Comment 11 for bug 1591962

I feel like we need to break this down into several bugs as they'll all need a little bit of a different implementation to fix.

1) Fix 'juju run' and actions to work even when IP addresses are confusing. The rule *should* be that Agents must have a route to some of the Controllers, but controllers shouldn't need direct ingress to the agents.

2) Be able to give specific spaces that you want pieces of the Controller infrastructure to run on. (What IP addresses do you want to advertise for clients, what addresses do you want to advertise for agents, what IP addresses should Mongo use to configure the replica set, etc)

3) Be able to have preferred addresses for SSH access. This feels potentially very machine specific. Is it per-application? Is it a hierarchy of preferences for spaces? If you have host machines that are potentially in 4 spaces, but containers that aren't exposed to all of them, would the preferred address for SSH differ for each? Would the preferred address differ if you are inside the network rather than outside. Would it differ if someone was using --proxy to go via the Controllers rather than going directly to the hosts.

In 2.1 we should be trying to connect to all addresses, seeing which ones respond with an appropriate ssh handshake and appear to have a public key matching what the host reported it was using.

4) There may be something about private addresses for 'juju run' etc, and while the sorting issue is an old problem with 1.25, it is true that Spaces concretely address the idea of what IP address to report for a given application (and if we extend it to Juju controllers/infrastructure), but it doesn't really create a preference for Machines when referenced directly.