modules/aws/bootstrap: Pull AWS bootstrap setup into a module

[wking]

Builds on #213; review that first.

This will make it easier to move into the existing infra step.

[crawford]

Can this be removed?

[wking]

ah, no, I need to get that working again... Will hopefully have a fix up shortly ;)

[wking]

Can this be removed?

Fixed with 1efb239 -> f29ab92.

[crawford]

ok to test

[abhinavdahiya]

https://github.com/openshift/installer/blob/master/modules/aws/master/main.tf#L128-L144

When we move this module to be part of the infra step; we will end up with the same problem as var.elbs will not be countable at plan stage.
cc: @crawford

[wking]

we will end up with the same problem as var.elbs will not be countable at plan stage.

This is a reference to hashicorp/terraform#12570, right? I expect we can work around that when we consolidate the stages, but am happy to adjust things here if there's something I can do now.

[wking]

we will end up with the same problem as var.elbs will not be countable at plan stage.

This is a reference to hashicorp/terraform#12570, right?

I did indeed hit this, and pushed b8eec241 to #268, which seems like an only-moderately-hideous workaround ;).

[abhinavdahiya]

why drop this tag?

[wking]

why drop this tag?

Because we're eventually going to tear down the bootstrap stuff as part of installation, so we aren't leaving it around for Kubernetes to own.

[wking]

#213 just landed, so I've rebased this and think it's good to go (unless more review suggestions come in ;).

[wking]

The e2e-aws error was:

1 error(s) occurred:

* module.vpc.data.aws_route_table.worker[4]: data.aws_route_table.worker.4: Your query returned no results. Please change your search criteria and try again.

Probably a flake.

/retest

Also run the smoke tests:

retest this please

[crawford]

/approve

blah blah blah blah blah blah

[wking]

Both e2e-aws and the smoke tests died with:

Error: module.bootstrap.aws_instance.bootstrap: vpc_security_group_ids: should be a list

I've pushed f29ab92 -> 10f717b adding explicit brackets to hopefully fix that. The underlying issue may be Terraform occasionally forgetting type information.

[crawford]

/retest

[crawford]

retest this please

[wking]

An earlier e2e-aws run failed with:

Waiting for API at https://ci-op-b4gygz8p-5849d-api.origin-ci-int-aws.dev.rhcloud.com:6443 to respond ...
Waiting for API at https://ci-op-b4gygz8p-5849d-api.origin-ci-int-aws.dev.rhcloud.com:6443 to respond ...
Interrupted
2018/09/06 23:45:52 Container setup in pod e2e-aws failed, exit code 1, reason Error

Trying to reproduce locally, I spun up a cluster on Friday.

On the bootstrap node:

$ systemctl --failed | head -n2
  UNIT             LOAD   ACTIVE SUB    DESCRIPTION                   
● bootkube.service loaded failed failed Bootstrap a Kubernetes cluster
$ journalctl -u bootkube.service -n6
-- Logs begin at Fri 2018-09-07 20:26:48 UTC, end at Sat 2018-09-08 04:28:19 UTC. --
Sep 07 22:08:37 ip-10-0-10-162 bash[3486]: https://trking-87205-etcd-0.coreservices.team.coreos.systems:2379 is unhealthy: failed to connect: dial tcp 10.0.5.134:2379: getsockopt: connection refused
Sep 07 22:08:37 ip-10-0-10-162 bash[3486]: Error:  unhealthy cluster
Sep 07 22:08:38 ip-10-0-10-162 bash[3486]: etcdctl failed too many times.
Sep 07 22:08:38 ip-10-0-10-162 systemd[1]: bootkube.service: Main process exited, code=exited, status=1/FAILURE
Sep 07 22:08:38 ip-10-0-10-162 systemd[1]: bootkube.service: Failed with result 'exit-code'.
Sep 07 22:08:38 ip-10-0-10-162 systemd[1]: Failed to start Bootstrap a Kubernetes cluster.
$ docker run --rm --env ETCDCTL_API=3 --volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z quay.io/coreos/etcd:v3.2.14 etcdctl --cacert=/opt/tectonic/tls/etcd-client-ca.crt --cert=/opt/tectonic/tls/etcd-client.crt --key=/opt/tectonic/tls/etcd-client.key --endpoints=https://trking-87205-etcd-0.coreservices.team.coreos.systems:2379 endpoint health
https://trking-87205-etcd-0.coreservices.team.coreos.systems:2379 is unhealthy: failed to connect: dial tcp 10.0.5.134:2379: getsockopt: connection refused
Error:  unhealthy cluster
$ dig trking-87205-etcd-0.coreservices.team.coreos.systems +short
10.0.5.134
$ dig trking-87205-master-0.coreservices.team.coreos.systems +short

Uh. Checking from my dev box:

$ aws ec2 describe-instances --query "Reservations[].Instances[] | [?Tags[? Key == 'Name' && Value == 'trking-87205-master-0']].PublicIpAddress" --output text
18.215.14.161
$ aws ec2 describe-instances --query "Reservations[].Instances[] | [?Tags[? Key == 'Name']]" --output text | grep '^0\|Name\|IPADDRESS\|ASSOCIATION' | cut -b -80
0	x86_64		False	True	xen	ami-00cc4337762ba4a52	i-00c28bd06d8eb77a1	t2.medium	201
PRIVATEIPADDRESSES	True	ip-10-0-133-231.ec2.internal	10.0.133.231
TAGS	Name	trking-87205-worker-0
0	x86_64		False	True	xen	ami-00cc4337762ba4a52	i-072fdf9d1e0beaf3a	t2.medium	201
PRIVATEIPADDRESSES	True	ip-10-0-158-83.ec2.internal	10.0.158.83
TAGS	Name	trking-87205-worker-1
0	x86_64		False	True	xen	ami-00cc4337762ba4a52	i-01cd2e4e6ecaea69e	t2.medium	201
ASSOCIATION	amazon	ec2-18-215-14-161.compute-1.amazonaws.com	18.215.14.161
PRIVATEIPADDRESSES	True	ip-10-0-5-134.ec2.internal	10.0.5.134
ASSOCIATION	amazon	ec2-18-215-14-161.compute-1.amazonaws.com	18.215.14.161
TAGS	Name	trking-87205-master-0
0	x86_64		False	True	xen	ami-00cc4337762ba4a52	i-0011bb9aa98d56684	t2.medium	201
ASSOCIATION	amazon	ec2-34-205-252-140.compute-1.amazonaws.com	34.205.252.140
PRIVATEIPADDRESSES	True	ip-10-0-10-162.ec2.internal	10.0.10.162
ASSOCIATION	amazon	ec2-34-205-252-140.compute-1.amazonaws.com	34.205.252.140
TAGS	Name	trking-87205-bootstrap
0	x86_64		False	True	xen	ami-00cc4337762ba4a52	i-01d196ea977f59b3b	t2.medium	201
PRIVATEIPADDRESSES	True	ip-10-0-165-55.ec2.internal	10.0.165.55
TAGS	Name	trking-87205-worker-2

So indeed master-0's internal IP is 10.0.5.134, and its public IP is 18.215.14.161. I'm not sure why I can't resolve it via DNS from the bootstrap node. Anyhow, back to the bootstrap node:

$ ssh -v [email protected]
OpenSSH_7.6p1, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 18.215.14.161 [18.215.14.161] port 22.
debug1: connect to address 18.215.14.161 port 22: Connection refused
ssh: connect to host 18.215.14.161 port 22: Connection refused
$ ssh -v [email protected] 
OpenSSH_7.6p1, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 10.0.5.134 [10.0.5.134] port 22.
debug1: connect to address 10.0.5.134 port 22: Connection refused
ssh: connect to host 10.0.5.134 port 22: Connection refused

And from my dev box:

$ ssh -v [email protected]
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /home/trking/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 18.215.14.161 [18.215.14.161] port 22.
debug1: connect to address 18.215.14.161 port 22: Connection refused
ssh: connect to host 18.215.14.161 port 22: Connection refused

What's up with this node?

$ aws ec2 describe-instances --instance-id i-01cd2e4e6ecaea69e --query 'Reservations[].Instances[].State.Name' --output text
running
$ aws ec2 describe-instances --instance-id i-01cd2e4e6ecaea69e --query 'Reservations[].Instances[].SecurityGroups' --output text
sg-0061338459d264b41				 terraform-20180907202140389700000002

Compare that with the bootstrap node:

$ aws ec2 describe-instances --instance-id i-0011bb9aa98d56684 --query 'Reservations[].Instances[].SecurityGroups' --output text
sg-0061338459d264b41				 terraform-20180907202140389700000002

Same values. Actually, let's just diff the states:

$ BOOTSTRAP="$(aws ec2 describe-instances --instance-id i-0011bb9aa98d56684 --query 'Reservations[].Instances[]' --output json)"
$ MASTER="$(aws ec2 describe-instances --instance-id i-01cd2e4e6ecaea69e --query 'Reservations[].Instances[]' --output json)"
$ diff -u <(echo "${BOOTSTRAP}") <(echo "${MASTER}")
--- /dev/fd/63	2018-09-07 21:59:42.091362945 -0700
+++ /dev/fd/62	2018-09-07 21:59:42.091362945 -0700
@@ -3,22 +3,22 @@
         "Monitoring": {
             "State": "disabled"
         }, 
-        "PublicDnsName": "ec2-34-205-252-140.compute-1.amazonaws.com", 
+        "PublicDnsName": "ec2-18-215-14-161.compute-1.amazonaws.com", 
         "State": {
             "Code": 16, 
             "Name": "running"
         }, 
         "EbsOptimized": false, 
-        "LaunchTime": "2018-09-07T20:25:50.000Z", 
-        "PublicIpAddress": "34.205.252.140", 
-        "PrivateIpAddress": "10.0.10.162", 
+        "LaunchTime": "2018-09-07T20:22:56.000Z", 
+        "PublicIpAddress": "18.215.14.161", 
+        "PrivateIpAddress": "10.0.5.134", 
         "ProductCodes": [], 
         "VpcId": "vpc-0b6626eba63c20d20", 
         "StateTransitionReason": "", 
-        "InstanceId": "i-0011bb9aa98d56684", 
+        "InstanceId": "i-01cd2e4e6ecaea69e", 
         "EnaSupport": true, 
         "ImageId": "ami-00cc4337762ba4a52", 
-        "PrivateDnsName": "ip-10-0-10-162.ec2.internal", 
+        "PrivateDnsName": "ip-10-0-5-134.ec2.internal", 
         "SecurityGroups": [
             {
                 "GroupName": "terraform-20180907202140389700000002", 
@@ -31,30 +31,30 @@
         "NetworkInterfaces": [
             {
                 "Status": "in-use", 
-                "MacAddress": "02:f8:bf:18:7c:0a", 
+                "MacAddress": "02:52:a7:4b:43:10", 
                 "SourceDestCheck": true, 
                 "VpcId": "vpc-0b6626eba63c20d20", 
                 "Description": "", 
-                "NetworkInterfaceId": "eni-09d792347f4e050db", 
+                "NetworkInterfaceId": "eni-0f5378c203dea3028", 
                 "PrivateIpAddresses": [
                     {
-                        "PrivateDnsName": "ip-10-0-10-162.ec2.internal", 
-                        "PrivateIpAddress": "10.0.10.162", 
+                        "PrivateDnsName": "ip-10-0-5-134.ec2.internal", 
+                        "PrivateIpAddress": "10.0.5.134", 
                         "Primary": true, 
                         "Association": {
-                            "PublicIp": "34.205.252.140", 
-                            "PublicDnsName": "ec2-34-205-252-140.compute-1.amazonaws.com", 
+                            "PublicIp": "18.215.14.161", 
+                            "PublicDnsName": "ec2-18-215-14-161.compute-1.amazonaws.com", 
                             "IpOwnerId": "amazon"
                         }
                     }
                 ], 
-                "PrivateDnsName": "ip-10-0-10-162.ec2.internal", 
+                "PrivateDnsName": "ip-10-0-5-134.ec2.internal", 
                 "Attachment": {
                     "Status": "attached", 
                     "DeviceIndex": 0, 
                     "DeleteOnTermination": true, 
-                    "AttachmentId": "eni-attach-09624bb294e015616", 
-                    "AttachTime": "2018-09-07T20:25:50.000Z"
+                    "AttachmentId": "eni-attach-00536c4cc9813fb1b", 
+                    "AttachTime": "2018-09-07T20:22:56.000Z"
                 }, 
                 "Groups": [
                     {
@@ -64,11 +64,11 @@
                 ], 
                 "Ipv6Addresses": [], 
                 "OwnerId": "816138690521", 
-                "PrivateIpAddress": "10.0.10.162", 
+                "PrivateIpAddress": "10.0.5.134", 
                 "SubnetId": "subnet-018374f09ef32961c", 
                 "Association": {
-                    "PublicIp": "34.205.252.140", 
-                    "PublicDnsName": "ec2-34-205-252-140.compute-1.amazonaws.com", 
+                    "PublicIp": "18.215.14.161", 
+                    "PublicDnsName": "ec2-18-215-14-161.compute-1.amazonaws.com", 
                     "IpOwnerId": "amazon"
                 }
             }
@@ -86,22 +86,30 @@
                 "Ebs": {
                     "Status": "attached", 
                     "DeleteOnTermination": true, 
-                    "VolumeId": "vol-0514fba36b29b890c", 
-                    "AttachTime": "2018-09-07T20:25:51.000Z"
+                    "VolumeId": "vol-02edf331c988bde6f", 
+                    "AttachTime": "2018-09-07T20:22:57.000Z"
                 }
             }
         ], 
         "Architecture": "x86_64", 
         "RootDeviceType": "ebs", 
         "IamInstanceProfile": {
-            "Id": "AIPAJUQY64SRYUWKBSLAK", 
-            "Arn": "arn:aws:iam::816138690521:instance-profile/trking-87205-bootstrap-profile"
+            "Id": "AIPAIXRRU3YPPZDQJLI3A", 
+            "Arn": "arn:aws:iam::816138690521:instance-profile/trking-87205-master-profile"
         }, 
         "RootDeviceName": "/dev/xvda", 
         "VirtualizationType": "hvm", 
         "Tags": [
             {
-                "Value": "trking-87205-bootstrap", 
+                "Value": "owned", 
+                "Key": "kubernetes.io/cluster/trking-87205"
+            }, 
+            {
+                "Value": "2018-09-08T00:21+0000", 
+                "Key": "expirationDate"
+            }, 
+            {
+                "Value": "trking-87205-master-0", 
                 "Key": "Name"
             }, 
             {
@@ -109,10 +117,6 @@
                 "Key": "tectonicClusterID"
             }, 
             {
-                "Value": "2018-09-08T00:21+0000", 
-                "Key": "expirationDate"
-            }, 
-            {
                 "Value": "Resource does not meet policy: stop@2018/09/10", 
                 "Key": "maid_status"
             }

I don't see any surprising differences, and I have no idea why I can't SSH into the master node. But not being able to SSH into the master makes it hard to figure out why its etcd is broken. Or maybe there's just a networking issue that's behind my inability to connect for both SSH and etcd?

[wking]

/retest

[wking]

/test unit

[wking]

/retest

[wking]

I've spun up a cluster to debug this, and the master is dying in Ignition:

$ aws ec2 describe-instances --query "Reservations[].Instances[] | [?Tags[? Key == 'Name' && Value == 'trking-18d26-master-0']].InstanceId" --output text
i-098c83ac601024a12
$ aws ec2 get-console-output --instance-id i-098c83ac601024a12 --output text | tail -n5
[  170.062650] ignition[738]: INFO     : GET https://trking-18d26-tnc.coreservices.team.coreos.systems:80/config/master?etcd_index=0: attempt #37
[  170.073885] ignition[738]: INFO     : GET https://trking-18d26-tnc.coreserv[  170.076770] ignition[738]: INFO     : GET error: Get https://trking-18d26-tnc.coreservices.team.coreos.systems:80/config/master?etcd_index=0: EOF
ices.team.coreos.systems:80/config/master?etcd_index=0: attempt #37
[  170.087578] ignition[738]: INFO     : GET error: Get https://trking-18d26-tnc.coreservices.team.coreos.systems:80/config/master?etcd_index=0: EOF
	2018-09-12T04:49:15.000Z

Check from the bootstrap node:

$ aws ec2 describe-instances --query "Reservations[].Instances[] | [?Tags[? Key == 'Name' && Value == 'trking-18d26-bootstrap']].PublicIpAddress" --output text
34.205.135.98
$ ssh [email protected]
$ curl -v 'https://trking-18d26-tnc.coreservices.team.coreos.systems:80/config/master?etcd_index=0'
* About to connect() to trking-18d26-tnc.coreservices.team.coreos.systems port 80 (#0)
*   Trying 10.0.1.14...
* Connected to trking-18d26-tnc.coreservices.team.coreos.systems (10.0.1.14) port 80 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5938 (PR_END_OF_FILE_ERROR)
* Encountered end of file
* Closing connection 0
curl: (35) Encountered end of file
$ systemctl status | head -n2
● ip-10-0-6-58
    State: starting
$ systemctl | grep activating
bootkube.service                                                                                                                     loaded activating start        start Bootstrap a Kubernetes cluster
kubelet.service                                                                                                                      loaded activating auto-restart       Kubernetes Kubelet
$ systemctl status kubelet.service
● kubelet.service - Kubernetes Kubelet
   Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Wed 2018-09-12 05:05:40 UTC; 2s ago
  Process: 3765 ExecStart=/usr/bin/hyperkube kubelet --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig --kubeconfig=/var/lib/kubelet/kubeconfig --rotate-certificates --cni-conf-dir=/etc/kubernetes/cni/net.d --cni-bin-dir=/var/lib/cni/bin --network-plugin=cni --lock-file=/var/run/lock/kubelet.lock --exit-on-lock-contention --pod-manifest-path=/etc/kubernetes/manifests --allow-privileged --node-labels=node-role.kubernetes.io/bootstrap --minimum-container-ttl-duration=6m0s --cluster-dns=10.3.0.10 --cluster-domain=cluster.local --client-ca-file=/etc/kubernetes/ca.crt --cloud-provider=aws --anonymous-auth=false --cgroup-driver=systemd --register-with-taints=node-role.kubernetes.io/bootstrap=:NoSchedule (code=exited, status=255)
  Process: 3760 ExecStartPre=/usr/bin/bash -c gawk '/certificate-authority-data/ {print $2}' /etc/kubernetes/kubeconfig | base64 --decode > /etc/kubernetes/ca.crt (code=exited, status=0/SUCCESS)
  Process: 3758 ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests (code=exited, status=0/SUCCESS)
 Main PID: 3765 (code=exited, status=255)

Sep 12 05:05:40 ip-10-0-6-58 systemd[1]: Unit kubelet.service entered failed state.
Sep 12 05:05:40 ip-10-0-6-58 systemd[1]: kubelet.service failed.
$ systemctl status bootkube.service
● bootkube.service - Bootstrap a Kubernetes cluster
   Loaded: loaded (/etc/systemd/system/bootkube.service; static; vendor preset: disabled)
   Active: activating (start) since Wed 2018-09-12 04:50:50 UTC; 15min ago
 Main PID: 962 (bash)
   Memory: 166.8M
   CGroup: /system.slice/bootkube.service
           ├─ 962 /usr/bin/bash /opt/tectonic/bootkube.sh
           └─3066 /usr/bin/podman run --rm --network host --name etcdctl --env ETCDCTL_API=3 --volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z quay.io/coreos/etcd:v3.2.14 /usr/local/bin/etcdctl --dial-timeout...

Sep 12 04:51:02 ip-10-0-6-58 bash[962]: [31B blob data]
Sep 12 04:51:02 ip-10-0-6-58 bash[962]: Copying blob sha256:c15c14574a0bc94fb65cb906baae5debd103dd02991f3449adaa639441b7dde4
Sep 12 04:51:03 ip-10-0-6-58 bash[962]: [31B blob data]
Sep 12 04:51:03 ip-10-0-6-58 bash[962]: Skipping fetch of repeat blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Sep 12 04:51:03 ip-10-0-6-58 bash[962]: Skipping fetch of repeat blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Sep 12 04:51:03 ip-10-0-6-58 bash[962]: Writing manifest to image destination
Sep 12 04:51:03 ip-10-0-6-58 bash[962]: Storing signatures
Sep 12 05:01:04 ip-10-0-6-58 bash[962]: https://trking-18d26-etcd-0.coreservices.team.coreos.systems:2379 is unhealthy: failed to connect: dial tcp 10.0.9.212:2379: getsockopt: connection refused
Sep 12 05:01:04 ip-10-0-6-58 bash[962]: Error:  unhealthy cluster
Sep 12 05:01:04 ip-10-0-6-58 bash[962]: etcdctl failed. Retrying in 5 seconds...
$ sudo podman ps -a
CONTAINER ID   IMAGE                                                                                           COMMAND                  CREATED          STATUS                              PORTS   NAMES
ab5fe498da75   quay.io/coreos/etcd:v3.2.14                                                                     /usr/local/bin/etcd...   4 minutes ago    Up 4 minutes ago                            etcdctl
83d7fba588d5   quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6                 kube-etcd-signer-se...   15 minutes ago   Up 15 minutes ago                           lucid_tesla
cdbffdb210ea   quay.io/coreos/tectonic-node-controller-operator-dev:0a24db2288f00b10ced358d9643debd601ffd0f1   /app/operator/node-...   15 minutes ago   Exited (0) Less than a second ago           trusting_morse
36af8121636c   quay.io/coreos/kube-core-renderer-dev:0a24db2288f00b10ced358d9643debd601ffd0f1                  /app/operator/kube-...   15 minutes ago   Exited (0) Less than a second ago           friendly_swanson
$ journalctl -n25
-- Logs begin at Wed 2018-09-12 04:49:14 UTC, end at Wed 2018-09-12 05:08:08 UTC. --
Sep 12 05:07:57 ip-10-0-6-58 systemd[1]: kubelet.service failed.
Sep 12 05:08:07 ip-10-0-6-58 systemd[1]: kubelet.service holdoff time over, scheduling restart.
Sep 12 05:08:07 ip-10-0-6-58 systemd[1]: Starting Kubernetes Kubelet...
Sep 12 05:08:07 ip-10-0-6-58 systemd[1]: Started Kubernetes Kubelet.
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: Flag --rotate-certificates has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: Flag --pod-manifest-path has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/do
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: Flag --allow-privileged has been deprecated, will be removed in a future version
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: Flag --minimum-container-ttl-duration has been deprecated, Use --eviction-hard or --eviction-soft instead. Will be removed in a future version.
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: Flag --cluster-dns has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tas
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: Flag --cluster-domain has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: Flag --client-ca-file has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: Flag --anonymous-auth has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: Flag --cgroup-driver has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/t
Sep 12 05:08:07 ip-10-0-6-58 systemd[1]: Started Kubernetes systemd probe.
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: I0912 05:08:07.892870    4122 server.go:418] Version: v1.11.0+d4cacc0
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: I0912 05:08:07.892979    4122 server.go:496] acquiring file lock on "/var/run/lock/kubelet.lock"
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: I0912 05:08:07.893006    4122 server.go:501] watching for inotify events for: /var/run/lock/kubelet.lock
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: I0912 05:08:07.893193    4122 aws.go:1032] Building AWS cloudprovider
Sep 12 05:08:07 ip-10-0-6-58 hyperkube[4122]: I0912 05:08:07.893219    4122 aws.go:994] Zone not specified in configuration file; querying AWS metadata service
Sep 12 05:08:07 ip-10-0-6-58 systemd[1]: Starting Kubernetes systemd probe.
Sep 12 05:08:08 ip-10-0-6-58 hyperkube[4122]: E0912 05:08:08.075211    4122 tags.go:94] Tag "KubernetesCluster" nor "kubernetes.io/cluster/..." not found; Kubernetes may behave unexpectedly.
Sep 12 05:08:08 ip-10-0-6-58 hyperkube[4122]: F0912 05:08:08.075258    4122 server.go:262] failed to run Kubelet: could not init cloud provider "aws": AWS cloud failed to find ClusterID
Sep 12 05:08:08 ip-10-0-6-58 systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
Sep 12 05:08:08 ip-10-0-6-58 systemd[1]: Unit kubelet.service entered failed state.
Sep 12 05:08:08 ip-10-0-6-58 systemd[1]: kubelet.service failed.

So I'm still not clear on what's going on, but etcd is broken, our ignition-file server seems non-responsive and is keeping master-0 from booting, and the kubelet is thrashing around without an aws cloud provider and with a bunch of deprecated options. I still don't see how any of that is related to the changes in my PR :p.

[abhinavdahiya]

Tag "KubernetesCluster" nor "kubernetes.io/cluster/..." not found; Kubernetes may behave unexpectedly.

This might be because we dropped a tag, #217 (comment)

[wking]

Tag "KubernetesCluster" nor "kubernetes.io/cluster/..." not found; Kubernetes may behave unexpectedly.

This might be because we dropped a tag, #217 (comment)

Ah, thanks :). I've pushed 6d3370d -> ef35007, rebasing onto master and restoring that tag to the instance (but, as I explain in the commit message, I'm still removing it from the volumes).

[wking]

The smoke error was:

Waiting for API at https://ci-op-hlzw4yd1-3e1a1-api.origin-ci-int-aws.dev.rhcloud.com:6443 to respond ...
Waiting for API at https://ci-op-hlzw4yd1-3e1a1-api.origin-ci-int-aws.dev.rhcloud.com:6443 to respond ...
Interrupted
2018/09/12 18:44:23 Container setup in pod e2e-aws-smoke failed, exit code 1, reason Error

But I can't reproduce when I launch a cluster locally, so maybe it's just a flake.

/retest

[crawford]

Try rebasing on master again. #244 should help with the flakes.

[crawford]

Actually, I guess tide is smart enough to merge this onto master before testing.

/retest

[wking]

/retest

[crawford]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: crawford, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [crawford,wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment