Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JUJU-3472] Lxd cert validation bug #15416

Merged
merged 1 commit into from Apr 5, 2023
Merged

[JUJU-3472] Lxd cert validation bug #15416

merged 1 commit into from Apr 5, 2023

Conversation

tlm
Copy link
Member

@tlm tlm commented Apr 3, 2023
edited by hpidcock

A change introduced to Juju introduced the concept of re-using the HTTP client for LXD connections to multiple different servers. The LXD client however when passed it's own http server modifies the transport for the http client. This causes the same http client to keep having it's transport modified for different connections.

The result is that https validation fails for some lxd remotes because the transport is configured for a different server.

Checklist

If an item is not applicable, use ~strikethrough~.

  • Code style: imports ordered, good names, simple structure, etc
  • Comments saying why design decisions were made
  • Go unit tests, with comments saying what you're testing
  • Integration tests, with comments saying what you're testing
  • doc.go added or updated in changed packages

QA steps

To test this properly you need to LXD clouds (not the same cloud added twice) to the controller.

  1. Bootstrap a controller to your first LXD cloud
  2. Add a model called one
  3. Add a machine to the model one
  4. Add a second lxd cloud and credentials
  5. Add a new model called two using the cloud created in step 4
  6. Deploy a new machine to the two model.
  7. Kill the controller

If everything work you will receive no error messages about x509 certs. If it's failing the controller model will fail to be destroyed because the http client was setup for the two model and the x509 certs will fail.

Documentation changes

N/A

Bug reference

https://bugs.launchpad.net/juju/+bug/2003135

@tlm tlm force-pushed the lxd-cert-validation branch 3 times, most recently from 310f6b4 to f10830f Compare April 4, 2023 07:24
hpidcock
hpidcock approved these changes Apr 4, 2023
View reviewed changes
Copy link
Member

@hpidcock hpidcock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. LGTM

@hpidcock hpidcock added the 2.9 label Apr 4, 2023
@hmlanigan
Copy link
Member

/build

@hmlanigan
Copy link
Member

/merge

1 similar comment
@tlm
Copy link
Member Author

tlm commented Apr 4, 2023

/merge

@tlm
Copy link
Member Author

tlm commented Apr 5, 2023

/merge

@tlm
New http client for lxd connections.
7728ffa 
A change introduced to Juju introduced the concept of re-using the HTTP
client for LXD connections to multiple different servers. The LXD client
however when passed it's own http server modifies the transport for the
http client. This causes the same http client to keep having it's
transport modified for different connections.

The result is that https validation fails for some lxd remotes because
the transport is configured for a different server.

Fixes LP2003135
@tlm
Copy link
Member Author

tlm commented Apr 5, 2023

/merge

@jujubot jujubot merged commit c98d217 into juju:2.9 Apr 5, 2023
18 of 19 checks passed
@jack-w-shaw jack-w-shaw mentioned this pull request Apr 17, 2023
Merged
jujubot added a commit that referenced this pull request Apr 17, 2023
@jujubot
Merge pull request #15494 from jack-w-shaw/3.2-into-develop
44387bc 
#15494

Merges:
- #15399
- #15395
- #15414
- #15417
- #15418
- #15419
- #15413
- #15420
- #15422
- #15424
- #15416
- #15428
- #15423
- #15426

Conflicts resolved trivially
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hpidcock hpidcock hpidcock approved these changes

Assignees
No one assigned
Labels
2.9
Projects
None yet
Milestone
No milestone
4 participants
@tlm @hmlanigan @hpidcock @jujubot