/docs

The getting started guide appears to have lost mention of disabling ufw #1142

Closed
chuckbutler opened this Issue Jun 7, 2016 · 7 comments

Comments

Assignees
No one assigned
Labels
2.0 high priority
Projects
None yet
Milestone
No milestone
3 participants
@chuckbutler @pmatulis @evilnick
@chuckbutler
Collaborator

chuckbutler commented Jun 7, 2016
Edited 1 time

Its common for juju newbies to attempt bootstrapping a lxd controller without first disabling ufw. UFW will indeed cause some headaches.

It would be good to call this out in the docs so that new users who experience problems bootstrapping are given the opportunity to catch the pitfall themselves.

It does have a callout to a FAQ but that appears to 404

https://jujucharms.com/docs/devel/getting-started-faq/
@ghost

ghost commented Jun 7, 2016

I've been bitten twice on this. First when I tried to bootstrap localhost on lxd. And then again after I had reenabled ufw when deploying a local charm.

+1
@ghost

ghost commented Jun 7, 2016

One of the reasons this is hard to debug is NOTHING get's printed to debug-log until the juju agent has initialized.
@pmatulis
Contributor

pmatulis commented Jun 7, 2016

If you can be explicit with how iptables/ufw interferes then we can fit something in. There was such a warning at one time ("turn off your firewall") but it was removed due to its bluntness and because nobody could explain it.

The non-existent FAQ page is linked from getting-started-general. Please open a bug to get that fixed quickly.
@ghost

ghost commented Jun 7, 2016

Sure. lxdbr0 is open on 10.176.236.1 and if ufw is on the JuJu agent is blocked. The suggestion to turn it off is a non-advisable solution to enabling it (at best it's a quick litmus test to confirm the bug). Currently I use a rule to 'ALLOW' traffic 'Anywhere' across the address CIDR range 10.176.236.0/24.

@evilnick evilnick added 2.0 high priority labels Jun 7, 2016

@evilnick
Member

evilnick commented Jun 8, 2016
Edited 1 time

according to the LXD guys, the bridge setup script adds rules to iptables and there should be no conflict, except in the possible case where ufw is initialised while LXD is already running.

I will put a note back in to cover this case. I think if there is something more systemic it should probably be addressed elsewhere
@ghost

ghost commented Jun 8, 2016

I see the iptable rules for lxdbr0. Do we know that the JuJu agent is operating within those rules?
@evilnick
Member

evilnick commented Jun 16, 2016

I have added a note #1186 . If there is some problem with the rules created, that would be a LXD bug. If there is some problem with Juju, that would be a Juju bug.

@evilnick evilnick closed this Jul 18, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment