terraform-provider-rancher2: rancher2 bootstrap doesn't work anymore with rancher v2.6.0

Here is my terraform script, which uses rancher v2.6.0 (latest).

terraform {
  required_providers {
    helm = {
      source  = "hashicorp/helm"
      version = "2.3.0"
    }
    rancher2 = {
      source = "rancher/rancher2"
      version = "1.17.2"
    }
  }
}

provider "helm" {
  kubernetes {
    config_path = var.kubeconfig_path
  }
}

provider "rancher2" {
  alias     = "bootstrap"
  api_url   = var.rancher_hostname != null ? "https://${var.rancher_hostname}" : "https://rancher.${var.lb_address}.nip.io"
  bootstrap = true
  insecure  = true
}

provider "rancher2" {
  alias     = "admin"
  api_url   = var.rancher_hostname != null ? "https://${var.rancher_hostname}" : "https://rancher.${var.lb_address}.nip.io"
  token_key = rancher2_bootstrap.setup_admin.token
  insecure  = true
}

resource "helm_release" "cert_manager" {
  name             = "cert-manager"
  namespace        = "cert-manager"
  repository       = "https://charts.jetstack.io"
  chart            = "cert-manager"
  version          = "1.5.3"

  wait             = true
  create_namespace = true
  force_update     = true
  replace          = true

  set {
    name  = "installCRDs"
    value = true
  }
}

resource "helm_release" "rancher" {
  name = "rancher"
  namespace = "cattle-system"
  chart = "rancher"
  repository = "https://releases.rancher.com/server-charts/latest"
  depends_on = [helm_release.cert_manager]

  wait             = true
  create_namespace = true
  force_update     = true
  replace          = true

  set {
    name  = "hostname"
    value = var.rancher_hostname != null ? var.rancher_hostname : "rancher.${var.lb_address}.nip.io"
  }

  set {
    name  = "ingress.tls.source"
    value = "letsEncrypt"
  }

  set {
    name  = "letsEncrypt.email"
    value = var.letsencrypt_issuer
  }
}

resource "rancher2_bootstrap" "setup_admin" {
  provider   = rancher2.bootstrap
  password   = var.rancher_admin_password
  telemetry  = true
  depends_on = [helm_release.rancher]
}

I get the following error:

│ Error: [ERROR] Timeout login with admin user: Doing  user logging: error Unauthorized
│ 
│   with module.rancher_init.rancher2_bootstrap.setup_admin,
│   on module-rancher-init/main.tf line 80, in resource "rancher2_bootstrap" "setup_admin":
│   80: resource "rancher2_bootstrap" "setup_admin" {
│

using rancher v2.5.9 from stable doesn’t produce any error.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 15 (7 by maintainers)

Most upvoted comments

You have to set the bootstrapPassword helm value for rancher 2.6 to admin which is what the provider tries to login as. this wasn’t required before when deploying. –set bootstrapPassword=admin

+2
mitchellmaler on Sep 2, 2021

You may have another option here, setting --set bootstrapPassword=ANY_PASSWORD and then configure the rancher2_bootstrap.current_password=ANY_PASSWORD, https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/bootstrap#current_password

+1
rawmind0 on Sep 3, 2021
Read more comments on GitHub
← terraform-provider-rancher2: Rancher internal annotations and labels should not be considered "changes"
terraform-provider-rancher2: rancher2_cluster_sync failed with [file-deployer] is still running →