restoring Previous States

Hey, I’m looking to use MAAS to automatically set up my network on boot. I’d like to be able to wipe my whole network and then automatically restore it to its previous state. Does anyone know how I can save the settings I use to provision machines and then re-apply those settings later on down the road after everything gets wiped?

Also, is there a way I can make MAAS automatically configure machines instead of having to push buttons in the UI? The UI is a nice feature but I’d like to be able to map MAC addresses to specific configurations after they are created in the UI the first time around.

Can you explain more about “wiping your whole network?” Do you mean you’d like to destroy your netplan.yaml file and have MAAS re-build the networking configuration on subsequent boots on a single/multiple servers? Or are you talking about rebuilding all servers on a network?

In what way are you wiping the network settings on the deployed servers?

You can’t change the network configuration for a deployed server in MAAS via the GUI, but you can change it via the CLI/API, however, the change won’t be passed down to the machine until it’s released and re-deployed.

As for automatically configuring machines, I’d recommend automating your configuration via MAAS API or MAAS CLI directly. You can query all machines, search for the MAC address you want to configure, grab whatever machine ID that MAC address exists on, and then perform any queries and changes needed after commissioning, but before deployment.

I believe there are also system profiles you can use to create a generic systems configuration which you could apply to new machines if you’re intending to configure several machines with the same network, operating system, and storage configurations.

Hey @afreiberger – thank you so much for your response and guidance.

I’m basically looking to reformat every drive on the network by encrypting it and then erasing everything once per week. I’m not quite sure how this would be possible with a network that has about 20 drives currently. I also have learned the hard way that simply reformatting and reinstalling is not good enough to get rid of more modern malware. But I’d still like to stick to my plan and come up with something that can quickly reset itself so I can at least say to myself, “At least the malware owner has to manually type something to deliver me their next payload.” I already have a massive Ansible playbook that can provision the machines. All I need is the MAAS-provisioned systems with SSH access set up to come online in an automated way from “factory” state drives.

I really like MAAS because it seems like it’s capable of handling the reinstall process and it has a GUI which will be useful for other people leveraging my open source work. I’m designing the system to assume that all of the hard drives are completely wiped (except for the MAAS controller obviously) when MAAS begins provisioning them. I’d like to have MAAS run the installation and post-boot script with custom settings for each MAC address (i.e. it has to know which hard drive labels to format, the IP address, other cloud-config-like settings, the hostname, FQDN, etc.) – is it possible to save the provisioning profiles and automatically associate computers to those profiles based on MAC address if the systems come back online with wiped disks without any interaction from the GUI?

Great to hear about your use case Yaroch.

You could use the secure erase drive feature when you release the machines. If it’s in the GUI (which it is), then it should be in the API.

To programatically do what you want to do, you’d iterate over your machines by doing a machine listing. If you’ve got them already in an ansible inventory then you can iterate over that. Release all the machines and tell MAAS to securely erase their drives. After that they should all return to the ready state, and you can redeploy them.

1 Like

btw, maybe of interest is this new terraform provider which we haven’t released/tested properly yet, but we aim to do so next cycle (22.10). But it is here now: