Re: Pods stuck on 'ContainerCreating' when redhat/openshift-ovs-multitenant enabled

[Yu Wei]

Hi Dan,
I checked the logs of all pods in namespace openshift-sdn and I didn’t find any 
errors in them.
I reinstalled with ‘redhat/openshift-ovs-multitenant’ on a clean machine, 
everything works well.

So I suspect uninstall playbook didn’t clean calico plugin properly.

Thanks,
Jared


On Oct 16, 2019, at 1:09 AM, Dan Williams 
mailto:d...@redhat.com>> wrote:

On Tue, 2019-10-15 at 06:18 +0000, Yu Wei wrote:
I found the root cause for this issue.
In my machine, I firstly deployed cop with calico. It works well.
Then run uninstall playbook and reinstall with sdn openshift-ovs-
multitenant.
And it didn’t work anymore.
I found something as below,

[root@buzz1 openshift-ansible]# systemctl status  atomic-openshift-
node.service
● atomic-openshift-node.service - OpenShift Node
  Loaded: loaded (/etc/systemd/system/atomic-openshift-node.service;
enabled; vendor preset: disabled)
  Active: active (running) since Mon 2019-10-14 00:43:08 PDT; 22h
ago
Docs: https://github.com/openshift/origin
Main PID: 87388 (hyperkube)
  CGroup: /system.slice/atomic-openshift-node.service
  ├─87388 /usr/bin/hyperkube kubelet --v=6 --address=0.0.0.0
--allow-privileged=true --anonymous-auth=true --authentication-
toke...
  └─88872 /opt/cni/bin/calico

Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.289674   87388 common.go:71]
Using namespace "kube-syaml
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.289809   87388 file.go:199]
Reading config file "/et...yaml"
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.292556   87388 common.go:62]
Generated UID "598eab3cyaml
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.293602   87388 common.go:66]
Generated Name "master-yaml
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.294512   87388 common.go:71]
Using namespace "kube-syaml
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.295667   87388 file.go:199]
Reading config file "/et...yaml"
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.296350   87388 common.go:62]
Generated UID "d71dc810yaml
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.296367   87388 common.go:66]
Generated Name "master-yaml
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.296379   87388 common.go:71]
Using namespace "kube-syaml
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.300194   87388 config.go:303]
Setting pods for source file
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.361625   87388 kubelet.go:1884]
SyncLoop (SYNC): 3 p...d33c)
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.361693   87388 config.go:100]
Looking for [api file]...e:{}]
Oct 14 23:15:48 
buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/><http://buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com/>>
 atomic-
openshift-node[87388]: I1014 23:15:48.361716   87388 kubelet.go:1907]
SyncLoop (housekeeping)
Hint: Some lines were ellipsized, use -l to show in full.
[root@buzz1 openshift-ansible]# ps -ef | grep calico
root  88872  87388  0 23:15 ?00:00:00 /opt/cni/bin/calico
root  88975  74601  0 23:15 pts/0    00:00:00 grep --color=auto
calico
[root@buzz1 openshift-ansible]#

It seemed that calico is extra here. Then using the same inventory
file, OCP 3.11 could be deployed on a clean VM successfully.
I guessed that uninstall playbook did not clear calico thoroughly.


On 

Re: Pods stuck on 'ContainerCreating' when redhat/openshift-ovs-multitenant enabled

[Yu Wei]

I found the root cause for this issue.
In my machine, I firstly deployed cop with calico. It works well.
Then run uninstall playbook and reinstall with sdn openshift-ovs-multitenant.
And it didn’t work anymore.
I found something as below,

[root@buzz1 openshift-ansible]# systemctl status  atomic-openshift-node.service
● atomic-openshift-node.service - OpenShift Node
   Loaded: loaded (/etc/systemd/system/atomic-openshift-node.service; enabled; 
vendor preset: disabled)
   Active: active (running) since Mon 2019-10-14 00:43:08 PDT; 22h ago
 Docs: https://github.com/openshift/origin
 Main PID: 87388 (hyperkube)
   CGroup: /system.slice/atomic-openshift-node.service
   ├─87388 /usr/bin/hyperkube kubelet --v=6 --address=0.0.0.0 
--allow-privileged=true --anonymous-auth=true --authentication-toke...
   └─88872 /opt/cni/bin/calico

Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.289674   87388 common.go:71] Using 
namespace "kube-syaml
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.289809   87388 file.go:199] 
Reading config file "/et...yaml"
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.292556   87388 common.go:62] 
Generated UID "598eab3cyaml
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.293602   87388 common.go:66] 
Generated Name "master-yaml
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.294512   87388 common.go:71] Using 
namespace "kube-syaml
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.295667   87388 file.go:199] 
Reading config file "/et...yaml"
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.296350   87388 common.go:62] 
Generated UID "d71dc810yaml
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.296367   87388 common.go:66] 
Generated Name "master-yaml
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.296379   87388 common.go:71] Using 
namespace "kube-syaml
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.300194   87388 config.go:303] 
Setting pods for source file
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.361625   87388 kubelet.go:1884] 
SyncLoop (SYNC): 3 p...d33c)
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.361693   87388 config.go:100] 
Looking for [api file]...e:{}]
Oct 14 23:15:48 buzz1.fyre.ibm.com<http://buzz1.fyre.ibm.com> 
atomic-openshift-node[87388]: I1014 23:15:48.361716   87388 kubelet.go:1907] 
SyncLoop (housekeeping)
Hint: Some lines were ellipsized, use -l to show in full.
[root@buzz1 openshift-ansible]# ps -ef | grep calico
root  88872  87388  0 23:15 ?00:00:00 /opt/cni/bin/calico
root  88975  74601  0 23:15 pts/000:00:00 grep --color=auto calico
[root@buzz1 openshift-ansible]#

It seemed that calico is extra here. Then using the same inventory file, OCP 
3.11 could be deployed on a clean VM successfully.
I guessed that uninstall playbook did not clear calico thoroughly.


On Oct 12, 2019, at 11:52 PM, Yu Wei 
mailto:yu20...@hotmail.com>> wrote:

Hi,
I tried to install OCP 3.11 with following variables set.
openshift_use_openshift_sdn=true
os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant’

Some pods stuck on ‘ContainerCreating’.
[root@buzz1 openshift-ansible]# oc get pods --all-namespaces
NAMESPACE   NAMEREADY 
STATUS  RESTARTS   AGE
default docker-registry-1-deploy0/1   
ContainerCreating   0  5h
default registry-console-1-deploy   0/1   
ContainerCreating   0  5h
kube-system 
master-api-buzz1.center1.com<http://master-api-buzz1.center1.com/>
1/1   Running 0  5h
kube-system 
master-controllers-buzz1.center1.com<http://master-controllers-buzz1.center1.com/>
1/1   Running 0  5h
kube-system 
master-etcd-buzz1.center1.com<http://master-etcd-buzz1.center1.com/>   
1/1   Running 0  5h
openshift-node  sync-x8j7d  1/1   
Running 0  5h
openshift-sdn   ovs-ff7r7   

Pods stuck on 'ContainerCreating' when redhat/openshift-ovs-multitenant enabled

[Yu Wei]

Hi,
I tried to install OCP 3.11 with following variables set.
openshift_use_openshift_sdn=true
os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant’

Some pods stuck on ‘ContainerCreating’.
[root@buzz1 openshift-ansible]# oc get pods --all-namespaces
NAMESPACE   NAMEREADY 
STATUS  RESTARTS   AGE
default docker-registry-1-deploy0/1   
ContainerCreating   0  5h
default registry-console-1-deploy   0/1   
ContainerCreating   0  5h
kube-system 
master-api-buzz1.center1.com
1/1   Running 0  5h
kube-system 
master-controllers-buzz1.center1.com
1/1   Running 0  5h
kube-system 
master-etcd-buzz1.center1.com   
1/1   Running 0  5h
openshift-node  sync-x8j7d  1/1   
Running 0  5h
openshift-sdn   ovs-ff7r7   1/1   
Running 0  5h
openshift-sdn   sdn-7frfw   1/1   
Running 10 5h
openshift-web-console   webconsole-85494cdb8c-s2dnh 0/1   
ContainerCreating   0  5h

Run ‘oc describe pods’, I got something as below.

Events:
  Type Reason  Age  From
 Message
   --   
 ---
  Warning  FailedCreatePodSandBox  2m   kubelet, buzz1  Failed 
create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox 
container "8570c350953e29185ef8ab05d628f90c6791a56ac392e40f2f6e30a14a76ab22" 
network for pod "network-diag-test-pod-qz7hv": NetworkPlugin cni failed to set 
up pod "network-diag-test-pod-qz7hv_network-diag-global-ns-q7vbn" network: 
context deadline exceeded, failed to clean up sandbox container 
"8570c350953e29185ef8ab05d628f90c6791a56ac392e40f2f6e30a14a76ab22" network for 
pod "network-diag-test-pod-qz7hv": NetworkPlugin cni failed to teardown pod 
"network-diag-test-pod-qz7hv_network-diag-global-ns-q7vbn" network: context 
deadline exceeded]
  Normal   SandboxChanged  2s (x8 over 2m)  kubelet, buzz1  Pod sandbox 
changed, it will be killed and re-created.

How could I resolve this problem?
Any thoughts?

Thanks,
Jared

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: master api failed to connect to etcd when installing open shift-enterprise 3.11

[Yu Wei]

I have resolved the problem.
In /etc/hosts, one item as below,
172.16.211.60 buzz1.center1.com<http://buzz1.center1.com> buzz1
After commented the line, master-api and etcd both listened on 9.30.x.x and 
installation could continue.

However, node is NotReady status with error as below,
ReadyFalse   Wed, 25 Sep 2019 19:23:28 -0700   Wed, 25 Sep 2019 
10:18:06 -0700   KubeletNotReady  runtime network not ready: 
NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin 
is not ready: cni config uninitialized

I think it’s another problem.


On Sep 25, 2019, at 10:34 PM, Yu Wei 
mailto:yu20...@hotmail.com>> wrote:

I searched the document and I didn’t find such inventory variable.

Output as below,
[root@buzz1 openshift-ansible]# hostname -f
buzz1.center1.com<http://buzz1.center1.com/>
[root@buzz1 openshift-ansible]# host 
buzz1.center1.com<http://buzz1.center1.com/>
buzz1.center1.com<http://buzz1.center1.com/> has address 172.16.211.60
[root@buzz1 openshift-ansible]# ip r sh
default via 9.30.116.1 dev eth1 proto dhcp metric 101
9.30.116.0/22 dev eth1 proto kernel scope link src 9.30.119.88 metric 101
172.16.0.0/16 dev eth0 proto kernel scope link src 172.16.211.60 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

On Sep 25, 2019, at 6:57 PM, Toni Schmidbauer 
mailto:toni+openshift-us...@stderr.at>> wrote:


Yu Wei mailto:yu20...@hotmail.com>> writes:
Toni, thanks for your help.
Yes, 9.30.x.x is the default route of VM as it’s external IP.
And 172.16.x.x is internal IP.

How could I resolve the problem?  Is it possible to make master-api
and etcd to use same IP address by specifying something in inventory
file?

i would make sure that the hostname resolve to the 9.30.x.x ip. either
change your dns or try to change this in /etc/hosts.

maybe you could post the output of `hostname -f`, `host $(hostname -f)`
and `ip r sh`.

i'm not aware of a inventory variable that you can set, but for sure i
do not know all of them :-)

p.s. i've removed the dev list, as i'm pretty sure this is a users
issue. i'm not aware of any cross posting policy, but on most lists it's
discouraged.

lg
toni

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: master api failed to connect to etcd when installing open shift-enterprise 3.11

[Yu Wei]

I searched the document and I didn’t find such inventory variable.

Output as below,
[root@buzz1 openshift-ansible]# hostname -f
buzz1.center1.com<http://buzz1.center1.com>
[root@buzz1 openshift-ansible]# host buzz1.center1.com<http://buzz1.center1.com>
buzz1.center1.com<http://buzz1.center1.com> has address 172.16.211.60
[root@buzz1 openshift-ansible]# ip r sh
default via 9.30.116.1 dev eth1 proto dhcp metric 101
9.30.116.0/22 dev eth1 proto kernel scope link src 9.30.119.88 metric 101
172.16.0.0/16 dev eth0 proto kernel scope link src 172.16.211.60 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

On Sep 25, 2019, at 6:57 PM, Toni Schmidbauer 
mailto:toni+openshift-us...@stderr.at>> wrote:


Yu Wei mailto:yu20...@hotmail.com>> writes:
Toni, thanks for your help.
Yes, 9.30.x.x is the default route of VM as it’s external IP.
And 172.16.x.x is internal IP.

How could I resolve the problem?  Is it possible to make master-api
and etcd to use same IP address by specifying something in inventory
file?

i would make sure that the hostname resolve to the 9.30.x.x ip. either
change your dns or try to change this in /etc/hosts.

maybe you could post the output of `hostname -f`, `host $(hostname -f)`
and `ip r sh`.

i'm not aware of a inventory variable that you can set, but for sure i
do not know all of them :-)

p.s. i've removed the dev list, as i'm pretty sure this is a users
issue. i'm not aware of any cross posting policy, but on most lists it's
discouraged.

lg
toni

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: master api failed to connect to etcd when installing open shift-enterprise 3.11

[Yu Wei]

Toni, thanks for your help.
Yes, 9.30.x.x is the default route of VM as it’s external IP. 
And 172.16.x.x is internal IP.

How could I resolve the problem? 
Is it possible to make master-api and etcd to use same IP address by specifying 
something in inventory file?


> On Sep 25, 2019, at 5:16 PM, Toni Schmidbauer 
>  wrote:
> 
> 
> Yu Wei  writes:
>> F0924 22:58:50.301065   1 start_api.go:68] dial tcp 172.16.211.60:2379: 
>> connect: connection refused
> 
> the api tries to contact etcd on 172.16.211.60:2379 but
> 
>> 2019-09-24 20:34:26.273020 I | embed: serving client requests on 
>> 9.30.119.88:2379
> 
> but etcd listens for client request on 9.30.119.88.
> 
> a wild guess is that your hostname resolves to 172.16.x.x but your
> default route points to 9.30.x.x.
> 
> for a longer explanation why i think this is the case read on :-)
> 
> the listing address for etcd is configure in /etc/etcd/etcd.conf
> (ETCD_LISTEN_CLIENT_URLS).
> 
> etcd.conf gets created by the openshift-ansible role etcd
> (/usr/share/ansible/openshift-ansible/roles/etcd/templates/etcd.conf.j2),
> it uses etcd_listen_client_urls.
> 
> etcd_listen_client_urls uses etcd_ip which gets set via
> openshift.common.ip, that's a custom fact to be found in
> openshift_facts.py
> (.../roles/openshift_facts/library/openshift_facts.py).
> 
> in get_defaults() ip_addr gets set to the standard ansible fact
> ansible_default_ipv4.address, this is then used common.ip.
> 
> so it seems that ansible thinks that 9.3.30.119.88 is your default
> interface, i'm not 100% sure, but this might be because your default
> route points to this nic (ip route sh).
> 
> the config option for the api to contact etcd is in
> /etc/origin/master/master-config.yaml, etcdClientInfo.urls.
> openshift-ansible uses openshift_master_etcd_hosts for this, afaik this
> is set via the custom fact openshift.common.hostname (once again in
> openshift_facts.py) for figuring out the public hostname (it reuses
> ansible_nodename and ansible_fqdn).
> 
> hopefully this is not too confusing...
> 
> hth
> toni
> 
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

master api failed to connect to etcd when installing open shift-enterprise 3.11

[Yu Wei]

Hi,
I tried to install openshift enterprise 3.11 on one single node with two NICs.
Etcd and master-controller started and master-api failed to start due to 
connection to etcd refused.

Log from master-api container as below,
I0924 22:58:20.297828   1 plugins.go:84] Registered admission plugin 
"NamespaceExists"
I0924 22:58:20.297835   1 plugins.go:84] Registered admission plugin 
"NodeRestriction"
I0924 22:58:20.297844   1 plugins.go:84] Registered admission plugin 
"PersistentVolumeLabel"
I0924 22:58:20.297857   1 plugins.go:84] Registered admission plugin 
"PodNodeSelector"
I0924 22:58:20.297866   1 plugins.go:84] Registered admission plugin 
"PodPreset"
I0924 22:58:20.297875   1 plugins.go:84] Registered admission plugin 
"PodTolerationRestriction"
I0924 22:58:20.297885   1 plugins.go:84] Registered admission plugin 
"ResourceQuota"
I0924 22:58:20.297894   1 plugins.go:84] Registered admission plugin 
"PodSecurityPolicy"
I0924 22:58:20.297901   1 plugins.go:84] Registered admission plugin 
"Priority"
I0924 22:58:20.297908   1 plugins.go:84] Registered admission plugin 
"SecurityContextDeny"
I0924 22:58:20.297927   1 plugins.go:84] Registered admission plugin 
"ServiceAccount"
I0924 22:58:20.297934   1 plugins.go:84] Registered admission plugin 
"DefaultStorageClass"
I0924 22:58:20.297941   1 plugins.go:84] Registered admission plugin 
"PersistentVolumeClaimResize"
I0924 22:58:20.297948   1 plugins.go:84] Registered admission plugin 
"StorageObjectInUseProtection"
F0924 22:58:50.301065   1 start_api.go:68] dial tcp 172.16.211.60:2379: 
connect: connection refused

Log from etcd as below,
019-09-24 20:34:25.292743 I | embed: ClientTLS: cert = /etc/etcd/server.crt, 
key = /etc/etcd/server.key, ca = , trusted-ca = /etc/etcd/ca.crt, 
client-cert-auth = true
2019-09-24 20:34:25.293054 I | etcdserver/membership: added member 
9b85c8d12305d256 [https://9.30.119.88:2380] to cluster 1d7f9f2198813e8c
2019-09-24 20:34:26.272070 I | raft: 9b85c8d12305d256 is starting a new 
election at term 1
2019-09-24 20:34:26.272167 I | raft: 9b85c8d12305d256 became candidate at term 2
2019-09-24 20:34:26.272206 I | raft: 9b85c8d12305d256 received MsgVoteResp from 
9b85c8d12305d256 at term 2
2019-09-24 20:34:26.272226 I | raft: 9b85c8d12305d256 became leader at term 2
2019-09-24 20:34:26.272234 I | raft: raft.node: 9b85c8d12305d256 elected leader 
9b85c8d12305d256 at term 2
2019-09-24 20:34:26.272617 I | etcdserver: published 
{Name:buzz1.fyre.ibm.com 
ClientURLs:[https://9.30.119.88:2379]} to cluster 1d7f9f2198813e8c
2019-09-24 20:34:26.272734 I | etcdserver: setting up the initial cluster 
version to 3.2
2019-09-24 20:34:26.272774 I | embed: ready to serve client requests
2019-09-24 20:34:26.273020 I | embed: serving client requests on 
9.30.119.88:2379
2019-09-24 20:34:26.274011 N | etcdserver/membership: set the initial cluster 
version to 3.2
2019-09-24 20:34:26.274069 I | etcdserver/api: enabled capabilities for version 
3.2

Output from ‘ifconfig -a’ as below,
[root@buzz1 openshift-ansible]# ifconfig -a
docker0: flags=4099  mtu 1500
inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
ether 02:42:d0:74:98:c6  txqueuelen 0  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163  mtu 1500
inet 172.16.211.60  netmask 255.255.0.0  broadcast 172.16.255.255
ether 00:16:3e:01:d3:3c  txqueuelen 1000  (Ethernet)
RX packets 19994481  bytes 2780261854 (2.5 GiB)
RX errors 0  dropped 1  overruns 0  frame 0
TX packets 3220  bytes 285148 (278.4 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163  mtu 1500
inet 9.30.119.88  netmask 255.255.252.0  broadcast 9.30.119.255
ether 00:00:09:1e:77:58  txqueuelen 1000  (Ethernet)
RX packets 308744  bytes 319369670 (304.5 MiB)
RX errors 0  dropped 6  overruns 0  frame 0
TX packets 124636  bytes 15097082 (14.3 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
loop  txqueuelen 1000  (Local Loopback)
RX packets 423233  bytes 216825068 (206.7 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 423233  bytes 216825068 (206.7 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


Is the issue caused by two NICs?

Thanks,
Jared
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Could supplemental Groups be used for ceph rbd?

[Yu Wei]

Hi,

I setup ceph rbd with openshift origin 3.6.

I read document about ceph volume and volume security.
https://docs.okd.io/3.6/install_config/persistent_storage/pod_security_context.html#supplemental-groups
https://docs.okd.io/3.6/install_config/persistent_storage/persistent_storage_ceph_rbd.html

It seemed that for ceph rbd,  fsGroups rather than supplemental groups 
should be used.

In my test, I didn't specify fsGroup for pods. But it worked.  It seemed 
that supplemental groups was used as file groups for mounted volumes.

I also run the same test in anther testing environment. Pods failed to 
start and reported permission issues for the mounted volume. However, pv 
and pvc were created successfully.

I have two questions as below,
1, Could only fsGroup be used for ceph rbd? Could supplemental groups 
also be used?
2, Behavior is different in my two test environments. One succeed and 
one failed.
     Except supplemental groups and fsGroups, is there any other 
settings that could affect volume access?

-- 
Thanks,
Jared
Interested in big data, cloud computing


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

when delete deployment via rest api, corresponding rs and pod not deleted

[Yu Wei]

Hi,

By calling rest api to delete deployment, deployment was deleted 
successfully, however, corresponding replica set and pods were not deleted.
How could I delete deployment via rest api?

-- 
Thanks
Jared
Interested in big data, cloud computing


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: ETCD no longer starting during install

[Yu Wei]

I changed to Ansible 2.6 and resolved the issue.

Thanks for your help.

On 2018/10/30 21:55, Scott Dodson wrote:
Please try using Ansible 2.6, we're aware of some problems in 2.7 that cause 
large portions of the playbooks to be skipped. Some users are reporting that 
those problems go away in Ansible 2.7.1 but others report that they persist.

On Tue, Oct 30, 2018 at 5:25 AM Yu Wei 
mailto:yu20...@hotmail.com>> wrote:

I met the same problem and found that etcd was skipped as below,

TASK [openshift_control_plane : Establish the default bootstrap kubeconfig for 
masters] **
changed: [host-10-1-241-74] => (item=/etc/origin/node/bootstrap.kubeconfig)
changed: [host-10-1-241-74] => (item=/etc/origin/node/node.kubeconfig)

TASK [openshift_control_plane : Check status of control plane image pre-pull] 

changed: [host-10-1-241-74]

TASK [openshift_control_plane : Check status of etcd image pre-pull] 
*
skipping: [host-10-1-241-74]

TASK [openshift_control_plane : Start and enable self-hosting node] 
**
changed: [host-10-1-241-74]


Is this playbooks issue?

Thanks,
Jared
Interested in big data, cloud computing

On 2018/10/30 15:47, marc.schle...@sdv-it.de<mailto:marc.schle...@sdv-it.de> 
wrote:
Hello everyone

I am facing an issue with the installer for 3.10 (and 3.11 has the same problem)

It started around 2-3 weeks ago, since I wasnt able to run the Ansible 
installer successfully...even when using a tag from 3.10 in the installer-repo 
that worked before.
The control-plane is not starting and what I could figure out is, that etcd is 
not started anywhere. The last time it was working, when running "docker ps" on 
the master (single master, multi node system) I saw about 4 running 
containers...one of them was the etcd.
Now, there are only 2 of them and no etcd anywhere.

https://github.com/lostiniceland/devops/tree/master/openshift<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flostiniceland%2Fdevops%2Ftree%2Fmaster%2Fopenshift=02%7C01%7C%7Cd21a362a270f4053ac3108d63e6f5a6a%7C84df9e7fe9f640afb435%7C1%7C0%7C636765045313056519=IHoCml%2BziSq1QH588obiWYvkAALDwpsTV6pGc8P67nU%3D=0>
This is my current Vagrant-Setup which uses a simple script to check-out the 
openshift-installer, prepare Vagrant and run the Ansible files.

I thought that I might have broken my inventory or script but I double checked 
everything and I new that this setup was working before.
Now at work, the collegue who is maining our test-cluster has the same problem 
when upgrading from 3.9 to 3.10...no etcd anywhere. It seems restarting the 
docker-daemon fixes for our test-cluster.

If anyone could look into this would be very appreciated.
What I find odd is the fact that even a before working tag like 
openshit-ansible-3.10.53-1 is now broken. The only reasons I can think of, is 
the used Dockerimages have been updated or the installed Version of Docker is 
somewhat broken.


best regards
Marc



___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openshift.redhat.com%2Fopenshiftmm%2Flistinfo%2Fusersdata=02%7C01%7C%7Cc3b207c02bd24d56857008d63e3c1e7a%7C84df9e7fe9f640afb435%7C1%7C0%7C636764825256850099sdata=FbRAeT9pwbbnhvmlO1WZ9cVHVbSuEKUOO9SBfTO83wk%3Dreserved=0<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openshift.redhat.com%2Fopenshiftmm%2Flistinfo%2Fusers=02%7C01%7C%7Cd21a362a270f4053ac3108d63e6f5a6a%7C84df9e7fe9f640afb435%7C1%7C0%7C636765045313056519=LpmJaYq9BlGWqA5rVPCO%2B07uiMQEfHkG8AtFqu0iuwg%3D=0>


___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openshift.redhat.com%2Fopenshiftmm%2Flistinfo%2Fusers=02%7C01%7C%7Cd21a362a270f4053ac3108d63e6f5a6a%7C84df9e7fe9f640afb435%7C1%7C0%7C636765045313056519=LpmJaYq9BlGWqA5rVPCO%2B07uiMQEfHkG8AtFqu0iuwg%3D=0>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: ETCD no longer starting during install

[Yu Wei]

uot;:null,"schedulerConfigFile":"/etc/origin/master/scheduler.json","servicesNodePortRange":"","servicesSubnet":"172.30.0.0/16","staticNodeNames":[]},"masterClients":{"externalKubernetesClientConnectionOverrides":{"acceptContentTypes":"application/vnd.kubernetes.protobuf,application/json","burst":400,"contentType":"application/vnd.kubernetes.protobuf","qps":200},"externalKubernetesKubeConfig":"","openshiftLoopbackClientConnectionOverrides":{"acceptContentTypes":"application/vnd.kubernetes.protobuf,application/json","burst":600,"contentType":"application/vnd.kubernetes.protobuf","qps":300},"openshiftLoopbackKubeConfig":"openshift-master.kubeconfig"},"masterPublicURL":"https://paas-dev.dataos.io:8443;<https://paas-dev.dataos.io:8443>,"networkConfig":{"clusterNetworks":[{"cidr":"10.128.0.0/14","hostSubnetLength":9}],"externalIPNetworkCIDRs":["0.0.0.0/0"],"networkPluginName":"redhat/openshift-ovs-networkpolicy","serviceNetworkCIDR":"172.30.0.0/16"},"oauthConfig":{"assetPublicURL":"https://paas-dev.dataos.io:8443/console/;<https://paas-dev.dataos.io:8443/console/>,"grantConfig":{"method":"auto"},"identityProviders":[{"challenge":true,"login":true,"mappingMethod":"claim","name":"allow_all","provider":{"apiVersion":"v1","kind":"AllowAllPasswordIdentityProvider"}}],"masterCA":"ca-bundle.crt","masterPublicURL":"https://paas-dev.dataos.io:8443;<https://paas-dev.dataos.io:8443>,"masterURL":"https://paas-dev.dataos.io:8443;<https://paas-dev.dataos.io:8443>,"sessionConfig":{"sessionMaxAgeSeconds":3600,"sessionName":"ssn","sessionSecretsFile":"/etc/origin/master/session-secrets.yaml"},"tokenConfig":{"accessTokenMaxAgeSeconds":86400,"authorizeTokenMaxAgeSeconds":500}},"pauseControllers":false,"policyConfig":{"bootstrapPolicyFile":"/etc/origin/master/policy.json","openshiftInfrastructureNamespace":"openshift-infra","openshiftSharedResourcesNamespace":"openshift"},"projectConfig":{"defaultNodeSelector":"node-role.kubernetes.io/compute=true","projectRequestMessage":"","projectRequestTemplate":"","securityAllocator":{"mcsAllocatorRange":"s0:/2","mcsLabelsPerProject":5,"uidAllocatorRange":"10-19/1"}},"routingConfig":{"subdomain":"paas-dev.dataos.io"},"serviceAccountConfig":{"limitSecretReferences":false,"managedNames":["default","builder","deployer"],"masterCA":"ca-bundle.crt","privateKeyFile":"serviceaccounts.private.key","publicKeyFiles":["serviceaccounts.public.key"]},"servingInfo":{"bindAddress":"0.0.0.0:8443","bindNetwork":"tcp4","certFile":"master.server.crt","clientCA":"ca.crt","keyFile":"master.server.key","maxRequestsInFlight":500,"requestTimeoutSeconds":3600},"volumeConfig":{"dynamicProvisioningEnabled":true}}
I1030 14:26:51.597367   1 plugins.go:84] Registered admission plugin 
"NamespaceLifecycle"
I1030 14:26:51.597442   1 plugins.go:84] Registered admission plugin 
"Initializers"
I1030 14:26:51.597504   1 plugins.go:84] Registered admission plugin 
"ValidatingAdmissionWebhook"
I1030 14:26:51.597566   1 plugins.go:84] Registered admission plugin 
"MutatingAdmissionWebhook"
I1030 14:26:51.597628   1 plugins.go:84] Registered admission plugin 
"AlwaysAdmit"
I1030 14:26:51.597674   1 plugins.go:84] Registered admission plugin 
"AlwaysPullImages"
I1030 14:26:51.597699   1 plugins.go:84] Registered admission plugin 
"LimitPodHardAntiAffinityTopology"
I1030 14:26:51.597727   1 plugins.go:84] Registered admission plugin 
"DefaultTolerationSeconds"
I1030 14:26:51.597815   1 plugins.go:84] Registered admission plugin 
"AlwaysDeny"
I1030 14:26:51.597868   1 plugins.go:84] Registered admission plugin 
"EventRateLim

Re: ETCD no longer starting during install

[Yu Wei]

I met the same problem and found that etcd was skipped as below,

TASK [openshift_control_plane : Establish the default bootstrap kubeconfig for 
masters] **
changed: [host-10-1-241-74] => (item=/etc/origin/node/bootstrap.kubeconfig)
changed: [host-10-1-241-74] => (item=/etc/origin/node/node.kubeconfig)

TASK [openshift_control_plane : Check status of control plane image pre-pull] 

changed: [host-10-1-241-74]

TASK [openshift_control_plane : Check status of etcd image pre-pull] 
*
skipping: [host-10-1-241-74]

TASK [openshift_control_plane : Start and enable self-hosting node] 
**
changed: [host-10-1-241-74]


Is this playbooks issue?

Thanks,
Jared
Interested in big data, cloud computing

On 2018/10/30 15:47, marc.schle...@sdv-it.de 
wrote:
Hello everyone

I am facing an issue with the installer for 3.10 (and 3.11 has the same problem)

It started around 2-3 weeks ago, since I wasnt able to run the Ansible 
installer successfully...even when using a tag from 3.10 in the installer-repo 
that worked before.
The control-plane is not starting and what I could figure out is, that etcd is 
not started anywhere. The last time it was working, when running "docker ps" on 
the master (single master, multi node system) I saw about 4 running 
containers...one of them was the etcd.
Now, there are only 2 of them and no etcd anywhere.

https://github.com/lostiniceland/devops/tree/master/openshift
This is my current Vagrant-Setup which uses a simple script to check-out the 
openshift-installer, prepare Vagrant and run the Ansible files.

I thought that I might have broken my inventory or script but I double checked 
everything and I new that this setup was working before.
Now at work, the collegue who is maining our test-cluster has the same problem 
when upgrading from 3.9 to 3.10...no etcd anywhere. It seems restarting the 
docker-daemon fixes for our test-cluster.

If anyone could look into this would be very appreciated.
What I find odd is the fact that even a before working tag like 
openshit-ansible-3.10.53-1 is now broken. The only reasons I can think of, is 
the used Dockerimages have been updated or the installed Version of Docker is 
somewhat broken.


best regards
Marc



___
users mailing list
users@lists.openshift.redhat.com
https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openshift.redhat.com%2Fopenshiftmm%2Flistinfo%2Fusersdata=02%7C01%7C%7Cc3b207c02bd24d56857008d63e3c1e7a%7C84df9e7fe9f640afb435%7C1%7C0%7C636764825256850099sdata=FbRAeT9pwbbnhvmlO1WZ9cVHVbSuEKUOO9SBfTO83wk%3Dreserved=0

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

答复: repos for openshift origin 3.11 on Centos

[Yu Wei]

This worked for me.

Thanks.


发送自 Windows 10 版邮件应用


发件人: users-boun...@lists.openshift.redhat.com 
 代表 Anton Hughes 

发送时间: Monday, October 29, 2018 3:16:32 PM
收件人: red...@redhat.com
抄送: users@lists.openshift.redhat.com
主题: Re: repos for openshift origin 3.11 on Centos

Try adding the following to your inventory:

openshift_additional_repos=[{'id': 'centos-okd-ci', 'name': 'centos-okd-ci', 
'baseurl' 
:'http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/',
 'gpgcheck' :'0', 'enabled' :'1'}]

On Mon, 29 Oct 2018 at 20:11, Ram Edara 
mailto:red...@redhat.com>> wrote:
I am trying to install openshift origin on centos using openshift-ansible . I 
am using release-3.11 git branch , configured my inventory file.
playbooks/prerequisites.yml runs fine but the deploy_cluster.yml complains
"No package matching 'origin-node-3.11*' found available".

I looked at centos repos and found rpms are there only till 3.10. are there any 
centos repos for trying out 3.11 origin version?.

-Thanks
Venkata R Edara

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

How to retrieve session token via rest api?

[Yu Wei]

Hi guys,

I could get session token via cli "oc whoami -t".

Could I get the same information via rest api?

I tried with api below, however, it returned many tokens.

Is there any method to filter that?

curl -k \
-H "Authorization: Bearer yqqouu8vFaip9AjMChmcgdtY7AszXMxWWJHwWhpn8Lw" \
-H 'Accept: application/json' \
https://10.1.241.54:8443/oapi/v1/oauthaccesstokens

Thanks,

Jared
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Failed to provision volume with StorageClass "glusterfs-storage": create volume error: error creating volume

[Yu Wei]

It seemed that you didn't configure correct heketi endpoint.

Could you access 
http://heketi-storage-glusterfs.cnsc.net
 manually?

Thx,

Jared

On 2018年06月26日 00:33, Julián Tete wrote:
Hello friends

Greetings to the OpenShift Origin community from Colombia. I have installed 
OpenShift Origin 3.9 on oVirt 4.1. A master server and 3 nodes. With the 
following file /etc/ansible/hosts:

https://pastebin.com/EQvUdA2Y

But when creating a storage volume, I get the error:

"Failed to provision volume with StorageClass "glusterfs-storage": create 
volume error: error creating volume Post 
http://heketi-storage-glusterfs.cnsc.net/volumes: dial tcp: lookup 
heketi-storage-glusterfs.cnsc.net on 
192.168.52.60:53: no such host"

What should I do? Does the /etc/ansible/hosts file have errors?

My idea is to create an OpenShift Origin system on oVirt, and use GlusterFS as 
storage.

Thank you very much in advance.



___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: hawkular-cassandra failed to startup on openshift origin 3.9

[Yu Wei]

configuration as below,

openshift_metrics_install_metrics=true
openshift_metrics_image_version=v3.9
openshift_master_default_subdomain=paas-dev.dataos.io
#openshift_hosted_logging_deploy=true
openshift_logging_install_logging=true
openshift_logging_image_version=v3.9
openshift_disable_check=disk_availability,docker_image_availability,docker_storage
osm_etcd_image=registry.access.redhat.com/rhel7/etcd

openshift_enable_service_catalog=true
openshift_service_catalog_image_prefix=openshift/origin-
openshift_service_catalog_image_version=v3.9.0

From: users-boun...@lists.openshift.redhat.com 
<users-boun...@lists.openshift.redhat.com> on behalf of Tim Dudgeon 
<tdudgeon...@gmail.com>
Sent: Friday, May 25, 2018 6:21 PM
To: users@lists.openshift.redhat.com
Subject: Re: hawkular-cassandra failed to startup on openshift origin 3.9


So what was the configuration for metrics in the inventory file.


On 25/05/18 11:04, Yu Wei wrote:
Yes, I deployed that via ansible-playbooks.

From: 
users-boun...@lists.openshift.redhat.com<mailto:users-boun...@lists.openshift.redhat.com>
 
<users-boun...@lists.openshift.redhat.com><mailto:users-boun...@lists.openshift.redhat.com>
 on behalf of Tim Dudgeon <tdudgeon...@gmail.com><mailto:tdudgeon...@gmail.com>
Sent: Friday, May 25, 2018 5:51 PM
To: users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
Subject: Re: hawkular-cassandra failed to startup on openshift origin 3.9


How are you deploying this? Using the ansible playbooks?

On 25/05/18 10:25, Yu Wei wrote:
Hi,
I tried to deploy hawkular-cassandra on openshift origin 3.9 cluster.
However, pod failed to start up with error as below,
WARN [main] 2018-05-25 09:17:43,277 StartupChecks.java:267 - Directory 
/cassandra_data/data doesn't exist
ERROR [main] 2018-05-25 09:17:43,279 CassandraDaemon.java:710 - Has no 
permission to create directory /cassandra_data/data

I tried emptyDir and persistent volume as cassandra-data, both failed.

Any advice for this issue?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux



___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: hawkular-cassandra failed to startup on openshift origin 3.9

[Yu Wei]

Yes, I deployed that via ansible-playbooks.

From: users-boun...@lists.openshift.redhat.com 
<users-boun...@lists.openshift.redhat.com> on behalf of Tim Dudgeon 
<tdudgeon...@gmail.com>
Sent: Friday, May 25, 2018 5:51 PM
To: users@lists.openshift.redhat.com
Subject: Re: hawkular-cassandra failed to startup on openshift origin 3.9


How are you deploying this? Using the ansible playbooks?

On 25/05/18 10:25, Yu Wei wrote:
Hi,
I tried to deploy hawkular-cassandra on openshift origin 3.9 cluster.
However, pod failed to start up with error as below,
WARN [main] 2018-05-25 09:17:43,277 StartupChecks.java:267 - Directory 
/cassandra_data/data doesn't exist
ERROR [main] 2018-05-25 09:17:43,279 CassandraDaemon.java:710 - Has no 
permission to create directory /cassandra_data/data

I tried emptyDir and persistent volume as cassandra-data, both failed.

Any advice for this issue?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux



___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

hawkular-cassandra failed to startup on openshift origin 3.9

[Yu Wei]

Hi,
I tried to deploy hawkular-cassandra on openshift origin 3.9 cluster.
However, pod failed to start up with error as below,
WARN [main] 2018-05-25 09:17:43,277 StartupChecks.java:267 - Directory 
/cassandra_data/data doesn't exist
ERROR [main] 2018-05-25 09:17:43,279 CassandraDaemon.java:710 - Has no 
permission to create directory /cassandra_data/data

I tried emptyDir and persistent volume as cassandra-data, both failed.

Any advice for this issue?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

How could I re configure "openshift_master_cluster_public_hostname" after cluster setup?

[Yu Wei]

Hi,
I installed openshift origin cluster withe following variables set.
openshift_master_cluster_public_hostname
openshift_master_cluster_hostname

Then I want to reconfigure above variables to use different values.

Is it possible? If so, how could I do that?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

答复: question about external load balancer

[Yu Wei]

Got that. I will have a look at F5 and netscalers to know more about that.

Thank you very much.

发送自 Windows 10 版邮件<https://go.microsoft.com/fwlink/?LinkId=550986>应用


发件人: Joel Pearson <japear...@agiledigital.com.au>
发送时间: Saturday, May 19, 2018 10:18:34 AM
收件人: Yu Wei
抄送: d...@lists.openshift.redhat.com; users@lists.openshift.redhat.com
主题: Re: question about external load balancer

OpenShift already has some support for F5 load balancer’s as a router. So maybe 
given the choice between F5 or netscalers, then F5’s might make sense.

But either will work fine, it’s probably more a question of which device you 
have more skills in.

On Wed, 16 May 2018 at 3:17 am, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:
Hi guys,
I tried to setup openshift origin cluster with multiple masters for HA.
I read the doc in 
https://github.com/redhat-cop/openshift-playbooks/blob/master/playbooks/installation/load_balancing.adoc.

Any other advice for external load balancer?
Which solution should I select for external load balancer?  F5 or netscaler? 
Which is better?
My cluster is about more than 200 physical machines.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

question about external load balancer

[Yu Wei]

Hi guys,
I tried to setup openshift origin cluster with multiple masters for HA.
I read the doc in 
https://github.com/redhat-cop/openshift-playbooks/blob/master/playbooks/installation/load_balancing.adoc.

Any other advice for external load balancer?
Which solution should I select for external load balancer?  F5 or netscaler? 
Which is better?
My cluster is about more than 200 physical machines.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Install OpenShift Origin 3.9 failed on single node

[Yu Wei]

Got that.
Thanks

From: Michael Gugino <mgug...@redhat.com>
Sent: Thursday, April 12, 2018 3:20 AM
To: Yu Wei
Cc: Charles Moulliard; Clayton Coleman; users@lists.openshift.redhat.com; 
d...@lists.openshift.redhat.com
Subject: Re: Install OpenShift Origin 3.9 failed on single node

Make sure you quote 3.9 as '3.9' or it will be cast as a float type.  
openshift_release should be a string.

On Wed, Apr 11, 2018 at 3:55 AM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:
In my previous installation, "openshift_release" and "openshift_pkg_version" 
were set to 3.9 and installation failed.
I changed the value to v3.9, it worked now.
When I installed OpenShift Origin 3.6, the value was set to 3.6 without prefix 
'v'.

Is there any changes?

Thanks again for help.

From: Charles Moulliard <cmoul...@redhat.com<mailto:cmoul...@redhat.com>>
Sent: Tuesday, April 10, 2018 8:24 PM
To: Clayton Coleman
Cc: Yu Wei; 
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>; 
d...@lists.openshift.redhat.com<mailto:d...@lists.openshift.redhat.com>
Subject: Re: Install OpenShift Origin 3.9 failed on single node

I think that something is not well defined under your inventory as this error 
arrives due to the following reason

def lib_utils_oo_image_tag_to_rpm_version(version, include_dash=False):
""" Convert an image tag string to an RPM version if necessary
Empty strings and strings that are already in rpm version format
are ignored. Also remove non semantic version components.

Ex. v3.2.0.10 -> -3.2.0.10
v1.2.0-rc1 -> -1.2.0
"""
if not isinstance(version, string_types):
raise errors.AnsibleFilterError("|failed expects a string or unicode")



CHARLES MOULLIARD

SOFTWARE ENGINEER MANAGER SPRING(BOOT)

Red Hat<https://www.redhat.com/>

cmoulli...@redhat.com<mailto:cmoulli...@redhat.com>M: 
+32-473-604014<tel:+32-473-604014>

[https://www.redhat.com/files/brand/email/sig-redhat.png]<https://red.ht/sig>
@cmoulliard<https://twitter.com/cmoulliard>

On Tue, Apr 10, 2018 at 2:17 PM, Clayton Coleman 
<ccole...@redhat.com<mailto:ccole...@redhat.com>> wrote:
You can try rerunning the install with -vv to get additional debug information.

What OS and version on Ansible are you using?

On Apr 10, 2018, at 3:24 AM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi,
I tried to install openshift origin 3.9 on a single machine and encountered 
problems as below,

TASK [openshift_node : Install Node package, sdn-ovs, conntrack packages] 
*
fatal: [host-10-1-241-74]: FAILED! => {"msg": "|failed expects a string or 
unicode"}
to retry, use: --limit 
@/root/jared/openshift-ansible/playbooks/deploy_cluster.retry

PLAY RECAP 

host-10-1-241-74   : ok=326  changed=41   unreachable=0failed=1
localhost  : ok=13   changed=0unreachable=0failed=0


INSTALLER STATUS 
**
Initialization : Complete (0:00:43)
Health Check   : Complete (0:00:05)
etcd Install   : Complete (0:00:58)
Master Install : Complete (0:05:03)
Master Additional Install  : Complete (0:00:48)
Node Install   : In Progress (0:00:38)
This phase can be restarted by running: playbooks/openshift-node/config.yml



Failure summary:


  1. Hosts:host-10-1-241-74
 Play: Configure containerized nodes
 Task: Install Node package, sdn-ovs, conntrack packages
 Message:  |failed expects a string or unicode

I didn't find useful information in docker / journal logs.
How could I fix this problem further?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
dev mailing list
d...@lists.openshift.redhat.com<mailto:d...@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Michael Gugino
Senior Software Engineer - OpenShift
mgug...@redhat.com<mailto:mgug...@redhat.com>
540-846-0304
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Install OpenShift Origin 3.9 failed on single node

[Yu Wei]

In my previous installation, "openshift_release" and "openshift_pkg_version" 
were set to 3.9 and installation failed.
I changed the value to v3.9, it worked now.
When I installed OpenShift Origin 3.6, the value was set to 3.6 without prefix 
'v'.

Is there any changes?

Thanks again for help.

From: Charles Moulliard <cmoul...@redhat.com>
Sent: Tuesday, April 10, 2018 8:24 PM
To: Clayton Coleman
Cc: Yu Wei; users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: Install OpenShift Origin 3.9 failed on single node

I think that something is not well defined under your inventory as this error 
arrives due to the following reason

def lib_utils_oo_image_tag_to_rpm_version(version, include_dash=False):
""" Convert an image tag string to an RPM version if necessary
Empty strings and strings that are already in rpm version format
are ignored. Also remove non semantic version components.

Ex. v3.2.0.10 -> -3.2.0.10
v1.2.0-rc1 -> -1.2.0
"""
if not isinstance(version, string_types):
raise errors.AnsibleFilterError("|failed expects a string or unicode")



CHARLES MOULLIARD

SOFTWARE ENGINEER MANAGER SPRING(BOOT)

Red Hat<https://www.redhat.com/>

cmoulli...@redhat.com<mailto:cmoulli...@redhat.com>M: 
+32-473-604014<tel:+32-473-604014>

[https://www.redhat.com/files/brand/email/sig-redhat.png]<https://red.ht/sig>
@cmoulliard<https://twitter.com/cmoulliard>

On Tue, Apr 10, 2018 at 2:17 PM, Clayton Coleman 
<ccole...@redhat.com<mailto:ccole...@redhat.com>> wrote:
You can try rerunning the install with -vv to get additional debug information.

What OS and version on Ansible are you using?

On Apr 10, 2018, at 3:24 AM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi,
I tried to install openshift origin 3.9 on a single machine and encountered 
problems as below,

TASK [openshift_node : Install Node package, sdn-ovs, conntrack packages] 
*
fatal: [host-10-1-241-74]: FAILED! => {"msg": "|failed expects a string or 
unicode"}
to retry, use: --limit 
@/root/jared/openshift-ansible/playbooks/deploy_cluster.retry

PLAY RECAP 

host-10-1-241-74   : ok=326  changed=41   unreachable=0failed=1
localhost  : ok=13   changed=0unreachable=0failed=0


INSTALLER STATUS 
**
Initialization : Complete (0:00:43)
Health Check   : Complete (0:00:05)
etcd Install   : Complete (0:00:58)
Master Install : Complete (0:05:03)
Master Additional Install  : Complete (0:00:48)
Node Install   : In Progress (0:00:38)
This phase can be restarted by running: playbooks/openshift-node/config.yml



Failure summary:


  1. Hosts:host-10-1-241-74
 Play: Configure containerized nodes
 Task: Install Node package, sdn-ovs, conntrack packages
 Message:  |failed expects a string or unicode

I didn't find useful information in docker / journal logs.
How could I fix this problem further?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
dev mailing list
d...@lists.openshift.redhat.com<mailto:d...@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: CIFS access from pods

[Yu Wei]

Hi,
Have you changed settings for using hostpath?
Please reference following doc
https://docs.openshift.org/latest/admin_guide/manage_scc.html#use-the-hostpath-volume-plugin

From: users-boun...@lists.openshift.redhat.com 
 on behalf of Marc Boorshtein 

Sent: Wednesday, April 11, 2018 11:04 AM
To: users
Subject: CIFS access from pods

OpenShifters,

I'm trying to access CIFS mounts from my OpenShift pods using Origin 3.7 on 
CentOS 7.  Here's my setup:

1.  FreeIPA deployed with domain trust to AD 
(ENT2K12.DOMAIN.COM)
2.  Node is member of FreeIPA domain
3.  On Node:
  a.  Keytab generated
  b.  CIFS share mounted as AD user using uid from IPA - mount -t cifs -o 
username=mmos...@ent2k12.domain.com,sec=krb5,version=3.0,uid=160811903,gid=0
 
//adfs.ent2k12.domain.com/mmosley-share
 /mount/local-storage/cifs/mmosley
  c.  marked /mount/local-storage/cifs/mmosley as owned by 
mmos...@ent2k12.domain.com/root

4.  In OpenShift:
  a.  Enabled hostPath
  b.  Set runAsUser to runAsAny

5.  in my pod added:

securityContext:
runAsUser: 160811903

And
volumes:
- name: ext
  hostPath:
path: /mnt/local-storage/cifs/mmosley
type: Directory

Once my pod is running, i double check the id :

sh-4.2$ id
uid=160811903 gid=0(root) groups=0(root),100011
sh-4.2$

but when i try to access the mount I get permission denied:
drwxrwxrwx.   2 160811903 root   0 Apr 10 13:58 ext

rsh-4.2$ ls /ext/
ls: cannot open directory /ext/: Permission denied

Here's something interesting, if I unmount the volume I'm able to read/write 
files and files have the correct ownership.

There's nothing in the selinux audit log.

Any help would be greatly appreciated.

Thanks
Marc

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: How to deploy openshift origin cluster on openstack?

[Yu Wei]

Is there any other solution to deploy openshift origin cluster on private 
openstack cloud?
Could magnum be used for bringing up openshift origin cluster?

Thx.


From: users-boun...@lists.openshift.redhat.com 
<users-boun...@lists.openshift.redhat.com> on behalf of Tim Dudgeon 
<tdudgeon...@gmail.com>
Sent: Tuesday, April 10, 2018 6:46 PM
To: users@lists.openshift.redhat.com
Subject: Re: How to deploy openshift origin cluster on openstack?


Basically you do 2 things:

1. create your openstack environment with the instances you need and the 
appropriate networking (just like you would for any environment)

2. deploy openshift using the ansible playbooks [1]

But there is a lot of devil in the detail and it depends a bit on what you are 
wanting to deploy (openstack cloud provider, glusterfs ...).
We have used a number of openstack environments, and found them all to be a bit 
fragile. Added to this the openshift environment is continually changing 
(playbooks, RPMs, Docker images) so the whole process is a bit temperamental, 
but it can be made to work.

For sure you should look at the parts of the openshift documentation that cover 
openstack [2, 3] as well as these contrib playbooks that also handle creation 
of the openstack parts [4] (but IMHO these are not really suitable for creating 
a real cluster as they are).

[1] https://github.com/openshift/openshift-ansible/
[2] https://docs.openshift.org/latest/install_config/configuring_openstack.html
[3] 
https://docs.openshift.org/latest/install_config/persistent_storage/persistent_storage_cinder.html
[4] 
https://github.com/openshift/openshift-ansible-contrib/tree/master/playbooks/provisioning/openstack

On 10/04/18 11:27, Yu Wei wrote:
Hi,
How to deploy openshift origin cluster on openstack?
Could I use magnum, heat or other components?

Is there any document about this?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux



___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

How to deploy openshift origin cluster on openstack?

[Yu Wei]

Hi,
How to deploy openshift origin cluster on openstack?
Could I use magnum, heat or other components?

Is there any document about this?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Install OpenShift Origin 3.9 failed on single node

[Yu Wei]

Hi,
I tried to install openshift origin 3.9 on a single machine and encountered 
problems as below,

TASK [openshift_node : Install Node package, sdn-ovs, conntrack packages] 
*
fatal: [host-10-1-241-74]: FAILED! => {"msg": "|failed expects a string or 
unicode"}
to retry, use: --limit 
@/root/jared/openshift-ansible/playbooks/deploy_cluster.retry

PLAY RECAP 

host-10-1-241-74   : ok=326  changed=41   unreachable=0failed=1
localhost  : ok=13   changed=0unreachable=0failed=0


INSTALLER STATUS 
**
Initialization : Complete (0:00:43)
Health Check   : Complete (0:00:05)
etcd Install   : Complete (0:00:58)
Master Install : Complete (0:05:03)
Master Additional Install  : Complete (0:00:48)
Node Install   : In Progress (0:00:38)
This phase can be restarted by running: playbooks/openshift-node/config.yml



Failure summary:


  1. Hosts:host-10-1-241-74
 Play: Configure containerized nodes
 Task: Install Node package, sdn-ovs, conntrack packages
 Message:  |failed expects a string or unicode

I didn't find useful information in docker / journal logs.
How could I fix this problem further?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Several questions about authorization

[Yu Wei]

The created user info is as below,

[root@host-10-1-236-92 ~]# oc describe user hello
Name:hello
Created:24 minutes ago
Labels:
Annotations:
Identities:allow_all:hello

Is the issue caused by allow_all?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: users-boun...@lists.openshift.redhat.com 
<users-boun...@lists.openshift.redhat.com> on behalf of Yu Wei 
<yu20...@hotmail.com>
Sent: Monday, December 18, 2017 11:48:46 PM
To: Clayton Coleman
Cc: users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: Several questions about authorization


I guessed that some configurations was not proper.

When I create a new user, it is always added to project "aura" by default.

Cluster is setup on OpenShift Origin 3.6.

[root@host-10-1-236-92 ~]# oc describe project aura
Name:aura
Created:7 weeks ago
Labels:
Annotations:openshift.io/description=
openshift.io/display-name=
openshift.io/requester=aura
openshift.io/sa.scc.mcs=s0:c9,c4
openshift.io/sa.scc.supplemental-groups=18/1
openshift.io/sa.scc.uid-range=18/1
Display Name:
Description:
Status:Active
Node Selector:
Quota:
Resource limits:
[root@host-10-1-236-92 ~]# oc login
Authentication required for https://10.1.241.54:8443 (openshift)
Username: hello
Password:
Login successful.

You have one project on this server: "aura"

Using project "aura".

Where should I start to fix the problem? Any advice?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Clayton Coleman <ccole...@redhat.com>
Sent: Monday, December 18, 2017 10:41:30 PM
To: Yu Wei
Cc: users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: Several questions about authorization



On Mon, Dec 18, 2017 at 5:17 AM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi,

I have several questions about user and authorization management.

1, How could I remove user from project?



[root@host-10-1-236-92 gpu-test]# oc login -u test1 -p test1
Login successful.

You have access to the following projects and can switch between them with 'oc 
project ':

  * aura
test1

Using project "aura".
[root@host-10-1-236-92 gpu-test]# oc project aura
Already on project "aura" on server "https://10.1.241.54:8443;.
[root@host-10-1-236-92 gpu-test]# oc get rolebindings
Error from server (Forbidden): User "test1" cannot list rolebindings in project 
"aura"

How should I remove user "test1" from project "aura"?

How did you get added to the "aura" project?  If you can't view role bindings, 
then you likely don't have the "view" role and you have been given a more 
constrained role.  You'd need to ask the person who added you in that case.


And how could I find which users belongs to project "aura"?

You can see which users have been added with explicit roles by doing "oc get 
rolebindings".  You can see who can view the namespace by running "oc policy 
who-can get namespace aura" if you have sufficient permissions.



2, basic-user

When should "basic-user" be used? It seems that basic-user is cluster wide. 
Is my understanding right?

There are two types of role bindings - namespace scoped role bindings 
(rolebindings) and cluster scoped role bindings (clusterrolebindings).  If you 
add someone to a clusterrolebinding they have that role on all namespaces in 
the cluster.  If you add someone with a rolebinding, they only have that 
permission on the namespace the rolebinding is created in.



3, user created automatically

When issues the instructions "oc login -u test2 -p test2", user "test2" is 
to be created automatically.

After user creation, which project does created user belong to?

None, unless you grant a clusterrolebinding to a group and the new user is in 
that group.



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Several questions about authorization

[Yu Wei]

I guessed that some configurations was not proper.

When I create a new user, it is always added to project "aura" by default.

Cluster is setup on OpenShift Origin 3.6.

[root@host-10-1-236-92 ~]# oc describe project aura
Name:aura
Created:7 weeks ago
Labels:
Annotations:openshift.io/description=
openshift.io/display-name=
openshift.io/requester=aura
openshift.io/sa.scc.mcs=s0:c9,c4
openshift.io/sa.scc.supplemental-groups=18/1
openshift.io/sa.scc.uid-range=18/1
Display Name:
Description:
Status:Active
Node Selector:
Quota:
Resource limits:
[root@host-10-1-236-92 ~]# oc login
Authentication required for https://10.1.241.54:8443 (openshift)
Username: hello
Password:
Login successful.

You have one project on this server: "aura"

Using project "aura".

Where should I start to fix the problem? Any advice?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Clayton Coleman <ccole...@redhat.com>
Sent: Monday, December 18, 2017 10:41:30 PM
To: Yu Wei
Cc: users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: Several questions about authorization



On Mon, Dec 18, 2017 at 5:17 AM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi,

I have several questions about user and authorization management.

1, How could I remove user from project?



[root@host-10-1-236-92 gpu-test]# oc login -u test1 -p test1
Login successful.

You have access to the following projects and can switch between them with 'oc 
project ':

  * aura
test1

Using project "aura".
[root@host-10-1-236-92 gpu-test]# oc project aura
Already on project "aura" on server "https://10.1.241.54:8443;.
[root@host-10-1-236-92 gpu-test]# oc get rolebindings
Error from server (Forbidden): User "test1" cannot list rolebindings in project 
"aura"

How should I remove user "test1" from project "aura"?

How did you get added to the "aura" project?  If you can't view role bindings, 
then you likely don't have the "view" role and you have been given a more 
constrained role.  You'd need to ask the person who added you in that case.


And how could I find which users belongs to project "aura"?

You can see which users have been added with explicit roles by doing "oc get 
rolebindings".  You can see who can view the namespace by running "oc policy 
who-can get namespace aura" if you have sufficient permissions.



2, basic-user

When should "basic-user" be used? It seems that basic-user is cluster wide. 
Is my understanding right?

There are two types of role bindings - namespace scoped role bindings 
(rolebindings) and cluster scoped role bindings (clusterrolebindings).  If you 
add someone to a clusterrolebinding they have that role on all namespaces in 
the cluster.  If you add someone with a rolebinding, they only have that 
permission on the namespace the rolebinding is created in.



3, user created automatically

When issues the instructions "oc login -u test2 -p test2", user "test2" is 
to be created automatically.

After user creation, which project does created user belong to?

None, unless you grant a clusterrolebinding to a group and the new user is in 
that group.



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Several questions about authorization

[Yu Wei]

Hi,

I have several questions about user and authorization management.

1, How could I remove user from project?



[root@host-10-1-236-92 gpu-test]# oc login -u test1 -p test1
Login successful.

You have access to the following projects and can switch between them with 'oc 
project ':

  * aura
test1

Using project "aura".
[root@host-10-1-236-92 gpu-test]# oc project aura
Already on project "aura" on server "https://10.1.241.54:8443;.
[root@host-10-1-236-92 gpu-test]# oc get rolebindings
Error from server (Forbidden): User "test1" cannot list rolebindings in project 
"aura"

How should I remove user "test1" from project "aura"?

And how could I find which users belongs to project "aura"?


2, basic-user

When should "basic-user" be used? It seems that basic-user is cluster wide. 
Is my understanding right?


3, user created automatically

When issues the instructions "oc login -u test2 -p test2", user "test2" is 
to be created automatically.

After user creation, which project does created user belong to?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: push to registry fail

[Yu Wei]

I also met such problem. After deleting pod docker-registry and recreated 
again, it started working again.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: users-boun...@lists.openshift.redhat.com 
 on behalf of Tim Dudgeon 

Sent: Saturday, December 9, 2017 3:58:06 AM
To: users
Subject: push to registry fail

A BuildConfig that has previously run OK is now failing with a "Push
image to registry failed" error.
AFAIK nothing relevant has changed in the OpenShift  setup (Origin 3.6),
though can't be sure of this.
Looking a the logs of the registry pod I see this (note the "permission
denied" bit):

time="2017-12-08T17:59:49.580297486Z" level=error msg="response
completed with error" err.code=unknown err.detail="filesystem: mkdir
/registry/docker/registry/v2/repositories/openrisknet-infra/home/_uploads/99b0e713-2060-4779-87c5-b7b9a27855e3:
permission denied" err.message="unknown error" go.version=go1.7.6
http.request.host="docker-registry.default.svc:5000"
http.request.id=d49b28f3-1255-49c2-aade-4ea3dc215bbc
http.request.method=POST http.request.remoteaddr="10.130.0.1:49706"
http.request.uri="/v2/openrisknet-infra/home/blobs/uploads/"
http.request.useragent="docker/1.12.6 go/go1.8.3
kernel/3.10.0-693.2.2.el7.x86_64 os/linux arch/amd64
UpstreamClient(go-dockerclient)"
http.response.contenttype="application/json; charset=utf-8"
http.response.duration=31.733223ms http.response.status=500
http.response.written=250
instance.id=072b4b30-f009-4141-9891-a6d37924bab9
openshift.auth.user="system:serviceaccount:openrisknet-infra:builder"
openshift.logger=registry vars.name="openrisknet-infra/home"

Any suggestions for what to look at?

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Cannot pull images from internal registry when creating a pod

[Yu Wei]

Could you access registry web console?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: users-boun...@lists.openshift.redhat.com 
 on behalf of Andreas Mather 

Sent: Friday, December 1, 2017 9:01:34 PM
To: users@lists.openshift.redhat.com
Subject: Cannot pull images from internal registry when creating a pod

Hi All!

I'm facing an issue where, even though I can push images from my client into 
the internal registry, creating a pod which uses internal images fails with 
'image not found'. Further debugging indicated an authentication problem.

I've created following issue where I described all the details:
https://github.com/openshift/origin/issues/17523

The issue was closed without any reason given so I hope someone here can help.

In the meantime, I've tried installing the cluster with following 
openshift-ansible checkouts/configurations and hit the problem in all setups:

openshift-ansible checkout openshift-ansible-3.7.2-1-8-g56b529e:
installs the cluster without issues

openshift-ansible checkout master:
installs the cluster but then fails at "Reconcile with RBAC file"
(that's the reason I usually used above checkout)

openshift-ansible checkout master with openshift_repos_enable_testing=true in 
[OSEv3:vars]:
installs the cluster but then fails at "Verify that TSB is running"

So it doesn't seem to be correlated to the openshift-ansible version I checkout 
or the openshift/kubernetes version the cluster installs with.

Another noteable detail: As my nodes and master communicate via host-to-host 
IPSsec I had to set the mtu to 1350 in /etc/origin/node/node-config.yaml and 
rebooted all nodes and master prior to installing the registry. I had TLS and 
networking issues before, but setting the MTU resolved all of them.

Maybe I'm missing a configuration step, so here's the complete list of commands 
I issue to setup the registry, push the image and creating the pod:

# create registry
# on master as root (whaomi: system:admin):
$ cd /etc/origin/master
$ oadm registry --config=admin.kubeconfig --service-account=registry
$ oc get svc docker-registry # get service IP address
$ oadm ca create-server-cert \
--signer-cert=/etc/origin/master/ca.crt \
--signer-key=/etc/origin/master/ca.key \
--signer-serial=/etc/origin/master/ca.serial.txt \

--hostnames='registry.mycompany.com,docker-registry.default.svc.cluster.local,172.30.185.69'
 \
--cert=/etc/secrets/registry.crt \
--key=/etc/secrets/registry.key
$ oc rollout pause dc/docker-registry
$ oc secrets new registry-certificates /etc/secrets/registry.crt 
/etc/secrets/registry.key
$ oc secrets link registry registry-certificates
$ oc secrets link default  registry-certificates
$ oc volume dc/docker-registry --add --type=secret 
--secret-name=registry-certificates -m /etc/secrets
$ oc set env dc/docker-registry 
REGISTRY_HTTP_TLS_CERTIFICATE=/etc/secrets/registry.crt 
REGISTRY_HTTP_TLS_KEY=/etc/secrets/registry.key
$ oc patch dc/docker-registry -p '{"spec": {"template": {"spec": 
{"containers":[{"name":"registry","livenessProbe":  {"httpGet": 
{"scheme":"HTTPS"}}}]'
$ oc patch dc/docker-registry -p '{"spec": {"template": {"spec": 
{"containers":[{"name":"registry","readinessProbe":  {"httpGet": 
{"scheme":"HTTPS"}}}]'
$ oc rollout resume dc/docker-registry

# deploy registry certs
$ cat deploy_docker_certs.sh
for h in kubmaster1 kubnode1 kubnode2
do
  ssh="ssh -o StrictHostKeyChecking=no $h"

  for dir in docker-registry.default.svc.cluster.local:5000 
172.30.185.69:5000 
registry.mycompany.com:5000
  do
$ssh "mkdir /etc/docker/certs.d/${dir}" 2>/dev/null
scp -o StrictHostKeyChecking=no /etc/origin/master/ca.crt 
${h}:/etc/docker/certs.d/${dir}/
  done
  $ssh sudo systemctl daemon-reload
  $ssh sudo systemctl restart docker
done
$ ./deploy_docker_cert.sh

# external route
$ oc create route reencrypt --service=docker-registry 
--cert=/server/tls/mywildcard.cer --key=/server/tls/mywildcard.key 
--ca-cert=/server/tls/mywildcard_ca.cer 
--dest-ca-cert=/etc/origin/master/ca.crt 
--hostname=registry.mycompany.com

# create user
$ newuser=amather
$ htpasswd htpasswd $newuser # htpasswd auth and file location configured in 
ansible hosts file
$ oc create user $newuser
$ oc create identity htpasswd_auth:$newuser
$ oc create useridentitymapping htpasswd_auth:$newuser $newuser
$ oadm policy add-role-to-user system:registry $newuser # registry login
$ oadm policy add-role-to-user admin $newuser # project admin
$ oadm policy add-role-to-user system:image-builder $newuser # image pusher

# on my client (os x)
$ oc login
$ oc whoami
amather
$ docker login -u $(oc whoami) -p $(oc whoami -t) 
registry.mycompany.com
WARNING! Using 

Re: environment variables when running multiple containers in one pod

[Yu Wei]

Hi Slava,

The two pvc "ocai-mysql-claim" and "ocai-nb-claim" are consuming two pv which 
are resides on one real storage.  After deploying it on openshift origin 
cluster, "empty" password worked when connecting to mysql.

And endpoint for glusterfs was destroyed soon after deployment, I didn't find 
out the reason.


Then I modified the deployment as below.  And mysql worked as expected.

Now I have two questions:

1, Could two pv reside on one real volume? For example, glusterfs volume

2, I found glusterfs related endpoints disappeared after running deployment 
successfully. How could I debug such issue?


   spec:
  containers:
  - name: ocai
image: aura/web:develop
imagePullPolicy: Always
ports:
- containerPort: 9000
  - name: notebook
image: aura/all-spark-notebook:latest
imagePullPolicy: Always
ports:
- containerPort: 8889
command: ["sh", "-c", "jupyter-notebook --port=8889 
--NotebookApp.token='9e4f96c5239743a8dd5910216c6f02dad89a58932d63db7f' 
--config=/jupyter_notebook_config.py --no-browser"]
volumeMounts:
- mountPath: /data/ai_lab/ocai/
  name: ocai-data
  subPath: nb
resources:
  requests:
memory: 4Gi
  - name: mysql
env:
  - name: MYSQL_ROOT_PASSWORD
value: Ocai@1234
image: aura/mysql:5.7
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3306
volumeMounts:
- mountPath: "/var/lib/mysql"
  name: ocai-data
  subPath: mysql
resources:
  requests:
memory: 2G
  volumes:
  - name: ocai-data
persistentVolumeClaim:
  claimName: ocai-claim


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Vyacheslav Semushin <vsemu...@redhat.com>
Sent: Monday, November 27, 2017 9:52:50 PM
To: Yu Wei
Cc: users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: environment variables when running multiple containers in one pod

2017-11-27 10:34 GMT+01:00 Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>>:

Hi，

When running mysql with other containers within one pod, it seemed that 
environment variable "MYSQL_ROOT_PASSWORD" didn't work as expected.

Password set in "MYSQL_ROOT_PASSWORD" couldn't be used for connecting to mysql.

It doesn't work only when other containers are being created and when they try 
to connect to mysql container? If yes, then it could be a race when mysql 
container isn't ready while others try to connect to it.


--
Slava Semushin | OpenShift
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

environment variables when running multiple containers in one pod

[Yu Wei]

Hi，

When running mysql with other containers within one pod, it seemed that 
environment variable "MYSQL_ROOT_PASSWORD" didn't work as expected.

Password set in "MYSQL_ROOT_PASSWORD" couldn't be used for connecting to mysql.

But empty password works.

If only running mysql in pod, the variable works fine.


How could I fix the problem?


Detailed deployment file is as below,

spec:
  containers:
  - name: ocai
image: aura/web:develop
imagePullPolicy: Always
ports:
- containerPort: 9000
  - name: notebook
image: aura/all-spark-notebook:latest
imagePullPolicy: Always
ports:
- containerPort: 8889
command: ["sh", "-c", "jupyter-notebook --port=8889 
--NotebookApp.token='9e4f96c5239743a8dd5910216c6f02dad89a58932d63db7f' 
--config=/jupyter_notebook_config.py --no-browser"]
volumeMounts:
- mountPath: /data/ai_lab/ocai/
  name: nb-data
resources:
  requests:
memory: 4Gi
  - name: mysql
env:
  - name: MYSQL_ROOT_PASSWORD
value: Ocai@1234
image: aura/mysql:5.7
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3306
volumeMounts:
- mountPath: "/var/lib/mysql"
  name: mysql-data
resources:
  requests:
memory: 2G
  volumes:
- name: mysql-data
  persistentVolumeClaim:
claimName: ocai-mysql-claim
- name: nb-data
  persistentVolumeClaim:
claimName: ocai-nb-claim





Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

question about openshift origin deployer

[Yu Wei]

Hi,

How does openshift origin deployer start another container?

I checked docker file about deployer and found stuff as 
"/usr/bin/openshift-deploy"?


How is /usr/bin/openshift-deploy implemented? Does it call docker api?

Is "/usr/bin/openshift-deploy" also open sourced? Where could I find it?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Where could I find api for service catalog?

[Yu Wei]

Hi,

I setup openshift origin cluster with service-catalog enabled.

Where could I find api for service catalog?

I checked github and did not find detailed information.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

How could I use oc client to search images in integrated docker-registry?

[Yu Wei]

Hi,

How could I list images pushed into integrated docker-registry?

Could oc client be used? Or any other options?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Network issues with openvswitch

[Yu Wei]

My environment is setting up on VMs provided by openstack.

It seemed that nodes not working were created from resource pool in which 
openstack has different version of ovs.

As I have destroyed the environment and want to try again.  I couldn't get more 
information now.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Aleksandar Lazic <al...@me2digital.eu>
Sent: Tuesday, October 24, 2017 12:18:55 AM
To: Yu Wei; users@lists.openshift.redhat.com
Subject: Re: Network issues with openvswitch

Hi Yu Wei.

Interesting issue.
What's the difference between the nodes which the connection work and the one 
from which the connection does not work?

Please can you share some more Informations.

I assume this is on aws, is the UDP port 4789 open from everywhere, as 
described in the doc?
https://docs.openshift.org/3.6/install_config/install/prerequisites.html#prereq-network-access

and of course the other ports also.

oc get nodes
oc describe svc -n default docker-registry

Do you have reboot the notworking nodes?
Are there errors in the journald logs?

Best Regards
Aleks

on Montag, 23. Oktober 2017 at 04:38 was written:


Hi Aleks,

I setup openshift origin cluster with 1lb + 3 masters + 5 nodes.
In some nodes, pods running on them couldn't be reached by other nodes or pods 
running on other nodes. It indicates "no route to host".
[root@host-10-1-130-32 ~]# curl -kv 
docker-registry.default.svc.cluster.local:5000
* About to connect() to docker-registry.default.svc.cluster.local port 5000 (#0)
*   Trying 172.30.22.28...
* No route to host
* Failed connect to docker-registry.default.svc.cluster.local:5000; No route to 
host
* Closing connection 0
curl: (7) Failed connect to docker-registry.default.svc.cluster.local:5000; No 
route to host

And other nodes works fine.
In my previous mail, host name of node is host-10-1-130-32.
Output of "ifconfig tun0" is as below,
[root@host-10-1-130-32 ~]# ifconfig tun0
tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
   inet 10.130.2.1  netmask 255.255.254.0  broadcast 0.0.0.0
   inet6 fe80::cc50:3dff:fe07:9ea2  prefixlen 64  scopeid 0x20
   ether ce:50:3d:07:9e:a2  txqueuelen 1000  (Ethernet)
   RX packets 97906  bytes 8665783 (8.2 MiB)
   RX errors 0  dropped 0  overruns 0  frame 0
   TX packets 163379  bytes 27405744 (26.1 MiB)
   TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I also tried to capture packet via tcpdump, and found some stuff as following,
10.1.130.32.58147 > 10.1.236.92.4789: [no cksum] VXLAN, flags [I] (0x08), vni 0
ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.128.1.45 tell 
10.130.2.1, length 28
   0x:  04f9 38ae 659b fa16 3e6c dd90 0800 4500  ..8.e...>lE.
   0x0010:  004e 543c 4000 4011 63e4 0a01 8220 0a01  .NT<@.@.c...
   0x0020:  ec5c e323 12b5 003a  0800    .\.#...:
   0x0030:      ce50 3d07 9ea2 0806  .P=.
   0x0040:  0001 0800 0604 0001 ce50 3d07 9ea2 0a82  .P=.
   0x0050:  0201    0a80 012d...-
  25  00:22:47.214387 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 
10.1.130.2 tell 10.1.130.45, length 46
   0x:     fa16 3e5a a862 0806 0001  >Z.b
   0x0010:  0800 0604 0001 fa16 3e5a a862 0a01 822d  >Z.b...-
   0x0020:     0a01 8202     
   0x0030:       
  26  00:22:47.258344 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 
24) :: > ff02::1:ffa1:1fbb: [icmp6 sum ok] ICMP6, neighbor solicitation, length 
24, who has fe80::824:c2ff:fea1:1fbb
   0x:   ffa1 1fbb 0a24 c2a1 1fbb 86dd 6000  33.$..`.
   0x0010:   0018 3aff       :...
   0x0020:     ff02      
   0x0030:  0001 ffa1 1fbb 8700 724a   fe80  rJ..
   0x0040:     0824 c2ff fea1 1fbb   ...$..
  27  00:22:47.282619 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 
10.1.130.2 tell 10.1.130.73, length 46
   0x:     fa16 3ec4 a9be 0806 0001  >...
   0x0010:  0800 0604 0001 fa16 3ec4 a9be 0a01 8249  >..I
   0x0020:     0a01 8202     
   0x0030:       

I didn't understand why the IP marked in red above were involved.

Thanks,
Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

From: Aleksandar Lazic <al...@me2digital.eu>
Sent: Monday, October 23, 2017 2:34:13 AM
To: Yu Wei; users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: R

Re: Network issues with openvswitch

[Yu Wei]

Hi Aleks,


I setup openshift origin cluster with 1lb + 3 masters + 5 nodes.

In some nodes, pods running on them couldn't be reached by other nodes or pods 
running on other nodes. It indicates "no route to host".

[root@host-10-1-130-32 ~]# curl -kv 
docker-registry.default.svc.cluster.local:5000
* About to connect() to docker-registry.default.svc.cluster.local port 5000 (#0)
*   Trying 172.30.22.28...
* No route to host
* Failed connect to docker-registry.default.svc.cluster.local:5000; No route to 
host
* Closing connection 0
curl: (7) Failed connect to docker-registry.default.svc.cluster.local:5000; No 
route to host


And other nodes works fine.

In my previous mail, host name of node is host-10-1-130-32.

Output of "ifconfig tun0" is as below,

[root@host-10-1-130-32 ~]# ifconfig tun0
tun0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
inet 10.130.2.1  netmask 255.255.254.0  broadcast 0.0.0.0
inet6 fe80::cc50:3dff:fe07:9ea2  prefixlen 64  scopeid 0x20
ether ce:50:3d:07:9e:a2  txqueuelen 1000  (Ethernet)
RX packets 97906  bytes 8665783 (8.2 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 163379  bytes 27405744 (26.1 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I also tried to capture packet via tcpdump, and found some stuff as following,

10.1.130.32.58147 > 10.1.236.92.4789: [no cksum] VXLAN, flags [I] (0x08), vni 0
ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.128.1.45 tell 
10.130.2.1, length 28
0x:  04f9 38ae 659b fa16 3e6c dd90 0800 4500  ..8.e...>lE.
0x0010:  004e 543c 4000 4011 63e4 0a01 8220 0a01  .NT<@.@.c...
0x0020:  ec5c e323 12b5 003a  0800    .\.#...:
0x0030:      ce50 3d07 9ea2 0806  .P=.
0x0040:  0001 0800 0604 0001 ce50 3d07 9ea2 0a82  .P=.
0x0050:  0201    0a80 012d...-
   25  00:22:47.214387 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 
10.1.130.2 tell 10.1.130.45, length 46
0x:     fa16 3e5a a862 0806 0001  >Z.b
0x0010:  0800 0604 0001 fa16 3e5a a862 0a01 822d  >Z.b...-
0x0020:     0a01 8202     
0x0030:       
   26  00:22:47.258344 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 
24) :: > ff02::1:ffa1:1fbb: [icmp6 sum ok] ICMP6, neighbor solicitation, length 
24, who has fe80::824:c2ff:fea1:1fbb
0x:   ffa1 1fbb 0a24 c2a1 1fbb 86dd 6000  33.$..`.
0x0010:   0018 3aff       :...
0x0020:     ff02      
0x0030:  0001 ffa1 1fbb 8700 724a   fe80  rJ..
0x0040:     0824 c2ff fea1 1fbb   ...$..
   27  00:22:47.282619 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 
10.1.130.2 tell 10.1.130.73, length 46
0x:     fa16 3ec4 a9be 0806 0001  >...
0x0010:  0800 0604 0001 fa16 3ec4 a9be 0a01 8249  >..I
0x0020:     0a01 8202     
0x0030:       

I didn't understand why the IP marked in red above were involved.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Aleksandar Lazic <al...@me2digital.eu>
Sent: Monday, October 23, 2017 2:34:13 AM
To: Yu Wei; users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: Network issues with openvswitch

Hi Yu Wei.

on Sonntag, 22. Oktober 2017 at 19:13 was written:

> Hi，

> I execute following command on work node of openshift origin cluster 3.6.
>
> [root@host-10-1-130-32 ~]# traceroute docker-registry.default.svc
> traceroute to docker-registry.default.svc (172.30.22.28), 30 hops max, 60 
> byte packets
>  1  bogon (10.130.2.1)  3005.715 ms !H  3005.682 ms !H  3005.664 ms !H
>  It seemed content marked in red  should be hostname of work node.
>  How could I debug such issue? Where to start?

What's the hostname of the node?
I'm not sure what you try to debug or what's the problem you try to
solve?

> Thanks,

> Jared, (韦煜）
>  Software developer
>  Interested in open source software, big data, Linux

--
Best Regards
Aleks
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Network issues with openvswitch

[Yu Wei]

Hi，

I execute following command on work node of openshift origin cluster 3.6.

[root@host-10-1-130-32 ~]# traceroute docker-registry.default.svc
traceroute to docker-registry.default.svc (172.30.22.28), 30 hops max, 60 byte 
packets
 1  bogon (10.130.2.1)  3005.715 ms !H  3005.682 ms !H  3005.664 ms !H
It seemed content marked in red should be hostname of work node.
How could I debug such issue? Where to start?



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

No route to host when trying to connect to services

[Yu Wei]

Hi guys,

I setup openshift origin cluster 3.6 and deployed 3 zookeeper instances as 
cluster.

I met error “no route to host" when trying to connect to one zookeeper via 
service.

The detailed information is as below,

zookeeper-1   172.30.64.134  
2181/TCP,2888/TCP,3888/TCP   10m
zookeeper-2   172.30.174.48  
2181/TCP,2888/TCP,3888/TCP   10m
zookeeper-3   172.30.223.77  
2181/TCP,2888/TCP,3888/TCP   10m
[root@host-10-1-236-92 ~]# curl -kv zookeeper-1:3888
* Could not resolve host: zookeeper-1; Name or service not known
* Closing connection 0
curl: (6) Could not resolve host: zookeeper-1; Name or service not known
[root@host-10-1-236-92 ~]# curl -kv zookeeper-1.aura.svc:3888
* About to connect() to zookeeper-1.aura.svc port 3888 (#0)
*   Trying 172.30.64.134...
* Connected to zookeeper-1.aura.svc (172.30.64.134) port 3888 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: zookeeper-1.aura.svc:3888
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
[root@host-10-1-236-92 ~]# curl -kv zookeeper-2.aura.svc:3888
* About to connect() to zookeeper-2.aura.svc port 3888 (#0)
*   Trying 172.30.174.48...
* No route to host
* Failed connect to zookeeper-2.aura.svc:3888; No route to host
* Closing connection 0
curl: (7) Failed connect to zookeeper-2.aura.svc:3888; No route to host
[root@host-10-1-236-92 ~]# curl -kv zookeeper-3.aura.svc:3888
* About to connect() to zookeeper-3.aura.svc port 3888 (#0)
*   Trying 172.30.223.77...
* Connected to zookeeper-3.aura.svc (172.30.223.77) port 3888 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: zookeeper-3.aura.svc:3888
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer

The pods are running well.
How could I fix such problem?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Which branch of ansible playbook should be used when installing openshift origin 3.6?

[Yu Wei]

Hi，

I'm a little confused about which branch should be used during "advanced 
installation".

From document in https://github.com/openshift/openshift-ansible,  it seemed 
branch 3.6 should be used.


From doc 

 
https://docs.openshift.org/3.6/install_config/install/host_preparation.html#preparing-for-advanced-installations-origin,
 there is section as below,

Be sure to stay on the master branch of the openshift-ansible repository when 
running an advanced installation.


Which branch should I use during advanced installation?


Please help to clarify this.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: authentication required even for pulling images from private registry

[Yu Wei]

I fixed the problem by changing setting in registry console.

For my project, change the permissions to "Project access policy allows 
anonymous users to pull images. Grant additional push or admin access to 
specific members below."



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Łukasz Strzelec <lukasz.strze...@gmail.com>
Sent: Thursday, October 19, 2017 6:37:46 PM
To: Yu Wei
Cc: users@lists.openshift.redhat.com
Subject: Re: authentication required even for pulling images from private 
registry

Hello:)

I had the same issue. In our ENV we are obligated to use proxy server. Thus we 
put to inventory statements regarding proxy. We forgot to add registry to 
"noproxy" line.  The result was exactly as you pointed.

I hope this may help you or at least  guide to diffrent solution.

Best regards

2017-10-18 19:31 GMT+02:00 Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>>:

Hi,

I setup openshift origin cluster 3.6 and found a problem with private registry.

Image was failed to be pulled by work node with error as below,

rpc error: code = 2 desc = unauthorized: authentication required


However, the registry works well and I also could find the image via 
docker-console.

I installed the cluster via "Advanced installation". It seemed insecure 
registry is not enabled.


How could I check what's wrong in my env?



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Ł.S.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

回复: Re: authentication required even for pulling images from private registry

[Yu Wei]

Image and pods are in the same project.

Jared
Interested in cloud computing,big data processing,linux

2017年10月19日 上午4:39于 Joel Pearson <japear...@agiledigital.com.au>写道：
Is the image in a different project that which you’re trying to run it in?

Ie the image lives in project a and you’re trying to run the pod in project b

In that scenario you need to grant some sort of permissions (image-pull or 
something).
On Thu, 19 Oct 2017 at 4:32 am, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi,

I setup openshift origin cluster 3.6 and found a problem with private registry.

Image was failed to be pulled by work node with error as below,

rpc error: code = 2 desc = unauthorized: authentication required


However, the registry works well and I also could find the image via 
docker-console.

I installed the cluster via "Advanced installation". It seemed insecure 
registry is not enabled.


How could I check what's wrong in my env?



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
--
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277<tel:1300%20858%20277> | m: 0405 417 843 | w: 
agiledigital.com.au<http://agiledigital.com.au/>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

authentication required even for pulling images from private registry

[Yu Wei]

Hi,

I setup openshift origin cluster 3.6 and found a problem with private registry.

Image was failed to be pulled by work node with error as below,

rpc error: code = 2 desc = unauthorized: authentication required


However, the registry works well and I also could find the image via 
docker-console.

I installed the cluster via "Advanced installation". It seemed insecure 
registry is not enabled.


How could I check what's wrong in my env?



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Mount failed with dynamic provisioned persistent storage glusterfs

[Yu Wei]

Hi，

When trying to provision persistent storage dynamically, below errors was 
caught,

Events:
  FirstSeenLastSeenCountFromSubObjectPathType   
 ReasonMessage
  ---
-----
  5m5m1default-schedulerNormal
ScheduledSuccessfully assigned nginx-3783656783-wv69l to host-10-1-241-54
  5m1m10kubelet, host-10-1-241-54Warning
FailedMountMountVolume.SetUp failed for volume 
"kubernetes.io/glusterfs/ece1a4c4-a364-11e7-9b9b-fa163e3e1b52-pvc-777b1c98-a361-11e7-9b9b-fa163e3e1b52"
 (spec.Name: "pvc-777b1c98-a361-11e7-9b9b-fa163e3e1b52") pod 
"ece1a4c4-a364-11e7-9b9b-fa163e3e1b52" (UID: 
"ece1a4c4-a364-11e7-9b9b-fa163e3e1b52") with: glusterfs: mount failed: exit 
status 1 the following error information was pulled from the glusterfs log to 
help diagnose this issue: glusterfs: could not open log file for pod: 
nginx-3783656783-wv69l
  3m1m2kubelet, host-10-1-241-54Warning
FailedMountUnable to mount volumes for pod 
"nginx-3783656783-wv69l_ai-demo(ece1a4c4-a364-11e7-9b9b-fa163e3e1b52)": timeout 
expired waiting for volumes to attach/mount for pod 
"ai-demo"/"nginx-3783656783-wv69l". list of unattached/unmounted volumes=[html]


If I do not use dynamic provision, it works well.

It seemed that above error was thrown by function readGlusterLog().

https://github.com/openshift/origin/blob/85eb37b34f0657631592356d020cef5a58470f8e/vendor/k8s.io/kubernetes/pkg/volume/glusterfs/glusterfs_util.go


Is there any solution to work around this issue?

Or Did I miss anything?



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Problem about logging in openshift origin

[Yu Wei]

Hi Peter,

The storage is EmptyDir for es pods.

What's the meaning of aos-int-services? I only enabled logging feature during 
ansible installation.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Peter Portante <pport...@redhat.com>
Sent: Friday, September 15, 2017 7:20:18 PM
To: Yu Wei
Cc: users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com; 
aos-int-services
Subject: Re: Problem about logging in openshift origin



On Fri, Sep 15, 2017 at 6:10 AM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi,

I setup OpenShift origin 3.6 cluster successfully and enabled metrics and 
logging.

Metrics worked well and logging didn't worked.

Pod logging-es-data-master-lf6al5rb-5-deploy in logging frequently crashed with 
below logs,

--> Scaling logging-es-data-master-lf6al5rb-5 to 1
--> Waiting up to 10m0s for pods in rc logging-es-data-master-lf6al5rb-5 to 
become ready
error: update acceptor rejected logging-es-data-master-lf6al5rb-5: pods for rc 
"logging-es-data-master-lf6al5rb-5" took longer than 600 seconds to become ready


I didn't find other information. How could I debug such problem?

​Hi Yu,​

Added aos-int-services ...

​How many indices do you have in the Elasticsearch instance?

What is the storage configuration for the Elasticsearch pods?

​Regards, -peter




Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Problem about logging in openshift origin

[Yu Wei]

@Mateus Caruccio

I run the commands you mentioned and did not find any useful information.

It indicated that no pods named logging-es-data-master-lf6al5rb-5.

No event logs found either.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Mateus Caruccio <mateus.caruc...@getupcloud.com>
Sent: Friday, September 15, 2017 6:19:36 PM
To: Yu Wei
Cc: d...@lists.openshift.redhat.com; users
Subject: Re: Problem about logging in openshift origin

You can look into two places for clues.  The pod's log itself (oc -n logging 
logs -f logging-es-data-master-lf6al5rb-5) and project events (oc -n logging 
get events)

Em 15 de set de 2017 07:10, "Yu Wei" 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> escreveu:

Hi,

I setup OpenShift origin 3.6 cluster successfully and enabled metrics and 
logging.

Metrics worked well and logging didn't worked.

Pod logging-es-data-master-lf6al5rb-5-deploy in logging frequently crashed with 
below logs,

--> Scaling logging-es-data-master-lf6al5rb-5 to 1
--> Waiting up to 10m0s for pods in rc logging-es-data-master-lf6al5rb-5 to 
become ready
error: update acceptor rejected logging-es-data-master-lf6al5rb-5: pods for rc 
"logging-es-data-master-lf6al5rb-5" took longer than 600 seconds to become ready


I didn't find other information. How could I debug such problem?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Problem about logging in openshift origin

[Yu Wei]

Hi,

I setup OpenShift origin 3.6 cluster successfully and enabled metrics and 
logging.

Metrics worked well and logging didn't worked.

Pod logging-es-data-master-lf6al5rb-5-deploy in logging frequently crashed with 
below logs,

--> Scaling logging-es-data-master-lf6al5rb-5 to 1
--> Waiting up to 10m0s for pods in rc logging-es-data-master-lf6al5rb-5 to 
become ready
error: update acceptor rejected logging-es-data-master-lf6al5rb-5: pods for rc 
"logging-es-data-master-lf6al5rb-5" took longer than 600 seconds to become ready


I didn't find other information. How could I debug such problem?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Pushing image docker-registry.default.svc:5000/... failed

[Yu Wei]

It seemed svc name was not correct.

docker-registry.default.svc.cluster.local:5000


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: users-boun...@lists.openshift.redhat.com 
 on behalf of Bruno Vernay 

Sent: Friday, September 1, 2017 3:09:08 PM
To: users@lists.openshift.redhat.com
Subject: Pushing image docker-registry.default.svc:5000/... failed

Hi
I have a clean install, systemctl show no apparent errors, but when trying to 
build my first app it fails:
--
Writing lock file
Generating optimized autoload files
Pushing image docker-registry.default.svc:5000/picture-uploader/cam-cli:latest 
...
Warning: Push failed, retrying in 5s ...
...

Registry server Address:
Registry server User Name: serviceaccount
Registry server Email: 
serviceacco...@example.org
Registry server Password: <>
error: build error: Failed to push image: After retrying 6 times, Push image 
still failed
-

And I may have done something really wrong because
  oc logs dc/docker-registry
  Error from server: 
deploymentconfigs.apps.openshift.io 
"docker-registry" not found

I don't know where to look, any hint would be appreciated.  I just have a 
master and a node, I can recreate easily 
https://github.com/BrunoVernay/VM-images-packer

Thanks
Bruno
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Is that possible to deploy openshift on existing k8s cluster?

[Yu Wei]

Hi,

Now we have existing k8s cluster running workloads.

We also want to make use of features provided by Openshift Origin, for example 
DevOps etc.

Is that possible to integrate openshift origin with our existing k8s?


Any advice?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Question about Openshift origin DNS

[Yu Wei]

Hi Scott,

Thanks for your response.

My cluster infrastructure is as below,

10.1.241.54 lb

10.1.236.92/93  master

10.1.241.55/56  work nodes

All the machines are VMs provisioned by OpenStack.

I tried to run "dig redis-svc.redis.svc.cluster.local" on all the nodes.

The instruction failed on node 10.1.236.92.  But service dnsmasq is running on 
the host node.

Why did the instruction only fail on this node?


Another question is about dns name of the container.

In my test case, there is one pod which has two containers named "master" and 
"sentinel".

[root@host-10-1-236-93 ~]# oc get pods -n redis -o wide
NAME READY STATUSRESTARTS   AGE   IP
   NODE
sb-2017-redis-master-qp13j   2/2   Running   0  14m   
10.130.0.3   host-10-1-241-55
And following operations failed with error reason "connection timed out; no 
servers could be reached".

dig sb-2017-redis-master-qp13j.redis.cluster.local

dig master.sb-2017-redis-master-qp13j.redis.cluster.local

dig master.sb-2017-redis-master-qp13j.cluster.local

dig master.redis.cluster.local


Could containers be find by dns name with the format ..cluster.local?


I followed the document via 
https://docs.openshift.org/1.5/architecture/additional_concepts/networking.html.

Is there any misunderstanding about this?

However, it seems that dns name of svc and endpoints works for me.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Scott Dodson <sdod...@redhat.com>
Sent: Monday, August 21, 2017 9:10:44 PM
To: Yu Wei
Cc: users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: Question about Openshift origin DNS

10.1.241.55 should be the IP address of the node and dnsmasq should be running 
on the node which will route queries for 'cluster.local' to the appropriate 
place. Can you check on dnsmasq on the node?

On Mon, Aug 21, 2017 at 6:38 AM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi,

I setup Openshift Origin 1.5 with openvswitch network plugin.

It seemed that dns server setup was not properly within pod.

services, endpoints couldn't be reached by name.

Within pod, /etc/resolv.conf contains following content,

root@sb-2017-redis-master-w7g44:/data# cat /etc/resolv.conf
search redis.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.1.241.55
options ndots:5


Then I added "172.30.0.1" to /etc/resolv.conf as below,

root@sb-2017-redis-master-w7g44:/data# cat /etc/resolv.conf
search redis.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.1.241.55
options ndots:5
nameserver 172.30.0.1


Then services, endpoints could be found by dns name.

So why is "nameserver 172.30.0.1" not added to /etc/resolv.conf automatically?

Did I missed anything when setup cluster?



[root@host-10-1-236-92 gluster]# dig redis-svc.redis.svc.cluster.local

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> redis-svc.redis.svc.cluster.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4207
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;redis-svc.redis.svc.cluster.local. INA

;; ANSWER SECTION:
redis-svc.redis.svc.cluster.local. 30 IN A172.30.4.92

;; Query time: 2 msec
;; SERVER: 172.30.0.1#53(172.30.0.1)
;; WHEN: Mon Aug 21 18:48:50 CST 2017
;; MSG SIZE  rcvd: 67

[root@host-10-1-236-92 gluster]# dig redis-svc.redis.endpoints.cluster.local

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> 
redis-svc.redis.endpoints.cluster.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19434
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;redis-svc.redis.endpoints.cluster.local. IN A

;; ANSWER SECTION:
redis-svc.redis.endpoints.cluster.local. 30 IN A 10.130.0.2

;; Query time: 5 msec
;; SERVER: 172.30.0.1#53(172.30.0.1)
;; WHEN: Mon Aug 21 18:49:05 CST 2017
;; MSG SIZE  rcvd: 73







Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Question about Openshift origin DNS

[Yu Wei]

Hi,

I setup Openshift Origin 1.5 with openvswitch network plugin.

It seemed that dns server setup was not properly within pod.

services, endpoints couldn't be reached by name.

Within pod, /etc/resolv.conf contains following content,

root@sb-2017-redis-master-w7g44:/data# cat /etc/resolv.conf
search redis.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.1.241.55
options ndots:5


Then I added "172.30.0.1" to /etc/resolv.conf as below,

root@sb-2017-redis-master-w7g44:/data# cat /etc/resolv.conf
search redis.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.1.241.55
options ndots:5
nameserver 172.30.0.1


Then services, endpoints could be found by dns name.

So why is "nameserver 172.30.0.1" not added to /etc/resolv.conf automatically?

Did I missed anything when setup cluster?



[root@host-10-1-236-92 gluster]# dig redis-svc.redis.svc.cluster.local

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> redis-svc.redis.svc.cluster.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4207
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;redis-svc.redis.svc.cluster.local. INA

;; ANSWER SECTION:
redis-svc.redis.svc.cluster.local. 30 IN A172.30.4.92

;; Query time: 2 msec
;; SERVER: 172.30.0.1#53(172.30.0.1)
;; WHEN: Mon Aug 21 18:48:50 CST 2017
;; MSG SIZE  rcvd: 67

[root@host-10-1-236-92 gluster]# dig redis-svc.redis.endpoints.cluster.local

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> 
redis-svc.redis.endpoints.cluster.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19434
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;redis-svc.redis.endpoints.cluster.local. IN A

;; ANSWER SECTION:
redis-svc.redis.endpoints.cluster.local. 30 IN A 10.130.0.2

;; Query time: 5 msec
;; SERVER: 172.30.0.1#53(172.30.0.1)
;; WHEN: Mon Aug 21 18:49:05 CST 2017
;; MSG SIZE  rcvd: 73







Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

When should dnsmasq be disabled?

[Yu Wei]

Hi,

I setup openshift origin cluster with dnsmasq enabled.

I found that within cluster dns didn't function correctly.

For example, within pod, "nameserver 172.30.0.1" was not added in 
/etc/resolv.conf.

And service names, endpoints couldn't be resolved.


After setting openshift_use_dnsmasq = false and reinstalled cluster, it seemed 
that dns started to work.

Why should openshift_use_dnsmasq be set to false?


I also read the documentation in below link.

https://docs.openshift.org/1.2/install_config/install/prerequisites.html#prereq-dns


I'm still not quite understand when dnsmasq should be disabled.

"for example, if your /etc/resolv.conf is managed by a configuration tool other 
than NetworkManager".

I setup openshift origin cluster on VMs provisioned by openstack.

For my environments, should I disable dnsmasq? Or did I make any improper 
configurations?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: questions about externalIP usage

[Yu Wei]

Hi Erik,

I configured "externalIPs" with cluster setup using flannel but it didn't work.

Then I reinstalled cluster with openvswitch. This time "externalIP" worked.


Is openvwitch suggested network plugin for openshift origin?

I deployed same application in k8s cluster and it worked.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Erik Jacobs <ejac...@redhat.com>
Sent: Wednesday, August 16, 2017 8:16:07 AM
To: Yu Wei
Cc: users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: questions about externalIP usage

Hi Jared,

Did you previously configure the cluster for externalip usage?

https://docs.openshift.org/latest/admin_guide/tcp_ingress_external_ports.html

---

ERIK JACOBS

PRINCIPAL TECHNICAL MARKETING MANAGER, OPENSHIFT

Red Hat Inc<https://www.redhat.com/>

ejac...@redhat.com<mailto:ejac...@redhat.com>M: 
646.462.3745 @: erikonopen

[https://www.redhat.com/files/brand/email/sig-redhat.png]<https://red.ht/sig>
TRIED. TESTED. TRUSTED.<https://redhat.com/trusted>


On Thu, Aug 10, 2017 at 4:12 AM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi guys,

I deployed redis with replication controller successfully on openshift origin 
cluster.

Then I tried to create service for external clients to connect.

However, it seemed that it didn't work.

How could I debug similar problem? Is there any guidance about using externalIP 
in openshift?


The detailed information is as below,

[root@host-10-1-236-92 gluster]# oc get svc
NAMECLUSTER-IP EXTERNAL-IP   
PORT(S)  AGE
glusterfs-cluster   172.30.6.143   1/TCP  
  1d
redis-svc   172.30.51.20   10.1.236.92,10.1.236.93,10.1.241.55   
26379/TCP,6379/TCP   24m
[root@host-10-1-236-92 gluster]# oc describe svc redis-svc
Name:redis-svc
Namespace:openshiift-servicebroker
Labels:
Selector:sb-2017-redis-master=master
Type:ClusterIP
IP:172.30.51.20
Port:redis-sen26379/TCP
Endpoints:172.30.41.5:26379<http://172.30.41.5:26379>
Port:redis-master6379/TCP
Endpoints:172.30.41.5:6379<http://172.30.41.5:6379>
Session Affinity:None
No events.
[root@host-10-1-236-92 gluster]# cat redis-master-svc.yaml
---
kind: Service
apiVersion: v1
metadata:
  name: redis-svc
spec:
selector:
  sb-2017-redis-master: master
ports:
  - name: redis-sen
protocol: TCP
port: 26379
targetPort: 26379
  - name: redis-master
protocol: TCP
port: 6379
targetPort: 6379
externalIPs:
  -  10.1.236.92
  -  10.1.236.93
  -  10.1.241.55



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
dev mailing list
d...@lists.openshift.redhat.com<mailto:d...@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: HAProxy not running on master

[Yu Wei]

Yes, I set master as work nodes and as infra nodes.

Thanks for your help. I understood this concept now.



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Akram Ben Aissi <akram.benai...@gmail.com>
Sent: Tuesday, August 15, 2017 7:11:03 PM
To: Yu Wei
Cc: users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: HAProxy not running on master

Hi Yui,

the masters runs the OpenShift API and web console on port 8443. OpenShift CLI 
or nodes communicates with master on this port.
OpenShift router are not really supposed to run on masters, unless you set your 
masters also as nodes, and specifically as infra nodes (region=infra)

If you do so, then, indeed, you will have an additional HAProxy process running 
on masters and listening on ports 80 and 443.




On 15 August 2017 at 12:47, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi,


I setup cluster with 1 lb, 2 masters and 2 work nodes.

On host lb, haproxy service and openshift_loadbalancer was running.

On master node, I found that haproxy was failed to start. And 
openshift/origin-haproxy-router was running with container name 
k8s_router.xxx.

I also observed that on that master node many connections was established via 
port 8443.


Is this expected behavior? Or anything goes wrong?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
dev mailing list
d...@lists.openshift.redhat.com<mailto:d...@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Different behavior between installing openshift origin with openvswitch and flannel

[Yu Wei]

Hi guys,

I tried to get external traffic into openshift origin cluster using 
nodeport/externalIPs.

When I setup openshift cluster with flannel, exposing service with 
nodeport/externalIPs did not work.

When switched to openvswitch, both worked.


Is this expected behavior? Or did I miss anything?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Only one node in cluster is accessible using nodeport

[Yu Wei]

Hi guys,

I deployed service with nodeport to get external traffic into openshift origin 
cluster.

On each node, I found that local port was listened.

However, only one node could be accessed through nodeport by external client 
and it worked well.

I compared configuration on each node. It's a pity I found nothing.

How could I debug such issues?

Any advice about this?


Below is the service output.

[root@host-10-1-236-92 ~]# oc describe svc redis-svc
Name:redis-svc
Namespace:openshiift-servicebroker
Labels:
Selector:sb-2017-redis-master=master
Type:NodePort
IP:172.30.160.86
Port:redis-sen26379/TCP
NodePort:redis-sen31626/TCP
Endpoints:172.30.77.2:26379
Port:redis-master6379/TCP
NodePort:redis-master30630/TCP
Endpoints:172.30.77.2:6379
Session Affinity:None
No events.



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: questions about externalIP usage

[Yu Wei]

Hi phil,
Thanks for guidance.
However, I'm still a little confused about section "Service externalIPs" in 
your link.


networkConfig:
  ExternalIPNetworkCIDR: 172.47.0.0/24

Above CIDR is the VIP you mentioned in previous mail.

And variable "externalIPs" is the real IP addresses of the host node.

Is my understanding right?

It seems that feature of "externalIPs" in openshift is a little different from 
that of kubernetes.




Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux



From: users-boun...@lists.openshift.redhat.com 
<users-boun...@lists.openshift.redhat.com> on behalf of Phil Cameron 
<pcame...@redhat.com>
Sent: Thursday, August 10, 2017 9:05 PM
To: users@lists.openshift.redhat.com
Subject: Re: questions about externalIP usage

Jared,

Openshift exposes the ExternalIP and you have to associate it with a NIC to use 
it. We usually do this by making it a VIP in a high availability configuration. 
You also need to route to the node.

Something like:
ip addr add 10.252.0.28/24 dev em2
on one of the nodes in the cluster should work.

The following my help as well:
https://docs.openshift.com/container-platform/3.6/admin_guide/tcp_ingress_external_ports.html

phil


On 08/10/2017 04:12 AM, Yu Wei wrote:

Hi guys,

I deployed redis with replication controller successfully on openshift origin 
cluster.

Then I tried to create service for external clients to connect.

However, it seemed that it didn't work.

How could I debug similar problem? Is there any guidance about using externalIP 
in openshift?


The detailed information is as below,

[root@host-10-1-236-92 gluster]# oc get svc
NAMECLUSTER-IP EXTERNAL-IP   
PORT(S)  AGE
glusterfs-cluster   172.30.6.143   1/TCP  
  1d
redis-svc   172.30.51.20   10.1.236.92,10.1.236.93,10.1.241.55   
26379/TCP,6379/TCP   24m
[root@host-10-1-236-92 gluster]# oc describe svc redis-svc
Name:redis-svc
Namespace:openshiift-servicebroker
Labels:
Selector:sb-2017-redis-master=master
Type:ClusterIP
IP:172.30.51.20
Port:redis-sen26379/TCP
Endpoints:172.30.41.5:26379
Port:redis-master6379/TCP
Endpoints:172.30.41.5:6379
Session Affinity:None
No events.
[root@host-10-1-236-92 gluster]# cat redis-master-svc.yaml
---
kind: Service
apiVersion: v1
metadata:
  name: redis-svc
spec:
selector:
  sb-2017-redis-master: master
ports:
  - name: redis-sen
protocol: TCP
port: 26379
targetPort: 26379
  - name: redis-master
protocol: TCP
port: 6379
targetPort: 6379
externalIPs:
  -  10.1.236.92
  -  10.1.236.93
  -  10.1.241.55



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux



___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

questions about externalIP usage

[Yu Wei]

Hi guys,

I deployed redis with replication controller successfully on openshift origin 
cluster.

Then I tried to create service for external clients to connect.

However, it seemed that it didn't work.

How could I debug similar problem? Is there any guidance about using externalIP 
in openshift?


The detailed information is as below,

[root@host-10-1-236-92 gluster]# oc get svc
NAMECLUSTER-IP EXTERNAL-IP   
PORT(S)  AGE
glusterfs-cluster   172.30.6.143   1/TCP  
  1d
redis-svc   172.30.51.20   10.1.236.92,10.1.236.93,10.1.241.55   
26379/TCP,6379/TCP   24m
[root@host-10-1-236-92 gluster]# oc describe svc redis-svc
Name:redis-svc
Namespace:openshiift-servicebroker
Labels:
Selector:sb-2017-redis-master=master
Type:ClusterIP
IP:172.30.51.20
Port:redis-sen26379/TCP
Endpoints:172.30.41.5:26379
Port:redis-master6379/TCP
Endpoints:172.30.41.5:6379
Session Affinity:None
No events.
[root@host-10-1-236-92 gluster]# cat redis-master-svc.yaml
---
kind: Service
apiVersion: v1
metadata:
  name: redis-svc
spec:
selector:
  sb-2017-redis-master: master
ports:
  - name: redis-sen
protocol: TCP
port: 26379
targetPort: 26379
  - name: redis-master
protocol: TCP
port: 6379
targetPort: 6379
externalIPs:
  -  10.1.236.92
  -  10.1.236.93
  -  10.1.241.55



Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Question about router usage

[Yu Wei]

Hi guys,

How could I expose services using TCP/UDP protocols to external clients?

Could router be used?

For example, I want to deploy redis cluster in openshift cluster.

Redis cluster is using TCP protocol and listening on port 6379.

Could I expose redis service port 6379 with router?

If not, how could I expose the service to external clients?

Could I use nodePort provided by k8s or other advice?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: How could I deploy redis cluster on openshift origin cluster?

[Yu Wei]

Thanks for the information.

I want to deploy redis cluster rather than single instance.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Graham Dumpleton <gdump...@redhat.com>
Sent: Monday, July 24, 2017 11:36:08 AM
To: Yu Wei
Cc: users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: How could I deploy redis cluster on openshift origin cluster?

See:

https://github.com/sclorg/redis-container

The image can be found at:

https://hub.docker.com/r/centos/redis-32-centos7/

Graham


On 24 Jul 2017, at 1:26 PM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi,
I want to deploy redis cluster on openshfit origin cluster.
Is there any images, deployment that could be used?

Thanks,
Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

How could I deploy redis cluster on openshift origin cluster?

[Yu Wei]

Hi,

I want to deploy redis cluster on openshfit origin cluster.

Is there any images, deployment that could be used?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

openshift origin 1.2 doesn't compatible with docker 1.9

[Yu Wei]

Hi guys,

I tried to setup openshift origin cluster 1.2 with docker 1.9.

However, it seemed they're not compatible.

The failure is as below,

RUNNING HANDLER [openshift_node : restart node] 
***
fatal: [host-10-1-236-93]: FAILED! => {"changed": false, "failed": true, "msg": 
"Unable to restart service origin-node: Job for origin-node.service failed 
because the control process exited with error code. See \"systemctl status 
origin-node.service\" and \"journalctl -xe\" for details.\n"}


The root cause is that docker 1.9 doesn't support volume mode "rslave". 
However, node service configuration as follows,

ExecStart=/usr/bin/docker run --name origin-node --rm --privileged --net=host 
--pid=host --env-file=/etc/sysconfig/origin-node -v /:/rootfs:ro,rslave -e 
CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e 
HOST_ETC=/host-etc -v /var/lib/origin:/var/lib/origin -v 
/etc/origin/node:/etc/origin/node -v /etc/localtime:/etc/localtime:ro -v 
/etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v 
/sys/fs/cgroup:/sys/fs/cgroup:rw -v /usr/bin/docker:/usr/bin/docker:ro -v 
/var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v 
/etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn 
-v /var/lib/cni:/var/lib/cni -v /etc/systemd/system:/host-etc/systemd/system -v 
/var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS -v 
/etc/pki:/etc/pki:ro openshift/node:${IMAGE_VERSION}


Any advice to workaround this problem? Or is this real issue need to be fixed?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Docker related issues when installing openshift origin 1.5 on Redhat 7.2

[Yu Wei]

Thanks for the information.

I missed this section when I read the documentation.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Scott Dodson <sdod...@redhat.com>
Sent: Friday, July 21, 2017 9:52:57 PM
To: Yu Wei
Cc: Łukasz Strzelec; users@lists.openshift.redhat.com; 
d...@lists.openshift.redhat.com
Subject: Re: Docker related issues when installing openshift origin 1.5 on 
Redhat 7.2

For RHEL this section of the documentation should cover all of the registration 
and repo requirements
https://docs.openshift.com/container-platform/3.5/install_config/install/host_preparation.html#host-registration

For Centos I think this will work, but the repo should be enabled by default 
already.
yum-config-manager --enable extras

On Fri, Jul 21, 2017 at 9:28 AM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi Scott,

Yes, repo used for installing docker is from 
yum.dockerproject.com<http://yum.dockerproject.com>.

Another basic question is how could I enable RHEL docker repo to install docker.

I'm not familiar with redhat.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Scott Dodson <sdod...@redhat.com<mailto:sdod...@redhat.com>>
Sent: Friday, July 21, 2017 9:07:01 PM
To: Łukasz Strzelec
Cc: Yu Wei; 
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>; 
d...@lists.openshift.redhat.com<mailto:d...@lists.openshift.redhat.com>
Subject: Re: Docker related issues when installing openshift origin 1.5 on 
Redhat 7.2

You have docker from the upstream repos installed and unfortunately we're not 
compatible with their packaging. Please use docker from rhel/centos/fedora 
repos. You may have to enable the extras repo if it's not currently enabled and 
remove all docker packages before retrying.


--
Scott

On Fri, Jul 21, 2017 at 6:40 AM, Łukasz Strzelec 
<lukasz.strze...@gmail.com<mailto:lukasz.strze...@gmail.com>> wrote:
Hello :)
Can you share with us your inventory file?
Openshift provides several additional variables realted to your issue, see 
below:

# Specify exact version of Docker to configure or upgrade to.
# Downgrades are not supported and will error out. Be careful when upgrading 
docker from < 1.10 to > 1.10.
# docker_version="1.12.1"

# Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker 
version alone.
# docker_upgrade=False

Best regards

2017-07-19 11:52 GMT+02:00 Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>>:

Hi guys,

I tried to install openshift origin 1.5 on Redhat with docker 1.12.6 installed 
on each host.

However, it seeded that ansible tried to install docker 1.9 instead of using 
1.12.6.

Is this expected behavior? If not, how could I fix such problem?

The detailed error is as below,


TASK [docker : Error out if attempting to upgrade Docker across the 1.10 
boundary] 
skipping: [host-10-1-236-92]

TASK [docker : Install Docker] 

fatal: [host-10-1-236-92]: FAILED! => {"changed": true, "failed": true, "msg": 
"Error: docker-engine conflicts with 
docker-1.9.1-25.1.origin.el7.x86_64\nError: docker-engine-selinux conflicts 
with docker-selinux-1.9.1-25.1.origin.el7.x86_64\n", "rc": 1, "results": 
["Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-\n 
 : manager\nThis system is not registered to Red Hat Subscription 
Management. You can use subscription-manager to register.\nResolving 
Dependencies\n--> Running transaction check\n---> Package docker.x86_64 
0:1.9.1-25.1.origin.el7 will be installed\n--> Processing Dependency: 
docker-forward-journald = 1.9.1-25.1.origin.el7 for package: 
docker-1.9.1-25.1.origin.el7.x86_64\n--> Processing Dependency: docker-selinux 
>= 1.9.1-25.1.origin.el7 for package: docker-1.9.1-25.1.origin.el7.x86_64\n--> 
Running transaction check\n---> Package docker-forward-journald.x86_64 
0:1.9.1-25.1.origin.el7 will be installed\n---> Package docker-selinux.x86_64 
0:1.9.1-25.1.origin.el7 will be installed\n--> Processing Conflict: 
docker-engine-1.12.6-1.el7.centos.x86_64 conflicts docker\n--> Processing 
Conflict: docker-engine-1.12.6-1.el7.centos.x86_64 conflicts docker-io\n--> 
Processing Conflict: docker-engine-selinux-1.12.6-1.el7.centos.noarch conflicts 
docker-selinux\n--> Finished Dependency Resolution\n You could try using 
--skip-broken to work around the problem\n You could try running: rpm -Va 
--nofiles --nodigest\n"]}
to retry, use: --limit 
@/root/openshift/openshift-ansible/playbooks/byo/config.r

Re: Etcd issue during openshift origin installation

[Yu Wei]

The version is as below,

[root@os-lb openshift-ansible]# git describe
openshift-ansible-3.6.143-1-5-g9c2d567
[root@os-lb openshift-ansible]# rpm -q ansible
ansible-2.3.1.0-1.el7.noarch


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Scott Dodson <sdod...@redhat.com>
Sent: Friday, July 21, 2017 9:05:35 PM
To: Yu Wei
Cc: users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: Etcd issue during openshift origin installation

etcd will run inside a container but in the past we've installed etcd so that 
the host has etcdctl command available to it to perform backups however i think 
the current code should run the backup inside a container too.

Can you let me know which version of openshift-ansible you have? either `rpm -q 
openshift-ansible` if your installer came from rpms or `git describe` in your 
github clone if you've cloned it from github.

Thanks,
Scott

On Fri, Jul 21, 2017 at 4:54 AM, Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>> wrote:

Hi guys,

I tried to setup openshift origin cluster using "Advanced Installation".

In file hosts, I added following variables,

containerized=true

osm_etcd_image=registry.access.redhat.com/rhel7/etcd<http://registry.access.redhat.com/rhel7/etcd>

Per my understanding, etcd will run in docker container.
However, during installation, I got following error?
TASK [etcd_common : Install etcd for etcdctl] 
*
fatal: [host-10-1-236-92]: FAILED! => {"changed": false, "failed": true, "msg": 
"No package matching 'etcd' found available, installed or updated", "rc": 126, 
"results": ["No package matching 'etcd' found available, installed or updated"]}

After installing etcd RPM packages manually on nodes, installation process 
continued.


What's the functionality of ectd here? Is it running in docker container?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Docker related issues when installing openshift origin 1.5 on Redhat 7.2

[Yu Wei]

Hi Scott,

Yes, repo used for installing docker is from yum.dockerproject.com.

Another basic question is how could I enable RHEL docker repo to install docker.

I'm not familiar with redhat.


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux


From: Scott Dodson <sdod...@redhat.com>
Sent: Friday, July 21, 2017 9:07:01 PM
To: Łukasz Strzelec
Cc: Yu Wei; users@lists.openshift.redhat.com; d...@lists.openshift.redhat.com
Subject: Re: Docker related issues when installing openshift origin 1.5 on 
Redhat 7.2

You have docker from the upstream repos installed and unfortunately we're not 
compatible with their packaging. Please use docker from rhel/centos/fedora 
repos. You may have to enable the extras repo if it's not currently enabled and 
remove all docker packages before retrying.


--
Scott

On Fri, Jul 21, 2017 at 6:40 AM, Łukasz Strzelec 
<lukasz.strze...@gmail.com<mailto:lukasz.strze...@gmail.com>> wrote:
Hello :)
Can you share with us your inventory file?
Openshift provides several additional variables realted to your issue, see 
below:

# Specify exact version of Docker to configure or upgrade to.
# Downgrades are not supported and will error out. Be careful when upgrading 
docker from < 1.10 to > 1.10.
# docker_version="1.12.1"

# Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker 
version alone.
# docker_upgrade=False

Best regards

2017-07-19 11:52 GMT+02:00 Yu Wei 
<yu20...@hotmail.com<mailto:yu20...@hotmail.com>>:

Hi guys,

I tried to install openshift origin 1.5 on Redhat with docker 1.12.6 installed 
on each host.

However, it seeded that ansible tried to install docker 1.9 instead of using 
1.12.6.

Is this expected behavior? If not, how could I fix such problem?

The detailed error is as below,


TASK [docker : Error out if attempting to upgrade Docker across the 1.10 
boundary] 
skipping: [host-10-1-236-92]

TASK [docker : Install Docker] 

fatal: [host-10-1-236-92]: FAILED! => {"changed": true, "failed": true, "msg": 
"Error: docker-engine conflicts with 
docker-1.9.1-25.1.origin.el7.x86_64\nError: docker-engine-selinux conflicts 
with docker-selinux-1.9.1-25.1.origin.el7.x86_64\n", "rc": 1, "results": 
["Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-\n 
 : manager\nThis system is not registered to Red Hat Subscription 
Management. You can use subscription-manager to register.\nResolving 
Dependencies\n--> Running transaction check\n---> Package docker.x86_64 
0:1.9.1-25.1.origin.el7 will be installed\n--> Processing Dependency: 
docker-forward-journald = 1.9.1-25.1.origin.el7 for package: 
docker-1.9.1-25.1.origin.el7.x86_64\n--> Processing Dependency: docker-selinux 
>= 1.9.1-25.1.origin.el7 for package: docker-1.9.1-25.1.origin.el7.x86_64\n--> 
Running transaction check\n---> Package docker-forward-journald.x86_64 
0:1.9.1-25.1.origin.el7 will be installed\n---> Package docker-selinux.x86_64 
0:1.9.1-25.1.origin.el7 will be installed\n--> Processing Conflict: 
docker-engine-1.12.6-1.el7.centos.x86_64 conflicts docker\n--> Processing 
Conflict: docker-engine-1.12.6-1.el7.centos.x86_64 conflicts docker-io\n--> 
Processing Conflict: docker-engine-selinux-1.12.6-1.el7.centos.noarch conflicts 
docker-selinux\n--> Finished Dependency Resolution\n You could try using 
--skip-broken to work around the problem\n You could try running: rpm -Va 
--nofiles --nodigest\n"]}
to retry, use: --limit 
@/root/openshift/openshift-ansible/playbooks/byo/config.retry

PLAY RECAP 

host-10-1-236-92   : ok=59   changed=6unreachable=0failed=1




Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users




--
Łukasz Strzelec
Sr. DevOps Expert / Product Owner of XaaS platform at ING Services Polska

___
users mailing list
users@lists.openshift.redhat.com<mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Etcd issue during openshift origin installation

[Yu Wei]

Hi guys,

I tried to setup openshift origin cluster using "Advanced Installation".

In file hosts, I added following variables,

containerized=true

osm_etcd_image=registry.access.redhat.com/rhel7/etcd

Per my understanding, etcd will run in docker container.
However, during installation, I got following error?
TASK [etcd_common : Install etcd for etcdctl] 
*
fatal: [host-10-1-236-92]: FAILED! => {"changed": false, "failed": true, "msg": 
"No package matching 'etcd' found available, installed or updated", "rc": 126, 
"results": ["No package matching 'etcd' found available, installed or updated"]}

After installing etcd RPM packages manually on nodes, installation process 
continued.


What's the functionality of ectd here? Is it running in docker container?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Docker related issues when installing openshift origin 1.5 on Redhat 7.2

[Yu Wei]

Hi guys,

I tried to install openshift origin 1.5 on Redhat with docker 1.12.6 installed 
on each host.

However, it seeded that ansible tried to install docker 1.9 instead of using 
1.12.6.

Is this expected behavior? If not, how could I fix such problem?

The detailed error is as below,


TASK [docker : Error out if attempting to upgrade Docker across the 1.10 
boundary] 
skipping: [host-10-1-236-92]

TASK [docker : Install Docker] 

fatal: [host-10-1-236-92]: FAILED! => {"changed": true, "failed": true, "msg": 
"Error: docker-engine conflicts with 
docker-1.9.1-25.1.origin.el7.x86_64\nError: docker-engine-selinux conflicts 
with docker-selinux-1.9.1-25.1.origin.el7.x86_64\n", "rc": 1, "results": 
["Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-\n 
 : manager\nThis system is not registered to Red Hat Subscription 
Management. You can use subscription-manager to register.\nResolving 
Dependencies\n--> Running transaction check\n---> Package docker.x86_64 
0:1.9.1-25.1.origin.el7 will be installed\n--> Processing Dependency: 
docker-forward-journald = 1.9.1-25.1.origin.el7 for package: 
docker-1.9.1-25.1.origin.el7.x86_64\n--> Processing Dependency: docker-selinux 
>= 1.9.1-25.1.origin.el7 for package: docker-1.9.1-25.1.origin.el7.x86_64\n--> 
Running transaction check\n---> Package docker-forward-journald.x86_64 
0:1.9.1-25.1.origin.el7 will be installed\n---> Package docker-selinux.x86_64 
0:1.9.1-25.1.origin.el7 will be installed\n--> Processing Conflict: 
docker-engine-1.12.6-1.el7.centos.x86_64 conflicts docker\n--> Processing 
Conflict: docker-engine-1.12.6-1.el7.centos.x86_64 conflicts docker-io\n--> 
Processing Conflict: docker-engine-selinux-1.12.6-1.el7.centos.noarch conflicts 
docker-selinux\n--> Finished Dependency Resolution\n You could try using 
--skip-broken to work around the problem\n You could try running: rpm -Va 
--nofiles --nodigest\n"]}
to retry, use: --limit 
@/root/openshift/openshift-ansible/playbooks/byo/config.retry

PLAY RECAP 

host-10-1-236-92   : ok=59   changed=6unreachable=0failed=1




Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Why openshift requires DNS server

[Yu Wei]

Hi,

I'm learning OpenShift by setting up cluster with VMs.

From the document, some content about DNS is as below,

OpenShift Origin requires a fully functional DNS server in the environment. 
This is ideally a separate host running DNS software and can provide name 
resolution to hosts and containers running on the platform.


Why does separate dns server need? Could kub-dns be used?


Thanks,

Jared, (韦煜）
Software developer
Interested in open source software, big data, Linux
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users