Juju set-credential for a new credential on the controller does not work, you need to restart the agent on the controller.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Triaged
|
Low
|
Unassigned |
Bug Description
[Description]
I have Juju 2.6.10 with a local Cloud with MAAS, I have two Juju credentials for MAAS each one as an API KEY when I set the new Juju credential and remove the old MAAS key Juju keeps using the old one being necessary to restart the agent on the controller.
[Reproduction]
Juju - 2.6/stable
Controller MAAS
maas-cred1 - key=> 5FtZTPdqFg9FWvP
maas-cred2 - key=> 29An2FDPbVcsswn
Cloud Credentials
maas maas-cred1, maas-cred2
juju show-model
default:
name: admin/default
short-name: default
model-uuid: c135a081-
model-type: iaas
controller-uuid: f87a0b32-
controller-name: maas
is-controller: false
owner: admin
cloud: maas
type: maas
life: alive
status:
current: available
since: "2020-05-26"
users:
admin:
display-name: admin
access: admin
last-
machines:
"22":
cores: 1
sla: unsupported
agent-version: 2.6.10
credential:
name: maas-cred1
owner: admin
cloud: maas
Set new credential with new API KEY
juju set-credential maas maas-cred2
Did not find credential remotely. Looking locally...
Uploading local credential to the controller.
Changed cloud credential on model "admin/default" to "maas-cred2".
administrator@
Credential valid for:
default
Controller credential "maas-cred2" for user "admin" on cloud "maas" updated.
For more information, see ‘juju show-credential maas maas-cred2’.
At this time I removed the maas-cred1 credential from MAAS and Juju
juju remove-credential maas-cred1
[Impact]
juju add-machine
created machine 23
juju status
Model Controller Cloud/Region Version SLA Timestamp
default maas maas 2.6.10 unsupported 10:48:20-03:00
Machine State DNS Inst id Series AZ Message
22 started 172.16.99.6 sure-midge bionic default Deployed
23 down pending bionic could not get environ: Authorization Error: 'Invalid access token: Z6WdH9YbLuqDHSuYha'
At this moment juju still has reference to old credential and I need to restart the agent on the controller.
juju ssh ubuntu@172.16.99.3 "sudo systemctl restart jujud-machine-
Connection to 172.16.99.3 closed.
juju add-machine
created machine 24
Machine State DNS Inst id Series AZ Message
22 started 172.16.99.6 sure-midge bionic default Deployed
23 down pending bionic could not get environ: Authorization Error: 'Invalid access token: Z6WdH9YbLuqDHSuYha'
24 pending 172.16.99.7 united-fox bionic default Deploying: Powering on
Now this works without a problem, I believe this is not the normal behavior of Juju. I already had this behavior with connection to vSphere.
Changed in juju: | |
milestone: | 2.8.1 → 2.8-next |
Running this w/ 2.8, things behaved a bit differently, in that I got a warning that the old credentials were still attached to the "default" model.
``` guimaas_ admin_maas- test-01: it is still used by 1 model
petevg@badjanet:~$ juju remove-credential guimaas maas-test-01
This operation can be applied to both a copy on this client and to the one on a controller.
Do you want to remove credential "maas-test-01" for cloud "guimaas" from:
1. client only (--client)
2. controller "guimaas-default" only (--controller guimaas-default)
3. both (--client --controller guimaas-default)
Enter your choice, or type Q|q to quit: 3
Found remote cloud "guimaas" from the controller.
Found local cloud "guimaas" on this client. Credential "maas-test-01" for cloud "guimaas" removed from this client.
ERROR could not remove remote credential: cannot revoke credential cloudcred-
```
I'm not certain that's expected behavior. Will follow up with the team, then follow up on this bug.