On Sun, Jul 19, 2020 at 2:20 PM Ali Okan YÜKSEL <kaox....@gmail.com> wrote:
> [root@lbint opt]# ./openshift-install --dir=/opt/ocpint wait-for > bootstrap-complete --log-level debug > DEBUG OpenShift Installer 4.3.29 > DEBUG Built from commit 96253d3f2ed8da6f70ff6ad9f69d67b65c688889 > INFO Waiting up to 30m0s for the Kubernetes API at > https://api.security.tr.ibm.com:6443... > DEBUG Still waiting for the Kubernetes API: Get > https://api.security.tr.ibm.com:6443/version?timeout=32s: x509: certificate > has expired or is not yet valid This is a problem with the time on your VM. I ran into a similar issue on HyperV UPI where the firmware was providing local time to the VM, but the VM thought it was UTC for some reason. I fixed it by having the firmware provide UTC (in that case, by changing the timezone on my workstation to UTC since it was VMs on my desktop....perhaps not workable in a prod environment) > master01 logs: > [ 7379.508614] ignition[727]: GET > https://api-int.security.test.com:22623/config/master: attempt #825 > [ 7379.516251] ignition[727]: GET error: Get > https://api-int.security.test.com:22626/onfig/master: x509: certificate is > valid for api-int.ocpint.example.com, not api-int.security.test.com > > I think the problem is related with my manual modification in master.ign and > worker.ign files. Correct. OCP4 is very opinionated on names. I'm not sure where api-int.security.test.com comes from, but how it needs to work is that api-int.<clustername>.<basedomain> needs to point somewhere accessible internally by your cluster machines, and api.<clustername>.<basedomain> needs to point somewhere that is accessible by your clients. > 1) If *.ign files needs to modified. What is the correct method for this? > Should we re-generate this files with correct source addresses? How can we do > that? It shouldn't need to be modified, really. All that the master/worker ignition files are is pointers to the MCS. You really don't need them after the cluster is commissioned, really - just point ignition straight to the MCS (I think that this works, never tried it - but it's what I've been told). The bootstrap one has real content, though - and probably shouldn't be modified (you can manually step through the stages with openshift-install create manifests, modify what you need THERE, and then openshift-install create ignition-config if you must) > 2) I am trying to install openshift on vsphere but vcenter is not working > correctly. So foreach change on ignition files, I created bootstrap, master, > worker virtual machines manually from scratch by changing ignition data. I > think ignition data is read only for first reboot. Is there an easy method to > modify and run virtual machine by using new ignition data? What are your > suggestions about that? Get the ignition data via http. I'm not sure how VMWare IPI does it, but most cloud providers use user-data to get it in there. > 3) Is there a repository which includes example haproxy.cfg, named.conf&zone > definition, dhcpd config files for installing openshift 4.x in our lab > environment? This is just the blind leading the blind, I don't work for RH and disclaim all responsibility for this. But what I did for my home HyperV setup is available at https://github.com/jds2001/ocp-disconnected - this should get you started, but it doesn't contain everything that you need (and it contains some things that should *not* be public under ordinary circumstances - I've specifically called that out in the README though). This is for doing a disconnected install, but hopefully you can pick out what you need from it. _______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
