juju-release-tools

2.0 cannot bootstrap in AWS, Azure, and Joyent

Bug #1537082 reported by Curtis Hovey
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical Juju
Fix Released
Critical
Anastasia
juju-release-tools
Fix Released
Critical
Aaron Bentley

Bug Description

juju 2.0-alpha1 cannot bootstrap in AWS, Azure, or Joyent. Juju reports no matching tools. The debug out indicates it requires the sjson. This is a behaviour change from 1.x.

While it is feasible to sign CPC streams, there are several order of operation issues that make this difficult. We really do want to all streams to be signed, but this means Jerff needs to stop making streams, and instead sign *verified* streams made by another party.

WORK AROUND
Set this in the environments.yaml:
     agent-metadata-url: https://streams.canonical.com/juju/tools
^ this is non-obvious since it should be a no-op, but in fact restores the 1.x default behaviour.

See original description
Curtis Hovey (sinzui)
Changed in juju-release-tools:
status: New → Triaged
importance: Undecided → Critical
Revision history for this message
Curtis Hovey (sinzui) wrote :

I tested 1.25.3 from proposed agent streams with daily image streams. I think 1.25.3 is good and it can deploy xenial when the cloud and image streams support it

1. Joyent doesn't support daily image streams.

2. GCE does support daily image, but they are broken.
daily+xenial+proposed
ERROR failed to bootstrap environment: cannot start bootstrap instance: sending new instance request: sending new instance request: googleapi: Error 400: Invalid value for field 'resource.disk.initializeParams.sourceImage': 'https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/daily-ubuntu-1604-xenial-v20160121b'. Referenced resource was not found., invalid
daily+wily+proposed
ERROR failed to bootstrap environment: cannot start bootstrap instance: sending new instance request: sending new instance request: googleapi: Error 400: Invalid value for field 'resource.disk.initializeParams.sourceImage': 'https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/daily-ubuntu-1510-wily-v20160121'. Referenced resource was not found., invalid

3. AWS daily image streams work.
daily+wily
SUCCESS
daily+xenial+proposed
SUCCESS

4. Azure daily image streams work.
daily+xenial+proposed
SUCCESS

Revision history for this message
Curtis Hovey (sinzui) wrote :

Juju 2.0 requires the CPC streams to be signed with the Juju key. Since the cpc streams are created and verified before streams.canonical.com can make official streams, it is not possible to verify signed streams.

We need a process change where streams are made, then passed to jerff for signing, then collected and deployed to the CPCs. At this point jerff doesn't really need to make streams, but it cannot publish the signed streams until they are verified on all cpcs. So another call to jerff is needed to make the signed streams public.

The work around is to set this in the environments.yaml:
     agent-metadata-url: https://streams.canonical.com/juju/tools
^ this is non-obvious since it should be a no-op, but in fact restores the 1.x default behaviour.

summary: - Cannot use devel/proposed agent streams with daily stream for xenial
+ 2.0 cannot bootstrap in AWS, Azure, and Joyent
Curtis Hovey (sinzui)
description: updated
Curtis Hovey (sinzui)
Changed in juju-release-tools:
assignee: nobody → Curtis Hovey (sinzui)
status: Triaged → In Progress
Revision history for this message
Katherine Cox-Buday (cox-katherine-e) wrote :

This seems to be causing issues with the LXD provider as well. Further, specifying a agent-metadata-url: "https://streams.canonical.com/juju/tools" doesn't seem to change anything.

Curtis Hovey (sinzui)
Changed in juju-release-tools:
assignee: Curtis Hovey (sinzui) → Aaron Bentley (abentley)
status: In Progress → Fix Released
Curtis Hovey (sinzui)
Changed in juju-core:
status: Triaged → Fix Released
assignee: nobody → Anastasia (anastasia-macmood)
Cheryl Jennings (cherylj)
tags: added: 2.0-count
Canonical Juju QA Bot (juju-qa-bot)
affects: juju-core → juju
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.