OpenStack: open-port icmp doesn't work
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
High
|
Thomas Miller |
Bug Description
Hi,
When trying to allow ICMP ping (echo-request) for units, I tried "open-port icmp". Unfortunately, that doesn't work and doesn't create the requested security groups to allow this.
Commands to reproduce this:
* juju deploy cs:ubuntu --series focal haw-test-icmp
* juju run --application haw-test-icmp "open-port icmp"
* juju expose haw-test-icmp
Unfortunately, even exposing the application, you can see that there are no secgroups for icmp:
| [hloeung@dharkan tmp]$ openstack security group rule list juju-f0ef5860-
| +------
| | ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
| +------
| | 2789d335-
| | a06a496b-
| +------
See output in pastebin below:
https:/
Running the commands below adds the required secgroup:
* openstack security group rule create --prefix 0.0.0.0/0 --protocol icmp --ethertype ipv4 juju-f0ef5860-
This is confirmed with Juju 2.9.22 (Canonistack).
Changed in juju: | |
milestone: | 2.9.30 → 2.9.31 |
assignee: | nobody → Thomas Miller (tlmiller) |
Changed in juju: | |
status: | Triaged → In Progress |
Changed in juju: | |
status: | Fix Committed → Fix Released |
If the firewaller worker fails to create the security group rule, it should log an error. It would be good to get the relevant controller logs so we can see what might be failing. Juju is supposed to make the correct api call to set up a rule for icmp protocol so it is expected to work. Hopefully logs will let us see what's going wrong. It might be we're passing a port range along with icmp which I think is nit allowed.