Bootstrap manual cloud fails

whershberger · 13 December 2023 22:28

Hi,

I’ve deployed several manual clouds for learning and each time Juju has required some manual intervention in order to get the bootstrap to succeed. Here’s my latest reproducer:

On my client:

wesley@ctrl:~$ snap list juju
Name  Version  Rev    Tracking    Publisher   Notes
juju  3.3.0    25355  3.3/stable  canonical✓  -

# ~/mcloud-test.yaml 
clouds:
    mcloud-test:
        type: manual
        endpoint: wesley@controller.cloud.lan
        regions:
            default: {}

Unencrypted ed25519 keypair stored at /home/wesley/.ssh/id_ed25519 with fingerprint:

SHA256:1PrhN2kIbUChhupYxSil2g9IyFppSeDH3hrfuvy5bxI wesley@ctrl

On controller.cloud.lan:

wesley@controller:~$ cat .ssh/authorized_keys 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIy95UclpNmvDrQVzcogKMNXDvS47T+UigsNNOXMeiI/ wesley@ctrl

wesley@controller has sudo access with no password.

When I run the bootstrap, it fails:

wesley@ctrl:~$ juju add-cloud mcloud-test mcloud-test.yaml
...
Cloud "mcloud-test" successfully added to your local client.
wesley@ctrl:~$ juju bootstrap mcloud-test
ERROR initializing ubuntu user: subprocess encountered error code 255 (Failed to add the ECDSA host key for IP address '192.168.3.15' to the list of known hosts (/home/wesley/.ssh/known_hosts).
wesley@controller.cloud.lan: Permission denied (publickey).)
ERROR subprocess encountered error code 255 (Failed to add the ECDSA host key for IP address '192.168.3.15' to the list of known hosts (/home/wesley/.ssh/known_hosts).
wesley@controller.cloud.lan: Permission denied (publickey).)
wesley@ctrl:~$ ssh wesley@controller.cloud.lan

/var/log/auth.log on controller.cloud.lan indicates two successful login attempts from the ssh key with the above fingerprint. This looks like a missing permissions error on the client, but (I hope) one could be forgiven for mistaking it for a key authentication issue (Permission denied (publickey)).

Changing the cloud definition yaml to use the IP of controller.cloud.lan and signing in with ssh using the IP instead of the DNS name cleans up the permissions issues with known_hosts, but I’m still getting something similar:

wesley@ctrl:~$ juju bootstrap mcloud-test
ERROR initializing ubuntu user: subprocess encountered error code 255 (wesley@192.168.3.15: Permission denied (publickey).)
ERROR subprocess encountered error code 255 (wesley@192.168.3.15: Permission denied (publickey).)

Based on auth.log on controller Juju is trying to authenticate as ubuntu instead of wesley. Am I missing something obvious here or is this workflow broken?

nvinuesa · 14 December 2023 07:41

Hi! This bug looks similar to yours Bug #2030507 “[juju 3.1 - manual provider] strict confinement b...” : Bugs : Canonical Juju. Let me know if the workaround they use is enough for you.

whershberger · 14 December 2023 15:33

Thanks Nicolas, that worked! I took a look through Launchpad and missed that one.

alex · 15 September 2024 22:00

In my case, a Juju 3.5.3 manual cloud with SSH client configuration works for me. Just a note: I needed to use the SSH configuration like this - due to not being able to add machines for the same reason I couldn’t boot the controller:

Host 100.128.200.*
    IdentityFile ~/.ssh/id_ed25519
    ControlMaster no

Thank you very much!