external-network is not about configuring what vswitch you want to connect to (at least from what I can debug reading the code). It is specifically more about "if I expose an application on this VM what subnet do I ask for IP addresses from".
Specifically, this is what I see:
if ecfg.externalNetwork() != "" {
ip, err := vm.WaitForIP(context.TODO())
if err != nil {
return nil, errors.Trace(err)
}
client := common.NewSshInstanceConfigurator(ip)
err = client.ConfigureExternalIpAddress(spec.apiPort)
if err != nil {
return nil, errors.Trace(err)
}
}
and ConfigureExternalIpAddress is doing:
func (c *sshInstanceConfigurator) ConfigureExternalIpAddress(apiPort int) error {
cmd := `printf 'auto eth1\niface eth1 inet dhcp' | sudo tee -a /etc/network/interfaces.d/eth1.cfg
sudo ifup eth1
sudo iptables -i eth1 -I INPUT -m state --state NEW -j DROP`
Which means that if 'external-network' is supplied, it waits for the instance to start, and then SSH's to the instance, and creates a new 'eth1' device that is setup to listed to DHCP and creates a firewall to drop everything but API Port traffic.
It does appear that we might be setting up an interface from the outside to be using that device:
s.DeviceChange = append(s.DeviceChange, &types.VirtualDeviceConfigSpec{
Operation: types.VirtualDeviceConfigSpecOperationAdd,
Device: &types.VirtualE1000{
VirtualEthernetCard: types.VirtualEthernetCard{
VirtualDevice: types.VirtualDevice{
Backing: &types.VirtualEthernetCardNetworkBackingInfo{ VirtualDeviceDeviceBackingInfo: types.VirtualDeviceDeviceBackingInfo{
DeviceName: ecfg.externalNetwork(),
},
},
Connectable: &types.VirtualDeviceConnectInfo{ StartConnected: true, AllowGuestControl: true,
},
},
},
},
})
Anyway, none of this has anything to do with selecting a particular vswitch to interact with. It is a very hackish hard-wired way of getting a machine that can run a Juju controller inside of vsphere.
It may also be that it munges IP tables to expose ports etc for eth1, but a lot of that code is quite hard coded to things like 'eth1' which also means it won't work for Xenial machines, only Trusty.
external-network is not about configuring what vswitch you want to connect to (at least from what I can debug reading the code). It is specifically more about "if I expose an application on this VM what subnet do I ask for IP addresses from".
Specifically, this is what I see: twork() != "" { context. TODO()) NewSshInstanceC onfigurator( ip) ConfigureExtern alIpAddress( spec.apiPort)
if ecfg.externalNe
ip, err := vm.WaitForIP(
if err != nil {
return nil, errors.Trace(err)
}
client := common.
err = client.
if err != nil {
return nil, errors.Trace(err)
}
}
and ConfigureExtern alIpAddress is doing: figurator) ConfigureExtern alIpAddress( apiPort int) error { interfaces. d/eth1. cfg
func (c *sshInstanceCon
cmd := `printf 'auto eth1\niface eth1 inet dhcp' | sudo tee -a /etc/network/
sudo ifup eth1
sudo iptables -i eth1 -I INPUT -m state --state NEW -j DROP`
if apiPort > 0 {
cmd += fmt.Sprintf("\nsudo iptables -I INPUT -p tcp --dport %d -j ACCEPT", apiPort)
}
Which means that if 'external-network' is supplied, it waits for the instance to start, and then SSH's to the instance, and creates a new 'eth1' device that is setup to listed to DHCP and creates a firewall to drop everything but API Port traffic.
It does appear that we might be setting up an interface from the outside to be using that device: s.DeviceChange, &types. VirtualDeviceCo nfigSpec{ viceConfigSpecO perationAdd, VirtualE1000{ rnetCard: types.VirtualEt hernetCard{ vice{ VirtualEthernet CardNetworkBack ingInfo{
VirtualDeviceDe viceBackingInfo : types.VirtualDe viceDeviceBacki ngInfo{ twork() , VirtualDeviceCo nnectInfo{
StartConnected: true,
AllowGuestContr ol: true,
s.DeviceChange = append(
Operation: types.VirtualDe
Device: &types.
VirtualEthe
VirtualDevice: types.VirtualDe
Backing: &types.
DeviceName: ecfg.externalNe
},
},
Connectable: &types.
},
},
},
},
})
Anyway, none of this has anything to do with selecting a particular vswitch to interact with. It is a very hackish hard-wired way of getting a machine that can run a Juju controller inside of vsphere.
It may also be that it munges IP tables to expose ports etc for eth1, but a lot of that code is quite hard coded to things like 'eth1' which also means it won't work for Xenial machines, only Trusty.