The credential access rights look correct to me. What’s the content of the hook error as seen in the debug logs? That will help the aws integrator charm folks diagnose the issue.
I downloaded the bundle I was using and replaced the default aws-integrator charm with, as Rick suggested:
charm: "cs:~containers/aws-integrator"
This helped, yet I still get a permission error:
As a test I’ve granted to my Juju credential the IAM AdministratorAccess role. I also, probably futilely, added all IAM “actions” within the “EC2 service”. I’m not sure how to give more than that.
I’ve never seen that fail before and I’m not sure what could cause it. Possibly the credentials provided to the integrator charm lacking the EC2 DescribeInstances permission, or maybe some sort of issue with the subnet being attached? Maybe you can try manually running that query and provide the results?
Also, make sure to leave off the final | [0] bit of the query to see all of the subnet info, and possibly all of the .SubnetId[] | [0] bit to see all instance info.
I made a change to how I called the function and got at least some semblance of next steps:
python3 -c 'from aws import *; print(tag_instance_subnet(instance_id, region, tags))'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/var/lib/juju/agents/unit-aws-integrator-0/charm/lib/charms/layer/aws.py", line 14, in <module>
from charmhelpers.core import hookenv
ModuleNotFoundError: No module named 'charmhelpers'
The ModuleNotFound error seems like you need to ensure that the charm’s venv is activated. You could try using charm-env python3 ... instead. However, even if that runs, I suspect that it would just give you the same error that’s in the Juju log. Instead, I think you need to run a modified form of the query directly, to see what values the query is coming back with for the subnets.
Would you mind pasting the results of the following, filling in the $REGION and $INSTANCE_ID from the output of juju status:
I’d first like to re-explain my environment since my initial post. Since we spoke (on IRC) about bundle ‘kube-core-aws’ I have since moved to just using bundle ‘canonical-kubernetes’. I then installed ‘aws-integrator’ separately (juju deploy cs:~containers/aws-integrator).
After having run juju trust aws-integrator the final result is here.
Pre-pending charm-env gave me a different error:
charm-env python3 -c 'from aws import *; print(tag_instance_subnet(instance_id, region, tags))'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/var/lib/juju/agents/unit-aws-integrator-0/charm/lib/charms/layer/aws.py", line 22, in <module>
MODEL_UUID = os.environ['JUJU_MODEL_UUID']
File "/var/lib/juju/agents/unit-aws-integrator-0/.venv/lib/python3.6/os.py", line 669, in __getitem__
raise KeyError(key) from None
KeyError: 'JUJU_MODEL_UUID'
I remain vexed by the aws-integrator charm. I left off last time with my only hope being that my
AWS account was somehow borked due to it being of some legacy nature. Well I’m using a fresh
account with Administrator privileges (arn:aws:iam::aws:policy/AdministratorAccess)
and it still doesn’t work.
Failed to provision volume with StorageClass "k8s-model-juju-operator-storage": Failed to get AWS Cloud Provider. GetCloudProvider returned <nil> instead
I ran the aws tool that’s installed on the aws-integrator/0 unit machine to describe the
instance hosting units etcd/0 and kubernetes-master/0:
I don’t see where you added the relation between the aws-integrator and both of kubernetes-master and kubernetes-worker. Was that just an omission from the copy-paste here?
It’s also worth noting that, while the charm should generally handle a late addition of an integrator charm gracefully, there have been some known issues within Kubernetes itself having trouble switching over (possibly due to some corner-cases requiring restarting of some of the control-plane pods which we haven’t pinned down and added to the charms yet). So it’s usually recommended to deploy the bundle with an overlay, as recommended in the integrator charm’s README.