Hi Jim, Typically the metadata API is only accessed by cloud-init at deployment time, but if you have the correct credentials, you can access it.
When the PXE boot process gets the configuration, it goes something like this, assuming the MAC address of the node is 52:54:00:0a:25:ac... # curl tftp://localhost/pxelinux.cfg/01-52-54-00-0a-25-ac APPEND nomodeset ... cloud-config-url= http://172.16.99.2:5240/MAAS/metadata/latest/by-id/nrwbgy/?op=get_preseed ... So the PXE process adds a kernel parameters which allows cloud-init to access its configuration data. That configuration data will contain the authentication parameters, such as: # curl http://172.16.99.2:5240/MAAS/metadata/latest/by-id/nrwbgy/?op=get_preseed ... reporting: maas: {consumer_key: wAV38gKN2rZKh9QHtX, endpoint: ' http://172.16.99.2:5240/MAAS/metadata/status/nrwbgy', token_key: GKgqt9xJwDbAXwk7uX, token_secret: nzGPjpEnA9HTfGTezwy2w2DV4SEuu6rR, type: webhook} ... Given that information, you can use an oauth1 library to generate credentials. Note that a new signature must be used for each request. For example: # python3 >>> import oauthlib.oauth1 as oauth1 >>> import time # Construct the OAuth client, using the consumer_key, resource_owner_key as token_key, and token_secret as resource_owner_secret. >>> client = oauth1.Client('wAV38gKN2rZKh9QHtX', client_secret='', resource_owner_key='GKgqt9xJwDbAXwk7uX', resource_owner_secret='nzGPjpEnA9HTfGTezwy2w2DV4SEuu6rR', signature_method=oauth1.SIGNATURE_PLAINTEXT, timestamp=str(int(time.time()))) # This line of code will format the OAuth key so we can use it as an HTTP header. >>> for k, v in client.sign(' http://172.16.99.2:5240/MAAS/metadata/status/nrwbgy')[1].items(): print("%s: %s" % (k, v)) ... Authorization: OAuth oauth_nonce="94760624936955683481482190759", oauth_timestamp="1482190509", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="wAV38gKN2rZKh9QHtX", oauth_token="GKgqt9xJwDbAXwk7uX", oauth_signature="%26nzGPjpEnA9HTfGTezwy2w2DV4SEuu6rR" # Now you can use the credentials (for a single request). For example: # curl -H 'Authorization: OAuth oauth_nonce="94760624936955683481482190759", oauth_timestamp="1482190509", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="wAV38gKN2rZKh9QHtX", oauth_token="GKgqt9xJwDbAXwk7uX", oauth_signature="%26nzGPjpEnA9HTfGTezwy2w2DV4SEuu6rR"' http://172.16.99.2:5240/MAAS/metadata/status/nrwbgy So, long story short: you should be able to parse /proc/cmdline yourself to grab the cloud-config-url, which would then allow you to retrieve the credentials you need to access the metadata server. Regards, Mike On Wed, Feb 1, 2017 at 9:44 AM, Jim Tilander <[email protected]> wrote: > > Hi, > > Is there some up to date information on how to access the metadata API? > > This seems woefully out of date and also incorrect: https://maas. > ubuntu.com/docs/development/metadata.html > > Looking at the apache access logs, there are different paths that are > begin accessed. > > * Is there a stable API endpoint that one can call during deployment > scripts? > * Can one call the metadata API post deployment? > * How are the nodes supposed to authenticate? I keep getting Forbidden > replies. > > Cheers, > Jim > > > > -- > Maas-devel mailing list > [email protected] > Modify settings or unsubscribe at: https://lists.ubuntu.com/ > mailman/listinfo/maas-devel > >
-- Maas-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/maas-devel
