Sweet! Would you mind pointing the PR url? Thanks. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017
2017-09-28 9:34 GMT-03:00 Matthew Wringe <mwri...@redhat.com>: > Ah, sorry, this somehow got missed. We have had an issue that slipped into > 3.6.0 that we are currently in progress to fix. The PR has been submitted > and we are waiting for a new image to be built and pushed out. > > On Thu, Sep 28, 2017 at 6:53 AM, Mateus Caruccio < > mateus.caruc...@getupcloud.com> wrote: > >> Nope, no time to debug yet :( >> >> -- >> Mateus Caruccio / Master of Puppets >> GetupCloud.com >> We make the infrastructure invisible >> Gartner Cool Vendor 2017 >> >> 2017-09-28 7:52 GMT-03:00 Andrew Lau <and...@andrewklau.com>: >> >>> Did you find any solution for this? >>> >>> On Fri, 15 Sep 2017 at 01:34 Mateus Caruccio < >>> mateus.caruc...@getupcloud.com> wrote: >>> >>>> Yep, there it is: >>>> >>>> [OSEv3:children] >>>> masters >>>> etcd >>>> nodes >>>> >>>> [OSEv3:vars] >>>> deployment_type=origin >>>> openshift_release=v3.6 >>>> debug_level=1 >>>> openshift_debug_level=1 >>>> openshift_node_debug_level=1 >>>> openshift_master_debug_level=1 >>>> openshift_master_access_token_max_seconds=2419200 >>>> osm_cluster_network_cidr=172.16.0.0/16 >>>> openshift_registry_selector="docker-registry=true" >>>> openshift_hosted_registry_replicas=1 >>>> >>>> openshift_master_cluster_hostname=api-cluster.example.com.br >>>> openshift_master_cluster_public_hostname=api-cluster.example.com.br >>>> osm_default_subdomain=example.com.br >>>> openshift_master_default_subdomain=example.com.br >>>> osm_default_node_selector="role=app" >>>> os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant >>>> openshift_master_identity_providers=[{'name': 'htpasswd_auth', >>>> 'login': 'true', 'challenge': 'true', 'kind': >>>> 'HTPasswdPasswordIdentityProvider', >>>> 'filename': '/etc/origin/master/htpasswd'}] >>>> osm_use_cockpit=false >>>> containerized=False >>>> >>>> openshift_master_cluster_method=native >>>> openshift_master_console_port=443 >>>> openshift_master_api_port=443 >>>> >>>> openshift_master_overwrite_named_certificates=true >>>> openshift_master_named_certificates=[{"certfile":"{{lookup(' >>>> env','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":" >>>> {{lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>>> .br.int.crt"}] >>>> openshift_master_session_auth_secrets=['F71uoyI/Tkv/LiDH2PiF >>>> KK1o76bLoH10+uE2a'] >>>> openshift_master_session_encryption_secrets=['bjDwQfiy4ksB/3 >>>> qph87BGulYb/GUho6K'] >>>> openshift_master_audit_config={"enabled": true, "auditFilePath": >>>> "/var/log/openshift-audit/openshift-audit.log", >>>> "maximumFileRetentionDays": 30, "maximumFileSizeMegabytes": 500, >>>> "maximumRetainedFiles": 10} >>>> >>>> openshift_ca_cert_expire_days=1825 >>>> openshift_node_cert_expire_days=730 >>>> openshift_master_cert_expire_days=730 >>>> etcd_ca_default_days=1825 >>>> >>>> openshift_hosted_router_create_certificate=false >>>> openshift_hosted_manage_router=true >>>> openshift_router_selector="role=infra" >>>> openshift_hosted_router_replicas=2 >>>> openshift_hosted_router_certificate={"certfile":"{{lookup('e >>>> nv','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":"{ >>>> {lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>>> .br.int.crt"} >>>> >>>> openshift_hosted_metrics_deploy=true >>>> openshift_hosted_metrics_public_url=https://hawkular-metrics >>>> .example.com.br/hawkular/metrics >>>> >>>> openshift_hosted_logging_deploy=true >>>> openshift_hosted_logging_hostname=kibana.example.com.br >>>> >>>> openshift_install_examples=true >>>> >>>> openshift_node_kubelet_args={'pods-per-core': ['20'], 'max-pods': >>>> ['100'], 'image-gc-high-threshold': ['80'], 'image-gc-low-threshold': >>>> ['50'],'minimum-container-ttl-duration': ['60s'], >>>> 'maximum-dead-containers-per-container': ['1'], >>>> 'maximum-dead-containers': ['15']} >>>> >>>> logrotate_scripts=[{"name": "syslog", "path": >>>> "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", >>>> "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], >>>> "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> >>>> /dev/null` 2> /dev/null || true"}}] >>>> >>>> openshift_builddefaults_image_labels=[{'name':'builder','val >>>> ue':'true'}] >>>> openshift_builddefaults_nodeselectors={'builder':'true'} >>>> openshift_builddefaults_annotations={'builder':'true'} >>>> openshift_builddefaults_resources_requests_cpu=10m >>>> openshift_builddefaults_resources_requests_memory=128Mi >>>> openshift_builddefaults_resources_limits_cpu=500m >>>> openshift_builddefaults_resources_limits_memory=2Gi >>>> >>>> openshift_upgrade_nodes_serial=1 >>>> openshift_upgrade_nodes_max_fail_percentage=0 >>>> openshift_upgrade_control_plane_nodes_serial=1 >>>> openshift_upgrade_control_plane_nodes_max_fail_percentage=0 >>>> >>>> openshift_disable_check=disk_availability,memory_availability >>>> >>>> [masters] >>>> e001vmov40p42 >>>> e001vmov40p51 >>>> e001vmov40p52 >>>> >>>> [etcd] >>>> e001vmov40p42 >>>> e001vmov40p51 >>>> e001vmov40p52 >>>> >>>> [nodes] >>>> e001vmov40p42 openshift_node_labels="{'role': 'master'}" >>>> e001vmov40p51 openshift_node_labels="{'role': 'master'}" >>>> e001vmov40p52 openshift_node_labels="{'role': 'master'}" >>>> >>>> e001vmov40p45 openshift_node_labels="{'role': 'infra', >>>> 'docker-registry':'true', 'logging':'true'}" >>>> e001vmov40p46 openshift_node_labels="{'role': 'infra', 'metrics': >>>> 'true'}" >>>> >>>> e001vmov40p47 openshift_node_labels="{'role': 'app', 'builder': >>>> 'true'}" >>>> e001vmov40p48 openshift_node_labels="{'role': 'app', 'builder': >>>> 'true'}" >>>> e001vmov40p49 openshift_node_labels="{'role': 'app', 'builder': >>>> 'true'}" >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Mateus Caruccio / Master of Puppets >>>> GetupCloud.com >>>> We make the infrastructure invisible >>>> Gartner Cool Vendor 2017 >>>> >>>> 2017-09-14 10:13 GMT-03:00 Matthew Wringe <mwri...@redhat.com>: >>>> >>>>> We had an issue where it was not possible for normal users to view >>>>> their metrics (but cluster-admin users could). But I didn't think this >>>>> made >>>>> it into any releases. >>>>> >>>>> Would it be possible to attach the inventory file used? >>>>> >>>>> On Thu, Sep 14, 2017 at 8:34 AM, Paul Weil <pw...@redhat.com> wrote: >>>>> >>>>>> Including some metrics folks. Matt/Jeff? >>>>>> >>>>>> On Wed, Sep 13, 2017 at 9:44 PM, Mateus Caruccio < >>>>>> mateus.caruc...@getupcloud.com> wrote: >>>>>> >>>>>>> Answering my own question, that "namespace" field on audit log >>>>>>> refers to the unamespaced resource "/oapi/v1/subjectaccessreviews", >>>>>>> not the subject access review object of the request. >>>>>>> >>>>>>> Still, the problem persists... >>>>>>> >>>>>>> -- >>>>>>> Mateus Caruccio / Master of Puppets >>>>>>> GetupCloud.com >>>>>>> We make the infrastructure invisible >>>>>>> Gartner Cool Vendor 2017 >>>>>>> >>>>>>> 2017-09-13 22:39 GMT-03:00 Mateus Caruccio < >>>>>>> mateus.caruc...@getupcloud.com>: >>>>>>> >>>>>>>> Audit logs show this: >>>>>>>> >>>>>>>> 2017-09-13T22:18:43.907186125-03:00 AUDIT: >>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" ip="10.150.10.35" >>>>>>>> method="POST" user="mateus" groups="\"system:authenticated >>>>>>>> :oauth\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" >>>>>>>> namespace="<none>" uri="/oapi/v1/subjectaccessreviews" >>>>>>>> 2017-09-13T22:18:43.941696064-03:00 AUDIT: >>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" response="201" >>>>>>>> >>>>>>>> I'm I wrong o that "namespace" field should be not <none>? >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>> GetupCloud.com >>>>>>>> We make the infrastructure invisible >>>>>>>> Gartner Cool Vendor 2017 >>>>>>>> >>>>>>>> 2017-09-13 20:31 GMT-03:00 Mateus Caruccio < >>>>>>>> mateus.caruc...@getupcloud.com>: >>>>>>>> >>>>>>>>> After a fresh Origin 3.6.0, hawkular returns only 403 Forbiden. >>>>>>>>> What is the auth path used by hawkular and how can I check if it's >>>>>>>>> correct (secrets, servicaccounts, token, etc)? >>>>>>>>> >>>>>>>>> $ oc version >>>>>>>>> oc v3.6.0+c4dd4cf >>>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>>> features: Basic-Auth GSSAPI Kerberos SPNEGO >>>>>>>>> >>>>>>>>> Server <redacted> >>>>>>>>> openshift v3.6.0+c4dd4cf >>>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>>> >>>>>>>>> >>>>>>>>> $ oc -n openshift-infra get rc -o yaml | grep image: >>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>> rics-cassandra:v3.6.0 >>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>> rics-hawkular-metrics:v3.6.0 >>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>> rics-heapster:v3.6.0 >>>>>>>>> >>>>>>>>> >>>>>>>>> $ oc -n openshift-infra get pods >>>>>>>>> NAME READY STATUS RESTARTS AGE >>>>>>>>> hawkular-cassandra-1-vg250 1/1 Running 0 42m >>>>>>>>> hawkular-metrics-4rkn4 1/1 Running 0 38m >>>>>>>>> heapster-fjg8t 1/1 Running 1 50m >>>>>>>>> >>>>>>>>> >>>>>>>>> $ oadm diagnostics MetricsApiProxy >>>>>>>>> [Note] Determining if client configuration exists for >>>>>>>>> client/cluster diagnostics >>>>>>>>> Info: Successfully read a client config file at >>>>>>>>> '/home/getup/.kube/config' >>>>>>>>> Info: Using context for cluster-admin access: >>>>>>>>> 'default/<redacted>:443/system:admin' >>>>>>>>> >>>>>>>>> [Note] Running diagnostic: MetricsApiProxy >>>>>>>>> Description: Check the integrated heapster metrics can be >>>>>>>>> reached via the API proxy >>>>>>>>> >>>>>>>>> [Note] Summary of diagnostics execution (version v3.6.0+c4dd4cf): >>>>>>>>> [Note] Completed with no errors or warnings seen. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> -- >>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>> GetupCloud.com >>>>>>>>> We make the infrastructure invisible >>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> dev mailing list >>>>>>> dev@lists.openshift.redhat.com >>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>> >>>> _______________________________________________ >>>> dev mailing list >>>> dev@lists.openshift.redhat.com >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>> >>> >> >
_______________________________________________ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev