Canonical Juju

juju bootstrap with local lxd failed with "x509: certificate is valid for *, not VCA"

Bug #1705829 reported by Xiaowei Zhang on 2017-07-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Invalid	Undecided	Unassigned

Bug Description

juju version: 2.0.2-xenial-amd64
lxd version: 2.0.10
OS version: ubuntu 16.04 LTS amd64 (release) (20170619.1)

I'm in process of installing etsi OSM Release TWO on a VM hosted in a corporate Openstack cloud. The installation is success, but the juju server which supposed to be configured successfully on VCA is not configured. I have to login to the VCA lxd container hosted on the OSM VM to run juju bootstrap manually with following command:
$ juju bootstrap -v --debug --show-log --config=config.yaml

Content of config.yaml is nothing but corporate proxy settings, e.g. apt-http-proxy. It always failed with following error: (10.44.127.1 is IP address of lxdbr0 on VCA)
2017-07-22 08:37:06 INFO juju.cmd supercommand.go:63 running jujud [2.0.2 gc go1.6.2]
2017-07-22 08:37:06 DEBUG juju.cmd supercommand.go:64 args: []string{"/var/lib/juju/tools/2.0.2-xenial-amd64/jujud", "bootstrap-state", "--timeout", "20m0s", "--data-dir", "/var/lib/juju", "--debug", "/var/lib/juju/bootstrap-params"}
2017-07-22 08:37:06 DEBUG juju.agent agent.go:509 read agent config, format "2.0"
2017-07-22 08:37:06 DEBUG juju.tools.lxdclient client.go:199 connecting to LXD remote "remote": "10.44.127.1:8443"
2017-07-22 08:37:57 ERROR cmd supercommand.go:458 new environ: creating LXD client: Get https://10.44.127.1:8443/1.0: x509: certificate is valid for 10.44.127.1, not VCA
2017-07-22 08:37:57 DEBUG cmd supercommand.go:459 (error details: [{github.com/juju/juju/cmd/jujud/bootstrap.go:144: new environ} {github.com/juju/juju/provider/lxd/provider.go:32: } {github.com/juju/juju/provider/lxd/environ.go:59: } {github.com/juju/juju/provider/lxd/environ_raw.go:71: creating LXD client} {github.com/juju/juju/provider/lxd/environ_raw.go:107: } {github.com/juju/juju/tools/lxdclient/client.go:124: } {github.com/juju/juju/tools/lxdclient/client.go:241: } {Get https://10.44.127.1:8443/1.0: x509: certificate is valid for 10.44.127.1, not VCA}])
2017-07-22 08:37:57 DEBUG juju.cmd.jujud main.go:163 jujud complete, code 0, err <nil>

Verified lxd is listening on 8443 port:
root@VCA:~# curl -k https://10.44.127.1:8443/1.0
{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":{"api_extensions":["id_map"],"api_status":"stable","api_version":"1.0","auth":"untrusted","public":false}}

I'm also reading this bug: https://bugs.launchpad.net/juju/+bug/1633788, but looks like not the same problem to me.

Tags:

Revision history for this message

Xiaowei Zhang (edwardzxw) wrote on 2017-07-22:

Content of config.yaml for reference:
default-series: xenial
no-proxy: localhost
apt-http-proxy: <proxy url>
apt-https-proxy: <proxy url>
apt-ftp-proxy: <proxy url>
http-proxy: <proxy url>
https-proxy: <proxy url>
ftp-proxy: <proxy url>

tags:	added: lxd
tags:	added: bootstrap

Revision history for this message

John A Meinel (jameinel) wrote on 2017-07-23: Re: [Bug 1705829] Re: juju bootstrap with local lxd failed with "x509: certificate is valid for *, not VCA"

Off hand I would think you want to add 10.44.127.1 to the no proxy list.

John
=:->

On Jul 22, 2017 20:25, "Edward Zhang" <email address hidden> wrote:

> Content of config.yaml for reference:
> default-series: xenial
> no-proxy: localhost
> apt-http-proxy: <proxy url>
> apt-https-proxy: <proxy url>
> apt-ftp-proxy: <proxy url>
> http-proxy: <proxy url>
> https-proxy: <proxy url>
> ftp-proxy: <proxy url>
>
> ** Tags added: lxd
>
> ** Tags added: bootstrap
>
> --
> You received this bug notification because you are subscribed to juju.
> Matching subscriptions: juju bugs
> https://bugs.launchpad.net/bugs/1705829
>
> Title:
> juju bootstrap with local lxd failed with "x509: certificate is valid
> for *, not VCA"
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju/+bug/1705829/+subscriptions
>

Revision history for this message

Xiaowei Zhang (edwardzxw) wrote on 2017-07-23:

Thanks for help on this, John! After added 10.44.127.1 to no-proxy config option juju bootstrap completes successfully. This bug shall be invalid.

John A Meinel (jameinel) on 2017-07-23

Changed in juju:
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.