-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
*: clean up AWS ELBs #242
*: clean up AWS ELBs #242
Conversation
/test e2e-aws-smoke |
@@ -14,7 +14,8 @@ import ( | |||
) | |||
|
|||
const ( | |||
caPath = "generated/tls/root-ca.crt" | |||
caPath = "generated/tls/root-ca.crt" | |||
tncPort uint = 49500 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why specify the numeral type?
/retest |
/lgtm |
@@ -14,7 +14,8 @@ import ( | |||
) | |||
|
|||
const ( | |||
caPath = "generated/tls/root-ca.crt" | |||
caPath = "generated/tls/root-ca.crt" | |||
tncPort = 49500 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rename to ignServerPort
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's surprising. Is ignition what's effectively listening on this port?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also if we make this change, is there any point keeping the acronym TNC at all?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes we are running ignition server on this port; we can drop acronym TNC.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd use mcsPort
, since that is the actual service.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we agree on doing this in another PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it makes sense to change it here... since we are removing *-tnc
from url.
modules/aws/master/main.tf
Outdated
@@ -117,15 +117,9 @@ resource "aws_instance" "master" { | |||
), var.extra_tags)}" | |||
} | |||
|
|||
resource "aws_elb_attachment" "masters_tnc" { | |||
resource "aws_elb_attachment" "masters_ctrlp" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just masters_internal
or ctrlp_internal
? We have lost information that all these are internal lbs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ctrlp_internal
between those, long-term it might be possible to consolidate internal and external
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
long-term, @crawford wants to drop external lbs... :P
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lets do ctrp_internal
@@ -126,18 +127,11 @@ func (c *ConfigGenerator) embedUserBlock(ignCfg *ignconfigtypes.Config) { | |||
func (c *ConfigGenerator) getTNCURL(role string, query string) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No longer TNC getMCSURL
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm in favor of writing out anything project-specific. Folks likely have seen URL before, which would make this getMachineConfigServerURL
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to keep the rename out of scope here see #242 (comment).
(I know I'm repeating myself here :-D)
Here's something I noticed in the logs.
the alias name for ctrlp_a record is just a hostname, wheres the alias name for the tectonic_api_external record is a FQDN. This might explain that the ctrlp_a alias doesn't belong to the correct zone, as it might not have one. I'll need more investigation on this one |
/hold cancel I think the TNC -> MCS renaming should go to a different PR. |
modules/aws/vpc/master-elb.tf
Outdated
@@ -57,6 +31,14 @@ resource "aws_elb" "api_internal" { | |||
interval = 5 | |||
} | |||
|
|||
# health_check { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are these disabled?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An ELB can only have one health_check. We'll need to come up with a different solution for these.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An ELB can only have one
health_check
.
So drop the commented-out code and file an issue? Do we need to continue to health-check 49500 independently?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add this as comment above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we like TODOs in the code? If not I'll opt for removing the code altogether
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
49500 doesn't need a health check because Ignition uses a random resolver. If the endpoint is down, Ignition will try another IP address.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what if all are down?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If they are all down, Ignition keeps retrying.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me :). I left a few minor suggestions inline.
} | ||
|
||
output "aws_api_external_dns_name" { | ||
output "aws_elb_api_external_dns_name" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I don't know if we want to handle this incrementally or not, but aws_
is redundant for output variables in this AWS-only module. Also, I don't know if consumers will care if this is an elastic load balancer or not. So personally I'd prefer api_external_dns_name
here.
But it's also nice to keep this diff small and the variables consistent, and aws_elb_api_external_...
matches the pattern set by aws_elb_api_external_zone_id
below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But it's also nice to keep this diff small and the variables consistent, and
aws_elb_api_external_...
matches the pattern set byaws_elb_api_external_zone_id
below.
That was my intention. Now it's consistent within the current scheme, which can be refactored followiing up to this change.
modules/aws/vpc/sg-elb.tf
Outdated
@@ -68,6 +28,16 @@ resource "aws_security_group_rule" "api_ingress_console" { | |||
to_port = 6443 | |||
} | |||
|
|||
resource "aws_security_group_rule" "tnc_ingress" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tnc
-> mcs
rebranding? Or ignition_ingress
? Or something.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to keep the rename out of scope here see #242 (comment).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can put it in a different commit, but it belongs in this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it the rename is not related to the logic of this PR which is to consolidate ELBs and not rename stuff, I added the commit anyway so y'all are happy ;-)
/retest |
1 similar comment
/retest |
installer/pkg/workflow/init.go
Outdated
@@ -17,7 +17,7 @@ import ( | |||
const ( | |||
generatedPath = "generated" | |||
kcoConfigFileName = "kco-config.yaml" | |||
tncoConfigFileName = "tnco-config.yaml" | |||
mcsoConfigFileName = "mcso-config.yaml" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
drop this line, there is not mcso-config.yaml
; missed this in #232
pkg/asset/ignition/bootstrap.go
Outdated
@@ -200,7 +200,7 @@ func (a *bootstrap) addBootstrapConfigFiles(config *ignition.Config, dependencie | |||
// TODO (staebler) - missing the following from assets step | |||
// /opt/tectonic/manifests/cluster-config.yaml | |||
// /opt/tectonic/tectonic/cluster-config.yaml | |||
// /opt/tectonic/tnco-config.yaml | |||
// /opt/tectonic/mcso-config.yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
drop this line, there is not mcso-config.yaml; missed this in #232
tests/smoke/cluster_test.go
Outdated
@@ -35,7 +35,7 @@ var ( | |||
defaultIgnoredManifests = []string{ | |||
"bootstrap", | |||
"kco-config.yaml", | |||
"tnco-config.yaml", | |||
"mcso-config.yaml", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
drop this line, there is not mcso-config.yaml; missed this in #232
/test e2e-aws |
/lgtm |
/hold |
@steveej can you fix the libvirt networking as well? I think it's just a matter of dropping the TNC records. Also, did you not want to name this endpoint "control plane"? |
Do you mean cleanup or is it actually broken?
I'm not too pedantic about the naming here as we're still inconsistent in overall. For further cleanups I'm in favor of keeping only names public/private as they realistically model the zones we're using. Thus, we could probably rename {external,internal} -> {public,private} and merge the console ELB into the public/private ELBs accordingly. /retest unit |
Remove the TNC ELB with and move all associated resources to the api_internal ELB. This also allows to cleanup the DNS A record and the security group for the TNC. It also changes the FQDN for the TNC, which is now the same as for the API, though it remains exclusive to the internal zone. Configure the ELB to listen on the TNC port directly.
I re-did the renaming for the content that slipped in via the rebase. @abhinavdahiya since you've put this on hold, is there anything else missing IYO? |
Worked for me with libvirt. /retest |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, crawford, steveeJ The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
We used to assign both {name}-api and {name}-tnc to the bootstrap and master nodes. But we dropped {name}-tnc in 239373f (aws/ELBs: merge tnc with api_internal and cleanup, 2018-09-19, openshift#242). Now that it's just the one entry, the local.hostnames indirection is unecessary complication.
/hold