search

submariner-io / releases

Toolset for automating Submariner releases.
Apache License 2.0
16 stars 12 forks source link

failed to setup cluster with libswan and vxlan mode #221

Closed weizhoublue closed 3 years ago

weizhoublue commented 3 years ago

I have two clusters cluster1: pod cidr 172.20.0.0/16 . serivce cidr 172.21.0.0/16 . node1 172.110.185.40 . node2 172.110.185.45 cluster2: pod cidr 172.50.0.0/16 . serivce cidr 172.51.0.0/16 , node3 172.111.185.50

all node is centos8 with kernel 5.9 I try to deploy the joined cluster with libswan mode , the gateway pod report error, and the clusters failed to connect each others

W0916 12:34:05.639026 1 libreswan.go:277] error exit status 20 whacking with args: [--psk --encrypt --name submariner-cable-cluster1-172-110-185-40-0-0 --id 172.111.185.50 --host 172.111.185.50 --client 192.168.1.0/24 --ikeport 4500 --to --id 172.110.185.40 --host 172.110.185.40 --client 192.168.0.0/24 --ikeport 4500] E0916 12:34:06.639547 1 cableengine.go:123] Error installing cable for &natdiscovery.NATEndpointInfo{Endpoint:v1.Endpoint{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"cluster1-submariner-cable-cluster1-172-110-185-40", GenerateName:"", Namespace:"submariner-operator", SelfLink:"", UID:"75023e5f-8892-4884-8de4-23a94788fabb", ResourceVersion:"411248", Generation:3, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:63767392201, loc:(time.Location)(0x21f0940)}}, DeletionTimestamp:(v1.Time)(nil), DeletionGracePeriodSeconds:(int64)(nil), Labels:map[string]string{"submariner-io/clusterID":"cluster1"}, Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry{v1.ManagedFieldsEntry{Manager:"submariner-gateway", Operation:"Update", APIVersion:"submariner.io/v1", Time:(v1.Time)(0xc000475140), FieldsType:"FieldsV1", FieldsV1:(*v1.FieldsV1)(0xc000475158)}}}, Spec:v1.EndpointSpec{ClusterID:"cluster1", CableName:"submariner-cable-cluster1-172-110-185-40", HealthCheckIP:"192.168.0.254", Hostname:"172-110-185-40", Subnets:[]string{"192.168.0.0/24"}, PrivateIP:"172.110.185.40", PublicIP:"140.207.201.152", NATEnabled:true, Backend:"libreswan", BackendConfig:map[string]string{"natt-discovery-port":"4490", "preferred-server":"false", "udp-port":"4500"}}}, UseNAT:false, UseIP:"172.110.185.40"}: error whacking with args [--psk --encrypt --name submariner-cable-cluster1-172-110-185-40-0-0 --id 172.111.185.50 --host 172.111.185.50 --client 192.168.1.0/24 --ikeport 4500 --to --id 172.110.185.40 --host 172.110.185.40 --client 192.168.0.0/24 --ikeport 4500]: exit status 20

when I deploy them with wireguard mode , it works well

Jaanki commented 3 years ago

@weizhouBlue FIling the bug at https://github.com/submariner-io/submariner seems more appropriate. This repo handles only the release related stuff.