This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update Terraform cloudscale to v4.3.0
• Update Terraform github.com/appuio/terraform-modules to v5.2.0
• Update Terraform github.com/appuio/terraform-modules to v6
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Currently, users of the module must specify matching privnet uuid, subnet uuid, and CIDR when wanting to deploy a cluster into an existing cloudscale.ch private network.

In the latest release (3.2.0), the cloudscale.ch Terraform provider supports data sources, cf. https://registry.terraform.io/providers/cloudscale-ch/cloudscale/latest/docs/data-sources/network and cloudscale-ch/terraform-provider-cloudscale#40. Therefore we should refactor the module to make use of the datasources when deploying a cluster into an existing private network.

The privnet cidr and subnet uuid should be optional when an existing privnet uuid is provided. If either cidr or subnet uuid is provided, that value is used to look up the subnet in the privnet datasource. Otherwise the first subnet of the provided privnet is used for the cluster.

Upgrade this module to Terraform 0.13: https://www.terraform.io/upgrade-guides/0-13.html

Context

This module assumes the loadbalancers outer interfaces always to be connected to public. In some more demanding setups, this might need to be handled differently. This module should not prevent them but does not need to actively support them. In order to do so:

• Allow to configure the name of the outer network
• Assume that network to already exist
• Do not allocate elastic IPs if a custom outer network is configure

Summary

As a solution engineer
I want to be able to provision cluster with mixed worker node sizes
So that I can implement the customer's requirements

Context

Modify Terraform module to support mixed worker node types and document how to migrate existing cluster Terraform states to the new module version.

Further links

• Related issue for OCP4 Exoscale Terraform module: appuio/terraform-openshift4-exoscale#15

Acceptance criteria

• OCP4 clusters on cloudscale.ch with mixed worker node sizes can be provisioned by Terraform

Implementation Ideas

1. Change Terraform module to accept worker group configuration as map of worker group name to worker group parameters (instance type, disk size, etc.) and instantiate the internal node-group module for each entry

We currently hard code the Ignition config version to 2.3.3:

Starting with RHCOS version 4.6 it requires Ignition version 3.

Either update to version 3 and therefore require RHCOS minimum version 4.6, or implement setting the Ignition version dynamically depending on the RHCOS version.

After appuio/terraform-modules#16 is done, we should introduce support for enabling PROXY protocol in this module as well.

Also update the installation instructions for OCP4 on cloudscale.ch to enable PROXY protocol by default for new setups.

With appuio/openshift4-docs#96 implemented, terraform destroy takes 2 times to complete.
The first time the error is something like

module.cluster.cloudscale_subnet.privnet_subnet: Destroying... [id=f0c8cbf0-5d5e-48b8-9379-140cf19f7330]
module.cluster.cloudscale_server.lb[0]: Destroying... [id=6e8f4c10-00f3-45c8-99f2-67ffbd772ec6]
module.cluster.cloudscale_server.lb[1]: Destroying... [id=c42a7f61-eef3-4932-bc0c-9bb69d5b3d62]
module.cluster.cloudscale_server.lb[1]: Destruction complete after 7s
module.cluster.cloudscale_server.lb[0]: Still destroying... [id=6e8f4c10-00f3-45c8-99f2-67ffbd772ec6, 10s elapsed]
module.cluster.cloudscale_server.lb[0]: Destruction complete after 10s
module.cluster.cloudscale_server_group.lb[0]: Destroying... [id=c39aa9ae-5aaa-43ca-b6a2-9b99f992eedf]
module.cluster.null_resource.register_lb[1]: Destroying... [id=3075016582769078992]
module.cluster.null_resource.register_lb[0]: Destroying... [id=357206802485481663]
module.cluster.local_file.lb_hieradata[0]: Destroying... [id=643ab3342838dac0aaca5a9d30a947f9d9ea52a1]
module.cluster.null_resource.register_lb[0]: Destruction complete after 0s
module.cluster.null_resource.register_lb[1]: Destruction complete after 0s
module.cluster.local_file.lb_hieradata[0]: Destruction complete after 0s
module.cluster.random_id.lb[0]: Destroying... [id=hg]
module.cluster.cloudscale_floating_ip.nat_vip[0]: Destroying... [id=5.102.151.35]
module.cluster.random_id.lb[1]: Destroying... [id=HA]
module.cluster.gitfile_checkout.appuio_hieradata[0]: Destroying... [id=./appuio_hieradata]
module.cluster.cloudscale_floating_ip.router_vip[0]: Destroying... [id=5.102.150.209]
module.cluster.random_id.lb[0]: Destruction complete after 0s
module.cluster.random_id.lb[1]: Destruction complete after 0s
module.cluster.cloudscale_floating_ip.api_vip[0]: Destroying... [id=5.102.151.109]
module.cluster.cloudscale_server_group.lb[0]: Destruction complete after 2s
module.cluster.cloudscale_floating_ip.router_vip[0]: Destruction complete after 3s
module.cluster.cloudscale_floating_ip.api_vip[0]: Destruction complete after 4s
module.cluster.cloudscale_floating_ip.nat_vip[0]: Destruction complete after 4s

Error: Error while running git pull --ff-only origin: exit status 128
Working dir: ./appuio_hieradata
Output: From https://git.vshn.net/appuio/appuio_hieradata
   6e37293..7f44eca  master     -> origin/master
fatal: Not possible to fast-forward, aborting.

Error: Error deleting subnet f0c8cbf0-5d5e-48b8-9379-140cf19f7330: detail: There are still one or more interfaces in this subnet.

After running terraform destroy again, it wants to delete the following resources:

Terraform will perform the following actions:

  # module.cluster.cloudscale_network.privnet will be destroyed
  - resource "cloudscale_network" "privnet" {
      - auto_create_ipv4_subnet = false -> null
      - href                    = "https://api.cloudscale.ch/v1/networks/9bf5f692-3a2a-429a-9caa-c3a2a83939d8" -> null
      - id                      = "9bf5f692-3a2a-429a-9caa-c3a2a83939d8" -> null
      - mtu                     = 9000 -> null
      - name                    = "privnet-c-falling-shadow-3833" -> null
      - subnets                 = [] -> null
      - zone_slug               = "rma1" -> null
    }

  # module.cluster.cloudscale_subnet.privnet_subnet will be destroyed
  - resource "cloudscale_subnet" "privnet_subnet" {
      - cidr            = "172.18.200.0/24" -> null
      - dns_servers     = [
          - "5.102.144.101",
          - "5.102.144.102",
        ] -> null
      - gateway_address = "172.18.200.1" -> null
      - href            = "https://api.cloudscale.ch/v1/subnets/f0c8cbf0-5d5e-48b8-9379-140cf19f7330" -> null
      - id              = "f0c8cbf0-5d5e-48b8-9379-140cf19f7330" -> null
      - network_href    = "https://api.cloudscale.ch/v1/networks/9bf5f692-3a2a-429a-9caa-c3a2a83939d8" -> null
      - network_name    = "privnet-c-falling-shadow-3833" -> null
      - network_uuid    = "9bf5f692-3a2a-429a-9caa-c3a2a83939d8" -> null
    }

  # module.cluster.gitfile_checkout.appuio_hieradata[0] will be destroyed
  - resource "gitfile_checkout" "appuio_hieradata" {
      - branch = "tf/lbaas/c-falling-shadow-3833" -> null
      - head   = "6e372938eb594ccd56988ca14866db4f8f74b507" -> null
      - id     = "./appuio_hieradata" -> null
      - path   = "./appuio_hieradata" -> null
      - repo   = "https://[email protected]/appuio/appuio_hieradata.git" -> null
    }

Plan: 0 to add, 0 to change, 3 to destroy.

I suspect it seems it fails to destroy a private subnet if a VM is also being destroyed right in the same time.

Workaround

Invoke terraform destroy 2 times, that successfully removes all resources.

This issue provides visibility into Renovate updates and their statuses. Learn more

This repository currently has no open or pending branches.

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>whitesource/merge-confidence:beta)

Add support to attach additional preexisting private networks to the LoadBalancers.

• Add additional network interfaces to VM in appuio/terraform-modules//vshn-lbaas-cloudscale
• Add additional network config to Hieradata in appuio/terraform-modules//vshn-lbaas-hieradata
• Add newly introduced variables here
• component-openshift4-terraform can just pass variables through

Why

When deploying an OCP4 cluster, a new private network is created in the cloudscale.ch tenant, and OpenShift 4 is placed in the new network.

This is an issue for customers who already have managed systems (DB's, VPNs etc) since applications on OCP4 cannot reach them.

Since the load balancers are already configured as default gateways, attaching the networks there and enabling routing to the default network is the "easiest" (still requires manually adding routes back to the OCP4 network on all systems in the default network that require it)

Blocker details

We already implemented this on one of the clusters and now we cannot scale the cluster because it would remove the network interfaces again