(cluster/kueyen) Add RKE2 roles to Kueyen #1676
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gseriche
force-pushed
the
IT-6035_reprovision_kueyen_rke2
branch
2 times, most recently
from
959b3ed to
ce64a46
Compare
dtapiacl
force-pushed
the
IT-6035_reprovision_kueyen_rke2
branch
from
ce64a46 to
5f2e961
Compare
gseriche
force-pushed
the
IT-6035_reprovision_kueyen_rke2
branch
from
5f2e961 to
c0431a5
Compare
gseriche
force-pushed
the
IT-6035_reprovision_kueyen_rke2
branch
from
c0431a5 to
476d1c2
Compare
gseriche
force-pushed
the
IT-6035_reprovision_kueyen_rke2
branch
from
476d1c2 to
ef0ef8d
Compare
jhoblitt
requested changes
May 6, 2025
There was a problem hiding this comment.
- The convention used for PR titles in this repo is slightly different that for k8s-cookbook as this repo controls hosts, clusters, sites, etc. The
()should refer to the class or hiera layer being changed. For this PR, it should be something like(cluster/kueyen). - The network configuration for kueyen01-03 have multiple interfaces obtaining a lease via dhcp. This consumes IP unessicarily from the pool:
~ $ ssh kueyen02.dev.lsst.org ip -c a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 4c:d9:8f:6f:27:2a brd ff:ff:ff:ff:ff:ff
altname enp4s0f0
inet 139.229.134.77/24 brd 139.229.134.255 scope global dynamic noprefixroute eno1
valid_lft 595sec preferred_lft 595sec
3: eno2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 4c:d9:8f:6f:27:2b brd ff:ff:ff:ff:ff:ff
altname enp4s0f1
4: ens2f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether a0:36:9f:c7:67:a4 brd ff:ff:ff:ff:ff:ff
altname enp59s0f0
5: ens2f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether a0:36:9f:c7:67:a6 brd ff:ff:ff:ff:ff:ff
altname enp59s0f1
inet 139.229.134.71/24 brd 139.229.134.255 scope global dynamic noprefixroute ens2f1
valid_lft 595sec preferred_lft 595sec
262: calif88ddbe0b4d@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netns cni-b85b66bc-5eaa-e02b-09db-be91418b2faa
6: br2301: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:c7:67:a4 brd ff:ff:ff:ff:ff:ff
inet 139.229.145.236/24 brd 139.229.145.255 scope global dynamic noprefixroute br2301
valid_lft 885sec preferred_lft 885sec
7: ens2f0.2301@ens2f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br2301 state UP group default qlen 1000
link/ether a0:36:9f:c7:67:a4 brd ff:ff:ff:ff:ff:ff
and creates problems for the routing table:
~ $ ssh kueyen01.dev.lsst.org ip route
default via 139.229.134.254 dev eno1 proto dhcp src 139.229.134.76 metric 100
default via 139.229.134.254 dev ens2f1 proto dhcp src 139.229.134.70 metric 101
default via 139.229.145.254 dev br2301 proto dhcp src 139.229.145.234 metric 425
10.42.0.7 dev calia811b3dd28b scope link
10.42.0.74 dev cali65b1011dc9f scope link
10.42.0.84 dev cali9eeba3290dc scope link
10.42.0.86 dev cali7dd35812f57 scope link
10.42.0.87 dev cali798aa5d74e3 scope link
10.42.0.88 dev cali007204e3be2 scope link
10.42.0.94 dev cali08eaa7eba89 scope link
10.42.0.95 dev calia64889b34e8 scope link
10.42.0.98 dev cali4368f414ed4 scope link
10.42.0.100 dev cali1db263d6cfd scope link
10.42.0.102 dev cali3ddb0661fe4 scope link
10.42.1.0/24 via 10.42.1.0 dev flannel.1 onlink
10.42.2.0/24 via 10.42.2.0 dev flannel.1 onlink
10.42.3.0/24 via 10.42.3.0 dev flannel.1 onlink
10.42.4.0/24 via 10.42.4.0 dev flannel.1 onlink
10.42.5.0/24 via 10.42.5.0 dev flannel.1 onlink
139.229.134.0/24 dev eno1 proto kernel scope link src 139.229.134.76 metric 100
139.229.134.0/24 dev ens2f1 proto kernel scope link src 139.229.134.70 metric 101
139.229.145.0/24 dev br2301 proto kernel scope link src 139.229.145.234 metric 425
- ldap auth for kueyen04 is broken:
~ $ ssh kueyen04.dev.lsst.org
Received disconnect from 139.229.134.242 port 22:2: Too many authentication failures
Disconnected from 139.229.134.242 port 22
- kueyen04-06 are missing the bridge interface:
~ $ ssh kueyen06.dev.lsst.org brctl show
~ $
The convention for rebuilt clusters is that they should only have an FQDN IP on the a bridge interface.
- kueyen05-06 are missing from ipam.cp.lsst.org
gseriche
changed the title
Access restored. |
gseriche
force-pushed
the
IT-6035_reprovision_kueyen_rke2
branch
6 times, most recently
from
302606f to
1fe5cea
Compare
gseriche
force-pushed
the
IT-6035_reprovision_kueyen_rke2
branch
from
1fe5cea to
913d2e9
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.