-
Notifications
You must be signed in to change notification settings - Fork 501
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.7 - Hostname resolution in network-get omits loopback IPs #11638
Conversation
!!build!! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The last commit LGTM.
Can you also update the bit about filtering in the PR description and add something along the lines of "if only loopback IPs are found, we log an error advising the operator on how to tweak the system settings to ensure proper IP discoverability"?
non-loopback address if possible.
as loopback address(es).
50fbcf8
to
7ef1496
Compare
|
1 similar comment
|
#11688 Merge 2.7 into 2.8 to bring forward: - #11657 from manadart/2.7-update-gorilla-websocket - #11638 from manadart/2.7-local-machine-addrs - #11639 from SimonRichardson/unpin-machine-applications-on-destroy - #11650 from manadart/2.7-pruner-test-kill - #11660 from achilleasa/2.7-ensure-cert-leafs-are-at-least-384-bytes-long - #11664 from ycliuhw/fix/OCI-fetch-2.7 Some of these are effectively no-ops. The material changes are: - The logging instead of throwing or errors in #11639. - #11638.
Description of change
When a manual machine is provisioned using a FQDN, that name is what is returned by the instance-poller for provider addresses. This means that this name is often also returned as the preferred private and public machine addresses.
In turn, when
network-get
runs for a unit on such a machine, the FQDN is resolved before returning an address result. When it resolves addresses, it returns the first it finds.We have observed cases where the machine hosts file has an entry like this:
This means that the IP returned by
network-get
is not usable by relations to the unit.This patch ensures that where possible, we filter
127.*.*.*
addresses before returning host-name resolved addresses. If filtering removes all addresses, we log a warning message to give the operator some information for possible resolution.QA steps
To do this, I have a LXD profile that includes my Juju SSH key in authorised keys for the "ubuntu" user.
manual-ctrl
andmanual-m1
.juju bootstrap manual/ssh:ubuntu@<manual-ctrl IP> net-get-test --debug --no-gui
.lxc exec manual-m1 bash
and add an entry to the hosts file like this:127.0.1.1 manual-m1.lxd manual-m1
.<manual-m1 IP> manual-m1
.juju add-machine ssh:ubuntu@manual-m1
.juju deploy percona-cluster mysql --to 0
and await quiescence.juju run --unit mysql/0 "network-get --format yaml db"
.juju debug-log --include mysql/0
should include a warning entry like this:Documentation changes
None.
Bug reference
https://bugs.launchpad.net/juju/+bug/1831580