This seems complex enough to need some documentation, which I can’t find.
I did manage to bootstrap a controller in Openstack but I came across this…
routergod@juju:~$ juju bootstrap killstack --metadata-source=/home/routergod/simplestreams/images --model-default network=7d038caf-0679-4c12-8595-71a63e8d3def --model-default external-network=4e0cbeb9-917d-4444-a75d-3452522c1d34 --model-default use-floating-ip=true --debug --config bootstrap-timeout=3600
Lots of output, and then;
2020-09-15 18:20:54 DEBUG juju.mongo open.go:160 mongodb connection failed, will retry: dial tcp 127.0.0.1:37017: connect: connection refused
2020-09-15 18:20:55 DEBUG juju.mongo open.go:174 dialled mongodb server at "127.0.0.1:37017"
2020-09-15 18:20:55 INFO juju.replicaset replicaset.go:58 Initiating replicaset with config: {
Name: juju,
Version: 1,
Protocol Version: 0,
Members: {
{1 "172.16.2.168:37017" juju-machine-id:0 voting},
},
}
2020-09-15 18:21:00 INFO juju.replicaset replicaset.go:60 Unsuccessful attempt to initiate replicaset: No host described in new configuration 1 for replica set juju maps to this node
It blows up here after a timeout. Mongodb apparently can’t talk to itself? Snooping on the network (on neutron-gateway unit) I can see this (note 172.16.0.0/16 is my external network in this case);
18:22:27.349956 IP 198.51.100.132.46628 > 172.16.2.168.37017: Flags [S], seq 4072893471, win 65228, options [mss 1418,sackOK,TS val 1073724551 ecr 0,nop,wscale 7], length 0
18:22:27.350017 IP 172.16.2.168.46628 > 198.51.100.132.37017: Flags [S], seq 4072893471, win 65228, options [mss 1418,sackOK,TS val 1073724551 ecr 0,nop,wscale 7], length 0
18:22:29.365415 IP 198.51.100.132.46628 > 172.16.2.168.37017: Flags [S], seq 4072893471, win 65228, options [mss 1418,sackOK,TS val 1073726566 ecr 0,nop,wscale 7], length 0
18:22:29.365546 IP 172.16.2.168.46628 > 198.51.100.132.37017: Flags [S], seq 4072893471, win 65228, options [mss 1418,sackOK,TS val 1073726566 ecr 0,nop,wscale 7], length 0
Neutron is doing some source-NAT thing here which seems to put the flows outside the contract defined in the security group that bound to the controller instance.
I can bodge this by adding a rule to the security group to permit traffic from 172.16.2.168 (i.e. the controller’s float IP). If I do this while the bootstrap is running, it completes ok.
I expect I should be doing something with juju spaces to resolve this but I could sure use a clue.