*: clean up AWS ELBs #242
*: clean up AWS ELBs #242
Conversation
openshift-ci-robot
added
do-not-merge/work-in-progress
|
/test e2e-aws-smoke |
| @@ -14,7 +14,8 @@ import ( | |||
| ) | |||
|
|
|||
| const ( | |||
| caPath = "generated/tls/root-ca.crt" | |||
| caPath = "generated/tls/root-ca.crt" | |||
| tncPort uint = 49500 | |||
There was a problem hiding this comment.
Why specify the numeral type?
|
/retest |
|
/lgtm |
openshift-ci-robot
added
lgtm
| @@ -14,7 +14,8 @@ import ( | |||
| ) | |||
|
|
|||
| const ( | |||
| caPath = "generated/tls/root-ca.crt" | |||
| caPath = "generated/tls/root-ca.crt" | |||
| tncPort = 49500 | |||
There was a problem hiding this comment.
rename to ignServerPort
There was a problem hiding this comment.
That's surprising. Is ignition what's effectively listening on this port?
There was a problem hiding this comment.
Also if we make this change, is there any point keeping the acronym TNC at all?
There was a problem hiding this comment.
Yes we are running ignition server on this port; we can drop acronym TNC.
There was a problem hiding this comment.
I'd use mcsPort, since that is the actual service.
There was a problem hiding this comment.
Can we agree on doing this in another PR?
There was a problem hiding this comment.
I think it makes sense to change it here... since we are removing *-tnc from url.
modules/aws/master/main.tf
Outdated
| @@ -117,15 +117,9 @@ resource "aws_instance" "master" { | |||
| ), var.extra_tags)}" | |||
| } | |||
|
|
|||
| resource "aws_elb_attachment" "masters_tnc" { | |||
| resource "aws_elb_attachment" "masters_ctrlp" { | |||
There was a problem hiding this comment.
just masters_internal or ctrlp_internal ? We have lost information that all these are internal lbs.
There was a problem hiding this comment.
ctrlp_internal between those, long-term it might be possible to consolidate internal and external
There was a problem hiding this comment.
long-term, @crawford wants to drop external lbs... :P
There was a problem hiding this comment.
lets do ctrp_internal
| @@ -126,18 +127,11 @@ func (c *ConfigGenerator) embedUserBlock(ignCfg *ignconfigtypes.Config) { | |||
| func (c *ConfigGenerator) getTNCURL(role string, query string) string { | |||
There was a problem hiding this comment.
No longer TNC getMCSURL ?
There was a problem hiding this comment.
I'm in favor of writing out anything project-specific. Folks likely have seen URL before, which would make this getMachineConfigServerURL.
There was a problem hiding this comment.
I'd like to keep the rename out of scope here see #242 (comment).
(I know I'm repeating myself here :-D)
|
Here's something I noticed in the logs. the alias name for ctrlp_a record is just a hostname, wheres the alias name for the tectonic_api_external record is a FQDN. This might explain that the ctrlp_a alias doesn't belong to the correct zone, as it might not have one. I'll need more investigation on this one |
steveej
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
/hold cancel I think the TNC -> MCS renaming should go to a different PR. |
openshift-ci-robot
removed
the
do-not-merge/hold
modules/aws/vpc/master-elb.tf
Outdated
| @@ -57,6 +31,14 @@ resource "aws_elb" "api_internal" { | |||
| interval = 5 | |||
| } | |||
|
|
|||
| # health_check { | |||
There was a problem hiding this comment.
Why are these disabled?
There was a problem hiding this comment.
An ELB can only have one health_check. We'll need to come up with a different solution for these.
There was a problem hiding this comment.
An ELB can only have one
health_check.
So drop the commented-out code and file an issue? Do we need to continue to health-check 49500 independently?
There was a problem hiding this comment.
Can you add this as comment above.
There was a problem hiding this comment.
Do we like TODOs in the code? If not I'll opt for removing the code altogether
There was a problem hiding this comment.
49500 doesn't need a health check because Ignition uses a random resolver. If the endpoint is down, Ignition will try another IP address.
There was a problem hiding this comment.
what if all are down?
There was a problem hiding this comment.
If they are all down, Ignition keeps retrying.
| } | ||
|
|
||
| output "aws_api_external_dns_name" { | ||
| output "aws_elb_api_external_dns_name" { |
There was a problem hiding this comment.
nit: I don't know if we want to handle this incrementally or not, but aws_ is redundant for output variables in this AWS-only module. Also, I don't know if consumers will care if this is an elastic load balancer or not. So personally I'd prefer api_external_dns_name here.
But it's also nice to keep this diff small and the variables consistent, and aws_elb_api_external_... matches the pattern set by aws_elb_api_external_zone_id below.
There was a problem hiding this comment.
But it's also nice to keep this diff small and the variables consistent, and
aws_elb_api_external_...matches the pattern set byaws_elb_api_external_zone_idbelow.
That was my intention. Now it's consistent within the current scheme, which can be refactored followiing up to this change.
modules/aws/vpc/sg-elb.tf
Outdated
| @@ -68,6 +28,16 @@ resource "aws_security_group_rule" "api_ingress_console" { | |||
| to_port = 6443 | |||
| } | |||
|
|
|||
| resource "aws_security_group_rule" "tnc_ingress" { | |||
There was a problem hiding this comment.
tnc -> mcs rebranding? Or ignition_ingress? Or something.
There was a problem hiding this comment.
I'd like to keep the rename out of scope here see #242 (comment).
There was a problem hiding this comment.
You can put it in a different commit, but it belongs in this PR.
There was a problem hiding this comment.
I think it the rename is not related to the logic of this PR which is to consolidate ELBs and not rename stuff, I added the commit anyway so y'all are happy ;-)
openshift-bot
added
needs-rebase
steveej
changed the title
|
/retest |
1 similar comment
|
/retest |
installer/pkg/workflow/init.go
Outdated
| @@ -17,7 +17,7 @@ import ( | |||
| const ( | |||
| generatedPath = "generated" | |||
| kcoConfigFileName = "kco-config.yaml" | |||
| tncoConfigFileName = "tnco-config.yaml" | |||
| mcsoConfigFileName = "mcso-config.yaml" | |||
There was a problem hiding this comment.
drop this line, there is not mcso-config.yaml; missed this in #232
pkg/asset/ignition/bootstrap.go
Outdated
| @@ -200,7 +200,7 @@ func (a *bootstrap) addBootstrapConfigFiles(config *ignition.Config, dependencie | |||
| // TODO (staebler) - missing the following from assets step | |||
| // /opt/tectonic/manifests/cluster-config.yaml | |||
| // /opt/tectonic/tectonic/cluster-config.yaml | |||
| // /opt/tectonic/tnco-config.yaml | |||
| // /opt/tectonic/mcso-config.yaml | |||
There was a problem hiding this comment.
drop this line, there is not mcso-config.yaml; missed this in #232
tests/smoke/cluster_test.go
Outdated
| @@ -35,7 +35,7 @@ var ( | |||
| defaultIgnoredManifests = []string{ | |||
| "bootstrap", | |||
| "kco-config.yaml", | |||
| "tnco-config.yaml", | |||
| "mcso-config.yaml", | |||
There was a problem hiding this comment.
drop this line, there is not mcso-config.yaml; missed this in #232
|
/test e2e-aws |
crawford
changed the title
|
/lgtm |
|
/hold |
openshift-ci-robot
added
the
do-not-merge/hold
|
@steveej can you fix the libvirt networking as well? I think it's just a matter of dropping the TNC records. Also, did you not want to name this endpoint "control plane"? |
Do you mean cleanup or is it actually broken?
I'm not too pedantic about the naming here as we're still inconsistent in overall. For further cleanups I'm in favor of keeping only names public/private as they realistically model the zones we're using. Thus, we could probably rename {external,internal} -> {public,private} and merge the console ELB into the public/private ELBs accordingly. /retest unit |
Remove the TNC ELB with and move all associated resources to the api_internal ELB. This also allows to cleanup the DNS A record and the security group for the TNC. It also changes the FQDN for the TNC, which is now the same as for the API, though it remains exclusive to the internal zone. Configure the ELB to listen on the TNC port directly.
|
I re-did the renaming for the content that slipped in via the rebase. @abhinavdahiya since you've put this on hold, is there anything else missing IYO? |
|
Worked for me with libvirt. /retest |
openshift-ci-robot
added
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, crawford, steveeJ The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
We used to assign both {name}-api and {name}-tnc to the bootstrap and
master nodes. But we dropped {name}-tnc in 239373f (aws/ELBs: merge
tnc with api_internal and cleanup, 2018-09-19, openshift#242). Now that it's
just the one entry, the local.hostnames indirection is unecessary
complication.
/hold