Hey guys, any news on this? Tnx -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017
2017-10-05 18:35 GMT-03:00 Mateus Caruccio <[email protected]>: > Hey Matt, any update on this? > > -- > Mateus Caruccio / Master of Puppets > GetupCloud.com > We make the infrastructure invisible > Gartner Cool Vendor 2017 > > 2017-09-28 10:19 GMT-03:00 Matthew Wringe <[email protected]>: > >> Wait, there is another update that we need. That PR probably wont work >> properly for you yet. I am investigating >> >> On Thu, Sep 28, 2017 at 9:06 AM, Matthew Wringe <[email protected]> >> wrote: >> >>> The PR is this: https://github.com/openshift/origin-metrics/pull/382 >>> >>> It was a problem in one of our releases of Hawkular Metrics, but I >>> didn't think it made it into the 3.6 release (but it did). >>> >>> On Thu, Sep 28, 2017 at 8:41 AM, Mateus Caruccio < >>> [email protected]> wrote: >>> >>>> Sweet! Would you mind pointing the PR url? >>>> Thanks. >>>> >>>> -- >>>> Mateus Caruccio / Master of Puppets >>>> GetupCloud.com >>>> We make the infrastructure invisible >>>> Gartner Cool Vendor 2017 >>>> >>>> 2017-09-28 9:34 GMT-03:00 Matthew Wringe <[email protected]>: >>>> >>>>> Ah, sorry, this somehow got missed. We have had an issue that slipped >>>>> into 3.6.0 that we are currently in progress to fix. The PR has been >>>>> submitted and we are waiting for a new image to be built and pushed out. >>>>> >>>>> On Thu, Sep 28, 2017 at 6:53 AM, Mateus Caruccio < >>>>> [email protected]> wrote: >>>>> >>>>>> Nope, no time to debug yet :( >>>>>> >>>>>> -- >>>>>> Mateus Caruccio / Master of Puppets >>>>>> GetupCloud.com >>>>>> We make the infrastructure invisible >>>>>> Gartner Cool Vendor 2017 >>>>>> >>>>>> 2017-09-28 7:52 GMT-03:00 Andrew Lau <[email protected]>: >>>>>> >>>>>>> Did you find any solution for this? >>>>>>> >>>>>>> On Fri, 15 Sep 2017 at 01:34 Mateus Caruccio < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Yep, there it is: >>>>>>>> >>>>>>>> [OSEv3:children] >>>>>>>> masters >>>>>>>> etcd >>>>>>>> nodes >>>>>>>> >>>>>>>> [OSEv3:vars] >>>>>>>> deployment_type=origin >>>>>>>> openshift_release=v3.6 >>>>>>>> debug_level=1 >>>>>>>> openshift_debug_level=1 >>>>>>>> openshift_node_debug_level=1 >>>>>>>> openshift_master_debug_level=1 >>>>>>>> openshift_master_access_token_max_seconds=2419200 >>>>>>>> osm_cluster_network_cidr=172.16.0.0/16 >>>>>>>> openshift_registry_selector="docker-registry=true" >>>>>>>> openshift_hosted_registry_replicas=1 >>>>>>>> >>>>>>>> openshift_master_cluster_hostname=api-cluster.example.com.br >>>>>>>> openshift_master_cluster_public_hostname=api-cluster.example.com.br >>>>>>>> osm_default_subdomain=example.com.br >>>>>>>> openshift_master_default_subdomain=example.com.br >>>>>>>> osm_default_node_selector="role=app" >>>>>>>> os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant >>>>>>>> openshift_master_identity_providers=[{'name': 'htpasswd_auth', >>>>>>>> 'login': 'true', 'challenge': 'true', 'kind': >>>>>>>> 'HTPasswdPasswordIdentityProvider', >>>>>>>> 'filename': '/etc/origin/master/htpasswd'}] >>>>>>>> osm_use_cockpit=false >>>>>>>> containerized=False >>>>>>>> >>>>>>>> openshift_master_cluster_method=native >>>>>>>> openshift_master_console_port=443 >>>>>>>> openshift_master_api_port=443 >>>>>>>> >>>>>>>> openshift_master_overwrite_named_certificates=true >>>>>>>> openshift_master_named_certificates=[{"certfile":"{{lookup(' >>>>>>>> env','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":" >>>>>>>> {{lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>>>>>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>>>>>>> .br.int.crt"}] >>>>>>>> openshift_master_session_auth_secrets=['F71uoyI/Tkv/LiDH2PiF >>>>>>>> KK1o76bLoH10+uE2a'] >>>>>>>> openshift_master_session_encryption_secrets=['bjDwQfiy4ksB/3 >>>>>>>> qph87BGulYb/GUho6K'] >>>>>>>> openshift_master_audit_config={"enabled": true, "auditFilePath": >>>>>>>> "/var/log/openshift-audit/openshift-audit.log", >>>>>>>> "maximumFileRetentionDays": 30, "maximumFileSizeMegabytes": 500, >>>>>>>> "maximumRetainedFiles": 10} >>>>>>>> >>>>>>>> openshift_ca_cert_expire_days=1825 >>>>>>>> openshift_node_cert_expire_days=730 >>>>>>>> openshift_master_cert_expire_days=730 >>>>>>>> etcd_ca_default_days=1825 >>>>>>>> >>>>>>>> openshift_hosted_router_create_certificate=false >>>>>>>> openshift_hosted_manage_router=true >>>>>>>> openshift_router_selector="role=infra" >>>>>>>> openshift_hosted_router_replicas=2 >>>>>>>> openshift_hosted_router_certificate={"certfile":"{{lookup('e >>>>>>>> nv','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":"{ >>>>>>>> {lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>>>>>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>>>>>>> .br.int.crt"} >>>>>>>> >>>>>>>> openshift_hosted_metrics_deploy=true >>>>>>>> openshift_hosted_metrics_public_url=https://hawkular-metrics >>>>>>>> .example.com.br/hawkular/metrics >>>>>>>> >>>>>>>> openshift_hosted_logging_deploy=true >>>>>>>> openshift_hosted_logging_hostname=kibana.example.com.br >>>>>>>> >>>>>>>> openshift_install_examples=true >>>>>>>> >>>>>>>> openshift_node_kubelet_args={'pods-per-core': ['20'], 'max-pods': >>>>>>>> ['100'], 'image-gc-high-threshold': ['80'], 'image-gc-low-threshold': >>>>>>>> ['50'],'minimum-container-ttl-duration': ['60s'], >>>>>>>> 'maximum-dead-containers-per-container': ['1'], >>>>>>>> 'maximum-dead-containers': ['15']} >>>>>>>> >>>>>>>> logrotate_scripts=[{"name": "syslog", "path": >>>>>>>> "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", >>>>>>>> "options": ["daily", "rotate 7", "compress", "sharedscripts", >>>>>>>> "missingok"], >>>>>>>> "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> >>>>>>>> /dev/null` 2> /dev/null || true"}}] >>>>>>>> >>>>>>>> openshift_builddefaults_image_labels=[{'name':'builder','val >>>>>>>> ue':'true'}] >>>>>>>> openshift_builddefaults_nodeselectors={'builder':'true'} >>>>>>>> openshift_builddefaults_annotations={'builder':'true'} >>>>>>>> openshift_builddefaults_resources_requests_cpu=10m >>>>>>>> openshift_builddefaults_resources_requests_memory=128Mi >>>>>>>> openshift_builddefaults_resources_limits_cpu=500m >>>>>>>> openshift_builddefaults_resources_limits_memory=2Gi >>>>>>>> >>>>>>>> openshift_upgrade_nodes_serial=1 >>>>>>>> openshift_upgrade_nodes_max_fail_percentage=0 >>>>>>>> openshift_upgrade_control_plane_nodes_serial=1 >>>>>>>> openshift_upgrade_control_plane_nodes_max_fail_percentage=0 >>>>>>>> >>>>>>>> openshift_disable_check=disk_availability,memory_availability >>>>>>>> >>>>>>>> [masters] >>>>>>>> e001vmov40p42 >>>>>>>> e001vmov40p51 >>>>>>>> e001vmov40p52 >>>>>>>> >>>>>>>> [etcd] >>>>>>>> e001vmov40p42 >>>>>>>> e001vmov40p51 >>>>>>>> e001vmov40p52 >>>>>>>> >>>>>>>> [nodes] >>>>>>>> e001vmov40p42 openshift_node_labels="{'role': 'master'}" >>>>>>>> e001vmov40p51 openshift_node_labels="{'role': 'master'}" >>>>>>>> e001vmov40p52 openshift_node_labels="{'role': 'master'}" >>>>>>>> >>>>>>>> e001vmov40p45 openshift_node_labels="{'role': 'infra', >>>>>>>> 'docker-registry':'true', 'logging':'true'}" >>>>>>>> e001vmov40p46 openshift_node_labels="{'role': 'infra', 'metrics': >>>>>>>> 'true'}" >>>>>>>> >>>>>>>> e001vmov40p47 openshift_node_labels="{'role': 'app', 'builder': >>>>>>>> 'true'}" >>>>>>>> e001vmov40p48 openshift_node_labels="{'role': 'app', 'builder': >>>>>>>> 'true'}" >>>>>>>> e001vmov40p49 openshift_node_labels="{'role': 'app', 'builder': >>>>>>>> 'true'}" >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>> GetupCloud.com >>>>>>>> We make the infrastructure invisible >>>>>>>> Gartner Cool Vendor 2017 >>>>>>>> >>>>>>>> 2017-09-14 10:13 GMT-03:00 Matthew Wringe <[email protected]>: >>>>>>>> >>>>>>>>> We had an issue where it was not possible for normal users to view >>>>>>>>> their metrics (but cluster-admin users could). But I didn't think >>>>>>>>> this made >>>>>>>>> it into any releases. >>>>>>>>> >>>>>>>>> Would it be possible to attach the inventory file used? >>>>>>>>> >>>>>>>>> On Thu, Sep 14, 2017 at 8:34 AM, Paul Weil <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Including some metrics folks. Matt/Jeff? >>>>>>>>>> >>>>>>>>>> On Wed, Sep 13, 2017 at 9:44 PM, Mateus Caruccio < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Answering my own question, that "namespace" field on audit log >>>>>>>>>>> refers to the unamespaced resource "/oapi/v1/ >>>>>>>>>>> subjectaccessreviews", not the subject access review object of >>>>>>>>>>> the request. >>>>>>>>>>> >>>>>>>>>>> Still, the problem persists... >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>>> GetupCloud.com >>>>>>>>>>> We make the infrastructure invisible >>>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>>> >>>>>>>>>>> 2017-09-13 22:39 GMT-03:00 Mateus Caruccio < >>>>>>>>>>> [email protected]>: >>>>>>>>>>> >>>>>>>>>>>> Audit logs show this: >>>>>>>>>>>> >>>>>>>>>>>> 2017-09-13T22:18:43.907186125-03:00 AUDIT: >>>>>>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" ip="10.150.10.35" >>>>>>>>>>>> method="POST" user="mateus" groups="\"system:authenticated >>>>>>>>>>>> :oauth\",\"system:authenticated\"" as="<self>" >>>>>>>>>>>> asgroups="<lookup>" namespace="<none>" >>>>>>>>>>>> uri="/oapi/v1/subjectaccessrev >>>>>>>>>>>> iews" >>>>>>>>>>>> 2017-09-13T22:18:43.941696064-03:00 AUDIT: >>>>>>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" response="201" >>>>>>>>>>>> >>>>>>>>>>>> I'm I wrong o that "namespace" field should be not <none>? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>>>> GetupCloud.com >>>>>>>>>>>> We make the infrastructure invisible >>>>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>>>> >>>>>>>>>>>> 2017-09-13 20:31 GMT-03:00 Mateus Caruccio < >>>>>>>>>>>> [email protected]>: >>>>>>>>>>>> >>>>>>>>>>>>> After a fresh Origin 3.6.0, hawkular returns only 403 Forbiden. >>>>>>>>>>>>> What is the auth path used by hawkular and how can I check if >>>>>>>>>>>>> it's correct (secrets, servicaccounts, token, etc)? >>>>>>>>>>>>> >>>>>>>>>>>>> $ oc version >>>>>>>>>>>>> oc v3.6.0+c4dd4cf >>>>>>>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>>>>>>> features: Basic-Auth GSSAPI Kerberos SPNEGO >>>>>>>>>>>>> >>>>>>>>>>>>> Server <redacted> >>>>>>>>>>>>> openshift v3.6.0+c4dd4cf >>>>>>>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> $ oc -n openshift-infra get rc -o yaml | grep image: >>>>>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>>>>> rics-cassandra:v3.6.0 >>>>>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>>>>> rics-hawkular-metrics:v3.6.0 >>>>>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>>>>> rics-heapster:v3.6.0 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> $ oc -n openshift-infra get pods >>>>>>>>>>>>> NAME READY STATUS RESTARTS AGE >>>>>>>>>>>>> hawkular-cassandra-1-vg250 1/1 Running 0 42m >>>>>>>>>>>>> hawkular-metrics-4rkn4 1/1 Running 0 38m >>>>>>>>>>>>> heapster-fjg8t 1/1 Running 1 50m >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> $ oadm diagnostics MetricsApiProxy >>>>>>>>>>>>> [Note] Determining if client configuration exists for >>>>>>>>>>>>> client/cluster diagnostics >>>>>>>>>>>>> Info: Successfully read a client config file at >>>>>>>>>>>>> '/home/getup/.kube/config' >>>>>>>>>>>>> Info: Using context for cluster-admin access: >>>>>>>>>>>>> 'default/<redacted>:443/system:admin' >>>>>>>>>>>>> >>>>>>>>>>>>> [Note] Running diagnostic: MetricsApiProxy >>>>>>>>>>>>> Description: Check the integrated heapster metrics can >>>>>>>>>>>>> be reached via the API proxy >>>>>>>>>>>>> >>>>>>>>>>>>> [Note] Summary of diagnostics execution (version >>>>>>>>>>>>> v3.6.0+c4dd4cf): >>>>>>>>>>>>> [Note] Completed with no errors or warnings seen. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks >>>>>>>>>>>>> -- >>>>>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>>>>> GetupCloud.com >>>>>>>>>>>>> We make the infrastructure invisible >>>>>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> dev mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> dev mailing list >>>>>>>> [email protected] >>>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
