maas-proxy was never meant to be used on internet facing scenarios. The
maas-proxy configuration status that MAAS doesn't automatically add
networks and that one that it would. This will be done for 2.0 and wont
be done for any earlier release. MAAS documentation will be updated to
state this
For the 1.9 backport of this fix, rather than introduce a schema
migration (as done for 2.0), we'll simply allow all known subnets to use
the proxy, with a note in the proxy config to disable unwanted subnets
with iptables.
** Also affects: maas (Ubuntu Trusty)
Importance: Undecided
** Tags added: hwcert-server
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1379567
Title:
maas-proxy is an open proxy with no ACLs; it should add networks
automatically
To manage
This also needs a 1.9 target as well. I just discovered this while
investigating proxy issues on a customer MAAS server and found that they
have an open maas proxy with a ton of external connections to it :/
--
You received this bug notification because you are a member of Ubuntu
Server Team,
** Branch linked: lp:~lamont/maas/create-maas-proxy.conf-packaging
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1379567
Title:
maas-proxy is an open proxy with no ACLs; it should
** Changed in: maas
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1379567
Title:
maas-proxy is an open proxy with no ACLs; it should add
** Changed in: maas
Assignee: (unassigned) => LaMont Jones (lamont)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1379567
Title:
maas-proxy is an open proxy with no ACLs; it
I agree with the concerns about documentation.
Currently, maas-proxy is an optional package which does not depend on
the MAAS region server (or any other MAAS component). It's analogous to
squid-deb-proxy.
The squid-deb-proxy approach to security is to ship (in an
autogenerated/ directory, which
I'm disappointed that maas being an open proxy isn't mentioned anywhere in the
documentation, that I could find. It should be mentioned in big bold red
letters, maybe blink or marquee. The, "not designed to be run on the internet"
is fine, but it should be well documented and so should the
I've seen users complain that when we change this file it gets
overwritten automatically. (I guess we should also move it to /var, if
we're going to be automatically generating the configuration.)
Should every network MAAS knows about be included in the allow list? Or
is finer control needed?
--
s/when we change this/when they change that/
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1379567
Title:
maas-proxy is an open proxy with no ACLs; it should add networks
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: maas (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1379567
** Changed in: maas
Milestone: 1.9.0 => 2.0.0
** Changed in: maas
Importance: Wishlist => Critical
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1379567
Title:
maas-proxy is
13 matches
Mail list logo
