[RFE] Support space management on manual providers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Triaged
|
Low
|
Unassigned |
Bug Description
On some real scenarios, we have deployments that demand manual providers on top of multi-homed VMs. In this scenarios, some networks may be blocked or be very strict on the sense of which ports are released.
That is not a problem for the majority of the providers, since we can define spaces on those. More specifically, on controller model, we can specify juju_ha_space to use a more relaxed network, were ports 17070 and 37017 are open on all the nodes.
However, for manual providers, we do not have the concept of space defined. If we deploy on top of a multi-network environment, where one of the networks has ports 17070 and/or 37017 blocked, that will mean juju controller units will learn all the network addresses, but some of the communication will be lost every time, when Juju tries to use the blocked network.
Current work-around is to force all traffic to flow through one single network where ports 17070 and 37017 are freed via iptables.
## QA STEPS:
This issue has been reproduced on the following scenario:
OpenStack deployment with:
- 2 networks
- 2 security groups: first sec group will have ICMP, tcp ports 22, 17070, 37017 freed; second security group is completely blocked
- create machines on 1st network, with 1st security group
- create a port on 2nd network, with 2nd security group
- add said port to the machine
- Deploy all X VMs
- Run manual provider on top
- juju add-machine X - 3 times to add each VM (supposing controllers will be 3 copies)
## Expected result before RFE released:
Machine traffic will change between freed and blocked networks, meaning that some of the tcp flows will be blocked rightaway.
juju list-machines will show machines bouncing between "started" and "down" status because sometimes each node will be able to reach controllers, sometimes not
Adding iptables NAT rules that force traffic to flow through freed network will resolve this issue.
## Expected result after RFE released:
All machines will be set as "started" and will keep that way.
Deployment on top of this env will work fine.
This RFE resolves: https:/
tags: | added: cpe-onsite |
Changed in juju: | |
milestone: | 2.7-beta1 → 2.7-rc1 |
We are currently remodelling spaces in Juju. Once this work is done, we plan to investigate adding operator-defined space support for providers where spaces are unsupported.