The PR is this: https://github.com/openshift/origin-metrics/pull/382
It was a problem in one of our releases of Hawkular Metrics, but I didn't think it made it into the 3.6 release (but it did). On Thu, Sep 28, 2017 at 8:41 AM, Mateus Caruccio < [email protected]> wrote: > Sweet! Would you mind pointing the PR url? > Thanks. > > -- > Mateus Caruccio / Master of Puppets > GetupCloud.com > We make the infrastructure invisible > Gartner Cool Vendor 2017 > > 2017-09-28 9:34 GMT-03:00 Matthew Wringe <[email protected]>: > >> Ah, sorry, this somehow got missed. We have had an issue that slipped >> into 3.6.0 that we are currently in progress to fix. The PR has been >> submitted and we are waiting for a new image to be built and pushed out. >> >> On Thu, Sep 28, 2017 at 6:53 AM, Mateus Caruccio < >> [email protected]> wrote: >> >>> Nope, no time to debug yet :( >>> >>> -- >>> Mateus Caruccio / Master of Puppets >>> GetupCloud.com >>> We make the infrastructure invisible >>> Gartner Cool Vendor 2017 >>> >>> 2017-09-28 7:52 GMT-03:00 Andrew Lau <[email protected]>: >>> >>>> Did you find any solution for this? >>>> >>>> On Fri, 15 Sep 2017 at 01:34 Mateus Caruccio < >>>> [email protected]> wrote: >>>> >>>>> Yep, there it is: >>>>> >>>>> [OSEv3:children] >>>>> masters >>>>> etcd >>>>> nodes >>>>> >>>>> [OSEv3:vars] >>>>> deployment_type=origin >>>>> openshift_release=v3.6 >>>>> debug_level=1 >>>>> openshift_debug_level=1 >>>>> openshift_node_debug_level=1 >>>>> openshift_master_debug_level=1 >>>>> openshift_master_access_token_max_seconds=2419200 >>>>> osm_cluster_network_cidr=172.16.0.0/16 >>>>> openshift_registry_selector="docker-registry=true" >>>>> openshift_hosted_registry_replicas=1 >>>>> >>>>> openshift_master_cluster_hostname=api-cluster.example.com.br >>>>> openshift_master_cluster_public_hostname=api-cluster.example.com.br >>>>> osm_default_subdomain=example.com.br >>>>> openshift_master_default_subdomain=example.com.br >>>>> osm_default_node_selector="role=app" >>>>> os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant >>>>> openshift_master_identity_providers=[{'name': 'htpasswd_auth', >>>>> 'login': 'true', 'challenge': 'true', 'kind': >>>>> 'HTPasswdPasswordIdentityProvider', >>>>> 'filename': '/etc/origin/master/htpasswd'}] >>>>> osm_use_cockpit=false >>>>> containerized=False >>>>> >>>>> openshift_master_cluster_method=native >>>>> openshift_master_console_port=443 >>>>> openshift_master_api_port=443 >>>>> >>>>> openshift_master_overwrite_named_certificates=true >>>>> openshift_master_named_certificates=[{"certfile":"{{lookup(' >>>>> env','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":" >>>>> {{lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>>>> .br.int.crt"}] >>>>> openshift_master_session_auth_secrets=['F71uoyI/Tkv/LiDH2PiF >>>>> KK1o76bLoH10+uE2a'] >>>>> openshift_master_session_encryption_secrets=['bjDwQfiy4ksB/3 >>>>> qph87BGulYb/GUho6K'] >>>>> openshift_master_audit_config={"enabled": true, "auditFilePath": >>>>> "/var/log/openshift-audit/openshift-audit.log", >>>>> "maximumFileRetentionDays": 30, "maximumFileSizeMegabytes": 500, >>>>> "maximumRetainedFiles": 10} >>>>> >>>>> openshift_ca_cert_expire_days=1825 >>>>> openshift_node_cert_expire_days=730 >>>>> openshift_master_cert_expire_days=730 >>>>> etcd_ca_default_days=1825 >>>>> >>>>> openshift_hosted_router_create_certificate=false >>>>> openshift_hosted_manage_router=true >>>>> openshift_router_selector="role=infra" >>>>> openshift_hosted_router_replicas=2 >>>>> openshift_hosted_router_certificate={"certfile":"{{lookup('e >>>>> nv','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":"{ >>>>> {lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>>>> .br.int.crt"} >>>>> >>>>> openshift_hosted_metrics_deploy=true >>>>> openshift_hosted_metrics_public_url=https://hawkular-metrics >>>>> .example.com.br/hawkular/metrics >>>>> >>>>> openshift_hosted_logging_deploy=true >>>>> openshift_hosted_logging_hostname=kibana.example.com.br >>>>> >>>>> openshift_install_examples=true >>>>> >>>>> openshift_node_kubelet_args={'pods-per-core': ['20'], 'max-pods': >>>>> ['100'], 'image-gc-high-threshold': ['80'], 'image-gc-low-threshold': >>>>> ['50'],'minimum-container-ttl-duration': ['60s'], >>>>> 'maximum-dead-containers-per-container': ['1'], >>>>> 'maximum-dead-containers': ['15']} >>>>> >>>>> logrotate_scripts=[{"name": "syslog", "path": >>>>> "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", >>>>> "options": ["daily", "rotate 7", "compress", "sharedscripts", >>>>> "missingok"], >>>>> "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> >>>>> /dev/null` 2> /dev/null || true"}}] >>>>> >>>>> openshift_builddefaults_image_labels=[{'name':'builder','val >>>>> ue':'true'}] >>>>> openshift_builddefaults_nodeselectors={'builder':'true'} >>>>> openshift_builddefaults_annotations={'builder':'true'} >>>>> openshift_builddefaults_resources_requests_cpu=10m >>>>> openshift_builddefaults_resources_requests_memory=128Mi >>>>> openshift_builddefaults_resources_limits_cpu=500m >>>>> openshift_builddefaults_resources_limits_memory=2Gi >>>>> >>>>> openshift_upgrade_nodes_serial=1 >>>>> openshift_upgrade_nodes_max_fail_percentage=0 >>>>> openshift_upgrade_control_plane_nodes_serial=1 >>>>> openshift_upgrade_control_plane_nodes_max_fail_percentage=0 >>>>> >>>>> openshift_disable_check=disk_availability,memory_availability >>>>> >>>>> [masters] >>>>> e001vmov40p42 >>>>> e001vmov40p51 >>>>> e001vmov40p52 >>>>> >>>>> [etcd] >>>>> e001vmov40p42 >>>>> e001vmov40p51 >>>>> e001vmov40p52 >>>>> >>>>> [nodes] >>>>> e001vmov40p42 openshift_node_labels="{'role': 'master'}" >>>>> e001vmov40p51 openshift_node_labels="{'role': 'master'}" >>>>> e001vmov40p52 openshift_node_labels="{'role': 'master'}" >>>>> >>>>> e001vmov40p45 openshift_node_labels="{'role': 'infra', >>>>> 'docker-registry':'true', 'logging':'true'}" >>>>> e001vmov40p46 openshift_node_labels="{'role': 'infra', 'metrics': >>>>> 'true'}" >>>>> >>>>> e001vmov40p47 openshift_node_labels="{'role': 'app', 'builder': >>>>> 'true'}" >>>>> e001vmov40p48 openshift_node_labels="{'role': 'app', 'builder': >>>>> 'true'}" >>>>> e001vmov40p49 openshift_node_labels="{'role': 'app', 'builder': >>>>> 'true'}" >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Mateus Caruccio / Master of Puppets >>>>> GetupCloud.com >>>>> We make the infrastructure invisible >>>>> Gartner Cool Vendor 2017 >>>>> >>>>> 2017-09-14 10:13 GMT-03:00 Matthew Wringe <[email protected]>: >>>>> >>>>>> We had an issue where it was not possible for normal users to view >>>>>> their metrics (but cluster-admin users could). But I didn't think this >>>>>> made >>>>>> it into any releases. >>>>>> >>>>>> Would it be possible to attach the inventory file used? >>>>>> >>>>>> On Thu, Sep 14, 2017 at 8:34 AM, Paul Weil <[email protected]> wrote: >>>>>> >>>>>>> Including some metrics folks. Matt/Jeff? >>>>>>> >>>>>>> On Wed, Sep 13, 2017 at 9:44 PM, Mateus Caruccio < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Answering my own question, that "namespace" field on audit log >>>>>>>> refers to the unamespaced resource "/oapi/v1/subjectaccessreviews", >>>>>>>> not the subject access review object of the request. >>>>>>>> >>>>>>>> Still, the problem persists... >>>>>>>> >>>>>>>> -- >>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>> GetupCloud.com >>>>>>>> We make the infrastructure invisible >>>>>>>> Gartner Cool Vendor 2017 >>>>>>>> >>>>>>>> 2017-09-13 22:39 GMT-03:00 Mateus Caruccio < >>>>>>>> [email protected]>: >>>>>>>> >>>>>>>>> Audit logs show this: >>>>>>>>> >>>>>>>>> 2017-09-13T22:18:43.907186125-03:00 AUDIT: >>>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" ip="10.150.10.35" >>>>>>>>> method="POST" user="mateus" groups="\"system:authenticated >>>>>>>>> :oauth\",\"system:authenticated\"" as="<self>" >>>>>>>>> asgroups="<lookup>" namespace="<none>" uri="/oapi/v1/subjectaccessrev >>>>>>>>> iews" >>>>>>>>> 2017-09-13T22:18:43.941696064-03:00 AUDIT: >>>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" response="201" >>>>>>>>> >>>>>>>>> I'm I wrong o that "namespace" field should be not <none>? >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>> GetupCloud.com >>>>>>>>> We make the infrastructure invisible >>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>> >>>>>>>>> 2017-09-13 20:31 GMT-03:00 Mateus Caruccio < >>>>>>>>> [email protected]>: >>>>>>>>> >>>>>>>>>> After a fresh Origin 3.6.0, hawkular returns only 403 Forbiden. >>>>>>>>>> What is the auth path used by hawkular and how can I check if >>>>>>>>>> it's correct (secrets, servicaccounts, token, etc)? >>>>>>>>>> >>>>>>>>>> $ oc version >>>>>>>>>> oc v3.6.0+c4dd4cf >>>>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>>>> features: Basic-Auth GSSAPI Kerberos SPNEGO >>>>>>>>>> >>>>>>>>>> Server <redacted> >>>>>>>>>> openshift v3.6.0+c4dd4cf >>>>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> $ oc -n openshift-infra get rc -o yaml | grep image: >>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>> rics-cassandra:v3.6.0 >>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>> rics-hawkular-metrics:v3.6.0 >>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>> rics-heapster:v3.6.0 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> $ oc -n openshift-infra get pods >>>>>>>>>> NAME READY STATUS RESTARTS AGE >>>>>>>>>> hawkular-cassandra-1-vg250 1/1 Running 0 42m >>>>>>>>>> hawkular-metrics-4rkn4 1/1 Running 0 38m >>>>>>>>>> heapster-fjg8t 1/1 Running 1 50m >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> $ oadm diagnostics MetricsApiProxy >>>>>>>>>> [Note] Determining if client configuration exists for >>>>>>>>>> client/cluster diagnostics >>>>>>>>>> Info: Successfully read a client config file at >>>>>>>>>> '/home/getup/.kube/config' >>>>>>>>>> Info: Using context for cluster-admin access: >>>>>>>>>> 'default/<redacted>:443/system:admin' >>>>>>>>>> >>>>>>>>>> [Note] Running diagnostic: MetricsApiProxy >>>>>>>>>> Description: Check the integrated heapster metrics can be >>>>>>>>>> reached via the API proxy >>>>>>>>>> >>>>>>>>>> [Note] Summary of diagnostics execution (version v3.6.0+c4dd4cf): >>>>>>>>>> [Note] Completed with no errors or warnings seen. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks >>>>>>>>>> -- >>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>> GetupCloud.com >>>>>>>>>> We make the infrastructure invisible >>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> dev mailing list >>>>>>>> [email protected] >>>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> _______________________________________________ >>>>> dev mailing list >>>>> [email protected] >>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>> >>>> >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
