add-model sometimes ignores specified region
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
High
|
Andrew Wilkins |
Bug Description
When there is no local credential but the controller has a credential, the add-model command will ignore the region that's been specified on the command line.
A brief look at the code shows the likely cause. This statement overrides the region that's been specified by the user with whatever findCredential returns.
// Find a credential to use with the new model.
credential, credentialTag, cloudRegion, err := c.findCredentia
cloudTag: cloudTag,
cloudRegion: cloudRegion,
cloud: cloud,
modelOwner: modelOwner,
})
if err != nil {
return errors.Trace(err)
}
In findUnspecified
Here is a sample log transcript of a command that gets it wrong. We are trying to add a model in the google/asia-east1 region, but observe that the model was actually created in google/us-central1.
% juju add-model testing4 google/asia-east1 --debug --logging-config TRACE
17:07:33 INFO juju.cmd supercommand.go:63 running juju [2.2.6 gc devel +6e9960e Mon Nov 13 00:35:25 2017 +0000]
17:07:33 DEBUG juju.cmd supercommand.go:64 args: []string{"juju", "add-model", "testing4", "google/
17:07:33 INFO juju.juju api.go:67 connecting to API addresses: [jimm.jujucharm
17:07:33 DEBUG juju.api apiclient.go:715 looked up jimm.jujucharms.com -> [162.213.33.250 162.213.33.28]
17:07:33 DEBUG juju.api apiclient.go:863 successfully dialed "wss://
17:07:33 DEBUG juju.api apiclient.go:863 successfully dialed "wss://
17:07:33 INFO juju.api apiclient.go:617 connection established to "wss://
17:07:33 TRACE juju.rpc.jsoncodec codec.go:225 -> {"request-
17:07:33 TRACE juju.rpc.jsoncodec codec.go:120 <- {"request-
17:07:33 INFO cmd authkeys.go:114 Adding contents of "/home/
17:07:33 INFO cmd authkeys.go:114 Adding contents of "/home/
17:07:33 TRACE juju.rpc.jsoncodec codec.go:225 -> {"request-
17:07:33 TRACE juju.rpc.jsoncodec codec.go:120 <- {"request-
17:07:33 TRACE juju.rpc.jsoncodec codec.go:225 -> {"request-
17:07:33 TRACE juju.rpc.jsoncodec codec.go:120 <- {"request-
17:07:33 TRACE juju.rpc.jsoncodec codec.go:225 -> {"request-
17:07:34 TRACE juju.rpc.jsoncodec codec.go:120 <- {"request-
17:07:34 INFO cmd addmodel.go:281 Added 'testing4' model on google/us-central1 with credential 'google' for user 'rogpeppe'
17:07:34 TRACE juju.rpc.jsoncodec codec.go:123 <- error: read tcp 192.168.
17:07:34 DEBUG juju.api monitor.go:35 RPC connection died
17:07:34 INFO cmd supercommand.go:465 command finished
Changed in juju: | |
milestone: | 2.3.1 → none |
Changed in juju: | |
milestone: | none → 2.3.2 |
tags: | added: jaas |
Changed in juju: | |
assignee: | nobody → Andrew Wilkins (axwalk) |
Changed in juju: | |
status: | Triaged → In Progress |
Changed in juju: | |
status: | In Progress → Fix Committed |
Changed in juju: | |
status: | Fix Committed → Fix Released |
So juju should not be changing the region underneath a user. If the user has specified a specific region that doesn't match the credential, juju should warn them.
Secondly, locking a credential to a specific region is currently intentional, though perhaps that's not a sane default. IMHO, this is largely a usability issue. It would seem a saner default might be to simply warn the user the credential and region doesn't match, and if it fails, the user should understand why given the warning. By default it seems most users wouldn't be using region locked credentials (and then explicitly asking for a different region!). Juju should just attempt to do what the user has requested.