Ceph RADOS Gateway Charm

Bug #1924780
Comment #13

Comment 13 for bug 1924780

Revision history for this message

George Kraft (cynerva) wrote on 2021-04-29: Re: easyrsa install hook fails on public address not found

#13

On Juju 2.9.0:

$ juju version
2.9.0-ubuntu-amd64
$ juju show-model | grep agent-version
agent-version: 2.9.0

If I do a simple deploy of easyrsa on AWS:

$ juju deploy cs:~containers/easyrsa

The unit comes up with a public address:

$ juju run --unit easyrsa/0 -- unit-get public-address
34.215.45.91

That address is *not* visible with network-get:

$ juju run --unit easyrsa/0 -- network-get client
bind-addresses:
- mac-address: 06:c0:ef:72:54:17
  interface-name: ens5
  addresses:
  - hostname: ""
    address: 172.31.32.190
    cidr: 172.31.32.0/20
  macaddress: 06:c0:ef:72:54:17
  interfacename: ens5
- mac-address: b2:bd:96:fb:b9:61
  interface-name: fan-252
  addresses:
  - hostname: ""
    address: 252.32.190.1
    cidr: 252.32.0.0/12
  macaddress: b2:bd:96:fb:b9:61
  interfacename: fan-252
egress-subnets:
- 172.31.32.190/32
ingress-addresses:
- 172.31.32.190
- 252.32.190.1

You're saying I need to create a space that contains the relevant subnets for which I want to expose the endpoint, right? There isn't an existing space that covers it:

$ juju spaces
Name Space ID Subnets
alpha 0 172.31.0.0/20
                 172.31.16.0/20
                 172.31.32.0/20
                 172.31.48.0/20
                 252.0.0.0/12
                 252.16.0.0/12
                 252.32.0.0/12
                 252.48.0.0/12

So, you want me to take the 279 public subnets for us-west-2 that are defined in https://ip-ranges.amazonaws.com/ip-ranges.json and create a space with them. Okay. Let me try one:

$ juju add-space public 34.208.0.0/12
ERROR cannot add space "public": subnet "34.208.0.0/12" not found

Yep, Juju isn't aware of the public subnets:

$ juju subnets
subnets:
  172.31.0.0/20:
    type: ipv4
    provider-id: subnet-931b23c8
    provider-network-id: vpc-ea4c7a8c
    status: in-use
    space: alpha
    zones:
    - us-west-2c
  172.31.16.0/20:
    type: ipv4
    provider-id: subnet-a7235bc1
    provider-network-id: vpc-ea4c7a8c
    status: in-use
    space: alpha
    zones:
    - us-west-2b
  172.31.32.0/20:
    type: ipv4
    provider-id: subnet-4c1b8204
    provider-network-id: vpc-ea4c7a8c
    status: in-use
    space: alpha
    zones:
    - us-west-2a
  172.31.48.0/20:
    type: ipv4
    provider-id: subnet-ff8d38d4
    provider-network-id: vpc-ea4c7a8c
    status: in-use
    space: alpha
    zones:
    - us-west-2d
  252.0.0.0/12:
    type: ipv4
    provider-id: subnet-931b23c8-INFAN-172-31-0-0-20
    provider-network-id: vpc-ea4c7a8c
    status: in-use
    space: alpha
    zones:
    - us-west-2c
  252.16.0.0/12:
    type: ipv4
    provider-id: subnet-a7235bc1-INFAN-172-31-16-0-20
    provider-network-id: vpc-ea4c7a8c
    status: in-use
    space: alpha
    zones:
    - us-west-2b
  252.32.0.0/12:
    type: ipv4
    provider-id: subnet-4c1b8204-INFAN-172-31-32-0-20
    provider-network-id: vpc-ea4c7a8c
    status: in-use
    space: alpha
    zones:
    - us-west-2a
  252.48.0.0/12:
    type: ipv4
    provider-id: subnet-ff8d38d4-INFAN-172-31-48-0-20
    provider-network-id: vpc-ea4c7a8c
    status: in-use
    space: alpha
    zones:
    - us-west-2d

I can't use `juju add-subnet` either:

$ juju add-subnet 34.208.0.0/12 alpha
ERROR cannot add subnet: subnet with CIDR "34.208.0.0/12" not found

Looking at Juju's documentation on network spaces[1], it sounds like this is about what's expected for non-MAAS providers. Creating subnets is not a documented thing. No documentation around handling public subnets whatsoever. I do not see a create-subnet command or anything along those lines in `juju help commands`.

Again, the charm needs to know the 34.215.45.91 IP because it must be included in the charm's certificate. It does not appear possible to obtain this without using `unit-get public-address`. What am I missing?

[1]: https://juju.is/docs/olm/network-spaces