/juju

Mangle source IP address for EC2 traffic that leaves the VPC - fixes LXC on EC2 #2071

Merged
merged 1 commit into from Apr 14, 2015

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@dooferlad @jujubot
@dooferlad
Contributor

dooferlad commented Apr 14, 2015

fixes: 1442801

(Review request: http://reviews.vapour.ws/r/1428/)
@dooferlad
Mangle source IP address for EC2 traffic that leaves the VPC - fixes … 
…LXC on EC2

Fixed "unrecognized printf flag for verb 'T': '#'"
88f5376
@dooferlad
Contributor

dooferlad commented Apr 14, 2015

$$merge$$
@jujubot
Contributor

jujubot commented Apr 14, 2015

Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju

jujubot added a commit that referenced this pull request Apr 14, 2015

@jujubot
Merge pull request #2071 from dooferlad/1.23-fixes-1442801 
Mangle source IP address for EC2 traffic that leaves the VPC - fixes LXC on EC2

fixes: 1442801

(Review request: http://reviews.vapour.ws/r/1428/)
5712832

@jujubot jujubot merged commit 5712832 into juju:1.23 Apr 14, 2015

@dooferlad dooferlad deleted the dooferlad:1.23-fixes-1442801 branch Apr 14, 2015

@dimitern dimitern referenced this pull request May 1, 2015

Merged

Fixed lp:1442801 - forward port to 1.24 #2187

jujubot added a commit that referenced this pull request May 1, 2015

@jujubot
Merge pull request #2187 from dimitern/lp-1442801-1.24 
Fixed lp:1442801 - forward port to 1.24

Live tested on EC2 and MAAS.
See http://pad.lv/1442801.

Forward-port of #2071 to 1.24.
(Review request: http://reviews.vapour.ws/r/1549/)
adf6426

@dimitern dimitern referenced this pull request May 19, 2015

Merged

Ported #2365 and #2190 to 1.24l; fix lp:1442257; disabling SNAT for MAAS #2366

jujubot added a commit that referenced this pull request May 20, 2015

@jujubot
Merge pull request #2366 from dimitern/lp-1442257-lxc-default-mtu-1.24 
Ported #2365 and #2190 to 1.24l; fix lp:1442257; disabling SNAT for MAAS

This includes 2 fixes for 1.24:
* http://pad.lv/1442257 - instead of inheriting LXC containers' host's
  primary NIC's MTU value for container NICs, now we have an optional
  integer environment setting "lxc-default-mtu", which when set to a
  positive number will cause all LXC (but not KVM) NICs to use that MTU.
  This is a straightforward port of #2365 to 1.24.
* Related, but not a fix for http://pad.lv/1443942 (originally proposed
  as #2190 but it didn't land in time) - only add iptables SNAT rules on
  the container hosts for EC2 environments, as this breaks MAAS and it's
  not needed (fallout from the original fix #2071 for bug http://pad.lv/1442801).

The second port is only live-tested on MAAS and EC2, but and improved
fix and more tests will be added later, as described bug lp:1443942.

(Review request: http://reviews.vapour.ws/r/1726/)
b6cff38

@dimitern dimitern referenced this pull request May 21, 2015

Merged

Fixed lp:1442257 - port of #2366 to 1.25 #2392

jujubot added a commit that referenced this pull request May 21, 2015

@jujubot
Merge pull request #2392 from dimitern/lp-1442257-1.25 
Fixed lp:1442257 - port of #2366 to 1.25

This includes 2 fixes for 1.25:

* http://pad.lv/1442257 - instead of inheriting LXC containers' host's
  primary NIC's MTU value for container NICs, now we have an optional
  integer environment setting "lxc-default-mtu", which when set to a
  positive number will cause all LXC (but not KVM) NICs to use that
  MTU. This is a straightforward port of #2365 to 1.25.
* Related, but not a fix for http://pad.lv/1443942 (originally proposed
  as #2190 but it didn't land in time) - only add iptables SNAT rules
  on the container hosts for EC2 environments, as this breaks MAAS and
  it's not needed (fallout from the original fix #2071 for bug
  http://pad.lv/1442801).

Live tested on MAAS and EC2 with the following configurations:
* bootstrap on trusty, add a precise node
* bootstrap on precise, add a trusty node
* in both cases above, do a test with and without the address-allocation
  feature flag
* deploy workloads and relate them in LXC and KVM

More unit tests around the enableNAT logic will be added later,
as described bug lp:1443942.
fd6d4ed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment