We have an issue with our multicloud lxd controller.
The controller have multiple users.
The controller logs shows some error, with some credential, for some user. We don’t know which since the log don’t tell.
2022-09-23 11:23:12 ERROR juju.worker.dependency engine.go:693 "instance-poller" manifold worker returned unexpected error: Get "https://XXX.XXX.XXX.XXX:8443/1.0/containers?project=default&recursion=1": x509: certificate is valid for 127.0.0.1, ::1, not XXX.XXX.XXX.XXX
2022-09-23 11:23:17 ERROR juju.provider.lxd environ_instance.go:35 failed to get instances from LXD: Get "https://XXX.XXX.XXX.XXX:8443/1.0/containers?project=default&recursion=1": x509: certificate is valid for 127.0.0.1, ::1, not XXX.XXX.XXX.XXX
2022-09-23 11:23:17 ERROR juju.worker.dependency engine.go:693 "instance-poller" manifold worker returned unexpected error: Get "https://XXX.XXX.XXX.XXX:8443/1.0/containers?project=default&recursion=1": x509: certificate is valid for 127.0.0.1, ::1, not XXX.XXX.XXX.XXX
Possibly, someone has uploaded the wrong cert and we had a suspect credential. “jocke”
So, we got an advice from @tlm to try replace the cert. That proved not to be so easy since its used by a few models.
$ juju remove-credential dwellir2 jocke
This operation can be applied to both a copy on this client and to the one on a controller.
Do you want to remove credential "jocke" for cloud "dwellir2" from:
1. client only (--client)
2. controller "dwellir2-pionen" only (--controller dwellir2-pionen)
3. both (--client --controller dwellir2-pionen)
Enter your choice, or type Q|q to quit: 2
Found remote cloud "dwellir2" from the controller.
ERROR could not remove remote credential: cannot revoke credential cloudcred-dwellir2_admin_jocke: it is still used by 7 models
Since we don’t know which cert, which user, which models this affects - we are kind of in a bad spot here and looking for help to un-tangle this.
It affects our ability to remove models and instances and makes life generally difficult.
Any help here greatly aprechiated.