Migrate from RedHatSI/Packet to Equinix Metal

displague commented 3 years ago

Fixes #1

cc @liveaverage

displague commented 3 years ago

With the latest changes, 1d63d3f, the cluster provisioned and I can login to the panel using the DNS name (Linode module). I received certificate warnings which I think are related to the problem detailed next.

There were some resources that failed, timed-out, or were tainted due to configuration jitter:

module.openshift_install.null_resource.ocp_approve_pending_csrs
module.openshift_install.null_resource.ocp_installer_wait_for_completion
module.openshift_install.null_resource.ocp_nfs_provisioner[0]

The Linode SRV records also failed to register.

module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m0s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): error: one or more CSRs must be specified as <name> or -f <filename>
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m10s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m20s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m30s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m40s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [5m50s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m0s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m10s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m20s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m30s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m40s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [6m50s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m0s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m10s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m20s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m30s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m40s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [7m50s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs: Still creating... [8m0s elapsed]
module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): W0225 10:50:20.232961   29397 warnings.go:67] certificates.k8s.io/v1beta1 CertificateSigningRequest is deprecated in v1.19+, unavailable in v1.22+; use certificates.k8s.io/v1 CertificateSigningRequest
module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): error: one or more CSRs must be specified as <name> or -f <filename>
module.openshift_install.null_resource.ocp_approve_pending_csrs: Creation complete after 8m2s [id=1657214583702498071]
Error: Target for SRV records must be the associated domain or a related FQDN. Did you mean "etcd-0.mos.example.com"?
Error: Target for SRV records must be the associated domain or a related FQDN. Did you mean "etcd-2.mos.example.com"?
Error: Target for SRV records must be the associated domain or a related FQDN. Did you mean "etcd-1.mos.example.com"?

displague commented 3 years ago

The SRV record problem was corrected in bced72f.

module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): error: one or more CSRs must be specified as <name> or -f <filename>
module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): W0225 10:50:20.232961   29397 warnings.go:67] certificates.k8s.io/v1beta1 CertificateSigningRequest is deprecated in v1.19+, unavailable in v1.22+; use certificates.k8s.io/v1 CertificateSigningRequest
module.openshift_install.null_resource.ocp_approve_pending_csrs (remote-exec): error: one or more CSRs must be specified as <name> or -f <filename>

The certificate provisioner problem described above is no longer trying to reapply, but the certificate is invalid (bad issuer?):

subject=/CN=*.apps.clustername.example.com
issuer=/CN=ingress-operator@1614149495

I think this may be related to assets/letsencrypt/1_configure_ingresscerts.sh not being called (and requiring Cloudflare credentials).

To keep this simple, we may need to enable LetsEncrypt (by default) using an HTTP prover instead of DNS.

displague commented 3 years ago

I think this may be related to assets/letsencrypt/1_configure_ingresscerts.sh not being called (and requiring Cloudflare credentials).

To keep this simple, we may need to enable LetsEncrypt (by default) using an HTTP prover instead of DNS.

equinix / terraform-equinix-metal-openshift-on-baremetal

Migrate from RedHatSI/Packet to Equinix Metal #2