TLS handshake timeout¶
Warning
This section only applies to Cloud 2.28.5 (Cluster release 16.3.5) or earlier versions. Since Container Cloud 2.29.0 (Cluster release 16.4.0), support for OpenStack-based clusters will be suspended. For details, see Deprecation notes.
If you execute the bootstrap.sh
script from an OpenStack VM
that is running on the OpenStack environment used for bootstrapping
the management cluster, the following error messages may occur
that can be related to the MTU settings discrepancy:
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to server:port
Failed to check if machine "<machine_name>" exists:
failed to create provider client ... TLS handshake timeout
To identify whether the issue is MTU-related:
Log in to the OpenStack VM in question.
Compare the MTU outputs for the
docker0
andens3
interfaces:ip addr
Example of system response:
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500... ... 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450...
If the MTU output values differ for
docker0
andens3
, proceed with the workaround below. Otherwise, inspect the logs further to identify the root cause of the error messages.
Workaround:
In your OpenStack environment used for Mirantis Container Cloud, log in to any machine with CLI access to OpenStack. For example, you can create a new Ubuntu VM (separate from the bootstrap VM) and install the
python-openstackclient
package on it.Change the vXLAN MTU size for the VM to the required value depending on your network infrastructure and considering your physical network configuration, such as Jumbo frames, and so on.
openstack network set --mtu <YOUR_MTU_SIZE> <network-name>
Stop and start the VM in Nova.
Log in to the bootstrap VM dedicated for the management cluster.
Re-execute the
bootstrap.sh
script.