can't open ports on GCE if multipe machine numbers start with the same digit

Bug #1829750 reported by Junien Fridrick on 2019-05-20
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
juju
Medium
Tim McNamara

Bug Description

Hi,

Running juju 2.5.4, I found the following log lines on various controllers :

2019-05-20 07:41:11 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-1": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-5ff1da-18" and "juju-5ff1da-1"

2019-05-20 12:51:26 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-2": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-2a037f-21" and "juju-2a037f-2"

2019-05-20 12:52:03 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-8": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-2a037f-80" and "juju-2a037f-8"

2019-05-20 12:55:26 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-2": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-d5655c-20" and "juju-d5655c-2"

2019-05-20 12:55:48 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-1": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-d5655c-10" and "juju-d5655c-1"

I strongly suspect that this is a bug happening when a model has 2 machine which have a machine number that starts with the same digit (for example, machine 8 and machine 80). And I strongly suspect this is because of https://github.com/juju/juju/blob/juju-2.5.4/provider/gce/google/raw.go#L131 and the use of HasPrefix - which will add rules for e.g. machine 10 to machine 1 as well.

Tim McNamara (tim-clicks) wrote :

Thanks for reporting this Junien. We do add some randomisation to the firewall rules, but obviously not enough.

Changed in juju:
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Tim McNamara (tim-clicks)
milestone: none → 2.6.3
Tim McNamara (tim-clicks) wrote :

A change to fix this issue is making its way for code review[1]. I really appreciate that you took the time to look into the bug as well as taking the time to report the issue.

  [1] https://github.com/juju/juju/pull/10217

Junien Fridrick (axino) wrote :

Thanks for the quick patches Tim !

Ian Booth (wallyworld) on 2019-05-29
Changed in juju:
status: In Progress → Fix Committed
Changed in juju:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers