Canonical Juju

egress-subnets not equivalent to --via

Bug #1880072 reported by Paul Collins
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Expired
High
Unassigned

Bug Description

The documentation at https://juju.is/docs/cross-model-relations#heading--relations-and-firewalls leads me to believe that the following should be equivalent:

Case 1)

juju model-config egress-subnets=10.9.8.0/24
juju relate mattermost admin/othermodel.postgresql

Case 2)

juju relate mattermost admin/othermodel.postgresql --via 10.9.8.0/24

However, with Juju 2.8-rc2, in my testing, for case 1, cs:postgresql charm adds entries to pg_hba.conf for the k8s internal subnet, whereas in case 2 it behaves as I expect and adds entries for the specified network.

See original description
Tags: bundles
Paul Collins (pjdc)
description: updated
Revision history for this message
Ian Booth (wallyworld) wrote :

It looks like there's 2 code paths here.

When a unit enters scope, the relation data is set up and initial ingress and egress info is added to the relation data. It seems there's a bug in this code which does not fall back to the model default egress-subnets if --via is not used.

Then there's the network-get hook command which prints out the network info and which does seem to do the right thing.

So if the charm gets its network info straight from relation data and not network-get, then that could explain the observed behaviour.

Changed in juju:
milestone: none → 2.8.1
importance: Undecided → High
status: New → Triaged
Revision history for this message
Paul Collins (pjdc) wrote :

Without:

(mojo-prod-mattermost)prod-mattermost@wekufe:~$ juju model-config egress-subnets
(mojo-prod-mattermost)prod-mattermost@wekufe:~$ juju run --application mattermost -- network-get --egress-subnets db
10.85.3.128/32
(mojo-prod-mattermost)prod-mattermost@wekufe:~$ _

With:

(mojo-prod-mattermost)prod-mattermost@wekufe:~$ juju model-config egress-subnets=10.25.148.0/23
(mojo-prod-mattermost)prod-mattermost@wekufe:~$ juju run --application mattermost -- network-get --egress-subnets db
10.25.148.0/23
(mojo-prod-mattermost)prod-mattermost@wekufe:~$ _

Ian Booth (wallyworld)
Changed in juju:
assignee: nobody → Ian Booth (wallyworld)
status: Triaged → In Progress
Revision history for this message
Ian Booth (wallyworld) wrote :

I checked the code in a bit more detail and the unused method parameter I thought was the culprit was a red herring (the default is set elsewhere, that method parameter should be removed).
Anyway, it could be that with the postgresql charm, the offer is done on the consuming side and so the egress-subnets model default needs to be set in that other model.

Revision history for this message
Ian Booth (wallyworld) wrote :

I'll mark as Incomplete since it seems it could be a charm issue.
If we can get a reproduction case that confirms a juju bug we can reopen.

Changed in juju:
status: In Progress → Triaged
status: Triaged → Incomplete
assignee: Ian Booth (wallyworld) → nobody
Tim Penhey (thumper)
tags: added: bundles
Changed in juju:
milestone: 2.8.1 → 2.8-next
Pen Gale (pengale)
Changed in juju:
milestone: 2.8-next → none
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for juju because there has been no activity for 60 days.]

Changed in juju:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.