Comments (7)
jhernand
commented on July 29, 2024
We are still seeing this problem, and I think it is related to the how the names of the IAM roles are calculated during installation and during uninstallation. During the installation the name of the role is calculated here:
That cluster_name comes from the clusterdeployment.spec.config.clusterID. In my case that is api-tests. As a result the following roles are created:
$ aws iam list-roles | jq -r .Roles[].RoleName | grep api-tests
api-tests-bootstrap-role
api-tests-master-role
api-tests-worker-role
But when Hive tries to delete the cluster it calls the installer, which calculates again this names, this time in the Go code:
The result of this is different, according to the logs:
time="2018-12-20T15:56:06Z" level=debug msg="Deleting IAM resources (map[openshiftClusterID:1d7eae0b-bb0b-484d-bf05-5b566d37b09e])"
time="2018-12-20T15:56:06Z" level=debug msg="deleting role: api-tests-2k2xt-master-role"
Note that the name here is api-tests-2k2xt-master-role instead of api-tests-master-role. api-tests-2k2xt is the name of the clusterdeployment object. So I believe that the problem is that Hive is passing to the uninstaller a value that is inconsistent with what it passes to the installer.
The net result is that when Hive fails after creating the IAM roles, for whatever the reason, it is impossible to create a cluster with the same name, neither with the automatic retry done by Hive nor manually. The only alternative is to manually remove the IAM roles from AWS.
@joelddiaz @wking @dgoodwin any suggestion?
from hive.
dgoodwin
commented on July 29, 2024
Looks like another bug in hive not being prepared for the use of GenerateName. Should be a simple fix to use the Cluster name not generate name.
from hive.
dgoodwin
commented on July 29, 2024
This might explain a lot of failed deprovision jobs in opshive.
from hive.
joelddiaz
commented on July 29, 2024
We're just blindly using the ungenerated clustername at the uninstall call. If we would simply read the cd.Spec.Config.ClusterID and pass that to the uninstall, i think we'd be okay
I haven't tried this, but I'd think that somewhere around here we can grab/save the data out of the clusterdeployment: https://github.com/openshift/hive/blob/master/contrib/pkg/installmanager/installmanager.go#L164-L186
from hive.
dgoodwin
commented on July 29, 2024
Haven't seen in awhile.
from hive.
jhernand
commented on July 29, 2024
I still see it frequently, with the version of Hive that we have in our environment.
from hive.
dgoodwin
commented on July 29, 2024
https://jira.coreos.com/browse/CO-173
from hive.
Related Issues (20)
- Can I specify the clustermetadata in clusterdeployment spec HOT 2
- Missing ServiceMonitor CRD when running in Kind HOT 1
- No automatic secrets for Service Accounts in Kubernetes 1.24 HOT 2
- Error "Required value: must specify a platform" for field "spec.platform". HOT 2
- Internal Install using Private Link - Logs HOT 6
- hive upgrade to 1.1.6 is expecting CRD API version to be v1beta instead of v1 HOT 5
- Ability to Override httpCustomErrorCodePages in ClusterDeployment HOT 7
- Implement Openstack Hibernation HOT 9
- Pass skip_provider_registration flag HOT 2
- How to make Hive trust new API cert in managed cluster? HOT 6
- Hive Cluster Relocation is stuck on kube-root-ca.crt and openshift-service-ca.crt already exists HOT 5
- Rotating the admin kubeconfig after 10 years HOT 6
- Install fails on ClusterRoleBinding HOT 7
- Consider tagging submodule "apis"? HOT 2
- How if Hive released? HOT 1
- ClusterClaim-controller should watch for changes to RoleBindings as well HOT 1
- ClusterSync-controller's requeueAfter duration could be insufficient HOT 2
- Availability of Hive in ARM HOT 5
- hive-clustersync-0 - CreateContainerConfigError
- Provided SSH keypair not used for bootstrap node HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hive.