A snap for managing charmed MAAS deployments.
The following instructions assume that nodes infra1, infra2, infra3 are deployed with Ubuntu 22.04 LTS and their networking is properly configured.
In addition, the instructions assume that MAAS Anvil will deploy all the available components (roles) in all three nodes:
- MAAS region controller
- MAAS rack controller (agent)
- PostgreSQL
- HAProxy
ubuntu@infra{1,2,3}:~$ sudo snap install maas-anvil --edge
ubuntu@infra{1,2,3}:~$ maas-anvil prepare-node-script | bash -x
ubuntu@infra{1,2,3}:~$ newgrp snap_daemonubuntu@infra1:~$ maas-anvil cluster bootstrap \
--role database --role region --role agent --role haproxy \
--accept-defaultsNote: You will be asked for a virtual_ip during installation of the HAProxy charm, if accept-defaults is omitted.
Pass an empty value to disable it, or any valid IP to enable; the Keepalived charm will be installed to enable connecting to HA MAAS using the VIP.
You will be asked for a max_connections during installation of the PostgreSQL charm, if accept-defaults is omitted. Use default if you need the default values of PostgreSQL to be applied to max_connections. If you are aiming for MAAS HA though you have to do one of the following:
- If number of MAAS region nodes is known beforehand, you can calculate the desired max_connections and set them, based on the formula:
max_connections = max(100, 10 + 50 * number_of_region_nodes). - If number of MAAS region nodes is not known, you can set
max_connectionstodynamicand let MAAS Anvil recalculate the appropriate PostgreSQLmax_connectionsevery time a region node is joining or leaving the Anvil cluster. This options includes a database restart with every modification.
While deploying HAProxy, MAAS Anvil will ask you for filepaths pointing to an SSL certificate and private key. If passed, HAProxy will be configured to use the given certificate and key for TLS termination. To skip TLS configuration, enter nothing when prompted for the certificate and key files (this is the behavior if --accept-defaults is passed).
Note that the certificate and key must be accessible by the maas-anvil snap; please make sure these files are in a directory that can be accessed, such as $HOME/.config/anvil.
ubuntu@infra1:~$ maas-anvil cluster add --name infra2.
Token for the Node infra2.: eyJuYW1lIjoibWFhcy00Lm1hYXMiLCJzZWNyZXQiOiI3MmE512342abcdEASWWxOWNlYWNkYmJjMWRmMjk4OThkYWFkYzQzMDAzZjk4NmRkZDI2MWRhYWVkZTIxIiwiZmluZ2VycHJpbnQiOiJlODU5ZmY5NjAwMDU4OGFjZmQ5ZDM0NjFhMDk5NmU1YTU3YjhjN2Q2ZjE4M2NjZDRlOTg2NGRkZjQ3NWMwZWM1Iiwiam9pbl9hZGRyZXNzZXMiOlsiMTAuMjAuMC43OjcwMDAiLCIxMC4yMC4wLjg6NzAwMCJdfQ==
ubuntu@infra1:~$ maas-anvil cluster add --name infra3.
Token for the Node infra3.: eyJuYW1lIjoibWFhcy00Lm1hYXMiLCJzZWNyZXQiOiI3MmE512342abcdEASWWxOWNlYWNkYmJjMWRmMjk4OThkYWFkYzQzMDAzZjk4NmRkZDI2MWRhYWVkZTIxIiwiZmluZ2VycHJpbnQiOiJlODU5ZmY5NjAwMDU4OGFjZmQ5ZDM0NjFhMDk5NmU1YTU3YjhjN2Q2ZjE4M2NjZDRlOTg2NGRkZjQ3NWMwZWM1Iiwiam9pbl9hZGRyZXNzZXMiOlsiMTAuMjAuMC43OjcwMDAiLCIxMC4yMC4wLjg6NzAwMCJdfQ==ubuntu@infra2:~$ maas-anvil cluster join \
--role database --role region --role agent --role haproxy \
--token eyJuYW1lIjoibWFhcy00Lm1hYXMiLCJzZWNyZXQiOiI3MmE512342abcdEASWWxOWNlYWNkYmJjMWRmMjk4OThkYWFkYzQzMDAzZjk4NmRkZDI2MWRhYWVkZTIxIiwiZmluZ2VycHJpbnQiOiJlODU5ZmY5NjAwMDU4OGFjZmQ5ZDM0NjFhMDk5NmU1YTU3YjhjN2Q2ZjE4M2NjZDRlOTg2NGRkZjQ3NWMwZWM1Iiwiam9pbl9hZGRyZXNzZXMiOlsiMTAuMjAuMC43OjcwMDAiLCIxMC4yMC4wLjg6NzAwMCJdfQ==ubuntu@infra3:~$ maas-anvil cluster join \
--role database --role region --role agent --role haproxy \
--token eyJuYW1lIjoibWFhcy00Lm1hYXMiLCJzZWNyZXQiOiI3MmE512342abcdEASWWxOWNlYWNkYmJjMWRmMjk4OThkYWFkYzQzMDAzZjk4NmRkZDI2MWRhYWVkZTIxIiwiZmluZ2VycHJpbnQiOiJlODU5ZmY5NjAwMDU4OGFjZmQ5ZDM0NjFhMDk5NmU1YTU3YjhjN2Q2ZjE4M2NjZDRlOTg2NGRkZjQ3NWMwZWM1Iiwiam9pbl9hZGRyZXNzZXMiOlsiMTAuMjAuMC43OjcwMDAiLCIxMC4yMC4wLjg6NzAwMCJdfQ==ubuntu@infra1:~$ maas-anvil cluster list
┏━━━━━━━━┳━━━━━━━━┳━━━━━━━━┳━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━┓
┃ Node ┃ Status ┃ Region ┃ Agent ┃ Database ┃ HAProxy ┃
┡━━━━━━━━╇━━━━━━━━╇━━━━━━━━╇━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━┩
│ infra1 │ up │ x │ x │ x │ x │
│ infra2 │ up │ x │ x │ x │ x │
│ infra3 │ up │ x │ x │ x │ x │
└────────┴────────┴────────┴───────┴──────────┴─────────┘ubuntu@infra1:~$ juju run maas-region/0 create-admin username=admin password=pass [email protected] ssh-import=lp:maasadminYou can refresh the cluster by running the refresh command:
ubuntu@infra1:~$ maas-anvil refreshThis allows passing a new manifest file with --manifest for updating configuration options. If --manifest - is passed, then the manifest is loaded from stdin.
If you get an error message such as:
please enter password for $node on anvil-controller:It is because Juju oauth macaroons typically expire after 24h. If you need to interact with the MAAS-anvil Juju controller after this time has passed, you will need to re-authenticate your session.
You can do this directly using the MAAS-anvil command:
ubuntu@$node:~$ maas-anvil juju-loginYou can also manually fetch the login credentials from anvil with:
ubuntu@$node:~$ cat ~/snap/maas-anvil/current/account.yaml
password: $password
user: $userAnd juju login as usual.
- MAAS Region: https://charmhub.io/maas-region
- MAAS Region: https://charmhub.io/maas-agent
- PostgreSQL: https://charmhub.io/postgresql
- HAProxy: https://charmhub.io/haproxy
- Keepalived: https://charmhub.io/keepalived