MAAS provider: terminate-machine --force or destroy-environment don't DHCP release container IPs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Fix Released
|
High
|
Dimiter Naydenov | ||
1.24 |
Won't Fix
|
High
|
Unassigned | ||
1.25 |
Fix Released
|
High
|
Dimiter Naydenov |
Bug Description
juju-core 1.24.4
Related to bug #1348663
When using a MAAS provider, juju "leaks" container IP addresses by not DHCP releasing them in the following scenarios:
* terminate-machine --force
Any containers in that machine will not release their leases (without --force does not apply, because juju does not allow you to terminate a machine that still has units on it). The IP of the machine itself is correctly released.
* destroy-environment with or without --force
Only the IPs of the actual machines are released. Container IPs "leak"
One use case is the Autopilot: when removing a deployed region, it issues a destroy-
To give an idea, a cloud deployed on 6 nodes with the autopilot uses 6 IPs for the nodes from MAAS's static range, 37 IPs for the containers from the dynamic range and a few more static ones for virtual IPs for some openstack services. Each time a region is removed, 37 IPs leak in this example.
The cases that are working are:
* terminate-machine with no services: the host IP, taken from the static range, is released
* destroy-service: all container IPs from the service are released. The host IP (from static range) is left untouched because the machine is still up, even though it has no services anymore. It needs a terminate-machine call.
* destroy-unit
* destroy-
tags: | added: landscape |
description: | updated |
summary: |
- MAAS provider: terminate-machine --force or destroy-environment (without - --force) don't DHCP release container IPs + MAAS provider: terminate-machine --force or destroy-environment doesn't + DHCP release container IPs |
summary: |
- MAAS provider: terminate-machine --force or destroy-environment doesn't + MAAS provider: terminate-machine --force or destroy-environment don't DHCP release container IPs |
Changed in juju-core: | |
milestone: | none → 1.24.6 |
Changed in juju-core: | |
status: | Incomplete → Triaged |
milestone: | 1.24.6 → 1.25.0 |
importance: | Undecided → High |
Changed in juju-core: | |
status: | In Progress → Triaged |
assignee: | Dimiter Naydenov (dimitern) → nobody |
Changed in juju-core: | |
milestone: | 1.25-alpha1 → 1.25-beta1 |
Changed in juju-core: | |
milestone: | 1.25-beta1 → 1.25-beta2 |
tags: | added: kanban-cross-team |
tags: | removed: kanban-cross-team |
Changed in juju-core: | |
status: | Incomplete → Confirmed |
Changed in juju-core: | |
status: | Confirmed → Triaged |
Changed in juju-core: | |
milestone: | 1.25-beta2 → 1.25.1 |
tags: | added: bug-squad |
Changed in juju-core: | |
milestone: | 1.26-alpha1 → 1.26-alpha2 |
tags: | added: sts |
Changed in juju-core: | |
status: | In Progress → Fix Committed |
Changed in juju-core: | |
status: | Fix Committed → Fix Released |
This scenario is addressed by the addressable containers feature on MAAS, which allocates static IPs for containers, not leaking DHCP leases. In 1.25 (perhaps even 1.24.x - will confirm later) and when using MAAS 1.8+ Juju registers its containers as MAAS Devices, providing IPs based on the container MAC. Destroying the host instance deallocates its devices and their resources, so we have confirmed even juju destroy-environment --force does not leak DHCP leases. The downside is that behavior is supported only with the "address- allocation" feature flag when bootstrapping, and although it's been available for a while now it's badly documented we're actively soliciting feedback and hope to improve this, making it the default container address management process.