Canonical Juju

lxd ERROR finalizing credential: not authorized

Bug #1842693 reported by Felipe Reyes
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Expired
High
Unassigned

Bug Description

I got this error when I was trying to add a remote lxd (3.16), after I manually did the POST juju was able to finish the operation add-cloud.

The error that was being printed in lxd's logs was:
t=2019-09-04T12:01:38-0400 lvl=warn msg="Rejecting request from untrusted client" ip=192.168.88.112:38082

 ~ $ cat lxd.yaml
clouds:
  c3p0:
    type: lxd
    auth-types: [interactive, certificate]
    endpoint: https://192.168.88.3:8443/
credentials:
  c3p0:
    admin:
      auth-type: interactive
      trust-password: ubuntu11

 ~ $ juju add-credential --debug c3p0 -f lxd.yaml
12:01:38 INFO juju.cmd supercommand.go:57 running juju [2.6.8 gc go1.10.4]
12:01:38 DEBUG juju.cmd supercommand.go:58 args: []string{"/snap/juju/8873/bin/juju", "add-credential", "--debug", "c3p0", "-f", "lxd.yaml"}
Loaded client cert/key from "/home/freyes/.local/share/juju/lxd"
ERROR finalizing credential: not authorized
12:01:38 DEBUG cmd supercommand.go:496 error stack:
not authorized
/build/juju/parts/juju/go/src/github.com/juju/juju/provider/lxd/credentials.go:415:
/build/juju/parts/juju/go/src/github.com/juju/juju/cmd/juju/cloud/addcredential.go:373: finalizing credential
/build/juju/parts/juju/go/src/github.com/juju/juju/cmd/juju/cloud/addcredential.go:242:
 ~ $ ls /home/freyes/.local/share/juju/lxd
client.crt client.key
 ~ $ curl -k --cert /home/freyes/.local/share/juju/lxd/client.crt --key /home/freyes/.local/share/juju/lxd/client.key https://192.168.88.3:8443/1.0/certificates -X POST -d '{"type": "client", "password": "ubuntu11"}'
{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":null}
 ~ $ juju add-credential --debug c3p0 -f lxd.yaml
12:02:07 INFO juju.cmd supercommand.go:57 running juju [2.6.8 gc go1.10.4]
12:02:07 DEBUG juju.cmd supercommand.go:58 args: []string{"/snap/juju/8873/bin/juju", "add-credential", "--debug", "c3p0", "-f", "lxd.yaml"}
Loaded client cert/key from "/home/freyes/.local/share/juju/lxd"
Reusing certificate from LXD server.
Credentials "admin" added for cloud "c3p0".
12:02:08 INFO cmd supercommand.go:502 command finished

Revision history for this message
Richard Harding (rharding) wrote :

I'll see if Simon can take a look into it. Thanks for the report.

Changed in juju:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Simon Richardson (simonrichardson)
milestone: none → 2.7-beta1
Revision history for this message
Simon Richardson (simonrichardson) wrote :

I just tried this locally and I can't reproduce this. Using `juju [2.6.8 gc go1.10.4]` and a snap install of 3.16. I'm not entirely sure why you'd get a not authorized error, considering we're doing the same post internally using the LXD API client.

I'll give it another try and report back if I find anything more.

Revision history for this message
Simon Richardson (simonrichardson) wrote :

Unfortunately I couldn't reproduce this. I'm wonder if you can provide us with some more information about the general setup, if you're able to reproduce this every time or just the once, for that reason I'm marking this as incomplete.

Changed in juju:
status: Triaged → Incomplete
Canonical Juju QA Bot (juju-qa-bot)
Changed in juju:
milestone: 2.7-beta1 → 2.7-rc1
Anastasia (anastasia-macmood)
Changed in juju:
milestone: 2.7-rc1 → none
Simon Richardson (simonrichardson)
Changed in juju:
assignee: Simon Richardson (simonrichardson) → nobody
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for juju because there has been no activity for 60 days.]

Changed in juju:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.