search

luisarizmendi / ocp-libvirt-ipi-role

Ansible Role to deploy OpenShift 4 on a CentOS 7 or Fedora KVM using libvirt IPI
31 stars 14 forks source link

Errors when the variable lb (haproxy) is true (CentOS 8) #15

Closed danielmenezesbr closed 2 years ago

danielmenezesbr commented 3 years ago

I used ocp-libvirt-ipi-role in my project which provision various OpenShift development environments on GCP such as: CRC, SNC (Single Node Cluster) and MNC.

When the variable lb (haproxy) is true, I needed to make some modifications before starting ansible:

a) pip3 install netaddr

Otherwise, ansible returns an error:

...
TASK [luisarizmendi.ocp_libvirt_ipi_role : Create backends haproxy file] *******
task path: /root/.ansible/roles/luisarizmendi.ocp_libvirt_ipi_role/tasks/kvm_deploy.yml:279
fatal: [localhost]: FAILED! => {"changed": false, "msg": "AnsibleFilterError: The ipmath filter requires python's netaddr be installed on the ansible controller"}

b)

sed -i 's/mode tcp/mode http/g' .ansible/roles/luisarizmendi.ocp_libvirt_ipi_role/templates/haproxy.cfg.back.j2

Otherwise, ansible/haproxy returns an error:

...
TASK [luisarizmendi.ocp_libvirt_ipi_role : Starting services] ***************************************************************
task path: /root/.ansible/roles/luisarizmendi.ocp_libvirt_ipi_role/tasks/kvm_deploy.yml:306
failed: [localhost] (item=haproxy) => {"ansible_loop_var": "item", "changed": false, "item": "haproxy", "msg": "Unable to start service haproxy: Job for haproxy.service failed because the control process exited with error code.\nSee \"systemctl status haproxy.service\" and \"journalctl -xe\" for details.\n"}

PLAY RECAP ******************************************************************************************************************
localhost                  : ok=26   changed=9    unreachable=0    failed=1    skipped=6    rescued=0    ignored=0

...

$ sudo systemctl status haproxy.service -l --no-pager

● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2021-08-13 16:41:45 UTC; 2min 36s ago
  Process: 57604 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $OPTIONS (code=exited, status=1/FAILURE)

Aug 13 16:41:45 crc-build-1 systemd[1]: Starting HAProxy Load Balancer...
Aug 13 16:41:45 crc-build-1 haproxy[57604]: [ALERT] 224/164145 (57604) : http backend 'app' (/etc/haproxy/haproxy.cfg:85) tries to use incompatible tcp backend 'mycluster-openshift-api-server' (/etc/haproxy/haproxy.cfg:97) in a 'use_backend' rule (see 'mode').
Aug 13 16:41:45 crc-build-1 haproxy[57604]: [ALERT] 224/164145 (57604) : http backend 'app' (/etc/haproxy/haproxy.cfg:85) tries to use incompatible tcp backend 'mycluster-ingress-https' (/etc/haproxy/haproxy.cfg:113) in a 'use_backend' rule (see 'mode').
Aug 13 16:41:45 crc-build-1 haproxy[57604]: [ALERT] 224/164145 (57604) : http backend 'app' (/etc/haproxy/haproxy.cfg:85) tries to use incompatible tcp backend 'mycluster-ingress-http' (/etc/haproxy/haproxy.cfg:106) in a 'use_backend' rule (see 'mode').
Aug 13 16:41:45 crc-build-1 haproxy[57604]: [ALERT] 224/164145 (57604) : Fatal errors found in configuration.
Aug 13 16:41:45 crc-build-1 systemd[1]: haproxy.service: Control process exited, code=exited status=1
Aug 13 16:41:45 crc-build-1 systemd[1]: haproxy.service: Failed with result 'exit-code'.
Aug 13 16:41:45 crc-build-1 systemd[1]: Failed to start HAProxy Load Balancer.

...

$ haproxy version
HA-Proxy version 1.8.27-493ce0b 2020/11/06
Copyright 2000-2020 Willy Tarreau <willy@haproxy.org>

My OS:

cat /etc/os-release

NAME="CentOS Linux"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
luisarizmendi commented 3 years ago

I also faced that issue with fresh installed Operating Systems. The weird part is that python3-netaddr package is installed [1] and if you try to re-launch the install right after the first try (the one which fails) without doing anything else, it starts working...at least in my case

[1] https://github.com/luisarizmendi/ocp-libvirt-ipi-role/blob/fda457f6189329672ea77cec5191cbded13f523d/tasks/kvm_deploy.yml

danielmenezesbr commented 2 years ago

I also faced that issue with fresh installed Operating Systems. The weird part is that python3-netaddr package is installed [1] and if you try to re-launch the install right after the first try (the one which fails) without doing anything else, it starts working...at least in my case

[1] https://github.com/luisarizmendi/ocp-libvirt-ipi-role/blob/fda457f6189329672ea77cec5191cbded13f523d/tasks/kvm_deploy.yml

@luisarizmendi , thanks for sharing your experience.

haproxy.cfg.back.j2 is compatible with HA-Proxy 1.8?

I described in item (b) of my first comment my workaround to make this file work in HA-Proxy 1.8

luisarizmendi commented 2 years ago

Apologies, I missed that, I've changed from TCP to HTTP the load balancer template

rcarrata commented 2 years ago

now with the haproxy with mode HTTP worked like a charm @luisarizmendi

luisarizmendi commented 2 years ago

Ok, I put tcp back in the config. The problem was that as @danielmenezesbr mentioned, there is a new haproxy release that now includes an example haproxy.config file that was interfering with the config made by the template.

I didn't faced this issue because I already had a haproxy config in my system. I tested the latest commit with an empty server and now it is working