Juju "network-get" doesn't allow getting source address of Fan network through relations
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Triaged
|
Low
|
Unassigned |
Bug Description
Let's say one wants to monitor services and units with Nagios for a deployment such as kubernetes-core. When LXD containers are used on top of cloud providers other than MAAS, Ubuntu Fan network will be enabled by Juju to assign IP addresses for those containers. In this case, Nagios will have a monitoring error because it will be rejected by nrpe's ACL in LXD containers as the charm doesn't know about the source IP address of Fan through relations.
It might be a charm bug, but it sounds a missing functionality in Juju's network-get if I'm not mistaken.
How to reproduce:
$ juju version
2.7.1-eoan-amd64
[on aws]
$ juju deploy kubernetes-core --overlay ./nagios-nrpe.yaml
Then, open http://<nagios unit address>/nagios3 and login with username=
juju run --unit nagios/leader -- cat /var/lib/
In "Services" view, you will see the following error only for units in LXD containers (in this case, easyrsa):
CHECK_NRPE: Error - Could not connect to 252.37.48.110: Connection reset by peer
What happened is that the nrpe charm set up ACL using IP addresse(s) passed through relations and wrote it as:
$ grep allowed_hosts /etc/nagios/
allowed_
It doesn't include Nagios' IP address in Fan network (252.46.155.1) which is actually used for connecting to LXD containers because "network-get --*-address" (most of the charms relies on it) doesn't return the IP. "network-get" command only has options with --*-address (singular, not plural) while network-get itself is aware of that Fan IP address.
$ juju run --unit nagios/leader -- network-get monitors --ingress-address
172.31.46.155
$ juju run --unit nagios/leader -- network-get monitors --bind-address
172.31.46.155
$ juju run --unit nagios/leader -- network-get monitors --egress-subnets
172.31.46.155/32
$ juju run --unit nagios/leader -- network-get monitors
bind-addresses:
- macaddress: 06:dd:9b:f3:4c:4c
interfacename: ens5
addresses:
- hostname: ""
address: 172.31.46.155
cidr: 172.31.32.0/20
- hostname: ""
address: 172.31.46.155
cidr: 172.31.32.0/20
- macaddress: 1a:03:91:54:c4:2c
interfacename: fan-252
addresses:
- hostname: ""
address: 252.46.155.1
cidr: 252.32.0.0/12
egress-subnets:
- 172.31.46.155/32
ingress-addresses:
- 172.31.46.155
- 172.31.46.155
- 252.46.155.1
Changed in juju: | |
status: | New → Triaged |
importance: | Undecided → Medium |
tags: | added: network |
tags: | added: sts |
A workaround for this specific nrpe is to add 252.46.155.1 (in this example) from the Fan network explicitly through charm option:
$ juju config nrpe nagios_ master= 252.46. 155.1
However, this is a charm-level workaround and not feasible always.