Juju Charms Collection
cassandra package

FQDN used as source IP in ufw allow rules

Bug #1588782 reported by Danny Hammo
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cassandra (Juju Charms Collection)
Fix Released
Critical
Stuart Bishop

Bug Description

Deploying cassandra with MaaS provider, the charm helper uses FQDN as source IP in ufw allow rules. ufw only accepts IP addresses to modify iptables. The consequence is that Gossip that uses specific ports fails, hence, cassandra cluster fails to form.

This is noticed with MaaS provider, I tested with OpenStack provider and IP addresses were used.

----
2016-06-02 06:58:35 INFO juju-log cluster:8: ufw enabled
2016-06-02 06:58:36 DEBUG juju-log cluster:8: ufw allow: ufw allow from test-one-2.magellan.fmed to any port 7000
2016-06-02 06:58:36 INFO cluster-relation-changed ERROR: Bad source address
2016-06-02 06:58:36 INFO juju-log cluster:8: b''
2016-06-02 06:58:36 ERROR juju-log cluster:8: None
2016-06-02 06:58:36 ERROR juju-log cluster:8: Error running: ufw allow from test-one-2.magellan.fmed to any port 7000, exit code: 1
2016-06-02 06:58:36 DEBUG juju-log cluster:8: ufw allow: ufw allow from test-one-2.magellan.fmed to any port 7001
2016-06-02 06:58:36 INFO cluster-relation-changed ERROR: Bad source address
2016-06-02 06:58:36 INFO juju-log cluster:8: b''
2016-06-02 06:58:36 ERROR juju-log cluster:8: None
2016-06-02 06:58:36 ERROR juju-log cluster:8: Error running: ufw allow from test-one-2.magellan.fmed to any port 7001, exit code: 1
----

Tags: 4010
Revision history for this message
Danny Hammo (dan-hammo) wrote :

This could be related to https://bugs.launchpad.net/charms/+source/cassandra/+bug/1557769

tags: added: 4010
Revision history for this message
Stuart Bishop (stub) wrote :

If it is Bug #1557769, it is fixed in lp:~stub/charms/trusty/cassandra/production (which as the name suggests is the branch I have deployed in production).

Revision history for this message
Stuart Bishop (stub) wrote :

(and now in the charm store as cs:~cassandra-charmers/trusty/cassandra)

Changed in cassandra (Juju Charms Collection):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Stuart Bishop (stub) wrote :

Promulgated to cs:cassandra

Changed in cassandra (Juju Charms Collection):
status: Triaged → Fix Released
Revision history for this message
Danny Hammo (dan-hammo) wrote :

Bug #1557769 did not fix the problem. I tested again with latest cs:cassandra and ran into the same issue. The charm helper still does resolve FQDN to IP address.

-----------
[Services]
NAME STATUS EXPOSED CHARM
cassandra-cluser active false cs:~cassandra-charmers/trusty/cassandra-0
juju-gui unknown false cs:trusty/juju-gui-54

[Units]
ID WORKLOAD-STATE AGENT-STATE VERSION MACHINE PORTS PUBLIC-ADDRESS MESSAGE
cassandra-cluser/0 active idle 1.25.5 41 7000/tcp,7001/tcp,9042/tcp,9160/tcp 100.77.161.101 Live seed
cassandra-cluser/1 maintenance executing 1.25.5 42 7000/tcp,7001/tcp,9042/tcp,9160/tcp 100.77.161.102 (leader-settings-changed) Bootstrapping with seeds 100.77.161.101
cassandra-cluser/2 waiting idle 1.25.5 43 7000/tcp,7001/tcp,9042/tcp,9160/tcp 100.77.161.103 Waiting for permission to bootstrap
juju-gui/0 unknown idle 1.25.5 0 80/tcp,443/tcp juju-os.magellan.fmed
-----------

2016-06-07 11:00:33 DEBUG juju-log cluster:17: ufw allow: ufw allow from test-one-3.magellan.fmed to any port 7000
2016-06-07 11:00:33 INFO cluster-relation-changed ERROR: Bad source address
2016-06-07 11:00:33 INFO juju-log cluster:17: b''
2016-06-07 11:00:33 ERROR juju-log cluster:17: None
2016-06-07 11:00:33 ERROR juju-log cluster:17: Error running: ufw allow from test-one-3.magellan.fmed to any port 7000, exit code: 1
2016-06-07 11:00:34 DEBUG juju-log cluster:17: ufw allow: ufw allow from test-one-3.magellan.fmed to any port 7001
2016-06-07 11:00:34 INFO cluster-relation-changed ERROR: Bad source address
2016-06-07 11:00:34 INFO juju-log cluster:17: b''
2016-06-07 11:00:34 ERROR juju-log cluster:17: None
-------------

Stuart Bishop (stub)
Changed in cassandra (Juju Charms Collection):
status: Fix Released → Triaged
importance: High → Critical
Revision history for this message
Stuart Bishop (stub) wrote :

Confirmed that the ufw rule generation is taking the raw private-address value from the relation, which breaks with Juju 1.25.4 per Bug #1557769.

I'm testing the fix.

Changed in cassandra (Juju Charms Collection):
status: Triaged → In Progress
assignee: nobody → Stuart Bishop (stub)
Stuart Bishop (stub)
Changed in cassandra (Juju Charms Collection):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.