Sweet! Would you mind pointing the PR url?
Thanks.
--
Mateus Caruccio / Master of Puppets
GetupCloud.com
We make the infrastructure invisible
Gartner Cool Vendor 2017
2017-09-28 9:34 GMT-03:00 Matthew Wringe <mwri...@redhat.com>:
> Ah, sorry, this somehow got missed. We have had an issue that slipped into
> 3.6.0 that we are currently in progress to fix. The PR has been submitted
> and we are waiting for a new image to be built and pushed out.
>
> On Thu, Sep 28, 2017 at 6:53 AM, Mateus Caruccio <
> mateus.caruc...@getupcloud.com> wrote:
>
>> Nope, no time to debug yet :(
>>
>> --
>> Mateus Caruccio / Master of Puppets
>> GetupCloud.com
>> We make the infrastructure invisible
>> Gartner Cool Vendor 2017
>>
>> 2017-09-28 7:52 GMT-03:00 Andrew Lau <and...@andrewklau.com>:
>>
>>> Did you find any solution for this?
>>>
>>> On Fri, 15 Sep 2017 at 01:34 Mateus Caruccio <
>>> mateus.caruc...@getupcloud.com> wrote:
>>>
>>>> Yep, there it is:
>>>>
>>>> [OSEv3:children]
>>>> masters
>>>> etcd
>>>> nodes
>>>>
>>>> [OSEv3:vars]
>>>> deployment_type=origin
>>>> openshift_release=v3.6
>>>> debug_level=1
>>>> openshift_debug_level=1
>>>> openshift_node_debug_level=1
>>>> openshift_master_debug_level=1
>>>> openshift_master_access_token_max_seconds=2419200
>>>> osm_cluster_network_cidr=172.16.0.0/16
>>>> openshift_registry_selector="docker-registry=true"
>>>> openshift_hosted_registry_replicas=1
>>>>
>>>> openshift_master_cluster_hostname=api-cluster.example.com.br
>>>> openshift_master_cluster_public_hostname=api-cluster.example.com.br
>>>> osm_default_subdomain=example.com.br
>>>> openshift_master_default_subdomain=example.com.br
>>>> osm_default_node_selector="role=app"
>>>> os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant
>>>> openshift_master_identity_providers=[{'name': 'htpasswd_auth',
>>>> 'login': 'true', 'challenge': 'true', 'kind':
>>>> 'HTPasswdPasswordIdentityProvider',
>>>> 'filename': '/etc/origin/master/htpasswd'}]
>>>> osm_use_cockpit=false
>>>> containerized=False
>>>>
>>>> openshift_master_cluster_method=native
>>>> openshift_master_console_port=443
>>>> openshift_master_api_port=443
>>>>
>>>> openshift_master_overwrite_named_certificates=true
>>>> openshift_master_named_certificates=[{"certfile":"{{lookup('
>>>> env','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":"
>>>> {{lookup('env','PWD')}}/certs/wildcard.example.com.br.key",
>>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com
>>>> .br.int.crt"}]
>>>> openshift_master_session_auth_secrets=['F71uoyI/Tkv/LiDH2PiF
>>>> KK1o76bLoH10+uE2a']
>>>> openshift_master_session_encryption_secrets=['bjDwQfiy4ksB/3
>>>> qph87BGulYb/GUho6K']
>>>> openshift_master_audit_config={"enabled": true, "auditFilePath":
>>>> "/var/log/openshift-audit/openshift-audit.log",
>>>> "maximumFileRetentionDays": 30, "maximumFileSizeMegabytes": 500,
>>>> "maximumRetainedFiles": 10}
>>>>
>>>> openshift_ca_cert_expire_days=1825
>>>> openshift_node_cert_expire_days=730
>>>> openshift_master_cert_expire_days=730
>>>> etcd_ca_default_days=1825
>>>>
>>>> openshift_hosted_router_create_certificate=false
>>>> openshift_hosted_manage_router=true
>>>> openshift_router_selector="role=infra"
>>>> openshift_hosted_router_replicas=2
>>>> openshift_hosted_router_certificate={"certfile":"{{lookup('e
>>>> nv','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":"{
>>>> {lookup('env','PWD')}}/certs/wildcard.example.com.br.key",
>>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com
>>>> .br.int.crt"}
>>>>
>>>> openshift_hosted_metrics_deploy=true
>>>> openshift_hosted_metrics_public_url=https://hawkular-metrics
>>>> .example.com.br/hawkular/metrics
>>>>
>>>> openshift_hosted_logging_deploy=true
>>>> openshift_hosted_logging_hostname=kibana.example.com.br
>>>>
>>>> openshift_install_examples=true
>>>>
>>>> openshift_node_kubelet_args={'pods-per-core': ['20'], 'max-pods':
>>>> ['100'], 'image-gc-high-threshold': ['80'], 'image-gc-low-threshold':
>>>> ['50'],'minimum-container-ttl-duration': ['60s'],
>>>> 'maximum-dead-containers-per-container': ['1'],
>>>> 'maximum-dead-containers': ['15']}
>>>>
>>>> logrotate_scripts=[{"name": "syslog", "path":
>>>> "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n",
>>>> "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"],
>>>> "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2>
>>>> /dev/null` 2> /dev/null || true"}}]
>>>>
>>>> openshift_builddefaults_image_labels=[{'name':'builder','val
>>>> ue':'true'}]
>>>> openshift_builddefaults_nodeselectors={'builder':'true'}
>>>> openshift_builddefaults_annotations={'builder':'true'}
>>>> openshift_builddefaults_resources_requests_cpu=10m
>>>> openshift_builddefaults_resources_requests_memory=128Mi
>>>> openshift_builddefaults_resources_limits_cpu=500m
>>>> openshift_builddefaults_resources_limits_memory=2Gi
>>>>
>>>> openshift_upgrade_nodes_serial=1
>>>> openshift_upgrade_nodes_max_fail_percentage=0
>>>> openshift_upgrade_control_plane_nodes_serial=1
>>>> openshift_upgrade_control_plane_nodes_max_fail_percentage=0
>>>>
>>>> openshift_disable_check=disk_availability,memory_availability
>>>>
>>>> [masters]
>>>> e001vmov40p42
>>>> e001vmov40p51
>>>> e001vmov40p52
>>>>
>>>> [etcd]
>>>> e001vmov40p42
>>>> e001vmov40p51
>>>> e001vmov40p52
>>>>
>>>> [nodes]
>>>> e001vmov40p42 openshift_node_labels="{'role': 'master'}"
>>>> e001vmov40p51 openshift_node_labels="{'role': 'master'}"
>>>> e001vmov40p52 openshift_node_labels="{'role': 'master'}"
>>>>
>>>> e001vmov40p45 openshift_node_labels="{'role': 'infra',
>>>> 'docker-registry':'true', 'logging':'true'}"
>>>> e001vmov40p46 openshift_node_labels="{'role': 'infra', 'metrics':
>>>> 'true'}"
>>>>
>>>> e001vmov40p47 openshift_node_labels="{'role': 'app', 'builder':
>>>> 'true'}"
>>>> e001vmov40p48 openshift_node_labels="{'role': 'app', 'builder':
>>>> 'true'}"
>>>> e001vmov40p49 openshift_node_labels="{'role': 'app', 'builder':
>>>> 'true'}"
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Mateus Caruccio / Master of Puppets
>>>> GetupCloud.com
>>>> We make the infrastructure invisible
>>>> Gartner Cool Vendor 2017
>>>>
>>>> 2017-09-14 10:13 GMT-03:00 Matthew Wringe <mwri...@redhat.com>:
>>>>
>>>>> We had an issue where it was not possible for normal users to view
>>>>> their metrics (but cluster-admin users could). But I didn't think this
>>>>> made
>>>>> it into any releases.
>>>>>
>>>>> Would it be possible to attach the inventory file used?
>>>>>
>>>>> On Thu, Sep 14, 2017 at 8:34 AM, Paul Weil <pw...@redhat.com> wrote:
>>>>>
>>>>>> Including some metrics folks. Matt/Jeff?
>>>>>>
>>>>>> On Wed, Sep 13, 2017 at 9:44 PM, Mateus Caruccio <
>>>>>> mateus.caruc...@getupcloud.com> wrote:
>>>>>>
>>>>>>> Answering my own question, that "namespace" field on audit log
>>>>>>> refers to the unamespaced resource "/oapi/v1/subjectaccessreviews",
>>>>>>> not the subject access review object of the request.
>>>>>>>
>>>>>>> Still, the problem persists...
>>>>>>>
>>>>>>> --
>>>>>>> Mateus Caruccio / Master of Puppets
>>>>>>> GetupCloud.com
>>>>>>> We make the infrastructure invisible
>>>>>>> Gartner Cool Vendor 2017
>>>>>>>
>>>>>>> 2017-09-13 22:39 GMT-03:00 Mateus Caruccio <
>>>>>>> mateus.caruc...@getupcloud.com>:
>>>>>>>
>>>>>>>> Audit logs show this:
>>>>>>>>
>>>>>>>> 2017-09-13T22:18:43.907186125-03:00 AUDIT:
>>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" ip="10.150.10.35"
>>>>>>>> method="POST" user="mateus" groups="\"system:authenticated
>>>>>>>> :oauth\",\"system:authenticated\"" as="<self>" asgroups="<lookup>"
>>>>>>>> namespace="<none>" uri="/oapi/v1/subjectaccessreviews"
>>>>>>>> 2017-09-13T22:18:43.941696064-03:00 AUDIT:
>>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" response="201"
>>>>>>>>
>>>>>>>> I'm I wrong o that "namespace" field should be not <none>?
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Mateus Caruccio / Master of Puppets
>>>>>>>> GetupCloud.com
>>>>>>>> We make the infrastructure invisible
>>>>>>>> Gartner Cool Vendor 2017
>>>>>>>>
>>>>>>>> 2017-09-13 20:31 GMT-03:00 Mateus Caruccio <
>>>>>>>> mateus.caruc...@getupcloud.com>:
>>>>>>>>
>>>>>>>>> After a fresh Origin 3.6.0, hawkular returns only 403 Forbiden.
>>>>>>>>> What is the auth path used by hawkular and how can I check if it's
>>>>>>>>> correct (secrets, servicaccounts, token, etc)?
>>>>>>>>>
>>>>>>>>> $ oc version
>>>>>>>>> oc v3.6.0+c4dd4cf
>>>>>>>>> kubernetes v1.6.1+5115d708d7
>>>>>>>>> features: Basic-Auth GSSAPI Kerberos SPNEGO
>>>>>>>>>
>>>>>>>>> Server <redacted>
>>>>>>>>> openshift v3.6.0+c4dd4cf
>>>>>>>>> kubernetes v1.6.1+5115d708d7
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> $ oc -n openshift-infra get rc -o yaml | grep image:
>>>>>>>>> image: docker.io/openshift/origin-met
>>>>>>>>> rics-cassandra:v3.6.0
>>>>>>>>> image: docker.io/openshift/origin-met
>>>>>>>>> rics-hawkular-metrics:v3.6.0
>>>>>>>>> image: docker.io/openshift/origin-met
>>>>>>>>> rics-heapster:v3.6.0
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> $ oc -n openshift-infra get pods
>>>>>>>>> NAME READY STATUS RESTARTS AGE
>>>>>>>>> hawkular-cassandra-1-vg250 1/1 Running 0 42m
>>>>>>>>> hawkular-metrics-4rkn4 1/1 Running 0 38m
>>>>>>>>> heapster-fjg8t 1/1 Running 1 50m
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> $ oadm diagnostics MetricsApiProxy
>>>>>>>>> [Note] Determining if client configuration exists for
>>>>>>>>> client/cluster diagnostics
>>>>>>>>> Info: Successfully read a client config file at
>>>>>>>>> '/home/getup/.kube/config'
>>>>>>>>> Info: Using context for cluster-admin access:
>>>>>>>>> 'default/<redacted>:443/system:admin'
>>>>>>>>>
>>>>>>>>> [Note] Running diagnostic: MetricsApiProxy
>>>>>>>>> Description: Check the integrated heapster metrics can be
>>>>>>>>> reached via the API proxy
>>>>>>>>>
>>>>>>>>> [Note] Summary of diagnostics execution (version v3.6.0+c4dd4cf):
>>>>>>>>> [Note] Completed with no errors or warnings seen.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>> --
>>>>>>>>> Mateus Caruccio / Master of Puppets
>>>>>>>>> GetupCloud.com
>>>>>>>>> We make the infrastructure invisible
>>>>>>>>> Gartner Cool Vendor 2017
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> dev mailing list
>>>>>>> dev@lists.openshift.redhat.com
>>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> _______________________________________________
>>>> dev mailing list
>>>> dev@lists.openshift.redhat.com
>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>>>
>>>
>>
>
_______________________________________________
dev mailing list
dev@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
