Bug 2072202: Check for api and api-int resolution during cluster install

[sadasu]

During cluster bring up, when nodes are unable to resolve api-int, the cluster fails to come up and the messages in the logs, several times do not hint at any connectivity issues making it difficult to detect and resolve any infrastructure setup issues.

These changes contain:

1. Checks for the API and API-INT URLs to see if they are resolvable from the bootstrap node and logging helpful messages.
2. Records the state of the api-url and api-int-url services
3. Addition of validation of the API and API-INT URLs to the analyze output

[sadasu]

/retest

[patrickdillon]

It is unlikely that api-int is resolvable from the installer host, so this check would need to be run on the bootstrap host.

I think it would be a good idea to enumerate the failure cases we are trying to improve upon.

[jcpowermac]

It is unlikely that api-int is resolvable from the installer host, so this check would need to be run on the bootstrap host.

right, its not. the coredns static pod running on the nodes configures the A record for api-int

see:
https://github.com/openshift/machine-config-operator/blob/master/templates/common/on-prem/files/coredns-corefile.yaml#L32-L39

and
https://github.com/openshift/machine-config-operator/blob/master/manifests/on-prem/coredns-corefile.tmpl#L27-L35

[patrickdillon]

right, its not.

The installer would be able to resolve api-int in the edge case where it is installing to an existing vpc (e.g. aws, azure, gcp) and the host is running within that vpc, right?

Like I said, this is an edge case and does not affect the outcome for this PR, but trying to add context for @sadasu about why I said "unlikely." Also trying to edify myself in case I'm mistaken.

[jcpowermac]

right, its not.

The installer would be able to resolve api-int in the edge case where it is installing to an existing vpc (e.g. aws, azure, gcp) and the host is running within that vpc, right?

Like I said, this is an edge case and does not affect the outcome for this PR, but trying to add context for @sadasu about why I said "unlikely." Also trying to edify myself in case I'm mistaken.

Sorry yep, I was thinking onprem ;-)

[sadasu]

@patrickdillon @jcpowermac thanks for the helpful comments. Hopefully the current location triggers this verification at the correct point on the bootstrap node on an install failure.

Couple of questions:

1. Is *.apps expected to be resolvable at this point? Should these changes include a test to see if that URL is resolvable too?
2. Should this check also include a ping to the API or API-INT IP address?

[jstuever]

/cc

[jstuever]

This looks like a solid approach. I do have questions about how the new shell script is being referenced from bootkube.sh. I expect this is missing a source line at the top. Otherwise, looks good.

[patrickdillon]

This looks good. Left some nits and ideas. Personally I would like to consider some different terminology than "DNS config."

[sadasu]

/retest-required

[sadasu]

/retest-required

[r4f4]

/test e2e-alibaba

[r4f4]

Except for some nitpicking on the indentation of some lines, it seems to be working as intended:

level=error msg=Failed to wait for bootstrapping to complete. This error usually happens when there is a problem with control plane hosts that prevents the control plane operators from creating the control plane.
level=error msg=The bootstrap machine is unable to resolve API and/or API-Int Server URLs
level=info msg=Successfully resolved API_INT_URL api-int.ci-op-97x1j7tm-920ba.alicloud-dev.devcluster.openshift.com
level=info msg=Unable to reach API_INT_URL's https endpoint at https://10.0.101.111:6443/version
level=info msg=It might be too early for the https://10.0.101.111:6443/version to be available. 

https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_installer/5816/pull-ci-openshift-installer-master-e2e-alibaba/1579546984006553600

[r4f4]

/lgtm

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 54d95a3 and 2 for PR HEAD 6bfb2e6 in total

[sadasu]

/retest-required

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 3872845 and 1 for PR HEAD 6bfb2e6 in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD f957eda and 0 for PR HEAD 6bfb2e6 in total

[sadasu]

/skip
There is enough proof with the passing CIs that this fix works and doesn't break anything else.

[jstuever]

/cc @patrickdillon
/uncc

[openshift-ci-robot]

/hold

Revision 6bfb2e6 was retested 3 times: holding

[openshift-ci]

@sadasu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-crc	b4de9f26fa2e7fc90a6babcb91f81caab819434c	link	false	/test e2e-crc
ci/prow/e2e-gcp-upi	b4de9f26fa2e7fc90a6babcb91f81caab819434c	link	true	/test e2e-gcp-upi
ci/prow/e2e-aws-upi	b4de9f26fa2e7fc90a6babcb91f81caab819434c	link	true	/test e2e-aws-upi
ci/prow/e2e-azure-upi	b4de9f26fa2e7fc90a6babcb91f81caab819434c	link	true	/test e2e-azure-upi
ci/prow/okd-e2e-aws	0ca8925920bd26a79bc17f1a7607004f2d8bd21b	link	false	/test okd-e2e-aws
ci/prow/e2e-azure	b93e83b5e7693c4013815c0721afbb48b3405b25	link	true	/test e2e-azure
ci/prow/e2e-vsphere	b93e83b5e7693c4013815c0721afbb48b3405b25	link	true	/test e2e-vsphere
ci/prow/e2e-ibmcloud	b93e83b5e7693c4013815c0721afbb48b3405b25	link	false	/test e2e-ibmcloud
ci/prow/e2e-aws	b93e83b5e7693c4013815c0721afbb48b3405b25	link	true	/test e2e-aws
ci/prow/e2e-gcp	b93e83b5e7693c4013815c0721afbb48b3405b25	link	true	/test e2e-gcp
ci/prow/okd-e2e-gcp-ovn-upgrade	f72166fe50e34c5912dcaa9d496050e927176167	link	false	/test okd-e2e-gcp-ovn-upgrade
ci/prow/okd-scos-e2e-aws-ovn	6bfb2e6	link	false	/test okd-scos-e2e-aws-ovn
ci/prow/okd-scos-e2e-aws-upgrade	6bfb2e6	link	false	/test okd-scos-e2e-aws-upgrade
ci/prow/okd-e2e-aws-upgrade	6bfb2e6	link	false	/test okd-e2e-aws-upgrade
ci/prow/e2e-openstack	6bfb2e6	link	false	/test e2e-openstack
ci/prow/e2e-ibmcloud-ovn	6bfb2e6	link	false	/test e2e-ibmcloud-ovn
ci/prow/e2e-alibaba	a8569dfc04922c2191113dad7f4c99eec9c36a5c	link	false	/test e2e-alibaba
ci/prow/e2e-libvirt	6bfb2e6	link	false	/test e2e-libvirt
ci/prow/e2e-agent-mce	6bfb2e6	link	false	/test e2e-agent-mce

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[sadasu]

/test e2e-gcp-ovn

[sadasu]

/hold cancel

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 36ebaee and 2 for PR HEAD 6bfb2e6 in total

[openshift-ci]

@sadasu: All pull requests linked via external trackers have merged:

• openshift/installer#5816

Bugzilla bug 2072202 has been moved to the MODIFIED state.

Details

In response to this:

Bug 2072202: Check for api and api-int resolution during cluster install

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.