Merge branch 'master' into azure-disktype-change

.yamllint

@@ -14,3 +14,4 @@ rules:
 
 ignore: |
   vendor/
+  data/data/install.openshift.io_installconfigs.yaml

cmd/openshift-install/create.go

@@ -268,13 +268,15 @@ func waitForBootstrapComplete(ctx context.Context, config *rest.Config, director
 	silenceRemaining := logDownsample
 	previousErrorSuffix := ""
 	timer.StartTimer("API")
+	var lastErr error
 	wait.Until(func() {
 		version, err := discovery.ServerVersion()
 		if err == nil {
 			logrus.Infof("API %s up", version)
 			timer.StopTimer("API")
 			cancel()
 		} else {
+			lastErr = err
 			silenceRemaining--
 			chunks := strings.Split(err.Error(), ":")
 			errorSuffix := chunks[len(chunks)-1]
@@ -290,6 +292,9 @@ func waitForBootstrapComplete(ctx context.Context, config *rest.Config, director
 	}, 2*time.Second, apiContext.Done())
 	err = apiContext.Err()
 	if err != nil && err != context.Canceled {
+		if lastErr != nil {
+			return errors.Wrap(lastErr, "failed waiting for Kubernetes API")
+		}
 		return errors.Wrap(err, "waiting for Kubernetes API")
 	}
 

cmd/openshift-install/explain.go

@@ -0,0 +1,11 @@
+package main
+
+import (
+	"github.com/spf13/cobra"
+
+	"github.com/openshift/installer/pkg/explain"
+)
+
+func newExplainCmd() *cobra.Command {
+	return explain.NewCmd()
+}

cmd/openshift-install/gather.go

@@ -155,7 +155,11 @@ func logGatherBootstrap(bootstrap string, port int, masters []string, directory
 	if err := ssh.PullFileTo(client, fmt.Sprintf("/home/core/log-bundle-%s.tar.gz", gatherID), file); err != nil {
 		return errors.Wrap(err, "failed to pull log file from remote")
 	}
-	logrus.Infof("Bootstrap gather logs captured here %q", file)
+	path, err := filepath.Abs(file)
+	if err != nil {
+		return errors.Wrap(err, "failed to stat log file")
+	}
+	logrus.Infof("Bootstrap gather logs captured here %q", path)
 	return nil
 }
 

cmd/openshift-install/main.go

@@ -55,6 +55,7 @@ func installerMain() {
 		newGraphCmd(),
 		newCompletionCmd(),
 		newMigrateCmd(),
+		newExplainCmd(),
 	} {
 		rootCmd.AddCommand(subCmd)
 	}

data/data/aws/master/main.tf

@@ -59,53 +59,42 @@ resource "aws_iam_role_policy" "master_policy" {
   "Statement": [
     {
       "Action": [
-        "ec2:DescribeInstances",
-        "ec2:DescribeRegions",
-        "ec2:DescribeRouteTables",
-        "ec2:DescribeSecurityGroups",
-        "ec2:DescribeSubnets",
-        "ec2:DescribeVolumes",
+        "ec2:AttachVolume",
+        "ec2:AuthorizeSecurityGroupIngress",
         "ec2:CreateSecurityGroup",
         "ec2:CreateTags",
         "ec2:CreateVolume",
-        "ec2:ModifyInstanceAttribute",
-        "ec2:ModifyVolume",
-        "ec2:AttachVolume",
-        "ec2:AuthorizeSecurityGroupIngress",
         "ec2:DeleteSecurityGroup",
         "ec2:DeleteVolume",
+        "ec2:Describe*",
         "ec2:DetachVolume",
+        "ec2:ModifyInstanceAttribute",
+        "ec2:ModifyVolume",
         "ec2:RevokeSecurityGroupIngress",
-        "ec2:DescribeVpcs",
         "elasticloadbalancing:AddTags",
         "elasticloadbalancing:AttachLoadBalancerToSubnets",
         "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
+        "elasticloadbalancing:CreateListener",
         "elasticloadbalancing:CreateLoadBalancer",
         "elasticloadbalancing:CreateLoadBalancerPolicy",
         "elasticloadbalancing:CreateLoadBalancerListeners",
+        "elasticloadbalancing:CreateTargetGroup",
         "elasticloadbalancing:ConfigureHealthCheck",
+        "elasticloadbalancing:DeleteListener",
         "elasticloadbalancing:DeleteLoadBalancer",
         "elasticloadbalancing:DeleteLoadBalancerListeners",
-        "elasticloadbalancing:DescribeLoadBalancers",
-        "elasticloadbalancing:DescribeLoadBalancerAttributes",
-        "elasticloadbalancing:DetachLoadBalancerFromSubnets",
-        "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
-        "elasticloadbalancing:ModifyLoadBalancerAttributes",
-        "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
-        "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer",
-        "elasticloadbalancing:AddTags",
-        "elasticloadbalancing:CreateListener",
-        "elasticloadbalancing:CreateTargetGroup",
-        "elasticloadbalancing:DeleteListener",
         "elasticloadbalancing:DeleteTargetGroup",
-        "elasticloadbalancing:DescribeListeners",
-        "elasticloadbalancing:DescribeLoadBalancerPolicies",
-        "elasticloadbalancing:DescribeTargetGroups",
-        "elasticloadbalancing:DescribeTargetHealth",
+        "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
+        "elasticloadbalancing:DeregisterTargets",
+        "elasticloadbalancing:Describe*",
+        "elasticloadbalancing:DetachLoadBalancerFromSubnets",
         "elasticloadbalancing:ModifyListener",
+        "elasticloadbalancing:ModifyLoadBalancerAttributes",
         "elasticloadbalancing:ModifyTargetGroup",
+        "elasticloadbalancing:ModifyTargetGroupAttributes",
+        "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
         "elasticloadbalancing:RegisterTargets",
-        "elasticloadbalancing:DeregisterTargets",
+        "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer",
         "elasticloadbalancing:SetLoadBalancerPoliciesOfListener",
         "kms:DescribeKey"
       ],

data/data/azure/main.tf

@@ -37,7 +37,7 @@ module "bootstrap" {
   ilb_backend_pool_v6_id = module.vnet.internal_lb_backend_pool_v6_id
   tags                   = local.tags
   storage_account        = azurerm_storage_account.cluster
-  nsg_name               = module.vnet.master_nsg_name
+  nsg_name               = module.vnet.cluster_nsg_name
   private                = module.vnet.private
 
   use_ipv4                  = var.use_ipv4 || var.azure_emulate_single_stack_ipv6
@@ -76,7 +76,6 @@ module "master" {
   vm_image               = azurerm_image.cluster.id
   identity               = azurerm_user_assigned_identity.main.id
   ignition               = var.ignition_master
-  external_lb_id         = module.vnet.public_lb_id
   elb_backend_pool_v4_id = module.vnet.public_lb_backend_pool_v4_id
   elb_backend_pool_v6_id = module.vnet.public_lb_backend_pool_v6_id
   ilb_backend_pool_v4_id = module.vnet.internal_lb_backend_pool_v4_id

data/data/azure/master/outputs.tf

@@ -1,8 +0,0 @@
-output "ip_v4_addresses" {
-  value = var.use_ipv4 ? azurerm_network_interface.master.*.private_ip_address : []
-}
-
-output "ip_v6_addresses" {
-  value = var.use_ipv6 ? azurerm_network_interface.master.*.private_ip_addresses.1 : []
-}
-

data/data/azure/master/variables.tf

@@ -30,10 +30,6 @@ variable "instance_count" {
   type = string
 }
 
-variable "external_lb_id" {
-  type = string
-}
-
 variable "elb_backend_pool_v4_id" {
   type = string
 }

data/data/azure/vnet/internal-lb.tf

@@ -5,7 +5,7 @@ locals {
 
 resource "azurerm_lb" "internal" {
   sku                 = "Standard"
-  name                = "${var.cluster_id}-internal-lb"
+  name                = "${var.cluster_id}-internal"
   resource_group_name = var.resource_group_name
   location            = var.region
 
@@ -39,15 +39,15 @@ resource "azurerm_lb_backend_address_pool" "internal_lb_controlplane_pool_v4" {
 
   resource_group_name = var.resource_group_name
   loadbalancer_id     = azurerm_lb.internal.id
-  name                = "${var.cluster_id}-internal-controlplane-v4"
+  name                = var.cluster_id
 }
 
 resource "azurerm_lb_backend_address_pool" "internal_lb_controlplane_pool_v6" {
   count = var.use_ipv6 ? 1 : 0
 
   resource_group_name = var.resource_group_name
   loadbalancer_id     = azurerm_lb.internal.id
-  name                = "${var.cluster_id}-internal-controlplane-v6"
+  name                = "${var.cluster_id}-IPv6"
 }
 
 resource "azurerm_lb_rule" "internal_lb_rule_api_internal_v4" {

data/data/azure/vnet/nsg.tf

@@ -1,5 +1,5 @@
-resource "azurerm_network_security_group" "master" {
-  name                = "${var.cluster_id}-controlplane-nsg"
+resource "azurerm_network_security_group" "cluster" {
+  name                = "${var.cluster_id}-nsg"
   location            = var.region
   resource_group_name = var.resource_group_name
 }
@@ -8,20 +8,14 @@ resource "azurerm_subnet_network_security_group_association" "master" {
   count = var.preexisting_network ? 0 : 1
 
   subnet_id                 = azurerm_subnet.master_subnet[0].id
-  network_security_group_id = azurerm_network_security_group.master.id
-}
-
-resource "azurerm_network_security_group" "worker" {
-  name                = "${var.cluster_id}-node-nsg"
-  location            = var.region
-  resource_group_name = var.resource_group_name
+  network_security_group_id = azurerm_network_security_group.cluster.id
 }
 
 resource "azurerm_subnet_network_security_group_association" "worker" {
   count = var.preexisting_network ? 0 : 1
 
   subnet_id                 = azurerm_subnet.worker_subnet[0].id
-  network_security_group_id = azurerm_network_security_group.worker.id
+  network_security_group_id = azurerm_network_security_group.cluster.id
 }
 
 resource "azurerm_network_security_rule" "apiserver_in" {
@@ -35,5 +29,5 @@ resource "azurerm_network_security_rule" "apiserver_in" {
   source_address_prefix       = "*"
   destination_address_prefix  = "*"
   resource_group_name         = var.resource_group_name
-  network_security_group_name = azurerm_network_security_group.master.name
+  network_security_group_name = azurerm_network_security_group.cluster.name
 }

data/data/azure/vnet/outputs.tf

@@ -1,9 +1,9 @@
 output "public_lb_backend_pool_v4_id" {
-  value = var.use_ipv4 ? azurerm_lb_backend_address_pool.master_public_lb_pool_v4[0].id : null
+  value = var.use_ipv4 ? azurerm_lb_backend_address_pool.public_lb_pool_v4[0].id : null
 }
 
 output "public_lb_backend_pool_v6_id" {
-  value = var.use_ipv6 ? azurerm_lb_backend_address_pool.master_public_lb_pool_v6[0].id : null
+  value = var.use_ipv6 ? azurerm_lb_backend_address_pool.public_lb_pool_v6[0].id : null
 }
 
 output "internal_lb_backend_pool_v4_id" {
@@ -36,8 +36,8 @@ output "internal_lb_ip_v6_address" {
   value = var.use_ipv6 ? azurerm_lb.internal.private_ip_addresses[1] : null
 }
 
-output "master_nsg_name" {
-  value = azurerm_network_security_group.master.name
+output "cluster_nsg_name" {
+  value = azurerm_network_security_group.cluster.name
 }
 
 output "virtual_network_id" {

data/data/azure/vnet/public-lb.tf

@@ -44,7 +44,7 @@ data "azurerm_public_ip" "cluster_public_ip_v6" {
 
 resource "azurerm_lb" "public" {
   sku                 = "Standard"
-  name                = "${var.cluster_id}-public-lb"
+  name                = var.cluster_id
   resource_group_name = var.resource_group_name
   location            = var.region
 
@@ -70,20 +70,20 @@ resource "azurerm_lb" "public" {
   }
 }
 
-resource "azurerm_lb_backend_address_pool" "master_public_lb_pool_v4" {
+resource "azurerm_lb_backend_address_pool" "public_lb_pool_v4" {
   count = var.use_ipv4 ? 1 : 0
 
   resource_group_name = var.resource_group_name
   loadbalancer_id     = azurerm_lb.public.id
-  name                = "${var.cluster_id}-public-lb-control-plane-v4"
+  name                = var.cluster_id
 }
 
-resource "azurerm_lb_backend_address_pool" "master_public_lb_pool_v6" {
+resource "azurerm_lb_backend_address_pool" "public_lb_pool_v6" {
   count = var.use_ipv6 ? 1 : 0
 
   resource_group_name = var.resource_group_name
   loadbalancer_id     = azurerm_lb.public.id
-  name                = "${var.cluster_id}-public-lb-control-plane-v6"
+  name                = "${var.cluster_id}-IPv6"
 }
 
 resource "azurerm_lb_rule" "public_lb_rule_api_internal_v4" {
@@ -92,7 +92,7 @@ resource "azurerm_lb_rule" "public_lb_rule_api_internal_v4" {
   name                           = "api-internal-v4"
   resource_group_name            = var.resource_group_name
   protocol                       = "Tcp"
-  backend_address_pool_id        = azurerm_lb_backend_address_pool.master_public_lb_pool_v4[0].id
+  backend_address_pool_id        = azurerm_lb_backend_address_pool.public_lb_pool_v4[0].id
   loadbalancer_id                = azurerm_lb.public.id
   frontend_port                  = 6443
   backend_port                   = 6443
@@ -109,7 +109,7 @@ resource "azurerm_lb_rule" "public_lb_rule_api_internal_v6" {
   name                           = "api-internal-v6"
   resource_group_name            = var.resource_group_name
   protocol                       = "Tcp"
-  backend_address_pool_id        = azurerm_lb_backend_address_pool.master_public_lb_pool_v6[0].id
+  backend_address_pool_id        = azurerm_lb_backend_address_pool.public_lb_pool_v6[0].id
   loadbalancer_id                = azurerm_lb.public.id
   frontend_port                  = 6443
   backend_port                   = 6443
@@ -126,7 +126,7 @@ resource "azurerm_lb_rule" "internal_outbound_rule_v4" {
   name                           = "internal_outbound_rule_v4"
   resource_group_name            = var.resource_group_name
   protocol                       = "Tcp"
-  backend_address_pool_id        = azurerm_lb_backend_address_pool.master_public_lb_pool_v4[0].id
+  backend_address_pool_id        = azurerm_lb_backend_address_pool.public_lb_pool_v4[0].id
   loadbalancer_id                = azurerm_lb.public.id
   frontend_port                  = 27627
   backend_port                   = 27627
@@ -142,7 +142,7 @@ resource "azurerm_lb_rule" "internal_outbound_rule_v6" {
   name                           = "internal_outbound_rule_v6"
   resource_group_name            = var.resource_group_name
   protocol                       = "Tcp"
-  backend_address_pool_id        = azurerm_lb_backend_address_pool.master_public_lb_pool_v6[0].id
+  backend_address_pool_id        = azurerm_lb_backend_address_pool.public_lb_pool_v6[0].id
   loadbalancer_id                = azurerm_lb.public.id
   frontend_port                  = 27627
   backend_port                   = 27627