is used for cross model relations (e.g. model db and model blog needs to communicate with each other)
to make a connection possible for those cases we need to configure the network appropriately.
firewall-rules makes that possible.
Types
ServiceTypes are ssh, juju-controller and juju-application-offer
only juju-application-offer is supported yet
the idea is that juju needs ssh and juju-controller to work properly
that’s why we open port 22 (ssh) and 17070 (controller) to 0.0.0.0 for juju to work properly on bootstrap
some people close e.g. those ports
idea is that we could support opening those port in the future
How it works in action
What e.g. would not work in AWS
juju add-model blog
juju deploy wikimedia
juju status -> status "blocked" because database required
juju add-model db
juju deploy mysql
juju offer mysql:db
juju switch blog
juju add-relation wikimedia:db mysql:db
juju status -> wikimedia would be stuck trying to connect because of the firewall
How firewall rules makes it possible
juju add-model blog
juju deploy wikimedia
juju machines <- get ip
juju status -> status "blocked" because database required
juju add-model db
juju deploy mysql
juju set-firewall-rule juju-application-offer <ip_from_wikimedia>/32
juju offer mysql:db
juju switch blog
juju add-relation wikimedia:db mysql:db
juju status -> status "running"