Comment 1 for bug 1996221

The security policies being enforced are not allowing the juju agent to operate. What policy are you enforcing? "baseline"? "restricted"?

The jujud agent expects to operate as root in order to do it's job. So at this stage, only a policy of "privileged" would be possible I suspect.

You can see that the jujud agent is not being allowed to do its job:

/bin/sh: 1: cannot create /root/mongo.sh: Permission denied
mkdir: cannot create directory '/var/lib/juju/tools': Permission denied

etc

You could set up the cluster to warn/audit on policy violations instead of erroring and run juju and then set up your admission rules to allow the access that juju needs to operate.