RE: OKD 3.10 restartPolicy into DC

[François VILLAIN]

Hi,

Maybe you should create a Job object instead of a DC object.
https://docs.openshift.com/container-platform/3.10/dev_guide/jobs.html

François

De : users-boun...@lists.openshift.redhat.com 
 De la part de Marcello Lorenzi
Envoyé : lundi 12 novembre 2018 14:56
À : users 
Objet : OKD 3.10 restartPolicy into DC

Hi All,
we're trying to configure a DC with a pod executed in a batch mode. This pod 
completes its job and we would not restart it if the exit code is 0.
We tried to configure the restartPolicy on DC configuration to Never but the 
master-api doesn't permit this change.

Is it possible to configure this behavior on DC?

Thanks a lot,
Marcello
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

RE: 3.10 experiences

[François VILLAIN]

Could you please point me towards the workarounds ?

It feels weird to me that something this big is missed during release of a 
major open-source version, especially if the problem (I haven’t tested) is not 
there on entreprise (OCP) version that is supposed to be based on the community 
version.

Someone has an explanation for that ?

De : users-boun...@lists.openshift.redhat.com 
 De la part de Ricardo Martinelli de 
Oliveira
Envoyé : vendredi 31 août 2018 15:23
À : kristian.ejv...@resurs.se
Cc : users 
Objet : Re: 3.10 experiences

Do you use OCP (Red Hat Product) or Origin/OKD (The Community project)? All the 
issues reported by François are related to Origin/OKD and there are workarounds 
for these issues.

On Wed, Aug 29, 2018 at 6:08 AM Kristian Ejvind 
mailto:kristian.ejv...@resurs.se>> wrote:
Hi

We're currently running a RH Openshift container platform version 3.7, and are 
considering
upgrading to 3.10. What are your experiences with upgrading 3.7 -> 3.10? Any 
problems/issues
to consider, or good-to-knows?

What's the quality with 3.10 as such?

Regards
Kristian




[cid:imageed80b5.PNG@9ba86bf1.49923139]

Kristian Ejvind

Linux System Administrator

IT | IT Operations | Technical Operations




Resurs Bank

Ekslingan 8

Box 222 09, SE-25467 Helsingborg




Växel:

+46 42 38 20 00

E-post:

kristian.ejv...@resurs.se

Webb:

www.resursbank.se




___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


--
Ricardo Martinelli de Oliveira
Senior Software Engineer
T: +55 11 3524-6125 | M: +55 11 9 7069-6531
Av. Brigadeiro Faria Lima 3900, 8° Andar. São Paulo, 
Brasil.
[Image supprimée par l'expéditeur.]

TRIED. TESTED. TRUSTED.

 Red Hat é reconhecida entre as melhores empresas para trabalhar no Brasil pelo 
Great Place to Work.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

RE: Restricting access to some Routes

[François VILLAIN]

Hi

From this documentation : 
https://docs.openshift.com/container-platform/3.10/architecture/networking/routes.html#route-specific-annotations

You can annotate a route with : haproxy.router.openshift.io/ip_whitelist to set 
a whitelist for the route.

Never tried though, let me know if this works 

François


De : users-boun...@lists.openshift.redhat.com 
 De la part de Peter Heitman
Envoyé : jeudi 30 août 2018 14:54
À : users@lists.openshift.redhat.com
Objet : Restricting access to some Routes

In my deployment there are 5 routes - two of them are from OpenShift 
(docker-registry and registry-console) and three of them are specific to my 
application. Of the 5, 4 of them are administrative and shouldn't be accessed 
by just anyone on the Internet. One of my application's route is required to be 
accessed by 'anyone' on the Internet.

My question is, what is the best practice to achieve this restriction? Is there 
a way to set IP address or subnet restrictions on a route? Do I need to set up 
separate nodes and separate routers so that I can use a firewall to restrict 
access to the 4 routes and allow access to the Internet service? Any 
suggestions?

Peter

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

RE: 3.10 experiences

[François VILLAIN]

Some docker images (metrics for example, but not only) have not been built / 
tagged for v3.10.0 that is used when doing an install in 3.10 and some part of 
this install fails ... this is very annoying.

Seems more stable than v3.9 installer though


De : users-boun...@lists.openshift.redhat.com 
 De la part de Kristian Ejvind
Envoyé : mercredi 29 août 2018 11:07
À : users@lists.openshift.redhat.com
Objet : 3.10 experiences

Hi

We're currently running a RH Openshift container platform version 3.7, and are 
considering
upgrading to 3.10. What are your experiences with upgrading 3.7 -> 3.10? Any 
problems/issues
to consider, or good-to-knows?

What's the quality with 3.10 as such?

Regards
Kristian




[cid:image001.png@01D43F8B.0405CCC0]

Kristian Ejvind

Linux System Administrator

IT | IT Operations | Technical Operations




Resurs Bank

Ekslingan 8

Box 222 09, SE-25467 Helsingborg




Växel:

+46 42 38 20 00

E-post:

kristian.ejv...@resurs.se

Webb:

www.resursbank.se





___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: DNS issue install OpenShift on OpenStack

[François VILLAIN]

Hello,

I see that your domain name is hosted by AWS. Maybe try to see if the domain is 
“public” or “private”, it seems private from what I can see (your entries do 
not resolve).
If it is private you should directly reference your DNS server in the 
“public_dns_nameservers” variable.

Good luck ☺

De :  au nom de Joel Pearson 

Date : lundi 9 octobre 2017 à 14:54
À : "users@lists.openshift.redhat.com" 
Objet : DNS issue install OpenShift on OpenStack


Hi,



I'm trying to install openshift on openstack and I've been following 
https://github.com/openshift/openshift-ansible-contrib/tree/master/playbooks/provisioning/openstack
 I got past the openstack bit and now I'm installing openshift with 
“ansible-playbook openshift-ansible/playbooks/byo/config.yml” it got pretty far.



Except it I got this error:





TASK [openshift_examples : Import Centos Image streams] 
***

Monday 09 October 2017  12:30:17 + (0:00:00.058)   0:05:10.675 

fatal: 
[master-0.openshift.staging.agiledigital.co]:
 FAILED! => {"changed": false, "cmd": ["oc", "create", 
"--config=/etc/origin/master/admin.kubeconfig", "-n", "openshift", "-f", 
"/usr/share/openshift/examples/image-streams/image-streams-centos7.json"], 
"delta": "0:00:00.309497", "end": "2017-10-09 12:30:18.114400", "failed": true, 
"failed_when_result": true, "rc": 1, "start": "2017-10-09 12:30:17.804903", 
"stderr": "Unable to connect to the server: dial tcp: lookup 
master-0.openshift.staging.agiledigital.co
 on 8.8.8.8:53: no such host", "stderr_lines": ["Unable to 
connect to the server: dial tcp: lookup 
master-0.openshift.staging.agiledigital.co
 on 8.8.8.8:53: no such host"], "stdout": "", 
"stdout_lines": []}
———-



I used the option of letting it install a DNS server in the openstack section, 
and I used this setting “public_dns_nameservers: [8.8.8.8,8.8.4.4]”, however it 
seems that it isn't using the dns server it installed, and hence internal DNS 
doesn't resolve.



Is there a way to get the openstack-ansible playbooks to use the internal dns 
(which was created by “ansible-playbook 
openshift-ansible-contrib/playbooks/provisioning/openstack/provision.yaml”), 
which in my case is “10.2.100.5”?



I figure I must have messed something up in the OpenStack provision section. 
But I don’t know what.



Thanks,



Joel
--
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 | w: 
agiledigital.com.au
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

RE: setgid in nginx failing with permission error in container

[François VILLAIN]

Hi,


> Thanks!  I will grant the user anyuid.

Sorry to ask a dumb question but : which user are you referencing to ? Not sure 
I understand.


-----
François Villain
DevOps - AAIO




De : users-boun...@lists.openshift.redhat.com 
<users-boun...@lists.openshift.redhat.com> de la part de Dean Peterson 
<peterson.d...@gmail.com>
Envoyé : vendredi 4 mars 2016 06:52
À : Clayton Coleman
Cc : users
Objet : Re: setgid in nginx failing with permission error in container

Thanks!  I will grant the user anyuid.

On Thu, Mar 3, 2016 at 11:48 PM, Clayton Coleman 
<ccole...@redhat.com<mailto:ccole...@redhat.com>> wrote:
Restricted now drops the SETGID capability. The "anyuid" SCC does not.  You can 
edit restricted to give that or grant the user anyuid (which is more correct).

On Mar 4, 2016, at 12:31 AM, Dean Peterson 
<peterson.d...@gmail.com<mailto:peterson.d...@gmail.com>> wrote:

In previous versions of openshift origin I was able to run an nginx server with 
some static content inside a container.  Now I install with the ansible 
installer and I get the following error in the nginx errors.log inside the 
running container.

2016/03/03 23:51:22 [emerg] 6#0: setgid(996) failed (1: Operation not permitted)
2016/03/03 23:51:22 [alert] 5#0: worker process 6 exited with fatal code 2 and c
annot be respawned fsfsfadf


My nginx.conf file is:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid/var/run/nginx.pid;


events {
worker_connections  1024;
}


http {
include   /etc/nginx/mime.types;
default_type  application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfileon;
#tcp_nopush on;

keepalive_timeout  65;

#gzip  on;

}
daemon off;


I have set my scc restricted runAsUser.type to RunAsAny.  Is there something 
else I need to do to allow setgid(996) for nginx in origin?



I have
___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

RE: Pod not passing deployment tests

[François VILLAIN]

Awesome ! it seems to solve the problem, indeed.
>From what I understand it means that until the issue is closed, we have to 
>"link" the image build to a deployment through a trigger if we want to be able 
>to deploy this image. Otherwise it just won't work ?


Thank you very much for your help

---------
François Villain
DevOps - AAIO




De : Michalis Kargakis <mkarg...@redhat.com>
Envoyé : jeudi 11 février 2016 16:27
À : François VILLAIN
Cc : Dan Mace; users@lists.openshift.redhat.com
Objet : Re: Pod not passing deployment tests

This is the same issue as https://github.com/openshift/origin/issues/6934
[https://avatars3.githubusercontent.com/u/44136?v=3=400]<https://github.com/openshift/origin/issues/6934>

Failed to resolve ImageStreamTag in deployment · Issue 
...<https://github.com/openshift/origin/issues/6934>
github.com
Failed to resolve ImageStreamTag in deployment #6934. Open mfojtik opened this 
Issue Feb 1, 2016 · 13 comments




I reproduced it and see in the kubelet logs

Error syncing pod c81fef8b-d0d0-11e5-a0c1-080027242396, skipping: failed to 
"StartContainer" for "sample-phpinfo" with ErrImagePull: "Error: image 
library/sample-phpinfo:latest not found"

If you want to workaround that issue, you will need to setup an ICT and have 
the deployment run automatically once the build finishes.

triggers:
- imageChangeParams:
automatic: true
containerNames:
- sample-phpinfo
from:
  kind: ImageStreamTag
  name: sample-phpinfo:latest
  type: ImageChange

instead of

   triggers: []


On Thu, Feb 11, 2016 at 2:31 PM, François VILLAIN 
<f.vill...@linkbynet.com<mailto:f.vill...@linkbynet.com>> wrote:

Hello Dan,


Sorry for the lack of response.. I went on vacations and a crash made us 
reinstall the whole cluster...


Anyway , I'm just getting back to the subject and still getting the same 
results and error messages.

I recreated everything, so here are the definition files and various logs :


- Definition of template objects : http://pastebin.com/6srmPJAS
- Log level (9) of deployment on CLI : http://pastebin.com/Z4m0YfB8
- Logs of the deploy pod : http://pastebin.com/6Uz3yhW1
- Describe of the deploy pod : http://pastebin.com/2cZN04zG
- Docker logs of containers : http://pastebin.com/ds9A4RgX
- Deploy pod YAML output : http://pastebin.com/5BKtYbdK


I hope this can help you


Thanks for you help

-
François Villain
DevOps - AAIO




De : Dan Mace <dm...@redhat.com<mailto:dm...@redhat.com>>
Envoyé : mercredi 6 janvier 2016 16:26
À : François VILLAIN
Cc : Michalis Kargakis; 
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
Objet : Re: Pod not passing deployment tests



On Wed, Jan 6, 2016 at 10:00 AM, François VILLAIN 
<f.vill...@linkbynet.com<mailto:f.vill...@linkbynet.com>> wrote:
> Here is all i got :
>
> CONTAINER IDIMAGE 
>   COMMAND 
>  CREATED STATUS   PORTS   
> NAMES
> 9e332c821d82openshift/origin-pod:v1.1.0.1 
>   "/pod"  
>  31 minutes ago  Exited (0) 21 minutes ago
> 
> k8s_POD.f61fe19_phpfpm-app-2-8g07w_test_9cfb7546-b481-11e5-8adb-0a57f8bdd6b3_0fa51bbd
> 55967e6c5c82
> 172.30.56.201:5000/jfr4/debian-80-lc-apache-wordpress@sha256:53bbfa0e4b8aa0f6d1c3ee709107066169d3507307014912726c8bebe5e9e9f0<http://172.30.56.201:5000/jfr4/debian-80-lc-apache-wordpress@sha256:53bbfa0e4b8aa0f6d1c3ee709107066169d3507307014912726c8bebe5e9e9f0>
>"/usr/sbin/runit_boot"   42 minutes ago  Up 42 minutes 
>
> k8s_test-apachewordpress.336aaeef_apachewordpress.test.com-2-q2lg5_jfr4_d2e58621-b390-11e5-9910-0a57f8bdd6b3_7d5b41e0
> 422e4332ababopenshift/origin-docker-registry:v1.1.0.1 
>   
> "/bin/sh -c 'REGISTRY"   58 minutes ago  Up 58 minutes
> 
> k8s_registry.5a0244b_docker-registry-12-elryb_default_0ca0efc2-ad70-11e5-a609-0a57f8bdd6b3_e1f870e0
> aca25d6b48c4openshift/origin-pod:v1.1.0.1 
>   "/pod"  
>  58 minutes ago  Up 58 minutes
> 
> k8s_POD.7c1fe15_docker-registry-12-elryb_default_0ca0efc2-ad70-11e5-