juju bootstrapping has difficulties when run behind a firewall
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| juju-core |
Won't Fix
|
Medium
|
Unassigned | ||
Bug Description
With recent juju-core stable releases, the mechanism in cloud-init to add the juju/stable ppa and then pull in the SSL-supported mongodb packages does not work well in certain firewalled environments. In our case, the mechanism to add apt repo fails to work due to the corporate firewall and we end up with scenarios such as the following:
https:/
We are also deploying the juju bootstrap node via MAAS. Rerproducer steps are below.
The biggest problem with usiing apt-add-repository for us is that the operation times out trying to pull in the gpg keys. The corporate firewall blocks that.
We don't have any control over the corporate firewall, so, getting ports opened up to make all of this work is not an option.
In tests where internet access isn't as restricted, I have confirmed that the repository for Precise / Quantal is added properly and we are good to go.
Would it be possible to instead add the ssl supported version of mongodb to precise and quantal backports and have juju-core pull the package from that repository instead? I see that there's already a bug opened up for that:
https:/
A similar strategy was implemented for juju-gui just a few days ago. Prior to these changes the gui charm relied heavily on external ppa's to get the charm up and running. The charm now is able to pull in whatever it needs from standard Ubuntu repos:
https:/
We have an internal Ubuntu mirror in our lab, so, if there's any way we can pull from a standard, already-accessible repository that would be a huge help.
I'm also open to any other suggestions that would allow us to easily get around this problem.
Steps to reproduce:
1) Set up a MAAS server and leverage 12.04 LTS (or 12.10) as the OS for deployed nodes.
2) Enlist and commission a machine for the bootstrap node.
3) Deploy the juju boostrap node.
Actual results:
Node deploys the 12.04 OS, but, the cloud-init step that adds the external juju/stable repo fails due to the corporate firewall. This causes the SSL-supported mongodb package to not get deployed and we end up being unable to connect to juju for anything, for example:
$ juju -v status
2013-08-15 19:52:52 INFO juju open.go:69 state: opening state; mongo addresses: ["Juju1:37017"]; entity ""
2013-08-15 19:52:52 ERROR juju open.go:89 state: connection failed, will retry: dial tcp 192.168.
Expected results:
The SSL-supported mongodb package is deployed without having to rely on an external, non-standard Ubuntu repository.
| tags: | added: firewall |
| tags: | added: mongodb |
| Changed in juju-core: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| tags: | added: bootstrap |
| Changed in juju-core: | |
| importance: | High → Medium |
| summary: |
- juju bootstrapping using Precise or Quantal has difficulties when run - behind a firewall + juju bootstrapping has difficulties when run behind a firewall |
| Anastasia (anastasia-macmood) wrote | #1 |
| Changed in juju-core: | |
| status: | Triaged → Won't Fix |
| Nate Gardner (natejgardner) wrote | #2 |
| Anastasia (anastasia-macmood) wrote | #3 |
This bug seems to have been only affecting Precise and/or Quantal.