[Bug 1364037] Re: Juju expects a public address for all machines maybe insecure
I don't believe Juju expects public addresses for all machines. It *does* expect a public address for the controller, because you need external access to be able to connect for things like "juju status" from your machine. I don't know how you would have been able to bootstrap and 'ssh' into the machine, but not be able to connect to port 17070. That sounds like you have a firewall in your own network that doesn't let you connect to remote hosts on ports that aren't SSH (22) or HTTP(s) (80/443). For machines other than controllers, the requirement is that they be able to reach the controller, but not that they are accessible externally, or even accesible from the controller (all agents initiate the connection to the controller, the controller doesn't initiate to the agents). Obviously if you want to "juju ssh unit/3" you need to have a route to that unit (either a VPN into the VPC or a public address on that machine). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1364037 Title: Juju expects a public address for all machines maybe insecure To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/1364037/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1364037] Re: Juju expects a public address for all machines maybe insecure
The main issue is that Juju controllers need to retrieve the binaries it runs from streams.canonical.com and that the client (typically running on an operator laptop outside the cloud) needs to be able to reach the controller API endpoints. If you're getting an error during bootstrap about reaching port 17070 this is the Juju client you're running attempting to reach the controller machine that's come up. If it's a locked down VPC with no ingress from your client you'll get this issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1364037 Title: Juju expects a public address for all machines maybe insecure To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/1364037/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1364037] Re: Juju expects a public address for all machines maybe insecure
Hi this is santhosh, ran into same kind of issue. when i specify a particular vpc-id ( it is not default so i did vpc-id-force). it bootstraps controller in that vpc and was loosing/cannot connect to the api after that. BELOW IS THE BOOTSTRAP COMMAND I GAVE: ubuntu@x86inst-1a:~$ juju bootstrap --config "vpc-id=vpc-08b1e3735cf3" --config "vpc-id-force=true" aws test it gives the error as below: ERROR unable to contact api server after 1 attempts: unable to connect to API: dial tcp 172.86.1.14:17070: connect: connection refused *IF IT CAN REACH THE VPC AND CAN BOOTSTRAP CONTROLLER IN PARTICULAR VPC, WHY IS IT UNABLE TO REACH OR RUNNING INTO API ERROR(17070) AFTER BOOTSTRAP. *WHY DID JUJU EXPECT IT TO BE PUBLIC, IF I GIVE VPC AS PARAMETER WHY CAN'T IT ACCEPT WHAT SHOULD I DO TO MAKE IT ACCEPT BUT NEED IT TO BE PRIVATE AS FOR THE SECURITY CONCERNS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1364037 Title: Juju expects a public address for all machines maybe insecure To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/1364037/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1364037] Re: Juju expects a public address for all machines maybe insecure
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: juju-core (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1364037 Title: Juju expects a public address for all machines maybe insecure To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/1364037/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1364037] Re: Juju expects a public address for all machines maybe insecure
Removing 2.1 milestone as we will not addressing this issue in 2.1. ** Changed in: juju Milestone: 2.1.0 => None -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1364037 Title: Juju expects a public address for all machines maybe insecure To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/1364037/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1364037] Re: Juju expects a public address for all machines maybe insecure
>From Dimiter: We still assume to have public IPs in most providers and have no way of not using them if the user doesn't want to (except for the use-floating-ips setting for openstack) ** Also affects: juju Importance: Undecided Status: New ** Changed in: juju Status: New => Triaged ** Changed in: juju Importance: Undecided => High ** Changed in: juju Milestone: None => 2.1.0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1364037 Title: Juju expects a public address for all machines maybe insecure To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/1364037/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
