[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ocp 4.3 nightly install on openstack queens





On Sat, 23 Nov 2019 at 13:21, Dale Bewley <dale bewley net> wrote:
Hello,
I'm testing OCP 4.3 2019-11-19 nightly on OSP 13.

I added my CA cert [1] to install-config.yaml [3]  and the installer now progresses. I can even `oc get nodes` and see the masters. [2].

I still have the following errors and no worker nodes though.

ERROR Cluster operator authentication Degraded is True with RouteStatusDegradedFailedHost: RouteStatusDegraded: route is not available at canonical host oauth-openshift.apps.osp-nightly.osp-nightly.domain.com: [] 

This sounds like ingress isn't deploying because the worker nodes are not deployed or your load balancer isn't making ingress available. Are your master nodes schedulable? Ie are your masters also workers? If not, then ingress won't deploy.

How is your load balancer configured for 80/443 traffic? If the masters aren't targets of that, then even if ingress deploys you still won't be able to use any routes
 


This is likely a symptom of not yet having associated a floating IP to the app neutron port, and not having created an /etc/hosts entry on the installer host. I assume that's a nonfatal error.

I assume this one is fatal, however:

INFO Cluster operator image-registry Progressing is True with Error: Unable to apply resources: unable to sync storage configuration: Post https://openstack.domain.com:13000/v3/auth/tokens: x509: certificate signed by unknown authority

Have you added the CA that covers openstack.domain.com to install-config.yaml at .additionalTrustBundle like you mentioned in your previous post?

Otherwise you might need to edit Proxy config and set spec.trustedCA.name to  user-ca-bundle  

apiVersion: config.openshift.io/v1
kind: Proxy
metadata:
  name: cluster
spec:
  trustedCA:
    name: user-ca-bundle  

I had to do this even though I don't have an explicit proxy. I do have a transparent proxy though, which was doing MITM, essentially breaking anything trying to talk to the internet.
 

Is it safe to assume this BZ comment is related to that error? https://bugzilla.redhat.com/show_bug.cgi?id=1735192#c17

Bootstrap host has already been removed by the installer, so `openshift-install gather` does not seem usable, but the installer debug output can be found at  https://paste.fedoraproject.org/paste/SzIqAMU4DWHN3Bw3WDKfTQ

Any advice?

Thanks!


[1] https://lists.openshift.redhat.com/openshift-archives/users/2019-November/msg00073.html

[2]  
export KUBECONFIG=osp-nightly/auth/kubeconfig
$ oc get nodes
NAME                         STATUS    ROLES     AGE       VERSION
osp-nightly-tfz6p-master-0   Ready     master    102m      v1.16.2
osp-nightly-tfz6p-master-1   Ready     master    103m      v1.16.2
osp-nightly-tfz6p-master-2   Ready     master    103m      v1.16.2


[3] install-config.yaml
apiVersion: v1
baseDomain: ocp.domain.com
additionalTrustBundle: |
  -----BEGIN CERTIFICATE-----
  MI...
compute:
- hyperthreading: Enabled
  name: worker
  platform:
    openstack:
      rootVolume:
        size: 10
  replicas: 3
controlPlane:
  hyperthreading: Enabled
  name: master
  platform: {}
  replicas: 3
metadata:
  creationTimestamp: null
  name: osp-nightly
networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  machineCIDR: 10.0.0.0/16
  networkType: OpenShiftSDN
  serviceNetwork:
  - 172.30.0.0/16
platform:
  openstack:
    cloud: shiftstack
    computeFlavor: ocp4.worker.4x16
    externalDNS: null
    externalNetwork: floating
    lbFloatingIP: 192.0.2.29
    octaviaSupport: "0"
    region: ""
    trunkSupport: "1"
publish: External
pullSecret: '{"...
sshKey: |
  ssh-rsa A...


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]