Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate from RedHatSI/Packet to Equinix Metal #2

Merged
merged 16 commits into from
Feb 25, 2021
Merged

Migrate from RedHatSI/Packet to Equinix Metal #2

merged 16 commits into from
Feb 25, 2021

Conversation

displague
Copy link
Member

Fixes #1

cc @liveaverage

@displague
rename Packet to Equinix Metal
6348f2e 
Signed-off-by: Marques Johansson <[email protected]>
@displague
add versions.tf from v0.13-upgrade
b529abc 
Signed-off-by: Marques Johansson <[email protected]>
@displague
use implied provider inheritance in modules
773e978 
Signed-off-by: Marques Johansson <[email protected]>
@displague
terraform fmt
06e152c 
Signed-off-by: Marques Johansson <[email protected]>
@displague
fixup! use implied provider inheritance in modules
0578ebc
@displague
rename "extras" to "assets"
88280e3 
Signed-off-by: Marques Johansson <[email protected]>
@displague
use conventional module file naming in modules
aad0732 
Signed-off-by: Marques Johansson <[email protected]>
@displague
include Terraform version lock file
ea3098c 
Signed-off-by: Marques Johansson <[email protected]>
@displague
move all resource and module configs to main.tf
cc01f1f 
Signed-off-by: Marques Johansson <[email protected]>
@displague
replace masters with controlplane
f612a5b 
Signed-off-by: Marques Johansson <[email protected]>
@displague
rename TF resources named master with controlplane
9162d5f 
Signed-off-by: Marques Johansson <[email protected]>
@displague
update GH Workflow to use latest Terraform
737616a 
Signed-off-by: Marques Johansson <[email protected]>
@displague
modularize DNS providers (adding Linode)
6709d86 
Signed-off-by: Marques Johansson <[email protected]>
@displague
fix linting of /README.md
06e68d8 
Signed-off-by: Marques Johansson <[email protected]>
@displague
add sshkey module (and fix other modules)
1d63d3f 
Signed-off-by: Marques Johansson <[email protected]>
@displague displague mentioned this pull request Feb 24, 2021
Closed
@displague
Copy link
Member Author

displague commented Feb 25, 2021
edited
Loading

With the latest changes, 1d63d3f, the cluster provisioned and I can login to the panel using the DNS name (Linode module). I received certificate warnings which I think are related to the problem detailed next.

There were some resources that failed, timed-out, or were tainted due to configuration jitter:

module.openshift_install.null_resource.ocp_approve_pending_csrs
module.openshift_install.null_resource.ocp_installer_wait_for_completion
module.openshift_install.null_resource.ocp_nfs_provisioner[0]

The Linode SRV records also failed to register.

module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m0s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): error: one or more CSRs must be specified as <name> or -f <filename>
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m10s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m20s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m30s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m40s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m50s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m0s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m10s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m20s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m30s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m40s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m50s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m0s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m10s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m20s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m30s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m40s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m50s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [8m0s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): W0225 10:50:20.232961   29397 warnings.go:67] certificates.k8s.io/v1beta1 CertificateSigningRequest is deprecated in v1.19+, unavailable in v1.22+; use certificates.k8s.io/v1 CertificateSigningRequest
module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): error: one or more CSRs must be specified as <name> or -f <filename>
module.openshift_install.null_resource.ocp_approve_pending_csrs: Creation complete after 8m2s [id=1657214583702498071]
Error: Target for SRV records must be the associated domain or a related FQDN. Did you mean "etcd-0.mos.example.com"?
Error: Target for SRV records must be the associated domain or a related FQDN. Did you mean "etcd-2.mos.example.com"?
Error: Target for SRV records must be the associated domain or a related FQDN. Did you mean "etcd-1.mos.example.com"?

@displague
fix linode dns srv records
bced72f 
Signed-off-by: Marques Johansson <[email protected]>
@displague
Copy link
Member Author

displague commented Feb 25, 2021
edited
Loading

The SRV record problem was corrected in bced72f.

module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): error: one or more CSRs must be specified as <name> or -f <filename>
module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): W0225 10:50:20.232961   29397 warnings.go:67] certificates.k8s.io/v1beta1 CertificateSigningRequest is deprecated in v1.19+, unavailable in v1.22+; use certificates.k8s.io/v1 CertificateSigningRequest
module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): error: one or more CSRs must be specified as <name> or -f <filename>

The certificate provisioner problem described above is no longer trying to reapply, but the certificate is invalid (bad issuer?):

subject=/CN=*.apps.clustername.example.com
issuer=/CN=ingress-operator@1614149495

I think this may be related to assets/letsencrypt/1_configure_ingresscerts.sh not being called (and requiring Cloudflare credentials).

To keep this simple, we may need to enable LetsEncrypt (by default) using an HTTP prover instead of DNS.

@displague
Copy link
Member Author

I think this may be related to assets/letsencrypt/1_configure_ingresscerts.sh not being called (and requiring Cloudflare credentials).

To keep this simple, we may need to enable LetsEncrypt (by default) using an HTTP prover instead of DNS.

@displague displague mentioned this pull request Feb 25, 2021
Open
@displague displague merged commit 8f0a47a into main Feb 25, 2021
@displague displague deleted the metal branch February 25, 2021 23:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Migrate from RedHatSI/Packet to Equinix Metal
1 participant
@displague