Are you using the latest 3.6 images? On Tue, Jan 16, 2018 at 7:48 AM, Mateus Caruccio < [email protected]> wrote:
> Hey guys, any news on this? > Tnx > > -- > Mateus Caruccio / Master of Puppets > GetupCloud.com > We make the infrastructure invisible > Gartner Cool Vendor 2017 > > 2017-10-05 18:35 GMT-03:00 Mateus Caruccio <[email protected] > >: > >> Hey Matt, any update on this? >> >> -- >> Mateus Caruccio / Master of Puppets >> GetupCloud.com >> We make the infrastructure invisible >> Gartner Cool Vendor 2017 >> >> 2017-09-28 10:19 GMT-03:00 Matthew Wringe <[email protected]>: >> >>> Wait, there is another update that we need. That PR probably wont work >>> properly for you yet. I am investigating >>> >>> On Thu, Sep 28, 2017 at 9:06 AM, Matthew Wringe <[email protected]> >>> wrote: >>> >>>> The PR is this: https://github.com/openshift/origin-metrics/pull/382 >>>> >>>> It was a problem in one of our releases of Hawkular Metrics, but I >>>> didn't think it made it into the 3.6 release (but it did). >>>> >>>> On Thu, Sep 28, 2017 at 8:41 AM, Mateus Caruccio < >>>> [email protected]> wrote: >>>> >>>>> Sweet! Would you mind pointing the PR url? >>>>> Thanks. >>>>> >>>>> -- >>>>> Mateus Caruccio / Master of Puppets >>>>> GetupCloud.com >>>>> We make the infrastructure invisible >>>>> Gartner Cool Vendor 2017 >>>>> >>>>> 2017-09-28 9:34 GMT-03:00 Matthew Wringe <[email protected]>: >>>>> >>>>>> Ah, sorry, this somehow got missed. We have had an issue that slipped >>>>>> into 3.6.0 that we are currently in progress to fix. The PR has been >>>>>> submitted and we are waiting for a new image to be built and pushed out. >>>>>> >>>>>> On Thu, Sep 28, 2017 at 6:53 AM, Mateus Caruccio < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Nope, no time to debug yet :( >>>>>>> >>>>>>> -- >>>>>>> Mateus Caruccio / Master of Puppets >>>>>>> GetupCloud.com >>>>>>> We make the infrastructure invisible >>>>>>> Gartner Cool Vendor 2017 >>>>>>> >>>>>>> 2017-09-28 7:52 GMT-03:00 Andrew Lau <[email protected]>: >>>>>>> >>>>>>>> Did you find any solution for this? >>>>>>>> >>>>>>>> On Fri, 15 Sep 2017 at 01:34 Mateus Caruccio < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Yep, there it is: >>>>>>>>> >>>>>>>>> [OSEv3:children] >>>>>>>>> masters >>>>>>>>> etcd >>>>>>>>> nodes >>>>>>>>> >>>>>>>>> [OSEv3:vars] >>>>>>>>> deployment_type=origin >>>>>>>>> openshift_release=v3.6 >>>>>>>>> debug_level=1 >>>>>>>>> openshift_debug_level=1 >>>>>>>>> openshift_node_debug_level=1 >>>>>>>>> openshift_master_debug_level=1 >>>>>>>>> openshift_master_access_token_max_seconds=2419200 >>>>>>>>> osm_cluster_network_cidr=172.16.0.0/16 >>>>>>>>> openshift_registry_selector="docker-registry=true" >>>>>>>>> openshift_hosted_registry_replicas=1 >>>>>>>>> >>>>>>>>> openshift_master_cluster_hostname=api-cluster.example.com.br >>>>>>>>> openshift_master_cluster_public_hostname=api-cluster.example >>>>>>>>> .com.br >>>>>>>>> osm_default_subdomain=example.com.br >>>>>>>>> openshift_master_default_subdomain=example.com.br >>>>>>>>> osm_default_node_selector="role=app" >>>>>>>>> os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant >>>>>>>>> openshift_master_identity_providers=[{'name': 'htpasswd_auth', >>>>>>>>> 'login': 'true', 'challenge': 'true', 'kind': >>>>>>>>> 'HTPasswdPasswordIdentityProvider', >>>>>>>>> 'filename': '/etc/origin/master/htpasswd'}] >>>>>>>>> osm_use_cockpit=false >>>>>>>>> containerized=False >>>>>>>>> >>>>>>>>> openshift_master_cluster_method=native >>>>>>>>> openshift_master_console_port=443 >>>>>>>>> openshift_master_api_port=443 >>>>>>>>> >>>>>>>>> openshift_master_overwrite_named_certificates=true >>>>>>>>> openshift_master_named_certificates=[{"certfile":"{{lookup(' >>>>>>>>> env','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":" >>>>>>>>> {{lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>>>>>>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>>>>>>>> .br.int.crt"}] >>>>>>>>> openshift_master_session_auth_secrets=['F71uoyI/Tkv/LiDH2PiF >>>>>>>>> KK1o76bLoH10+uE2a'] >>>>>>>>> openshift_master_session_encryption_secrets=['bjDwQfiy4ksB/3 >>>>>>>>> qph87BGulYb/GUho6K'] >>>>>>>>> openshift_master_audit_config={"enabled": true, "auditFilePath": >>>>>>>>> "/var/log/openshift-audit/openshift-audit.log", >>>>>>>>> "maximumFileRetentionDays": 30, "maximumFileSizeMegabytes": 500, >>>>>>>>> "maximumRetainedFiles": 10} >>>>>>>>> >>>>>>>>> openshift_ca_cert_expire_days=1825 >>>>>>>>> openshift_node_cert_expire_days=730 >>>>>>>>> openshift_master_cert_expire_days=730 >>>>>>>>> etcd_ca_default_days=1825 >>>>>>>>> >>>>>>>>> openshift_hosted_router_create_certificate=false >>>>>>>>> openshift_hosted_manage_router=true >>>>>>>>> openshift_router_selector="role=infra" >>>>>>>>> openshift_hosted_router_replicas=2 >>>>>>>>> openshift_hosted_router_certificate={"certfile":"{{lookup('e >>>>>>>>> nv','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":"{ >>>>>>>>> {lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>>>>>>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>>>>>>>> .br.int.crt"} >>>>>>>>> >>>>>>>>> openshift_hosted_metrics_deploy=true >>>>>>>>> openshift_hosted_metrics_public_url=https://hawkular-metrics >>>>>>>>> .example.com.br/hawkular/metrics >>>>>>>>> >>>>>>>>> openshift_hosted_logging_deploy=true >>>>>>>>> openshift_hosted_logging_hostname=kibana.example.com.br >>>>>>>>> >>>>>>>>> openshift_install_examples=true >>>>>>>>> >>>>>>>>> openshift_node_kubelet_args={'pods-per-core': ['20'], 'max-pods': >>>>>>>>> ['100'], 'image-gc-high-threshold': ['80'], 'image-gc-low-threshold': >>>>>>>>> ['50'],'minimum-container-ttl-duration': ['60s'], >>>>>>>>> 'maximum-dead-containers-per-container': ['1'], >>>>>>>>> 'maximum-dead-containers': ['15']} >>>>>>>>> >>>>>>>>> logrotate_scripts=[{"name": "syslog", "path": >>>>>>>>> "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", >>>>>>>>> "options": ["daily", "rotate 7", "compress", "sharedscripts", >>>>>>>>> "missingok"], >>>>>>>>> "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> >>>>>>>>> /dev/null` 2> /dev/null || true"}}] >>>>>>>>> >>>>>>>>> openshift_builddefaults_image_labels=[{'name':'builder','val >>>>>>>>> ue':'true'}] >>>>>>>>> openshift_builddefaults_nodeselectors={'builder':'true'} >>>>>>>>> openshift_builddefaults_annotations={'builder':'true'} >>>>>>>>> openshift_builddefaults_resources_requests_cpu=10m >>>>>>>>> openshift_builddefaults_resources_requests_memory=128Mi >>>>>>>>> openshift_builddefaults_resources_limits_cpu=500m >>>>>>>>> openshift_builddefaults_resources_limits_memory=2Gi >>>>>>>>> >>>>>>>>> openshift_upgrade_nodes_serial=1 >>>>>>>>> openshift_upgrade_nodes_max_fail_percentage=0 >>>>>>>>> openshift_upgrade_control_plane_nodes_serial=1 >>>>>>>>> openshift_upgrade_control_plane_nodes_max_fail_percentage=0 >>>>>>>>> >>>>>>>>> openshift_disable_check=disk_availability,memory_availability >>>>>>>>> >>>>>>>>> [masters] >>>>>>>>> e001vmov40p42 >>>>>>>>> e001vmov40p51 >>>>>>>>> e001vmov40p52 >>>>>>>>> >>>>>>>>> [etcd] >>>>>>>>> e001vmov40p42 >>>>>>>>> e001vmov40p51 >>>>>>>>> e001vmov40p52 >>>>>>>>> >>>>>>>>> [nodes] >>>>>>>>> e001vmov40p42 openshift_node_labels="{'role': 'master'}" >>>>>>>>> e001vmov40p51 openshift_node_labels="{'role': 'master'}" >>>>>>>>> e001vmov40p52 openshift_node_labels="{'role': 'master'}" >>>>>>>>> >>>>>>>>> e001vmov40p45 openshift_node_labels="{'role': 'infra', >>>>>>>>> 'docker-registry':'true', 'logging':'true'}" >>>>>>>>> e001vmov40p46 openshift_node_labels="{'role': 'infra', 'metrics': >>>>>>>>> 'true'}" >>>>>>>>> >>>>>>>>> e001vmov40p47 openshift_node_labels="{'role': 'app', 'builder': >>>>>>>>> 'true'}" >>>>>>>>> e001vmov40p48 openshift_node_labels="{'role': 'app', 'builder': >>>>>>>>> 'true'}" >>>>>>>>> e001vmov40p49 openshift_node_labels="{'role': 'app', 'builder': >>>>>>>>> 'true'}" >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>> GetupCloud.com >>>>>>>>> We make the infrastructure invisible >>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>> >>>>>>>>> 2017-09-14 10:13 GMT-03:00 Matthew Wringe <[email protected]>: >>>>>>>>> >>>>>>>>>> We had an issue where it was not possible for normal users to >>>>>>>>>> view their metrics (but cluster-admin users could). But I didn't >>>>>>>>>> think this >>>>>>>>>> made it into any releases. >>>>>>>>>> >>>>>>>>>> Would it be possible to attach the inventory file used? >>>>>>>>>> >>>>>>>>>> On Thu, Sep 14, 2017 at 8:34 AM, Paul Weil <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Including some metrics folks. Matt/Jeff? >>>>>>>>>>> >>>>>>>>>>> On Wed, Sep 13, 2017 at 9:44 PM, Mateus Caruccio < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Answering my own question, that "namespace" field on audit log >>>>>>>>>>>> refers to the unamespaced resource "/oapi/v1/ >>>>>>>>>>>> subjectaccessreviews", not the subject access review object of >>>>>>>>>>>> the request. >>>>>>>>>>>> >>>>>>>>>>>> Still, the problem persists... >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>>>> GetupCloud.com >>>>>>>>>>>> We make the infrastructure invisible >>>>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>>>> >>>>>>>>>>>> 2017-09-13 22:39 GMT-03:00 Mateus Caruccio < >>>>>>>>>>>> [email protected]>: >>>>>>>>>>>> >>>>>>>>>>>>> Audit logs show this: >>>>>>>>>>>>> >>>>>>>>>>>>> 2017-09-13T22:18:43.907186125-03:00 AUDIT: >>>>>>>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" ip="10.150.10.35" >>>>>>>>>>>>> method="POST" user="mateus" groups="\"system:authenticated >>>>>>>>>>>>> :oauth\",\"system:authenticated\"" as="<self>" >>>>>>>>>>>>> asgroups="<lookup>" namespace="<none>" >>>>>>>>>>>>> uri="/oapi/v1/subjectaccessrev >>>>>>>>>>>>> iews" >>>>>>>>>>>>> 2017-09-13T22:18:43.941696064-03:00 AUDIT: >>>>>>>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" response="201" >>>>>>>>>>>>> >>>>>>>>>>>>> I'm I wrong o that "namespace" field should be not <none>? >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>>>>> GetupCloud.com >>>>>>>>>>>>> We make the infrastructure invisible >>>>>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>>>>> >>>>>>>>>>>>> 2017-09-13 20:31 GMT-03:00 Mateus Caruccio < >>>>>>>>>>>>> [email protected]>: >>>>>>>>>>>>> >>>>>>>>>>>>>> After a fresh Origin 3.6.0, hawkular returns only 403 >>>>>>>>>>>>>> Forbiden. >>>>>>>>>>>>>> What is the auth path used by hawkular and how can I check if >>>>>>>>>>>>>> it's correct (secrets, servicaccounts, token, etc)? >>>>>>>>>>>>>> >>>>>>>>>>>>>> $ oc version >>>>>>>>>>>>>> oc v3.6.0+c4dd4cf >>>>>>>>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>>>>>>>> features: Basic-Auth GSSAPI Kerberos SPNEGO >>>>>>>>>>>>>> >>>>>>>>>>>>>> Server <redacted> >>>>>>>>>>>>>> openshift v3.6.0+c4dd4cf >>>>>>>>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> $ oc -n openshift-infra get rc -o yaml | grep image: >>>>>>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>>>>>> rics-cassandra:v3.6.0 >>>>>>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>>>>>> rics-hawkular-metrics:v3.6.0 >>>>>>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>>>>>> rics-heapster:v3.6.0 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> $ oc -n openshift-infra get pods >>>>>>>>>>>>>> NAME READY STATUS RESTARTS >>>>>>>>>>>>>> AGE >>>>>>>>>>>>>> hawkular-cassandra-1-vg250 1/1 Running 0 >>>>>>>>>>>>>> 42m >>>>>>>>>>>>>> hawkular-metrics-4rkn4 1/1 Running 0 >>>>>>>>>>>>>> 38m >>>>>>>>>>>>>> heapster-fjg8t 1/1 Running 1 >>>>>>>>>>>>>> 50m >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> $ oadm diagnostics MetricsApiProxy >>>>>>>>>>>>>> [Note] Determining if client configuration exists for >>>>>>>>>>>>>> client/cluster diagnostics >>>>>>>>>>>>>> Info: Successfully read a client config file at >>>>>>>>>>>>>> '/home/getup/.kube/config' >>>>>>>>>>>>>> Info: Using context for cluster-admin access: >>>>>>>>>>>>>> 'default/<redacted>:443/system:admin' >>>>>>>>>>>>>> >>>>>>>>>>>>>> [Note] Running diagnostic: MetricsApiProxy >>>>>>>>>>>>>> Description: Check the integrated heapster metrics can >>>>>>>>>>>>>> be reached via the API proxy >>>>>>>>>>>>>> >>>>>>>>>>>>>> [Note] Summary of diagnostics execution (version >>>>>>>>>>>>>> v3.6.0+c4dd4cf): >>>>>>>>>>>>>> [Note] Completed with no errors or warnings seen. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>>>>>> GetupCloud.com >>>>>>>>>>>>>> We make the infrastructure invisible >>>>>>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> dev mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> dev mailing list >>>>>>>>> [email protected] >>>>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
