Comment 9 for bug 1732665

This doesn't seem to fix the firewall.

If I create a 2.3.1 controller and I upgrade it to 2.3.2; the error messages change from

juju.worker.dependency "firewaller" manifold worker returned unexpected error: failed to list open ports: Host key verification failed

to

machine-0: 15:16:26 ERROR juju.worker.dependency "firewaller" manifold worker returned unexpected error: failed to list open ports:

If I bootstrap a 2.3.2 controller, I don't get any errors anymore, but the firewaller doesn't seem to be doing anything.

This is on an exposed unit with Jenkins:

$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lxdbr0 -p tcp -m tcp --dport 53 -m comment --comment "managed by lxd-bridge" -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 53 -m comment --comment "managed by lxd-bridge" -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 67 -m comment --comment "managed by lxd-bridge" -j ACCEPT
-A FORWARD -o lxdbr0 -m comment --comment "managed by lxd-bridge" -j ACCEPT
-A FORWARD -i lxdbr0 -m comment --comment "managed by lxd-bridge" -j ACCEPT

Unit Workload Agent Machine Public address Ports Message
jenkins/0* active idle 0 193.190.127.175 8080/tcp,48484/tcp Jenkins is running

I bootstrapped using the following command

juju bootstrap vmware1 vmware-test2 --config primary-network=V31_TENGU --config datastore=NFSSTORE1 --config external-network=V28_IBBTDMZ2

Note that the machines don't have a public address when they are created; the public address was manually added after deployment to the already existing interface connected to `V28_IBBTDMZ2`. Juju pick up that address after a while, as you can see in the status output above.