Trouble with aws-integrator


#1

I’m trying to deploy a charm mentioned in post Getting Started that involves the aws-integrator charm:

juju bootstrap --credential juju-k8s --config charmstore-url=https://api.staging.jujucharms.com/charmstore aws aws-k8s
juju deploy cs:~johnsca/kube-core-aws
juju trust aws-integrator

I end up with a failure.

Credential ‘juju-k8s’ is associated with the AWS ‘AdministratorAccess’ policy and the custom policy I created specifically for ‘aws-integrator’.

Any ideas?


#2

The credential access rights look correct to me. What’s the content of the hook error as seen in the debug logs? That will help the aws integrator charm folks diagnose the issue.


#3

http://paste.ubuntu.com/p/W5bmscFKXh/


#4

the first thing I would do is use the latest aws-integrator charm. Current revision is 7, and you seem to have 4

juju upgrade charm should do it


#5

Doesn’t help. I guess the staging Charm Store, which I need, doesn’t have the newer revision.

juju upgrade-charm aws-integrator
ERROR already running latest charm "cs:~johnsca/aws-integrator-4"

#6

The JAAS team helpfully sync’d the ~containers space. Try using the charm straight from there. It should be the latest version as of yesterday.


#7

I downloaded the bundle I was using and replaced the default aws-integrator charm with, as Rick suggested:

    charm: "cs:~containers/aws-integrator"

This helped, yet I still get a permission error:

http://paste.ubuntu.com/p/jJm2tgR7yr/

As a test I’ve granted to my Juju credential the IAM AdministratorAccess role. I also, probably futilely, added all IAM “actions” within the “EC2 service”. I’m not sure how to give more than that.


#8

@cory_fu Any ideas on this?


#9

That error is coming from this query:

    subnet_id = _aws('ec2', 'describe-instances',
                     '--instance-ids', instance_id,
                     '--region', region,
                     '--query', 'Reservations[*]'
                                '.Instances[*]'
                                '.SubnetId[] | [0]')

I’ve never seen that fail before and I’m not sure what could cause it. Possibly the credentials provided to the integrator charm lacking the EC2 DescribeInstances permission, or maybe some sort of issue with the subnet being attached? Maybe you can try manually running that query and provide the results?


#10

I have given my user all the permissions I can think of (as stated earlier). This is the user whose credentials Juju is using to bootstrap.

As for manually querying, I presume I need to install an AWS CLI client. I’ll need to set that up.


#11

You could also just ssh into the aws-integrator unit and run the query from there. If you do the following, the credential will be already configured:

sudo su
export HOME=/root

#12

Also, make sure to leave off the final | [0] bit of the query to see all of the subnet info, and possibly all of the .SubnetId[] | [0] bit to see all instance info.