controller on a virtual machine, virbr0 from nova-compute being returned as primary ip address for host.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
High
|
John A Meinel |
Bug Description
This bug seems somehow similar to https:/
Juju ssh to base-machine/0 seems to work fine:
ubuntu@atlas:~$ juju ssh base-machine/0
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-47-generic x86_64)
* Documentation: https:/
* Management: https:/
* Support: https:/
System information as of Thu Nov 24 05:50:28 UTC 2016
System load: 1.39 Processes: 870
Usage of /: 2.4% of 457.83GB Users logged in: 0
Memory usage: 52% IP address for br-eth0: 10.96.11.42
Swap usage: 0% IP address for lxdbr0: 10.0.0.1
Graph this data and manage this system at:
https:/
Get cloud support with Ubuntu Advantage Cloud Guest:
http://
Last login: Thu Nov 24 05:49:33 2016 from 10.96.0.10
ubuntu@bibarel:~$ logout
Connection to 10.96.11.42 closed.
But juju ssh to base-machine/2 is returning '192.168.122.1', which happens to be the same virtual network that libvirt chose on the machine that I'm doing the SSH *from*! leading to a ssh MITM error.
ubuntu@atlas:~$ juju ssh base-machine/2
@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:
Please contact your system administrator.
Add correct host key in /tmp/ssh_
Offending RSA key in /tmp/ssh_
remove with:
ssh-keygen -f "/tmp/ssh_
ECDSA host key for 192.168.122.1 has changed and you have requested strict checking.
Host key verification failed.
----- Machine that base-machine/2 should have logged into -------
System load: 0.0 Users logged in: 0
Usage of /: 2.6% of 457.83GB IP address for br-eth0: 10.96.11.46
Memory usage: 6% IP address for lxdbr0: 10.0.0.1
Swap usage: 0% IP address for virbr0: 192.168.122.1
Processes: 727
Notice the virbr0 above.
nova-compute-kvm, nova-compute-
I think the tricky bit here, is the controller is deployed in a network that has 192.168.122.0/24 as routable (the controller is on a VM). And the virbr0 that is created when the kvm/libvirt packages are installed are also choosing that network.
This leads to a total failure. Agents get messed up, relations start trying to contact '192.168.122.1' to send relation data, but that internally routes to THEMSELVES. It's a very bad situation.
Truth be told, I'm not sure what should happen in this situation. But it took me a while to figure out what was going on here, so I thought I would file a bug.
tags: | removed: kanban-cross-team |
Changed in juju: | |
status: | New → Confirmed |
assignee: | nobody → John A Meinel (jameinel) |
importance: | Undecided → High |
milestone: | none → 2.1-rc1 |
status: | Confirmed → Triaged |
Changed in juju: | |
status: | Triaged → In Progress |
Changed in juju: | |
status: | Fix Committed → Fix Released |
Possible dupe of bug 1473069