Re: Docker Registry Versioning

You're trying to pull the OpenShift v3 OSE images, but using the Origin version numbers. They are not the same - you'll need to use the OSE tag values. On Tue, Mar 15, 2016 at 6:00 PM, Tim Moor wrote: > Hi list, > > We’re trying to find a way to phase the roll out of the

Re: Kubernetes Update Cadence

We try to align major versions with Kube version, although we stabilize at the end in slightly different time scales. 1.2 Origin -> 1.2 Kube, etc. If a feature is in a version of Kube in a fully supported manner, we try to expose that in the same origin version. The next rebase (due this week)

Re: OpenShift v3 add-on images

, 2016 at 3:16 PM, Braswell, Stephen <step...@unc.edu> wrote: > Thanks for the information, Clayton. I’m not sure how to implement that but > it gives me a starting point for toying around. I may have more questions > later. > > > -Stephen > >> On Mar 11, 2016, a

Re: api and console port : 8443

Make OpenShift console available on port 443 (https) >> <https://alword.wordpress.com/2016/03/11/make-openshift-console-available-on-port-443-https/> >> alword.wordpress.com >> Introduction The main reason why this blog post exist is that OpenShift >> V3 and Kubernetes is very close binded to port 8443. Th

Re: Docker Registry Authentication Issues

see that data is being stored on the > persistent volume, the 500 error seems to occur in the final commit phase > of the push. > > I’ve also tried different users and projects and getting the same result. > > The logs are rather useless, any lead on where I can try next? > > T

Re: Run Docker on Jenkins in OpenShift

Gabe, Michal, any ideas? On Tue, Mar 8, 2016 at 10:03 AM, Lorenz Vanthillo wrote: > I already edited scc priviliged because otherwise I had this error: > > Error creating: pods "jenkins-5-" is forbidden: unable to validate against > any security context constraint:

Re: image stream on image of private registry

ternal registry. > Do you have any guides? > > > --- > Diego Castro / The CloudFather > GetupCloud.com - Eliminamos a Gravidade > > 2016-03-07 19:40 GMT-03:00 Clayton Coleman <ccole...@redhat.com>: >> >> If you run oc tag you will get the exact version tagg

Re: Valid certificate for default openshift-master install

When you create new a new master cert you need to re-key all of the other components of the system - router, registry, service accounts, and nodes. I don't know that we have a single document that discusses re-keying, although I've seen reference to it recently. Jordan, do you know if there is a

Re: binary deploy

trategy but exploring if possible > to use a sample.war as argument to template > > > > -- > Srinivas Kotaru > > > > > > >> On 3/9/16, 8:49 PM, "Clayton Coleman" <ccole...@redhat.com> wrote: >> >> The container itself is wha

Re: binary deploy

tunix:///var/run/docker.sock\n" > I0309 22:58:59.932858 1 docker.go:242] Pulling Docker image > registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.2 ... > I0309 22:59:01.449811 1 sti.go:140] Preparing to build > 172.30.238.173:5000/sales/sales-dev:latest > I

Re: binary deploy

No, binaries are passed directly to the build, we don't support download from URL as a build source yet. On Wed, Mar 9, 2016 at 10:35 PM, Srinivas Naga Kotaru (skotaru) wrote: > Can we pass FQDN to fetch WAR file like below? > > "spec": { > "source": { >

Re: Docker Registry Authentication Issues

error authorizing context: authorization header with basic token required" Is definitely not expected. Did you do any sort of upgrade or change to the registry image? What image is your registry pod using? On Mar 9, 2016, at 10:11 PM, Tim Moor wrote: Hey Guys, in the

Re: unresolved container's hostname

There is a discussion upstream about this, and ensuring that names for pods can be resolved. In the short term it is not possible to resolve the pod hostname to itself. Can the worker run without being able to resolve the hostname? On Sun, Mar 6, 2016 at 8:11 PM, HIGUCHI Daisuke

Re: oc edit scc restricted, non interactively ?

If you want "RunAsAny", assign yourself to the "anyuid" SCC: oadm policy add-scc-to-user anyuid -z default -n PROJECT On Sun, Mar 6, 2016 at 3:32 PM, Jordan Liggitt wrote: > No. The default SCCs are not really intended to be modified. If you > want custom ones, it is

Re: Private registry : unable to pull

If you are using Openshift primarily for Devops workflows, we do not recommend building workflows that depend on an external registry, primarily because you lose fast image change triggering. If you are looking to centralize your images, we recommend that you do that through global shared file

Re: image stream on image of private registry

Imported images from an external registry must be scheduled for import if you want to pick up changes. Use --scheduled on oc tag if you want that. Images are checked every 15 minutes by default. We generally don't recommend using an external registry if you are trying to do fast iteration. Push

Re: setgid in nginx failing with permission error in container

Restricted now drops the SETGID capability. The "anyuid" SCC does not. You can edit restricted to give that or grant the user anyuid (which is more correct). On Mar 4, 2016, at 12:31 AM, Dean Peterson wrote: In previous versions of openshift origin I was able to run an

Re: Problem in Replication controller

g when i use RC instead of POD? > > thanks > > >> El 1 mar 2016, a las 16:21, Clayton Coleman <ccole...@redhat.com> escribió: >> >> Regular Openshift users don't have permission to run as arbitrary >> UIDs. You can read more here: >> https://docs.ope

Re: 503 service unavailable

What do the router logs say? On Mar 2, 2016, at 7:43 PM, Dean Peterson wrote: This is as close to having openshift origin set up perfectly as I have gotten. My builds work great, container deployments always work now. I thought I was finally going to have a smooth

Re: Include secret for whole cluster

Also, with pull-through enabled you should be able to add secrets to the "openshift" namespace and tag the image into an image stream there, then pull directly from the registry. On Mar 2, 2016, at 8:53 AM, David Eads wrote: If you want to allow global access, you can also add

Re: Apache Router

It should be possible to generate an Apache template and change the reload and router start scripts. I don't see any technical obstacles, just someone putting together an image with the templates. On Mar 1, 2016, at 12:37 PM, Srinivas Naga Kotaru (skotaru) < skot...@cisco.com> wrote: Any plans

Re: CMD with env vars

You have to double escape shell inclusions - "$$(hostname -i)" On Thu, Feb 25, 2016 at 2:19 PM, Philippe Lafoucrière <philippe.lafoucri...@tech-angels.com> wrote: > > On Thu, Feb 25, 2016 at 2:07 PM, Clayton Coleman <ccole...@redhat.com> > wrote: >> >> I

Re: Create image-stream for image from insecure private docker registry

If you are on 1.1.3 there is a bug with new-app if you are running new-app on a machine without Docker, you won't be able to select images from the DockerHub. 1.1.4 will contain a fix for that. If you want to import that image, oc import-image

Re: openshift start => don't generate master-config.yaml, openshift start master --write-config => generate master-config.yaml, it's a bug or a feature ?

start has two modes - "easy", and "serious". Easy takes command like flags, generates temporary config files, and runs. It does not generate a config file because the flags take precedence. Serious is that you want to run from config - so --write-config converts your flags and current state to a

Re: OpenShift Image Stream for Docker private repository

entication and print the command. On Sun, Feb 21, 2016 at 5:40 PM, Tim Moor <tim.m...@spring.co.nz> wrote: > Magic! > > That fixed the issues, thanks. > > > > On 22/02/16, 10:38 AM, "Clayton Coleman" <ccole...@redhat.com> wrote: > >>This comma

Re: OpenShift Image Stream for Docker private repository

mage "springn... > -- > > > The following completes successfully. > - docker pull springnz/base_centos7 > > > Any help greatly received. > > >>From: Clayton Coleman <ccole...@redhat.com> >>Date: Wednesday, 10 February 2016 at 10:53 PM >>To: T

Re: "atomic-openshift-controllers" service keeps respawning every 30 secs (multiple HA masters setup)

c-openshift-master-controllers.service > > > (stopping / staring "atomic-openshift-master-api" seems a bit redundant > since it is a requirement for "atomic-openshift-master-controllers" , but > still... ) > > > Thanks, > > /Florian > > > >

Re: Running applications that dont use LB

You can also use NodePorts to expose a port on each node (which you can then make HA with the IPFailover plugin). We don't yet support service loadbalancers in a non cloud environment, but that's something if you were sufficiently motivated you could build yourself.

Re: pods hanging in "pending" state

value: *** >> - name: MYSQL_DATABASE >> value: *** >> image: >> docker.io/centos/mysql-56-centos7@sha256:5a1d4c653e953c75a283cfecb1016ae57023b52ea12ad35ec0d1f861adb1 >> imagePullPolicy: IfNotPresent >> name

Re: Pods hanging in pending state

Docker 1.9 should fix the parallel pulls issue, and Origin up until 1.1.3 disabled parallel pulls automatically (which may be your issue) On Thu, Feb 18, 2016 at 11:13 AM, Diego Castro wrote: > I've seem this when docker is pulling a image which has a common layer

Re: Router High Availability

rrectly, but if I put this IP in > the wildcard, I can't access to anything. If I try telnet VIP 80 from other > Node I can't access. > > Regards. > > 2016-02-15 16:58 GMT+01:00 Clayton Coleman <ccole...@redhat.com>: >> >> Are you logged in as a system admin whe

Re: Datawise Unlocks Networking and Storage for Containers With Kubernetes 1.2

FlexVolumes are interesting for experimenting with new volume types, although you'd need to lock them down from a security perspective because the volumes have root access. The scheduler improvements I'm not familiar with, but they may tie up with the work that others did to ensure that the

Re: Router High Availability

What service account is the ipfa-pod using, and can you verify that the SCC correctly points to it? On Mon, Feb 15, 2016 at 8:53 AM, Fran Barrera wrote: > If I try "oc rsh ipfa-pod" this is the output: > > Error from server: pods "ipfa-ha-router-1-2e2t7" is forbidden:

Re: I am trying OpenShift origin, I cannot create application

rsion > oc v1.1.2-223-g2ca50e6 > kubernetes v1.2.0-origin > > > but it the issue remains. > >> On Fri, Feb 12, 2016 at 12:49 AM, Clayton Coleman <ccole...@redhat.com> >> wrote: >> You have to explicitly set HTTP proxy in the Go client code, so it's >> entirely possi

Re: I am trying OpenShift origin, I cannot create application

You have to explicitly set HTTP proxy in the Go client code, so it's entirely possible that new-app is missing those. On Thu, Feb 11, 2016 at 1:36 PM, Ben Parees wrote: > older versions of oc new-app communicate (or attempt to communicate) > directory with the dockerhub

Re: Exposing Host port to docker image in openshift

il.com> wrote: No it doesn't. So I should setup a service for MySQL Galera Cluster? Than every application will be able to acces it at its own Node? David Strejc t: +420734270131 e: david.str...@gmail.com On Wed, Feb 10, 2016 at 3:15 PM, Clayton Coleman <ccole...@redhat.com> wrote: > Y

Re: Enabling Cluster Metrics

43/TCP,53/UDP,53/TCP 92d search test.svc.cluster.local svc.cluster.local cluster.local test.es options ndots:5 2016-02-10 14:01 GMT+01:00 Clayton Coleman <ccole...@redhat.com>: > That seems to indicate that inside the deployment container DNS is not > working. Can you do the followin

Re: Exposing Host port to docker image in openshift

t, GlusterFS and >>> MariaDB directly on Node. >>> >>> What I want is to expose Node port (3306) or Node MariaDB socket INTO >>> docker container. >>> >>> Is this possible? >>> >>> David Strejc >>> t: +420734270131 >>

Re: Enabling Cluster Metrics

kular/metrics/status. Curl exit code: 7. Status Code 000 'https://hawkular-metrics:443/hawkular/metrics/status' is not accessible [HTTP status code: 000. Curl exit code 7]. Retrying. hawkular-cassandra logs don't show errors. 2016-02-10 14:50 GMT+01:00 Clayton Coleman <ccole...@redhat.com>:

Re: Issues with devicemapper - advice for the others

That said, devicemapper is tested and certified on RHEL and centos, so if you're on Ubuntu I have no visibility into the level of support they make available. You can certainly use AUFS if you prefer. On Feb 10, 2016, at 3:42 PM, Philippe Lafoucrière < philippe.lafoucri...@tech-angels.com>

Re: Issues with devicemapper - advice for the others

Are you writing large amounts of data to the container image? We wouldn't recommend that normally - graylog sending a lot of io to the container seems wrong in general. Is the data directory an empty dir volume, or persistent volume? It would be good to get a representative io log from one of

Re: OpenShift with Docker method installation on CentOS, error : deployer.go:65] couldn't get deployment default/docker-registry-1: Get https://10.0.2.15:8443/api/v1/namespaces/default/replicationcont

Might be a firewall rule - try connecting to 10.0.2.15 from a random docker container on the machine. I don't know whether default docker route rules have changed, but it's also possible packers aren't making it off the docker bridge to your host. On Feb 10, 2016, at 4:33 AM, Stéphane Klein

Re: I don't found "osc" cli in OpenShift Origin documentation, why ?

We'll probably remove that symlink starting in 1.3. I'll make a note. On Feb 10, 2016, at 4:47 AM, Martin Nagy wrote: Hi, osc has been renamed to oc. We probably keep osc just for compatibility with old scripts. Regards, Martin On Wed, Feb 10, 2016 at 8:17 AM, Stéphane

Re: OpenShift Image Stream for Docker private repository

What version of origin are you running? On Feb 9, 2016, at 10:45 PM, Tim Moor wrote: Hey list, Just wondering if anyone had successfully be able to set up an external image-stream to a private repository hosted in docker hub. Running oc import-image oc import-image

Re: OpenShift with Docker method installation on CentOS, error : deployer.go:65] couldn't get deployment default/docker-registry-1: Get https://10.0.2.15:8443/api/v1/namespaces/default/replicationcont

> > 2016-02-10 11:10 GMT+01:00 Stéphane Klein <cont...@stephane-klein.info>: > >> >> >> 2016-02-10 10:48 GMT+01:00 Clayton Coleman <ccole...@redhat.com>: >> >>> Might be a firewall rule - try connecting to 10.0.2.15 from a random >>> docker

Re: Exposing Host port to docker image in openshift

You want the MySQL container to be exposed on the host address? Or you want another non-MySQL container to be able to access the MySQL container? On Feb 10, 2016, at 7:04 AM, David Strejc wrote: Dear all, I have MySQL cluster running on all nodes of Open Shift and I

Re: system:admin login still asking for password

system:admin can only log in with certificate authentication. If you have the original admin.kubeconfig file, it will have those certs in it and -u would switch to using them. In your case, your kubeconfig file probably doesn't have that info. Look for your original admin.kubeconfig file > On

Re: Enabling Cluster Metrics

That seems to indicate that inside the deployment container DNS is not working. Can you do the following to check: oc run --image centos:7 test --generator=run-pod/v1 --restart=Never -- curl https://kubernetes oc logs test And then oc run --image centos:7 test2

Re: OpenShift with Docker method installation on CentOS, error : deployer.go:65] couldn't get deployment default/docker-registry-1: Get https://10.0.2.15:8443/api/v1/namespaces/default/replicationcont

at 05:59:16, Stéphane Klein ( cont...@stephane-klein.info) wrote: Do you see my mistake ? It's the default iptable config on CentOS. 2016-02-10 11:48 GMT+01:00 Stéphane Klein <cont...@stephane-klein.info>: > > > 2016-02-10 11:44 GMT+01:00 Clayton Coleman <ccole...@re

Re: Nobody test OpenShift Origin with Vagrant + Ansible ? There are many issues with this workflow

Yeah, I think most people are testing vagrant locally for dev, but for ansible are deploying to EC2 or GCE On Tue, Feb 9, 2016 at 4:19 PM, Jason DeTiberus wrote: > > > On Tue, Feb 9, 2016 at 12:12 PM, Stéphane Klein > wrote: >> >> Hi, >> >>

Re: Still having trouble with 1.1.1

The deployment logs seems to be indicating that your first container did not start cleanly in 120s. What do the logs of that container (via docker or via oc logs) show? On Feb 5, 2016, at 10:16 AM, Dean Peterson wrote: I am still evaluating Openshift for use with the

Re: hawkular-metrics Error on Origin 1.1

It's likely you are overwriting something in the openshift-infra namespace. Please try deploying to a different namespace. On Thu, Feb 4, 2016 at 12:07 PM, Matt Wringe wrote: > > - Original Message - >> From: "Den Cowboy" >> To: "Matt Wringe"

Re: Replication Controller in pods

Very few people create pods directly - the docs say "replication controller" but should really say "pods created directly cannot be automatically evacuated". All other pods (managed by Deployments, Replication controllers, Daemon sets, Jobs, scheduled jobs, Builds, Pet Sets, etc) can. Evacuation

Re: Adding a node to the cluster without ansible

In general, you should be using ansible to roll out your configuration, in which case you'd be sure to pick up the config. Will defer to others who work more with the ansible stuff. On Thu, Feb 4, 2016 at 1:04 PM, Srinivas Naga Kotaru (skotaru) wrote: > Will ansible will touch

Re: swagger UI

Hrm - works locally, is that path allowed by your proxy? On Tue, Feb 2, 2016 at 7:16 PM, Srinivas Naga Kotaru (skotaru) < skot...@cisco.com> wrote: > Thanks for quick reply > > Am getting method not allowed. Tried CLI and browser. Browser simply > throwing a blank download page > > # curl -Ik

Re: New Deployments add container to old stuck deployment

Please file a bug with the output of "oc get dc,rc -o yaml" > On Jan 29, 2016, at 9:47 PM, Dean Peterson wrote: > > In the image, you can see; every time I try to start a new deployment for a > service that has a stuck previous deployment, it increments the number of >

Re: Pod never starts and cannot delete; completely stops openshift from responding

Deletions are graceful by default - you can pass --grace-period=0 to force delete the offending pod. This is almost always related to nodes being misconfigured. There was an issue where nodes may have gotten their node names changed to their IP in 1.1 can you verify that the nodes the pods are

Re: Pod never starts and cannot delete; completely stops openshift from responding

hat creates a master and node on the same machine. > > > On Tue, Jan 26, 2016 at 8:37 AM, Clayton Coleman <ccole...@redhat.com> > wrote: >> >> Deletions are graceful by default - you can pass --grace-period=0 to >> force delete the offending pod. >> >> This i

Re: Dockerfile in OpenShift

oc describe svc NAME will show you the service mapping and backing endpoints. dig @masterip servicename.namespace.svc.cluster.local will show you what is in DNS On Jan 25, 2016, at 8:12 PM, Srinivas Naga Kotaru (skotaru) < skot...@cisco.com> wrote: Is skyDNS responsible for this resolution?

Re: Dockerfile in OpenShift

In each container DNS is set up so that the name for each service is a resolvable address (which means normal network operations like ping, curl, etc can use the service name in place of the service IP). If you have a service called "db", every container is "linked" to that service. On Jan 24,

Re: Router Sharding

All of the core work for this is in 3.1.1, except for the ability to report back which routers the route is being served by to the API and UI. On Fri, Jan 15, 2016 at 4:49 PM, Brenton Leanhardt wrote: > On Fri, Jan 15, 2016 at 3:53 PM, Srinivas Naga Kotaru (skotaru) >

<    1   2   3   4