Ah, sorry, this somehow got missed. We have had an issue that slipped into 3.6.0 that we are currently in progress to fix. The PR has been submitted and we are waiting for a new image to be built and pushed out.
On Thu, Sep 28, 2017 at 6:53 AM, Mateus Caruccio < [email protected]> wrote: > Nope, no time to debug yet :( > > -- > Mateus Caruccio / Master of Puppets > GetupCloud.com > We make the infrastructure invisible > Gartner Cool Vendor 2017 > > 2017-09-28 7:52 GMT-03:00 Andrew Lau <[email protected]>: > >> Did you find any solution for this? >> >> On Fri, 15 Sep 2017 at 01:34 Mateus Caruccio < >> [email protected]> wrote: >> >>> Yep, there it is: >>> >>> [OSEv3:children] >>> masters >>> etcd >>> nodes >>> >>> [OSEv3:vars] >>> deployment_type=origin >>> openshift_release=v3.6 >>> debug_level=1 >>> openshift_debug_level=1 >>> openshift_node_debug_level=1 >>> openshift_master_debug_level=1 >>> openshift_master_access_token_max_seconds=2419200 >>> osm_cluster_network_cidr=172.16.0.0/16 >>> openshift_registry_selector="docker-registry=true" >>> openshift_hosted_registry_replicas=1 >>> >>> openshift_master_cluster_hostname=api-cluster.example.com.br >>> openshift_master_cluster_public_hostname=api-cluster.example.com.br >>> osm_default_subdomain=example.com.br >>> openshift_master_default_subdomain=example.com.br >>> osm_default_node_selector="role=app" >>> os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant >>> openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': >>> 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', >>> 'filename': '/etc/origin/master/htpasswd'}] >>> osm_use_cockpit=false >>> containerized=False >>> >>> openshift_master_cluster_method=native >>> openshift_master_console_port=443 >>> openshift_master_api_port=443 >>> >>> openshift_master_overwrite_named_certificates=true >>> openshift_master_named_certificates=[{"certfile":"{{lookup(' >>> env','PWD')}}/certs/wildcard.example.com.br.crt","keyfile": >>> "{{lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>> .br.int.crt"}] >>> openshift_master_session_auth_secrets=['F71uoyI/Tkv/LiDH2PiF >>> KK1o76bLoH10+uE2a'] >>> openshift_master_session_encryption_secrets=['bjDwQfiy4ksB/ >>> 3qph87BGulYb/GUho6K'] >>> openshift_master_audit_config={"enabled": true, "auditFilePath": >>> "/var/log/openshift-audit/openshift-audit.log", >>> "maximumFileRetentionDays": 30, "maximumFileSizeMegabytes": 500, >>> "maximumRetainedFiles": 10} >>> >>> openshift_ca_cert_expire_days=1825 >>> openshift_node_cert_expire_days=730 >>> openshift_master_cert_expire_days=730 >>> etcd_ca_default_days=1825 >>> >>> openshift_hosted_router_create_certificate=false >>> openshift_hosted_manage_router=true >>> openshift_router_selector="role=infra" >>> openshift_hosted_router_replicas=2 >>> openshift_hosted_router_certificate={"certfile":"{{lookup(' >>> env','PWD')}}/certs/wildcard.example.com.br.crt","keyfile": >>> "{{lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>> .br.int.crt"} >>> >>> openshift_hosted_metrics_deploy=true >>> openshift_hosted_metrics_public_url=https://hawkular-metrics >>> .example.com.br/hawkular/metrics >>> >>> openshift_hosted_logging_deploy=true >>> openshift_hosted_logging_hostname=kibana.example.com.br >>> >>> openshift_install_examples=true >>> >>> openshift_node_kubelet_args={'pods-per-core': ['20'], 'max-pods': >>> ['100'], 'image-gc-high-threshold': ['80'], 'image-gc-low-threshold': >>> ['50'],'minimum-container-ttl-duration': ['60s'], >>> 'maximum-dead-containers-per-container': ['1'], >>> 'maximum-dead-containers': ['15']} >>> >>> logrotate_scripts=[{"name": "syslog", "path": >>> "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/ >>> log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", >>> "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": >>> "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || >>> true"}}] >>> >>> openshift_builddefaults_image_labels=[{'name':'builder','value':'true'}] >>> openshift_builddefaults_nodeselectors={'builder':'true'} >>> openshift_builddefaults_annotations={'builder':'true'} >>> openshift_builddefaults_resources_requests_cpu=10m >>> openshift_builddefaults_resources_requests_memory=128Mi >>> openshift_builddefaults_resources_limits_cpu=500m >>> openshift_builddefaults_resources_limits_memory=2Gi >>> >>> openshift_upgrade_nodes_serial=1 >>> openshift_upgrade_nodes_max_fail_percentage=0 >>> openshift_upgrade_control_plane_nodes_serial=1 >>> openshift_upgrade_control_plane_nodes_max_fail_percentage=0 >>> >>> openshift_disable_check=disk_availability,memory_availability >>> >>> [masters] >>> e001vmov40p42 >>> e001vmov40p51 >>> e001vmov40p52 >>> >>> [etcd] >>> e001vmov40p42 >>> e001vmov40p51 >>> e001vmov40p52 >>> >>> [nodes] >>> e001vmov40p42 openshift_node_labels="{'role': 'master'}" >>> e001vmov40p51 openshift_node_labels="{'role': 'master'}" >>> e001vmov40p52 openshift_node_labels="{'role': 'master'}" >>> >>> e001vmov40p45 openshift_node_labels="{'role': 'infra', >>> 'docker-registry':'true', 'logging':'true'}" >>> e001vmov40p46 openshift_node_labels="{'role': 'infra', 'metrics': >>> 'true'}" >>> >>> e001vmov40p47 openshift_node_labels="{'role': 'app', 'builder': 'true'}" >>> e001vmov40p48 openshift_node_labels="{'role': 'app', 'builder': 'true'}" >>> e001vmov40p49 openshift_node_labels="{'role': 'app', 'builder': 'true'}" >>> >>> >>> >>> >>> >>> -- >>> Mateus Caruccio / Master of Puppets >>> GetupCloud.com >>> We make the infrastructure invisible >>> Gartner Cool Vendor 2017 >>> >>> 2017-09-14 10:13 GMT-03:00 Matthew Wringe <[email protected]>: >>> >>>> We had an issue where it was not possible for normal users to view >>>> their metrics (but cluster-admin users could). But I didn't think this made >>>> it into any releases. >>>> >>>> Would it be possible to attach the inventory file used? >>>> >>>> On Thu, Sep 14, 2017 at 8:34 AM, Paul Weil <[email protected]> wrote: >>>> >>>>> Including some metrics folks. Matt/Jeff? >>>>> >>>>> On Wed, Sep 13, 2017 at 9:44 PM, Mateus Caruccio < >>>>> [email protected]> wrote: >>>>> >>>>>> Answering my own question, that "namespace" field on audit log refers >>>>>> to the unamespaced resource "/oapi/v1/subjectaccessreviews", not the >>>>>> subject access review object of the request. >>>>>> >>>>>> Still, the problem persists... >>>>>> >>>>>> -- >>>>>> Mateus Caruccio / Master of Puppets >>>>>> GetupCloud.com >>>>>> We make the infrastructure invisible >>>>>> Gartner Cool Vendor 2017 >>>>>> >>>>>> 2017-09-13 22:39 GMT-03:00 Mateus Caruccio < >>>>>> [email protected]>: >>>>>> >>>>>>> Audit logs show this: >>>>>>> >>>>>>> 2017-09-13T22:18:43.907186125-03:00 AUDIT: >>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" ip="10.150.10.35" >>>>>>> method="POST" user="mateus" groups="\"system:authenticated >>>>>>> :oauth\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" >>>>>>> namespace="<none>" uri="/oapi/v1/subjectaccessreviews" >>>>>>> 2017-09-13T22:18:43.941696064-03:00 AUDIT: >>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" response="201" >>>>>>> >>>>>>> I'm I wrong o that "namespace" field should be not <none>? >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Mateus Caruccio / Master of Puppets >>>>>>> GetupCloud.com >>>>>>> We make the infrastructure invisible >>>>>>> Gartner Cool Vendor 2017 >>>>>>> >>>>>>> 2017-09-13 20:31 GMT-03:00 Mateus Caruccio < >>>>>>> [email protected]>: >>>>>>> >>>>>>>> After a fresh Origin 3.6.0, hawkular returns only 403 Forbiden. >>>>>>>> What is the auth path used by hawkular and how can I check if it's >>>>>>>> correct (secrets, servicaccounts, token, etc)? >>>>>>>> >>>>>>>> $ oc version >>>>>>>> oc v3.6.0+c4dd4cf >>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>> features: Basic-Auth GSSAPI Kerberos SPNEGO >>>>>>>> >>>>>>>> Server <redacted> >>>>>>>> openshift v3.6.0+c4dd4cf >>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>> >>>>>>>> >>>>>>>> $ oc -n openshift-infra get rc -o yaml | grep image: >>>>>>>> image: docker.io/openshift/origin-met >>>>>>>> rics-cassandra:v3.6.0 >>>>>>>> image: docker.io/openshift/origin-met >>>>>>>> rics-hawkular-metrics:v3.6.0 >>>>>>>> image: docker.io/openshift/origin-metrics-heapster:v3.6.0 >>>>>>>> >>>>>>>> >>>>>>>> $ oc -n openshift-infra get pods >>>>>>>> NAME READY STATUS RESTARTS AGE >>>>>>>> hawkular-cassandra-1-vg250 1/1 Running 0 42m >>>>>>>> hawkular-metrics-4rkn4 1/1 Running 0 38m >>>>>>>> heapster-fjg8t 1/1 Running 1 50m >>>>>>>> >>>>>>>> >>>>>>>> $ oadm diagnostics MetricsApiProxy >>>>>>>> [Note] Determining if client configuration exists for >>>>>>>> client/cluster diagnostics >>>>>>>> Info: Successfully read a client config file at >>>>>>>> '/home/getup/.kube/config' >>>>>>>> Info: Using context for cluster-admin access: >>>>>>>> 'default/<redacted>:443/system:admin' >>>>>>>> >>>>>>>> [Note] Running diagnostic: MetricsApiProxy >>>>>>>> Description: Check the integrated heapster metrics can be >>>>>>>> reached via the API proxy >>>>>>>> >>>>>>>> [Note] Summary of diagnostics execution (version v3.6.0+c4dd4cf): >>>>>>>> [Note] Completed with no errors or warnings seen. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Thanks >>>>>>>> -- >>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>> GetupCloud.com >>>>>>>> We make the infrastructure invisible >>>>>>>> Gartner Cool Vendor 2017 >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> dev mailing list >>>>>> [email protected] >>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>> >>>>>> >>>>> >>>> >>> _______________________________________________ >>> dev mailing list >>> [email protected] >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
