Re: prune images from registry - getsockopt: connection timed out

[Ben Parees]

On Wed, Oct 11, 2017 at 10:44 AM, Maciej Zarczynski <
m.zarczyn...@adbglobal.com> wrote:

> Hi,
>
> for a while we are running openshift origin standalone docker-registry
> and it works pretty well, but when i try to prune images i am facing
> following situation:
>
> [root@c37ee07bf04f /]# time oc adm prune images --keep-tag-revisions=10
> --confirm
>
> error: error communicating with registry 172.30.146.162:5000: [Get
> https://172.30.146.162:5000/healthz: dial tcp 172.30.146.162:5000:
> getsockopt: connection timed out, Get http://172.30.146.162:5000/healthz:
> dial tcp 172.30.146.162:5000: getsockopt: connection timed out]
>


it looks like the machine you're running prune from doesn't have access to
the cluster network.  can you run the command from one of your cluster
nodes?



>
> real4m38.046s
>
> user0m9.118s
>
> sys0m0.529s
>
> [root@c37ee07bf04f /]# time oc adm prune images
> --keep-tag-revisions=1 --confirm
>
> error: error communicating with registry 172.30.146.162:5000: [Get
> https://172.30.146.162:5000/healthz: dial tcp 172.30.146.162:5000:
> getsockopt: connection timed out, Get http://172.30.146.162:5000/healthz:
> dial tcp 172.30.146.162:5000: getsockopt: connection timed out]
>
> real4m37.320s
>
> user0m9.141s
>
> sys0m0.564s
>
> [root@c37ee07bf04f /]# time oc adm prune images --keep-tag-revisions=10 |
> wc
>
> Dry run enabled - no modifications will be made. Add --confirm to remove
> images
>
>   27771   53320 2861369
>
> real0m23.583s
>
> user0m10.540s
>
> sys0m0.576s
>
> [root@c37ee07bf04f /]# time oc adm prune images
> --keep-tag-revisions=1 | wc
>
> Dry run enabled - no modifications will be made. Add --confirm to remove
> images
>
>  47  533031
>
> real0m23.728s
>
> user0m9.060s
>
> sys0m0.465s
>
> [root@c37ee07bf04f /]# oc get svc -n default
>
> NAME   CLUSTER-IP   EXTERNAL-IP   PORT(S)
>  AGE
>
> docker-registry172.30.146.162   5000/TCP
>   138d
>
> kubernetes 172.30.0.1   443/TCP,53/UDP,53/TCP
>  138d
>
> registry-console   172.30.142.214   9000/TCP
>   138d
>
> router 172.30.105.200   80/TCP,443/TCP,1936/TCP
>  138d
>
> [root@c37ee07bf04f /]# oc version
>
> oc v3.6.0+c4dd4cf
>
> kubernetes v1.6.1+5115d708d7
>
> features: Basic-Auth GSSAPI Kerberos SPNEGO
>
> Server https://intentionally.removed.com:8443
>
> openshift v1.5.0+031cbe4
>
> kubernetes v1.5.2+43a9be4
>
>
> As you can see above, dry run works without problem and return a bunch
> of elements for removeal but when flag --confirm is added problem appears.
>
> At fist i thought that docker-registry pod i failing with healthchecks
> but after after some investigation it is probably not the cause, at
> least i don't see any events for docker-registry pod.
>
> Is it possible to change some timeouts values for origin-master ? (I
> suspect that the error is caused by origin-master which breaks
> connection after ~ 277s from oc cli to registry)
>
> I was also thinking about workaround: Use output from dry-run and pass
> to some other tool (skopeo maybe?).
>
> Have you ever faced such problem?
>
>
> Best Regards,
> Maciej Żarczyński
>
>
> [https://www.adbglobal.com/wp-content/uploads/adb.png]
> adbglobal.com
> [https://www.adbglobal.com/wp-content/uploads/linkedin_logo.png]<
> https://www.linkedin.com/company/adb/> [https://www.adbglobal.com/
> wp-content/uploads/twitter_logo.png] 
> [https://www.adbglobal.com/wp-content/uploads/pinterest_logo.png] <
> https://pinterest.com/adbglobal/pins/>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>



-- 
Ben Parees | OpenShift
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

prune images from registry - getsockopt: connection timed out

[Maciej Zarczynski]

Hi,

for a while we are running openshift origin standalone docker-registry
and it works pretty well, but when i try to prune images i am facing
following situation:

[root@c37ee07bf04f /]# time oc adm prune images --keep-tag-revisions=10 
--confirm

error: error communicating with registry 172.30.146.162:5000: [Get 
https://172.30.146.162:5000/healthz: dial tcp 172.30.146.162:5000: getsockopt: 
connection timed out, Get http://172.30.146.162:5000/healthz: dial tcp 
172.30.146.162:5000: getsockopt: connection timed out]

real4m38.046s

user0m9.118s

sys0m0.529s

[root@c37ee07bf04f /]# time oc adm prune images --keep-tag-revisions=1 
--confirm

error: error communicating with registry 172.30.146.162:5000: [Get 
https://172.30.146.162:5000/healthz: dial tcp 172.30.146.162:5000: getsockopt: 
connection timed out, Get http://172.30.146.162:5000/healthz: dial tcp 
172.30.146.162:5000: getsockopt: connection timed out]

real4m37.320s

user0m9.141s

sys0m0.564s

[root@c37ee07bf04f /]# time oc adm prune images --keep-tag-revisions=10 | wc

Dry run enabled - no modifications will be made. Add --confirm to remove images

  27771   53320 2861369

real0m23.583s

user0m10.540s

sys0m0.576s

[root@c37ee07bf04f /]# time oc adm prune images --keep-tag-revisions=1 | wc

Dry run enabled - no modifications will be made. Add --confirm to remove images

 47  533031

real0m23.728s

user0m9.060s

sys0m0.465s

[root@c37ee07bf04f /]# oc get svc -n default

NAME   CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE

docker-registry172.30.146.162       5000/TCP  138d

kubernetes 172.30.0.1       443/TCP,53/UDP,53/TCP 138d

registry-console   172.30.142.214       9000/TCP  138d

router 172.30.105.200       80/TCP,443/TCP,1936/TCP   138d

[root@c37ee07bf04f /]# oc version

oc v3.6.0+c4dd4cf

kubernetes v1.6.1+5115d708d7

features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://intentionally.removed.com:8443

openshift v1.5.0+031cbe4

kubernetes v1.5.2+43a9be4


As you can see above, dry run works without problem and return a bunch
of elements for removeal but when flag --confirm is added problem appears.

At fist i thought that docker-registry pod i failing with healthchecks
but after after some investigation it is probably not the cause, at
least i don't see any events for docker-registry pod.

Is it possible to change some timeouts values for origin-master ? (I
suspect that the error is caused by origin-master which breaks
connection after ~ 277s from oc cli to registry)

I was also thinking about workaround: Use output from dry-run and pass
to some other tool (skopeo maybe?).

Have you ever faced such problem?


Best Regards,
Maciej Żarczyński


[https://www.adbglobal.com/wp-content/uploads/adb.png]
adbglobal.com
[https://www.adbglobal.com/wp-content/uploads/linkedin_logo.png]
 [https://www.adbglobal.com/wp-content/uploads/twitter_logo.png] 

[https://www.adbglobal.com/wp-content/uploads/pinterest_logo.png] 


___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Origin router and X-Forwarded-For

[Joel Pearson]

Sorry I meant it say, it *cannot modify the http request in any way.
On Thu, 12 Oct 2017 at 12:51 am, Joel Pearson 
wrote:

> Hi Marcelo,
>
> If you use Passthrough termination then that means that OpenShift cannot
> add the X-Forwarded-For header, because as the name suggests it is just
> passing the packets through and because it’s encrypted it can modify the
> http request in anyway.
>
> If you want X-Forwarded-For you will need to switch to Edge termination.
>
> Thanks,
>
> Joel
> On Thu, 12 Oct 2017 at 12:27 am, Marcello Lorenzi 
> wrote:
>
>> Hi All,
>> we tried to configure a route on Origin 3.6 with a Passthrough
>> termination to an Apache webserver present into a single POD but we can't
>> notice the X-Forwarded-Header to Apache logs. We tried to capture it
>> without success.
>>
>> Could you confirm if there are some method to extract it from the POD
>> side?
>>
>> Thanks,
>> Marcello
>> ___
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
> --
> Kind Regards,
>
> Joel Pearson
> Agile Digital | Senior Software Consultant
>
> Love Your Software™ | ABN 98 106 361 273
> p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au
>
-- 
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Origin router and X-Forwarded-For

[Joel Pearson]

Hi Marcelo,

If you use Passthrough termination then that means that OpenShift cannot
add the X-Forwarded-For header, because as the name suggests it is just
passing the packets through and because it’s encrypted it can modify the
http request in anyway.

If you want X-Forwarded-For you will need to switch to Edge termination.

Thanks,

Joel
On Thu, 12 Oct 2017 at 12:27 am, Marcello Lorenzi  wrote:

> Hi All,
> we tried to configure a route on Origin 3.6 with a Passthrough
> termination to an Apache webserver present into a single POD but we can't
> notice the X-Forwarded-Header to Apache logs. We tried to capture it
> without success.
>
> Could you confirm if there are some method to extract it from the POD side?
>
> Thanks,
> Marcello
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
-- 
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Origin router and X-Forwarded-For

[Marcello Lorenzi]

Hi All,
we tried to configure a route on Origin 3.6 with a Passthrough termination
to an Apache webserver present into a single POD but we can't notice the
X-Forwarded-Header to Apache logs. We tried to capture it without success.

Could you confirm if there are some method to extract it from the POD side?

Thanks,
Marcello
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users