Re: Openshift Origin builds for CVE-2018-1002105

2018-12-06 Thread Mateus Caruccio
On top of that is anyone here building publicly accessible rpms/srpms? Em Qui, 6 de dez de 2018 07:36, Gowtham Sundara < gowtham.sund...@rapyuta-robotics.com escreveu: > Hello, > The RPMs for Openshift origin need to be updated because of the recent > vulnerability. Is there a release schedule

Re: Audit logs can be written

2018-08-20 Thread Mateus Caruccio
Thanks, Aleks. The first solution works fine. The second one seems a little bit odd IMHO. Have a nice week. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018-08-15 17:21 GMT-03:00 Aleksandar Lazic : > Hi. > > I'm pr

Update HostSubnets

2018-08-09 Thread Mateus Caruccio
Is it possible to increase or decrease by simply changing master config's networkConfig.clusterNetworks.hostSubnetLength and restarting all nodes? I'm trying to have more IPs per namespace. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool

Re: Kubelet/node nice level

2018-07-01 Thread Mateus Caruccio
Got it. So now I just need to fix my scripts. Thanks for clarifying. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018-07-01 14:18 GMT-03:00 Clayton Coleman : > That’s the one the installer lays down. Ansible has never u

Re: Kubelet/node nice level

2018-07-01 Thread Mateus Caruccio
art origin-node* # ps ax -o pid,nice,comm|grep openshift 4994 0 openshift 5036 -5 openshift The question now is: where /etc/systemd/system/origin-node.service comes from? -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018

Re: Kubelet/node nice level

2018-06-30 Thread Mateus Caruccio
openshift ​ -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018-06-30 17:01 GMT-03:00 Clayton Coleman : > Maybe double check that systemd sees the Nice parameter with systemctl cat > origin-node > > On Jun 30, 2018

Re: Kubelet/node nice level

2018-06-30 Thread Mateus Caruccio
r/lib/systemd/system/origin-node.service section: Service option: Nice value: -5 backup: yes tags: - post-install -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018-06-30 15:03 GMT-03:00 Clayton Colema

Kubelet/node nice level

2018-06-29 Thread Mateus Caruccio
and reloading both daemon and unit, openshift node process still runs with nice=0. What am I missing? [1]: https://github.com/openshift/origin/blob/83ac5ae6a7d635ae67b1be438d85c339500fd65b/pkg/cmd/server/start/start_node.go#L433 [2]: https://linux.die.net/man/3/execve -- Mateus Caruccio / Master

Re: Any alternative to "oc adm policy add-scc-to-user" ?

2018-05-24 Thread Mateus Caruccio
AFAIK there is nothing special on `oc adm`. It's just a regular rest client for the API. Also, SCC exists only on openshift. Am I missing something here? -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018-05-24 18:35 GMT-03:00

Re: Any alternative to "oc adm policy add-scc-to-user" ?

2018-05-24 Thread Mateus Caruccio
Hey, you could use oc's --loglevel=N to see the exact HTTP request/response flow with the api and adapt it to your need. I believe a level of 8 should be enough. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018-05-24 18:16

Re: Hawkular metrics returns Forbiden

2018-01-16 Thread Mateus Caruccio
I was using :v3.7.0-rc.0 but switching to :latest solves the problem. Is 3.6.1 fixed too? -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018-01-16 11:59 GMT-02:00 Matthew Wringe <mwri...@redhat.com>: > Are

Re: Hawkular metrics returns Forbiden

2018-01-16 Thread Mateus Caruccio
Hey guys, any news on this? Tnx -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2017-10-05 18:35 GMT-03:00 Mateus Caruccio <mateus.caruc...@getupcloud.com>: > Hey Matt, any update on this? > > -- > Mateus

Azure cloud provider - error adding nodes

2018-01-12 Thread Mateus Caruccio
/configuring_azure.html -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

Re: origin v3.7.0 images at docker.io

2017-12-19 Thread Mateus Caruccio
Sorry I was not specific enougth. I meant images for origin-metrics-{hawkular-metrics,cassandra,heapster}. AFAIR there was an issue with auth for hawkular on v3.6... -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2017-12-19 12

Re: SCC privileged not applying

2017-12-19 Thread Mateus Caruccio
Makes sense. Thanks for your clarification ;) -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2017-12-19 4:48 GMT-02:00 Weiwei Jiang <wji...@redhat.com>: > Hi: > > I think you make some misunderstanding

Re: origin v3.7.0 images at docker.io

2017-12-19 Thread Mateus Caruccio
Hey, is there any prevision for when will 3.7.0 be released? tnx -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2017-11-21 16:54 GMT-02:00 Clayton Coleman <ccole...@redhat.com>: > We haven't cut 3.7.0 yet in origi

SCC privileged not applying

2017-12-18 Thread Mateus Caruccio
nt:aws-logging-fluentd:aws-logging-fluentd - system:serviceaccount:logging-test-deploy:aws-logging-fluentd - system:serviceaccount:default:logging-newrelic - system:serviceaccount:default:default * - system:serviceaccount:new-relic:default - system:serviceaccount:new-relic:new-relic* volumes: - '*' -- Mate

Re: Webhook token auth

2017-12-01 Thread Mateus Caruccio
gt; On Fri, Dec 1, 2017 at 3:48 PM, Mateus Caruccio < > mateus.caruc...@getupcloud.com> wrote: > >> Hi. >> Is it possible to use external webhook auth on openshift? >> >> I've edited origin-master with this fragment: >> >> kubernetesMasterConfig:

Webhook token auth

2017-12-01 Thread Mateus Caruccio
Thanks -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

Re: Hawkular metrics returns Forbiden

2017-10-05 Thread Mateus Caruccio
Hey Matt, any update on this? -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2017-09-28 10:19 GMT-03:00 Matthew Wringe <mwri...@redhat.com>: > Wait, there is another update that we need. That PR probably wont work &

Re: Hawkular metrics returns Forbiden

2017-09-28 Thread Mateus Caruccio
Sweet! Would you mind pointing the PR url? Thanks. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2017-09-28 9:34 GMT-03:00 Matthew Wringe <mwri...@redhat.com>: > Ah, sorry, this somehow got missed. We have had

Re: Hawkular metrics returns Forbiden

2017-09-28 Thread Mateus Caruccio
Nope, no time to debug yet :( -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2017-09-28 7:52 GMT-03:00 Andrew Lau <and...@andrewklau.com>: > Did you find any solution for this? > > On Fri, 15 Sep 2017 at 01:34

Re: Problem about logging in openshift origin

2017-09-15 Thread Mateus Caruccio
You can look into two places for clues. The pod's log itself (oc -n logging logs -f logging-es-data-master-lf6al5rb-5) and project events (oc -n logging get events) Em 15 de set de 2017 07:10, "Yu Wei" escreveu: > Hi, > > I setup OpenShift origin 3.6 cluster successfully

Re: OpenShift Origin 3.6 + Ceph persistent storage problems with secret

2017-09-15 Thread Mateus Caruccio
Hey Piotr, I believe you'd have a better chance asking on dev@lists.openshift.redhat.com (CCed) Cheers, Mateus Em 15 de set de 2017 05:08, "Piotr Baranowski" escreveu: *bump* Anyone? -- *Od: *"Piotr Baranowski"

Re: Hawkular metrics returns Forbiden

2017-09-14 Thread Mateus Caruccio
001vmov40p52 [nodes] e001vmov40p42 openshift_node_labels="{'role': 'master'}" e001vmov40p51 openshift_node_labels="{'role': 'master'}" e001vmov40p52 openshift_node_labels="{'role': 'master'}" e001vmov40p45 openshift_node_labels="{'role': 'infra', 'docker-registry':'t

Hawkular metrics returns Forbiden

2017-09-13 Thread Mateus Caruccio
diagnostic: MetricsApiProxy Description: Check the integrated heapster metrics can be reached via the API proxy [Note] Summary of diagnostics execution (version v3.6.0+c4dd4cf): [Note] Completed with no errors or warnings seen. Thanks -- Mateus Caruccio / Master of Puppets GetupCloud.com We make

Re: Pods Not Terminating

2017-09-05 Thread Mateus Caruccio
Would you mind posting the issue link here so I can keep up on it? I'm seeing some errors like those too. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2017-09-05 18:28 GMT-03:00 Clayton Coleman <ccole...@redhat.

Selecting specific openshift/origin-deployer image version

2017-07-28 Thread Mateus Caruccio
How could I select an specific version for openshift/origin-deployer to run my deployment strategy? -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 ___ dev mailing list dev

Re: Openshift-only swagger api

2017-06-16 Thread Mateus Caruccio
Thanks, I will keep an eye on it. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible 2017-06-16 17:30 GMT-03:00 Clayton Coleman <ccole...@redhat.com>: > open api should have a set of extension fields that say what group the > resourc

Re: Openshift-only swagger api

2017-06-16 Thread Mateus Caruccio
Just to clarify, I meaning swagger 2.0. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible 2017-06-16 17:15 GMT-03:00 Mateus Caruccio <mateus.caruc...@getupcloud.com>: > Hello! > > Is there any other way to get all swagger api definition

Openshift-only swagger api

2017-06-16 Thread Mateus Caruccio
already have a fully operational client in https://github.com/caruccio/client-python using openshift's swagger but that duplicates all kubernetes endpoints/models already present in the original client-python. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible

Erased pvc disk

2017-04-07 Thread Mateus Caruccio
Regards, -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

Re: Flocker PVC

2017-04-05 Thread Mateus Caruccio
). Regards, -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible 2017-04-05 22:20 GMT-03:00 Jonathan Yu <jaw...@redhat.com>: > > > On Wed, Apr 5, 2017 at 6:07 PM, Mateus Caruccio < > mateus.caruc...@getupcloud.com> wrote: > >

Flocker PVC

2017-04-05 Thread Mateus Caruccio
Hi There. Is it possible to create PVs/PVCs backed by Flocker datasets? There are any security implications? Thanks -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible ___ dev mailing list dev

Re: Heapster failing for some pods

2017-03-24 Thread Mateus Caruccio
Turns out it was excessive disk read across all nodes. There was too many container start errors. Thanks Derek for the tip and Solly for your time. I guess logs wont be necessary anymore. Regards, -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible 2017

Re: Heapster failing for some pods

2017-03-22 Thread Mateus Caruccio
At https://paste.fedoraproject.org/paste/FYFahXSMMQOVUWHkXcrer15M1UNdIGYhyRLivL9gydE= you can find a log grep from heapster with --sink=log set. Looking for pod "portal-107-rg2ia" one can see it's not being sinked every scraping period (only 3/9 during this snippet). -- Mateu

Heapster failing for some pods

2017-03-22 Thread Mateus Caruccio
I'm running: openshift v1.3.1 kubernetes v1.3.0+52492b4 etcd 2.3.0+git openshift/origin-metrics-cassandra:v1.3.1 openshift/origin-metrics-hawkular-metrics:v1.3.1 openshift/origin-metrics-heapster:v1.3.2 (v1.3.1 has the same effect) Thanks, -- Mateus Caruccio / Master of Puppets GetupCloud.com We m

Re: Unable to mount GCE Persistent Disks

2017-03-14 Thread Mateus Caruccio
Thanks Clayton, Andrew and Erik. It was exactly the hostname. It's being defined by ansible into node-config.yaml instead (short) nodename. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible 2017-03-14 12:36 GMT-03:00 Clayton Coleman <ccole...@redhat.

NetworkManager missing field search on /etc/resolv.conf

2017-02-22 Thread Mateus Caruccio
(-type(-ifname))] and [global-dns] to NetworkManager.conf with configs "searchs" and "ipv4.dns-search" When I `systemctl restart NetworkManager` aAfter any of the above options ​, the field search is missing from /etc/resolv.conf. However, after a clean reboot it is there.

Re: API health or status page

2017-02-09 Thread Mateus Caruccio
Isn't /version open by default? -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade On Thu, Feb 9, 2017 at 8:30 PM, Srinivas Naga Kotaru (skotaru) < skot...@cisco.com> wrote: > Perfect. Thank you very much Jordan. Appreciated for quick help > > >

Re: openshift-sti-build stuck

2017-02-09 Thread Mateus Caruccio
Thanks, I'm monitoring build pods until someone goes stuck. Will back with trace ASAP. -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade On Thu, Feb 9, 2017 at 12:50 PM, Clayton Coleman <ccole...@redhat.com> wrote: > In order to get an accurate dump yo

Re: openshift-sti-build stuck

2017-02-09 Thread Mateus Caruccio
Sorry, forgot that: openshift/origin-sti-builder:v1.3.1 -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade On Thu, Feb 9, 2017 at 10:44 AM, Cesar Wong <cew...@redhat.com> wrote: > Hi Mateus, > > What is the version of the builder image? > > On

openshift-sti-build stuck

2017-02-09 Thread Mateus Caruccio
9 #13 0x0002 in ?? () #14 0x7fffbf823f18 in ?? () #15 0x00000002 in ?? () #16 0x7fffbf823f18 in ?? () #17 0x in ?? () (gdb) -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade ___ d

Invalid/Ignored ImageStreamTag name

2017-02-02 Thread Mateus Caruccio
porting, but got stuck with message "importing latest image ..." $ oc create -f nodejs5.json imagestream "nodejs5" created $ oc describe is/nodejs5 Name: nodejs5 Namespace: mateus Created: 13 seconds ago Labels: Annotations: openshift.io/image.dockerRepositoryCheck=2017-02-

Allow method PATCH in CORS

2017-01-26 Thread Mateus Caruccio
. Thanks, -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

Re: Allow method PATCH in CORS

2017-01-26 Thread Mateus Caruccio
Thanks. I guess github's repo search doesn't looks into PRs. -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade On Thu, Jan 26, 2017 at 3:00 PM, Andy Goldstein <agold...@redhat.com> wrote: > (copying the list with the right address) > > On Thu, Jan 26

Re: Registry Access Denied

2017-01-20 Thread Mateus Caruccio
CCing the list. PS: Clayton, your email client returned me with 'CC: " dev@lists.openshift.redhat.com" <d...@redhat.com>' -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade On Fri, Jan 20, 2017 at 4:54 PM, Mateus Caruccio < mateus.caruc...@ge

Registry Access Denied

2017-01-20 Thread Mateus Caruccio
; cannot create localsubjectaccessreviews in project \"mateus\"" Thanks, -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

Error TeardownNetwork

2016-12-30 Thread Mateus Caruccio
work plugins \"redhat/openshift-ovs-multitenant\": Error running network teardown script: Could not find IP address for container 987cc40a64273f661082d0cc9bb6e017a869dc1627f1493cb11e8a37b1070020" -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade __

Re: OC on Windows 2003

2016-12-12 Thread Mateus Caruccio
That makes sense. I guess the client server is 32bits. Thanks -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade On Mon, Dec 12, 2016 at 12:51 PM, Fabiano Franz <ffr...@redhat.com> wrote: > Hey Mateus! > > We provide Origin packages for Windows in th

OC on Windows 2003

2016-12-12 Thread Mateus Caruccio
Hi. Does anybody have a win 2003 binary of oc? Is it even feasible? -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo

Re: Container UUID

2016-10-11 Thread Mateus Caruccio
}' And then in your DC: spec: template: spec: containers: - env: - name: UNIQUE_UUID value: '${UNIQUE_UUID}' Hope it helps. -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade On Tue, Oct 11, 2016 at 2:11 PM, Srinivas

Re: Tying resources to it's namespace

2016-03-02 Thread Mateus Caruccio
quot; <dec...@redhat.com> escreveu: > Right... So you really need an immutable field in metadata or something > similar, or an annotation field that is overridden on every create/update > during admission. > > On Wednesday, March 2, 2016, Mateus Caruccio < > mateus.caruc...

Re: Tying resources to it's namespace

2016-03-02 Thread Mateus Caruccio
not be able to tamper this identifier, i.e. "oc edit pod/somepod". -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade On Wed, Mar 2, 2016 at 9:27 PM, Derek Carr <dec...@redhat.com> wrote: > This is not a bad idea to do in admission control as part of the na

Tying resources to it's namespace

2016-03-02 Thread Mateus Caruccio
. -- Mateus Caruccio / Master of Puppets GetupCloud.com - Eliminamos a Gravidade ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

Re: Default LC_ALL for sti based images

2016-02-17 Thread Mateus Caruccio
Sure, what is the best place for it? Dockerfile{rhel7}? And what about to add TERM too? It's a little annoying to have to set it every time I want to use vi/top/less/watch from within a container. Is TERM=vt100 a reasonable value? *Mateus Caruccio* Master of Puppets +55 (51) 8298.0026 gtalk

Re: Postgresql and ceph volumes

2016-02-06 Thread Mateus Caruccio
Thanks. That works. *Mateus Caruccio* Master of Puppets +55 (51) 8298.0026 gtalk: *mateus.caruc...@getupcloud.com <diogo.goe...@getupcloud.com>twitter: @MateusCaruccio <https://twitter.com/MateusCaruccio>* This message and any attachment are solely for the intended recipient and

Re: Runtime values in sti-php ini templates

2016-02-04 Thread Mateus Caruccio
The target dir must be prepared to receive those files, like it's being done today: https://github.com/openshift/sti-php/blob/master/5.6/s2i/bin/run#L20-L21 *Mateus Caruccio* Master of Puppets +55 (51) 8298.0026 gtalk: *mateus.caruc...@getupcloud.com <diogo.goe...@getupcloud.com>t

Re: Runtime values in sti-php ini templates

2016-02-03 Thread Mateus Caruccio
On Tue, Feb 2, 2016 at 9:51 PM, Ben Parees <bpar...@redhat.com> wrote: > > > On Tue, Feb 2, 2016 at 12:21 PM, Mateus Caruccio < > mateus.caruc...@getupcloud.com> wrote: > >> This could lead to an issue since most .ini files depend on some module >> to be av

Re: Runtime values in sti-php ini templates

2016-02-03 Thread Mateus Caruccio
No, composer is just fine pulling its dependencies. The problem are packages not found on composer. Newrelic.so, for instance, must be installed by newrelic's own yum repo, thus it need to be inside the build image already. *Mateus Caruccio* Master of Puppets +55 (51) 8298.0026 gtalk

Re: Runtime values in sti-php ini templates

2016-02-02 Thread Mateus Caruccio
lined to accept it as a PR. >> Adding Honza since his team technically controls the PHP image now (5.6 >> anyway). >> >> >> On Mon, Feb 1, 2016 at 4:43 PM, Mateus Caruccio >> <mateus.caruc...@getupcloud.com <mailto:mateus.caruc...@getupcloud.com>> >>

Username resolution failing

2016-01-19 Thread Mateus Caruccio
__get_username return pwd.getpwuid(os.geteuid()).pw_name KeyError: 'getpwuid(): uid not found: 100018' How can I circumvent this obstacle? Should I rebuild all sti scripts to include this user into the image? There is any trick to allow passwd readers to read from a mock? Thanks,

Re: Username resolution failing

2016-01-19 Thread Mateus Caruccio
Yes, we are using rhel images. Thanks! *Mateus Caruccio* Master of Puppets +55 (51) 8298.0026 gtalk: *mateus.caruc...@getupcloud.com <diogo.goe...@getupcloud.com>twitter: @MateusCaruccio <https://twitter.com/MateusCaruccio>* This message and any attachment are solely for the intend

Re: Username resolution failing

2016-01-19 Thread Mateus Caruccio
Yep, just tried centos images and it is working fine. It took me a while to understand the whole thing. I was simply "oc exec-ing" into the pod, but those NSS vars are create by sti/run. It may be good if those vars would be available from any shell. Thanks. *Mateus Caruccio* Master