juju bootstrapping has difficulties when run behind a firewall

Bug #1238677 reported by Kent Baxley
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
juju-core
Won't Fix
Medium
Unassigned

Bug Description

With recent juju-core stable releases, the mechanism in cloud-init to add the juju/stable ppa and then pull in the SSL-supported mongodb packages does not work well in certain firewalled environments. In our case, the mechanism to add apt repo fails to work due to the corporate firewall and we end up with scenarios such as the following:

https://bugs.launchpad.net/juju-core/+bug/1212855

We are also deploying the juju bootstrap node via MAAS. Rerproducer steps are below.

The biggest problem with usiing apt-add-repository for us is that the operation times out trying to pull in the gpg keys. The corporate firewall blocks that.

We don't have any control over the corporate firewall, so, getting ports opened up to make all of this work is not an option.

In tests where internet access isn't as restricted, I have confirmed that the repository for Precise / Quantal is added properly and we are good to go.

Would it be possible to instead add the ssl supported version of mongodb to precise and quantal backports and have juju-core pull the package from that repository instead? I see that there's already a bug opened up for that:

https://bugs.launchpad.net/quantal-backports/+bug/1168389

A similar strategy was implemented for juju-gui just a few days ago. Prior to these changes the gui charm relied heavily on external ppa's to get the charm up and running. The charm now is able to pull in whatever it needs from standard Ubuntu repos:

https://bugs.launchpad.net/juju-gui/+bug/1119412

We have an internal Ubuntu mirror in our lab, so, if there's any way we can pull from a standard, already-accessible repository that would be a huge help.

I'm also open to any other suggestions that would allow us to easily get around this problem.

Steps to reproduce:

1) Set up a MAAS server and leverage 12.04 LTS (or 12.10) as the OS for deployed nodes.
2) Enlist and commission a machine for the bootstrap node.
3) Deploy the juju boostrap node.

Actual results:
Node deploys the 12.04 OS, but, the cloud-init step that adds the external juju/stable repo fails due to the corporate firewall. This causes the SSL-supported mongodb package to not get deployed and we end up being unable to connect to juju for anything, for example:

$ juju -v status
2013-08-15 19:52:52 INFO juju open.go:69 state: opening state; mongo addresses: ["Juju1:37017"]; entity ""
2013-08-15 19:52:52 ERROR juju open.go:89 state: connection failed, will retry: dial tcp 192.168.50.21:37017: connection refused

Expected results:
The SSL-supported mongodb package is deployed without having to rely on an external, non-standard Ubuntu repository.

Curtis Hovey (sinzui)
tags: added: firewall
Curtis Hovey (sinzui)
tags: added: mongodb
Changed in juju-core:
status: New → Triaged
importance: Undecided → High
Curtis Hovey (sinzui)
tags: added: bootstrap
Changed in juju-core:
importance: High → Medium
Curtis Hovey (sinzui)
summary: - juju bootstrapping using Precise or Quantal has difficulties when run
- behind a firewall
+ juju bootstrapping has difficulties when run behind a firewall
Revision history for this message
Anastasia (anastasia-macmood) wrote :

This bug seems to have been only affecting Precise and/or Quantal.

Changed in juju-core:
status: Triaged → Won't Fix
Revision history for this message
Nate Gardner (natejgardner) wrote :

@Anastasia, This bug affects 16.04. I am still dealing with this bug. It makes deploying Juju at my company impossible.

Revision history for this message
Anastasia (anastasia-macmood) wrote :

@Nate Gardner,
Have you tried Juju 2? This bug is against Juju 1.x...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.