Anthos on VMWare 部署 seesaw,健康检查报错 403 Forbidden
Anthos on VMWare deploy seesaw, health check in error 403 Forbidden
我们正在 VMWare 平台上安装 Anthos,现在我们在 HA 中的 Seesaw 负载均衡器的管理集群部署过程中出现错误。
两个Seesaw VM的Deploy已经成功创建,但是在检查健康检查时我们得到以下错误403:
ubuntu@anth-mgt-wksadmin:~$ gkectl create loadbalancer --config admin-cluster.yaml -v5
Reading config with version "v1"
- Validation Category: OS Images
- [SUCCESS] Admin cluster OS images exist
- Validation Category: Admin Cluster VCenter
- [SUCCESS] Credentials
- [SUCCESS] DRS enabled
- [SUCCESS] Hosts for AntiAffinityGroups
- [SUCCESS] vCenter Version
- [SUCCESS] ESXi Version
- [SUCCESS] Datacenter
- [SUCCESS] Datastore
- [SUCCESS] Resource pool
- [SUCCESS] Folder
- [SUCCESS] Network
- Validation Category: Bundled LB
- [FAILURE] Seesaw validation: admin cluster lb health check failed: LB "10.25.94.229" is not healthy: received 403 Forbidden
- Validation Category: Network Configuration
- [SUCCESS] CIDR, VIP and static IP (availability and overlapping)
- Validation Category: GCP
- [SUCCESS] GCP service
- [SUCCESS] GCP service account
Some validation results were FAILURE or UNKNOWN. Check report above.
Preflight check failed with preflight check failed
Exit with error:
这个简单的测试也给出了相同的结果
root@jump-mgm-wks:~# wget http://10.25.94.229
--2021-07-27 13:56:04-- http://10.25.94.229/
Connecting to 10.173.119.123:8080... connected.
Proxy request sent, awaiting response... 403 Forbidden
2021-07-27 13:56:04 ERROR 403: Forbidden.
我们在日志中也收到此错误:
ubuntu@anth-mgt-bigip1:/var/log/seesaw$ cat seesaw_ha.anth-mgt-bigip1.root.log.ERROR.20210727-123208.1738
Log file created at: 2021/07/27 12:32:08
Running on machine: anth-mgt-bigip1
Binary: Built with gc go1.15.11 for linux/amd64
Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg
E0727 12:32:08.331013 1738 main.go:86] config: Failed to retrieve Config: HAConfig: Dial failed: dial unix /var/run/seesaw/engine/engine.sock: connect: no such file or directory
使用以下参数重新创建管理员工作站后解决。
gkectl delete loadbalancer --config admin-cluster.yaml --seesaw-group-file seesaw-for-gke-admin.yaml
现在将以下文件从管理工作站的 ubuntu 主目录保存到 /backup
中的 jump-mgm-wks
amin-cluster.yaml
admin-cluster-ipblock.yaml
admin-seesaw-ipblock.yaml
gkeadm delete admin-workstation
gkeadm create admin-workstation --auto-create-service-accounts
gkectl create loadbalancer --config admin-cluster.yaml
我们正在 VMWare 平台上安装 Anthos,现在我们在 HA 中的 Seesaw 负载均衡器的管理集群部署过程中出现错误。
两个Seesaw VM的Deploy已经成功创建,但是在检查健康检查时我们得到以下错误403:
ubuntu@anth-mgt-wksadmin:~$ gkectl create loadbalancer --config admin-cluster.yaml -v5
Reading config with version "v1"
- Validation Category: OS Images
- [SUCCESS] Admin cluster OS images exist
- Validation Category: Admin Cluster VCenter
- [SUCCESS] Credentials
- [SUCCESS] DRS enabled
- [SUCCESS] Hosts for AntiAffinityGroups
- [SUCCESS] vCenter Version
- [SUCCESS] ESXi Version
- [SUCCESS] Datacenter
- [SUCCESS] Datastore
- [SUCCESS] Resource pool
- [SUCCESS] Folder
- [SUCCESS] Network
- Validation Category: Bundled LB
- [FAILURE] Seesaw validation: admin cluster lb health check failed: LB "10.25.94.229" is not healthy: received 403 Forbidden
- Validation Category: Network Configuration
- [SUCCESS] CIDR, VIP and static IP (availability and overlapping)
- Validation Category: GCP
- [SUCCESS] GCP service
- [SUCCESS] GCP service account
Some validation results were FAILURE or UNKNOWN. Check report above.
Preflight check failed with preflight check failed
Exit with error:
这个简单的测试也给出了相同的结果
root@jump-mgm-wks:~# wget http://10.25.94.229
--2021-07-27 13:56:04-- http://10.25.94.229/
Connecting to 10.173.119.123:8080... connected.
Proxy request sent, awaiting response... 403 Forbidden
2021-07-27 13:56:04 ERROR 403: Forbidden.
我们在日志中也收到此错误:
ubuntu@anth-mgt-bigip1:/var/log/seesaw$ cat seesaw_ha.anth-mgt-bigip1.root.log.ERROR.20210727-123208.1738
Log file created at: 2021/07/27 12:32:08
Running on machine: anth-mgt-bigip1
Binary: Built with gc go1.15.11 for linux/amd64
Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg
E0727 12:32:08.331013 1738 main.go:86] config: Failed to retrieve Config: HAConfig: Dial failed: dial unix /var/run/seesaw/engine/engine.sock: connect: no such file or directory
使用以下参数重新创建管理员工作站后解决。
gkectl delete loadbalancer --config admin-cluster.yaml --seesaw-group-file seesaw-for-gke-admin.yaml
现在将以下文件从管理工作站的 ubuntu 主目录保存到 /backup
中的 jump-mgm-wksamin-cluster.yaml
admin-cluster-ipblock.yaml
admin-seesaw-ipblock.yaml
gkeadm delete admin-workstation
gkeadm create admin-workstation --auto-create-service-accounts
gkectl create loadbalancer --config admin-cluster.yaml