Re: How to use extra trusted CA certs when pulling images for a builder

On Wed, 13 Nov 2019 at 01:34, Ben Parees wrote: > > > On Tue, Nov 12, 2019 at 3:45 AM Joel Pearson < > japear...@agiledigital.com.au> wrote: > >> >> >> On Tue, 12 Nov 2019 at 15:37, Ben Parees wrote: >> >>> >>>

Re: How to use extra trusted CA certs when pulling images for a builder

On Mon, 18 Nov 2019 at 12:37, Ben Parees wrote: > > > On Sun, Nov 17, 2019 at 7:24 PM Joel Pearson < > japear...@agiledigital.com.au> wrote: > >> >> >> On Wed, 13 Nov 2019 at 02:43, Ben Parees wrote: >> >>> >>> >>> On Mo

Re: How to use extra trusted CA certs when pulling images for a builder

On Tue, 12 Nov 2019 at 15:37, Ben Parees wrote: > > > On Mon, Nov 11, 2019 at 11:26 PM Joel Pearson < > japear...@agiledigital.com.au> wrote: > >> I've now discovered that the cluster-samples-operator doesn't seem honour >> the proxy settings, and I see lots of

Re: How to use extra trusted CA certs when pulling images for a builder

On Tue, 12 Nov 2019 at 06:56, Ben Parees wrote: > > >> >> Can I use the “trustedCA” part of the proxy configuration without >> actually specifying an explicit proxy? >> > > you should be able to. Daneyon can you confirm? (if you can't i'd > consider it a bug). > > It does work! Thanks for

Re: How to use extra trusted CA certs when pulling images for a builder

etailed message Internal error occurred: Get https://registry.redhat.io/v2/: x509: certificate signed by unknown authority" Is there a way to get that operator to use the same user-ca-bundle? On Tue, 12 Nov 2019 at 14:46, Joel Pearson wrote: > > > On Tue, 12 Nov 201

Re: ocp 4.3 nightly install on openstack queens

On Wed, 4 Dec 2019 at 08:02, Dale Bewley wrote: > > On Tue, Nov 26, 2019 at 7:29 PM Joel Pearson < > japear...@agiledigital.com.au> wrote: > > Thanks for taking the time to reply, Joel. > > >> On Sat, 23 Nov 2019 at 13:21, Dale Bewley wrote: >> >&g

Re: ocp 4.3 nightly install on openstack queens

r says: > > DEBUG Still waiting for the cluster to initialize: Some cluster operators > are still updating: authentication, console, image-registry, ingress, > monitoring > > I guess I'll keep watching > https://bugzilla.redhat.com/show_bug.cgi?id=1769879 and > ht

Fwd: ocp 4.3 nightly install on openstack queens

On Mon, 16 Dec 2019 at 14:41, Dale Bewley wrote: > > > On Sat, Dec 14, 2019 at 3:31 AM Joel Pearson < > japear...@agiledigital.com.au> wrote: > >> I think there is one last thing that is worth trying... >> >> On Sat, 14 Dec 2019 at 18:56, Dale Bewley

Failing to bootstrap disconnected 4.2 cluster on metal

Hi, I'm trying to bootstrap a disconnected (air-gapped) 4.2 cluster using the bare metal method . It is technically vmware, but I'm following the bare metal

Re: Failing to bootstrap disconnected 4.2 cluster on metal

> > quay.io/openshift-release-dev/ocp-release:4.2.0$ oc adm release info > --pullspecs > quay.io/openshift-release-dev/ocp-release:4.2.2 | grep -A3 Images: Ooh, does this mean 4.2.2 is out or the release is imminent? Should I be trying to install 4.2.2 instead of 4.2.0? ... And it's not in

Re: Failing to bootstrap disconnected 4.2 cluster on metal

; > > >> On Sun, Oct 27, 2019 at 2:17 AM Joel Pearson wrote: > >> Ooh, does this mean 4.2.2 is out or the release is imminent? Should I > be trying to install 4.2.2 instead of 4.2.0? > > > > 4.2.2 exists and is in candidate-4.2. That means it's currently >

Re: Failing to bootstrap disconnected 4.2 cluster on metal

e, 29 Oct 2019 at 05:24, W. Trevor King wrote: > On Mon, Oct 28, 2019 at 4:05 AM Joel Pearson wrote: > > Maybe must-gather could be included in the release manifest so that it's > available in disconnected environments by default? > > It is: > > $ oc adm release i

Re: Failing to bootstrap disconnected 4.2 cluster on metal

> > Almost always means a node is broken / blocked / unable to schedule pods, > which prevents DNS from deploying. That's the weird thing though. DNS is deployed, and all the nodes are happy according to "oc get nodes". It seems that the operator is misreporting the error. In the console

Re: Idle OpenShift 4.2 Image Registry running on Azure listing storage keys about 40 times per minute

API request every 10 minutes when the operator's relist > interval is hit. ~40 per minute suggests that we are reacting to a lot of > events that we probably shouldn't react to. > > On Mon, Nov 25, 2019 at 1:19 AM Joel Pearson < > japear...@agiledigital.com.au> wrote: >

Failure to detach Azure Disk in OpenShift 4.2.7 after 15 minutes

Hi, I updated some machine config to configure chrony for masters and workers, and I found that one of my containers got stuck after the masters had restarted. One of the containers still couldn't start for 15 minutes, as the disk was still attached to master-2 whereas the pod had been scheduled

Idle OpenShift 4.2 Image Registry running on Azure listing storage keys about 40 times per minute

Hi, I've noticed a strange thing with the Image Registry running on Azure in OpenShift 4.2.7 (possibly all other versions too). When the registry is idle, I'm seeing about 40 requests per minute for "List Storage Account Keys" per minute in Azure console, under the resource group "Activity log".

Re: Failure to detach Azure Disk in OpenShift 4.2.7 after 15 minutes

to say. If you can > recreate it and run must gather we might be able to find it. > > On Nov 24, 2019, at 10:25 PM, Joel Pearson > wrote: > > Hi, > > I updated some machine config to configure chrony for masters and workers, > and I found that one of my containers got st

Re: How to recover from failed update in OpenShift 4.2.x?

On Thu, 21 Nov 2019 at 10:58, Clayton Coleman wrote: > > > On Nov 17, 2019, at 9:34 PM, Joel Pearson > wrote: > > So, I'm running OpenShift 4.2 on Azure UPI following this blog article: > https://blog.openshift.com/openshift-4-1-upi-environment-deployment-on-

Re: ocp 4.3 nightly install on openstack queens

On Sat, 23 Nov 2019 at 13:21, Dale Bewley wrote: > Hello, > I'm testing OCP 4.3 2019-11-19 nightly on OSP 13. > > I added my CA cert [1] to install-config.yaml [3] and the installer now > progresses. I can even `oc get nodes` and see the masters. [2]. > > I still have the following errors and

Re: where does CRC store its data?

Hi Marvin, Did you ever use minishift? It behaves in the same way, all the data is inside the CRC VM. If you manage to get into the CRC VM, and you get to /mnt/pv-data then you'd see lots of directories pv0001, pv0002 etc. If you create yourself a PVC then it will automatically attach to an

DNS resolution performance woeful while CRC is running in Windows

Hi, I'm wondering if someone can let me know how the crc.testing domain works in crc for windows? I can't see any entries in c:\windows\system32\drivers\etc\hosts, and my DNS entries appear to be the same, but a dig command doesn't find api.crc.testing, so it's doing something special to get

Re: DNS resolution performance woeful while CRC is running in Windows

. > > > > Beste Grüße / Best regards > > > *Jens-Uwe Walther * > > > > M: +49 (160) 97250976 > > > > *Von:* users-boun...@lists.openshift.redhat.com < > users-boun...@lists.openshift.redhat.com> *Im Auftrag von *Joel Pearson > *Gesendet:* Montag

Can't use the privileged scc in OpenShift 4.2.16

Hi, I have been trying to use the privileged scc in OpenShift 4.2.16 I follow the normal way adding an scc to a service account. oc create sa jira oc adm policy add-scc-to-user privileged -z jira But it always ends up using the restricted scc. However, anyuid gets applied successfully. I read

Re: Can't use the privileged scc in OpenShift 4.2.16

prise for users in your cluster. > This is not a big deal, on a lab, if you're just testing something on your > own, ... though I would avoid this on real-life clusters, or warn other > admins at least, ideally make sure only your Jira SA may use that SCC. > > > Regards. > > >

Re: configuring frontend 2 the openshift

Hi Kate, Regarding part of question 2, it looks like you added an extra slash before /console, ie your error message shows "//console". I tried it on my OpenShift 3.x cluster and having a double forward-slash at the front created the same problem. So try removed that extra slash before, so that

How to debug the machine config operator in 4.2.10?

Hi, I've been having trouble to get openshift to reliably accept CA's for custom secure registries: We've been following this guide: https://docs.openshift.com/container-platform/4.2/builds/setting-up-trusted-ca.html And it has worked sometimes and not others. The most frustrating bit is not

Re: How to debug the machine config operator in 4.2.10?

xtra trusted CAs that were configured during installation, so I'm wondering if the content mismatch in the MCO is related to merging the CA certs for images and the certs inside the "user-ca-bundle" configmap in the "openshift-config" namespace Any ideas? On Tue, 18 Feb 2020

Re: OpenShift on Fedora – a Quick Installation

gt; users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > -- Kind Regards, Joel Pearson Agile Digital | Senior Software Consultant Love Your Software™ | ABN 98 106 361 273 p: 1300 858 277 | m: 0405 417 843 <040541784

Re: OCP 4.2 setup -

On Fri, 10 Jan 2020 at 20:06, sofia qirjazi wrote: > Cool, thanks! > > Before deploying the OCP cluster that uses UPI, It is needed configuration > of DHCP , LB and DNS. > I am interested to know which is : > > a) Which is DNS best practice for offine installation? >For DNS server , it is

Re: ocp4 no way to configure ROUTER_USE_PROXY_PROTOCOL

It looks like the proxy protocol is only supported on AWS. Maybe you should create a Bugzilla ticket requesting support for the proxy protocol in a general way? I will most likely need this myself in the future too.

Re: okd web console custom SSL certificate

Hi, If you can I'd recommend OpenShift 4.x, however, if you want to stay on 3.11, then I'd recommend an ansible based install. It is much more configurable than oc cluster up. There is an "all-in-one" inventory where it's just a single node.

Re: Installing packages on OKD 4 nodes

Hi Benjamin, Have you checked if you actually need it? At least enterprise openshift 4.x already had ptp support in the kernel (without a module), as I bumped into it earlier in the year for PTP Azure syncing, I opened a support ticket and it turned out I just needed this in chrony.conf refclock

Re: Installing packages on OKD 4 nodes

they mention is: $ cat << EOF | base64 -w0 refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0 driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync logdir /var/log/chrony EOF On Wed, 28 Oct 2020 at 22:32, Joel Pearson wrote: > Hi Benjamin, > > Have you checked if you actually need it? At l

Re: Installing packages on OKD 4 nodes

I found this Fedora documentation earlier about PTP > https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/servers/Configuring_PTP_Using_ptp4l/ > Where they mention this linuxptp package, hence my questions. > > If I can't manage this, I'll resort to using standard NTP instead of

Re: scaleTargetRef for autoscaling

Hi Marvin, I presume you are using a deployment config? If so, doesn't a deployment config create a new replication controller every time you do a deploy? Which means you'd lose your scaling every deploy, so I think if you are using deployment configs, then you'd want to reference those, rather

Re: Installing packages on OKD 4 nodes

arding NTP/PTP I'm afraid I didn't > find any. > > Best, > -- > Benjamin > ------ > *De: *"Joel Pearson" > *À: *"Benjamin Guillon" > *Cc: *"users" > *Envoyé: *Mercredi 28 Octobre 2020 13:56:05 > *Objet: *Re:

<    1   2