Closed norbertoisaac closed 1 month ago
I miss the 's' in --projects
Thank you for reaching out.
We do redirect to the dynamic default project, where the default is taken from the list of projects a user can see. For restricted users, this should only be the project with name "default", if they have access to it. I suspect there might be something off with this logic, and it will need a bit of testing to figure out what exactly. It might be a race with the project list not being loaded yet, and the redirect happening before, or something else.
Edit: I think your user does not have access to any project, at least that is what the output from lxc config trust show ecea5a62d74c
suggests with the line projects: []
. Was it due to the missing s
as per your comment above, and everything works fine actually?
The issue i was posted because I was wrong in the command: it must be "--projects", my apologies.
However, after correction and some operations as IAAS1000 restricted certificate, for example, launching a Debian12 container and a second Alpine3.20 container, the LXD-UI fail with all URLs /ui/project/IAAS1000/ redirecting to /ui/project/default/ excep with /ui/project/IAAS1000/images:
/ui/project/IAAS1000/instances:
# lxc config trust show ecea5a62d74c
name: IAAS1000.crt
type: client
restricted: true
projects:
- IAAS1000
certificate: |
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgIQASMGFwQyAAAkAAdwAAMUADANBgkqhkiG9w0BAQUFADBV
MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTExMC8GA1UEChMoTFhE
IFVJIDE3Mi4yNy4xOTguNjggKEJyb3dzZXIgR2VuZXJhdGVkKTAeFw0yNDA1MTcw
MjQwNTNaFw0yNzAyMTEwMjQwNTNaMFUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT
b21lLVN0YXRlMTEwLwYDVQQKEyhMWEQgVUkgMTcyLjI3LjE5OC42OCAoQnJvd3Nl
ciBHZW5lcmF0ZWQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCdP
9waXL7lHWRdINqDdNd7SlYZbOO4UI8x0UagT0S9vzn+L0vHy6HMFw/nWPA/UXwPN
XPuI8V5x9miL/n65aoVtqHA/C8ZmAfFeIi5Fk30g+lCMhedAgp7ZuKDQZ7jNWT1q
5Fk6AiV8m5nslX96YMsVrbizi+66G6lEjbi2RAJWPqye2/Ee78j5bd6t60r20Lso
BQUinUuU92n03QErNHQnmNMoJAEWbbnlN81LRlSd1pKj1O2Yvl21OGkeLY+imMvx
XnMF+OKAWsiQbIJNZ/4zMzMo644jkKeGfnztMm8hkRFdXedLCGYh4WBNbD3L8/JJ
pPM9T+tcmZ8yUKQxLQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA7UVSgYdhFMBJL
xN7FeUJT83D6R3KpcFc8U7Hyn/h+7e0o+9W55WGe1yiDvCLs0FReCKPahGvfimC8
k6cW0BlAttqU6Bo+aLQa4Wbp/QaN9rD5XAdNKu/DeXsCnsCwn4WHrwFg01i9oosU
6ozIlZ9tXCWvKQNwPKi7pjob8zBe7wYG5iLqJTF7wiKtE0nZVGYm69VNlcHzT6av
020k+AH83DMC+zxyxa/r6SCa9I/vuD9yMacCencl72CjUkia7P4+3lufv/hlLGD/
MAlSQrVstx53o3fWstwnRZNYQIzYSOaRyu4wWbdVhmhOf+NBu8PvowA9FQlHXDpa
OAQhUjlm
-----END CERTIFICATE-----
fingerprint: ecea5a62d74c90cef055f360c37f599e9ef615ad4af98e62d1af96ea61ff80db
Thank you for commenting again. This is indeed a regression in LXD. I logged an issue to the backend for this problem at https://github.com/canonical/lxd/issues/13533
cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS" NAME="Ubuntu" VERSION_ID="24.04" VERSION="24.04 LTS (Noble Numbat)" VERSION_CODENAME=noble ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=noble LOGO=ubuntu-logo
snap version
snap 2.63 snapd 2.63 series 16 ubuntu 24.04 kernel 6.8.0-31-generic
lxd version
5.21.1 LTS
lxc cluster list
+-------------+-----------------------------+-----------------+--------------+----------------+-------------+--------+-------------------+ | NAME | URL | ROLES | ARCHITECTURE | FAILURE DOMAIN | DESCRIPTION | STATE | MESSAGE | +-------------+-----------------------------+-----------------+--------------+----------------+-------------+--------+-------------------+ | fdo-kvmc1h1 | https://[100::2004:68]:8443 | database | x86_64 | default | | ONLINE | Fully operational | +-------------+-----------------------------+-----------------+--------------+----------------+-------------+--------+-------------------+ | fdo-kvmc1h4 | https://[100::2004:71]:8443 | database-leader | x86_64 | default | | ONLINE | Fully operational | | | | database | | | | | | +-------------+-----------------------------+-----------------+--------------+----------------+-------------+--------+-------------------+ | fdo-kvmc1h5 | https://[100::2004:72]:8443 | database | x86_64 | default | | ONLINE | Fully operational | +-------------+-----------------------------+-----------------+--------------+----------------+-------------+--------+-------------------+
lxc project create IAAS1001
lxc config trust add IAAS1000.crt --project IAAS1001 --restricted
ss -lnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 127.0.0.54:53 0.0.0.0: LISTEN 0 4096 172.27.198.68:50053 0.0.0.0: LISTEN 0 10 172.27.198.68:6644 0.0.0.0: LISTEN 0 10 172.27.198.68:6643 0.0.0.0: LISTEN 0 10 172.27.198.68:6642 0.0.0.0: LISTEN 0 10 172.27.198.68:6641 0.0.0.0: LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0: LISTEN 0 4096 :22 : LISTEN 0 4096 :8444 : LISTEN 0 4096 :8443 :
lxc config trust list
+--------+-------------------+--------------------------------------+--------------+-------------------------------+------------------------------+ | TYPE | NAME | COMMON NAME | FINGERPRINT | ISSUE DATE | EXPIRY DATE | +--------+-------------------+--------------------------------------+--------------+-------------------------------+------------------------------+ | client | IAAS1000.crt | | ecea5a62d74c | May 17, 2024 at 2:40am (UTC) | Feb 11, 2027 at 2:40am (UTC) |
lxc config trust show ecea5a62d74c
name: IAAS1000.crt type: client restricted: true projects: [] certificate: | -----BEGIN CERTIFICATE----- MIIDMjCCAhqgAwIBAgIQASMGFwQyAAAkAAdwAAMUADANBgkqhkiG9w0BAQUFADBV MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTExMC8GA1UEChMoTFhE IFVJIDE3Mi4yNy4xOTguNjggKEJyb3dzZXIgR2VuZXJhdGVkKTAeFw0yNDA1MTcw MjQwNTNaFw0yNzAyMTEwMjQwNTNaMFUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT b21lLVN0YXRlMTEwLwYDVQQKEyhMWEQgVUkgMTcyLjI3LjE5OC42OCAoQnJvd3Nl ciBHZW5lcmF0ZWQpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCdP 9waXL7lHWRdINqDdNd7SlYZbOO4UI8x0UagT0S9vzn+L0vHy6HMFw/nWPA/UXwPN XPuI8V5x9miL/n65aoVtqHA/C8ZmAfFeIi5Fk30g+lCMhedAgp7ZuKDQZ7jNWT1q 5Fk6AiV8m5nslX96YMsVrbizi+66G6lEjbi2RAJWPqye2/Ee78j5bd6t60r20Lso BQUinUuU92n03QErNHQnmNMoJAEWbbnlN81LRlSd1pKj1O2Yvl21OGkeLY+imMvx XnMF+OKAWsiQbIJNZ/4zMzMo644jkKeGfnztMm8hkRFdXedLCGYh4WBNbD3L8/JJ pPM9T+tcmZ8yUKQxLQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA7UVSgYdhFMBJL xN7FeUJT83D6R3KpcFc8U7Hyn/h+7e0o+9W55WGe1yiDvCLs0FReCKPahGvfimC8 k6cW0BlAttqU6Bo+aLQa4Wbp/QaN9rD5XAdNKu/DeXsCnsCwn4WHrwFg01i9oosU 6ozIlZ9tXCWvKQNwPKi7pjob8zBe7wYG5iLqJTF7wiKtE0nZVGYm69VNlcHzT6av 020k+AH83DMC+zxyxa/r6SCa9I/vuD9yMacCencl72CjUkia7P4+3lufv/hlLGD/ MAlSQrVstx53o3fWstwnRZNYQIzYSOaRyu4wWbdVhmhOf+NBu8PvowA9FQlHXDpa OAQhUjlm -----END CERTIFICATE----- fingerprint: ecea5a62d74c90cef055f360c37f599e9ef615ad4af98e62d1af96ea61ff80db