we should remove direct DB access for clients
Bug #1253652 reported by
John A Meinel
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| juju-core |
Fix Released
|
High
|
Unassigned | ||
Bug Description
similar to bug #1253651 for Agent access. Once we have the CLI going only via the API (should happen in 1.18), then we no longer need the CLI to have direct DB access.
For Agents we took the approach that in 1.16 the new agents would go via the API, and for new Agents we create they would not get DB access (and then in 1.18 we revoke access for any agent that might have had grandfathered access).
For Clients we do it slightly differently. In 1.18 we change the client to use the API but don't revoke DB access (so that a 1.16 client can issue status against a 1.18 server). In 1.20 we can completely remove access for all clients (because we don't support a 1.16 client talking to a 1.20 server).
| Changed in juju-core: | |
| milestone: | 1.19.0 → 2.0 |
| Changed in juju-core: | |
| status: | Triaged → In Progress |
Revision history for this message
| Michael Foord (mfoord) wrote | #1 |
| Changed in juju-core: | |
| status: | In Progress → Fix Committed |
| Changed in juju-core: | |
| milestone: | none → 1.21-alpha1 |
| Changed in juju-core: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Port 37017 is no longer opened on machines. An upgrade step that closes it on existing systems may be needed. (Only *may* because the firewaller might already handle this for us, but this needs checking.)