Table of Contents

How to deploy MAAS

This document will describe how to deploy Ubuntu® MAAS supporting some Windows features.

You can find more info about MAAS here: https://maas.ubuntu.com

Note: If you are deploying on a vmware/esxi environment, be sure to change your network adapter type inside your vmx files to e1000e. Do this for every interface. Example:

ethernet0.virtualDev = "e1000e" 

This should be the case for all other hypervisors as well. Also, if using KVM/QEMU make sure that the block device controllers are IDE or SATA, unless you have bundeled virtio drivers when creating the PXE installation media.

If you plan on deploying MaaS on Hyper-V using Generation 2 images, you will need to disable secure boot in VMs and patch grubx64.efi located in:

wget http://wiki.cloudbase.it/_media/grubnetx64.efi.gz
gunzip grubnetx64.efi.gz
cp grubnetx64.efi /var/lib/maas/boot-resources/current/grubx64.efi

or get the Ubuntu 16.10 grub2 version:

wget http://archive.ubuntu.com/ubuntu/dists/yakkety/main/uefi/grub2-amd64/2.02~beta2-36ubuntu11/grubnetx64.efi \
    -O /var/lib/maas/boot-resources/current/grubx64.efi

Follow this article to compile GRUB with Generation 2 VM support

NOTE: this will be overwritten by maas every time something changes in boot images (eg: upload new image, maas updates images from simplestreams)

Prerequisite

Machine 1 – MAAS Controller

Note

Ubuntu doesn't come with the standard naming interfaces like eth0 eth1 anymore instead you will see ens3 ens9 because of systemd renaming those. Let's assume the ens3 is the primary one and ensp5s the second one.

Example interface configuration:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
 
source /etc/network/interfaces.d/*
 
# The loopback network interface
auto lo
iface lo inet loopback
 
# The primary network interface
auto ens3
iface ens3 inet static
	address 192.168.122.157
	netmask 255.255.255.0
	gateway 192.168.122.1
	dns-nameservers 8.8.8.8 8.8.4.4
 
# The secondary network interface
# This is used for internal maas only
auto ens9
iface ens9 inet static
	address 10.10.10.10
	netmask 255.255.255.0

Machine 2 – Windows Image Generator

Machine 3, 4, etc. – MAAS slaves

Preparing MAAS Controller

Install Ubuntu 16.04 server

Basic install

Add ppa:maas-maintainers/stable

Note: This will add the current MAAS distribution.

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get install openssh-server vlan
sudo apt-get install software-properties-common -y
sudo add-apt-repository ppa:maas/stable -y
sudo apt-get update

Install maas

sudo apt-get install maas maas-dns maas-dhcp maas-proxy -y

NOTE: When asked for the Ubuntu MAAS API address, double check the detected URL uses ens3’s (external) IP address: http://192.168.122.157/MAAS/. You can later change this by running:

sudo dpkg-reconfigure maas-rack-controller

Also, double check that running

sudo dpkg-reconfigure maas-region-controller

shows the IP address of ensp5s (managed NIC), if not set it to 10.10.10.10!

Configure firewall and enable ip forwarding

Add the following lines to one of your startup scripts. For most cases, /etc/rc.local should do.

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

Enable IPv4 forwarding:

echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p

In this example ens3 is the public interface and ens9 is the private one

Create admin user

Insert password when prompted.

# maas 2.0
sudo maas-region createsuperuser

Test MAAS Web interface

Head to http://<maas-server-ip>/MAAS/ and test if the MAAS webpage loads.

Import Ubuntu boot images

To import boot images you have to connect to the MAAS API

sudo maas login <session-name> http://<maas-server-ip>/MAAS/ <maas-key>

You create a session with the name <session-name> which you will use when you want to execute maas commands. <maas-server-ip> is the IP used by your external NIC (eth0) and <maas-key> can be obtained from the web interface at http://<maas-server-ip>/MAAS/account/prefs/

Once you are connected to the MAAS API, you can import Ubuntu boot images

sudo maas <session-name> boot-resources import

Configure the cluster

Edit the default cluster and enable DHCP and DNS on the interface where you will be serving DHCP (see the screenshot as an example).

Open http://<maas-server-ip>/MAAS/clusters/ in a browser; ens9 is most probably the one that needs to be configured.

Example: Router IP = ens9's IP* IP = ens9's IP

Screenshot

How to configure MAAS to be able to boot virtual machines with virsh

The libvirt-bin package needs to be installed to get the virsh command

sudo apt-get -y install libvirt-bin

If you want to use ssh you'll need to generate a ssh key pair for the maas user. By default there is no home directory created for the maas user.

sudo mkdir -p ~maas
sudo chown maas:maas ~maas

Add a login shell for the maas user (we'll only need this for the ssh-copy-id command later; if you're putting ssh keys in place manually or using a different mechanism, this step isn't strictly needed):

sudo chsh -s /bin/bash maas

Generate a SSH keypair as the maas user (hit enter three times to accept the default path and empty password):

sudo -u maas ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/maas/.ssh/id_rsa): 
Created directory '/home/maas/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/maas/.ssh/id_rsa.
Your public key has been saved in /home/maas/.ssh/id_rsa.pub.

Then add the public key to ~ubuntu/.ssh/authorized_keys on the vm server so virsh can use ssh without a password:

sudo -u maas -i ssh-copy-id ubuntu@192.168.122.1

As the maas user, test virsh commands against libvirt at 192.168.122.1:

sudo -u maas virsh -c qemu+ssh://ubuntu@192.168.122.1/system list --all

Set upstream DNS

Open http://<maas-server-ip>/MAAS/settings/ in a browser. Look for "Upstream DNS used to resolve domains not managed by this MAAS" and set the DNS to something like 8.8.8.8

SSH Keys

Add a ssh key for authentification to the nodes

Generate a key:

ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub

Copy the output.

Open http://<maas-server-ip>/MAAS/account/prefs/sshkey/add/ and paste the contents.

x509 keys

Create a x509 certificate to use with WinRM. This command is available on the MAAS node itself.

maas-generate-winrm-cert

For your convenience, there are also self contained binaries available for windows and linux

Copy the outputed key to:

Open http://<maas-server-ip>/MAAS/account/prefs/sslkey/add/ and paste the contents.

Creating a windows image for MaaS

To generate a new image for MaaS, you will need the following powershell scripts:

https://github.com/cloudbase/windows-openstack-imaging-tools/tree/experimental

For the moment, this only works on Windows. Please follow the inscructions detailed in the README of the above repo. There will also be an image builder that works on linux as well provided by the MaaS team. Stay tuned.

Uploading a custom image

At the moment the tools necessary to generate these images are not public. There will be a linux version of the tool available soon, and we are working on getting a windows version as well. This page will be updated as soon as they are made available.

maas root boot-resources create name=windows/win2012r2 architecture=amd64/generic filetype=ddtgz content@=/home/maasctrl/windows-win2012r2-amd64-root-dd

If you are uploading a custom image (anything other then the officially supported ones) you will probably want to use:

maas root boot-resources create name=customOS title="This is my custom OS" architecture=amd64/generic filetype=ddtgz content@=/home/maasctrl/customOS-amd64-root-dd