Re: errors accessing egressnetworkpolicies.network.openshift.io when attempting to export project

[Graham Dumpleton]

For the basic Python application you wouldn't need to export most of those and 
for some doing so would cause problems when you try to load them again.

For a basic application with no secrets, configmaps or persistent volumes, all 
you need is:

oc export is,bc,dc,svc,route -o yaml


Do not include pods, replicationcontrollers or endpoints.

You also want to be selective about what you export by using a label selector.

oc export is,bc,dc,svc,route --selector app=yourappname -o yaml

That way you get just what is necessary for the application.

Before they can be reloaded in a fresh project or OpenShift instance, you would 
usually need to massage the result, especially fixing up image references and 
reverting them to image stream references.

Overall you are better off to export as a template and edit the result to 
create a template you can then deploy multiple times, where the application 
name is parameterised.

Graham

> On 2 Jun 2018, at 2:01 am, Brian Keyes  wrote:
> 
> I am attempting to follow these instructions 
> 
> https://docs.openshift.com/container-platform/3.7/day_two_guide/project_level_tasks.html
>  
> 
> 
> I want to backup THE sample python app and I created a script like this ( 
> from the documentation)
> 
> 
> 
> 
> $ for object in rolebindings serviceaccounts secrets imagestreamtags 
> podpreset cms egressnetworkpolicies rolebindingrestrictions limitranges 
> resourcequotas pvcs templates cronjobs statefulsets hpas deployments 
> replicasets poddisruptionbudget endpoints
> do
>   oc export $object -o yaml > $object.yaml
> done
> 
> -- 
> but when I run this I get some access denied errors like this , is this 
> saying that the objects I am attempting to back up do not exist?
> 
> 
> $ ./exportotherprojects.sh
> error: no resources found - nothing to export
> the server doesn't have a resource type "cms"
> Error from server (Forbidden): User "admin" cannot list 
> egressnetworkpolicies.network.openshift.io 
>  in the namespace 
> "sample-py": User "admin" cannot list 
> egressnetworkpolicies.network.openshift.io 
>  in project "sample-py" 
> (get egressnetworkpolicies.network.openshift.io 
> )
> error: no resources found - nothing to export
> error: no resources found - nothing to export
> error: no resources found - nothing to export
> the server doesn't have a resource type "pvcs"
> error: no resources found - nothing to export
> error: no resources found - nothing to export
> error: no resources found - nothing to export
> the server doesn't have a resource type "hpas"
> error: no resources found - nothing to export
> error: no resources found - nothing to export
> Error from server (Forbidden): User "admin" cannot list 
> poddisruptionbudgets.policy in the namespace "sample-py": User "admin" cannot 
> list poddisruptionbudgets.policy in project "sample-py" (get 
> poddisruptionbudgets.policy)
> 
> 
> thanks 
> 
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: [logging]

[Rich Megginson]

Not sure how logstash chooses which cert/key to use from the 
truststore.  You might ask on a logstash forum.


Or, just use the fluentd cert/key with plain old client cert and key 
files in pem format, if logstash supports that.  You can dump the 
fluentd ca, cert, and key using


oc extract -n logging secret/logging-fluentd --keys=cert --to=- 
fluentd-cert.pem


etc.


On 05/31/2018 06:02 AM, Himmat Singh wrote:

Hi,
Anybody worked on sending logs from logstash server (pod running on 
openshift) with existing elasticsearch of openshift efk solution which 
is secured with searchguard..


Please share configuration details how to get connectivity between them.

I am getting same kind of below error again again..



On Wed, May 30, 2018, 3:16 PM Himmat Singh 
mailto:himmat.singh.ba...@gmail.com>> 
wrote:


Hi Team,

I have deployed rabbitmq, logstash server on openshift to make
another ELK pipeline for logging which supports some set of
application and want to forward logs from those application logs
through ELK pipeline but Elasticsearch will be the common For both
EFK/ELK pipeline.

I have below secrets on openshift logging-elasticsearch :

|logging-elasticsearch created 3 months ago Opaque Reveal Secret
admin-ca * admin-cert * admin-key * admin.jks *
key * searchguard.key * searchguard.truststore *
truststore * |



I have grabbed truststore key using below command and used
truststore_password => tspass from elasticsaerch.yml :

|sudo oc get secret logging-elasticsearch --template='{{index .data
"truststore"}}' | base64 -d > truststore.jks |

Please help me with procedure i need to follow if i want to
connect using truststore keys,username,password for truststore.

Below is logstash.conf file : :

|input { rabbitmq { host => "rabbitmq-logstash" queue => "logstash"
durable => true port => 5672 user => "admin" password => "admin" }
} output { elasticsearch { hosts => ["logging-es:9200"] #cacert =>
'/etc/logstash/conf.d/keys/es-ca.crt' #user => 'fluentd' #password
=> 'changeme' ssl => true ssl_certificate_verification => false
truststore => "/etc/logstash/conf.d/keys/truststore.jks"
truststore_password => tspass index => "logstash-%{+.MM.dd}"
manage_template => false document_type => "%{[@metadata][type]}" }
stdout { codec => rubydebug } } |

I am facing below error:

10:51:56.154 [Ruby-0-Thread-5:

/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-7.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:228]
WARN logstash.outputs.elasticsearch - Attempted to resurrect
connection to dead ES instance, but got an error.
{:url=>"https://logging-es:9200/;,

:error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError,
:error=>"Got response code '401' contacting Elasticsearch at URL
'https://logging-es:9200/'"} 
10:52:01.155 [Ruby-0-Thread-5:

/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-7.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:228]
INFO logstash.outputs.elasticsearch - Running health check to see
if an Elasticsearch connection is working
{:healthcheck_url=>https://logging-es:9200/, :path=>"/"}
  | 10:52:01.158 [Ruby-0-Thread-5:

/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-7.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:228]
WARN logstash.outputs.elasticsearch - Attempted to resurrect
connection to dead ES instance, but got an error.
{:url=>"https://logging-es:9200/;,

:error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError,
:error=>"Got response code '401' contacting Elasticsearch at URL
'https://logging-es:9200/'"} 

Please help me with correct configuration how do i get all
parameter username, password and truststore_password, truststore,
ca certificate.


*Thanks and Regards, *
*Himmat Singh.*
*Virtusa|Polaris Pvt Ltd*
*8465009408*
*
*
*
*



___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: errors accessing egressnetworkpolicies.network.openshift.io when attempting to export project

[Joel Pearson]

I guess that means your admin user doesn’t have the cluster-admin role
On Sat, 2 Jun 2018 at 4:02 am, Brian Keyes  wrote:

> I am attempting to follow these instructions
>
>
> https://docs.openshift.com/container-platform/3.7/day_two_guide/project_level_tasks.html
>
> I want to backup THE sample python app and I created a script like this (
> from the documentation)
>
>
>
>
> $ for object in rolebindings serviceaccounts secrets imagestreamtags 
> podpreset cms egressnetworkpolicies rolebindingrestrictions limitranges 
> resourcequotas pvcs templates cronjobs statefulsets hpas deployments 
> replicasets poddisruptionbudget endpoints
> do
>   oc export $object -o yaml > $object.yaml
> done
>
>
> --
> but when I run this I get some access denied errors like this , is this
> saying that the objects I am attempting to back up do not exist?
>
>
> $ ./exportotherprojects.sh
> error: no resources found - nothing to export
> the server doesn't have a resource type "cms"
> Error from server (Forbidden): User "admin" cannot list
> egressnetworkpolicies.network.openshift.io in the namespace "sample-py":
> User "admin" cannot list egressnetworkpolicies.network.openshift.io in
> project "sample-py" (get egressnetworkpolicies.network.openshift.io)
> error: no resources found - nothing to export
> error: no resources found - nothing to export
> error: no resources found - nothing to export
> the server doesn't have a resource type "pvcs"
> error: no resources found - nothing to export
> error: no resources found - nothing to export
> error: no resources found - nothing to export
> the server doesn't have a resource type "hpas"
> error: no resources found - nothing to export
> error: no resources found - nothing to export
> Error from server (Forbidden): User "admin" cannot list
> poddisruptionbudgets.policy in the namespace "sample-py": User "admin"
> cannot list poddisruptionbudgets.policy in project "sample-py" (get
> poddisruptionbudgets.policy)
>
>
> thanks
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Issues using backup script in Red hat documentation to backup projects

[Brian Keyes]

I am using this  script that is mentioned in your documentation

https://docs.openshift.com/container-platform/3.7/day_two_guide/project_level_tasks.html


https://github.com/openshift/openshift-ansible-contrib/blob/master/reference-architecture/day2ops/scripts/project_export.sh

but when I run the script I get this error , what does this mean , should I
be concerned ?



egressnetworkpolicies.network.openshift.io in the namespace "sample-py":
User "admin" cannot list egressnetworkpolicies.network.openshift.io in
project "sample-py" (get egressnetworkpolicies.network.openshift.io)





bkeyes@AEM-9Q8N662 MINGW64
~/exports/friday/contrib/openshift-ansible-contrib/reference-architecture/day2ops/scripts
(master)
$ ./project_export.sh sample-py
###
# WARNING #
###
This script is distributed WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND
Beware ImageStreams objects are not importables due to the way they work
See https://github.com/openshift/openshift-ansible-contrib/issues/967
for more information
Exporting namespace to sample-py/ns.json
Exporting rolebindings to sample-py/rolebindings.json
Exporting serviceaccounts to sample-py/serviceaccounts.json
Exporting secrets to sample-py/secrets.json
Exporting deploymentconfigs to sample-py/dc_*.json
Patching DC...
Patching DC...
Exporting buildconfigs to sample-py/bcs.json
Exporting builds to sample-py/builds.json
Exporting imagestreams to sample-py/iss.json
Exporting imagestreamtags to sample-py/imagestreamtags.json
Exporting replicationcontrollers to sample-py/rcs.json
Exporting services to sample-py/svc_*.json
Exporting pods to sample-py/pods.json
Exporting podpreset to sample-py/podpreset.json
Exporting configmaps to sample-py/cms.json
Exporting egressnetworkpolicies to sample-py/egressnetworkpolicies.json
Error from server (Forbidden): User "admin" cannot list
egressnetworkpolicies.network.openshift.io in the namespace "sample-py":
User "admin" cannot list egressnetworkpolicies.network.openshift.io in
project "sample-py" (get egressnetworkpolicies.network.openshift.io)

-- 
thanks
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

errors accessing egressnetworkpolicies.network.openshift.io when attempting to export project

[Brian Keyes]

I am attempting to follow these instructions

https://docs.openshift.com/container-platform/3.7/day_two_guide/project_level_tasks.html

I want to backup THE sample python app and I created a script like this (
from the documentation)




$ for object in rolebindings serviceaccounts secrets imagestreamtags
podpreset cms egressnetworkpolicies rolebindingrestrictions
limitranges resourcequotas pvcs templates cronjobs statefulsets hpas
deployments replicasets poddisruptionbudget endpoints
do
  oc export $object -o yaml > $object.yaml
done


-- 
but when I run this I get some access denied errors like this , is this
saying that the objects I am attempting to back up do not exist?


$ ./exportotherprojects.sh
error: no resources found - nothing to export
the server doesn't have a resource type "cms"
Error from server (Forbidden): User "admin" cannot list
egressnetworkpolicies.network.openshift.io in the namespace "sample-py":
User "admin" cannot list egressnetworkpolicies.network.openshift.io in
project "sample-py" (get egressnetworkpolicies.network.openshift.io)
error: no resources found - nothing to export
error: no resources found - nothing to export
error: no resources found - nothing to export
the server doesn't have a resource type "pvcs"
error: no resources found - nothing to export
error: no resources found - nothing to export
error: no resources found - nothing to export
the server doesn't have a resource type "hpas"
error: no resources found - nothing to export
error: no resources found - nothing to export
Error from server (Forbidden): User "admin" cannot list
poddisruptionbudgets.policy in the namespace "sample-py": User "admin"
cannot list poddisruptionbudgets.policy in project "sample-py" (get
poddisruptionbudgets.policy)


thanks
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Export and import questions , I am getting duplicate items

[Brian Keyes]

ok thanks ,  you can ignore the other question I just posted

thanks!

On Fri, Jun 1, 2018 at 1:32 PM, Fernando Lozano  wrote:

> Hi Brian,
>
> You should not try to export and import the complete set of resources of a
> project. Many of them are supposed to be, in the lack of a better work,
> 'ephemeral', created as a consequence of the configChange trigger of other
> resources. Order matters, too. You should export select resources, such as:
>
> oc export bc,dc,is,svc,cm > project.yaml
>
> Even then, be prepared to manually clean out the project.yaml file because
> it will contain runtime attributes that may not make sense when imported
> back.
>
> []s, Fernando Lozano
>
>
> On Fri, Jun 1, 2018 at 1:16 PM, Brian Keyes  wrote:
>
>> HEllo , I am attempting to export and import a project but if I back the
>> project up wtih
>>
>>
>> oc export all -o yaml > project.yaml
>>
>> destroy my open-shift environment completely  and then restore with
>>
>> oc create -f project.yaml I get all kinds of errors , I am not sure why
>> this is
>>
>>
>>
>> $ oc create -f 151pm-bk.yml
>> deploymentconfig "django-ex-151pm-bk" created
>> buildconfig "django-ex-151pm-bk" created
>> build "django-ex-151pm-bk-1" created
>> imagestream "django-ex-151pm-bk" created
>> route "django-ex-151pm-bk" created
>> service "django-ex-151pm-bk" created
>> build "django-ex-151pm-bk-1" created
>> Error from server (Forbidden): pods "django-ex-151pm-bk-1-build" is
>> forbidden: unable to validate against any security context constraint:
>> [spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not
>> allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath
>> volumes are not allowed to be used provider restricted:
>> .spec.containers[0].securityContext.privileged: Invalid value: true:
>> Privileged containers are not allowed]
>> Error from server (Forbidden): pods "django-ex-151pm-bk-1-" is forbidden:
>> unable to validate against any security context constraint: [fsGroup:
>> Invalid value: []int64{100057}: 100057 is not an allowed group
>> seLinuxOptions.level: Invalid value: "s0:c24,c9": seLinuxOptions.level on
>> does not match required level.  Found s0:c24,c9, wanted s0:c12,c9
>> securityContext.runAsUser: Invalid value: 100057: UID on container
>> django-ex-151pm-bk does not match required range.  Found 100057,
>> required min: 100015 max: 100015 seLinuxOptions.level: Invalid
>> value: "s0:c24,c9": seLinuxOptions.level on django-ex-151pm-bk does not
>> match required level.  Found s0:c24,c9, wanted s0:c12,c9]
>> Error from server (Forbidden): replicationcontrollers
>> "django-ex-151pm-bk-1" is forbidden: cannot set blockOwnerDeletion if an
>> ownerReference refers to a resource you can't set finalizers on: User
>> "admin" cannot update deploymentconfigs/finalizers.apps.openshift.io in
>> project "151pm-bk", 
>> Error from server (AlreadyExists): buildconfigs "django-ex-151pm-bk"
>> already exists
>> Error from server (AlreadyExists): deploymentconfigs "django-ex-151pm-bk"
>> already exists
>> Error from server (AlreadyExists): imagestreams "django-ex-151pm-bk"
>> already exists
>> Error from server (AlreadyExists): routes "django-ex-151pm-bk" already
>> exis
>>
>>
>> --
>> thanks !
>>
>>
>> ___
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>>
>


-- 
Brian Keyes
Systems Engineer, Vizuri
703-855-9074(Mobile)
703-464-7030 x8239 (Office)

FOR OFFICIAL USE ONLY: This email and any attachments may contain
information that is privacy and business sensitive.  Inappropriate or
unauthorized disclosure of business and privacy sensitive information may
result in civil and/or criminal penalties as detailed in as amended Privacy
Act of 1974 and DoD 5400.11-R.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Export and import questions , I am getting duplicate items

[Fernando Lozano]

Hi Brian,

You should not try to export and import the complete set of resources of a
project. Many of them are supposed to be, in the lack of a better work,
'ephemeral', created as a consequence of the configChange trigger of other
resources. Order matters, too. You should export select resources, such as:

oc export bc,dc,is,svc,cm > project.yaml

Even then, be prepared to manually clean out the project.yaml file because
it will contain runtime attributes that may not make sense when imported
back.

[]s, Fernando Lozano


On Fri, Jun 1, 2018 at 1:16 PM, Brian Keyes  wrote:

> HEllo , I am attempting to export and import a project but if I back the
> project up wtih
>
>
> oc export all -o yaml > project.yaml
>
> destroy my open-shift environment completely  and then restore with
>
> oc create -f project.yaml I get all kinds of errors , I am not sure why
> this is
>
>
>
> $ oc create -f 151pm-bk.yml
> deploymentconfig "django-ex-151pm-bk" created
> buildconfig "django-ex-151pm-bk" created
> build "django-ex-151pm-bk-1" created
> imagestream "django-ex-151pm-bk" created
> route "django-ex-151pm-bk" created
> service "django-ex-151pm-bk" created
> build "django-ex-151pm-bk-1" created
> Error from server (Forbidden): pods "django-ex-151pm-bk-1-build" is
> forbidden: unable to validate against any security context constraint:
> [spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not
> allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath
> volumes are not allowed to be used provider restricted: 
> .spec.containers[0].securityContext.privileged:
> Invalid value: true: Privileged containers are not allowed]
> Error from server (Forbidden): pods "django-ex-151pm-bk-1-" is forbidden:
> unable to validate against any security context constraint: [fsGroup:
> Invalid value: []int64{100057}: 100057 is not an allowed group
> seLinuxOptions.level: Invalid value: "s0:c24,c9": seLinuxOptions.level on
> does not match required level.  Found s0:c24,c9, wanted s0:c12,c9
> securityContext.runAsUser: Invalid value: 100057: UID on container
> django-ex-151pm-bk does not match required range.  Found 100057,
> required min: 100015 max: 100015 seLinuxOptions.level: Invalid
> value: "s0:c24,c9": seLinuxOptions.level on django-ex-151pm-bk does not
> match required level.  Found s0:c24,c9, wanted s0:c12,c9]
> Error from server (Forbidden): replicationcontrollers
> "django-ex-151pm-bk-1" is forbidden: cannot set blockOwnerDeletion if an
> ownerReference refers to a resource you can't set finalizers on: User
> "admin" cannot update deploymentconfigs/finalizers.apps.openshift.io in
> project "151pm-bk", 
> Error from server (AlreadyExists): buildconfigs "django-ex-151pm-bk"
> already exists
> Error from server (AlreadyExists): deploymentconfigs "django-ex-151pm-bk"
> already exists
> Error from server (AlreadyExists): imagestreams "django-ex-151pm-bk"
> already exists
> Error from server (AlreadyExists): routes "django-ex-151pm-bk" already exis
>
>
> --
> thanks !
>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

question about backing up via export

[Brian Keyes]

it the proper way to export and restore an app ?


1. create the app
2. on the command line switch to your project
3. export the project with "oc export all -o yaml > project.yaml"
4. delete the project
5. manually recreate the project
6. switch to the project
7. restore the project with  "oc create -f project.yaml"
8. ignore the duplication errors


$ oc create -f sample-py.yml
deploymentconfig "django-ex" created
deploymentconfig "ruby-ex" created
buildconfig "django-ex" created
buildconfig "ruby-ex" created
build "ruby-ex-1" created
imagestream "django-ex" created
imagestream "ruby-22-centos7" created
imagestream "ruby-ex" created
route "django-ex" created
route "ruby-ex" created
service "django-ex" created
service "ruby-ex" created
build "ruby-ex-1" created
Error from server (AlreadyExists): builds "django-ex-1" already exists
Error from server (Forbidden): pods "django-ex-1-" is forbidden: unable to
validate against any security context constraint: [fsGroup: Invalid value:
[]int64{100018}: 100018 is not an allowed group
seLinuxOptions.level: Invalid value: "s0:c13,c12": seLinuxOptions.level on
does not match required level.  Found s0:c13,c12, wanted s0:c14,c4
securityContext.runAsUser: Invalid value: 100018: UID on container
django-ex does not match required range.  Found 100018, required min:
100019 max: 100019 seLinuxOptions.level: Invalid value:
"s0:c13,c12": seLinuxOptions.level on django-ex does not match required
level.  Found s0:c13,c12, wanted s0:c14,c4]
Error from server (Forbidden): pods "django-ex-1-build" is forbidden:
unable to validate against any security context constraint:
[spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not
allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath
volumes are not allowed to be used provider restricted:
.spec.containers[0].securityContext.privileged: Invalid value: true:
Privileged containers are not allowed]
Error from server (Forbidden): pods "ruby-ex-1-build" is forbidden: unable
to validate against any security context constraint: [spec.volumes[1]:
Invalid value: "hostPath": hostPath volumes are not allowed to be used
spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not
allowed to be used provider restricted:
.spec.containers[0].securityContext.privileged: Invalid value: true:
Privileged containers are not allowed]
Error from server (Forbidden): pods "ruby-ex-1-" is forbidden: unable to
validate against any security context constraint: [fsGroup: Invalid value:
[]int64{100018}: 100018 is not an allowed group
seLinuxOptions.level: Invalid value: "s0:c13,c12": seLinuxOptions.level on
does not match required level.  Found s0:c13,c12, wanted s0:c14,c4
securityContext.runAsUser: Invalid value: 100018: UID on container
ruby-ex does not match required range.  Found 100018, required min:
100019 max: 100019 seLinuxOptions.level: Invalid value:
"s0:c13,c12": seLinuxOptions.level on ruby-ex does not match required
level.  Found s0:c13,c12, wanted s0:c14,c4]
Error from server (Forbidden): replicationcontrollers "django-ex-1" is
forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a
resource you can't set finalizers on: User "admin" cannot update
deploymentconfigs/finalizers.apps.openshift.io in project "sample-py", 
Error from server (Forbidden): replicationcontrollers "ruby-ex-1" is
forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a
resource you can't set finalizers on: User "admin" cannot update
deploymentconfigs/finalizers.apps.openshift.io in project "sample-py", 
Error from server (AlreadyExists): buildconfigs "django-ex" already exists
Error from server (AlreadyExists): buildconfigs "ruby-ex" already exists
Error from server (AlreadyExists): builds "django-ex-1" already exists
Error from server (AlreadyExists): deploymentconfigs "django-ex" already
exists
Error from server (AlreadyExists): deploymentconfigs "ruby-ex" already
exists
Error from server (AlreadyExists): imagestreams "django-ex" already exists
Error from server (AlreadyExists): imagestreams "ruby-22-centos7" already
exists
Error from server (AlreadyExists): imagestreams "ruby-ex" already exists
Error from server (AlreadyExists): routes "django-ex" already exists
Error from server (AlreadyExists): routes "ruby-ex" already exists
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Export and import questions , I am getting duplicate items

[Brian Keyes]

HEllo , I am attempting to export and import a project but if I back the
project up wtih


oc export all -o yaml > project.yaml

destroy my open-shift environment completely  and then restore with

oc create -f project.yaml I get all kinds of errors , I am not sure why
this is



$ oc create -f 151pm-bk.yml
deploymentconfig "django-ex-151pm-bk" created
buildconfig "django-ex-151pm-bk" created
build "django-ex-151pm-bk-1" created
imagestream "django-ex-151pm-bk" created
route "django-ex-151pm-bk" created
service "django-ex-151pm-bk" created
build "django-ex-151pm-bk-1" created
Error from server (Forbidden): pods "django-ex-151pm-bk-1-build" is
forbidden: unable to validate against any security context constraint:
[spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not
allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath
volumes are not allowed to be used provider restricted:
.spec.containers[0].securityContext.privileged: Invalid value: true:
Privileged containers are not allowed]
Error from server (Forbidden): pods "django-ex-151pm-bk-1-" is forbidden:
unable to validate against any security context constraint: [fsGroup:
Invalid value: []int64{100057}: 100057 is not an allowed group
seLinuxOptions.level: Invalid value: "s0:c24,c9": seLinuxOptions.level on
does not match required level.  Found s0:c24,c9, wanted s0:c12,c9
securityContext.runAsUser: Invalid value: 100057: UID on container
django-ex-151pm-bk does not match required range.  Found 100057,
required min: 100015 max: 100015 seLinuxOptions.level: Invalid
value: "s0:c24,c9": seLinuxOptions.level on django-ex-151pm-bk does not
match required level.  Found s0:c24,c9, wanted s0:c12,c9]
Error from server (Forbidden): replicationcontrollers
"django-ex-151pm-bk-1" is forbidden: cannot set blockOwnerDeletion if an
ownerReference refers to a resource you can't set finalizers on: User
"admin" cannot update deploymentconfigs/finalizers.apps.openshift.io in
project "151pm-bk", 
Error from server (AlreadyExists): buildconfigs "django-ex-151pm-bk"
already exists
Error from server (AlreadyExists): deploymentconfigs "django-ex-151pm-bk"
already exists
Error from server (AlreadyExists): imagestreams "django-ex-151pm-bk"
already exists
Error from server (AlreadyExists): routes "django-ex-151pm-bk" already exis


-- 
thanks !
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Openshift can I export a project and restore to another Openshift environment ?

[Frederic Giloux]

putting the mailing list back.
I am not aware of anything further than the script [1] referenced in the
day 2 guide, which can easily be called in a loop on all the project names
returned by "oc get project"

[1]
https://github.com/openshift/openshift-ansible-contrib/blob/master/reference-architecture/day2ops/scripts/project_export.sh

Regards,

Frédéric

On Thu, May 31, 2018 at 11:26 PM, Brian Keyes  wrote:

> thanks !!!
>
>
> is there a script to backup every single project in the entire openshift?
>
> thanks again!
>
> On Thu, May 31, 2018 at 4:23 PM, Frederic Giloux 
> wrote:
>
>> Hi Brian
>>
>> this is a bit more detailed here, including for instance the caveat in
>> regard of dc and imagestreams:
>> https://docs.openshift.com/container-platform/3.7/day_two_
>> guide/project_level_tasks.html
>>
>> Regards,
>>
>> Frédéric
>>
>> On Thu, May 31, 2018 at 6:10 PM, Brian Keyes  wrote:
>>
>>> https://docs.openshift.com/container-platform/3.7/admin_guid
>>> e/backup_restore.html#bringing-openshift-services-back-online
>>>
>>> I found this but if anyone has some best practices or comments , I am
>>> all ears!!!
>>>
>>> On Thu, May 31, 2018 at 10:40 AM, Brian Keyes  wrote:
>>>
 Is it possible to export a complete project and then restore it to
 another openshift ?


 can I do this via GUI or command line ?


 thanks


>>>
>>>
>>> --
>>> Brian Keyes
>>> Systems Engineer, Vizuri
>>> 703-855-9074(Mobile)
>>> 703-464-7030 x8239 (Office)
>>>
>>> FOR OFFICIAL USE ONLY: This email and any attachments may contain
>>> information that is privacy and business sensitive.  Inappropriate or
>>> unauthorized disclosure of business and privacy sensitive information may
>>> result in civil and/or criminal penalties as detailed in as amended Privacy
>>> Act of 1974 and DoD 5400.11-R.
>>>
>>>
>>> ___
>>> users mailing list
>>> users@lists.openshift.redhat.com
>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>>
>>>
>>
>>
>> --
>> *Frédéric Giloux*
>> Principal App Dev Consultant
>> Red Hat Germany
>>
>> fgil...@redhat.com M: +49-174-172-4661
>>
>> redhat.com | TRIED. TESTED. TRUSTED. | redhat.com/trusted
>> 
>> Red Hat GmbH, http://www.de.redhat.com/ Sitz: Grasbrunn,
>> Handelsregister: Amtsgericht München, HRB 153243
>> Geschäftsführer: Paul Argiry, Charles Cachera, Michael Cunningham,
>> Michael O'Neill
>>
>
>
>
> --
> Brian Keyes
> Systems Engineer, Vizuri
> 703-855-9074(Mobile)
> 703-464-7030 x8239 (Office)
>
> FOR OFFICIAL USE ONLY: This email and any attachments may contain
> information that is privacy and business sensitive.  Inappropriate or
> unauthorized disclosure of business and privacy sensitive information may
> result in civil and/or criminal penalties as detailed in as amended Privacy
> Act of 1974 and DoD 5400.11-R.
>
>


-- 
*Frédéric Giloux*
Principal App Dev Consultant
Red Hat Germany

fgil...@redhat.com M: +49-174-172-4661

redhat.com | TRIED. TESTED. TRUSTED. | redhat.com/trusted

Red Hat GmbH, http://www.de.redhat.com/ Sitz: Grasbrunn,
Handelsregister: Amtsgericht München, HRB 153243
Geschäftsführer: Paul Argiry, Charles Cachera, Michael Cunningham, Michael
O'Neill
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users