search

kube-hetzner / terraform-hcloud-kube-hetzner

Optimized and Maintenance-free Kubernetes on Hetzner Cloud in one command!
MIT License
2.39k stars 368 forks source link

Install of module k3s.pp fails when creating cluster #555

Closed ifeulner closed 1 year ago

ifeulner commented 1 year ago

Just trying to build a small cluster with 1.9.0, node installation throws following error:

module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec): + /sbin/semodule -v -i /usr/share/selinux/packages/k3s.pp
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec): Attempting to install module '/usr/share/selinux/packages/k3s.pp':
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec): libsemanage.map_compressed_file: Unable to open /usr/share/selinux/packages/k3s.pp
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec):  (No such file or directory).
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec): libsemanage.semanage_direct_install_file: Unable to read file /usr/share/selinux/packages/k3s.pp
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec):  (No such file or directory).
module.kube-hetzner.null_resource.agents["0-0-agent-small"] (remote-exec): /sbin/semodule:  Failed on /usr/share/selinux/packages/k3s.pp!

Anyone experienced this already?

ifeulner commented 1 year ago

Looks like the install of transactional-update shell <<< "zypper --no-gpg-checks --non-interactive install https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/raw/master/.extra/k3s-selinux-next.rpm" didn't work.. or the reboot... It seems to worked for the control plane.

mysticaltech commented 1 year ago

@ifeulner Weird. It definitely failed when you tried. Please terraform init -upgrade and try again. Also, if it happens again, try to see in the logs if there is an error in the HTTP request to the RPM.

mysticaltech commented 1 year ago

Just FYI, the fix is coming to the main rancher repo, so that's just a quick patch. Please retry again!

More info on this here https://github.com/k3s-io/k3s-selinux/issues/36

mysticaltech commented 1 year ago

@ifeulner I'm considering this issue fixed, as just tried again and no one else complained. Also, the k3s folks just deployed the new testing rpm, so soon it's coming to stable, as soon as we have that, I will revert to using the rancher repo to fetch it.

gerwim commented 1 year ago

I'm currently hitting this issue. The agent nodes (all three of them) have this error. Using stable as release channel. The control planes worked though.

mysticaltech commented 1 year ago

@gerwim Please update your cluster to the latest and greatest version of the module, see pinned discussions.

gerwim commented 1 year ago

@mysticaltech Ah, I updated my previous message (but did not save it 🤡):

The issue is caused because of signature validation issue. The arm version worked fine, the x86 is returning an error. Removing the snapshots and rebuilding them (packer build hcloud-microos-snapshots.pkr.hcl) fixed it! 👍 

hcloud.microos-x86-snapshot: Retrieving: k3s-selinux-1.4-1.sle.noarch (Plain RPM files cache) (1/1),  20.5 KiB
    hcloud.microos-x86-snapshot: k3s-selinux-1.4-1.sle.noarch.rpm:
    hcloud.microos-x86-snapshot:     Header V3 RSA/SHA256 Signature, key ID 925ea29ae257814a: NOKEY
    hcloud.microos-x86-snapshot:     V3 RSA/SHA256 Signature, key ID 925ea29ae257814a: NOKEY
==> hcloud.microos-x86-snapshot: warning: /var/tmp/zypp.qZPNOY/zypper/_tmpRPMcache_/%CLI%/k3s-selinux-1.4-1.sle.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID e257814a: NOKEY
    hcloud.microos-x86-snapshot:
==> hcloud.microos-x86-snapshot: k3s-selinux-1.4-1.sle.noarch (Plain RPM files cache): Signature verification failed [4-Signatures public key is not available]