Canonical Juju

Juju fails to bootstrap local LXD

Bug #1675728 reported by Joseph Borg
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Expired
Medium
Unassigned

Bug Description

See full output http://paste.ubuntu.com/24240179/

After running cloud-init on the container:
2017-03-24 10:37:10 INFO juju.cmd supercommand.go:63 running jujud [2.1.2 gc go1.6]
2017-03-24 10:37:20 ERROR cmd supercommand.go:458 new environ: Get https://10.201.51.1:8443/1.0: Unable to connect to: 10.201.51.1:8443
ERROR failed to bootstrap model: subprocess encountered error code 1

Some background:
Ubuntu 16.04
Juju 2.1.2
LXD 2.12

I just had to purge and reinstall LXD because of other issues, but can now launch LXD containers manually without issue.

Revision history for this message
Joseph Borg (joeborg) wrote :

Have just purged everything, including ZFS pool and bridge interface. Then installed lxd and juju via snappy and still get the exact same error.

Revision history for this message
Joseph Borg (joeborg) wrote :

I can curl that URL and get a sane response:

$ curl --insecure https://10.162.8.1:8443/1.0
{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":{"api_extensions":["storage_zfs_remove_snapshots","container_host_shutdown_timeout","container_syscall_filtering","auth_pki","container_last_used_at","etag","patch","usb_devices","https_allowed_credentials","image_compression_algorithm","directory_manipulation","container_cpu_time","storage_zfs_use_refquota","storage_lvm_mount_options","network","profile_usedby","container_push","container_exec_recording","certificate_update","container_exec_signal_handling","gpu_devices","container_image_properties","migration_progress","id_map","network_firewall_filtering","network_routes","storage","file_delete","file_append","network_dhcp_expiry","storage_lvm_vg_rename","storage_lvm_thinpool_rename","network_vlan","image_create_aliases","container_stateless_copy"],"api_status":"stable","api_version":"1.0","auth":"untrusted","public":false}}

Revision history for this message
Joseph Borg (joeborg) wrote :

And this is the log from lxd.log:

ephemeral=false lvl=info msg="Creating container" name=juju-f872c4-0 t=2017-03-24T15:40:50+0000
ephemeral=false lvl=info msg="Created container" name=juju-f872c4-0 t=2017-03-24T15:40:50+0000
action=start created=2017-03-24T15:40:50+0000 ephemeral=false lvl=info msg="Starting container" name=juju-f872c4-0 stateful=false t=2017-03-24T15:40:52+0000 used=1970-01-01T00:00:00+0000
action=start created=2017-03-24T15:40:50+0000 ephemeral=false lvl=info msg="Started container" name=juju-f872c4-0 stateful=false t=2017-03-24T15:40:52+0000 used=1970-01-01T00:00:00+0000
action=stop created=2017-03-24T15:40:50+0000 ephemeral=false lvl=info msg="Stopping container" name=juju-f872c4-0 stateful=false t=2017-03-24T15:41:49+0000 used=2017-03-24T15:40:52+0000
created=2017-03-24T15:40:50+0000 ephemeral=false lvl=info msg="Freezing container" name=juju-f872c4-0 t=2017-03-24T15:41:49+0000 used=2017-03-24T15:40:52+0000
created=2017-03-24T15:40:50+0000 ephemeral=false lvl=info msg="Froze container" name=juju-f872c4-0 t=2017-03-24T15:41:49+0000 used=2017-03-24T15:40:52+0000
action=stop created=2017-03-24T15:40:50+0000 ephemeral=false lvl=info msg="Stopped container" name=juju-f872c4-0 stateful=false t=2017-03-24T15:41:50+0000 used=2017-03-24T15:40:52+0000
created=2017-03-24T15:40:50+0000 ephemeral=false lvl=info msg="Deleting container" name=juju-f872c4-0 t=2017-03-24T15:41:50+0000 used=2017-03-24T15:40:52+0000
created=2017-03-24T15:40:50+0000 ephemeral=false lvl=info msg="Deleted container" name=juju-f872c4-0 t=2017-03-24T15:41:50+0000 used=2017-03-24T15:40:52+0000

Revision history for this message
Joseph Borg (joeborg) wrote :

Just found the problem after using '--keep-broken', then sshing into the controller container. I could ping 10.201.51.1 from the controller but port 8443 was not open. Turning my firewall (ufw) off fixed this, but it always used to work so does juju not open that port by default anymore?

Revision history for this message
John A Meinel (jameinel) wrote :

Juju doesn't interact with UFW at all. So if you've firewalled off ports from being accessible from containers, it is going to stay inaccessible.

The issue is that there are lots of potential firewalls (ufw, iptables, etc). I don't think Juju wants to learn how to operate all of them.

We could give a better error as to what we are trying to connect to, and possibly prompt the user to think about firewalls.

Revision history for this message
Anastasia (anastasia-macmood) wrote :

Based on comment # 5, the best we can do is to improve messaging around this failure. I am triaging this as a Medium, usability bug.

tags: added: usability
Changed in juju:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Canonical Juju QA Bot (juju-qa-bot) wrote :

This bug has not been updated in 5 years, so we're marking it Expired. If you believe this is incorrect, please update the status.

Changed in juju:
status: Triaged → Expired
tags: added: expirebugs-bot
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.