I was using :v3.7.0-rc.0 but switching to :latest solves the problem. Is 3.6.1 fixed too?
-- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018-01-16 11:59 GMT-02:00 Matthew Wringe <[email protected]>: > Are you using the latest 3.6 images? > > On Tue, Jan 16, 2018 at 7:48 AM, Mateus Caruccio < > [email protected]> wrote: > >> Hey guys, any news on this? >> Tnx >> >> -- >> Mateus Caruccio / Master of Puppets >> GetupCloud.com >> We make the infrastructure invisible >> Gartner Cool Vendor 2017 >> >> 2017-10-05 18:35 GMT-03:00 Mateus Caruccio <[email protected] >> m>: >> >>> Hey Matt, any update on this? >>> >>> -- >>> Mateus Caruccio / Master of Puppets >>> GetupCloud.com >>> We make the infrastructure invisible >>> Gartner Cool Vendor 2017 >>> >>> 2017-09-28 10:19 GMT-03:00 Matthew Wringe <[email protected]>: >>> >>>> Wait, there is another update that we need. That PR probably wont work >>>> properly for you yet. I am investigating >>>> >>>> On Thu, Sep 28, 2017 at 9:06 AM, Matthew Wringe <[email protected]> >>>> wrote: >>>> >>>>> The PR is this: https://github.com/openshift/origin-metrics/pull/382 >>>>> >>>>> It was a problem in one of our releases of Hawkular Metrics, but I >>>>> didn't think it made it into the 3.6 release (but it did). >>>>> >>>>> On Thu, Sep 28, 2017 at 8:41 AM, Mateus Caruccio < >>>>> [email protected]> wrote: >>>>> >>>>>> Sweet! Would you mind pointing the PR url? >>>>>> Thanks. >>>>>> >>>>>> -- >>>>>> Mateus Caruccio / Master of Puppets >>>>>> GetupCloud.com >>>>>> We make the infrastructure invisible >>>>>> Gartner Cool Vendor 2017 >>>>>> >>>>>> 2017-09-28 9:34 GMT-03:00 Matthew Wringe <[email protected]>: >>>>>> >>>>>>> Ah, sorry, this somehow got missed. We have had an issue that >>>>>>> slipped into 3.6.0 that we are currently in progress to fix. The PR has >>>>>>> been submitted and we are waiting for a new image to be built and pushed >>>>>>> out. >>>>>>> >>>>>>> On Thu, Sep 28, 2017 at 6:53 AM, Mateus Caruccio < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Nope, no time to debug yet :( >>>>>>>> >>>>>>>> -- >>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>> GetupCloud.com >>>>>>>> We make the infrastructure invisible >>>>>>>> Gartner Cool Vendor 2017 >>>>>>>> >>>>>>>> 2017-09-28 7:52 GMT-03:00 Andrew Lau <[email protected]>: >>>>>>>> >>>>>>>>> Did you find any solution for this? >>>>>>>>> >>>>>>>>> On Fri, 15 Sep 2017 at 01:34 Mateus Caruccio < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Yep, there it is: >>>>>>>>>> >>>>>>>>>> [OSEv3:children] >>>>>>>>>> masters >>>>>>>>>> etcd >>>>>>>>>> nodes >>>>>>>>>> >>>>>>>>>> [OSEv3:vars] >>>>>>>>>> deployment_type=origin >>>>>>>>>> openshift_release=v3.6 >>>>>>>>>> debug_level=1 >>>>>>>>>> openshift_debug_level=1 >>>>>>>>>> openshift_node_debug_level=1 >>>>>>>>>> openshift_master_debug_level=1 >>>>>>>>>> openshift_master_access_token_max_seconds=2419200 >>>>>>>>>> osm_cluster_network_cidr=172.16.0.0/16 >>>>>>>>>> openshift_registry_selector="docker-registry=true" >>>>>>>>>> openshift_hosted_registry_replicas=1 >>>>>>>>>> >>>>>>>>>> openshift_master_cluster_hostname=api-cluster.example.com.br >>>>>>>>>> openshift_master_cluster_public_hostname=api-cluster.example >>>>>>>>>> .com.br >>>>>>>>>> osm_default_subdomain=example.com.br >>>>>>>>>> openshift_master_default_subdomain=example.com.br >>>>>>>>>> osm_default_node_selector="role=app" >>>>>>>>>> os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant >>>>>>>>>> openshift_master_identity_providers=[{'name': 'htpasswd_auth', >>>>>>>>>> 'login': 'true', 'challenge': 'true', 'kind': >>>>>>>>>> 'HTPasswdPasswordIdentityProvider', >>>>>>>>>> 'filename': '/etc/origin/master/htpasswd'}] >>>>>>>>>> osm_use_cockpit=false >>>>>>>>>> containerized=False >>>>>>>>>> >>>>>>>>>> openshift_master_cluster_method=native >>>>>>>>>> openshift_master_console_port=443 >>>>>>>>>> openshift_master_api_port=443 >>>>>>>>>> >>>>>>>>>> openshift_master_overwrite_named_certificates=true >>>>>>>>>> openshift_master_named_certificates=[{"certfile":"{{lookup(' >>>>>>>>>> env','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":" >>>>>>>>>> {{lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>>>>>>>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>>>>>>>>> .br.int.crt"}] >>>>>>>>>> openshift_master_session_auth_secrets=['F71uoyI/Tkv/LiDH2PiF >>>>>>>>>> KK1o76bLoH10+uE2a'] >>>>>>>>>> openshift_master_session_encryption_secrets=['bjDwQfiy4ksB/3 >>>>>>>>>> qph87BGulYb/GUho6K'] >>>>>>>>>> openshift_master_audit_config={"enabled": true, "auditFilePath": >>>>>>>>>> "/var/log/openshift-audit/openshift-audit.log", >>>>>>>>>> "maximumFileRetentionDays": 30, "maximumFileSizeMegabytes": 500, >>>>>>>>>> "maximumRetainedFiles": 10} >>>>>>>>>> >>>>>>>>>> openshift_ca_cert_expire_days=1825 >>>>>>>>>> openshift_node_cert_expire_days=730 >>>>>>>>>> openshift_master_cert_expire_days=730 >>>>>>>>>> etcd_ca_default_days=1825 >>>>>>>>>> >>>>>>>>>> openshift_hosted_router_create_certificate=false >>>>>>>>>> openshift_hosted_manage_router=true >>>>>>>>>> openshift_router_selector="role=infra" >>>>>>>>>> openshift_hosted_router_replicas=2 >>>>>>>>>> openshift_hosted_router_certificate={"certfile":"{{lookup('e >>>>>>>>>> nv','PWD')}}/certs/wildcard.example.com.br.crt","keyfile":"{ >>>>>>>>>> {lookup('env','PWD')}}/certs/wildcard.example.com.br.key", >>>>>>>>>> "cafile":"{{lookup('env','PWD')}}/certs/wildcard.example.com >>>>>>>>>> .br.int.crt"} >>>>>>>>>> >>>>>>>>>> openshift_hosted_metrics_deploy=true >>>>>>>>>> openshift_hosted_metrics_public_url=https://hawkular-metrics >>>>>>>>>> .example.com.br/hawkular/metrics >>>>>>>>>> >>>>>>>>>> openshift_hosted_logging_deploy=true >>>>>>>>>> openshift_hosted_logging_hostname=kibana.example.com.br >>>>>>>>>> >>>>>>>>>> openshift_install_examples=true >>>>>>>>>> >>>>>>>>>> openshift_node_kubelet_args={'pods-per-core': ['20'], >>>>>>>>>> 'max-pods': ['100'], 'image-gc-high-threshold': ['80'], >>>>>>>>>> 'image-gc-low-threshold': ['50'],'minimum-container-ttl-duration': >>>>>>>>>> ['60s'], 'maximum-dead-containers-per-container': ['1'], >>>>>>>>>> 'maximum-dead-containers': ['15']} >>>>>>>>>> >>>>>>>>>> logrotate_scripts=[{"name": "syslog", "path": >>>>>>>>>> "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", >>>>>>>>>> "options": ["daily", "rotate 7", "compress", "sharedscripts", >>>>>>>>>> "missingok"], >>>>>>>>>> "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid >>>>>>>>>> 2> >>>>>>>>>> /dev/null` 2> /dev/null || true"}}] >>>>>>>>>> >>>>>>>>>> openshift_builddefaults_image_labels=[{'name':'builder','val >>>>>>>>>> ue':'true'}] >>>>>>>>>> openshift_builddefaults_nodeselectors={'builder':'true'} >>>>>>>>>> openshift_builddefaults_annotations={'builder':'true'} >>>>>>>>>> openshift_builddefaults_resources_requests_cpu=10m >>>>>>>>>> openshift_builddefaults_resources_requests_memory=128Mi >>>>>>>>>> openshift_builddefaults_resources_limits_cpu=500m >>>>>>>>>> openshift_builddefaults_resources_limits_memory=2Gi >>>>>>>>>> >>>>>>>>>> openshift_upgrade_nodes_serial=1 >>>>>>>>>> openshift_upgrade_nodes_max_fail_percentage=0 >>>>>>>>>> openshift_upgrade_control_plane_nodes_serial=1 >>>>>>>>>> openshift_upgrade_control_plane_nodes_max_fail_percentage=0 >>>>>>>>>> >>>>>>>>>> openshift_disable_check=disk_availability,memory_availability >>>>>>>>>> >>>>>>>>>> [masters] >>>>>>>>>> e001vmov40p42 >>>>>>>>>> e001vmov40p51 >>>>>>>>>> e001vmov40p52 >>>>>>>>>> >>>>>>>>>> [etcd] >>>>>>>>>> e001vmov40p42 >>>>>>>>>> e001vmov40p51 >>>>>>>>>> e001vmov40p52 >>>>>>>>>> >>>>>>>>>> [nodes] >>>>>>>>>> e001vmov40p42 openshift_node_labels="{'role': 'master'}" >>>>>>>>>> e001vmov40p51 openshift_node_labels="{'role': 'master'}" >>>>>>>>>> e001vmov40p52 openshift_node_labels="{'role': 'master'}" >>>>>>>>>> >>>>>>>>>> e001vmov40p45 openshift_node_labels="{'role': 'infra', >>>>>>>>>> 'docker-registry':'true', 'logging':'true'}" >>>>>>>>>> e001vmov40p46 openshift_node_labels="{'role': 'infra', >>>>>>>>>> 'metrics': 'true'}" >>>>>>>>>> >>>>>>>>>> e001vmov40p47 openshift_node_labels="{'role': 'app', 'builder': >>>>>>>>>> 'true'}" >>>>>>>>>> e001vmov40p48 openshift_node_labels="{'role': 'app', 'builder': >>>>>>>>>> 'true'}" >>>>>>>>>> e001vmov40p49 openshift_node_labels="{'role': 'app', 'builder': >>>>>>>>>> 'true'}" >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>> GetupCloud.com >>>>>>>>>> We make the infrastructure invisible >>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>> >>>>>>>>>> 2017-09-14 10:13 GMT-03:00 Matthew Wringe <[email protected]>: >>>>>>>>>> >>>>>>>>>>> We had an issue where it was not possible for normal users to >>>>>>>>>>> view their metrics (but cluster-admin users could). But I didn't >>>>>>>>>>> think this >>>>>>>>>>> made it into any releases. >>>>>>>>>>> >>>>>>>>>>> Would it be possible to attach the inventory file used? >>>>>>>>>>> >>>>>>>>>>> On Thu, Sep 14, 2017 at 8:34 AM, Paul Weil <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> Including some metrics folks. Matt/Jeff? >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Sep 13, 2017 at 9:44 PM, Mateus Caruccio < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Answering my own question, that "namespace" field on audit log >>>>>>>>>>>>> refers to the unamespaced resource "/oapi/v1/ >>>>>>>>>>>>> subjectaccessreviews", not the subject access review object >>>>>>>>>>>>> of the request. >>>>>>>>>>>>> >>>>>>>>>>>>> Still, the problem persists... >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>>>>> GetupCloud.com >>>>>>>>>>>>> We make the infrastructure invisible >>>>>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>>>>> >>>>>>>>>>>>> 2017-09-13 22:39 GMT-03:00 Mateus Caruccio < >>>>>>>>>>>>> [email protected]>: >>>>>>>>>>>>> >>>>>>>>>>>>>> Audit logs show this: >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2017-09-13T22:18:43.907186125-03:00 AUDIT: >>>>>>>>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" ip="10.150.10.35" >>>>>>>>>>>>>> method="POST" user="mateus" groups="\"system:authenticated >>>>>>>>>>>>>> :oauth\",\"system:authenticated\"" as="<self>" >>>>>>>>>>>>>> asgroups="<lookup>" namespace="<none>" >>>>>>>>>>>>>> uri="/oapi/v1/subjectaccessrev >>>>>>>>>>>>>> iews" >>>>>>>>>>>>>> 2017-09-13T22:18:43.941696064-03:00 AUDIT: >>>>>>>>>>>>>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" response="201" >>>>>>>>>>>>>> >>>>>>>>>>>>>> I'm I wrong o that "namespace" field should be not <none>? >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>>>>>> GetupCloud.com >>>>>>>>>>>>>> We make the infrastructure invisible >>>>>>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2017-09-13 20:31 GMT-03:00 Mateus Caruccio < >>>>>>>>>>>>>> [email protected]>: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> After a fresh Origin 3.6.0, hawkular returns only 403 >>>>>>>>>>>>>>> Forbiden. >>>>>>>>>>>>>>> What is the auth path used by hawkular and how can I check >>>>>>>>>>>>>>> if it's correct (secrets, servicaccounts, token, etc)? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> $ oc version >>>>>>>>>>>>>>> oc v3.6.0+c4dd4cf >>>>>>>>>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>>>>>>>>> features: Basic-Auth GSSAPI Kerberos SPNEGO >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Server <redacted> >>>>>>>>>>>>>>> openshift v3.6.0+c4dd4cf >>>>>>>>>>>>>>> kubernetes v1.6.1+5115d708d7 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> $ oc -n openshift-infra get rc -o yaml | grep image: >>>>>>>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>>>>>>> rics-cassandra:v3.6.0 >>>>>>>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>>>>>>> rics-hawkular-metrics:v3.6.0 >>>>>>>>>>>>>>> image: docker.io/openshift/origin-met >>>>>>>>>>>>>>> rics-heapster:v3.6.0 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> $ oc -n openshift-infra get pods >>>>>>>>>>>>>>> NAME READY STATUS RESTARTS >>>>>>>>>>>>>>> AGE >>>>>>>>>>>>>>> hawkular-cassandra-1-vg250 1/1 Running 0 >>>>>>>>>>>>>>> 42m >>>>>>>>>>>>>>> hawkular-metrics-4rkn4 1/1 Running 0 >>>>>>>>>>>>>>> 38m >>>>>>>>>>>>>>> heapster-fjg8t 1/1 Running 1 >>>>>>>>>>>>>>> 50m >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> $ oadm diagnostics MetricsApiProxy >>>>>>>>>>>>>>> [Note] Determining if client configuration exists for >>>>>>>>>>>>>>> client/cluster diagnostics >>>>>>>>>>>>>>> Info: Successfully read a client config file at >>>>>>>>>>>>>>> '/home/getup/.kube/config' >>>>>>>>>>>>>>> Info: Using context for cluster-admin access: >>>>>>>>>>>>>>> 'default/<redacted>:443/system:admin' >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [Note] Running diagnostic: MetricsApiProxy >>>>>>>>>>>>>>> Description: Check the integrated heapster metrics >>>>>>>>>>>>>>> can be reached via the API proxy >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [Note] Summary of diagnostics execution (version >>>>>>>>>>>>>>> v3.6.0+c4dd4cf): >>>>>>>>>>>>>>> [Note] Completed with no errors or warnings seen. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Mateus Caruccio / Master of Puppets >>>>>>>>>>>>>>> GetupCloud.com >>>>>>>>>>>>>>> We make the infrastructure invisible >>>>>>>>>>>>>>> Gartner Cool Vendor 2017 >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> dev mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
