terraform-provider-rancher2 icon indicating copy to clipboard operation
terraform-provider-rancher2 copied to clipboard

Published 20 hours ago verified publisher icon rancher

[BUG] Cannot create bootstrap resource

Open nnewc opened this issue 1 year ago • 2 comments

Rancher Server Setup

  • Rancher version: 2.7.6
  • Installation option (Docker install/Helm Chart): Helm
    • If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): RKE2

Information about the Cluster

  • Kubernetes version: 1.24.14
  • Cluster Type (Local/Downstream): Local

User Information

  • What is the role of the user logged in? (Admin/Cluster Owner/Cluster Member/Project Owner/Project Member/Custom): Admin

Provider Information

  • What is the version of the Rancher v2 Terraform Provider in use? 3.2.0
  • What is the version of Terraform in use? 1.5.7

Describe the bug

Cannot create rancher_bootstrap resource

To Reproduce

provider "rancher2" {
  alias = "bootstrap"

  api_url   = var.rancher_api_url
  bootstrap = true
  insecure = true
}

resource "rancher2_bootstrap" "admin" {
  depends_on = [ helm_release.rancher ]
  provider = rancher2.bootstrap
  password = var.rancher_admin_password
  telemetry = true
}

Actual Result

module.rancher.rancher2_bootstrap.admin: Creating...
2023-11-02T20:59:41.747-0500 [INFO]  Starting apply for module.rancher.rancher2_bootstrap.admin
2023-11-02T20:59:41.747-0500 [DEBUG] module.rancher.rancher2_bootstrap.admin: applying the planned Create change
2023-11-02T20:59:41.747-0500 [DEBUG] provider.terraform-provider-rancher2_v3.2.0: 2023/11/02 20:59:41 [INFO] Doing login
2023-11-02T20:59:41.747-0500 [DEBUG] provider.terraform-provider-rancher2_v3.2.0: 2023/11/02 20:59:41 Getting from  https://10.7.2.188.nip.io/ping
2023-11-02T20:59:41.905-0500 [DEBUG] provider.terraform-provider-rancher2_v3.2.0: 2023/11/02 20:59:41 Time to get req:  157  ms
module.rancher.rancher2_bootstrap.admin: Still creating... [10s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [20s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [30s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [40s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [50s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [1m0s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [1m10s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [1m20s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [1m30s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [1m40s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [1m50s elapsed]
module.rancher.rancher2_bootstrap.admin: Still creating... [2m0s elapsed]
2023-11-02T21:01:41.936-0500 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2023-11-02T21:01:41.936-0500 [ERROR] vertex "module.rancher.rancher2_bootstrap.admin" error: [ERROR] Timeout trying to login with admin user: Doing user login: error Unauthorized
╷
│ Error: [ERROR] Timeout trying to login with admin user: Doing user login: error Unauthorized
│
│   with module.rancher.rancher2_bootstrap.admin,
│   on modules/rancher/bootstrap.tf line 9, in resource "rancher2_bootstrap" "admin":
│    9: resource "rancher2_bootstrap" "admin" {
│
╵
2023-11-02T21:01:41.967-0500 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-11-02T21:01:41.969-0500 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/rancher/rancher2/3.2.0/darwin_arm64/terraform-provider-rancher2_v3.2.0 pid=11011
2023-11-02T21:01:41.969-0500 [DEBUG] provider: plugin exited

Rancher is reachable via curl:

$ curl https://10.7.2.188.nip.io/ping  -kv
*   Trying 10.7.2.188:443...
* Connected to 10.7.2.188.nip.io (10.7.2.188) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: [NONE]
*  start date: Nov  1 19:32:26 2023 GMT
*  expire date: Jan 30 19:32:26 2024 GMT
*  issuer: O=dynamiclistener-org; CN=dynamiclistener-ca@1698867070
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /ping]
* h2h3 [:scheme: https]
* h2h3 [:authority: 10.7.2.188.nip.io]
* h2h3 [user-agent: curl/7.84.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x15200bc00)
> GET /ping HTTP/2
> Host: 10.7.2.188.nip.io
> user-agent: curl/7.84.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
< date: Fri, 03 Nov 2023 22:02:11 GMT
< content-type: text/plain; charset=utf-8
< content-length: 4
< cache-control: no-cache, no-store, must-revalidate
< x-api-cattle-auth: false
< x-content-type-options: nosniff
< strict-transport-security: max-age=15724800; includeSubDomains
< 
* Connection #0 to host 10.7.2.188.nip.io left intact
pong

Expected Result

bootstrap resource is created

Additional context

Cluster is using CIS profile. Looking for any additional steps to debug this issue.

nnewc avatar Nov 03 '23 22:11 nnewc