ibm cloud private 3.2.1 helm issue - ibm-cloud-private

I am getting the following message while installing ICP on Ubuntu.
I searched for helm-api-3.1.0.tgz and that the file exists.
Any idea what would cause this?
TASK [addon : Installing helm-api chart]
FAILED - RETRYING: Installing helm-api chart (5 retries left).
FAILED - RETRYING: Installing helm-api chart (4 retries left).
FAILED - RETRYING: Installing helm-api chart (3 retries left).
FAILED - RETRYING: Installing helm-api chart (2 retries left).
FAILED - RETRYING: Installing helm-api chart (1 retries left).
fatal: [localhost]: FAILED! => changed=true
attempts: 5
cmd: |-
filename="/addon/helm-api-3.1.0.tgz"
if [[ -d "/addon/helm-api-3.1.0.tgz" ]]; then
filename=$(ls /addon/helm-api-3.1.0.tgz/*.tgz | tail -1)
fi
ret=0
if helm status --tls helm-api &>/dev/null && helm status --tls helm-api | grep -q 'STATUS: FAILED'; then
rev=$(helm list --tls helm-api | awk '{if($1 == "helm-api"){print $2;exit}}')
if [[ "$rev" == "1" ]]; then
helm delete --tls --purge --timeout=600 helm-api
ret=$?
sleep 5
fi
fi
if ! helm status --tls helm-api &>/dev/null; then
helm upgrade --tls --install --force --timeout=600 --namespace=kube-system -f .addon/helm-api/values.yaml helm-api $filename
ret=$?
fi
if [[ $ret -ne 0 ]]; then
tiller_pod=$(kubectl -n kube-system get pods -l app=helm,name=tiller -o jsonpath="{.items[0].metadata.name}")
kubectl -n kube-system logs $tiller_pod &> /installer/cluster/logs/$tiller_pod
echo "============================================================"
echo "Tiller log can be found under cluster/logs/$tiller_pod"
echo "============================================================"
fi
exit $ret
delta: '0:00:01.819853' end: '2018-11-12 16:21:59.248602' msg:
non-zero return code rc: 1 start: '2018-11-12 16:21:57.428749'
stderr: 'Error: secrets "rudder-secret" already exists'
stderr_lines: stdout: |-
Release "helm-api" does not exist. Installing it now.
============================================================
Tiller log can be found under cluster/logs/tiller-deploy-57b467b45b-c6xqg
============================================================ stdout_lines:

Assuming the problem is this:
'Error: secrets "rudder-secret" already exists'
I'm not positive what might cause it, but my first thought would be a previously failed installation left something behind. So your best bet might be to clean the machine from previous installations, and start over. This page might help with cleaning things up.
If you can use kubectl, you might be able to run these commands to manually remove the secrets:
kubectl delete secrets/helmapi-secret --namespace kube-system
kubectl delete secrets/rudder-secret --namespace kube-system
Then you might be able to resume or restart the installation. I don't think this would work as well as uninstalling, cleaning up, and starting over.

Related

Extracting kubernetes pod name using shell script [duplicate]

This question already has an answer here:
Kubernetes (kubectl) get running pods
(1 answer)
Closed 4 months ago.
I want to extract a pod name from a list of pods available on kubernetes.
For example, for the following command
kubectl get pods -n namespace
NAME READY STATUS RESTARTS AGE
pod1 1/1 Running 2 46d
pod2 1/1 Running 0 46d
test-pod3-yy 0/1 ImagePullBackOff 0 338d
test-pod3-xx 1/1 Running 0 255d
I want to extract pod test-pod3-xx using shell script. Currently this is the command that I'm using
POD_NAME=$(kubectl get pods -n namespace | grep testpod-3 | cut -d' ' -f1)
With this I get both the pods test-pod3-yy and test-pod3-xx but I want to extract the pod that is in running state. How can I do that?
You can use the field-selector and check for running only:
--field-selector=status.phase=Running
You could also use the -o name flag, to get only the names. With that you'll get:
$ kubectl get pods -n namespace -o name --field-selector=status.phase=Running
pod/pod1
pod/pod2
pod/test-pod3-xx
#!/bin/sh -x
kubectl get pods -n namespace > stack
while read line
do
[[ -n $(sed -n '/Running/p' "${line}" ]] && echo "${line}"
done < stack

Shell script should wait until kubernetes pod is running [duplicate]

This question already has an answer here:
kubectl wait for a pod to complete
(1 answer)
Closed 1 year ago.
In a simple bash script I want to run multiple kubectl and helm commands, like:
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.5.4 \
--set installCRDs=true
kubectl apply -f deploy/cert-manager/cluster-issuers.yaml
My problem here is, that after the helm install command I have to wait until the cert-manager pod is running, then the kubectl apply command can be used. Right now the script is calling it too early, so it will fail.
As stated in the comments kubectl wait is the way to go.
Example from the kubectl wait --help
Examples:
# Wait for the pod "busybox1" to contain the status condition of type "Ready"
kubectl wait --for=condition=Ready pod/busybox1
This way your script will pause until specified pod is Running, and kubectl will output
<pod-name> condition met
to STDOUT.
kubectl wait is still in experimental phase. If you want to avoid experimental features, you can achieve similar result with bash while loop.
By pod name:
while [[ $(kubectl get pods <pod-name> -o 'jsonpath={..status.conditions[?(#.type=="Ready")].status}') != "True" ]]; do
sleep 1
done
or by label:
while [[ $(kubectl get pods -l <label>=<label-value> -o 'jsonpath={..status.conditions[?(#.type=="Ready")].status}') != "True" ]]; do
sleep 1
done

“How to fix ‘Syntax Error Near’ error in BASH”

I'm setting a new condition for run delete job if exist but don't work in production case.
GNU bash, v4.3.48(1)-release (x86_64-pc-linux-gnu)
docker run -e GO_DEPENDENCY_LABEL_PIPE='XXXXX' -e CREDENTIAL_NAME='production.XXXXX' -e KUBE_TOKEN='XXXXX' -v /go/pipelines/deploy-portal-site-data/helm:/helm --add-host=api.production.XXXXX:00.000.000.000 --rm -t --entrypoint /bin/bash docker.XXXXX.com.br/kubectl-prod:latest --login -c "kubectl config set-credentials production.XXXXX --token=XXXXX; VerifyJob=0; [[ -ge 1 ]] && kubectl -n production delete job portal-site-data-production || echo 'There is no job at the moment'"
I expect the output of clean job, but the actual output is
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Not installing Tiller due to 'client-only' flag having been set
Happy Helming!
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈
"gfn-helm-repo" has been added to your repositories
/bin/bash: -c: line 0: conditional binary operator expected
/bin/bash: -c: line 0: syntax error near `1'
/bin/bash: -c: line 0: `kubectl config set-credentials production.XXXXX --token=XXXXX; VerifyJob=0; [[ -ge 1 ]] && kubectl -n production delete job portal-site-data-production || echo 'There is no job at the moment''
[[ -ge 1 ]]
I think the error comes from this part of the command.
It is testing if "undefined" is greater or equal to 1
I deleted my chart
helm delete portal-site-data-production --tiller-namespace production --purge
and put \ before the "
set -x
docker pull $DOCKER_HELM_PROD_IMAGE
docker run \
-e GO_DEPENDENCY_LABEL_PIPE='${GO_DEPENDENCY_LABEL_PIPE}' \
-e CREDENTIAL_NAME='${CREDENTIAL_NAME}' \
-e KUBE_TOKEN='${KUBE_TOKEN}' \
-v $PWD/helm:/helm \
--add-host=api.production.XXXXX:00.000.000.000 \
--rm -t --entrypoint /bin/bash \
$DOCKER_HELM_PROD_IMAGE \
--login -c "kubectl config set-credentials ${CREDENTIAL_NAME} --token=${KUBE_TOKEN}; VerifyJob=$(kubectl -n production get job| grep -c portal-site-data-production); \"[[ ${VerifyJob} -ge 1 ]]\" && kubectl -n production delete job portal-site-data-production || echo \"There is no job at the moment\""
This Ok now, thank you very much to everyone.

Bash parse docker status to check if local image is up to date

I have a starting docker script here:
#!/usr/bin/env bash
set -e
echo '>>> Get old container id'
CID=$(sudo docker ps --all | grep "web-client" | awk '{print $1}')
echo $CID
echo '>>> Stopping and deleting old container'
if [ "$CID" != "" ];
then
sudo docker stop $CID
sudo docker rm $CID
fi
echo '>>> Starting new container'
sudo docker pull my-example-registry.com:5050/web-client:latest
sudo docker run --name=web-client -p 8080:80 -d my-example-registry.com:5050/web-client:latest
The fact is this script has umproper result. It deletes the old container everytime the script is run.
The "starting new container" section will pull the most recent image. Here is an example output of docker pull if the image locally is up to date:
Status: Image is up to date for
my-example-registry:5050/web-client:latest
Is there any way to improve my script by adding a condition:
Before anything, check via docker pull the local image is the most recent version available on registry. Then if it's the most recent version, proceed the stop and delete old container action and docker run the new pulled image.
In this script, how to parse the status to check the local image corresponds to the most up to date available on registry?
Maybe a docker command can do the trick, but I didn't manage to find a useful one.
Check the string "Image is up to date" to know whether the local image was updated:
sudo docker pull my-example-registry.com:5050/web-client:latest |
grep "Image is up to date" ||
(echo Already up to date. Exiting... && exit 0)
So change your script to:
#!/usr/bin/env bash
set -e
sudo docker pull my-example-registry.com:5050/web-client:latest |
grep "Image is up to date" ||
(echo Already up to date. Exiting... && exit 0)
echo '>>> Get old container id'
CID=$(sudo docker ps --all | grep "web-client" | awk '{print $1}')
echo $CID
echo '>>> Stopping and deleting old container'
if [ "$CID" != "" ];
then
sudo docker stop $CID
sudo docker rm $CID
fi
echo '>>> Starting new container'
sudo docker run --name=web-client -p 8080:80 -d my-example-registry.com:5050/web-client:latest
Simple use docker-compose and you can remove all the above.
docker-compose pull && docker-compose up
This will pull the image, if it exists, and up will only recreate the container, if it actually has a newer image, otherwise it will do nothing
If you're using docker compose, here's my solution where I keep put my latest docker-compose.yml into an image right after I've pushed all of the needed images that are in docker-compose.yml
The server runs this as a cron job:
#!/usr/bin/env bash
docker login --username username --password password
if (( $? > 0 )) ; then
echo 'Failed to login'
exit 1
fi
# Grab latest config, if the image is different then we have a new update to make
pullContents=$(docker pull my/registry:config-holder)
if (( $? > 0 )) ; then
echo 'Failed to pull image'
exit 1
fi
if echo $pullContents | grep "Image is up to date" ; then
echo 'Image already up to date'
exit 0
fi
cd /srv/www/
# Grab latest docker-compose.yml that we'll be needing
docker run -d --name config-holder my/registry:config-holder
docker cp config-holder:/home/docker-compose.yml docker-compose-new.yml
docker stop config-holder
docker rm config-holder
# Use new yml to pull latest images
docker-compose -f docker-compose-new.yml pull
# Stop server
docker-compose down
# Replace old yml file with our new one, and spin back up
mv docker-compose-new.yml docker-compose.yml
docker-compose up -d
Config holder dockerfile:
FROM bash
# This image exists just to hold the docker-compose.yml. So when remote updating the server can pull this, get the latest docker-compose file, then pull those
COPY docker-compose.yml /home/docker-compose.yml
# Ensures that the image is subtly different every time we deploy. This is required we want the server to find this image has changed to trigger a new deployment
RUN bash -c "touch random.txt; echo $(echo $RANDOM | md5sum | head -c 20) >> random.txt"
# Wait forever
CMD exec bash -c "trap : TERM INT; sleep infinity & wait"

elasticsearch failed to start in centos

centos 6.7, elasticsearch 5
I have installed the elasticsearch using rpm. But failed to start it.
error: permission denied on key 'vm.max_map_count'
Starting elasticsearch: /usr/share/elasticsearch/bin/elasticsearch: line 198: 875 Killed exec "$JAVA" $ES_JAVA_OPTS -Des.path.home="$ES_HOME" -cp "$ES_CLASSPATH" org.elasticsearch.bootstrap.Elasticsearch "$#" 0>&-
[FAILED]
I think you should set vm.max_map_count to an appropriate value.
see https://www.elastic.co/guide/en/elasticsearch/reference/current/_maximum_map_count_check.html
and https://github.com/elastic/elasticsearch/issues/4978
Something like should solve your issue:
sudo sysctl -w vm.max_map_count=262144
e.g. edit (vi/vim) /etc/init.d/elastic_search (or however you spell it), and change,
CURRENT_MAX_MAP_COUNT=`sysctl vm.max_map_count | cut -d'=' -f2`;
if [ -n "$MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ]; then
if [ $MAX_MAP_COUNT -gt $CURRENT_MAX_MAP_COUNT ]; then
sysctl -q -w vm.max_map_count=$MAX_MAP_COUNT
fi
fi

Resources