New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filter out icmpv6 when reading back ec2 security groups. #16383
Conversation
Best way to test this is to bootstrap with the following:
You can then confirm from the logs that we are not seeing the firewater crash from reading in the icmpv6 rules. I have tested this on my end and can't see any issues. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
We should loop back around soon and give Juju icmpv6 support. That would be the best outcome. |
/merge |
#16399 Merges: - #16321 - #16361 - #16373 - #16387 - #16386 - #16389 - #16391 - #16398 - #16383 - #16366 Conflicts: - upgrades/operations.go - upgrades/upgrade_test.go All conflicts from #16366. Arising simply from the version number in upgrade_steps I also needed to rename steps_317.go to steps_324.go
#16401 Merges: - #16354 - #16321 - #16361 - #16373 - #16377 - #16387 - #16386 - #16389 - #16392 - #16391 - #16398 - #16383 - #16366 - #16399 Conflicts: - state/upgrades.go - state/upgrades_test.go - upgrades/backend.go - upgrades/operations.go - upgrades/upgrade_test.go All conflicts resulting from #16366 Since this is an unreleased minor version, we do not need upgrade steps (there is nowhere to upgrade from), so drop them
#16407 Merge `3.3` into `main`: - #16354 - #16321 - #16361 - #16373 - #16377 - #16387 - #16389 - #16392 - #16391 - #16398 - #16383 - #16366 - #16367 - #16382 ``` # Conflicts: # apiserver/facades/client/application/application_unit_test.go # apiserver/facades/client/secrets/secrets.go # apiserver/facades/controller/caasoperatorprovisioner/provisioner_test.go # apiserver/facades/controller/caasunitprovisioner/provisioner_test.go # caas/kubernetes/provider/application/application_test.go # caas/kubernetes/provider/k8s_test.go # caas/kubernetes/provider/operator_test.go # internal/docker/registry/internal/gitlab.go # state/secrets_test.go ```
Firewaller is crashing when trying to read rules out of the ec2 provider.
This is due to #16061 adding in the minimum icmpv6 rules for proper v6 support in aws that should, until juju models this better, be hidden from the firewaller.
QA steps
@tlm how best to test this?
Documentation changes
N/A
Links
https://jenkins.juju.canonical.com/job/test-deploy-test-deploy-bundles-aws/3336/