can't open ports on GCE if multipe machine numbers start with the same digit

Bug #1829750 reported by Junien F
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Fix Released
Medium
Tim McNamara

Bug Description

Hi,

Running juju 2.5.4, I found the following log lines on various controllers :

2019-05-20 07:41:11 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-1": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-5ff1da-18" and "juju-5ff1da-1"

2019-05-20 12:51:26 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-2": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-2a037f-21" and "juju-2a037f-2"

2019-05-20 12:52:03 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-8": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-2a037f-80" and "juju-2a037f-8"

2019-05-20 12:55:26 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-2": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-d5655c-20" and "juju-d5655c-2"

2019-05-20 12:55:48 ERROR juju.worker.dependency engine.go:636 "firewaller" manifold worker returned unexpected error: cannot respond to units changes for "machine-1": duplicate firewall rules found matching CIDRs []string{"0.0.0.0/0"}: "juju-d5655c-10" and "juju-d5655c-1"

I strongly suspect that this is a bug happening when a model has 2 machine which have a machine number that starts with the same digit (for example, machine 8 and machine 80). And I strongly suspect this is because of https://github.com/juju/juju/blob/juju-2.5.4/provider/gce/google/raw.go#L131 and the use of HasPrefix - which will add rules for e.g. machine 10 to machine 1 as well.

Revision history for this message
Tim McNamara (tim-clicks) wrote :

Thanks for reporting this Junien. We do add some randomisation to the firewall rules, but obviously not enough.

Changed in juju:
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Tim McNamara (tim-clicks)
milestone: none → 2.6.3
Revision history for this message
Tim McNamara (tim-clicks) wrote :

A change to fix this issue is making its way for code review[1]. I really appreciate that you took the time to look into the bug as well as taking the time to report the issue.

  [1] https://github.com/juju/juju/pull/10217

Revision history for this message
Junien F (axino) wrote :

Thanks for the quick patches Tim !

Ian Booth (wallyworld)
Changed in juju:
status: In Progress → Fix Committed
Changed in juju:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.