Setting Up MAAS (Metal-as-a-Service) with UDM Pro on Ubuntu 22.04

🏠 Back to Home 📚 More Blogs

Managing bare-metal servers with the same ease as cloud instances is a dream for many DevOps and infrastructure teams. That’s where MAAS (Metal-as-a-Service) comes in. By combining MAAS with a UDM Pro, you can automate Ubuntu deployments using PXE boot, VLANs, and DHCP—bringing cloud-like provisioning to your on-prem servers.

In this guide, I’ll walk through how to set up MAAS with UDM Pro to fully automate bare-metal server provisioning.

🔹 Why MAAS with UDM Pro?

Together, they create a powerful, cloud-like provisioning system for physical infrastructure.

⚙️ Prerequisites

  1. UDM Pro Configuration
    • Enable Option 66 & Option 67 for network boot.
    • Use the absolute path for the boot file, e.g.: 
      bootloader/uefi/amd64/grubx64.efi

    • Add a firewall rule for PXE/TFTP traffic:

      Rule details:

      • Name: Maas server
      • Type: LAN IN
      • Action: Accept
      • Protocol: UDP
      • Ports: 69–65535
      • Destination: MAAS server IP

1. Install MAAS

sudo add-apt-repository ppa:maas/3.4 -y
sudo apt update
sudo apt install maas maas-cli maas-dhcp maas-dns -y
sudo maas init

2. Add Admin User & API Key Setup

After installation, you need to create the first admin user.

sudo maas createadmin

This will ask for:

Once done, MAAS will be accessible at:

👉 http://<your-maas-server-ip>:5240/MAAS

Generate an API Key from the UI

  1. Log in with the admin user credentials.
  2. Go to your User Preferences (top-right corner).
  3. Click Generate API Key.
  4. Copy the key.

Login via CLI with API Key

maas login admin http://<your-maas-server-ip>:5240/MAAS <API_KEY>

3. Import Your SSH Key

To allow passwordless SSH login to deployed machines, import your public SSH key.

From the UI

  1. Go to User Preferences → SSH Keys.
  2. Click Add SSH Key.
  3. Paste your ~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub.

From the CLI

maas admin sshkeys create "key=$(cat ~/.ssh/id_rsa.pub)"

Now, any machine deployed via MAAS will automatically have your SSH key injected.

4. Import Boot Resources

sudo maas admin boot-resources import
maas admin boot-resources read | jq '.[] | {name, type, architecture, complete}'

Check boot files:

ls /var/lib/maas/boot-resources/uefi/

5. Network Setup with UDM Pro

Example CLI setup:

maas admin fabrics read | jq '.[] | {id, name}'
maas admin vlans read 0 | jq '.[] | {id, name, vid, dhcp_on}'
maas admin vlan update 0 1 dhcp_on=true primary_rack=bareops
maas admin subnets create cidr=X.X.X.0/24 gateway_ip=X.X.X.X fabric=0 vlan=1

6. Commission & Deploy Nodes

Commission hardware:

maas admin machine commission <SYSTEM_ID>

Accept and mark as ready:

maas admin machine accept <SYSTEM_ID>
maas admin machine update <SYSTEM_ID> status=Ready

Deploy Ubuntu:

maas admin machine deploy <SYSTEM_ID> distro_series=jammy hwe_kernel=hwe-22.04

7. Enable Password Login on Deployed Ubuntu

By default, MAAS sets up SSH key authentication. To enable password login:

  1. Edit SSH config: 
    PasswordAuthentication yes
PermitEmptyPasswords no
UsePAM yes
KbdInteractiveAuthentication yes
  2. Create drop-in override: 
    sudo mkdir -p /etc/ssh/sshd_config.d
echo -e "PasswordAuthentication yes\nKbdInteractiveAuthentication yes" | \
sudo tee /etc/ssh/sshd_config.d/01-password.conf
  3. Restart SSH: 
    sudo systemctl restart sshd
  4. Set a password: 
    sudo passwd ubuntu

Now you can log in with password auth, even via GUI clients like Remmina.

8. Troubleshooting

âś… Conclusion

By combining MAAS with UDM Pro, you can bring cloud-like automation to your bare-metal infrastructure. From creating users and importing SSH keys to commissioning and PXE boot deployments, everything can be managed remotely—perfect for home labs, staging, or production environments.

🏠 Back to Home 📚 More Blogs