jenkins-x / terraform-aws-eks-jx

A Terraform module for creating Jenkins X infrastructure on AWS
Apache License 2.0
63 stars 43 forks source link

Error initializing storage of type dynamodb: UnrecognizedClientException: #249

Open ghost opened 3 years ago

ghost commented 3 years ago

Summary

Installed EKS cluster using this repo instructions - only defaults Exported VAULT

env | grep VAULT

VAULT_AWS_SECRET_ACCESS_KEY=xxxxx VAULT_AWS_ACCESS_KEY_ID=xxxxxxxx

Steps to reproduce the behavior

Created main.tf

module "eks-jx" {
  source  = "jenkins-x/eks-jx/aws"
  cluster_name = var.cluster_name
  region = var.region
  vpc_name = var.vpc_name
  force_destroy = var.force_destroy
}

Created variables.tf

variable "cluster_name" {
  type = string
  default = "xxxxxxx"
}

variable "region" {
  type = string
  default = "eu-central-1"
}

variable "vpc_name" {
  type = string
  default = "xxxxxxxxxx"
}

variable "force_destroy" {
  type = bool
  default = true
}

Created outputs.tf

output "jx_requirements" {
  value = module.eks-jx.jx_requirements
}

output "vault_user_id" {
  value       = module.eks-jx.vault_user_id
  description = "The Vault IAM user id"
}

output "vault_user_secret" {
  value       = module.eks-jx.vault_user_secret
  description = "The Vault IAM user secret"
}

Expected behavior

Vault unseal

Actual behavior

Terraform version

The output of terraform version is:

 terraform version
Terraform v0.14.6

Your version of Terraform is out of date! The latest version
is 0.14.7. You can update by downloading from https://www.terraform.io/downloads.html

Module version

Operating system

CentOS 7
kubectl get pods
NAME                                              READY   STATUS             RESTARTS   AGE
jx-vault-test-0                             1/3     CrashLoopBackOff   16         19m
jx-vault-configurer-65bfc5765c-cfjdn   1/1     Running            0          19m
vault-operator-7b4c658649-pdbl8                   1/1     Running            0          19m

Logs:

Using eth0 for VAULT_CLUSTER_ADDR: https://10.0.3.34:8201
telemetry.disable_hostname has been set to false. Recommended setting is true for Prometheus to avoid poorly named metrics.
Error initializing storage of type dynamodb: UnrecognizedClientException: The security token included in the request is invalid.
        status code: 400, request id: MTMFPKM9GIQN2H2MJAHBDHS11RVV4KQNSO5AEMVJF66Q9ASUAAJG

Logs from JX Boot:

Waiting for vault to be initialized and unsealed...
Waiting for vault to be initialized and unsealed...
Waiting for vault to be initialized and unsealed...
error: creating system vault URL client: wait for vault to be initialized and unsealed: reading vault health: Error making API request.

URL: GET http://vault-jx.18.157.121.79.nip.io/v1/sys/health?drsecondarycode=299&performancestandbycode=299&sealedcode=299&standbycode=299&uninitcode=299
Code: 503. Raw Message:

<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>

env | grep AWS

VAULT_AWS_SECRET_ACCESS_KEY=xxxxxxx VAULT_AWS_ACCESS_KEY_ID=xxxxx AWS_DEFAULT_REGION=xxxxxx AWS_SECRET_ACCESS_KEY=xxxxxxxxxx AWS_REGION=xxxx AWS_ACCESS_KEY_ID=xxxxxx

ghost commented 3 years ago

jx version Version 2.1.155 Commit 3fe0638 Build date 2020-12-24T15:07:42Z Go version 1.13.8 Git tree state clean

ghost commented 3 years ago

having same problem