How to improve pod scheduling

Hi All, We have 20 worker nodes all with the same labels (they all have the same specs). Our pods don't have any node selectors so all nodes are available to all pods. What we are seeing is the scheduler constantly placing pods on nodes that are already heavily usitised (in terms of memory

Re: Build pod already exists

For anyone that comes across this issue here, it is likely it was related to ntp. There is a bugzilla for it: https://bugzilla.redhat.com/show_bug.cgi?id=1547551 On 29 January 2018 at 06:12, Ben Parees <bpar...@redhat.com> wrote: > > > On Sun, Jan 28, 2018 at 6:05 AM, Lionel

Re: Build pod already exists

tomorrow. On Sun, 28 Jan 2018 at 1:51 pm, Ben Parees <bpar...@redhat.com> wrote: > On Sat, Jan 27, 2018 at 4:06 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> Hi, >> >> I'm seeing an random error when running builds. Some builds fail very &g

Re: Remote image with referencePolicy.type=Local -> manifest unknown

t, Nov 18, 2017 at 1:31 AM, Lionel Orellana <lione...@gmail.com> > wrote: > >> It doesn't look like putting the ca in /etc/pki/ca-trust/source/anchors >> is enough without running update-ca-trust >> > > yeah that makes sense and unfortunately makes it difficul

Re: Remote image with referencePolicy.type=Local -> manifest unknown

It doesn't look like putting the ca in /etc/pki/ca-trust/source/anchors is enough without running update-ca-trust On 18 November 2017 at 15:40, Lionel Orellana <lione...@gmail.com> wrote: > Inside the registry, curl with --cacert pointing to > /etc/pki/ca-trust/source/anchor

Re: Remote image with referencePolicy.type=Local -> manifest unknown

Inside the registry, curl with --cacert pointing to /etc/pki/ca-trust/source/anchors/.crt works. On 18 November 2017 at 15:11, Lionel Orellana <lione...@gmail.com> wrote: > I created a secret with the remote ca, mounted it on the registry at > /etc/pki/ca-trust/source/anchor. The re

Re: Remote image with referencePolicy.type=Local -> manifest unknown

I created a secret with the remote ca, mounted it on the registry at /etc/pki/ca-trust/source/anchor. The registry still says "certificate signed by unknown authority". On 17 November 2017 at 23:57, Ben Parees <bpar...@redhat.com> wrote: > > > On Fri, Nov 17, 2017 at

Re: Remote image with referencePolicy.type=Local -> manifest unknown

environments. > > > Ben Parees | OpenShift > > On Nov 16, 2017 10:58 PM, "Lionel Orellana" <lione...@gmail.com> wrote: > >> Looking at the registry logs, it's not happy with the remote registry >> cert. >> >> time="2017-11-17T03:53:46.591715

Re: Remote image with referencePolicy.type=Local -> manifest unknown

uot; Given that oc import-image works I was expecting the registry to trust the same ca's. On 17 November 2017 at 12:01, Ben Parees <bpar...@redhat.com> wrote: > > > On Thu, Nov 16, 2017 at 7:57 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> Is pullthrough e

Re: Remote image with referencePolicy.type=Local -> manifest unknown

ver name in the dockercfg secret? On 17 November 2017 at 10:01, Ben Parees <bpar...@redhat.com> wrote: > > > On Thu, Nov 16, 2017 at 5:36 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> Hi, >> >> I imported a remote image and set referencePol

Remote image with referencePolicy.type=Local -> manifest unknown

Hi, I imported a remote image and set referencePolicy.type to Local in the resulting tag. When I try to deploy an pod using this image stream tag I get "rpc error: code = 2 desc = manifest unknown: manifest unknown". If I change the referencePolicy type to Source then the pod pulls the image

Force external image sync

Hi, I imported an image from an external private registry and set *importPolicy.scheduled *on the resulting image stream tag to true. It works nicely but it can take quite a few minutes for changes on the external tag to be sync'ed back. Is there an oc command to force the sync? Thanks Lionel.

Re: OCP: Failed to push image: unauthorized: authentication req, uired

to the service name instead of the ip. But it does mean proxy vars are added to the registry deployment. On 27 October 2017 at 07:45, Lionel Orellana <lione...@gmail.com> wrote: > I have an Origin 3.6 cluster and the proxy vars are not set in the > registry pod at all. > > -bash-

Re: OCP: Failed to push image: unauthorized: authentication req, uired

com> wrote: > > > On Thu, Oct 26, 2017 at 12:43 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> This works.Would have thought the api server address was added >> automatically to NO_PROXY? >> > > it's supposed to be, but i do think there is a bug ope

Re: OCP: Failed to push image: unauthorized: authentication req, uired

par...@redhat.com> wrote: > > > On Thu, Oct 26, 2017 at 11:50 AM, Lionel Orellana <lione...@gmail.com> > wrote: > >> I didn't put it there. >> >> I another cluster this works. >> >> -bash-4.2$ oc rsh docker-registry-9-c9mgd oc whoami >> system

Re: OCP: Failed to push image: unauthorized: authentication req, uired

: Service Unavailable" I wonder if the invalid toke part is the issue. On 26 October 2017 at 19:16, Ben Parees <bpar...@redhat.com> wrote: > > > On Thu, Oct 26, 2017 at 8:11 AM, Lionel Orellana <lione...@gmail.com> > wrote: > >> Hi, >> >>

Re: OCP: Failed to push image: unauthorized: authentication req, uired

Could that be interfering? On 26 October 2017 at 17:11, Lionel Orellana <lione...@gmail.com> wrote: > Hi, > > In a new OCP 3.6 installation I'm trying to deploy JBoss EAP 7.0 from the > catalog. > > This is in a project for which I am the admin. > > It's failing to push the ima

OCP: Failed to push image: unauthorized: authentication req,uired

Hi, In a new OCP 3.6 installation I'm trying to deploy JBoss EAP 7.0 from the catalog. This is in a project for which I am the admin. It's failing to push the image to the registry Pushing image docker-registry.default.svc:5000/bimorl/jboss-eap70:latest ... Registry server Address: Registry

Re: LDAP bindPassword in Ansible inventory

- sAMAccountName > name: > - displayName > preferredUsername: > - sAMAccountName > insecure: 'true' > bindDN: 'CN=,OU=Azure Users,OU=DEH-Staff,DC=internal,DC=govt' > bindPassword: '' > url: ldap://ad-lb.envris-os-dev.agiledigital.com.au:389/ou= >

Re: LDAP bindPassword in Ansible inventory

:43, Lionel Orellana <lione...@gmail.com> wrote: > Looking at the master role it just copies the configuration from the > inventory to the config file so I do have to copy the encryption files > beforehand. Will have to try if the format in the inventory file is right. > On Sat, 2

Re: Containerized OCP requires atomic-openshift?

m package for a containerized install on non atomic hosts (e.g. RHEL)?* - is_containerized | bool - not is_atomic | bool On 21 October 2017 at 21:59, Lionel Orellana <lione...@gmail.com> wrote: > Thanks Chris. > > I have those 3 properties (although it looks like deploy

Re: Containerized OCP requires atomic-openshift?

;ch...@thefraggle.com> wrote: > > > > From: users-boun...@lists.openshift.redhat.com <users-bounces@lists. > openshift.redhat.com> on behalf of Lionel Orellana <lione...@gmail.com> > > Sent: Saturday, October 21, 2017 11:14 AM > > To: users > > Subject: Cont

Containerized OCP requires atomic-openshift?

Hi, I'm trying to install OCP 3.6. I've done a few installations of Origin before but it's my first OCP. I'm installing on RHEL and have set containerized=true in the inventory. The byo playbook for some reason insists on requiring atomic-openshift to be installed. Failure summary: 1.

LDAP bindPassword in Ansible inventory

Hi, I see there's a way to encrypt an ldap bind password for use in the master configs. But I'm not sure how this would work in the Ansible inventory configuration

2 clusters with the same internal ip addresses

Hi, Can two different clusters use the same ip ranges for osm_cluster_network_cidr and openshift_portal_net? Those ip’s are all internal so should be ok? I'm trying to save the hassle of reserving two more ranges for my second cluster. I don't want/need them to know about each other. Thanks

Upgrading Grafana

Hi, I've done 2 upgrades to the metrics system and noticed that Grafana doesn't get updated. During the initial installation the Grafana image was pushed to the Openshift registry as an image stream. Do I have to manually push it again? Shouldn't this be part of the metrics playbook? Thanks

Re: 1.5 Metrics upgrade did nothing to origin-metrics-cassandra

For reference I believe the issue was the presence of Ansible @retry files. The metrics playbook simply stopped after one master and didn't complete the upgrade. I removed the retry files and cassandra was updated correctly. On 23 August 2017 at 21:05, Lionel Orellana <lione...@gmail.com>

Re: Origin to OCP

names may change on nodes and masters >> and not get cleaned up. I'm not sure what other subtle issues would >> be hit. >> >> > On Aug 23, 2017, at 4:26 PM, Lionel Orellana <lione...@gmail.com> >> wrote: >> > >> > I have an Origin 1.5

Origin to OCP

I have an Origin 1.5 cluster. We now bought licenses for OCP. It is tempting to simply change the deployment type in the inventory file and upgrade to 3.6. Sounds like a bad idea. Is it? Cheers Lionel. ___ users mailing list

1.5 Metrics upgrade did nothing to origin-metrics-cassandra

Hello As the last step in upgrading my cluster from 1.4. to 1.5 I ran the metrics playbook. It upgraded origin-metrics-hawkular-metrics and origin-metrics-heapster to 1.5.1 but not origin-metrics-cassandra which is still showing 1.4.1. There is a tag in docker hub for it so I was expecting it

Re: Kubernetes Jenkins slaves in parallel

bernetes-plugin/ > > or open an issue against the plugin for it here: > https://issues.jenkins-ci.org/secure/Dashboard.jspa > > > On Sat, Feb 18, 2017 at 6:38 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> After much head-banging over this I finally go

Install breaks host autofs home dir

Hi I haven't been able to narrow this down more but basically the Ansible installation is, sometimes, breaking my home dir. My home dir is mounted with autofs from nfs. It normally looks like this. -bash-4.2$ df -h | grep home :// 303G 259G 44G 86% /home/userid After running the installer

Is the registry now secure by default with ansible install?

Hi I haven't created any certs. After an Ansible install using v.1.4.1 I simply added the integrated registry to the docker daemon configuration and now docker info shows this on the nodes: Registries: 172.23.199.122:5000 (secure), registry.access.redhat.com (secure), docker.io (secure) An

Re: Adding Registry address to Docker's NO_PROXY list

Seems like it's a known issue: https://github.com/openshift/openshift-ansible/issues/1919 On 11 February 2017 at 13:53, Lionel Orellana <lione...@gmail.com> wrote: > Hi > > After an ansible installation I always have to manually add Openshift's > registry address to the do

Adding Registry address to Docker's NO_PROXY list

Hi After an ansible installation I always have to manually add Openshift's registry address to the docker NO_PROXY list in /etc/sysconfig/docker. If I don't builds fail with error: build error: Failed to push image: Get https://172.23.199.122:5000/v1/_ping: Service Unavailable I have this in

Re: Template with Secret and Parameter

at.com> wrote: > > > On Mon, Jan 30, 2017 at 9:47 AM, Jessica Forrester <jforr...@redhat.com> > wrote: > >> >> >> On Mon, Jan 30, 2017 at 9:11 AM, Aleksandar Lazic <al...@me2digital.eu> >> wrote: >> >>> Hi. >>> >>> ---

Template with Secret and Parameter

Hello I'm trying to create a secret as part of a template but the value of the secret should come from a parameter. Something like this: { "kind": "Template", "apiVersion": "v1", ... }, "objects": [ ... { "kind": "Secret", "apiVersion": "v1",

Adding secrets to Docker builds

Hi I have a Docker BuildConfig with an inline Dockerfile as the source.I'm trying to add a secret to this build. The secret is called svn-pwd and already exists in the project. It has a single key called 'password'. In the inline Dockerfile I'm trying to find the mounted secret. It is supposed

Jenkins Windows Slave

Hi Is it possible to add an existing windows machine as a slave to a Jenkins master running on Openshift? I exposed the jnlp service with a route in Openshift and tried to use the tunnel option with 1) a Java Web Start slave, 2) running the slave client jar directly and 3) a Swarm slave. None of

Re: PV manual reclamation and recyling

Thanks Clayton. Keep us posted. On Wed., 30 Nov. 2016 at 2:48 am, Clayton Coleman <ccole...@redhat.com> wrote: > It's likely, don't have an eta yet while the scope of the pick is assessed. > > On Thu, Nov 24, 2016 at 5:52 PM, Lionel Orellana <lione...@gmail.com> > wrote:

Re: PV manual reclamation and recyling

This is a pretty bad issue in Kubernetes. We are talking about deleting data from NFS volumes. Lucky for me I'm just doing a POC. Is this not considered bad enough to warrant a patch release for Origin 1.3.x? Cheers Lionel. On 19 November 2016 at 07:38, Lionel Orellana <lione...@gmail.

Re: PV manual reclamation and recyling

6 at 07:26, Alex Wauck <alexwa...@exosite.com> wrote: > OpenShift is a distribution of Kubernetes, so I don't think you can > upgrade Kubernetes without upgrading OpenShift. > > On Fri, Nov 18, 2016 at 1:52 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >>

Re: PV manual reclamation and recyling

> > > https://docs.openshift.com/container-platform/3.3/install_config/upgrading/index.html > > Mark > > On Fri, Nov 18, 2016 at 3:13 AM, Lionel Orellana <lione...@gmail.com> > wrote: > > > This sounds very very familiar: > https://github.com/kubernetes/kub

Re: JBoss cluster

've > pointed out, since we're calling curl without --no-proxy, it can't access > the API server. The actual kube-ping code, on the other hand, can access it > because it bypasses the proxy. > > M. > > > On 18. 11. 2016 02:32, Lionel Orellana wrote: > > I deploye

Re: PV manual reclamation and recyling

version oc v1.3.0 kubernetes v1.3.0+52492b4 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://poc-docker01.aipo.gov.au:8443 openshift v1.3.0 kubernetes v1.3.0+52492b4 On 18 November 2016 at 18:18, Lionel Orellana <lione...@gmail.com> wrote: > Files in other dirs in the same NFS ser

Re: PV manual reclamation and recyling

Files in other dirs in the same NFS server don't get deleted (e.g. /poc_runtime/test/) There is something in my Openshift node deleting files in /poc_runtime/evs as soon as I put them there! On 18 November 2016 at 18:04, Lionel Orellana <lione...@gmail.com> wrote: > > In fa

Re: PV manual reclamation and recyling

Despite the fact that the error says that it couldn't remove it, what exactly is it trying to do here? Is it possible that this process previously deleted the data in the evs folder? On 18 November 2016 at 16:45, Lionel Orellana <lione...@gmail.com> wrote: > What about NFS volumes added

Re: PV manual reclamation and recyling

disappeared. Simply by restarting the host VM! On 18 November 2016 at 16:19, Lionel Orellana <lione...@gmail.com> wrote: > Thanks Mark > > On 18 November 2016 at 15:09, Mark Turansky <mtura...@redhat.com> wrote: > >> >> >> On Thu, Nov 17, 2016 at 10:41 PM, Lio

Re: PV manual reclamation and recyling

Thanks Mark On 18 November 2016 at 15:09, Mark Turansky <mtura...@redhat.com> wrote: > > > On Thu, Nov 17, 2016 at 10:41 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> Hi, >> >> Couple of questions regarding Persistent Volumes, in particular

PV manual reclamation and recyling

Hi, Couple of questions regarding Persistent Volumes, in particular NFS ones. 1) If I have a PV configured with the Retain policy it is not clear to me how this PV can be reused after the bound PVC is deleted. Deleting the PVC makes the PV status "Released". How do I make it "Available" again

Re: JBoss cluster

I deployed a distributable war and got the output I was looking for. All good with the world. Thanks. On 18 November 2016 at 08:29, Lionel Orellana <lione...@gmail.com> wrote: > But I can't tell if the second replica joined the cluster created by the > first. > > I'm expect

Re: JBoss cluster

But I can't tell if the second replica joined the cluster created by the first. I'm expecting to see "Number of cluster members: x" in the logs but it's not showing in any of the two instances. On 17 November 2016 at 22:55, Lionel Orellana <lione...@gmail.com> wrote: > Thank

Re: JBoss cluster

you > need to have the proper rights allocated to your service account. More > information here: > https://access.redhat.com/documentation/en/red-hat-xpaas/0/single/red-hat-xpaas-eap-image/#clustering > > Best Regards, > > Frédéric > > > On Thu, Nov 17, 2016 at 11:58

JBoss cluster

Hi, I'm trying to run Jboss cluster using the eap64-basic-s2i v1.3.2 template on Origin 1.3. The application built and deployed fined. The second one started fine but I can't tell if it joined the existing cluster. I was expecting to see an output along the lines of "number of members in the

Re: Container PermGen expcetion kills entire node

I don't. openshift v1.3.0 docker v1.10.3 On 7 November 2016 at 09:57, Clayton Coleman <ccole...@redhat.com> wrote: > Do you have resource limits defined on your Jenkins jobs containers? > What version of OpenShift and Docker? > > > On Nov 6, 2016, at 2:23 PM, Lionel Orellan

Container PermGen expcetion kills entire node

Hi, A Jenkins job running on Openshift generated a PermGen expcetion. I ran the job a couple more times to see if it would pass. I then realised that my two nodes had completely crashed. (i.e. I can't even login to the hosts, they have to be forcibly rebooted). Leaving aside the reason for the

JBoss EAP xPAAS - Oracle JDK

Hi, Are there any plans to include other JDK's in the JBoss EAP xPAAS images? We run all our apps with Oracle JDK at the moment. Changing JDK's is not something we want to do as part of a migration to Openshift. I can extend your image and add Oracle's jdk but this is something others probably

Re: prune images error - 503

It might be trying to go through the proxy. >From the master this works. curl -v --noproxy 172.19.38.253 http://172.19.38.253:5000/healthz On 26 October 2016 at 09:04, Lionel Orellana <lione...@gmail.com> wrote: > Hi Maciej > > Here's what I got from the prune logs. > &g

Re: RHEL image

t-release > > > > On Tue, Oct 18, 2016 at 11:27 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> I suppose I can do this but what version of EAP (and RHEL) does each tag >> map to? >> >> https://registry.access.redhat.com/v1/repositories/jboss- >&g

Re: RHEL image

I suppose I can do this but what version of EAP (and RHEL) does each tag map to? https://registry.access.redhat.com/v1/repositories/jboss-eap-6/eap64-openshift/tags On 19 October 2016 at 14:19, Lionel Orellana <lione...@gmail.com> wrote: > Also, how do I see what tags are available

Re: RHEL image

Also, how do I see what tags are available for those images in the redhat registry? On 19 October 2016 at 12:15, Lionel Orellana <lione...@gmail.com> wrote: > Thanks Jonathan. Should have tried that. > > At the risk of asking another silly question, is there a way to easily >

Re: RHEL image

gt; On Tue, Oct 18, 2016 at 5:49 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> Hi >> >> Is there an officially supported image of RHEL? I see all the xPaaS >> images in the customer portal but nothing about a plain RHEL image like >> there is fo

RHEL image

Hi Is there an officially supported image of RHEL? I see all the xPaaS images in the customer portal but nothing about a plain RHEL image like there is for Centos. Thanks Lionel. ___ users mailing list users@lists.openshift.redhat.com

Re: jboss-eap64-openshift quickstart maven proxy

On Thu, Oct 13, 2016 at 6:14 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> Thanks Jim. >> >> It worked by setting >> >> HTTP_PROXY_HOST=proxy.server.name >> >> and >> >> HTTP_PROXY_PORT=port >> >> &g

Re: jboss-eap64-openshift quickstart maven proxy

> config/build_defaults_overrides.html > > Cheers, > > Jim > > -- > Jim Minter > Principal Software Engineer, Red Hat UK > > > On 13/10/16 08:27, Lionel Orellana wrote: > >> Hi >> >> I'm trying to run the jboss-eap64-openshift quickstart but the bu

Re: Promoting deploymentconfigs etc. from dev->testing->production

rees <bpar...@redhat.com> wrote: > > > On Wed, Oct 12, 2016 at 10:04 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> May I ask in relation to this, how do you define an "environment" at the >> moment? My first instinct was to create a project

Re: External Oracle service

the value of *EXTERNAL_MYSQL_SERVICE_SERVICE_HOST *injected. On 11 October 2016 at 16:43, Lionel Orellana <lione...@gmail.com> wrote: > Hello > > I've seen some articles on how to define an external service for mysql ( > https://docs.openshift.com/container-platfor

Re: Node fails to start after system reboot

Apparently we had run out of disk space on the node. I couldn't recover from that even after clearing space and deleting /var/lib/docker. Had to throw away the node and start again. Wonder if there was a better way of handling this. On 10 October 2016 at 12:12, Lionel Orellana <li

External Oracle service

Hello I've seen some articles on how to define an external service for mysql ( https://docs.openshift.com/container-platform/3.3/dev_guide/integrating_external_services.html ). Does the same method apply to an external Oracle database? I don't understand where the variable

Re: Node fails to start after system reboot

Dir: /var/lib/docker WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled Registries: docker.io (secure) On 10 October 2016 at 10:36, Lionel Orellana <lione...@gmail.com> wrote: > I deleted all containers with > > docker rm -v $(docker ps -q -

Re: Node fails to start after system reboot

NTAINER IDIMAGE COMMAND CREATED STATUS PORTS NAMES # On 10 October 2016 at 09:44, Lionel Orellana <lione...@gmail.com> wrote: > Hi, > > I'm getting this error on my nodes after the host has rebooted. > > Oct 10 09

Re: Jenkins plugin - binary build

Ok thanks Ben. On 6 October 2016 at 13:01, Ben Parees <bpar...@redhat.com> wrote: > > > On Wed, Oct 5, 2016 at 6:48 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> Can you tag the Jenkins images with the Jenkins version you are using or >> some othe

Re: Jenkins plugin - binary build

; > On Oct 5, 2016 6:59 AM, "Lionel Orellana" <lione...@gmail.com> wrote: > >> The Jenkins v2 image is not yet available in docker hub is it? >> > > ​it wasn't, but it is now: openshift/jenkins-2-centos7​ > > > >> >> On 5 October 2016 at

docker build-arg

Hi All, Is there a way to specify a build-arg to a docker build. I have a Dockerfile with an ARG statement and I would like to run something equivalent to $docker build --build-arg ARG1=value ./build-dir My docker buildconfig is setup and I can trigger new builds without the arg as $oc

Re: Jenkins plugin - binary build

I wanted to use Jenkins v2 which you didn't have an image for. I see that there is one now. I'll have to consider if it's worth switching over. On 4 October 2016 at 09:54, Ben Parees <bpar...@redhat.com> wrote: > > > On Mon, Oct 3, 2016 at 6:28 PM, Lionel Orellana <lione...@

Re: Failed to remove orphaned pod - device or resource busy

docker run hello-world works. On Tue., 4 Oct. 2016 at 8:06 pm, Michail Kargakis <mkarg...@redhat.com> wrote: > Can you run docker containers directly via the docker command? > > On Tue, Oct 4, 2016 at 10:18 AM, Lionel Orellana <lione...@gmail.com> > wrote: > > The

Re: Failed to remove orphaned pod - device or resource busy

All the "device or resource busy" errors seem related to tmpfs mounts for secret volumes. On 4 October 2016 at 17:32, Lionel Orellana <lione...@gmail.com> wrote: > Hi All, > > I had a v1.3 cluster with a master and a node going. Both servers were > rebooted over th

Failed to remove orphaned pod - device or resource busy

Hi All, I had a v1.3 cluster with a master and a node going. Both servers were rebooted over the weekend and all hell broke loose. The registry, the router and all apps I had running have stopped working. I see quite a few of these errors in the logs: Oct 04 17:14:07 poc-docker02.aipo.gov.au

Re: Modifying existing advanced installation

Thanks Jason. Good to know I'm on the right track. On 23 September 2016 at 03:52, Jason DeTiberus <jdeti...@redhat.com> wrote: > > > On Tue, Sep 20, 2016 at 4:07 AM, Lionel Orellana <lione...@gmail.com> > wrote: > >> Hello >> >> I want to configu

Re: Jenkins plugin - binary build

to run the pod. No need to > explicitly log in. > > On Sep 28, 2016, at 1:40 AM, Lionel Orellana <lione...@gmail.com> wrote: > > Adding the edit cluster role seems to work. > > oadm policy add-cluster-role-to-user edit system:serviceaccount:jenkins: > jenkins > > B

Binary build - numeric overflow in sparse archive member

Hi Running start-build with --from-dir option is resulting in the following output. Uploading directory "transaction-authority-lite" as binary input for the build ... build "transaction-auth-lite-3" started Receiving source from STDIN as archive ... Extracting... tar: CoreUtils.java.svn-base:

Re: Jenkins plugin - binary build

Adding the edit cluster role seems to work. oadm policy add-cluster-role-to-user edit system:serviceaccount:jenkins:jenkins But is feels I'm giving it too much access. I tried with role system:build-controller but that wasn't enough. On 28 September 2016 at 14:00, Lionel Orellana <li

Modifying existing advanced installation

Hello I want to configure LDAP authentication on my existing cluster. Instead of manually modifying the master config file, can I add the new settings to my Ansible inventory and rerun the config playbook? Does it know to only apply the new configuration? Generally speaking, is this the best way

Re: how to set no_proxy for s2i registry push?

Adding the registry's address to NO_PROXY in /etc/sysconfig/docker works. However it doesn't feel like something I should be changing by hand. Is this something I missed in the ansible configuration when installing? On 20 September 2016 at 14:09, Lionel Orellana <lione...@gmail.com> wrote:

how to set no_proxy for s2i registry push?

Hi I'm getting this error when building the wildfly:10 builder sample on a containerised v1.3.0. ushing image 172.19.38.253:5000/bimorl/wildfly:latest ... Registry server Address: Registry server User Name: serviceaccount Registry server Email: serviceacco...@example.org Registry server

Re: Can't run containers after advanced installation

September 2016 at 17:57, Lionel Orellana <lione...@gmail.com> wrote: > Hi All > > I installed Origin v1.3.0-rc1 (unaware of the imminent 1.3 release) using > the ansible method. > Everything seemed to have installed Ok. But whenever I try to build or run > anything I get this

Re: Origin v1.3.0 released

Thanks Clayton. Congrats to all on the new release! Just a few hours earlier I was installing 1.3.0rc1 using ansible. Good chance now for me to learn how upgrades work. I'm trying to upgrade to 1.3 using openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml. I set the

Re: Registry login with service account

a role to user that doesn't exist. On Mon, 22 Aug 2016 at 2:24 PM, Lionel Orellana <lione...@gmail.com> wrote: > Hi > > I'm trying to use a service account to push images to the openshift > registry. > > I am able to login and push with a regular user token obta

Registry login with service account

Hi I'm trying to use a service account to push images to the openshift registry. I am able to login and push with a regular user token obtained from oc whoami -t. But that token expires after a while so I need a more permanent solution. I created a service account and added the following roles:

Re: s2i maven proxy

Got it. name: MAVEN_OPTS value: '-DproxyHost=http:// <http://172.30.192.51:3128/> -DproxyPort=' On 13 August 2016 at 08:08, Lionel Orellana <lione...@gmail.com> wrote: > Hi, > > I'm trying to run the Wildfly 10 template from the console. > > I found how to set

Re: cluster up - reuse registry address

Yes. On 10 August 2016 at 18:04, Cesar Wong <cew...@redhat.com> wrote: > Lionel, > > So is it working for you now? > > On Aug 9, 2016, at 11:10 PM, Lionel Orellana <lione...@gmail.com> wrote: > > Digging through the go libraries used for parsing the comma

Re: cluster up - reuse registry address

t 10:31 PM, Lionel Orellana <lione...@gmail.com> wrote: > Setting the log level to 4 I found the following > > Starting OpenShift using container 'origin' > > I0809 22:21:26.415373 20151 run.go:143] Creating container named "origin" > > config: > >

Re: cluster up - reuse registry address

is might be causing some of my problems. The fact that I can't set more than one ip address in no_proxy. On 9 August 2016 at 11:18, Lionel Orellana <lione...@gmail.com> wrote: > I guess what I need is a way to configure the proxy as per > https://docs.openshift.org/latest/install_con

Re: cluster up - reuse registry address

I guess what I need is a way to configure the proxy as per https://docs.openshift.org/latest/install_config/http_proxies.html#configuring-hosts-for-proxies On Tue, 9 Aug 2016 at 10:05 AM, Lionel Orellana <lione...@gmail.com> wrote: > It's been difficult to get a functional poc goin

Re: No external access inside container

ar...@redhat.com> wrote: > On Mon, Aug 1, 2016 at 11:07 PM, Lionel Orellana <lione...@gmail.com> > wrote: > >> Hello >> >> I ran a cluster with oc cluster up and deployed Jenkins from the provided >> template. I can acces Jenkins and login. But I need to

No external access inside container

Hello I ran a cluster with oc cluster up and deployed Jenkins from the provided template. I can acces Jenkins and login. But I need to setup our company proxy so Jenkins can access external sites (eg. Github.com). >From within the container (oc rsh jenkins-5-xg14g) curl fails to connect to

Re: oc cluster up - dns issue?

just when > running from containers with host networking? The router runs with > --net=host, so it's possible this is a docker 1.11 bug (although I haven't > heard anyone report that yet). > > On Wed, Jul 27, 2016 at 7:12 PM, Lionel Orellana <lione...@gmail.com> > wrote: >

Re: oc cluster up - dns issue?

Even running cluster up as root the router can't bind to ports 80 and 443. On Wed, 27 Jul 2016 at 9:52 PM, Lionel Orellana <lione...@gmail.com> wrote: > Don't think so. > > $ sudo netstat -tulpn > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Addr

Re: oc cluster up - dns issue?

successfully (oc get pods -n default)? > > > > On Jul 27, 2016, at 7:12 AM, Lionel Orellana <lione...@gmail.com> wrote: > > My iptables has these rules. Is this normal? > > Chain KUBE-SERVICES (1 references) > target prot opt source

Re: oc cluster up - dns issue?

On 27 July 2016 at 16:08, Lionel Orellana <lione...@gmail.com> wrote: > Further info > > $ oc get endpoints --namespace=default --selector=router > > NAME ENDPOINTS AGE > router 1h > > Router has no endpoints? > > > > On Wed, 27 Jul 2016 at 3:22 PM, Li

  1   2   >