Re: Low Disk Watermark

[Luke Meyer]

Looks like you're using your root partition for docker volume storage (and
thus Elasticsearch storage). That is the default configuration, but not a
recommended one - we recommend specifying storage specifically for docker
https://docs.openshift.org/latest/install_config/install/prerequisites.html#configuring-docker-storage

Also ES data will keep getting blown away if you don't give it a persistent
volume, but hopefully that was already evident to you.

On Mon, Aug 29, 2016 at 9:55 PM, Frank Liauw  wrote:

> Hi All,
>
> My Origin cluster is pretty new, and I happen to spot the following log
> entry by elasticsearch in kibana (I'm using OpenShift's logging stack):
>
> [2016-08-30 01:44:25,997][INFO ][cluster.routing.allocation.decider]
> [Quicksilver] low disk watermark [15%] exceeded on 
> [t2l6Oz8uT-WS8Fa7S7jzfQ][Quicksilver]
> free: 1.5gb[11.4%], replicas will not be assigned to this node
>
> df on the node shows the following:
>
> /dev/mapper/centos_node3-root   14G   13G  1.6G  89% /
> ..
> tmpfs  7.8G  4.0K  7.8G   1%
> /var/lib/origin/openshift.local.volumes/pods/8a2a40e3-
> 5f83-11e6-8b2f-0231a929d7bf/volumes/kubernetes.io~secret/
> builder-dockercfg-3z4qk-push
> tmpfs  7.8G  4.0K  7.8G   1%
> /var/lib/origin/openshift.local.volumes/pods/8a2a40e3-
> 5f83-11e6-8b2f-0231a929d7bf/volumes/kubernetes.io~secret/sshsecret-source
> tmpfs  7.8G   12K  7.8G   1%
> /var/lib/origin/openshift.local.volumes/pods/8a2a40e3-
> 5f83-11e6-8b2f-0231a929d7bf/volumes/kubernetes.io~secret/
> builder-token-znk7k
> tmpfs  7.8G  4.0K  7.8G   1%
> ..
>
> This appears to be the case on one of my other nodes as well (with a
> slightly different tmpfs size of 5.8G).
>
> Is this normal?
>
> Frank
> Systems Engineer
>
> VSee: fr...@vsee.com  | Cell: +65 9338 0035
>
> Join me on VSee for Free 
>
>
>
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Error from server: Timeout: timed out waiting for build ruby-hello-world-1 to start after 10s

[Ben Parees]

On Wed, Aug 31, 2016 at 1:09 PM, Ricardo Aguirre Reyes | BEEVA MX <
ricardo.aguirre.contrac...@beeva.com> wrote:

> Hi,
> I just installed Openshift in a Cluster
> etcd
> infrastructure
> NFS
> LB
> Master1
> Master2
> Node1
> Node2
> Node3
>
> At first I have some problems because on the NFS host,  the  directory
>  /exports/registry/ was bussy and openshift couldn't write there
>
> Then I removed it and created a new one with:
> mkdir /exports/registry; chown nfsnobody:nfsnobody /exports/registry;
> chmod 0777 /exports/registry
>
> Then when I tried to deploy a sample application, the  log, simply doesn't
> works, and I don't know how find the problem source.
>
> The log does not response from web, neither from  command line
>
> I check the NFS host and it has no data in the registry diredctory
>
> Theis is the  log history on Master1
>
> *[root@ip-172-31-42-197 ec2-user]# oc logs build/cakephp-example-1 -n
> other-project*
> *Error from server: Timeout: timed out waiting for build cakephp-example-1
> to start after 10s*
> *[root@ip-172-31-42-197 ec2-user]# oc get bc*
> *[root@ip-172-31-42-197 ec2-user]# oc new-project forth-project*
> *Now using project "forth-project" on server
> "https://ip-172-31-40-129.us-west-2.compute.internal:8443
> ".*
>
> *You can add applications to this project with the 'new-app' command. For
> example, try:*
>
> *$ oc new-app
> centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git
> *
>
> *to build a new hello-world application in Ruby.*
> *[root@ip-172-31-42-197 ec2-user]# oc new-app
> centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git
> *
> *--> Found Docker image bffbe0b (7 days old) from Docker Hub for
> "centos/ruby-22-centos7"*
>
> *Ruby 2.2 *
> * *
> *Platform for building and running Ruby 2.2 applications*
>
> *Tags: builder, ruby, ruby22*
>
> ** An image stream will be created as "ruby-22-centos7:latest" that
> will track the source image*
> ** A source build using source code from
> https://github.com/openshift/ruby-hello-world.git
>  will be created*
> *  * The resulting image will be pushed to image stream
> "ruby-hello-world:latest"*
> *  * Every time "ruby-22-centos7:latest" changes a new build will be
> triggered*
> ** This image will be deployed in deployment config "ruby-hello-world"*
> ** Port 8080/tcp will be load balanced by service "ruby-hello-world"*
> *  * Other containers can access this service through the hostname
> "ruby-hello-world"*
>
> *--> Creating resources with label app=ruby-hello-world ...*
> *imagestream "ruby-22-centos7" created*
> *imagestream "ruby-hello-world" created*
> *buildconfig "ruby-hello-world" created*
> *deploymentconfig "ruby-hello-world" created*
> *service "ruby-hello-world" created*
> *--> Success*
> *Build scheduled, use 'oc logs -f bc/ruby-hello-world' to track its
> progress.*
> *Run 'oc status' to view your app.*
> *[root@ip-172-31-42-197 ec2-user]# oc logs -f bc/ruby-hello-world*
> *Error from server: Timeout: timed out waiting for build
> ruby-hello-world-1 to start after 10s*
> *[root@ip-172-31-42-197 ec2-user]# oc desribe build ruby-hello-world-1*
> *Error: unknown command "desribe" for "oc"*
>
> *Did you mean this?*
> * describe*
>
> *Run 'oc --help' for usage.*
> *[root@ip-172-31-42-197 ec2-user]# oc describe build ruby-hello-world-1*
> *Name: ruby-hello-world-1*
> *Created: 6 minutes ago*
> *Labels: app=ruby-hello-world*
> * buildconfig=ruby-hello-world*
> * openshift.io/build-config.name=ruby-hello-world
> *
> *Annotations: openshift.io/build-config.name=ruby-hello-world
> *
> * openshift.io/build.number=1 *
> * openshift.io/build.pod-name=ruby-hello-world-1-build
> *
>
> *Status: Pending*
> *Duration: waiting for 6m6s*
> *Build Config: ruby-hello-world*
> *Build Pod: ruby-hello-world-1-build*
>
> *Strategy: Source*
> *URL: https://github.com/openshift/ruby-hello-world.git
> *
> *From Image: DockerImage
> centos/ruby-22-centos7@sha256:a217f6e1a7f84d31a2eaa1722aaf5247884c26246e2b0812850630ee0c8f17aa*
> *Output to: ImageStreamTag ruby-hello-world:latest*
> *Push Secret: builder-dockercfg-lfjuw*
>
> *Events:*
> *  FirstSeen LastSeen Count From SubobjectPath Type Reason Message*
> *  -  -  -  -- ---*
> *  6m 6m 1 {default-scheduler } Normal Scheduled Successfully assigned
> ruby-hello-world-1-build to ip-172-31-36-127.us-west-2.compute.internal*
>
>
> *[root@ip-172-31-42-197 

Error from server: Timeout: timed out waiting for build ruby-hello-world-1 to start after 10s

[Ricardo Aguirre Reyes | BEEVA MX]

Hi,
I just installed Openshift in a Cluster
etcd
infrastructure
NFS
LB
Master1
Master2
Node1
Node2
Node3

At first I have some problems because on the NFS host,  the  directory
 /exports/registry/ was bussy and openshift couldn't write there

Then I removed it and created a new one with:
mkdir /exports/registry; chown nfsnobody:nfsnobody /exports/registry; chmod
0777 /exports/registry

Then when I tried to deploy a sample application, the  log, simply doesn't
works, and I don't know how find the problem source.

The log does not response from web, neither from  command line

I check the NFS host and it has no data in the registry diredctory

Theis is the  log history on Master1

*[root@ip-172-31-42-197 ec2-user]# oc logs build/cakephp-example-1 -n
other-project*
*Error from server: Timeout: timed out waiting for build cakephp-example-1
to start after 10s*
*[root@ip-172-31-42-197 ec2-user]# oc get bc*
*[root@ip-172-31-42-197 ec2-user]# oc new-project forth-project*
*Now using project "forth-project" on server
"https://ip-172-31-40-129.us-west-2.compute.internal:8443
".*

*You can add applications to this project with the 'new-app' command. For
example, try:*

*$ oc new-app
centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git
*

*to build a new hello-world application in Ruby.*
*[root@ip-172-31-42-197 ec2-user]# oc new-app
centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git
*
*--> Found Docker image bffbe0b (7 days old) from Docker Hub for
"centos/ruby-22-centos7"*

*Ruby 2.2 *
* *
*Platform for building and running Ruby 2.2 applications*

*Tags: builder, ruby, ruby22*

** An image stream will be created as "ruby-22-centos7:latest" that
will track the source image*
** A source build using source code from
https://github.com/openshift/ruby-hello-world.git
 will be created*
*  * The resulting image will be pushed to image stream
"ruby-hello-world:latest"*
*  * Every time "ruby-22-centos7:latest" changes a new build will be
triggered*
** This image will be deployed in deployment config "ruby-hello-world"*
** Port 8080/tcp will be load balanced by service "ruby-hello-world"*
*  * Other containers can access this service through the hostname
"ruby-hello-world"*

*--> Creating resources with label app=ruby-hello-world ...*
*imagestream "ruby-22-centos7" created*
*imagestream "ruby-hello-world" created*
*buildconfig "ruby-hello-world" created*
*deploymentconfig "ruby-hello-world" created*
*service "ruby-hello-world" created*
*--> Success*
*Build scheduled, use 'oc logs -f bc/ruby-hello-world' to track its
progress.*
*Run 'oc status' to view your app.*
*[root@ip-172-31-42-197 ec2-user]# oc logs -f bc/ruby-hello-world*
*Error from server: Timeout: timed out waiting for build ruby-hello-world-1
to start after 10s*
*[root@ip-172-31-42-197 ec2-user]# oc desribe build ruby-hello-world-1*
*Error: unknown command "desribe" for "oc"*

*Did you mean this?*
* describe*

*Run 'oc --help' for usage.*
*[root@ip-172-31-42-197 ec2-user]# oc describe build ruby-hello-world-1*
*Name: ruby-hello-world-1*
*Created: 6 minutes ago*
*Labels: app=ruby-hello-world*
* buildconfig=ruby-hello-world*
* openshift.io/build-config.name=ruby-hello-world
*
*Annotations: openshift.io/build-config.name=ruby-hello-world
*
* openshift.io/build.number=1 *
* openshift.io/build.pod-name=ruby-hello-world-1-build
*

*Status: Pending*
*Duration: waiting for 6m6s*
*Build Config: ruby-hello-world*
*Build Pod: ruby-hello-world-1-build*

*Strategy: Source*
*URL: https://github.com/openshift/ruby-hello-world.git
*
*From Image: DockerImage
centos/ruby-22-centos7@sha256:a217f6e1a7f84d31a2eaa1722aaf5247884c26246e2b0812850630ee0c8f17aa*
*Output to: ImageStreamTag ruby-hello-world:latest*
*Push Secret: builder-dockercfg-lfjuw*

*Events:*
*  FirstSeen LastSeen Count From SubobjectPath Type Reason Message*
*  -  -  -  -- ---*
*  6m 6m 1 {default-scheduler } Normal Scheduled Successfully assigned
ruby-hello-world-1-build to ip-172-31-36-127.us-west-2.compute.internal*


*[root@ip-172-31-42-197 ec2-user]# oc events ruby-hello-world-1*
*Error: unknown command "events" for "oc"*
*Run 'oc --help' for usage.*
*[root@ip-172-31-42-197 ec2-user]# oc get events --namespace=forth-project*
*FIRSTSEEN   LASTSEEN   COUNT NAME   KIND
 SUBOBJECT   TYPE  REASON  SOURCE MESSAGE*
*8m  8m 1 

Re: Spurious warning when updating route without spec.host

[Pieter Nagel]

On Wed, Aug 31, 2016 at 2:44 PM, Jessica Forrester 
wrote:

> Can you check the About page in the console (under the ? menu), or run `oc
> version` to get the openshift master version


I just confirmed, the bug is gone in the v1.3.0-alpha.3+bbeb2f3 all-in-one
VM. I had been using v1.2.0

Sorry again for the noise.

-- 
Pieter Nagel
Lautus Solutions (Pty) Ltd
Building 27, The Woodlands, 20 Woodlands Drive, Woodmead, Gauteng
0832587540
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Spurious warning when updating route without spec.host

[Jessica Forrester]

Can you check the About page in the console (under the ? menu), or run `oc
version` to get the openshift master version

On Wed, Aug 31, 2016 at 8:36 AM, Pieter Nagel  wrote:

>
> On Wed, Aug 31, 2016 at 2:30 PM, Jordan Liggitt 
> wrote:
>
>> What version are you using? A similar bug (https://github.com/openshift/
>> origin/issues/9417) was fixed in 1.3.0-alpha3 in
>> https://github.com/openshift/origin/pull/9425
>> 
>>
>
> The OpenShift Origin all-in-one VM, sorry. I've been juggling between that
> and the Online Preview and confused the two.
>
>
> --
> Pieter Nagel
> Lautus Solutions (Pty) Ltd
> Building 27, The Woodlands, 20 Woodlands Drive, Woodmead, Gauteng
> 0832587540
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Spurious warning when updating route without spec.host

[Pieter Nagel]

On Wed, Aug 31, 2016 at 2:30 PM, Jordan Liggitt  wrote:

> What version are you using? A similar bug (https://github.com/openshift/
> origin/issues/9417) was fixed in 1.3.0-alpha3 in https://github.com/
> openshift/origin/pull/9425
> 
>

The OpenShift Origin all-in-one VM, sorry. I've been juggling between that
and the Online Preview and confused the two.


-- 
Pieter Nagel
Lautus Solutions (Pty) Ltd
Building 27, The Woodlands, 20 Woodlands Drive, Woodmead, Gauteng
0832587540
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Spurious warning when updating route without spec.host

[Jordan Liggitt]

What version are you using? A similar bug (
https://github.com/openshift/origin/issues/9417) was fixed in 1.3.0-alpha3
in https://github.com/openshift/origin/pull/9425




On Aug 31, 2016, at 8:25 AM, Clayton Coleman  wrote:

Yes, please file a bug.

On Aug 31, 2016, at 4:08 AM, Pieter Nagel  wrote:

Given a route definition in yaml that omits the spec.host value, OpenShift
will auto-generate a suitable host value, i.e.
blah-project.apps.10.2.2.2.xip.io on the all-in-one VM.

That's great, because then I can write route definitions that work
unchanged in the all-in-one VM and RedHat's OpenShift Online Preview.

But when I update the same, unchanged, route definition using 'oc apply
-f', I get an ugly yellow warning triangle in the web console that says
"Requested host undefined was rejected by the router. Reason: no host value
was defined for the route".

Shouldn't the semantics here be: since you still didn't specify the host
when you ran 'oc apply', you intend to keep on using the exact same host
value that was autogenerated the first time round, nothing has changed and
there's no error?

-- 
Pieter Nagel
Lautus Solutions (Pty) Ltd
Building 27, The Woodlands, 20 Woodlands Drive, Woodmead, Gauteng
0832587540

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Spurious warning when updating route without spec.host

[Clayton Coleman]

Yes, please file a bug.

On Aug 31, 2016, at 4:08 AM, Pieter Nagel  wrote:

Given a route definition in yaml that omits the spec.host value, OpenShift
will auto-generate a suitable host value, i.e.
blah-project.apps.10.2.2.2.xip.io on the all-in-one VM.

That's great, because then I can write route definitions that work
unchanged in the all-in-one VM and RedHat's OpenShift Online Preview.

But when I update the same, unchanged, route definition using 'oc apply
-f', I get an ugly yellow warning triangle in the web console that says
"Requested host undefined was rejected by the router. Reason: no host value
was defined for the route".

Shouldn't the semantics here be: since you still didn't specify the host
when you ran 'oc apply', you intend to keep on using the exact same host
value that was autogenerated the first time round, nothing has changed and
there's no error?

-- 
Pieter Nagel
Lautus Solutions (Pty) Ltd
Building 27, The Woodlands, 20 Woodlands Drive, Woodmead, Gauteng
0832587540

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: Openshift SDN considerations

[Skarbek, John]

Boris,

Regarding question one, this would be solved by using a route that is exposed 
by said authentication service. This prevents the need for having to join the 
various projects together. Only services between namespaces are locked down. 
The exposed route will still be available to any and all pods from whichever 
project.

Regarding question two, It sounds as if you need some sort of IDS or 
manipulation of iptables/firewalld rules on the openshift nodes. Though that 
can be difficult to manage and what I’d end up doing is probably putting all 
the openshift nodes on a separate network, such that I can put a firewall 
device between the openshift nodes and the rest of the network.


--
John Skarbek


On August 30, 2016 at 15:42:50, Boris Kodel 
(boris.ko...@gmail.com) wrote:

Hello,
I am working in strict security environment in which we use a firewall to limit 
the traffic between all of our servers. e.g application server 'A' can only 
access DB server 'B' via port 1521 and cannot access app 'C' nor database 'D' 
at any port.

Since by default openshift can schedule any pod on any host (and we wish to 
keep it that way) we have a difficulty complying with the organizational 
network security model.

We considered using the ovs-multitenant plug-in but still we have a couple of 
issues:

  1.  Limiting traffic inside openshift - if two projects need to communicate 
with each other we ought to merge their networks. But if we have some central 
service (like an authentication service) we will need to merge all of the 
network together thus diminishing the network isolation.
  2.  Limiting outbound traffic - If one of our projects needs access to some 
external service we must allow all of the openshift hosts to access it. So we 
wish to limit or at least monitor that only this particular project's pods 
access this service. [In general some tool that show network connections 
between the internal and the external networks would be most helpful.]

Did someone else ever tackled this issues? I guess that most 
financial/government organizations have some variation as we do.

Cheers,
Boris K.
___
users mailing list
users@lists.openshift.redhat.com
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openshift.redhat.com_openshiftmm_listinfo_users=DQICAg=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74=7uJd1nape9MBiQK60LsEZD40c4JZrbuCeAgGZ-XHUuY=niWSMaBOJrPaH6RG-P4JdDmZcWChHPgKwp-4OQHIXJY=
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Spurious warning when updating route without spec.host

[Pieter Nagel]

Given a route definition in yaml that omits the spec.host value, OpenShift
will auto-generate a suitable host value, i.e.
blah-project.apps.10.2.2.2.xip.io on the all-in-one VM.

That's great, because then I can write route definitions that work
unchanged in the all-in-one VM and RedHat's OpenShift Online Preview.

But when I update the same, unchanged, route definition using 'oc apply
-f', I get an ugly yellow warning triangle in the web console that says
"Requested host undefined was rejected by the router. Reason: no host value
was defined for the route".

Shouldn't the semantics here be: since you still didn't specify the host
when you ran 'oc apply', you intend to keep on using the exact same host
value that was autogenerated the first time round, nothing has changed and
there's no error?

-- 
Pieter Nagel
Lautus Solutions (Pty) Ltd
Building 27, The Woodlands, 20 Woodlands Drive, Woodmead, Gauteng
0832587540
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users