OpenShift / Kubernetes federation
Hi, will OpenShift support https://kubernetes.io/docs/concepts/cluster-administration/federation/ multidatacenter deployment? Thanks. David Strejc t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Using source secret inside build container
Is there any way how I can use source secret inside build container? Our npm install build command needs access to internal git repository and I need to somehow pass same ssh key (inside secret for source) to npm install. Thank you. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Referencing between individual services
I got project and under that project I got deployed Java application. It has its own route, service, bc, dc. Now I will have another application build via npm and served by Nginx. I want that nginx to proxy my Java application (just setting proxy inside Nginx config) - does anybody have ideal "how to" for doing that? I will convince Nginx (http://stackoverflow.com/questions/21866477/nginx-use-environment-variables) to use env variables if desired. But what is the reight approach to referencing between individual pods (which has its own routes, bc , dc). Thank you. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
How to manage images within Open Shift internal docker registry / HA of docker registry
Is there any way how I can remove unused or old images from internal Open Shift docker registry? And other question - is there any documentation for HA deployment of Open Shift docker registry as this can be single point of failure? Thank you. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: How are codes injected into builder image?
I will answer my own question: sources goes to /opt/s2i/destination I don't know if this is image specific - I've just not encountered this particular info in any documentation. Thank you. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com On Fri, Oct 14, 2016 at 1:12 PM, David Strejc <david.str...@gmail.com> wrote: > I am using Wildfly builder image (just for testing purposes) > and I wrote my own assemble and run scripts. > > What am I doing wrong when I need to do git clone > inside of assemble script? > > When openshift triggers build it downloads provided > git url and then injects .s2i scripts into builder image > but how and where are codes injected into builder image? > > What am I missing? > > Thanks for any suggestion - links, docs etc. I am trying > to get into build process. > > David Strejc > https://octopussystems.cz > t: +420734270131 > e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
How are codes injected into builder image?
I am using Wildfly builder image (just for testing purposes) and I wrote my own assemble and run scripts. What am I doing wrong when I need to do git clone inside of assemble script? When openshift triggers build it downloads provided git url and then injects .s2i scripts into builder image but how and where are codes injected into builder image? What am I missing? Thanks for any suggestion - links, docs etc. I am trying to get into build process. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Container can ping external network but cannot telnet
I've experienced issue with folowing setup: Hypervisor with 3 virrtual machines installed. On top of it runnig Open Shift Origin v1.3. When I create container it can ping external IPs but when I try to telnet external service it times out. Thank you for any advice. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Deploying scala application
Hello, does anybody have functional deployment of Scala application or experience with building and deploying Scala application to OpenShift cluster? Thank you. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Open Shift Ansible ignoring openshift_ip variable
I got following config for Open Shit Ansible:
# host group for nodes, includes region info
[nodes]
192.168.50.11 openshift_node_labels="{'region': 'infra', 'zone':
'default'}" openshift_ip=192.168.50.11
openshift_public_ip=192.168.50.11
192.168.50.12 openshift_node_labels="{'region': 'primary', 'zone':
'east'}" openshift_ip=192.168.50.12 openshift_public_ip=192.168.50.12
192.168.50.13 openshift_node_labels="{'region': 'primary', 'zone':
'west'}" openshift_ip=192.168.50.13 openshift_public_ip=192.168.50.13
but ansible installer is still using 10.0.2.15 (eth0 with default
route) for Open Shift master and Nodes ip internal address.
Any idea?
David Strejc
https://octopussystems.cz
t: +420734270131
e: david.str...@gmail.com
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Dockers will be consuming large amount of memory
Dear all, does anyone have experience with running "big microservices"? We got scenario where we expect process in docker consuming about 120GB of RAM. Let's say when I got server with 512GB of RAM will I be able to setup Open Shift in a way that it will deploy 4 running docker images onto individual nodes? Many thanks. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Adding master to 3 node install
I got basic setup with 3 physical nodes running open shift nodes and on first node there is installed master server. Is there a way how I can add master server into this scenario? I would like to have HA setup. I've used openshift ansible for setup. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
API client / library / javascript
Is there any API client (other than oc) or library ideally for javascript or we must implement whole REST API calls ourselves? Many thanks for any direction. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Using one image from central repository for all projects
I can give access to one user under which we are creating many projects. Or we will look into creating images under "openshift" project. Thanks for quick reply. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com On Thu, Aug 4, 2016 at 11:19 AM, Maciej Szulik <maszu...@redhat.com> wrote: > By default all the users have access to openshift project in the cluster, > our default installation script > usually creates a set of standard images in there [1]. This way all the > users have access to them > and you could leverage this. Other option is to create your own project that > will be available to all users, > iow. you need to to give them all that access. > > As for the auto rebuilds, this depends on the BuildConfig author to create > an Image Change Trigger [2], > which are created for you automatically when creating an application either > using CLI or the web console. > But they can still be turned off by the author afterwards. > > Maciej > > [1] > https://docs.openshift.org/latest/install_config/imagestreams_templates.html > [2] > https://docs.openshift.org/latest/dev_guide/builds.html#image-change-triggers > > On Thu, Aug 4, 2016 at 11:04 AM, David Strejc <david.str...@gmail.com> > wrote: >> >> Dear all, >> >> is there a way how I can use one image from registry (lets say I want >> to use same Nginx for every project) so individual projects don't have >> this image and everytime Docker image is used it is used from one >> source lets say Open shift project? >> >> Will then be all images rebuilded when there is change in this main image? >> >> What should I read - what is the right approach to do this? >> >> Thanks. >> >> David Strejc >> https://octopussystems.cz >> t: +420734270131 >> e: david.str...@gmail.com >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Using one image from central repository for all projects
Dear all, is there a way how I can use one image from registry (lets say I want to use same Nginx for every project) so individual projects don't have this image and everytime Docker image is used it is used from one source lets say Open shift project? Will then be all images rebuilded when there is change in this main image? What should I read - what is the right approach to do this? Thanks. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: How to get rid of user certificate on Mac?
Thanks! Bug is fair enough ;-) David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com On Fri, Jul 22, 2016 at 3:19 PM, Jordan Liggitt <jligg...@redhat.com> wrote: > The openshift server is already sending information about which client > certificates are accepted. Unfortunately, there is a bug in safari that > prompts users to select certificates, even when none are available that > match the CA required by the server (see > https://bugzilla.redhat.com/show_bug.cgi?id=1259029#c5). Other browsers > (Firefox, chrome, etc) handle this correctly and do not prompt. > > > > > On Jul 22, 2016, at 9:15 AM, David Strejc <david.str...@gmail.com> wrote: > > Dear all, > > my collegues are using Macs (sad but true ;-) and they are reporting > that Open Shift bothers them with client certificate (unfortunatelly I > can't reproduce this issue - I don't have Mac). > > We got self signed certificate on Open Shift Master. > > Is there any way how to prevent Mac or how to configure Open Shift to > not disturb Mac users with Client Certificate? > > Many thanks! > > David Strejc > https://octopussystems.cz > t: +420734270131 > e: david.str...@gmail.com > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
How to get rid of user certificate on Mac?
Dear all, my collegues are using Macs (sad but true ;-) and they are reporting that Open Shift bothers them with client certificate (unfortunatelly I can't reproduce this issue - I don't have Mac). We got self signed certificate on Open Shift Master. Is there any way how to prevent Mac or how to configure Open Shift to not disturb Mac users with Client Certificate? Many thanks! David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
How to edit node port in service?
Here is the link to printscreen of mine where I am trying to configure service after the creation of pods. https://octopussystems.cz/images/service.png I've successfully added pod under service. My docker image is exposing port 9090. I got route attached to service. But there is Node Port (which is for me confusing as I don't know what this means) and I can't configure it so the Service is not working. Is this scenario feasible? As I've created Pod before service and I am trying to put it under service after the creation. Many thanks for any suggestions (docs or other). David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Open Shift v 1.2.1 not deploying docker images to master
Now I did ;-) And it worsk like a charm. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com On Wed, Jul 20, 2016 at 2:38 PM, Tomáš Kukrál <t...@6shore.net> wrote: > Hi, > have you configured openshift_schedulable=true in your hosts file? > > Can you provide list of hosts and its tags? > > Tomáš Kukrál > > > On 07-20 12:07, David Strejc wrote: >> >> Hello all, >> >> I got fresh setup of OS Origin 1.2.1 and it is not deployint docker >> images onto master host (which is also node). >> >> Where should I look at? >> >> Many thanks! >> >> David Strejc >> https://octopussystems.cz >> t: +420734270131 >> e: david.str...@gmail.com >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: users Digest, Vol 48, Issue 67
Thanks - I've seen - it is a new option for me. David Strejc https://octopussystems.cz t: +420734270131 e: david.str...@gmail.com On Wed, Jul 20, 2016 at 1:48 PM, Guilherme Macedo <guilhe...@gmacedo.com> wrote: > Hi David. > > Is you master node flagged as schedulable? > If it is not, you can see this with: > # oc get nodes > > Best regards. > > Guilherme Macedo | guilhe...@gmacedo.com > Information Security | www.gmacedo.com > > >> >> Message: 2 >> Date: Wed, 20 Jul 2016 12:09:53 +0200 >> From: David Strejc <david.str...@gmail.com> >> To: "users@lists.openshift.redhat.com" >> <users@lists.openshift.redhat.com> >> Subject: Open Shift v 1.2.1 not deploying docker images to master >> Message-ID: >> >>
Re: Since 1.1.6 failing deployments
And what about error with teardown network? https://bugzilla.redhat.com/show_bug.cgi?id=1322077 It seems that this particular error is there for 1.1.6 also - or is this caused also because of SCC? David Strejc t: +420734270131 e: david.str...@gmail.com On Mon, Apr 11, 2016 at 2:58 PM, David Strejc <david.str...@gmail.com> wrote: > Where exactly should this be done globally? > > > David Strejc > t: +420734270131 > e: david.str...@gmail.com > > On Mon, Apr 11, 2016 at 2:50 PM, Clayton Coleman <ccole...@redhat.com> > wrote: > >> The default security context constraint was tightened to prevent >> unauthorized users from directly using any volume in the cluster. You can >> add glusterfs to the "restricted" SCC's allowedFSType field (or create your >> own SCC) >> >> On Apr 11, 2016, at 3:34 AM, David Strejc <david.str...@gmail.com> wrote: >> >> Dear all, >> >> we got following errors appearing since 1.1.6: >> >> >> Error syncing pod, skipping: failed to "TeardownNetwork" for >> "redmine-app-1-deploy_masi" with TeardownNetworkError: "Failed to teardown >> network for pod \"ca572238-ffb2-11e5-9cfc-386077264a54\" using network >> plugins \"redhat/openshift-ovs-subnet\": exit status 1" >> >> Error creating: pods "redmine-app-1-" is forbidden: unable to validate >> against any security context constraint: >> [spec.containers[0].securityContext.volumes[0]: Invalid value: "glusterfs": >> glusterfs volumes are not allowed to be used] >> >> Cannot update deployment masi/redmine-app-2 status to Pending: >> replicationcontrollers "redmine-app-2" cannot be updated: the object has >> been modified; please apply your changes to the latest version and try again >> >> >> David Strejc >> t: +420734270131 >> e: david.str...@gmail.com >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Since 1.1.6 failing deployments
Where exactly should this be done globally? David Strejc t: +420734270131 e: david.str...@gmail.com On Mon, Apr 11, 2016 at 2:50 PM, Clayton Coleman <ccole...@redhat.com> wrote: > The default security context constraint was tightened to prevent > unauthorized users from directly using any volume in the cluster. You can > add glusterfs to the "restricted" SCC's allowedFSType field (or create your > own SCC) > > On Apr 11, 2016, at 3:34 AM, David Strejc <david.str...@gmail.com> wrote: > > Dear all, > > we got following errors appearing since 1.1.6: > > > Error syncing pod, skipping: failed to "TeardownNetwork" for > "redmine-app-1-deploy_masi" with TeardownNetworkError: "Failed to teardown > network for pod \"ca572238-ffb2-11e5-9cfc-386077264a54\" using network > plugins \"redhat/openshift-ovs-subnet\": exit status 1" > > Error creating: pods "redmine-app-1-" is forbidden: unable to validate > against any security context constraint: > [spec.containers[0].securityContext.volumes[0]: Invalid value: "glusterfs": > glusterfs volumes are not allowed to be used] > > Cannot update deployment masi/redmine-app-2 status to Pending: > replicationcontrollers "redmine-app-2" cannot be updated: the object has > been modified; please apply your changes to the latest version and try again > > > David Strejc > t: +420734270131 > e: david.str...@gmail.com > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Kubernetes endpoints
I've went through Kubernetes documentation and according to Endpoints I've found only this: * http://kubernetes.io/docs/user-guide/services/ and there is nothing about any logic inside Endpoints / Services which can check if particular endpoint is up and running. If there can be any simple solution to our problem - we will be amazed! David Strejc t: +420734270131 e: david.str...@gmail.com On Wed, Apr 6, 2016 at 2:02 PM, Ben Parees <bpar...@redhat.com> wrote: > > > On Wed, Apr 6, 2016 at 5:26 AM, David Strejc <david.str...@gmail.com> > wrote: > >> Our whole team have agreed on following solution: >> >> * We will install nearly same service as ha-proxy router in Open Shift is. >> >> * We will have ha proxy in docker container inside Open Shift on each node >> this will serve as connection point from our applications - we will >> create service out >> of this HA Proxy dockers >> >> * In case of failure Kubernetes will know about issue and we can use >> readiness for >> this purpose inside so we will have HA Proxy in front of our >> infrastructure of MariaDBs >> > > I guess it sounds like something that could work, but I suspect there > might be other ways to communicate endpoint state to the service definition > that don't require this extra hop. Adding Ben Bennett from the team that > owns routing. > > > > > >> >> Do we have to use the same system for GlusterFS? >> >> Use case: >> >> We got glusterfs on each openshift node and they serve as storage for >> data. We got >> Endpoints inside our template and it points to GlusterFS according to >> Open Shift >> documentation for GlusterFS. >> >> If one node fails - Kubernetes will reschedule all containers on >> different node, but >> what about GlusterFS - will there still be requests to failed node from >> our apps? >> >> Due to Kubernetes documentation it chooses Endpoints at random from all >> endpoints >> specified. Does this apply also to GlusterFS plugin? If so wee need to >> setup HAProxy >> also for GlusterFS storage. >> >> Does this make a little bit sense or are we completely wrong with our >> design? >> >> I can send design scheme if it will help. >> >> Many thanks for your help and time. >> >> David Strejc >> t: +420734270131 >> e: david.str...@gmail.com >> >> On Tue, Apr 5, 2016 at 6:28 PM, David Strejc <david.str...@gmail.com> >> wrote: >> >>> And what about GlusterFS - does Open Shift driver support checking if >>> GlusterFS endpoint is up and running? >>> >>> >>> >>> David Strejc >>> t: +420734270131 >>> e: david.str...@gmail.com >>> >>> On Tue, Apr 5, 2016 at 5:54 PM, Ben Parees <bpar...@redhat.com> wrote: >>> >>>> >>>> >>>> On Tue, Apr 5, 2016 at 11:26 AM, Tomáš Kukrál <t...@6shore.net> wrote: >>>> >>>>> Hi, >>>>> is it really possible to attach Endpoint? >>>>> >>>>> I think readiness probes are limited to containers and thus is can not >>>>> solve David's problem because mysql servers are running outside of >>>>> OpenShift. >>>>> >>>>> >>>> sorry, didn't realize it's an external service, my advice would not >>>> apply if that is the case. >>>> >>>> >>>> >>>> >>>>> tom >>>>> >>>>> >>>>> >>>>> On 04-05 09:04, Ben Parees wrote: >>>>> > On Tue, Apr 5, 2016 at 3:59 AM, David Strejc <david.str...@gmail.com> >>>>> wrote: >>>>> > >>>>> > > Dear all, >>>>> > > >>>>> > > my use case is as follows: >>>>> > > >>>>> > > I got MariaDB galera cluster on each node I got Open Shift >>>>> installed on >>>>> > > (they are bare metals). >>>>> > > >>>>> > > I've created endpoints such as this: >>>>> > > >>>>> > > - apiVersion: v1 >>>>> > > kind: Endpoints >>>>> > > metadata: >>>>> > > name: mysql >>>>> > > subsets: >>>>> > >- addresses: >>>>> > > - ip: 10.3.0.1 >>>>> > > ports: >>>>> &
Re: Kubernetes endpoints
Our whole team have agreed on following solution: * We will install nearly same service as ha-proxy router in Open Shift is. * We will have ha proxy in docker container inside Open Shift on each node this will serve as connection point from our applications - we will create service out of this HA Proxy dockers * In case of failure Kubernetes will know about issue and we can use readiness for this purpose inside so we will have HA Proxy in front of our infrastructure of MariaDBs Do we have to use the same system for GlusterFS? Use case: We got glusterfs on each openshift node and they serve as storage for data. We got Endpoints inside our template and it points to GlusterFS according to Open Shift documentation for GlusterFS. If one node fails - Kubernetes will reschedule all containers on different node, but what about GlusterFS - will there still be requests to failed node from our apps? Due to Kubernetes documentation it chooses Endpoints at random from all endpoints specified. Does this apply also to GlusterFS plugin? If so wee need to setup HAProxy also for GlusterFS storage. Does this make a little bit sense or are we completely wrong with our design? I can send design scheme if it will help. Many thanks for your help and time. David Strejc t: +420734270131 e: david.str...@gmail.com On Tue, Apr 5, 2016 at 6:28 PM, David Strejc <david.str...@gmail.com> wrote: > And what about GlusterFS - does Open Shift driver support checking if > GlusterFS endpoint is up and running? > > > > David Strejc > t: +420734270131 > e: david.str...@gmail.com > > On Tue, Apr 5, 2016 at 5:54 PM, Ben Parees <bpar...@redhat.com> wrote: > >> >> >> On Tue, Apr 5, 2016 at 11:26 AM, Tomáš Kukrál <t...@6shore.net> wrote: >> >>> Hi, >>> is it really possible to attach Endpoint? >>> >>> I think readiness probes are limited to containers and thus is can not >>> solve David's problem because mysql servers are running outside of >>> OpenShift. >>> >>> >> sorry, didn't realize it's an external service, my advice would not >> apply if that is the case. >> >> >> >> >>> tom >>> >>> >>> >>> On 04-05 09:04, Ben Parees wrote: >>> > On Tue, Apr 5, 2016 at 3:59 AM, David Strejc <david.str...@gmail.com> >>> wrote: >>> > >>> > > Dear all, >>> > > >>> > > my use case is as follows: >>> > > >>> > > I got MariaDB galera cluster on each node I got Open Shift installed >>> on >>> > > (they are bare metals). >>> > > >>> > > I've created endpoints such as this: >>> > > >>> > > - apiVersion: v1 >>> > > kind: Endpoints >>> > > metadata: >>> > > name: mysql >>> > > subsets: >>> > >- addresses: >>> > > - ip: 10.3.0.1 >>> > > ports: >>> > > - port: 3306 >>> > >- addresses: >>> > > - ip: 10.3.1.1 >>> > > ports: >>> > > - port: 3306 >>> > >- addresses: >>> > > - ip: 10.3.2.1 >>> > > ports: >>> > > - port: 3306 >>> > > >>> > > And I got service which points to this endpoint. >>> > > >>> > > My question is - Kubernetes doesn't have any kind of "HA proxy mode" >>> so it >>> > > can tell that any of nodes behind Endpoint is failing? So lets say I >>> got >>> > > 10.3.0.1 mysql service stopped and kubernetes round robins >>> connection to >>> > > this host so every third request on my webapp is failing? >>> > > >>> > > This is what I've experienced in my setup. >>> > > >>> > > Am I doing something wrong? Or is this a standard behaviour so I >>> have to >>> > > deploy HA Proxy in between the endpoints and my MySQL database >>> cluster? >>> > > >>> > >>> > this what readiness checks are for. If a container fails its >>> readiness >>> > check, the endpoint will be removed from the list so it does not serve >>> > requests: >>> > >>> > >>> https://docs.openshift.org/latest/dev_guide/application_health.html#container-health-checks-using-probes >>> > >>> > >>> > >>> > >>> > >>> > > >>> >
Re: Kubernetes endpoints
And what about GlusterFS - does Open Shift driver support checking if GlusterFS endpoint is up and running? David Strejc t: +420734270131 e: david.str...@gmail.com On Tue, Apr 5, 2016 at 5:54 PM, Ben Parees <bpar...@redhat.com> wrote: > > > On Tue, Apr 5, 2016 at 11:26 AM, Tomáš Kukrál <t...@6shore.net> wrote: > >> Hi, >> is it really possible to attach Endpoint? >> >> I think readiness probes are limited to containers and thus is can not >> solve David's problem because mysql servers are running outside of >> OpenShift. >> >> > sorry, didn't realize it's an external service, my advice would not apply > if that is the case. > > > > >> tom >> >> >> >> On 04-05 09:04, Ben Parees wrote: >> > On Tue, Apr 5, 2016 at 3:59 AM, David Strejc <david.str...@gmail.com> >> wrote: >> > >> > > Dear all, >> > > >> > > my use case is as follows: >> > > >> > > I got MariaDB galera cluster on each node I got Open Shift installed >> on >> > > (they are bare metals). >> > > >> > > I've created endpoints such as this: >> > > >> > > - apiVersion: v1 >> > > kind: Endpoints >> > > metadata: >> > > name: mysql >> > > subsets: >> > >- addresses: >> > > - ip: 10.3.0.1 >> > > ports: >> > > - port: 3306 >> > >- addresses: >> > > - ip: 10.3.1.1 >> > > ports: >> > > - port: 3306 >> > >- addresses: >> > > - ip: 10.3.2.1 >> > > ports: >> > > - port: 3306 >> > > >> > > And I got service which points to this endpoint. >> > > >> > > My question is - Kubernetes doesn't have any kind of "HA proxy mode" >> so it >> > > can tell that any of nodes behind Endpoint is failing? So lets say I >> got >> > > 10.3.0.1 mysql service stopped and kubernetes round robins connection >> to >> > > this host so every third request on my webapp is failing? >> > > >> > > This is what I've experienced in my setup. >> > > >> > > Am I doing something wrong? Or is this a standard behaviour so I have >> to >> > > deploy HA Proxy in between the endpoints and my MySQL database >> cluster? >> > > >> > >> > this what readiness checks are for. If a container fails its readiness >> > check, the endpoint will be removed from the list so it does not serve >> > requests: >> > >> > >> https://docs.openshift.org/latest/dev_guide/application_health.html#container-health-checks-using-probes >> > >> > >> > >> > >> > >> > > >> > > Many thanks for advice. >> > > >> > > David Strejc >> > > t: +420734270131 >> > > e: david.str...@gmail.com >> > > >> > > ___ >> > > users mailing list >> > > users@lists.openshift.redhat.com >> > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > > >> > > >> > >> > >> > -- >> > Ben Parees | OpenShift >> >> > ___ >> > users mailing list >> > users@lists.openshift.redhat.com >> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > > > -- > Ben Parees | OpenShift > > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Kubernetes endpoints
Dear all, my use case is as follows: I got MariaDB galera cluster on each node I got Open Shift installed on (they are bare metals). I've created endpoints such as this: - apiVersion: v1 kind: Endpoints metadata: name: mysql subsets: - addresses: - ip: 10.3.0.1 ports: - port: 3306 - addresses: - ip: 10.3.1.1 ports: - port: 3306 - addresses: - ip: 10.3.2.1 ports: - port: 3306 And I got service which points to this endpoint. My question is - Kubernetes doesn't have any kind of "HA proxy mode" so it can tell that any of nodes behind Endpoint is failing? So lets say I got 10.3.0.1 mysql service stopped and kubernetes round robins connection to this host so every third request on my webapp is failing? This is what I've experienced in my setup. Am I doing something wrong? Or is this a standard behaviour so I have to deploy HA Proxy in between the endpoints and my MySQL database cluster? Many thanks for advice. David Strejc t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Problem with installation / updating of openshfit origin
I got following error when I try to update my machines: --> Finished Dependency Resolution Error: docker conflicts with origin-1.1.4-1.git.2.c8de71e.el7.centos.x86_64 Error: Package: origin-node-1.1.4-1.git.2.c8de71e.el7.centos.x86_64 (maxamillion-origin-next) Requires: docker-io = 1.8.2 Removing: docker-1.9.1-0.origin.19.el7.centos.x86_64 (@maxamillion-origin-next) docker-io = 1.9.1-0.origin.19.el7.centos Updated By: docker-1.9.1-25.el7.centos.x86_64 (extras) docker-io = 1.9.1-25.el7.centos Available: docker-1.8.2-7.el7.centos.x86_64 (extras) docker-io = 1.8.2-7.el7.centos Available: docker-1.8.2-8.el7.centos.x86_64 (extras) docker-io = 1.8.2-8.el7.centos Available: docker-1.8.2-10.el7.centos.x86_64 (extras) docker-io = 1.8.2-10.el7.centos You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest It also prevents installation of new clusters. I've already reported this on openshift-ansible mailing list but it seems that there is no resolution for this particular problem. Any advice / solution? Thank you. David Strejc t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Simple yum update to version 1.4 and docker 1.9 destroyed system
I've already rebooted machines and everything seems to be allright now. I will edit dc for those two deployments. Thanks. David Strejc t: +420734270131 e: david.str...@gmail.com On Fri, Mar 18, 2016 at 2:50 PM, Jason DeTiberus <jdeti...@redhat.com> wrote: > > On Mar 18, 2016 9:29 AM, "David Strejc" <david.str...@gmail.com> wrote: > > > > I've removed docker images from my machines and restarted > openshift-master and node processes > > > > On master (which is also node) where is HA-Proxy located I still got: > > > > openshift/origin-haproxy-router:v1.1.3 after docker cleanup > > openshift/origin-docker-registry:v1.1.3 after docker cleanup > > > > I suppose I shold run some command for redeploying or upgrading to 1.1.4 > after upgrade of OS? > > These can be updated by using 'oc edit dc ' > > > > > but pods are > > > > openshift/origin-pod:v1.1.4 on master and also on nodes. > > > > Now when I've delted docker images and docker processes and restarting > everything I got: > > > > Error: build error: timeout while waiting for remote repository " > https://github.com/david-strejc/nginx.git; > > It sounds like there may be some network issues present. > > I would try the following: > systemctl stop origin-node docker openvswitch > > systemctl start origin-node > > If that doesn't do the trick, I would suggest the network troubleshooting > guide next. > > > > > When I try to build from my dockerfile repo. > > > > > > David Strejc > > t: +420734270131 > > e: david.str...@gmail.com > > > > On Fri, Mar 18, 2016 at 2:05 PM, David Strejc <david.str...@gmail.com> > wrote: > >> > >> Image which won't start was my simplest Nginx from this repo: > >> > >> https://github.com/david-strejc/nginx/blob/master/Dockerfile > >> > >> Just openshift/centos7 with nginx and telnet and one html page. But I > suppose this was because of docker upgrade. > >> > >> When I've rebuilded image Open Shift said that it cannot push image due > to i/o timeout error. > >> > >> > >> David Strejc > >> t: +420734270131 > >> e: david.str...@gmail.com > >> > >> On Fri, Mar 18, 2016 at 1:59 PM, Clayton Coleman <ccole...@redhat.com> > wrote: > >>> > >>> Which old docker images won't start, and what error do they have? > What errors in the registry logs for the push error? > >>> > >>> On Mar 18, 2016, at 8:40 AM, David Strejc <david.str...@gmail.com> > wrote: > >>> > >>>> I've updated my testing system just with yum update (I don't know if > this is recommended approach - this is what I am asking) and after > restarting of origin-nodes and master and also restarting docker master web > UI and kubernetes seemed to work but old docker images won't start and also > image push failed wit i/o error. > >>>> > >>>> Is this my fault somehow? Should I use different approach to upgrade > my systems? Is this caused by migration to docker 1.9.1 and Open Shift > 1.1.4 at the same time? > >>>> > >>>> Thanks for advices! > >>>> David Strejc > >>>> t: +420734270131 > >>>> e: david.str...@gmail.com > >>>> > >>>> ___ > >>>> users mailing list > >>>> users@lists.openshift.redhat.com > >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >> > >> > > > > > > ___ > > users mailing list > > users@lists.openshift.redhat.com > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Simple yum update to version 1.4 and docker 1.9 destroyed system
I've removed docker images from my machines and restarted openshift-master and node processes On master (which is also node) where is HA-Proxy located I still got: openshift/origin-haproxy-router:v1.1.3 after docker cleanup openshift/origin-docker-registry:v1.1.3 after docker cleanup I suppose I shold run some command for redeploying or upgrading to 1.1.4 after upgrade of OS? but pods are openshift/origin-pod:v1.1.4 on master and also on nodes. Now when I've delted docker images and docker processes and restarting everything I got: Error: build error: timeout while waiting for remote repository " https://github.com/david-strejc/nginx.git; When I try to build from my dockerfile repo. David Strejc t: +420734270131 e: david.str...@gmail.com On Fri, Mar 18, 2016 at 2:05 PM, David Strejc <david.str...@gmail.com> wrote: > Image which won't start was my simplest Nginx from this repo: > > https://github.com/david-strejc/nginx/blob/master/Dockerfile > > Just openshift/centos7 with nginx and telnet and one html page. But I > suppose this was because of docker upgrade. > > When I've rebuilded image Open Shift said that it cannot push image due to > i/o timeout error. > > > David Strejc > t: +420734270131 > e: david.str...@gmail.com > > On Fri, Mar 18, 2016 at 1:59 PM, Clayton Coleman <ccole...@redhat.com> > wrote: > >> Which old docker images won't start, and what error do they have? What >> errors in the registry logs for the push error? >> >> On Mar 18, 2016, at 8:40 AM, David Strejc <david.str...@gmail.com> wrote: >> >> I've updated my testing system just with yum update (I don't know if this >> is recommended approach - this is what I am asking) and after restarting of >> origin-nodes and master and also restarting docker master web UI and >> kubernetes seemed to work but old docker images won't start and also image >> push failed wit i/o error. >> >> Is this my fault somehow? Should I use different approach to upgrade my >> systems? Is this caused by migration to docker 1.9.1 and Open Shift 1.1.4 >> at the same time? >> >> Thanks for advices! >> David Strejc >> t: +420734270131 >> e: david.str...@gmail.com >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Simple yum update to version 1.4 and docker 1.9 destroyed system
Quote: Unless noted otherwise, node and masters within a major version are forward and backward compatible, so upgrading your cluster should go smoothly. However, you should not run mismatched versions longer than necessary to upgrade the entire cluster. I've just upgraded from 1.1.3 to 1.1.4 But there was involved upgrade of docker from 1.8 to 1.9 (docker is running fine). I haven't found any upgrade info in release notes to 1.1.4 David Strejc t: +420734270131 e: david.str...@gmail.com On Fri, Mar 18, 2016 at 1:49 PM, Jason DeTiberus <jdeti...@redhat.com> wrote: > > On Mar 18, 2016 8:40 AM, "David Strejc" <david.str...@gmail.com> wrote: > > > > I've updated my testing system just with yum update (I don't know if > this is recommended approach - this is what I am asking) and after > restarting of origin-nodes and master and also restarting docker master web > UI and kubernetes seemed to work but old docker images won't start and also > image push failed wit i/o error. > > > > Is this my fault somehow? Should I use different approach to upgrade my > systems? Is this caused by migration to docker 1.9.1 and Open Shift 1.1.4 > at the same time? > > You'll need to follow the upgrade section of the docs to complete the > upgrade: > https://docs.openshift.org/latest/install_config/upgrading/index.html > > > > > Thanks for advices! > > David Strejc > > t: +420734270131 > > e: david.str...@gmail.com > > > > ___ > > users mailing list > > users@lists.openshift.redhat.com > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Valid certificate for default openshift-master install
I've found that this is possible with openshift-ansible:
openshift_master_overwrite_named_certificates = true
and specifying certs in
openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt",
"keyfile": "/path/to/custom1.key"}]
So I am now running ansible again.
Anyway thanks for reply.
David Strejc
t: +420734270131
e: david.str...@gmail.com
On Thu, Mar 10, 2016 at 3:18 PM, Clayton Coleman <ccole...@redhat.com>
wrote:
> When you create new a new master cert you need to re-key all of the
> other components of the system - router, registry, service accounts,
> and nodes. I don't know that we have a single document that discusses
> re-keying, although I've seen reference to it recently. Jordan, do
> you know if there is a document / docs yet?
>
> On Thu, Mar 10, 2016 at 8:27 AM, David Strejc <david.str...@gmail.com>
> wrote:
> > When I've changed default certificate which was created by
> openshift-ansible
> > for origin-master server
> >
> > - files /etc/origin/master/master.server.{crt,key}
> >
> > origin-master crashes after some time.
> >
> > Certificate is valid and fuctional at HAProxy.
> >
> > Where else I have to change this certificate? Should I change it on nodes
> > also?
> >
> > Thank you!
> > David Strejc
> > t: +420734270131
> > e: david.str...@gmail.com
> >
> > ___
> > users mailing list
> > users@lists.openshift.redhat.com
> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users
> >
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Valid certificate for default openshift-master install
When I've changed default certificate which was created by
openshift-ansible for origin-master server
- files /etc/origin/master/master.server.{crt,key}
origin-master crashes after some time.
Certificate is valid and fuctional at HAProxy.
Where else I have to change this certificate? Should I change it on nodes
also?
Thank you!
David Strejc
t: +420734270131
e: david.str...@gmail.com
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Open Shift security question
Oh my fault. Openshift only complained in Warning, that this container uses root privileges (as there is no user specified in dockerfile) but it runs under unprivileged user. Smart behaviour. David Strejc t: +420734270131 e: david.str...@gmail.com On Thu, Mar 10, 2016 at 10:38 AM, David Strejc <david.str...@gmail.com> wrote: > I've installed default installation of v3 via ansible playbook. > > Everything went fine but I am little confused about default security > settings. > > I've created user via htpasswd file (just basic user) and that user is > able to do this: > > oc new-app https://github.com/david-strejc/openshift-hhvm.git > --name="hhvm" > > Which builds docker container pushes it into docker registry and run that > container with root privileges inside docker. > > Is this desired default state? > > Thanks for reply. > > David Strejc > t: +420734270131 > e: david.str...@gmail.com > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Open Shift security question
I've installed default installation of v3 via ansible playbook. Everything went fine but I am little confused about default security settings. I've created user via htpasswd file (just basic user) and that user is able to do this: oc new-app https://github.com/david-strejc/openshift-hhvm.git --name="hhvm" Which builds docker container pushes it into docker registry and run that container with root privileges inside docker. Is this desired default state? Thanks for reply. David Strejc t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Serious docker upgrade problem -> 1.8 -> 1.9 update breaks system
You are welcome. David Strejc t: +420734270131 e: david.str...@gmail.com On Wed, Mar 9, 2016 at 3:01 PM, Scott Dodson <sdod...@redhat.com> wrote: > David, > > Thanks for reporting this. I've removed the docker-1.9.1 build from > the COPR repo for now until we can figure out this particular bug. You > should be able to `yum downgrade docker` on your hosts to return to > docker-1.8.2 > > On Wed, Mar 9, 2016 at 3:38 AM, David Strejc <david.str...@gmail.com> > wrote: > > I don't know where I could find right person for this issue so I am > trying > > to post it here as many people are reading this. > > > > Clean installation of Open Shift v3 via ansible is broken by simple yum > > update as yum updates Docker from 1.8 to 1.9.1 and Docker is not starting > > anymore. > > > > This is the message in logs: > > > > Mar 09 09:03:45 1.devcloud.cz systemd[1]: docker.service: Got > notification > > message from PID 7150, but reception only permitted for main PID 7149 > > > > > > David Strejc > > t: +420734270131 > > e: david.str...@gmail.com > > > > ___ > > users mailing list > > users@lists.openshift.redhat.com > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Serious docker upgrade problem -> 1.8 -> 1.9 update breaks system
I don't know where I could find right person for this issue so I am trying to post it here as many people are reading this. Clean installation of Open Shift v3 via ansible is broken by simple yum update as yum updates Docker from 1.8 to 1.9.1 and Docker is not starting anymore. This is the message in logs: Mar 09 09:03:45 1.devcloud.cz systemd[1]: docker.service: Got notification message from PID 7150, but reception only permitted for main PID 7149 David Strejc t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Cannot start pod from template
Any idea anybody? David Strejc t: +420734270131 e: david.str...@gmail.com On Mon, Feb 15, 2016 at 7:53 AM, David Strejc <david.str...@gmail.com> wrote: > I am still gettting same message. > > I don't want to use service account - I am using account "david" which has > been added to privileged scc previously. > I've also gave policy hostaccess to this account. > > I need to start my pods with mounted socket from Node. It works when I > create Pod from pod definition pod.yaml: > > apiVersion: v1 > kind: Pod > metadata: > name: david > labels: > name: david > spec: > containers: > #- image: davidstrejc/test2 > - image: davidstrejc/test2 > name: david > volumeMounts: > - mountPath: /var/lib/mysql/mysql.sock > name: test-volume > ports: > - containerPort: 80 > volumes: > - name: test-volume > hostPath: > path: /var/lib/mysql/mysql.sock > selector: > name: david > > > But when I use template with same account it fails with message I wrote. > > David Strejc > t: +420734270131 > e: david.str...@gmail.com > > On Fri, Feb 12, 2016 at 3:35 PM, Clayton Coleman <ccole...@redhat.com> > wrote: > >> >> https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints >> >> Your service account isn't authorized to mount host paths - you want to >> add the service account "default" in project to the hostaccess SCC >> >> oadm policy add-scc-to-user hostaccess -z default >> >> That allows your pod to mount host volumes. >> >> On Feb 12, 2016, at 8:38 AM, David Strejc <david.str...@gmail.com> wrote: >> >> Dear all, >> >> I got following error when I try to start application from template: >> >> Error creating: Pod "cakephp-example-1-" is forbidden: unable to validate >> against any security context constraint: >> [spec.containers[0].securityContext.volumeMounts: invalid value >> 'test-volume', Details: Host Volumes are not allowed to be used] (9 times >> in the last 2 minutes, 52 seconds) >> >> I've added: >> >> securityContext: >> privileged: true >> >> into template DeploymentConfig definition and user who is creating app >> from template is in privileged scc group. >> >> What am I doing wrong? >> >> David Strejc >> t: +420734270131 >> e: david.str...@gmail.com >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Cannot start pod from template
I am still gettting same message. I don't want to use service account - I am using account "david" which has been added to privileged scc previously. I've also gave policy hostaccess to this account. I need to start my pods with mounted socket from Node. It works when I create Pod from pod definition pod.yaml: apiVersion: v1 kind: Pod metadata: name: david labels: name: david spec: containers: #- image: davidstrejc/test2 - image: davidstrejc/test2 name: david volumeMounts: - mountPath: /var/lib/mysql/mysql.sock name: test-volume ports: - containerPort: 80 volumes: - name: test-volume hostPath: path: /var/lib/mysql/mysql.sock selector: name: david But when I use template with same account it fails with message I wrote. David Strejc t: +420734270131 e: david.str...@gmail.com On Fri, Feb 12, 2016 at 3:35 PM, Clayton Coleman <ccole...@redhat.com> wrote: > > https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints > > Your service account isn't authorized to mount host paths - you want to > add the service account "default" in project to the hostaccess SCC > > oadm policy add-scc-to-user hostaccess -z default > > That allows your pod to mount host volumes. > > On Feb 12, 2016, at 8:38 AM, David Strejc <david.str...@gmail.com> wrote: > > Dear all, > > I got following error when I try to start application from template: > > Error creating: Pod "cakephp-example-1-" is forbidden: unable to validate > against any security context constraint: > [spec.containers[0].securityContext.volumeMounts: invalid value > 'test-volume', Details: Host Volumes are not allowed to be used] (9 times > in the last 2 minutes, 52 seconds) > > I've added: > > securityContext: > privileged: true > > into template DeploymentConfig definition and user who is creating app > from template is in privileged scc group. > > What am I doing wrong? > > David Strejc > t: +420734270131 > e: david.str...@gmail.com > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: MTU on tun0
This is a ansible installer problem. I had similar issue with my instalation and this is really important. Without MTU set to 1450 there is a problem with traffic between nodes. I've spent four hours debugging our MySQL galera cluster on Nodes which didn't want to synchronize but servers saw each other. It was due to MTU problem. David Strejc t: +420734270131 e: david.str...@gmail.com On Fri, Feb 12, 2016 at 9:37 AM, Per Carlson <pe...@hemmop.com> wrote: > Hi. > > We are seeing some strange packet traces on the nodes, and we suspect > that it might be a MTU-issue. > > According to the documentation ( > https://docs.openshift.com/enterprise/3.1/install_config/configuring_sdn.html#configuring-the-pod-network-on-nodes) > a "mtu" parameter in node-config.yaml should be reflected on the overlay > network settings (tun0). > > But on my hosts (OSE 3.1) that's not true: > > master201 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > master202 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > master203 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > infra201 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > infra202 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > > node201 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > > node202 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > > node203 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 > > node204 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > node205 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > node206 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > node207 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > node208 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > node209 >mtu: 1450 > tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > > > [root@master201 ~]# oc version > oc v3.1.0.4-16-g112fcc4 > kubernetes v1.1.0-origin-1107-g4c8e6f4 > > BTW: we are using the mutitenant SDN. > > -- > Pelle > > Research is what I'm doing when I don't know what I'm doing. > - Wernher von Braun > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Best practise to trigger actions when application is created
Any better solution please Clayton? David Strejc t: +420734270131 e: david.str...@gmail.com On Thu, Feb 11, 2016 at 4:58 PM, David Strejc <david.str...@gmail.com> wrote: > In this scenario we will use clusters for deploying one specific > application in many copies (each with its own database and fileset). > > So yes - it is for every application in cluster. I though I will use > something like Mateus send. > Or if there is better approach I will appreciate it - cause otherwise I > will need to create some service and maintain it, monitor it etc. > > David Strejc > t: +420734270131 > e: david.str...@gmail.com > > On Thu, Feb 11, 2016 at 4:53 PM, Clayton Coleman <ccole...@redhat.com> > wrote: > >> Is this for every application on the cluster? Or just specific >> applications? Do you want to create a glusterfs volume for *every* object >> of a certain type that is created? More detail will help recommend an >> option. >> >> On Thu, Feb 11, 2016 at 10:45 AM, Mateus Caruccio < >> mateus.caruc...@getupcloud.com> wrote: >> >>> I wrote myself. Here is a very simplified version of it >>> http://www.fpaste.org/321270/14552054/ >>> You can take actions base on obj['kind']. This example watches only for >>> "Pod" objects since I only need to track pod usage by the user. >>> >>> *Mateus Caruccio* >>> Master of Puppets >>> +55 (51) 8298.0026 >>> gtalk: >>> >>> >>> *mateus.caruc...@getupcloud.com <diogo.goe...@getupcloud.com>twitter: >>> @MateusCaruccio <https://twitter.com/MateusCaruccio>* >>> This message and any attachment are solely for the intended >>> recipient and may contain confidential or privileged information >>> and it can not be forwarded or shared without permission. >>> Thank you! >>> >>> On Thu, Feb 11, 2016 at 1:33 PM, David Strejc <david.str...@gmail.com> >>> wrote: >>> >>>> Are you using any specific component? >>>> >>>> Or you have written something yourself? >>>> >>>> David Strejc >>>> t: +420734270131 >>>> e: david.str...@gmail.com >>>> >>>> On Thu, Feb 11, 2016 at 4:27 PM, Mateus Caruccio < >>>> mateus.caruc...@getupcloud.com> wrote: >>>> >>>>> From my own experience, monitoring etcd is one way to do it, but >>>>> requires an extra component (the monitor) to be always up and running. >>>>> This monitor must have cluster roles, since it need to watch both >>>>> project and app (bc/dc) objects. >>>>> >>>>> The other way is to provide your users with templates containing all >>>>> stuff they will need. >>>>> >>>>> >>>>> *Mateus Caruccio* >>>>> Master of Puppets >>>>> +55 (51) 8298.0026 >>>>> gtalk: >>>>> >>>>> >>>>> *mateus.caruc...@getupcloud.com <diogo.goe...@getupcloud.com>twitter: >>>>> @MateusCaruccio <https://twitter.com/MateusCaruccio>* >>>>> This message and any attachment are solely for the intended >>>>> recipient and may contain confidential or privileged information >>>>> and it can not be forwarded or shared without permission. >>>>> Thank you! >>>>> >>>>> On Thu, Feb 11, 2016 at 1:21 PM, David Strejc <david.str...@gmail.com> >>>>> wrote: >>>>> >>>>>> Dear all, >>>>>> >>>>>> what is the best practise to trigger actions when I am creating >>>>>> application? >>>>>> >>>>>> Let's say I want to create database (as I am using external database >>>>>> cluster) and glusterfs volume for my application. >>>>>> >>>>>> Which approach should I look at? Should I make docker conteiner to >>>>>> ssh somewhere and let it trigger some scripts? >>>>>> >>>>>> Or is there any other way? Shoudl I somehow monitor etcd for app >>>>>> creation (as it was with activemq messages in Open Shift v2)? >>>>>> >>>>>> Thank you. >>>>>> >>>>>> David Strejc >>>>>> t: +420734270131 >>>>>> e: david.str...@gmail.com >>>>>> >>>>>> ___ >>>>>> users mailing list >>>>>> users@lists.openshift.redhat.com >>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>>>> >>>>>> >>>>> >>>> >>> >>> ___ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >> > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Cannot start pod from template
Dear all, I got following error when I try to start application from template: Error creating: Pod "cakephp-example-1-" is forbidden: unable to validate against any security context constraint: [spec.containers[0].securityContext.volumeMounts: invalid value 'test-volume', Details: Host Volumes are not allowed to be used] (9 times in the last 2 minutes, 52 seconds) I've added: securityContext: privileged: true into template DeploymentConfig definition and user who is creating app from template is in privileged scc group. What am I doing wrong? David Strejc t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Best practise to trigger actions when application is created
In this scenario we will use clusters for deploying one specific application in many copies (each with its own database and fileset). So yes - it is for every application in cluster. I though I will use something like Mateus send. Or if there is better approach I will appreciate it - cause otherwise I will need to create some service and maintain it, monitor it etc. David Strejc t: +420734270131 e: david.str...@gmail.com On Thu, Feb 11, 2016 at 4:53 PM, Clayton Coleman <ccole...@redhat.com> wrote: > Is this for every application on the cluster? Or just specific > applications? Do you want to create a glusterfs volume for *every* object > of a certain type that is created? More detail will help recommend an > option. > > On Thu, Feb 11, 2016 at 10:45 AM, Mateus Caruccio < > mateus.caruc...@getupcloud.com> wrote: > >> I wrote myself. Here is a very simplified version of it >> http://www.fpaste.org/321270/14552054/ >> You can take actions base on obj['kind']. This example watches only for >> "Pod" objects since I only need to track pod usage by the user. >> >> *Mateus Caruccio* >> Master of Puppets >> +55 (51) 8298.0026 >> gtalk: >> >> >> *mateus.caruc...@getupcloud.com <diogo.goe...@getupcloud.com>twitter: >> @MateusCaruccio <https://twitter.com/MateusCaruccio>* >> This message and any attachment are solely for the intended >> recipient and may contain confidential or privileged information >> and it can not be forwarded or shared without permission. >> Thank you! >> >> On Thu, Feb 11, 2016 at 1:33 PM, David Strejc <david.str...@gmail.com> >> wrote: >> >>> Are you using any specific component? >>> >>> Or you have written something yourself? >>> >>> David Strejc >>> t: +420734270131 >>> e: david.str...@gmail.com >>> >>> On Thu, Feb 11, 2016 at 4:27 PM, Mateus Caruccio < >>> mateus.caruc...@getupcloud.com> wrote: >>> >>>> From my own experience, monitoring etcd is one way to do it, but >>>> requires an extra component (the monitor) to be always up and running. >>>> This monitor must have cluster roles, since it need to watch both >>>> project and app (bc/dc) objects. >>>> >>>> The other way is to provide your users with templates containing all >>>> stuff they will need. >>>> >>>> >>>> *Mateus Caruccio* >>>> Master of Puppets >>>> +55 (51) 8298.0026 >>>> gtalk: >>>> >>>> >>>> *mateus.caruc...@getupcloud.com <diogo.goe...@getupcloud.com>twitter: >>>> @MateusCaruccio <https://twitter.com/MateusCaruccio>* >>>> This message and any attachment are solely for the intended >>>> recipient and may contain confidential or privileged information >>>> and it can not be forwarded or shared without permission. >>>> Thank you! >>>> >>>> On Thu, Feb 11, 2016 at 1:21 PM, David Strejc <david.str...@gmail.com> >>>> wrote: >>>> >>>>> Dear all, >>>>> >>>>> what is the best practise to trigger actions when I am creating >>>>> application? >>>>> >>>>> Let's say I want to create database (as I am using external database >>>>> cluster) and glusterfs volume for my application. >>>>> >>>>> Which approach should I look at? Should I make docker conteiner to ssh >>>>> somewhere and let it trigger some scripts? >>>>> >>>>> Or is there any other way? Shoudl I somehow monitor etcd for app >>>>> creation (as it was with activemq messages in Open Shift v2)? >>>>> >>>>> Thank you. >>>>> >>>>> David Strejc >>>>> t: +420734270131 >>>>> e: david.str...@gmail.com >>>>> >>>>> ___ >>>>> users mailing list >>>>> users@lists.openshift.redhat.com >>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>>> >>>>> >>>> >>> >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Exposing Host port to docker image in openshift
Using IP of Node was think which I was trying to avoid. I am trying to build HA cluster and when application reaches Node via IP addres there will have to be some HA Proxy in front of MySQL. When I will use hostpath with socket I can reach a way how to propagate MySQL through socket and on every Node it will be the same so if one node fails application get rescheduled and than it again can reach MySQL through socket. David Strejc t: +420734270131 e: david.str...@gmail.com On Wed, Feb 10, 2016 at 2:51 PM, Ben Parees <bpar...@redhat.com> wrote: > You should be able to access the node's mysql port from within the > container w/o doing anything special, just providing the node host/ip+port > to the container. > > For the mysql socket, you'd have to mount it into the pod/container as a > HostPath volume, I think. > > > On Wed, Feb 10, 2016 at 7:36 AM, David Strejc <david.str...@gmail.com> > wrote: > >> I got different setup. >> >> I have Node with MySQL installed on it (it is MariaDB galera cluster) - >> as my scenario consists of five nodes each running Open Shift, GlusterFS >> and MariaDB directly on Node. >> >> What I want is to expose Node port (3306) or Node MariaDB socket INTO >> docker container. >> >> Is this possible? >> >> David Strejc >> t: +420734270131 >> e: david.str...@gmail.com >> >> On Wed, Feb 10, 2016 at 1:34 PM, Clayton Coleman <ccole...@redhat.com> >> wrote: >> >>> You want the MySQL container to be exposed on the host address? Or you >>> want another non-MySQL container to be able to access the MySQL container? >>> >>> On Feb 10, 2016, at 7:04 AM, David Strejc <david.str...@gmail.com> >>> wrote: >>> >>> Dear all, >>> >>> I have MySQL cluster running on all nodes of Open Shift and I need to >>> expose 3306 port FROM Host into docker container - or propagate >>> /var/run/mysqld/mysqld.socket into docker container. >>> >>> Is this possible with Open Shift? >>> David Strejc >>> t: +420734270131 >>> e: david.str...@gmail.com >>> >>> ___ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > > > -- > Ben Parees | OpenShift > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Exposing Host port to docker image in openshift
Dear all, I have MySQL cluster running on all nodes of Open Shift and I need to expose 3306 port FROM Host into docker container - or propagate /var/run/mysqld/mysqld.socket into docker container. Is this possible with Open Shift? David Strejc t: +420734270131 e: david.str...@gmail.com ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: Exposing Host port to docker image in openshift
I got different setup. I have Node with MySQL installed on it (it is MariaDB galera cluster) - as my scenario consists of five nodes each running Open Shift, GlusterFS and MariaDB directly on Node. What I want is to expose Node port (3306) or Node MariaDB socket INTO docker container. Is this possible? David Strejc t: +420734270131 e: david.str...@gmail.com On Wed, Feb 10, 2016 at 1:34 PM, Clayton Coleman <ccole...@redhat.com> wrote: > You want the MySQL container to be exposed on the host address? Or you > want another non-MySQL container to be able to access the MySQL container? > > On Feb 10, 2016, at 7:04 AM, David Strejc <david.str...@gmail.com> wrote: > > Dear all, > > I have MySQL cluster running on all nodes of Open Shift and I need to > expose 3306 port FROM Host into docker container - or propagate > /var/run/mysqld/mysqld.socket into docker container. > > Is this possible with Open Shift? > David Strejc > t: +420734270131 > e: david.str...@gmail.com > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
