Error after oc-up.sh

[pradeepn-altran]

Can't reach the web console. I see the following during the oc-up.sh. Any pointers what is missing or what to look for. This is my first attempt at getting an OpenShift environment on my laptop Thanks in advance. ''' $ ./oc-up.sh Bringing machine 'node01' up with 'virtualbox' provider... Bringing machine 'node02' up with 'virtualbox' provider... Bringing machine 'master' up with 'virtualbox' provider... ==> node01: [vagrant-hostmanager:guests] Updating hosts file on active guest virtual machines... ==> node01: [vagrant-hostmanager:host] Updating hosts file on your workstation (password may be required)... ==> node01: Machine already provisioned. Run vagrant provision or use the --provision ==> node01: flag to force provisioning. Provisioners marked to run always will still run. ==> node02: [vagrant-hostmanager:guests] Updating hosts file on active guest virtual machines... ==> node02: [vagrant-hostmanager:host] Updating hosts file on your workstation (password may be required)... ==> node02: Machine already provisioned. Run vagrant provision or use the --provision ==> node02: flag to force provisioning. Provisioners marked to run always will still run. ==> master: [vagrant-hostmanager:guests] Updating hosts file on active guest virtual machines... ==> master: [vagrant-hostmanager:host] Updating hosts file on your workstation (password may be required)... ==> master: Machine already provisioned. Run vagrant provision or use the --provision ==> master: flag to force provisioning. Provisioners marked to run always will still run. ==> master: Running provisioner: master-key (file)... master: .vagrant/machines/master/virtualbox/private_key => /home/vagrant/.ssh/master.key ==> master: Running provisioner: node01-key (file)... master: .vagrant/machines/node01/virtualbox/private_key => /home/vagrant/.ssh/node01.key ==> master: Running provisioner: node02-key (file)... master: .vagrant/machines/node02/virtualbox/private_key => /home/vagrant/.ssh/node02.key

PLAY [Fail openshift_kubelet_name_override for new hosts] ***

TASK [Gathering Facts] ** fatal: [node01.example.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0664 for '/home/vagrant/.ssh/node01.key' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/home/vagrant/.ssh/node01.key\": bad permissions\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n", "unreachable": true} fatal: [node02.example.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0664 for '/home/vagrant/.ssh/node02.key' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/home/vagrant/.ssh/node02.key\": bad permissions\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n", "unreachable": true} fatal: [master.example.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0664 for '/home/vagrant/.ssh/master.key' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/home/vagrant/.ssh/master.key\": bad permissions\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n", "unreachable": true} to retry, use: --limit @/home/vagrant/openshift-ansible/playbooks/prerequisites.retry

PLAY RECAP ** master.example.com : ok=0 changed=0 unreachable=1 failed=0 node01.example.com : ok=0 changed=0 unreachable=1 failed=0 node02.example.com : ok=0 changed=0 unreachable=1 failed=0

Connection to 127.0.0.1 closed. '''

[pradeepn-altran]

I could ping master, node01, node02 from the local bash shell as the VMs seems to be up and running and can also do a vagrant ssh to master, node01, node02

[eliu]

is it the first time you launch your VMs using ./oc-up.sh? 'cause I saw this messageflag to force provisioning. Provisioners marked to run always will still run

~I guess this script should be run ONLY once when you first create your virtual machines.~

update: it's no problem to run ./oc-up.sh for multiple times from my side and I cannot reproduce this on my computer.

Here is the basic package information on my laptop:

➜  ~ vagrant version
Installed Version: 2.2.5
Latest Version: 2.2.5

You're running an up-to-date version of Vagrant!
➜  ~ vagrant plugin list
vagrant-hostmanager (1.8.9, global)
  - Version Constraint: > 0
vagrant-scp (0.5.7, global)
  - Version Constraint: > 0
➜  ~ VBoxManage --version
6.0.10r132072
➜  ~

Hope this helps.

[pradeepn-altran]

I updated all the versions to the latest. I did a vagrant up - it seem to complete without any issues. When I access : https://master.example.com:8443/ I get connection refused. Any idea what to look for.

[pradeepn-altran]

From your notes, it is not clear, if I need to run oc-up.sh after doing a vagrant up. The notes seem to apply to OKD 3.8. Since I am using OKD 3.11, does the oc-up.sh still apply?

[pradeepn-altran]

I tried running the command individually or via oc-up.sh, in both the cases I get the same error: ''' TASK [Gathering Facts] ***** fatal: [node01.example.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0664 for '/home/vagrant/.ssh/node01.key' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/home/vagrant/.ssh/node01.key\": bad permissions\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic).", "unreachable": true} fatal: [node02.example.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0664 for '/home/vagrant/.ssh/node02.key' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/home/vagrant/.ssh/node02.key\": bad permissions\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic).", "unreachable": true} fatal: [master.example.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0664 for '/home/vagrant/.ssh/master.key' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/home/vagrant/.ssh/master.key\": bad permissions\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic).", "unreachable": true} to retry, use: --limit @/home/vagrant/openshift-ansible/playbooks/prerequisites.retry

PLAY RECAP ***** master.example.com : ok=0 changed=0 unreachable=1 failed=0 node01.example.com : ok=0 changed=0 unreachable=1 failed=0 node02.example.com : ok=0 changed=0 unreachable=1 failed=0 '''

[pradeepn-altran]

Looks like there is some permission issue : Permissions 0664 for '/home/vagrant/.ssh/node02.key'

Let me try fixing that and retry

[pradeepn-altran]

Might want to add a note to the instructions to fix the permissions of the key files in /home/vagrant/.ssh/*.key

chmod go-rw /home/vagrant/.ssh/*.key

[pradeepn-altran]

With the above change it seems to go further. However taking a long time with re-tries on the following . How long does it take to get this up and running? '''

TASK [openshift_control_plane : Wait for control plane pods to appear] **** FAILED - RETRYING: Wait for control plane pods to appear (60 retries left). FAILED - RETRYING: Wait for control plane pods to appear (59 retries left). FAILED - RETRYING: Wait for control plane pods to appear (58 retries left). FAILED - RETRYING: Wait for control plane pods to appear (57 retries left). FAILED - RETRYING: Wait for control plane pods to appear (56 ret '''

[pradeepn-altran]

The ansible playbooks completed, but with the following error: ''' Failure summary:

1. Hosts: master.example.com Play: Configure masters Task: Report control plane errors Message: Control plane pods didn't come up '''

[eliu]

Looks like there is some permission issue : Permissions 0664 for '/home/vagrant/.ssh/node02.key'

Let me try fixing that and retry

That's weird because what I saw in my master vm is as below: (Permission 600)

[vagrant@master .ssh]$ pwd
/home/vagrant/.ssh
[vagrant@master .ssh]$ ll *.key
-rw-------. 1 vagrant vagrant 1679 Aug  3 06:51 master.key
-rw-------. 1 vagrant vagrant 1679 Aug  3 06:51 node01.key
-rw-------. 1 vagrant vagrant 1675 Aug  3 06:51 node02.key
[vagrant@master .ssh]$

What operating system does your host machine have?

[pradeepn-altran]

Host OS is Windows 10.

[eliu]

Hmmm, then i guess you might run oc-up.sh using some shell-like tools like git-bash, which does have some file permissions issue. I'll see if I can make a patch for compatibility of Windows platform.

[eliu]

@pradeepn-altran A patch has been applied for fixing permission issue on Windows host. would you please verify if it solves your problem?

[pradeepn-altran]

I will try this and let you know

[pradeepn-altran]

The new oc-up.sh fix worked ! Thanks a bunch. Closing this issue.