juju should add nodes IPs to no-proxy list

Bug #1488139 reported by Ashley Lai on 2015-08-24
58
This bug affects 12 people
Affects Status Importance Assigned to Milestone
juju
High
Unassigned

Bug Description

When setting proxy in juju environment the nodes cannot communicate with each other. Juju should allow this communication by adding all the nodes' IPs to no-proxy list.

Ashley Lai (alai) wrote :

Bug to add bootstrap node to no-proxy list:

https://bugs.launchpad.net/juju-core/+bug/1478660

Curtis Hovey (sinzui) on 2015-08-25
tags: added: proxy
tags: added: network
Changed in juju-core:
status: New → Triaged
milestone: none → 1.25.0
Curtis Hovey (sinzui) on 2015-08-25
Changed in juju-core:
importance: Undecided → High
Curtis Hovey (sinzui) on 2015-08-27
Changed in juju-core:
milestone: 1.25-alpha1 → 1.25-beta1
Changed in juju-core:
milestone: 1.25-beta1 → 1.25-beta2
Tim Penhey (thumper) wrote :

Can anyone think of a reason why we shouldn't do this by default?

Ian Booth (wallyworld) on 2015-09-17
Changed in juju-core:
milestone: 1.25-beta2 → 1.26-alpha1
Curtis Hovey (sinzui) on 2015-11-03
Changed in juju-core:
milestone: 1.26-alpha1 → 1.26-alpha2
Marco Ceppi (marcoceppi) wrote :

No, making it default behavior where it appends the nodes IP addresses to the existing user defined no-proxy would be preferable.

Changed in juju-core:
milestone: 1.26-alpha2 → 1.26.0
Changed in juju-core:
importance: High → Critical
tags: added: kanban-cross-team
tags: added: landscape
tags: removed: kanban-cross-team
Changed in juju-core:
milestone: 1.26.0 → 2.0-beta5
Changed in juju-core:
importance: Critical → High
Larry Michel (lmic) on 2016-01-26
tags: added: oil
Changed in juju-core:
milestone: 2.0-beta5 → 2.0-beta4
Cheryl Jennings (cherylj) wrote :

In bug #1556207, we have automatically added state servers / controllers to the no-proxy list.

Changed in juju-core:
milestone: 2.0-beta4 → 2.1.0
David Britton (davidpbritton) wrote :

If we want to claim http_proxy support for the autopilot or cloud deployments. This is one key step that needs to happen before getting there. the 'no_proxy' list needs to be managed and curated by Juju.

affects: juju-core → juju
Changed in juju:
milestone: 2.1.0 → none
milestone: none → 2.1.0
Anastasia (anastasia-macmood) wrote :

Removing 2.1 milestone as we will not be addressing this issue in 2.1.

Changed in juju:
milestone: 2.1.0 → none
John A Meinel (jameinel) wrote :

Note that most applications require you to list *every* IP address that you don't want to proxy separately *or* create a Domain and only reference things via the Domain Name.
See bugs like https://bugs.launchpad.net/juju/+bug/1421650

If we *could* we'd set no_proxy with nice short-form CIDR notation around what spaces (subnets) we are deployed in, which would leave you with a reasonably short list.

We could try to do "no_proxy everything in the model" and hope you never have 1000s of machines. (Note that no_proxy becomes an O(N^2) problem as everytime you deploy a new machine, you now have to tell all the other machines that they shouldn't proxy traffic to that machine.)

We could try "no_proxy everything related to units on the machine" which ignores some realities, but would at least keep N smaller. (Still N^2 in the number of machines with units related to each-other.)

Its a similar problem that they ran into with Hadoop, where everything *had* to be a Hostname, which meant they were populating /etc/hosts with the 100 machines that were being spun up for the hadoop charm. The problem is still that a given application can have 100 machines.

One option would be to re-open the idea of Juju becoming a DNS server, and giving a common suffix to every machine in the model, and only configuring traffic between machines to use the DNS names.

That is a rather major overhaul of the communication model to handle no_proxy.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers