Channel stable/1.15 EasyRSA sets up and works initially but then a hook fails and the whole deployment fails

This one is completely reproducible in my case, so not sure what is going on here.

I had charmed-kubernetes deployed on LXD @1.16, but i’m having way too many issues with broken helm charts and just want to stay on 1.15 until everyone catches up to the deprecations, so I decided to downgrade.

I wiped my old deployment and controller and started fresh. The install goes up until the point when the kube worker is waiting for cluster DNS, and the kube master is waiting for master services to start. At this point EasyRSA is up and green, but then something on the master calls the EasyRSA hook and at that point the deployment fails. I am including a log in hopes someone can let me know what I can do to workaround this:

https://pastebin.com/eaQr0tPN

Unfortunately the conjure-up logs pretty much say that the easyrsa unit had an error. It would be good to see the juju log of easyrsa. juju debug-log -i easyrsa/0 —replay is a good starting point and juju crash-dump is the preferred way to package up status so someone can look at it. Would you be able to post one of those to paste.ubuntu.com?

Hi @routhinator. I would suggest using the local install instructions instead of conjure-up. When you get to Step 3, instead of juju deploy charmed-kubernetes, which would deploy the latest (1.16) bundle from the charm store, you can instead do the following:

wget -O bundle.yaml https://api.jujucharms.com/charmstore/v5/bundle/charmed-kubernetes-270/archive/bundle.yaml 
sed -i 's/1.16/1.15/g' bundle.yaml
juju deploy ./bundle.yaml

This downloads the latest bundle and switches the snap channels from 1.16 to 1.15.

Try this and see if you have better luck. I suspect the conjure-up spells may be out of date since we’re moving away from conjure-up as our recommended deployment method.

If you do hit an issue, you can file a bug and we’ll look into it. As @knobby said, juju-crashdump tarballs are extremely helpful for debugging. You can capture one like this:

sudo snap install juju-crashdump --channel edge --classic
juju-crashdump -a debug-layer -a config

Hi guys,

Thanks for the feedback. I will get those logs when/if I can (if I don’t see what’s wrong in the debug log for easyrsa)

…came home after apparently having a lengthy power outage today, server was back up but LXD thinks it’s port is in use, it isn’t - so it won’t start.

Once I repair it I can get the logs again :slight_smile:

On second thought, I’m just going to reset this LXD install and try the local instructions.

I was using the conjure-up method because the doc I was reading said I needed to use it to configure LXD properly, and I was changing the channel there.

I presume I can just set extra_sans: on the kubeapi-load-balancer to set the additional alt names for the api cert?

And it works! Thanks.

1 Like

Yeah, that’s right. There’s a little extra info about that here.