Multicloud :: Azure OnPrem :: Adding Vnet to existing cloud cluster fails.
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| Juniper Openstack | Status tracked in Trunk | |||||
| R5.0 |
New
|
Low
|
Paweł Kopka | |||
| Trunk |
New
|
Medium
|
Paweł Kopka | |||
Bug Description
Adding new vnet to existing cloud on vnet under the same region is failing. The failure is that the gateways in the original vnet become unreachable. The public IPs of the original vnets are non-pingable and gateway ansible play fails with the unreachability error in the task below.
2018-10-23 08:26:11,323 p=3017 u=root | PLAY [Wait for connection] *******
2018-10-23 08:26:11,336 p=3017 u=root | TASK [Wait up to 600 seconds for the gateways to be reachable via SSH] *******
2018-10-23 08:26:11,750 p=3017 u=root | ok: [192.168.2.1 -> localhost]
2018-10-23 08:26:11,775 p=3017 u=root | ok: [172.16.2.7 -> localhost]
2018-10-23 08:26:11,777 p=3017 u=root | ok: [172.16.2.5 -> localhost]
2018-10-23 08:36:12,340 p=3017 u=root | fatal: [172.16.1.5 -> localhost]: FAILED! => {"changed": false, "elapsed": 600, "failed": true, "msg": "Timeout when waiting for 52.247.199.188:22"}
2018-10-23 08:36:12,377 p=3017 u=root | fatal: [172.16.1.4 -> localhost]: FAILED! => {"changed": false, "elapsed": 600, "failed": true, "msg": "Timeout when waiting for 52.247.192.95:22"}
2018-10-23 08:36:12,394 p=3017 u=root | PLAY [gateways] *******
Topology file with added vnet *******
*******
*******
*******
- provider: OnPrem
organization: Juniper
project: multicloud
instances:
- name: 5c3s1-node4
roles:
- gateway
provision: true
username: root
password: c0ntrail123
public_ip: 10.87.74.132
private_ip: 192.168.2.1
private_
- 192.168.2.0/24
- 192.168.1.0/24
protocols
- ssl_client
interface: bond0
gateway: 192.168.2.254
- name: 5c3s1-node1
roles:
- controller: false
- k8s_master
provision: true
username: root
password: c0ntrail123
public_ip: 10.87.74.129
private_ip: 192.168.1.1
private_
interface: bond0
- name: 5c3s1-node2
roles:
- compute_node: false
- k8s_node
provision: true
username: root
password: c0ntrail123
public_ip: 10.87.74.130
private_ip: 192.168.1.2
private_
interface: bond0
gateway: 192.168.1.254
- provider: azure
organization: Juniper
project: multicloud
regions:
- name: WestUS2
resource_
vnet:
- name: rg-vpc-1
subnets:
- name: rg-subnet-1
- name: rg-sg-1
- name: rg-all_in
- name: rg-all_out
- name: rg-gw-1
os: ubuntu16
- gateway
- ssl_server
- ipsec_server
- ipsec_client
- name: rg-gw-2
os: ubuntu16
- gateway
- ssl_server
- ipsec_server
- ipsec_client
- name: rg-compute-1
os: ubuntu16
- compute_node
- name: rg-compute-2
os: ubuntu16
- compute_node
- name: rg-vpc-2
subnets:
- name: rg-subnet-2
- name: rg-sg-2
- name: rg-all_in
- name: rg-all_out
- name: rg-gw-21
os: ubuntu16
- gateway
- ssl_server
- ipsec_server
- ipsec_client
- name: rg-gw-22
os: ubuntu16
- gateway
- ssl_server
- ipsec_server
- ipsec_client
- name: rg-compute-21
os: ubuntu16
- compute_node
- name: rg-compute-22
os: ubuntu16
- compute_node
| Paweł Kopka (pkopka) wrote | #1 |
| Ritam Gangopadhyay (ritam) wrote | #2 |
| tags: | added: releasenote |
| Jeba Paulaiyan (jebap) wrote | #3 |
The problem was in naming, we have the same names rule in security groups in both vnet. So this is not a bug, but we will provide validation for unique names in 5.1.