On juju upgrade the security group lost ports for the exposed services
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Invalid
|
High
|
Unassigned | ||
1.25 |
Fix Released
|
High
|
Tim Penhey |
Bug Description
After a recent Juju upgrade from 1.20.14-> 1.22.8 which seemed to go flawless the site was down. Upon investigation the security group port 80 and 443 for the exposed apache2 service even though the service still said it was exposed. Manually adding in the ports to the security group fixed the site.
This is a view of the working security group rules, the rules besides port 80 and 443 were retained:
(mojo-how-
+------
| IP Protocol | From Port | To Port | IP Range | Source Group |
+------
| tcp | 22 | 22 | 10.172.126.0/23 | |
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 37017 | 37017 | 0.0.0.0/0 | |
| udp | 1 | 65535 | | juju-prod45-
| tcp | 22 | 22 | 91.189.90.46/32 | |
| tcp | 1 | 65535 | | juju-prod45-
| tcp | 5666 | 5666 | 91.189.90.46/32 | |
| tcp | 80 | 80 | 0.0.0.0/0 | |
| icmp | -1 | -1 | | juju-prod45-
| tcp | 22 | 22 | 10.172.254.0/23 | |
| tcp | 22 | 22 | 10.172.62.0/23 | |
| tcp | 22 | 22 | 10.172.192.0/23 | |
| tcp | 17070 | 17070 | 0.0.0.0/0 | |
| tcp | 443 | 443 | 0.0.0.0/0 | |
| tcp | 873 | 873 | 91.189.90.46/32 | |
+------
Changed in juju-core: | |
milestone: | none → 1.25.3 |
no longer affects: | juju-core/1.26 |
Changed in juju-core: | |
milestone: | 1.26-beta1 → 2.0-alpha1 |
Changed in juju-core: | |
milestone: | 2.0-alpha1 → none |
Oddly the all-machines hasn't had any updates to it for 3 days. I attached the machine-0.log which does have data from the update.