Magnum

magnum k8s master create failed

Bug #1765271 reported by Chiawei Xie
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Magnum
New
Undecided
Unassigned

Bug Description

My env is OpenStack Pike version and service include Barbican .
Barbican use simple crypto plugin.

First test, magnum.conf use cert_manager_type = barbican, when I created cluster, cluster created failed.
I got error message : CertificatesToClusterFailed: Failed to create certificates for Cluster.
The error looked like magnum can't connect barbican.

Second test, magnum.conf use cert_manager_type = local, creating cluster but stuck in create k8s master.
Login master instance , used command "tail -f /var/log/cloud-init.log", the error message "Failed running /var/lib/cloud/instance/scripts/part-009", this script was make-cert-client.sh.
So I execute this script , got error message "File "<string>", line 1, in <module> KeyError: 'pem' " .
(magnum github code: https://goo.gl/4QCgca).

Third test, magnum.conf use cert_manager_type = local, and cluster template use "--tls-disable", creating cluster but still stuck in create k8s master.
Login master instance , used command "journalctl -u kube-apiserver", got some error message:
"error creating self-signed certificates: open /var/run/kubernetes/apiserver.crt: read-only file system"

All error about certificates.

Revision history for this message
Chiawei Xie (dommgifer) wrote :
Revision history for this message
Chiawei Xie (dommgifer) wrote :
Revision history for this message
Chiawei Xie (dommgifer) wrote :
Revision history for this message
Viorel-Cosmin Miron (uhl-hosting) wrote :

You solved the issue? I just got into it myself.

Revision history for this message
hanxiao (xiao0) wrote (last edit ):

Try to use use `cert_manager_type = x509keypair`, then restart magnum-api.service and magnum-conductor.service, reference https://wiki.isu.kim/isus-wiki/openstack/magnum-troubleshooting#1.-failed-to-create-certificates-for-cluster.

or fix the bug of barbicanclient of magnum that update magnum/common/clients.py and magnum/tests/unit/common/test_clients.py, reference https://storyboard.openstack.org/#!/story/2010629 and https://review.opendev.org/c/openstack/magnum/+/880820.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.