Canonical Juju

[GCE] Cannot provision new VMs when VPC changed to "custom" (for IPv6)

Bug #2058870 reported by Haw Loeung on 2024-03-25

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Confirmed	Medium	Unassigned

Bug Description

Hi,

We're trying to deploy new cloud mirrors with IPv6 support. When creating a new project, Google GCE automatically creates new VPCs called "default". This is done in "auto" mode which doesn't support dual-stack IPv4 + IPv6[1] so we've had to change it to "custom".

Then as requested, we need to update the subnets to dual stack, for testing, I picked two regions, us-central1 and europe-west1:

| https://private-fileshare.canonical.com/~hloeung/tmp/rJuLtF9FOI.png
| https://private-fileshare.canonical.com/~hloeung/tmp/rQy72f8k6d.png

Unfortunately, Juju doesn't allow me to provision new VMs and fails with:

| machine-status:
| current: allocating
| message: 'failed to start machine 0 in zone "europe-west1-c", retrying in 10s
| with new availability zone: sending new instance request: sending new instance
| request: googleapi: Error 400: Invalid value for field ''resource.networkInterfaces[0]'':
| ''{ "network": "global/networks/default", "accessConfigs": [{ "type":
| "ONE_TO_ONE_NAT", "name"...''. Subnetwork should be specified for custom
| subnetmode network, invalid'

Steps I used to produce this is as follows:

* create new project via the Google Console.

* add compute admin level access per Juju docs.

* add my new creds:

| [hloeung@dharkan juju]$ juju add-credential google
| This operation can be applied to both a copy on this client and to the one on a controller.
| No current controller was detected and there are no registered controllers on this client: either bootstrap one or register one.
| Enter credential name: haw-test-cloud-mirrors
| ...
| Select region [any region, credential is not region specific]: asia-southeast1
|
| Auth Types
| jsonfile
| oauth2
|
| Select auth type [jsonfile]:
|
| Enter path to the .json file containing a service account key for your project
| (detailed instructions available at https://discourse.charmhub.io/t/1508).
| Path: /home/hloeung/.local/share/juju/haw-test-cloud-mirrors-f211d103fdf1.json
|
| Credential "haw-test-cloud-mirrors" added locally for cloud "google".

* bootstrap a controller:

* create new models in the regions I'm using for testing:

| [hloeung@dharkan juju]$ juju add-model test-us-central1 google/us-central1
| Added 'test-us-central1' model on google/us-central1 with credential 'haw-test-cloud-mirrors' for user 'admin'
| [hloeung@dharkan juju]$ juju add-model test-europe-west1 google/europe-west1
| Added 'test-europe-west1' model on google/europe-west1 with credential 'haw-test-cloud-mirrors' for user 'admin'
| [hloeung@dharkan juju]$ juju models
| Controller: haw-test-cloud-mirrors
|
| Model Cloud/Region Type Status Machines Cores Units Access Last connection
| controller google/asia-southeast1 gce available 1 2 1 admin just now
| test-europe-west1* google/europe-west1 gce available 0 - - admin never connected
| test-us-central1 google/us-central1 gce available 0 - - admin never connected

* deploy VMs to my two models:

| [hloeung@dharkan juju]$ juju deploy -m test-us-central1 ubuntu
| Deployed "ubuntu" from charm-hub charm "ubuntu", revision 24 in channel stable on ubuntu@22.04/stable
| [hloeung@dharkan juju]$ juju status -m test-us-central1 --watch 5s
| [hloeung@dharkan tmp]$ juju deploy -m test-europe-west1 ubuntu

* observe failure provisioning VMs:

| [hloeung@dharkan tmp]$ juju status --format=yaml -m test-europe-west1
| model:
| name: test-europe-west1
| type: iaas
| controller: haw-test-cloud-mirrors
| cloud: google
| region: europe-west1
| version: 3.3.1
| model-status:
| current: available
| since: 25 Mar 2024 14:10:53+11:00
| sla: unsupported
| machines:
| "0":
| juju-status:
| current: down
| message: agent is not communicating with the server
| since: 25 Mar 2024 14:17:29+11:00
| instance-id: pending
| machine-status:
| current: provisioning error
| message: 'googleapi: Error 400: Invalid value for field ''resource.networkInterfaces[0]'':
| ''{ "network": "global/networks/default", "accessConfigs": [{ "type":
| "ONE_TO_ONE_NAT", "name"...''. Subnetwork should be specified for custom
| subnetmode network, invalid'
| since: 25 Mar 2024 14:17:29+11:00
| modification-status:
| current: idle
| since: 25 Mar 2024 14:11:25+11:00
| base:
| name: ubuntu
| channel: "22.04"
| constraints: arch=amd64
| applications:
| ubuntu:
| charm: ubuntu
| base:
| name: ubuntu
| channel: "22.04"
| charm-origin: charmhub
| charm-name: ubuntu
| charm-rev: 24
| charm-channel: stable
| exposed: false
| application-status:
| current: waiting
| message: waiting for machine
| since: 25 Mar 2024 14:11:25+11:00
| units:
| ubuntu/0:
| workload-status:
| current: waiting
| message: waiting for machine
| since: 25 Mar 2024 14:11:25+11:00
| juju-status:
| current: allocating
| since: 25 Mar 2024 14:11:25+11:00
| machine: "0"
| storage: {}
| controller:
| timestamp: 14:27:39+11:00

This is with Juju 3.3.1-genericlinux-amd64 from the snap:

[hloeung@dharkan tmp]$ snap info juju | grep '^installed'
installed: 3.3.1 (25912) 98MB -

[1]: https://cloud.google.com/vpc/docs/vpc

See original description

Tags:

Haw Loeung (hloeung) on 2024-03-25

description:

updated

Revision history for this message

Haw Loeung (hloeung) wrote on 2024-03-25:

Upgraded to Juju 3.4.0, trying to bootstrap, that's failing now, I believe it's due to the default VPC still in "custom" mode:

| [hloeung@dharkan juju]$ juju bootstrap google/asia-southeast1 haw-test-cloud-mirrors --bootstrap-series=focal --bootstrap-constraints mem=8G
| Creating Juju controller "haw-test-cloud-mirrors" on google/asia-southeast1
| Looking for packaged Juju agent version 3.4.0 for amd64
| Located Juju agent version 3.4.0-ubuntu-amd64 at https://streams.canonical.com/juju/tools/agent/3.4.0/juju-3.4.0-linux-amd64.tgz
| Launching controller instance(s) on google/asia-southeast1...
| ERROR failed to bootstrap model: cannot start bootstrap instance in any availability zone (asia-southeast1-b, asia-southeast1-a, asia-southeast1-c):
| starting bootstrap instance in zone "asia-southeast1-b": sending new instance request: sending new instance request: googleapi: Error 400: Invalid value for field 'resource.networkInterfaces[0]': '{ "network": "global/networks/default", "accessConfigs": [{ "type": "ONE_TO_ONE_NAT", "name"...'. Subnetwork should be specified for custom subnetmode network, invalid
| starting bootstrap instance in zone "asia-southeast1-a": sending new instance request: sending new instance request: googleapi: Error 400: Invalid value for field 'resource.networkInterfaces[0]': '{ "network": "global/networks/default", "accessConfigs": [{ "type": "ONE_TO_ONE_NAT", "name"...'. Subnetwork should be specified for custom subnetmode network, invalid
| starting bootstrap instance in zone "asia-southeast1-c": sending new instance request: sending new instance request: googleapi: Error 400: Invalid value for field 'resource.networkInterfaces[0]': '{ "network": "global/networks/default", "accessConfigs": [{ "type": "ONE_TO_ONE_NAT", "name"...'. Subnetwork should be specified for custom subnetmode network, invalid

tags:

added: canonical-is

Revision history for this message

Harry Pidcock (hpidcock) wrote on 2024-03-26:

I've investigated the work involved to do this, and honestly its feature level work that will likely take a bit of time. At this stage it would need to go through the product feedback and be picked up in a cycle.

Here is my exploration https://github.com/juju/juju/pull/17100