Previously, these platform-agnostic docs left users guessing about which username to use when SSHing in.
And folks with AWS experience might be surprised that we don't use AWS key pairs, so add some wording to avoid them thinking the lack of an AWS key pair is the source of their SSH issues.
For both bootstrap and master VMs.
Should be slightly faster, I hope.
From https://wiki.openstack.org/wiki/LibvirtXMLCPUModel :
"host-passthrough" - this causes libvirt to tell KVM to passthrough the host CPU with no modifications.
The difference to host-model, instead of just matching feature flags, every last detail of the host CPU is matched.
This gives absolutely best performance, and can be important to some apps which check low level CPU details,
but it comes at a cost wrt migration.
The guest can only be migrated to an exactly matching host CPU.
Previously, destroy support was behind TAGS=libvirt_destroy and create
support was always built in. But since 3fb4400c (terraform/plugins:
add `libvirt`, `aws`, `ignition`, `openstack` to KnownPlugins,
2018-12-14, #919), the bundled libvirt Terraform provider has also
been behind libvirt_destroy. That leads to cluster creation failing
with:
$ openshift-install create cluster
...
ERROR Missing required providers.
ERROR
ERROR The following provider constraints are not met by the currently-installed
ERROR provider plugins:
ERROR
ERROR * libvirt (any version)
ERROR
ERROR Terraform can automatically download and install plugins to meet the given
ERROR constraints, but this step was skipped due to the use of -get-plugins=false
ERROR and/or -plugin-dir on the command line.
...
With this commit, folks trying to 'create cluster' without libvirt
compiled in will get:
FATAL failed to fetch Common Manifests: failed to load asset "Install Config": invalid "install-config.yaml" file: platform: Invalid value: types.Platform{AWS:(*aws.Platform)(nil), Libvirt:(*libvirt.Platform)(0xc4209511f0), OpenStack:(*openstack.Platform)(nil)}: platform must be one of: aws, openstack
before we get to Terraform.
Now that the build tag guards both creation and deletion, I've renamed
it from 'libvirt_destroy' to the unqualified 'libvirt'.
I've also adjusted the install-config validation testing to use
regular expressions so we can distinguish between failures because
libvirt was not compiled in as a valid platform and failures because
some portion of the libvirt configuration was broken. In order to get
stable error messages for comparison, I've added some strings.Sort
calls for various allowed-value string-slice computations.
The hack/gen-gomock.sh script uses a newer version of gomock than
what was used to create the mocks. These changes update the mocks
so that subsequent runs of hack/gen-gomock.sh will not produce
changes to the test mocks.
The file name for the Install Config asset was changed to install-config.yaml
in commit 869cbb67ba. This commit changes
the documentation and code comments to use the new name of the file.
OpenStack flavors (analogous to AWS instance types) are not
standardized, so we can't pick a default that works across all
environments. This patch adds this as one of the items that must be
specified.
The final pull request landing in the provider's v0.5.1 broke the
installer on my libvirt 3.9.0 [1]:
libvirt_ignition.master: Creating...
...
module.volume.libvirt_volume.coreos_base: Creating...
...
libvirt_network.net: Creating...
...
module.bootstrap.libvirt_ignition.bootstrap: Creating...
...
libvirt_ignition.master: Creation complete after 0s (ID: /home/trking/VirtualMachines/wking-mast...n;5c1b382d-27af-08b2-1fff-8dafabae17c3)
module.bootstrap.libvirt_ignition.bootstrap: Still creating... (10s elapsed)
module.bootstrap.libvirt_ignition.bootstrap: Still creating... (20s elapsed)
module.bootstrap.libvirt_ignition.bootstrap: Still creating... (30s elapsed)
...
module.bootstrap.libvirt_ignition.bootstrap: Still creating... (5m0s elapsed)
Error: Error applying plan:
3 error(s) occurred:
* libvirt_network.net: 1 error(s) occurred:
* libvirt_network.net: Error clearing libvirt network: virError(Code=38, Domain=7, Message='End of file while reading data: Input/output error')
* module.volume.libvirt_volume.coreos_base: 1 error(s) occurred:
* libvirt_volume.coreos_base: Error creating libvirt volume: virError(Code=38, Domain=7, Message='End of file while reading data: Input/output error')
* module.bootstrap.libvirt_ignition.bootstrap: 1 error(s) occurred:
* libvirt_ignition.bootstrap: Error creating libvirt volume for Ignition wking-bootstrap.ign: virError(Code=1, Domain=7, Message='internal error: client socket is closed')
Roll back to keep the lock that was dropped upstream until we
understand this better.
Generated with:
$ cd pkg/terraform/exec/plugins
$ emacs Gopkg.toml # adjust to pin to 2ad0228349
$ dep ensure
using:
$ dep version
dep:
version : v0.5.0
build date :
git hash : 22125cf
go version : go1.10.3
go compiler : gc
platform : linux/amd64
features : ImportDuringSolve=false
[1]: https://github.com/dmacvicar/terraform-provider-libvirt/pull/495#issuecomment-448891285
This used to be covered in the docs from fa7c9e3a (*: Copy route53
baseDomain advice to openshift-install locations, 2018-09-27, #353),
but in order to see those you'd need to have a moment of doubt and
think to hit '?'. Even if you read the docs, it's possible you'd typo
the base domain or add a trailing period (theoretically trailing
periods would be fine, but they may have some issues at the moment
[1]).
With this commit, we go ahead and fetch available public zones
ourselves, so AWS users don't have to. And it also reduces the help
noise on the base-domain input for users targeting non-AWS platforms.
The empty struct map is slightly more efficient than a boolean map,
because the empty struct takes up no space [2]. Although it's hard to
imagine an account with enough public zones for that space savings to
be significant.
The IsForbidden handling lets us fall back to the free-form input if
we aren't authorized to list zones for the select widget:
$ openshift-install --dir=wking create install-config
? SSH Public Key <none>
? Platform aws
? Region us-west-1
ERROR list hosted zones: AccessDenied: User: arn:aws:iam::...:user/trking is not authorized to perform: route53:ListHostedZones with an explicit deny
status code: 403, request id: 1d..29
? Base Domain [? for help]
[1]: https://github.com/openshift/installer/issues/831#issue-388771261
[2]: https://dave.cheney.net/2014/03/25/the-empty-struct
And rename to 'Regions', since the target package is already about
validation. ValidRegions was added to the aws package in b2d6fa40
(validate: simplify CIDR validation, 2018-11-27, #711), but it's just
used for validation and it isn't a type defintion.
Generated with:
$ dep ensure
using:
$ dep version
dep:
version : v0.5.0
build date :
git hash : 22125cf
go version : go1.10.3
go compiler : gc
platform : linux/amd64
features : ImportDuringSolve=false
I hadn't realized I'd need this after 6447e9c4 (pkg/destroy/aws: Don't
give up on Route 53 rate limits, 2018-12-18, #940) added a direct
consumer of this package.
We've been hitting Route 53 rate limits in the busy CI account:
level=debug msg="Deleting Route53 zones (map[openshiftClusterID:5b0921a0-5e21-4ebf-a5f9-396a92526ec1])"
level=debug msg="Deleting Route53 zones (map[kubernetes.io/cluster/ci-op-piz2m00h-1d3f3:owned])"
level=debug msg="error converting r53Zones to native AWS objects: Throttling: Rate exceeded\n\tstatus code: 400, request id: 80e10c03-0306-11e9-b9b6-abeb053f0218"
level=debug msg="Exiting deleting Route53 zones (map[kubernetes.io/cluster/ci-op-piz2m00h-1d3f3:owned])"
level=debug msg="error converting r53Zones to native AWS objects: Throttling: Rate exceeded\n\tstatus code: 400, request id: 81cd4026-0306-11e9-9710-21e3250d9953"
level=debug msg="Exiting deleting Route53 zones (map[openshiftClusterID:5b0921a0-5e21-4ebf-a5f9-396a92526ec1])"
We've had trouble with Route 53 rate limits before; see discussion in
openshift/hive@f945dbb3 (awstagdeprovision: Ignore more errors,
2018-11-27, openshift/hive#113). With this commit, instead of bailing
part way through listing tags for all the hosted zones, we just retry
that particular zone until it goes through and keep going on tags for
the whole list. This should reduce our overall load on the Route 53
APIs.
Generated with:
$ emacs Gopkg.toml # drop the hive constraint
$ dep ensure
using:
$ dep version
dep:
version : v0.5.0
build date :
git hash : 22125cf
go version : go1.10.3
go compiler : gc
platform : linux/amd64
features : ImportDuringSolve=false
The fact that it's a subpackage of pkg/destroy is sufficient context
without repeating "deprovision" in the package name. And the fact
that the deprovision is tag based is an implementation detail that
doesn't need to be surfaced in the package name.
Also drop the copyright header. We're also an Apache-2.0 project, so
this just removes the copyright holder information from the header.
And "the Kubernetes Authors" wasn't all that helpful anyway. If folks
want to see who authored the contents, they should check the Git
history. I'm breaking that history here, so here's a list of authors
in case the hive repository goes away or something: Abhinav Dahiya,
Dan Mace, Devan Goodwin, Joel Diaz, Miciah Masters, Thomas Wiest,
and me.
We've been meaning to take this off the hands of the Hive folks for a
while. Finally copy it over (I'll drop the vendored copy soon). This
is a verbatim copy of the file as it stands with
openshift/hive@ad6f8d5b (Merge pull request openshift/hive#143 from
abutcher/capischeme, 2018-12-18).
setting the `-get-plugins=false` instructs terraform to not fetch any plugins from the ineternet.
All the plugins required by installer have to be embedded. This allows us to ensure that all the plugins required are
never downloaded from the internet.
The last consumers of the api was removed in 41dd7281a6
The version of the terraform is now tied to the version of the installer, so this is no longer required.
Terraform loads the on disk plugins to `0.0.0` version. unsettting allows us to use the local plugins
and prevents terraform from trying to fetch the provider from internet.
