Re: Can we use 'Run in privileged mode' in the Jenkins Kubernetes Pod Template?

[Clayton Coleman]

Like any other user, to run privileged an administrator must grant access
to the Jenkins service account to launch privileged pods.  That’s done by
granting the service account the slave pod runs as the privileged SCC:

oc adm policy add-scc-to-user -z SERVICE_ACCT privileged

On Apr 16, 2018, at 2:46 PM, Alan Christie 
wrote:

I’m trying to get around building Docker containers in a Jenkins
slave-agent (because the Docker socket is not available). Along comes
`buildah` claiming to be a lightweight OCI builder so I’ve built a
`buildah` Jenkins slave agent based on the
`openshift/jenkins-slave-maven-centos7` image (
https://github.com/alanbchristie/openshift-jenkins-buildah-slave.git).

Nice.

Sadly…

…the agent appears useless because buildah needs to be run as root!!!

So I walk from one problem into another.

The wonderfully named option in Jenkins -> Manage Jenkins -> Configure
System -> Kubernetes Pod Template -> "Run in privileged mode" was so
appealing I just had to click it!

But … sigh ... I still can’t run as root, instead I get the **Privileged
containers are not allowed provider restricted** error.

This has probably been asked before but...

   1. Is there anything that can be done to run slave-agents as root? (I
   don't want a BuildConfig, I want to run my existing complex pipelines which
   also build docker images in a Jenkins agent)
   2. If not, is someone thinking about supporting this?

Alan Christie


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Openshift starter not routing

[Leandro]

Yes, exactly.
Ok, thank you!

Best regards

On 16 April 2018 at 17:53, Graham Dumpleton  wrote:

> Are you on ca-central-1? An issue with routes on that cluster is being
> investigated.
>
> On 17 Apr 2018, at 6:33 am, Leandro  wrote:
>
> Hi All,
>
> Is there currently any problem with the openshift Starter? Since last
> Thursday, I have noticed the following problems:
>
> - In a new deployment, a Pod is not able to connect to the database on
> another Pod, failing with the message: No route to host.
> - In an older deployment, the solution is able to connect to the database
> normally, but the route is not available, showing the message "Application
> is not available", the same behavior presented here below:
>
> https://stackoverflow.com/questions/49852367/route-to-
> application-stopped-working-in-openshift-online-3-9
>
> Is anybody experiencing the same problem? How can we fix this?
>
> Best regards,
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Openshift starter not routing

[Graham Dumpleton]

Are you on ca-central-1? An issue with routes on that cluster is being 
investigated.

> On 17 Apr 2018, at 6:33 am, Leandro  wrote:
> 
> Hi All,
> 
> Is there currently any problem with the openshift Starter? Since last 
> Thursday, I have noticed the following problems:
> 
> - In a new deployment, a Pod is not able to connect to the database on 
> another Pod, failing with the message: No route to host.
> - In an older deployment, the solution is able to connect to the database 
> normally, but the route is not available, showing the message "Application is 
> not available", the same behavior presented here below:
> 
> https://stackoverflow.com/questions/49852367/route-to-application-stopped-working-in-openshift-online-3-9
>  
> 
> 
> Is anybody experiencing the same problem? How can we fix this?
> 
> Best regards,
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Openshift starter not routing

[Leandro]

Hi All,

Is there currently any problem with the openshift Starter? Since last
Thursday, I have noticed the following problems:

- In a new deployment, a Pod is not able to connect to the database on
another Pod, failing with the message: No route to host.
- In an older deployment, the solution is able to connect to the database
normally, but the route is not available, showing the message "Application
is not available", the same behavior presented here below:

https://stackoverflow.com/questions/49852367/route-to-application-stopped-working-in-openshift-online-3-9

Is anybody experiencing the same problem? How can we fix this?

Best regards,
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Can we use 'Run in privileged mode' in the Jenkins Kubernetes Pod Template?

[Alan Christie]

I’m trying to get around building Docker containers in a Jenkins slave-agent 
(because the Docker socket is not available). Along comes `buildah` claiming to 
be a lightweight OCI builder so I’ve built a `buildah` Jenkins slave agent 
based on the `openshift/jenkins-slave-maven-centos7` image 
(https://github.com/alanbchristie/openshift-jenkins-buildah-slave.git).

Nice.

Sadly…

…the agent appears useless because buildah needs to be run as root!!!

So I walk from one problem into another.

The wonderfully named option in Jenkins -> Manage Jenkins -> Configure System 
-> Kubernetes Pod Template -> "Run in privileged mode" was so appealing I just 
had to click it!

But … sigh ... I still can’t run as root, instead I get the **Privileged 
containers are not allowed provider restricted** error.

This has probably been asked before but...
Is there anything that can be done to run slave-agents as root? (I don't want a 
BuildConfig, I want to run my existing complex pipelines which also build 
docker images in a Jenkins agent)
If not, is someone thinking about supporting this?
Alan Christie


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: GlusterFS failing to deploy

[Tim Dudgeon]

Rodrigo

I retried having replaced the node that failed and this time all 3 pods 
started correctly.


If this happens again (I suspect it will) I will report the outputs you 
mention.


Tim


On 16/04/18 14:06, Rodrigo Bersa wrote:

Hi Tim,

Looks like there's a problem to access the Node, or the device 
(/dev/vdb) on this Node.


Can you share the output of: oc logs of the failing glusterfs POD and 
the heketi POD?



Best regards,


Rodrigo Bersa

Cloud Consultant, RHCVA, RHCE

Red Hat Brasil 

rbe...@redhat.com  M: +55-11-99557-5841 



  
TRIED. TESTED. TRUSTED. 

Red Hat é reconhecida entre as melhores empresas para trabalhar no 
Brasil pelo *Great Place to Work*.


On Mon, Apr 16, 2018 at 8:07 AM, Tim Dudgeon > wrote:


I'm having problems deploying GlusterFS to an Origin cluster.

I have 3 identical nodes for running glusterfs, but the deployment
seems to randomly fail on one of the nodes sometimes. This is a
typical error (with the json reformatted). Notice how node 001 and
003 work fine, but 002 fails.
All three nodes are equivalent in config.

TASK [openshift_storage_glusterfs : Load heketi topology]


Monday 16 April 2018  10:49:57 + (0:00:01.414) 0:44:22.372
**

{
  "changed": true,
  "cmd": [
    "oc",
"--config=/tmp/openshift-glusterfs-ansible-Eb85yA/admin.kubeconfig",
    "rsh",
    "--namespace=glusterfs",
    "deploy-heketi-storage-1-5svjh",
    "heketi-cli",
    "-s",
    "http://localhost:8080;,
    "--user",
    "admin",
    "--secret",
    "JsSOzmoF6nP6nfuJJ1RQigRQNkUiD88xl8FLfu+xhpk=",
    "topology",
    "load",
"--json=/tmp/openshift-glusterfs-ansible-Eb85yA/topology.json",
    "2>&1"
  ],
  "delta": "0:02:08.608619",
  "end": "2018-04-16 10:52:06.930155",
  "failed_when_result": true,
  "rc": 0,
  "start": "2018-04-16 10:49:58.321536",
  "stderr": "",
  "stderr_lines": [],
  "stdout": "Creating cluster ... ID:
69b19096f118186c5a09f9e78f9cb9aa\n\tAllowing file volumes on
cluster.\n\tAllowing block volumes on cluster.\n\tCreating node
orn-gluster-storage-001.openstacklocal ... ID:
ec9d615910d52bc5db9f4b18fdb714f3\n\t\tAdding device /dev/vdb ...
OK\n\tCreating node orn-gluster-storage-002.openstacklocal ...
Unable to create node: Unable to execute command on
glusterfs-storage-gbzd8:\n\tCreating node
orn-gluster-storage-003.openstacklocal ... ID:
9e69ad050cdc41af61707319612e5f58\n\t\tAdding device /dev/vdb ... OK",
  "stdout_lines": [
    "Creating cluster ... ID: 69b19096f118186c5a09f9e78f9cb9aa",
    "\tAllowing file volumes on cluster.",
    "\tAllowing block volumes on cluster.",
    "\tCreating node orn-gluster-storage-001.openstacklocal ...
ID: ec9d615910d52bc5db9f4b18fdb714f3",
    "\t\tAdding device /dev/vdb ... OK",
    "\tCreating node orn-gluster-storage-002.openstacklocal ...
Unable to create node: Unable to execute command on
glusterfs-storage-gbzd8:",
    "\tCreating node orn-gluster-storage-003.openstacklocal ...
ID: 9e69ad050cdc41af61707319612e5f58",
    "\t\tAdding device /dev/vdb ... OK"
  ]
}

Any idea what's going wrong?

Tim

___
users mailing list
users@lists.openshift.redhat.com

http://lists.openshift.redhat.com/openshiftmm/listinfo/users





___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

GlusterFS failing to deploy

[Tim Dudgeon]

I'm having problems deploying GlusterFS to an Origin cluster.

I have 3 identical nodes for running glusterfs, but the deployment seems 
to randomly fail on one of the nodes sometimes. This is a typical error 
(with the json reformatted). Notice how node 001 and 003 work fine, but 
002 fails.

All three nodes are equivalent in config.

TASK [openshift_storage_glusterfs : Load heketi topology] 


Monday 16 April 2018  10:49:57 + (0:00:01.414) 0:44:22.372 **

{
  "changed": true,
  "cmd": [
    "oc",
"--config=/tmp/openshift-glusterfs-ansible-Eb85yA/admin.kubeconfig",
    "rsh",
    "--namespace=glusterfs",
    "deploy-heketi-storage-1-5svjh",
    "heketi-cli",
    "-s",
    "http://localhost:8080;,
    "--user",
    "admin",
    "--secret",
    "JsSOzmoF6nP6nfuJJ1RQigRQNkUiD88xl8FLfu+xhpk=",
    "topology",
    "load",
"--json=/tmp/openshift-glusterfs-ansible-Eb85yA/topology.json",
    "2>&1"
  ],
  "delta": "0:02:08.608619",
  "end": "2018-04-16 10:52:06.930155",
  "failed_when_result": true,
  "rc": 0,
  "start": "2018-04-16 10:49:58.321536",
  "stderr": "",
  "stderr_lines": [],
  "stdout": "Creating cluster ... ID: 
69b19096f118186c5a09f9e78f9cb9aa\n\tAllowing file volumes on 
cluster.\n\tAllowing block volumes on cluster.\n\tCreating node 
orn-gluster-storage-001.openstacklocal ... ID: 
ec9d615910d52bc5db9f4b18fdb714f3\n\t\tAdding device /dev/vdb ... 
OK\n\tCreating node orn-gluster-storage-002.openstacklocal ... Unable to 
create node: Unable to execute command on 
glusterfs-storage-gbzd8:\n\tCreating node 
orn-gluster-storage-003.openstacklocal ... ID: 
9e69ad050cdc41af61707319612e5f58\n\t\tAdding device /dev/vdb ... OK",

  "stdout_lines": [
    "Creating cluster ... ID: 69b19096f118186c5a09f9e78f9cb9aa",
    "\tAllowing file volumes on cluster.",
    "\tAllowing block volumes on cluster.",
    "\tCreating node orn-gluster-storage-001.openstacklocal ... ID: 
ec9d615910d52bc5db9f4b18fdb714f3",

    "\t\tAdding device /dev/vdb ... OK",
    "\tCreating node orn-gluster-storage-002.openstacklocal ... Unable 
to create node: Unable to execute command on glusterfs-storage-gbzd8:",
    "\tCreating node orn-gluster-storage-003.openstacklocal ... ID: 
9e69ad050cdc41af61707319612e5f58",

    "\t\tAdding device /dev/vdb ... OK"
  ]
}

Any idea what's going wrong?

Tim

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: /etc/cni/net.d/ is sometimes empty

[Tim Dudgeon]

I created this issue that summarises the problem:
https://github.com/openshift/openshift-ansible/issues/7967

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users