search

bevry-labs / terraform-scaleway-hashistack

Terraform module to deploy Consul, Nomad, Vault onto Scaleway
https://registry.terraform.io/modules/bevry/hashistack/scaleway
22 stars 3 forks source link

fix no route to host/origin from master #11

Closed balupton closed 6 years ago

balupton commented 6 years ago 
module.cluster_master.scaleway_server.server (remote-exec): removed directory: ‘/tmp/tmp.66tWeni7GL’
module.cluster_master.scaleway_server.server (remote-exec): shred -u ../data/local/files/consul.zip
module.cluster_master.scaleway_server.server (remote-exec): ● consul.service - consul agent
module.cluster_master.scaleway_server.server (remote-exec):    Loaded: loaded (/etc/systemd/system/consul.service; enabled; vendor preset: disabled)
module.cluster_master.scaleway_server.server (remote-exec):    Active: active (running) since Fri 2018-04-27 16:27:11 UTC; 710ms ago
module.cluster_master.scaleway_server.server (remote-exec):  Main PID: 2624 (consul)
module.cluster_master.scaleway_server.server (remote-exec):    CGroup: /system.slice/consul.service
module.cluster_master.scaleway_server.server (remote-exec):            └─2624 /usr/local/bin/consul agent -config-dir=/etc/systemd/system/consul.d

module.cluster_master.scaleway_server.server (remote-exec): Apr 27 16:27:11 par1_master_0 consul[2624]: 2018/04/27 16:27:11 [INFO] consul: Adding LAN server par1_master_0 (Addr: tcp/10.10.36.185:8300) (DC: global)
module.cluster_master.scaleway_server.server (remote-exec): Apr 27 16:27:11 par1_master_0 consul[2624]: 2018/04/27 16:27:11 [INFO] agent: Started DNS server 127.0.0.1:53 (tcp)
module.cluster_master.scaleway_server.server (remote-exec): Apr 27 16:27:11 par1_master_0 consul[2624]: 2018/04/27 16:27:11 [INFO] agent: Started HTTPS server on 127.0.0.1:8500 (tcp)
module.cluster_master.scaleway_server.server (remote-exec): Apr 27 16:27:11 par1_master_0 consul[2624]: 2018/04/27 16:27:11 [INFO] agent: started state syncer
module.cluster_master.scaleway_server.server (remote-exec): Apr 27 16:27:11 par1_master_0 consul[2624]: 2018/04/27 16:27:11 [INFO] agent: Retry join LAN is supported for: aliyun aws azure digitalocean gce os scaleway softlayer
module.cluster_master.scaleway_server.server (remote-exec): Apr 27 16:27:11 par1_master_0 consul[2624]: 2018/04/27 16:27:11 [INFO] agent: Joining LAN cluster...
module.cluster_master.scaleway_server.server (remote-exec): Apr 27 16:27:11 par1_master_0 consul[2624]: 2018/04/27 16:27:11 [INFO] agent: (LAN) joining: [10.10.36.189]
module.cluster_master.scaleway_server.server (remote-exec): Apr 27 16:27:11 par1_master_0 consul[2624]: 2018/04/27 16:27:11 [INFO] agent: (LAN) joined: 0 Err: 1 error(s) occurred:
module.cluster_master.scaleway_server.server (remote-exec): Apr 27 16:27:11 par1_master_0 consul[2624]: * Failed to join 10.10.36.189: dial tcp 10.10.36.189:8301: connect: no route to host
module.cluster_master.scaleway_server.server (remote-exec): Apr 27 16:27:11 par1_master_0 consul[2624]: 2018/04/27 16:27:11 [WARN] agent: Join LAN failed: <nil>, retrying in 30s
balupton commented 6 years ago

Caused seem to be these:

  1. IFS=',' did not seem to work on the machines, so switched to tr ',' '\n'
  2. while read -r port does not read the last line unless you also have || [ -n "$port" ]
  3. --zone=internal seemed to not expose to other local machines, change to --zone=public (perhaps as it was the active or default zone), more experimentation here is warranted

Previous code:

while IFS=',' read -r port; do
    echo "configuring local $port/tcp"
    sudo firewall-cmd --zone=internal --add-port="$port/tcp" --permanent
done <../data/input/ports_local_tcp
while IFS=',' read -r port; do
    echo "configuring local $port/udp"
    sudo firewall-cmd --zone=internal --add-port="$port/udp" --permanent
done <../data/input/ports_local_udp
sudo firewall-cmd --reload

Resolved code:

tr ',' '\n' < ../data/input/ports_local_tcp | while read -r port || [ -n "$port" ]; do
    echo "configuring local $port/tcp"
    sudo firewall-cmd --zone=public --add-port="$port/tcp" --permanent
done
tr ',' '\n' < ../data/input/ports_local_udp | while read -r port || [ -n "$port" ]; do
    echo "configuring local $port/udp"
    sudo firewall-cmd --zone=public --add-port="$port/udp" --permanent
done
sudo firewall-cmd --reload

Code for debugging zones:

sudo firewall-cmd --get-active-zones
sudo firewall-cmd --list-all-zones
sudo firewall-cmd --get-default-zone
balupton commented 6 years ago

Other resources: