Juju Charms Collection
memcached package

memcached charm doesn't open ufw on the right address

Bug #1605311 reported by Alvaro Uria
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
memcached (Juju Charms Collection)
Fix Released
Medium
Alex Kavanagh

Bug Description

When relating any service (ie: nova-cloud-controller) to memcached charm, private-address is used as memcached endpoint.

Other charms such as mysql and rabbitmq-server allow configuration of "access-network" parameter to force communication through specified network (ie: other than private-address).

In my specific case, private-address network is 1G while I'd like to specify a 10G network available.

Thank you.

Related branches

lp:~ajkavanagh/charms/trusty/memcached/add-spaces-support
David Ames (community): Approve
Diff: 1570 lines (+842/-136)
16 files modified
README.md (+23/-0)
hooks/charmhelpers/contrib/network/ip.py (+122/-28)
hooks/charmhelpers/contrib/network/ovs/__init__.py (+66/-1)
hooks/charmhelpers/core/hookenv.py (+47/-0)
hooks/charmhelpers/core/host.py (+225/-37)
hooks/charmhelpers/core/host_factory/centos.py (+16/-0)
hooks/charmhelpers/core/host_factory/ubuntu.py (+32/-0)
hooks/charmhelpers/core/kernel_factory/ubuntu.py (+1/-1)
hooks/charmhelpers/core/strutils.py (+53/-0)
hooks/charmhelpers/fetch/__init__.py (+1/-0)
hooks/charmhelpers/fetch/snap.py (+122/-0)
hooks/charmhelpers/fetch/ubuntu.py (+87/-36)
hooks/charmhelpers/osplatform.py (+6/-0)
hooks/memcached_hooks.py (+20/-13)
hooks/replication.py (+6/-5)
unit_tests/test_memcached_hooks.py (+15/-15)
James Page (james-page)
Changed in memcached (Juju Charms Collection):
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Nobuto Murata (nobuto) wrote :

access-network or binding is really needed. In multi-network case, memcached charm setup ufw rules with unit private address. In this case, memcached only has connectivity to 192.168.123.X. nova-cloud-controller unit with 10.201.100.Y never be allowed to access to the memcached.

# ufw status verbose
Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing), deny (routed)
New profiles: skip

To Action From
-- ------ ----
11211/tcp ALLOW IN 192.168.123.X
11211/tcp ALLOW IN 192.168.123.X
11211/tcp ALLOW IN 10.201.100.Y
11211/tcp ALLOW IN 10.201.100.Y
11211/tcp ALLOW IN 10.201.100.Y
22 ALLOW IN Anywhere
11211/tcp DENY IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
11211/tcp (v6) DENY IN Anywhere (v6)

Revision history for this message
Nobuto Murata (nobuto) wrote :

Not sure it's appropriate to discuss my usecase in this bug, so opened a separate bug explicitly.
https://bugs.launchpad.net/charm-nova-cloud-controller/+bug/1684217

Revision history for this message
Alex Kavanagh (ajkavanagh) wrote :

I've got an mp in flight to add space bindings to the interfaces. See: https://code.launchpad.net/~ajkavanagh/charms/trusty/memcached/add-spaces-support/+merge/322844

Changed in memcached (Juju Charms Collection):
status: Triaged → In Progress
assignee: nobody → Alex Kavanagh (ajkavanagh)
Alex Kavanagh (ajkavanagh)
Changed in memcached (Juju Charms Collection):
status: In Progress → Fix Committed
Revision history for this message
Jason Hobbs (jason-hobbs) wrote :

It appears that this isn't actually fixed:

network-get shows that the bindings are set to the right value, but still for some reason ufw rules are being added for for the wrong network:

http://paste.ubuntu.com/26398199/

The 10.244.41.x IPs are from the right units, but are not the IPs on the 192.168.33.x network that we want.

From our bundle:
  memcached:
    charm: cs:xenial/memcached
    num_units: 2
    constraints: *oam-space-constr
    bindings:
      "": *internal-space
    options:
      allow-ufw-ip6-softfail: True
    to:
    - designate-bind/0
    - designate-bind/1

Our spaces:
Space Subnets
ceph-access-space 192.168.36.0/25
ceph-replica-space 192.168.35.0/25
external-space 10.244.32.0/21
internal-space 192.168.33.0/24
oam-space 10.244.40.0/21
undefined 10.245.208.0/20

Revision history for this message
Jason Hobbs (jason-hobbs) wrote :

To be clear, since our binding is on internal-space, the clients try to reach memcached on the IP for internal-space, not the IP in ufw. Disabling ufw allows access.

Revision history for this message
Jason Hobbs (jason-hobbs) wrote :
Revision history for this message
Jason Hobbs (jason-hobbs) wrote :
Changed in memcached (Juju Charms Collection):
status: Fix Committed → New
Jason Hobbs (jason-hobbs)
summary: - add access-network option
+ memcached doesn't open ufw on the right address
summary: - memcached doesn't open ufw on the right address
+ memcached charm doesn't open ufw on the right address
Revision history for this message
Ashley Lai (alai) wrote :

Any updates on this bug? This bug is on the "field high" list.

Revision history for this message
Jason Hobbs (jason-hobbs) wrote :

This bug is fixed; when I re-opened it, it was because I wasn't using the right binding from the other side of the relation.

Changed in memcached (Juju Charms Collection):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.