[2.9-RC12] Bootstrap fails, security group 'juju-XXXXX' does not exist in default VPC
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Expired
|
Low
|
Unassigned |
Bug Description
Seen during the juju 2.9-rc12 release test, we fail to bootstrap due to a juju-created security group not being found:
2021-04-23 18:17:12.253857 Launching controller instance(s) on aws/us-east-1...
2021-04-23 18:17:18.654122 - Verifying availability zone
- Making user data
- Setting up groups
- Trying to start instance in availability zone "us-east-1a"
- Start instance attempt 1
- Verifying availability zone
- Making user data
- Setting up groups
ERROR failed to bootstrap model: cannot start bootstrap instance: cannot set up groups: fetching security group "juju-8dd56ca7-
Full details of the run can be found here: https:/
Unfortunately we did not capture any logs from the local juju client snap.
The code basically does
name = "<controllerUUI D>-0" #0 is machine 0, the bootstrap machine
createGroup(name) ssions( name) tags)
if group already exists {
readGroup(name) <--- failing here
setGroupPermi
} else {
setGroupTags(
}
At bootstrap, the group should not previously exist so it should just set the tags. Duplicate" error, so Juju tries to read the group. It's understandable that there could be an eventual consistency error but not in this circumstance as the group named after the new controller UUID should not already exist so the code path in question should never get executed.
However, it's failing because the create API call appears to get back a "InvalidGroup.
Does this issue occur frequently?