juju

[azure provider] Juju purges resource group VMs and other resources that do not belong to it

Bug #1904020 reported by Peter De Sousa on 2020-11-12

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

juju

Fix Released

Critical

Ian Booth

juju 2.8.7

You need to log in to change this bug's status.

Affecting:	juju
Filed here by:	Peter De Sousa
When:	2020-11-12
Confirmed:	2020-11-12
Assigned:	2020-11-12
Started work:	2020-11-12
Completed:	2020-12-14

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance	Milestone
	Critical	juju 2.8.7

Assigned to

	Me
	Ian Booth (wallyworld)

Comment on this change (optional)

Email me about changes to this bug report

2.9

Fix Committed

Critical

Ian Booth

juju 2.9-rc3

You need to log in to change this bug's status.

Affecting:	juju 2.9
Filed here by:	Ian Booth
When:	2020-11-16
Confirmed:	2020-11-16
Assigned:	2020-11-16
Started work:	2020-11-16

Status	Importance	Milestone
	Critical	juju 2.9-rc3

Assigned to

	Me
	Ian Booth (wallyworld)

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

Hi,

[Problem]

When bootstrapping juju on azure if the bootstrap fails, juju will kill all resources inside that Resource Group (But keep the Resource Group)

[Reproducer]

1. Create a resource group (Outside of juju)

2. Configure the Azure Resource group via Policies to disable public IPs (This should cause juju to fail bootstrap)

3. Create a VM in that resource group as a jumphost

4. Follow juju docs to connect azure, preferably with an Azure Service Principal that has permissions to operate on the Resource Group

5. Bootstrap: juju bootstrap --debug --config use-public-ip=true --config resource-group-name=JujuControllerRG --config network=SPOKE_NET/JujuControllerVNET /SUBNET --no-default-model azure/westeurope azure-controller

The important part here is for juju to fail bootstrapping then begin cleanup.

[Workarounds]

None at time of writing

Tags: Edit Tag help

Peter De Sousa (pjds) wrote on 2020-11-12:

Json dumps of delete actions Edit (57.4 KiB, application/json)

Attached is the JSON dump from Azure showing the actions triggered by the Service Principal operated by juju.

Peter De Sousa (pjds) wrote on 2020-11-12:

Screenshot of Activity Log in azure showing VMs being deleted Edit (151.0 KiB, image/png)

Screenshot of Activity Log in azure showing VMs being deleted

John A Meinel (jameinel) on 2020-11-12

Changed in juju:
assignee:	nobody → Ian Booth (wallyworld)
importance:	Undecided → Critical
milestone:	none → 2.9-rc3
status:	New → Triaged

Pedro Guimarães (pguimaraes) wrote on 2020-11-12:

I believe this line is the root-cause of this issue: https://github.com/juju/juju/blob/e9031cdcff02105d07f89d309577a567933655d4/provider/azure/environ.go#L1834

Ian Booth (wallyworld) wrote on 2020-11-12:

purge was originally done because of a misplaced understanding that a BYO RG would be created empty specifically for that juju model; it is non-trivial for juju to figure out the dependencies so as to know what order to delete things in, but that's something that will need to be done.