Canonical Juju

juju asking to login to every controller

Bug #1804401 reported by Ondrej Kuchar
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical Juju
Triaged
Low
Unassigned
2.4
Won't Fix
High
Unassigned

Bug Description

we're creating juju users and trying to operate with those instead of super-admin user.
Problem is when juju runs in HA it is asking for password for every controller

for example when I run same command, without providing password (pressing Ctrl+c)
kucharo@ic-skbrat2-infra1:~$ juju show-user -c foundations-maas
please enter password for kucharo on foundations-maas:
kucharo@ic-skbrat2-infra1:~$ juju show-user -c foundations-maas kucharo
please enter password for kucharo on foundations-maas:
kucharo@ic-skbrat2-infra1:~$ juju show-user -c foundations-maas kucharo
please enter password for kucharo on foundations-maas:
kucharo@ic-skbrat2-infra1:~$ juju show-user -c foundations-maas kucharo
please enter password for kucharo on foundations-maas:
kucharo@ic-skbrat2-infra1:~$ juju show-user -c foundations-maas kucharo
please enter password for kucharo on foundations-maas:
kucharo@ic-skbrat2-infra1:~$ juju show-user -c foundations-maas kucharo
user-name: kucharo
access: login
date-created: 2018-11-12
last-connection: just now

with --debug is visible that one controller is logged in
https://pastebin.ubuntu.com/p/BKZ6myGpm5/

juju controllers:
https://pastebin.ubuntu.com/p/HJRy74jFKs/

juju show-model:
https://pastebin.ubuntu.com/p/MZCJ7BYCH3/

I'd say juju should share state of user authentication between controllers in HA mode

See original description
Ondrej Kuchar (ondrej-kuchar)
description: updated
Revision history for this message
John A Meinel (jameinel) wrote :

this seems like an issue with the underlying macaroon authentication. I'll add the Candid project.

Revision history for this message
John A Meinel (jameinel) wrote :

https://github.com/CanonicalLtd/candid/issues/109

Changed in juju:
status: New → Triaged
importance: Undecided → High
Revision history for this message
Ante Karamatić (ivoks) wrote :

FWIW, candid is not being used here.

Revision history for this message
Richard Harding (rharding) wrote :

Thanks, we're investigating how we can make sure that the macaroons minted are good on each of the controllers. Typically we'd use a dns name to help with this, but understand that's not always part of the setup.

Tim Penhey (thumper)
Changed in juju:
milestone: none → 2.5.1
Revision history for this message
Gábor Mészáros (gabor.meszaros) wrote :

A possible workaround for this situation is to include the password in the accounts definition file. E.g.:

.local/share/juju/accounts.yaml
controllers:
  controller1:
    user: user1
    password: MySecurePassw0rd
    last-known-access: login

Which may not be optimal for some use cases, but for others it could be even better, as there will be no password prompted when the sessions expire.

Ian Booth (wallyworld)
Changed in juju:
milestone: 2.5.1 → 2.5.2
Canonical Juju QA Bot (juju-qa-bot)
Changed in juju:
milestone: 2.5.2 → 2.5.3
Canonical Juju QA Bot (juju-qa-bot)
Changed in juju:
milestone: 2.5.3 → 2.5.4
Canonical Juju QA Bot (juju-qa-bot)
Changed in juju:
milestone: 2.5.4 → 2.5.5
Anastasia (anastasia-macmood)
Changed in juju:
milestone: 2.5.6 → 2.5.8
Canonical Juju QA Bot (juju-qa-bot)
Changed in juju:
milestone: 2.5.8 → 2.5.9
Revision history for this message
Anastasia (anastasia-macmood) wrote :

Removing from a milestone as this work will not be done in 2.5 series.

Changed in juju:
milestone: 2.5.9 → none
Revision history for this message
Canonical Juju QA Bot (juju-qa-bot) wrote :

This bug has not been updated in 2 years, so we're marking it Low importance. If you believe this is incorrect, please update the importance.

Changed in juju:
importance: High → Low
tags: added: expirebugs-bot
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.