Hi all,
I am not able to change the firewall-mode of the juju model from “instance” to “none”.
juju model-config firewall-mode="none"
ERROR cannot change firewall-mode from "instance" to "none"
Is it not possible to change the model-config “firewall-mode” after the model was created?
Thanks,
Moritz
// immutableAttributes holds those attributes
// which are not allowed to change in the lifetime
// of an environment.
var immutableAttributes = []string{
NameKey,
TypeKey,
UUIDKey,
"firewall-mode",
}
I’m not sure why we couldn’t allow you to change the firewall-mode, but it is currently in the “immutable” set.
So AFAICT you have to use juju add-model --config firewall-mode=none to create a model without the firewaller.
Hi @jameinel
Thanks for your response.
That’s really bad… That means I have to create a new model and migrate current units?
I’d be curious to understand why you need to change it. There is always the possibility of doing DB surgery to change the value, and then making sure you restart the relevant agents so that they see the updated values. (I also don’t think updating the agents is going to get rid of the firewall rules already in play, but it would prevent creating new ones.)
I am running kubernetes on openstack via juju. I recognized that each machine creates a lot of security groups and rules. If the “firewall-mode” is set to “none” it will not create this amount of security groups.
I think before changing stuff in DB directly I will live with the amount of security groups before breaking the whole system…