jx boot wait for vault to be initialized and unsealed error

[pancudaniel7]

Summary

run jx boot with jx-requirements.yaml after terraform apply finished without error on gks cluster and I receive:
error: creating system vault URL client: wait for vault to be initialized and unsealed: reading vault health: Get https://vault-jx.codesquad-x.com/v1/sys/health?drsecondarycode=299&performancestandbycode=299&sealedcode=299&standbycode=299&uninitcode=299: dial tcp: lookup vault-jx.codesquad-x.com on 192.168.1.1:53: no such host

Steps to reproduce the behavior

Expected behavior

jx boot finish without errors

Actual behavior

I get:
error: creating system vault URL client: wait for vault to be initialized and unsealed: reading vault health: Get https://vault-jx.codesquad-x.com/v1/sys/health?drsecondarycode=299&performancestandbycode=299&sealedcode=299&standbycode=299&uninitcode=299: dial tcp: lookup vault-jx.codesquad-x.com on 192.168.1.1:53: no such host

Jx version

2.1.20
The output of jx version is:

NAME               VERSION
jx                 2.1.20
Kubernetes cluster v1.14.10-gke.27
kubectl            v1.15.5
git                2.24.1
Operating System   Mac OS X 10.14.6 build 18G3020

Kubernetes cluster

Operating system / Environment

[deanesmith]

Hi @pancudaniel7, it would seem there is a local DNS issue maybe? Are you indeed deploying a cluster on GKE? Can you resolve the host? https://dnschecker.org/

[daveconde]

@pancudaniel7 Did you get passed this issue?

[andrewhoplife]

I have the same issue with https://github.com/jenkins-x/terraform-aws-eks-jx using a hosted route 53 zone. In my case the vault fails to open with "Waiting for vault to be initialized and unsealed..." timing out eventually. The apex domain and subdomain zones are fine. Running the standard kubectl commands seems to show that vault exists and is in a working state but jx get vault-config
times out but:

jx get vault 
NAME           URL                        AUTH-SERVICE-ACCOUNT
jx-vault-jx-hl http://jx-vault-jx-hl:8200 jx-vault-jx-hl-auth-sa

note that is incorrect at least since the vault is not local but running in eks.

[pancudaniel7]

@daveconde @andrewhoplife Guys for me this was a dns problem comming from the Domain provider not from cloud provider. After I've discussed with the support team from the Domain provider they fixed my problem. So yea as @deanesmith said it was a DNS problem.

[deanesmith]

Thank you for the follow-up @pancudaniel7. Would you mind closing this issue then?

[andrewhoplife]

This issue is happening to me too when running terraform-aws-eks-jx. Getting this error:

kubectl logs jx-vault-jx-0 -c vault

Using eth0 for VAULT_CLUSTER_ADDR: https://10.0.2.188:8201
telemetry.disable_hostname has been set to false. Recommended setting is true for Prometheus to avoid poorly named metrics.
Error initializing storage of type dynamodb: UnrecognizedClientException: The security token included in the request is invalid.
	status code: 400, request id: V895OFUGCG1LCJ63EH31EM7T0JVV4KQNSO5AEMVJF66Q9ASUAAJG

[deanesmith]

Hi @andrewhoplife, it appears this is a different matter you're experiencing and I recommend opening a new issue. Have you seen these similar issues? hashicorp/vault#5965
hashicorp/vault#5045

[jenkins-x-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://jenkins-x.io/community.
/lifecycle stale

[jenkins-x-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Provide feedback via https://jenkins-x.io/community.
/lifecycle rotten

[jenkins-x-bot]

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Provide feedback via https://jenkins-x.io/community.
/close

[jenkins-x-bot]

@jenkins-x-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Provide feedback via https://jenkins-x.io/community.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the jenkins-x/lighthouse repository.

[cristi-vlad]

happening to me too when running terraform-aws-eks-jx. Getting this error:

This issue is happening to me too when running terraform-aws-eks-jx. Getting this error:

kubectl logs jx-vault-jx-0 -c vault

Using eth0 for VAULT_CLUSTER_ADDR: https://10.0.2.188:8201
telemetry.disable_hostname has been set to false. Recommended setting is true for Prometheus to avoid poorly named metrics.
Error initializing storage of type dynamodb: UnrecognizedClientException: The security token included in the request is invalid.
	status code: 400, request id: V895OFUGCG1LCJ63EH31EM7T0JVV4KQNSO5AEMVJF66Q9ASUAAJG

I have same issue. Have you found a way to solve it ?

kubectl logs jx-vault-test-jx-eks-0 -n jx -c vault
Using eth0 for VAULT_CLUSTER_ADDR: https://10.0.3.181:8201
telemetry.disable_hostname has been set to false. Recommended setting is true for Prometheus to avoid poorly named metrics.
Error initializing storage of type dynamodb: UnrecognizedClientException: The security token included in the request is invalid.
status code: 400, request id: QQTA9MBSCRUO26UMHMM0R25ESNVV4KQNSO5AEMVJF66Q9ASUAAJG

[ghost]

/reopen