close_port followed by open_port results in a closed port

Bug #1962755 reported by Junien Fridrick
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical Juju
Fix Released
High
Yang Kelvin Liu

Bug Description

Hello,

juju 2.9.25

Running "close_port" followed by "open_port" for the same port in a single hook result in the port getting closed. The last action taken on the port should be the one that's considered.

Thanks

Ian Booth (wallyworld)
Changed in juju:
milestone: none → 2.9.26
status: New → Triaged
importance: Undecided → High
Haw Loeung (hloeung)
description: updated
Changed in juju:
milestone: 2.9.26 → 2.9.27
Revision history for this message
Haw Loeung (hloeung) wrote :

We currently have two main charms known to be affected by this, haproxy (LP:1962584) and apache2 (LP:1964529).

tags: added: upgrade-juju
tags: added: canonical-is canonical-is-upgrades
Changed in juju:
status: Triaged → In Progress
assignee: nobody → Yang Kelvin Liu (kelvin.liu)
Revision history for this message
Yang Kelvin Liu (kelvin.liu) wrote :

We do have some logic in the unit agent to prevent this happen in 2.9.
Is the model running on 2.8?

Revision history for this message
Haw Loeung (hloeung) wrote :

No, all models on this controller were some version of 2.9. Some on 2.9.18 but most were 2.9.21 as that was also what the controller was running. So it was fallout from upgrading the controller, and models, from 2.9.21 to 2.9.25. FWIW, this is the main PS4.5 shared Juju 2 controllers.

Revision history for this message
Yang Kelvin Liu (kelvin.liu) wrote :
Ian Booth (wallyworld)
Changed in juju:
status: In Progress → Fix Committed
Changed in juju:
status: Fix Committed → Fix Released
John A Meinel (jameinel)
tags: added: close-port open-port
Revision history for this message
John A Meinel (jameinel) wrote :

I believe they ran into this bug again (today) when upgrading a Juju controller in AWS.

The fix in the PR does appear to "do the right thing". With the caveat that when you upgrade a controller (which is the thing that changes what config hashes are being computed, and thus whether you trigger config-changed), you don't also upgrade the unit agent (where this fix was done).

And when you do upgrade the unit agent, it won't compute a *new* config hash, so it won't re-run config changed one more time for it to fix the bug when you upgraded the controller.

In the AWS upgrade it looks like they did
 2.9.18 to 2.9.32

So the sequencing is:
Controller Agent
2.9.18 2.9.18
2.9.32 2.9.18 Notices a change in the config hash, runs config-changed
   the charm calls close-port 443, open-port 443. 2.9.18 still sees one of
   those as a no-op (because the port is already open/closed) causing the port
   to toggle
2.9.32 2.9.32 nothing to be done because the config hasn't changed

Note also that `juju unexpose` ; `juju expose` won't fix anything, because it isn't that Juju told the cloud the wrong thing. It is that juju interpreted what the charm told it should be opened incorrectly.
You probably could do `juju run --unit X -- hooks/config-changed` after the upgrade, and have that fix the problem.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.