Segmentation fault when installing asm

[gottfrois]

TL;DR

I got a segmentation fault error when running terraform apply to install asm.

Expected behavior

I expected the command to work successfully.

Observed behavior

I got a segmentation fault error:

.terraform/modules/asm/modules/asm/scripts/install_asm.sh: line 217: 45768 Segmentation fault: 11  ./install_asm_${ASM_VERSION} --verbose --project_id ${PROJECT_ID} --cluster_name ${CLUSTER_NAME} --cluster_location ${CLUSTER_LOCATION} --mode ${MODE} ${MCP_COMMAND_SNIPPET} ${OPTIONS_COMMAND_SNIPPET}
│ ${CUSTOM_OVERLAYS_COMMAND_SNIPPET} ${OUTDIR_COMMAND_SNIPPET} ${ENABLE_ALL_COMMAND_SNIPPET} ${ENABLE_CLUSTER_ROLES_COMMAND_SNIPPET} ${ENABLE_CLUSTER_LABELS_COMMAND_SNIPPET} ${ENABLE_GCP_COMPONENTS_COMMAND_SNIPPET} ${ENABLE_REGISTRATION_COMMAND_SNIPPET} ${ENABLE_NAMESPACE_CREATION_COMMAND_SNIPPET}
│ ${CA_COMMAND_SNIPPET} ${CA_CERTS_COMMAND_SNIPPET} ${SERVICE_ACCOUNT_COMMAND_SNIPPET} ${KEY_FILE_COMMAND_SNIPPET} ${REVISION_NAME_COMMAND_SNIPPET}

Terraform Configuration

provider "google" {
  project = var.project_id
  region  = var.region
}

provider "google-beta" {
  project = var.project_id
  region  = var.region
}

data "google_client_config" "default" {}

data "google_project" "project" {
  project_id = var.project_id
}

data "google_compute_subnetwork" "subnetwork" {
  name    = var.subnetwork
  project = var.project_id
  region  = var.region
}

output "project" {
  value = data.google_client_config.default.project
}

module "project-services" {
  source  = "terraform-google-modules/project-factory/google//modules/project_services"

  project_id  = data.google_client_config.default.project
  disable_services_on_destroy = false
  activate_apis = [
    "compute.googleapis.com",
    "iam.googleapis.com",
    "container.googleapis.com",
    "cloudresourcemanager.googleapis.com",
    "anthos.googleapis.com",
    "cloudtrace.googleapis.com",
    "meshca.googleapis.com",
    "meshtelemetry.googleapis.com",
    "meshconfig.googleapis.com",
    "iamcredentials.googleapis.com",
    "gkeconnect.googleapis.com",
    "gkehub.googleapis.com",
    "monitoring.googleapis.com",
    "logging.googleapis.com"
  ]
}

module "gke" {
  source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster"

  cluster_resource_labels     = { "mesh_id" : "proj-${data.google_project.project.number}" }
  dns_cache                   = var.dns_cache
  enable_private_endpoint     = var.enable_private_endpoint
  enable_private_nodes        = var.enable_private_nodes
  horizontal_pod_autoscaling  = var.horizontal_pod_autoscaling
  http_load_balancing         = var.http_load_balancing
  ip_range_pods               = var.ip_range_pods
  ip_range_services           = var.ip_range_services
  kubernetes_version          = var.kubernetes_version
  logging_service             = var.logging_service
  maintenance_start_time      = var.maintenance_start_time
  master_ipv4_cidr_block      = var.master_ipv4_cidr_block
  monitoring_service          = var.monitoring_service
  name                        = var.name
  network                     = var.network
  network_policy              = var.network_policy
  project_id                  = var.project_id
  region                      = var.region
  regional                    = var.regional
  release_channel             = var.release_channel
  remove_default_node_pool    = var.remove_default_node_pool
  subnetwork                  = var.subnetwork
  zones                       = var.zones

  node_pools = [
    {
      auto_repair         = true
      auto_upgrade        = true
      autoscaling         = false
      disk_size_gb        = 100
      disk_type           = "pd-standard"
      image_type          = "COS"
      initial_node_count  = 1
      local_ssd_count     = 0
      machine_type        = var.machine_type
      max_count           = 100
      min_count           = 1
      name                = "default-node-pool"
      node_count          = 1
      preemptible         = false
    },
  ]

  master_authorized_networks = [
    {
      cidr_block = "0.0.0.0/0"
      display_name = "VPC"
    },
  ]
}

module "hub" {
  source = "terraform-google-modules/kubernetes-engine/google//modules/hub"

  project_id       = data.google_client_config.default.project
  cluster_name     = module.gke.name
  location         = module.gke.location
  cluster_endpoint = module.gke.endpoint
}

module "asm" {
  source = "terraform-google-modules/kubernetes-engine/google//modules/asm"

  cluster_endpoint = module.gke.endpoint
  cluster_name     = module.gke.name
  location         = module.gke.location
  project_id       = data.google_client_config.default.project
}



project_id = "quick-hangout-335810"
dns_cache                   = true
enable_private_endpoint     = false
enable_private_nodes        = true
horizontal_pod_autoscaling  = true
http_load_balancing         = true
ip_range_pods               = ""
ip_range_services           = ""
kubernetes_version          = "latest"
logging_service             = "logging.googleapis.com/kubernetes"
machine_type                = "n1-standard-4"
maintenance_start_time      = "02:00"
master_ipv4_cidr_block      = "172.16.0.0/28"
monitoring_service          = "monitoring.googleapis.com/kubernetes"
name                        = "textmaster-dev"
network                     = "default"
network_policy              = false
region                      = "europe-west1"
regional                    = true
release_channel             = "STABLE"
remove_default_node_pool    = true
subnetwork                  = "default"
zones                       = ["europe-west1-b", "europe-west1-c", "europe-west1-d"]

Terraform Version

Running MacOS Catalina version 10.15.7

$ terraform version
Terraform v1.1.2
on darwin_amd64
+ provider registry.terraform.io/hashicorp/external v2.1.1
+ provider registry.terraform.io/hashicorp/google v3.90.1
+ provider registry.terraform.io/hashicorp/google-beta v3.90.1
+ provider registry.terraform.io/hashicorp/kubernetes v2.7.1
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0

$ gcloud version
Google Cloud SDK 347.0.0
beta 2021.06.25
bq 2.0.69
core 2021.06.25
gsutil 4.64
kpt 0.39.3

$ uname -a
Darwin gottfrois 19.6.0 Darwin Kernel Version 19.6.0: Tue Jan 12 22:13:05 PST 2021; root:xnu-6153.141.16~1/RELEASE_X86_64 x86_64

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.1", GitCommit:"5e58841cce77d4bc13713ad2b91fa0d961e69192", GitTreeState:"clean", BuildDate:"2021-05-12T14:11:29Z", GoVersion:"go1.16.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.11-gke.1300", GitCommit:"9352724e36d9c7c35609d30b2696b0de61d23aa0", GitTreeState:"clean", BuildDate:"2021-10-06T09:26:56Z", GoVersion:"go1.15.15b5", Compiler:"gc", Platform:"linux/amd64"}

$ kubectl get nodes
NAME                                                 STATUS   ROLES    AGE    VERSION
gke-textmaster-dev-default-node-pool-00147cba-v46f   Ready    <none>   164m   v1.20.11-gke.1300
gke-textmaster-dev-default-node-pool-52e23b6c-0nhj   Ready    <none>   164m   v1.20.11-gke.1300
gke-textmaster-dev-default-node-pool-5ddfedf1-dmd1   Ready    <none>   164m   v1.20.11-gke.1300

Additional information

Logs from running the terraform apply command are available here

[rnrsr]

hey, I think the issue is with the asm script trying to use a linux kpt binary.

I found a work around for the arm64 architecture, it's not pretty, but it goes like this:

0. manually download the asmcli version 1.12 (references kpt version 0.39)
1. manually download kpt version 0.39.x for Darwin.
2. export your PATH to include this kpt binary download
3. in your macOS terminal emulate i386 with: env /usr/bin/arch -x86_64 /bin/zsh --login
4. create a null_resource to run the script via local files

Probably a nicer way to do this, but this lets me run terraform apply from my M1 processor

[infurio]

Issue could be related to the install_asm_1.9 file which includes this function:

download_kpt() {
  local OS

  case "$(uname)" in
    Linux ) OS="linux_amd64";;
    Darwin) OS="darwin_arm64";;
    *     ) fatal "$(uname) is not a supported OS.";;
  esac

  local KPT_TGZ
  KPT_TGZ="https://github.com/GoogleContainerTools/kpt/releases/download/v0.39.3/kpt_${OS}-0.39.3.tar.gz"

  info "Downloading kpt.."
  curl -L "${KPT_TGZ}" | tar xz
  AKPT="$(apath -f kpt)"
}

if you're not running an M1 mac, then it will download and run the wrong version and fail:

❯ ./kpt
zsh: bad CPU type in executable: ./kpt

i've given up on using terraform to install the up-to-date version of ASM. I'm switching to the manual process using the asmcli tool until this is completed.

[FalconerTC]

Running into this same problem. Hopefully the module rewrite fixes this

[morgante]

Closing this since the new module will hopefully not run into these issues since it doesn't use kpt at all.