Re: Unable to dynamically provision cinder volumes

[Joel Pearson]

Got some help on the #sig-openstack channel in kubernetes from @fengyunpan

Turns out I needed to add

[BlockStorage]
bs-version=v2

to /etc/origin/cloudprovider/openstack.conf

It looks like better autodetection exists in Kubernetes 1.7

https://github.com/kubernetes/kubernetes/blob/release-1.7/pkg/cloudprovider/providers/openstack/openstack.go

vs
https://github.com/kubernetes/kubernetes/blob/release-1.6/pkg/cloudprovider/providers/openstack/openstack.go

You'll notice there is only 1 reference to "auto" in the 1.6 version.

I'm not sure how it works for other people running Openshift 3.6 on
OpenStack without that setting.

Thanks,

Joel

On Sat, Oct 14, 2017 at 1:49 PM Joel Pearson 
wrote:

> Hi,
>
> I'm having no luck getting dynamic provisioning of cinder volumes working.
>
> I followed
> https://docs.openshift.org/latest/install_config/persistent_storage/dynamically_provisioning_pvs.html#openstack-cinder-spec
>
> And used:
>
> kind: StorageClass
> apiVersion: storage.k8s.io/v1
> metadata:
>   name: gold
> provisioner: kubernetes.io/cinder
> parameters:
>   type: fast
>   availability: nova
>   fsType: ext4
>
> But whenever I try it, it fails with:
>
> Failed to provision volume with StorageClass "gold": invalid option
> "fsType" for volume plugin kubernetes.io/cinder
>
> I tried removing the fsType in the storage class but it hasn't helped.
>
> My /etc/origin/cloudprovider/openstack.conf looks correct, but I cannot
> figure out what is going on.
>
> There is nothing useful in journalctl -xe on the master
>
> How else can I diagnose?
>
> Thanks,
>
> Joel
> --
> Kind Regards,
>
> Joel Pearson
> Agile Digital | Senior Software Consultant
>
> Love Your Software™ | ABN 98 106 361 273
> p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au
>
-- 
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Origin router and X-Forwarded-For

[Aleksandar Lazic]

Hi Marcello.

on Montag, 16. Oktober 2017 at 15:23 was written:

> Hi,
> I have tried it and it worked fine but the problem is override the
> default wildcard certificate and configure a different certificate,
> because it's not possible to configure the intermediate CA chain into
> the admin panel. I tried to configure the CA cert with the root CA and
> the subordinate CA files and the router is ok but if I navigate the
> new route I received a security error.

do you use reencrypted or passthrough route

please can you show us the output of.

oc get route -n your-project
oc describe route -n your-project your-route

Best Regards
Aleks


> Marcello

> On Thu, Oct 12, 2017 at 1:14 PM, Aleksandar Lazic  wrote:

>   
> Hi Marcello Lorenzi.

>  have you used -servername in s_client?

>  The ssl solution is based on sni (
> https://en.wikipedia.org/wiki/Server_Name_Indication )

> Regards
>  Aleks

> on Donnerstag, 12. Oktober 2017 at 13:02 was written:



> Hi All,
>  thanks for the response and we checked the configuration. If I tried
> to check the certificated propagate with the passthrough configuration
> with openssl s_client  and the certificate provided is the wilcard
> domain certificate and not the pod itself. Is it normal?

>  Thanks,
>  Marcello

>  On Thu, Oct 12, 2017 at 10:34 AM, Aleksandar Lazic  
> wrote:

> Hi.

>  Additionally to joel suggestion can you also use reencrypted route
> if you want to talk encrypted with apache webserver.

> https://docs.openshift.org/3.6/architecture/networking/routes.html#re-encryption-termination

> Regards
>  Aleks

>  on Mittwoch, 11. Oktober 2017 at 15:51 was written:


> Sorry I meant it say, it *cannot modify the http request in any way. 
>  On Thu, 12 Oct 2017 at 12:51 am, Joel Pearson
>  wrote:

> Hi Marcelo,

>  If you use Passthrough termination then that means that OpenShift
> cannot add the X-Forwarded-For header, because as the name suggests it
> is just passing the packets through and because it’s encrypted it can
> modify the http request in anyway. 

>  If you want X-Forwarded-For you will need to switch to Edge termination.

>  Thanks,

>  Joel
>  On Thu, 12 Oct 2017 at 12:27 am, Marcello Lorenzi  wrote:

> Hi All,
>  we tried to configure a route on Origin 3.6 with a Passthrough
> termination to an Apache webserver present into a single POD but we
> can't notice the X-Forwarded-Header to Apache logs. We tried to capture it 
> without success.

>  Could you confirm if there are some method to extract it from the POD side?

>  Thanks,
> Marcello
> ___
>  users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users-- 
> Kind Regards,

>  Joel Pearson
>  Agile Digital | Senior Software Consultant

>  Love Your Software™ | ABN 98 106 361 273
>  p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au-- 
> Kind Regards,

>  Joel Pearson
>  Agile Digital | Senior Software Consultant

>  Love Your Software™ | ABN 98 106 361 273
>  p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au


smime.p7s
Description: S/MIME Cryptographic Signature
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Web console overview sections?

[Sam Padgett]

Tako, anything with an `app` label is shown as an application. If you add
an app label to your deployment config or pods, they should show up on the
overview as an application with that name.

On Mon, Oct 16, 2017 at 12:47 PM, Tako Schotanus 
wrote:

> Hi,
>
> I just updated my minishift installation (from 1.1 to 1.7) and the web
> console overview page has changed again. A .yaml template that I was using
> before to create our services (5 pods) now puts the app's main entry point
> in the list of "Other Resources" while a seemingly random pod has been
> selected to be an "application".
>
> Is there some documentation somewhere that I can look at that explains how
> the layout of the overview page is decided?
>
> Thanks!
>
> --
>
> TAKO SCHOTANUS
>
> SENIOR SOFTWARE ENGINEER
>
> Red Hat
>
> 
> 
>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Web console overview sections?

[Tako Schotanus]

Hi,

I just updated my minishift installation (from 1.1 to 1.7) and the web
console overview page has changed again. A .yaml template that I was using
before to create our services (5 pods) now puts the app's main entry point
in the list of "Other Resources" while a seemingly random pod has been
selected to be an "application".

Is there some documentation somewhere that I can look at that explains how
the layout of the overview page is decided?

Thanks!

-- 

TAKO SCHOTANUS

SENIOR SOFTWARE ENGINEER

Red Hat



___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Possible to use AWS elasitcsearch for OpenShift logging?

[Luke Meyer]

You can configure fluentd to forward logs (see
https://docs.openshift.com/container-platform/latest/install_config/aggregate_logging.html#sending-logs-to-an-external-elasticsearch-instance).
Note the caveat, "If you are not using the provided Kibana and
Elasticsearch images, you will not have the same multi-tenant capabilities
and your data will not be restricted by user access to a particular
project."

On Thu, Oct 12, 2017 at 10:35 AM, Marc Boorshtein 
wrote:

> I have built out a cluster on AWS using the ansible advanced install.  I
> see that i can setup logging by creating infrastructure nodes that will
> host elasticsearch.  AWS has an elasticsearch service.  Is there a way to
> use that instead?
>
> Thanks
> Marc
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Origin router and X-Forwarded-For

[Marcello Lorenzi]

Hi,
I have tried it and it worked fine but the problem is override the default
wildcard certificate and configure a different certificate, because it's
not possible to configure the intermediate CA chain into the admin panel. I
tried to configure the CA cert with the root CA and the subordinate CA
files and the router is ok but if I navigate the new route I received a
security error.

Marcello

On Thu, Oct 12, 2017 at 1:14 PM, Aleksandar Lazic 
wrote:

> Hi Marcello Lorenzi.
>
> have you used -servername in s_client?
>
> The ssl solution is based on sni ( https://en.wikipedia.org/wiki/
> Server_Name_Indication )
>
> Regards
> Aleks
>
> on Donnerstag, 12. Oktober 2017 at 13:02 was written:
>
>
> Hi All,
> thanks for the response and we checked the configuration. If I tried to
> check the certificated propagate with the passthrough configuration with
> openssl s_client  and the certificate provided is the wilcard domain
> certificate and not the pod itself. Is it normal?
>
> Thanks,
> Marcello
>
> On Thu, Oct 12, 2017 at 10:34 AM, Aleksandar Lazic 
> wrote:
>
> Hi.
>
> Additionally to joel suggestion can you also use reencrypted route if you
> want to talk encrypted with apache webserver.
>
> https://docs.openshift.org/3.6/architecture/networking/
> routes.html#re-encryption-termination
>
> Regards
> Aleks
>
> on Mittwoch, 11. Oktober 2017 at 15:51 was written:
>
>
> Sorry I meant it say, it *cannot modify the http request in any way.
> On Thu, 12 Oct 2017 at 12:51 am, Joel Pearson <
> japear...@agiledigital.com.au> wrote:
>
> Hi Marcelo,
>
> If you use Passthrough termination then that means that OpenShift cannot
> add the X-Forwarded-For header, because as the name suggests it is just
> passing the packets through and because it’s encrypted it can modify the
> http request in anyway.
>
> If you want X-Forwarded-For you will need to switch to Edge termination.
>
> Thanks,
>
> Joel
> On Thu, 12 Oct 2017 at 12:27 am, Marcello Lorenzi 
> wrote:
>
> Hi All,
> we tried to configure a route on Origin 3.6 with a Passthrough
> termination to an Apache webserver present into a single POD but we can't
> notice the X-Forwarded-Header to Apache logs. We tried to capture it
> without success.
>
> Could you confirm if there are some method to extract it from the POD side?
>
> Thanks,
> Marcello
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users --
> Kind Regards,
>
> Joel Pearson
> Agile Digital | Senior Software Consultant
>
> Love Your Software™ | ABN 98 106 361 273
> p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au --
>
> Kind Regards,
>
> Joel Pearson
> Agile Digital | Senior Software Consultant
>
> Love Your Software™ | ABN 98 106 361 273
> p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Draining in Rolling Upgrade

[Barış Aydınöz]

Hi Everyone,


In OCP 3.5, suppose we have 3 or multiple instances in a cluster for version 
1.0 and there is a newer version 1.1, but we need these services drain and 
updated 1 by 1. How can we adjust it in deployment YML?

Could you please guide me a reference document?

Thanks in advance. And thanks for the all quick responses so far

Baris


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: 2 clusters with the same internal ip addresses

[Frederic Giloux]

Hi Lionel

yes these IPs are not exposed to the outside (S-NAT with the node IP
address). If you are not calling external services with conflicting IP
addresses you are fine.

Regards,

Frédéric

On Mon, Oct 16, 2017 at 11:40 AM, Lionel Orellana 
wrote:

> Hi,
>
>
> Can two different clusters use the same ip ranges for
> osm_cluster_network_cidr and  openshift_portal_net? Those ip’s are all
> internal so should be ok? I'm trying to save the hassle of reserving two
> more ranges for my second cluster. I don't want/need them to know about
> each other.
>
>
> Thanks
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>


-- 
*Frédéric Giloux*
Senior Middleware Consultant
Red Hat Germany

fgil...@redhat.com M: +49-174-172-4661

redhat.com | TRIED. TESTED. TRUSTED. | redhat.com/trusted

Red Hat GmbH, http://www.de.redhat.com/ Sitz: Grasbrunn,
Handelsregister: Amtsgericht München, HRB 153243
Geschäftsführer: Paul Argiry, Charles Cachera, Michael Cunningham, Michael
O'Neill
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

2 clusters with the same internal ip addresses

[Lionel Orellana]

Hi,


Can two different clusters use the same ip ranges for
osm_cluster_network_cidr and  openshift_portal_net? Those ip’s are all
internal so should be ok? I'm trying to save the hassle of reserving two
more ranges for my second cluster. I don't want/need them to know about
each other.


Thanks
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users