Vsphere cloud not found


#1

I’m trying to add a user to an existing vsphere controller which is using candid to authenticate with MS Active Directory. The problem is that the user cant add a model due to juju “not finding the cloud”.

I’m kind of lost and need some help finding out what I’m doing wrong.

  • I’ve done as admin in the controller :
    juju grant XMAQZ9@global login

  • The controller name: iuba-vmware

The user “XMAQZ9@global” has credentials in the vsphere cloud associated with the controller which you can see here:

Controller:  iuba-vmware
Model:       SSSLER@global/slurm-elk
User:        XMAQZ9@global

The user XMAQZ9@global can access an existing model I’ve created for her. “slurm-elk” and that all works fine.

  • All commands “juju clouds” and “juju controllers” looks good and gives no errors.

The problem arises when the user tries to create a new model:

ubuntu@t1037:~$ juju add-model myfirst
ERROR cloud "vmware01-prod" not found

WTF ! The cloud ‘vmware01-prod’ does exist!

    $ juju clouds
    Cloud           Regions  Default          Type        Description
    aws                  15  us-east-1        ec2         Amazon Web Services
    aws-china             2  cn-north-1       ec2         Amazon China
    aws-gov               1  us-gov-west-1    ec2         Amazon (USA Government)
    azure                27  centralus        azure       Microsoft Azure
    azure-china           2  chinaeast        azure       Microsoft Azure China
    cloudsigma           12  dub              cloudsigma  CloudSigma Cloud
    google               18  us-east1         gce         Google Cloud Platform
    joyent                6  us-east-1        joyent      Joyent Cloud
    oracle                4  us-phoenix-1     oci         Oracle Cloud Infrastructure
    oracle-classic        5  uscom-central-1  oracle      Oracle Cloud Infrastructure Classic
    rackspace             6  dfw              rackspace   Rackspace Cloud
    localhost             1  localhost        lxd         LXD Container Hypervisor
    vmware01-prod         1  Sodertalje-HPC   vsphere 

This is the clouds.yaml (with obfuscated endpoint hostname)

$ cat ~/.local/share/juju/clouds.yaml

  vmware01-prod:
    type: vsphere
    auth-types: [userpass]
    endpoint: h.o.s.t
    regions:
      Sodertalje-HPC:
        endpoint: h.o.s.t

The controllers.yaml (with cut certificate and IP-addresses)

$ cat ~/.local/share/juju/controllers.yaml

controllers:
  iuba-vmware:
    uuid: 2287fc42-9669-441f-8fb3-7ad4ef993588
    api-endpoints: ['x.x.x.x:17070']
    ca-cert: |
      -----BEGIN CERTIFICATE-----
       ...
      -----END CERTIFICATE-----
    cloud: vmware01-prod
    region: Sodertalje-HPC
    agent-version: 2.5.1
    controller-machine-count: 1
    active-controller-machine-count: 1
    machine-count: 17
current-controller: iuba-vmware

I’m trying with debug:

$ juju add-model myfirst --debug
15:55:17 INFO  juju.cmd supercommand.go:57 running juju [2.5.1 gc go1.10.4]
15:55:17 DEBUG juju.cmd supercommand.go:58   args: []string{"/snap/juju/6629/bin/juju", "add-model", "myfirst", "--debug"}
15:55:17 INFO  juju.juju api.go:67 connecting to API addresses: [x.x.x.x:17070]
15:55:17 DEBUG juju.api apiclient.go:883 successfully dialed "wss://x.x.x.x:17070/api"
15:55:17 INFO  juju.api apiclient.go:603 connection established to "wss://x.x.x.x:17070/api"
15:55:17 INFO  cmd authkeys.go:114 Adding contents of "/home/ubuntu/.local/share/juju/ssh/juju_id_rsa.pub" to authorized-keys
15:55:17 INFO  cmd authkeys.go:114 Adding contents of "/home/ubuntu/.ssh/id_rsa.pub" to authorized-keys
15:55:17 DEBUG juju.api monitor.go:35 RPC connection died
ERROR cloud "vmware01-prod" not found
15:55:17 DEBUG cmd supercommand.go:496 error stack:
cloud "vmware01-prod" not found
/build/juju/parts/juju/go/src/github.com/juju/juju/cmd/juju/controller/addmodel.go:413:
/build/juju/parts/juju/go/src/github.com/juju/juju/cmd/juju/controller/addmodel.go:211:

I’m all lost here.

It all works fine for users who acts with credentials used for the bootstrapped controller, in the same cloud (“vmware01-prod”).

Advice greatly appreciated.


#2

You’re hitting a known issue in that the error here isn’t helpful. You gave the user login access, but there’s a different permission to be able to create new models. You’ll need to grant them add-model permissions.

What happens here is that add-model let’s users “reuse” a cloud definition and since the user can’t do that it comes out of Juju a bit like “cloud not found” vs a “permission denied”.

We’re working on making this better but I think that if you just

juju grant xxx@global add-model

You’ll be off and to the races.