Re: OpenShift master keeps consuming lots and memory and swapping

Firstly, leaving swap enabled is an anti-pattern in general [0] as OpenShift is then unable to recognize OOM conditions until performance is thoroughly degraded. Secondly, we generally recommend to our customers that they have at least 20GB [1] for Masters. I've seen many customers go far past

Re: OpenShift master keeps consuming lots and memory and swapping

You can hit the master prometheus endpoint to see what is going on (or run prometheus from the release-3.6 branch in examples/prometheus): oc get --raw /metrics As an admin will dump the apiserver prometheus metrics for that server. You can look at (going from memory here)

Re: OpenShift master keeps consuming lots and memory and swapping

Hi Clayton, We’re running 3.6.1 I believe. It was installed a few weeks ago using OpenShift ansible on the the release-3.6 branch. We’re running 11 namespaces, 2 nodes, 7 pods, so it’s pretty minimal. I’ve never run this prune.

Re: OpenShift master keeps consuming lots and memory and swapping

What version are you running? How many nodes, pods, and namespaces? Excessive memory use can be caused by not running prune or having an automated process that creates lots of an object. Excessive CPU use can be caused by an errant client or component stuck in a hot loop repeatedly taking the

LDAP bindPassword in Ansible inventory

Hi, I see there's a way to encrypt an ldap bind password for use in the master configs. But I'm not sure how this would work in the Ansible inventory configuration

Re: which branch of sensible playbook should be used

We’ve had some issues with clone of the branch and chose to clone master as the official documentation states and you note from 2nd link. We do however, specify the versions, in our playbook # Specify the generic release version openshift_release: v3.6.0 openshift_image_tag: v3.6.0

Re: Which branch of ansible playbook should be used when installing openshift origin 3.6?

That seems incorrect to me, the online documentation. I would recommend staying on the release-3.6 branch for a 3.6 installation. On Fri, Oct 20, 2017 at 12:58 PM, Yu Wei wrote: > Hi， > > I'm a little confused about which branch should be used during "advanced >

No route to host when trying to connect to services

Hi guys, I setup openshift origin cluster 3.6 and deployed 3 zookeeper instances as cluster. I met error “no route to host" when trying to connect to one zookeeper via service. The detailed information is as below, zookeeper-1 172.30.64.134

Which branch of ansible playbook should be used when installing openshift origin 3.6?

Hi， I'm a little confused about which branch should be used during "advanced installation". From document in https://github.com/openshift/openshift-ansible, it seemed branch 3.6 should be used. From doc

Re: DNS resolving problem - in pod

1. is the service in the same namespace as the pod you're testing in? 2. connect through the FQDN of the service (kibanasg.fullnamespace.svc.cluster.local) On 20. 10. 2017 11:14, Łukasz Strzelec wrote: Thx guys ;)Nope, this is not this case. I've notice that I can reach SVC via IP

Re: DNS resolving problem - in pod

Thx guys ;)Nope, this is not this case. I've notice that I can reach SVC via IP addresses. But when I want do the same with name of svc, I'm recieving "name or service not known". Where to start debugging ? Best regards 2017-10-19 15:27 GMT+02:00 Mateus Caruccio

Re: service account for rest api

hello > El 20 oct 2017, a las 9:57, Frederic Giloux escribió: > > Hi Julio > > a couple of points here: > - oc policy add-role-to-user admin system:serviceaccounts:project1:inciga -n > project1 would have worked for the project. did not work :( trust me .. checked a lot

Re: service account for rest api

Hi Julio a couple of points here: - oc policy add-role-to-user admin system:serviceaccounts:project1:inciga -n project1 would have worked for the project. If you have used oadm policy add-cluster-role-to-user you should use a cluster role, which view or cluster-admin are and admin is not. - we

Re: service account for rest api

python problem solved too all working view role was the key :/ > El 20 oct 2017, a las 9:27, Julio Saura escribió: > > problem solved > > i do not know why but giving user role view instead of admin make the trick .. > > :/ > > now i am able to access using curl with

Re: service account for rest api

problem solved i do not know why but giving user role view instead of admin make the trick .. :/ now i am able to access using curl with the token, but not using python xD i get a 401 with long token, but i i use the short one that oc login gives works xD > El 20 oct 2017, a las 8:59,

Re: service account for rest api

Julio, have you tried the command with higer log level as per my previous email? # oc get rc -n project1 --as=system:serviceaccounts:project1:inciga --loglevel=8 This gives you the successful rest call, which is made by the OC client to the API server. You can then check whether it differs from

Re: service account for rest api

headers look ok in curl request * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS

Re: service account for rest api

compiled last stable curl version same problem { "kind": "Status", "apiVersion": "v1", "metadata": {}, "status": "Failure", "message": "User \"system:serviceaccount:project1:inciga\" cannot list replicationcontrollers in project \”project1\"", "reason": "Forbidden", "details": {

Re: service account for rest api

tried no luck :( Julio Saura Alejandre Responsable Servicios Gestionados hiberus TRAVEL Tel.: + 34 902 87 73 92 Ext. 659 Parque Empresarial PLAZA Edificio EXPOINNOVACIÓN C/. Bari 25 Duplicado, Escalera 1, Planta 2ª. 50197 Zaragoza www.hiberus.com Crecemos contigo Este