Hello Clayton, True, it was that, now I can access to this pod and watch the keepalived.conf but seems be correctly. >From this node I can ping and telnet 80 correctly, but if I put this IP in the wildcard, I can't access to anything. If I try telnet VIP 80 from other Node I can't access.
Regards. 2016-02-15 16:58 GMT+01:00 Clayton Coleman <[email protected]>: > Are you logged in as a system admin when you try to rsh? You can't > rsh into a pod unless you (the user) have access to the SCC. > > On Mon, Feb 15, 2016 at 10:44 AM, Fran Barrera <[email protected]> > wrote: > > Hello Clayton, > > > > The service account is router (I've tried to create a new service account > > for ipfailover but the same error). Yes, the SCC is privileged, if I edit > > this I can see the service account: > > > > - system:serviceaccount:default:router > > > > Regards. > > > > 2016-02-15 16:13 GMT+01:00 Clayton Coleman <[email protected]>: > >> > >> What service account is the ipfa-pod using, and can you verify that > >> the SCC correctly points to it? > >> > >> On Mon, Feb 15, 2016 at 8:53 AM, Fran Barrera <[email protected]> > >> wrote: > >> > If I try "oc rsh ipfa-pod" this is the output: > >> > > >> > Error from server: pods "ipfa-ha-router-1-2e2t7" is forbidden: unable > to > >> > validate against any security context constraint: [provider > restricted: > >> > .spec.securityContext.hostNetwork: invalid value 'true', Details: Host > >> > network is not allowed to be used provider restricted: > >> > .spec.containers[0].securityContext.privileged: invalid value 'true', > >> > Details: Privileged containers are not allowed provider restricted: > >> > .spec.containers[0].securityContext.VolumeMounts: invalid value > >> > 'lib-modules', Details: Host Volumes are not allowed to be used > provider > >> > restricted: .spec.containers[0].securityContext.containers.0.hostPort: > >> > invalid value '1985', Details: Host ports are not allowed to be used] > >> > > >> > I've created the ip failover with the same scc that the router. > >> > > >> > > >> > > >> > 2016-02-15 13:54 GMT+01:00 Fran Barrera <[email protected]>: > >> >> > >> >> Hello, > >> >> > >> >> I've a problem to deploy router in HA. I've following the steps > >> >> ( > https://docs.openshift.org/latest/admin_guide/high_availability.html). > >> >> > >> >> Everything was correct. I can see the VIP that I've assigned in the > >> >> Node: > >> >> > >> >> [root@openshift-master1 ~]# ip addr show > >> >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > >> >> state > >> >> UP qlen 1000 > >> >> inet 192.168.0.77/16 brd 192.168.255.255 scope global dynamic > eth0 > >> >> valid_lft 80140sec preferred_lft 80140sec > >> >> inet 10.14.128.155/32 scope global eth0 > >> >> valid_lft forever preferred_lft forever > >> >> > >> >> From this Node I can ping correctly, but from other node or other PC > I > >> >> can't access to this VIP, so I can't put his VIP in the DNS. > >> >> > >> >> It's like that the problem is Iptables of this node, but I'm not > sure, > >> >> so > >> >> I don't know what is happening. > >> >> > >> >> Any suggestions? > >> >> > >> >> Best Regards, > >> >> Fran. > >> > > >> > > >> > > >> > _______________________________________________ > >> > users mailing list > >> > [email protected] > >> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >> > > > > > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
