juju failed to bootstrap model cannot start bootstrap instance failed to get list of availability zones

Hi Team, Im trying to deploy a controller on the OpenStack cloud, and I’m facing this below issue. Please let me know if you have any solution

juju bootstrap --debug --metadata-source /home/in8admin/simplestreams --config network=KubeNetwork --config use-floating-ip=true --to zone=nova dev-lab dev-openstack-azmismatch
05:16:50 INFO  juju.cmd supercommand.go:56 running juju [3.5.5 1d21840563a55809580976df0b4880e03323bbb7 gc go1.23.3]
05:16:50 DEBUG juju.cmd supercommand.go:57   args: []string{"/snap/juju/29058/bin/juju", "bootstrap", "--debug", "--metadata-source", "/home/in8admin/simplestreams", "--config", "network=KubeNetwork", "--config", "use-floating-ip=true", "--to", "zone=nova", "dev-lab", "dev-openstack-azmismatch"}
05:16:50 DEBUG juju.cmd.juju.commands bootstrap.go:1455 authenticating with region "" and credential "dev-lab-credential" ()
05:16:50 DEBUG juju.cmd.juju.commands bootstrap.go:1614 provider attrs: map[external-network: network:KubeNetwork policy-target-group: use-default-secgroup:false use-openstack-gbp:false]
05:16:50 INFO  cmd authkeys.go:113 Adding contents of "/home/in8admin/.local/share/juju/ssh/juju_id_rsa.pub" to authorized-keys
05:16:50 INFO  cmd authkeys.go:113 Adding contents of "/home/in8admin/.ssh/id_rsa.pub" to authorized-keys
05:16:50 DEBUG juju.cmd.juju.commands bootstrap.go:1699 preparing controller with config: map[agent-metadata-url: agent-stream:released apt-ftp-proxy: apt-http-proxy: apt-https-proxy: apt-mirror: apt-no-proxy: authorized-keys:-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----

 automatically-retry-hooks:true backup-dir: charmhub-url:  cloudinit-userdata: container-image-metadata-defaults-disabled:false container-image-metadata-url: container-image-stream:released container-inherit-properties: container-networking-method: default-base: default-space: development:false disable-network-management:false disable-telemetry:false egress-subnets: enable-os-refresh-update:true enable-os-upgrade:true external-network: fan-config: firewall-mode:instance ftp-proxy: http-proxy: https-proxy: ignore-machine-addresses:false image-metadata-defaults-disabled:false image-metadata-url: image-stream:released juju-ftp-proxy: juju-http-proxy: juju-https-proxy: juju-no-proxy:127.0.0.1,localhost,::1 logforward-enabled:false logging-config: logging-output: lxd-snap-channel:5.0/stable max-action-results-age:336h max-action-results-size:5G max-status-history-age:336h max-status-history-size:5G mode:requires-prompts name:controller net-bond-reconfigure-delay:17 network:KubeNetwork no-proxy:127.0.0.1,localhost,::1 num-container-provision-workers:4 num-provision-workers:16 policy-target-group: provisioner-harvest-mode:destroyed proxy-ssh:false resource-tags: saas-ingress-allow:0.0.0.0/0,::/0 secret-backend:auto snap-http-proxy: snap-https-proxy: snap-store-assertions: snap-store-proxy: snap-store-proxy-url: ssh-allow:0.0.0.0/0,::/0 ssl-hostname-verification:true test-mode:false transmit-vendor-metrics:true type:openstack update-status-hook-interval:5m use-default-secgroup:false use-floating-ip:true use-openstack-gbp:false uuid:fe37633d-2bf1-48d2-869f-7baa41e7926c]
05:16:50 INFO  juju.provider.openstack provider.go:164 opening model "controller"
05:16:50 WARN  juju.environs.config config.go:2053 unknown config field "use-floating-ip"
05:16:50 DEBUG juju.provider.openstack provider.go:972 authURL: 10.2.25.223:5000/v3
05:16:50 DEBUG juju.provider.openstack provider.go:972 authURL: 10.2.25.223:5000/v3
05:16:50 DEBUG goose logger.go:44 DEBUG: auth details: &{Token:oGPwecWTro52iynkdKa_XX-9KxnNOYrfu6-jYdV8xzRA TenantId: TenantName: UserId:ac5f3edb6e024a4c8cad09ffcbcdb81f Domain:admin_domain RegionServiceURLs:map[RegionOne:map[cloudformation: ://10.2.25.230:8000/v1 compute: 10.2.25.225:8774/v2.1 container-infra: 10.2.25.236:9511/v1 identity: 10.2.25.223:5000/v3 image: 10.2.25.228:9292 key-manager: 10.2.25.234:9311 load-balancer: 10.2.25.235:9876 metric: 10.2.25.232:8041 network: 10.2.25.227:9696 placement: 10.2.25.226:8778]]}
05:16:50 INFO  cmd bootstrap.go:1002 Creating Juju controller "dev-openstack-azmismatch" on dev-lab/RegionOne
05:16:50 DEBUG goose logger.go:44 TRACE: api version will be inserted between " 10.2.25.225:8774/" and "/"
05:16:50 DEBUG goose logger.go:44 DEBUG: discovered API versions: [{Version:{Major:2 Minor:0} Links:[{Href: 10.2.25.225:8774/v2/ Rel:self}] Status:SUPPORTED} {Version:{Major:2 Minor:1} Links:[{Href: 10.2.25.225:8774/v2.1/ Rel:self}] Status:CURRENT}]
05:16:50 DEBUG goose logger.go:44 TRACE: MakeServiceURL:  10.2.25.225:8774/v2.1/flavors/detail
05:16:51 INFO  juju.cmd.juju.commands bootstrap.go:1073 combined bootstrap constraints:
05:16:51 DEBUG juju.environs.bootstrap bootstrap.go:326 model "controller" supports application/machine networks: true
05:16:51 DEBUG juju.environs.bootstrap bootstrap.go:328 network management by juju enabled: true
05:16:51 DEBUG juju.environs.bootstrap bootstrap.go:1093 no agent directory found, using default agent metadata source:   /juju/tools
05:16:51 DEBUG juju.environs.bootstrap bootstrap.go:1118 setting default image metadata source: /home/in8admin/simplestreams/images
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:417 searching for signed metadata in datasource "bootstrap metadata"
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:451 looking for data index using path streams/v1/index2.sjson
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:463 looking for data index using URL file:///home/in8admin/simplestreams/images/streams/v1/index2.sjson
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:421 falling back to search for unsigned metadata in datasource "bootstrap metadata"
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:451 looking for data index using path streams/v1/index2.json
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:463 looking for data index using URL file:///home/in8admin/simplestreams/images/streams/v1/index2.json
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:466 streams/v1/index2.json not accessed, actual error: [{ /juju/retry.Call:188: } { /juju/juju/environs/simplestreams.(*urlDataSource).fetch:219: "file:///home/in8admin/simplestreams/images/streams/v1/index2.json" not found}]
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:467 streams/v1/index2.json not accessed, trying legacy index path: streams/v1/index.json
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:486 read metadata index at "file:///home/in8admin/simplestreams/images/streams/v1/index.json"
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:1018 finding products at path "streams/v1/com.ubuntu.cloud-released-imagemetadata.json"
05:16:51 DEBUG juju.environs imagemetadata.go:45 new user image datasource registered: bootstrap metadata
05:16:51 INFO  juju.environs.bootstrap bootstrap.go:1155 custom image metadata added to search path
05:16:51 INFO  cmd bootstrap.go:409 Loading image metadata
05:16:51 DEBUG juju.environs imagemetadata.go:124 obtained image datasource "bootstrap metadata"
05:16:51 DEBUG juju.environs imagemetadata.go:124 obtained image datasource "default ubuntu cloud images"
05:16:51 DEBUG juju.environs.bootstrap bootstrap.go:984 constraints for image metadata lookup &{{{RegionOne  10.2.25.223:5000/v3} [12.04 12.10 13.04 13.10 14.04 14.10 15.04 15.10 16.04 16.10 17.04 17.10 18.04 18.10 19.04 19.10 20.04 20.10 21.04 21.10 22.04 22.10 23.04 23.10 24.04 24.10 7 9 genericlinux kubernetes] [amd64 arm64 ppc64el s390x riscv64] released}}
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:417 searching for signed metadata in datasource "bootstrap metadata"
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:451 looking for data index using path streams/v1/index2.sjson
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:463 looking for data index using URL file:///home/in8admin/simplestreams/images/streams/v1/index2.sjson
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:421 falling back to search for unsigned metadata in datasource "bootstrap metadata"
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:451 looking for data index using path streams/v1/index2.json
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:463 looking for data index using URL file:///home/in8admin/simplestreams/images/streams/v1/index2.json
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:466 streams/v1/index2.json not accessed, actual error: [{ /juju/retry.Call:188: } { /juju/juju/environs/simplestreams.(*urlDataSource).fetch:219: "file:///home/in8admin/simplestreams/images/streams/v1/index2.json" not found}]
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:467 streams/v1/index2.json not accessed, trying legacy index path: streams/v1/index.json
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:486 read metadata index at "file:///home/in8admin/simplestreams/images/streams/v1/index.json"
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:1018 finding products at path "streams/v1/com.ubuntu.cloud-released-imagemetadata.json"
05:16:51 DEBUG juju.environs.bootstrap bootstrap.go:999 found 1 image metadata in bootstrap metadata
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:417 searching for signed metadata in datasource "default ubuntu cloud images"
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:451 looking for data index using path streams/v1/index2.sjson
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:463 looking for data index using URL  /releases/streams/v1/index2.sjson
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:466 streams/v1/index2.sjson not accessed, actual error: [{ /juju/retry.Call:188: } { /juju/juju/environs/simplestreams.(*urlDataSource).fetch:219: " /releases/streams/v1/index2.sjson" not found}]
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:467 streams/v1/index2.sjson not accessed, trying legacy index path: streams/v1/index.sjson
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:486 read metadata index at " /releases/streams/v1/index.sjson"
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:490 skipping index " /releases/streams/v1/index.sjson" because of missing information: index file has no data for cloud {RegionOne  10.2.25.223:5000/v3} not found
05:16:51 DEBUG juju.environs.bootstrap bootstrap.go:992 ignoring image metadata in default ubuntu cloud images: index file has no data for cloud {RegionOne  10.2.25.223:5000/v3} not found
05:16:51 DEBUG juju.environs.bootstrap bootstrap.go:1003 found 1 image metadata from all image data sources
05:16:51 DEBUG goose logger.go:44 TRACE: MakeServiceURL:  10.2.25.225:8774/v2.1/flavors/detail
05:16:51 INFO  cmd bootstrap.go:475 Looking for packaged Juju agent version 3.5.5 for amd64
05:16:51 INFO  juju.environs.bootstrap tools.go:78 looking for bootstrap agent binaries: version=3.5.5
05:16:51 DEBUG juju.environs.tools tools.go:87 finding agent binaries in stream: "released"
05:16:51 DEBUG juju.environs.tools tools.go:89 reading agent binaries with major.minor version 3.5
05:16:51 DEBUG juju.environs.tools tools.go:98 filtering agent binaries by version: 3.5.5
05:16:51 DEBUG juju.environs.tools tools.go:101 filtering agent binaries by os type: ubuntu
05:16:51 DEBUG juju.environs.tools tools.go:104 filtering agent binaries by architecture: amd64
05:16:51 DEBUG juju.environs.tools urls.go:133 trying datasource "keystone catalog"
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:417 searching for signed metadata in datasource "default simplestreams"
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:451 looking for data index using path streams/v1/index2.sjson
05:16:51 DEBUG juju.environs.simplestreams simplestreams.go:747 using default candidate for content id "com.ubuntu.juju:released:agents" are {20210329 mirrors:1.0 content-download streams/v1/cpc-mirrors-agents.sjson []}
05:16:52 DEBUG juju.environs.simplestreams simplestreams.go:463 looking for data index using URL   /juju/tools/streams/v1/index2.sjson
05:16:52 DEBUG juju.environs.simplestreams simplestreams.go:486 read metadata index at "  /juju/tools/streams/v1/index2.sjson"
05:16:52 DEBUG juju.environs.simplestreams simplestreams.go:1018 finding products at path "streams/v1/com.ubuntu.juju-released-agents.sjson"
05:16:52 INFO  juju.environs.bootstrap tools.go:80 found 1 packaged agent binaries
05:16:52 INFO  cmd bootstrap.go:488 Located Juju agent version 3.5.5-ubuntu-amd64 at   /juju/tools/agent/3.5.5/juju-3.5.5-linux-amd64.tgz
05:16:52 WARN  juju.environs.config config.go:2053 unknown config field "use-floating-ip"
05:16:52 INFO  cmd bootstrap.go:586 Starting new instance for initial controller
05:16:52 INFO  cmd bootstrap.go:188 Launching controller instance(s) on dev-lab/RegionOne...
05:16:52 DEBUG goose logger.go:44 TRACE: MakeServiceURL:  10.2.25.225:8774/v2.1/os-availability-zone
05:16:52 ERROR juju.cmd.juju.commands bootstrap.go:1031 failed to bootstrap model: cannot start bootstrap instance: failed to get list of availability zones
caused by: {"forbidden": {"code": 403, "message": "Policy doesn't allow os_compute_api:os-availability-zone:list to be performed."}}
caused by: request ( 10.2.25.225:8774/v2.1/os-availability-zone) returned unexpected status: 403; error info: {"forbidden": {"code": 403, "message": "Policy doesn't allow os_compute_api:os-availability-zone:list to be performed."}}
05:16:52 DEBUG juju.cmd.juju.commands bootstrap.go:1032 (error details: [{ /juju/juju/cmd/juju/commands.(*bootstrapCommand).Run:1130: failed to bootstrap model} { /juju/juju/environs/bootstrap.Bootstrap:738: } { /juju/juju/environs/bootstrap.bootstrapIAAS:590: } { /juju/juju/provider/common.Bootstrap:62: } { /juju/juju/provider/common.BootstrapInstance:260: cannot start bootstrap instance} { /juju/juju/provider/common.startInstanceZones:367: } { /juju/juju/provider/openstack.(*Environ).DeriveAvailabilityZones:671: } { /juju/juju/provider/openstack.(*Environ).parsePlacement:689: } {failed to get list of availability zones
caused by: {"forbidden": {"code": 403, "message": "Policy doesn't allow os_compute_api:os-availability-zone:list to be performed."}}
caused by: request ( 10.2.25.225:8774/v2.1/os-availability-zone) returned unexpected status: 403; error info: {"forbidden": {"code": 403, "message": "Policy doesn't allow os_compute_api:os-availability-zone:list to be performed."}}}])
05:16:52 DEBUG juju.cmd.juju.commands bootstrap.go:1856 cleaning up after failed bootstrap
05:16:52 INFO  juju.provider.common destroy.go:21 destroying model "controller"
05:16:52 INFO  juju.provider.common destroy.go:32 destroying instances
05:16:52 DEBUG goose logger.go:44 TRACE: MakeServiceURL:  10.2.25.225:8774/v2.1/servers/detail
05:16:52 ERROR juju.cmd.juju.commands bootstrap.go:1858 error cleaning up: destroying controller model: destroying instances: failed to get list of server details
caused by: {"forbidden": {"code": 403, "message": "Policy doesn't allow os_compute_api:servers:detail to be performed."}}
caused by: request ( 10.2.25.225:8774/v2.1/servers/detail?name=juju-.%2A) returned unexpected status: 403; error info: {"forbidden": {"code": 403, "message": "Policy doesn't allow os_compute_api:servers:detail to be performed."}}

Hi @maheshk691, did you manage to fix this after looking at the authentication methods, as mentioned on Matrix?

@aflynn Thank you, the issue is fixed. due to config issue in bootstrap cloud onboarding

1 Like