It's an origin flag - add it at the end. On Tue, Feb 16, 2016 at 10:41 AM, Marc Boorshtein <[email protected]> wrote: > Thanks Clayton. Is "--public-master" a docker flag? When I try it I get: > > [root@openshift ~]# docker run -d --name "origin" --privileged > --pid=host --net=bridge -p 8443:8443 -v /:/rootfs:ro -v > /var/run:/var/run:rw -v /sys:/sys -v /var/lib/docker:/var/lib/docker:rw > -v > /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes > --public-master openshift.tremolo.lan -h openshift.tremolo.lan > openshift/origin start > > flag provided but not defined: --public-master > > It looks like its passed to the openshift command, not docker? > > Thanks > > > On Tue, Feb 16, 2016 at 10:21 AM, Clayton Coleman <[email protected]> > wrote: >> >> The console is served on whatever you provide as "--public-master" to >> the docker run command. >> >> I don't think we've seen this particular one yet - we definitely >> tightened our accepted ciphers list to pull the insecure ones out, but >> please open an issue and we'll track it down. >> >> On Tue, Feb 16, 2016 at 9:18 AM, Marc Boorshtein <[email protected]> >> wrote: >> > All, >> > >> > I tried downloading and setting up openshift on docker >> > docker-engine-1.10.1-1 on centos7. I used the following command to get >> > up >> > and running: >> > >> > docker run -d --name "origin" --privileged --pid=host >> > --net=bridge >> > -p 8443:8443 -v /:/rootfs:ro -v /var/run:/var/run:rw -v >> > /sys:/sys -v >> > /var/lib/docker:/var/lib/docker:rw -v >> > >> > /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes >> > -h openshift.xxx.lan openshift/origin start >> > >> > When I try to go to the console on 8443 I get redirected to a 172 >> > address >> > and firefox complains that the SSL connection is broken: >> > >> > Secure Connection Failed >> > >> > An error occurred during a connection to openshift.xxxx.lan:8443. >> > security >> > library: improperly formatted DER-encoded message. (Error code: >> > sec_error_bad_der) >> > >> > The page you are trying to view cannot be shown because the >> > authenticity >> > of the received data could not be verified. >> > Please contact the website owners to inform them of this problem. >> > >> > but when I check the connection I get the following: >> > [root@openshift ~]# openssl s_client -connect >> > 'openshift.tremolo.lan:8443' >> > CONNECTED(00000003) >> > depth=1 CN = openshift-signer@1455630818 >> > verify error:num=19:self signed certificate in certificate chain >> > verify return:0 >> > --- >> > Certificate chain >> > 0 s:/CN=127.0.0.1 >> > i:/CN=openshift-signer@1455630818 >> > 1 s:/CN=openshift-signer@1455630818 >> > i:/CN=openshift-signer@1455630818 >> > --- >> > Server certificate >> > -----BEGIN CERTIFICATE----- >> > MIID8TCCAtugAwIBAgIBBjALBgkqhkiG9w0BAQswJjEkMCIGA1UEAwwbb3BlbnNo >> > aWZ0LXNpZ25lckAxNDU1NjMwODE4MB4XDTE2MDIxNjEzNTM0MloXDTE4MDIxNTEz >> > NTM0M1owFDESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC >> > AQ8AMIIBCgKCAQEA8NVlc/xYxrdo6ucYHoCtKvAjTxyCfdsAPGBm/VHbFQ+qLEIn >> > 6zk9eIKQ8kIHbm7xYFLFsvgBcmZwg6vf3NJoovaQREGqUo43Kuv2yk1NBVK5t3c9 >> > bA4fmNJFCjy31JsoSyYm/ndsVatF0y5K8YlFzgyFyMoOuWGuMTiAZAKqHW307/QM >> > IHkmMBt6++tO04F2f9T2Z9h/V677iJ9QC7YiGF+KL9hM7F4S/dwQWiwPso4gMaQF >> > QdvXv9OZoRQ6/0YY/UnLJFoF/hfLt4oODu0GSMK9BAuS/67aJilexcSDXXGeSuIh >> > OgN79UAW70bbd+OR8AqxU3EjiE8P9LMb87EpwwIDAQABo4IBPjCCATowDgYDVR0P >> > AQH/BAQDAgCgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwggED >> > BgNVHREEgfswgfiCCmt1YmVybmV0ZXOCEmt1YmVybmV0ZXMuZGVmYXVsdIIWa3Vi >> > ZXJuZXRlcy5kZWZhdWx0LnN2Y4Ika3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVz >> > dGVyLmxvY2Fsgglsb2NhbGhvc3SCCW9wZW5zaGlmdIIRb3BlbnNoaWZ0LmRlZmF1 >> > bHSCFW9wZW5zaGlmdC5kZWZhdWx0LnN2Y4Ijb3BlbnNoaWZ0LmRlZmF1bHQuc3Zj >> > LmNsdXN0ZXIubG9jYWyCCTEyNy4wLjAuMYIKMTcyLjE3LjAuMoIKMTcyLjMwLjAu >> > MYcEfwAAAYcErBEAAocErB4AATALBgkqhkiG9w0BAQsDggEBAAgxc6TRaCcT5jBP >> > Mj6K3CUkhN8S/3Us0gHIQ0ZYIvpzfi+HH9vUggS44E3I9OI2TN5pTZ0vDSbLMEva >> > VfvlZHsi4qlA/72rP50Gw+GMooofc8FHo08AXM2Lf/jE8/w88F4kXLZqVvnsQ/N4 >> > bxSDg+0tydEAVoBopcvIyUj7QGFT7MT7icHe2ql6vnoXwZzeTLEKoNSk/NXlbLs8 >> > IDW9bAa941SBYoVwyXsL5e4y7xqI4fKMX/gbF2FjAIwxa9PfeZKZ4bFNKY0b4LAr >> > Jl3NXbpbzmYlGqJwCBjY5JdOmXpjvkUv7ynYuV/ov65zz9RCfDp4CYDiZG80cgdj >> > Z1EmREE= >> > -----END CERTIFICATE----- >> > subject=/CN=127.0.0.1 >> > issuer=/CN=openshift-signer@1455630818 >> > --- >> > Acceptable client certificate CA names >> > /CN=openshift-signer@1455630818 >> > Server Temp Key: ECDH, prime256v1, 256 bits >> > --- >> > SSL handshake has read 2414 bytes and written 385 bytes >> > --- >> > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 >> > Server public key is 2048 bit >> > Secure Renegotiation IS supported >> > Compression: NONE >> > Expansion: NONE >> > SSL-Session: >> > Protocol : TLSv1.2 >> > Cipher : ECDHE-RSA-AES128-GCM-SHA256 >> > Session-ID: >> > 0F1D94EB43646490A6FAFE006BEC3149C48B8A11ACA71CD7B04FD6FA9EAFA0CC >> > Session-ID-ctx: >> > Master-Key: >> > >> > 3885305A1D2D8CCFB59A8C535ED0FD23388E774B6262EEF848A5E6B916C2471D1171A87A07AAF7D981916E2F57DDB8A1 >> > Key-Arg : None >> > Krb5 Principal: None >> > PSK identity: None >> > PSK identity hint: None >> > TLS session ticket: >> > 0000 - f9 2d fc 2d 20 77 06 2a-eb 9d 85 e1 ea 9f 3a 82 .-.- >> > w.*......:. >> > 0010 - a1 c4 b2 10 89 ee 94 33-31 62 fe f4 44 3f e1 16 >> > .......31b..D?.. >> > 0020 - 4d af 2a 01 b6 f6 d2 62-b7 c2 a6 6c 75 d1 c3 a2 >> > M.*....b...lu... >> > 0030 - 90 89 2f 22 eb 02 71 08-38 3b aa 7e ee 0f 39 ee >> > ../"..q.8;.~..9. >> > 0040 - 52 2e f2 1f 47 63 56 a8-65 79 01 7a ab 0d f7 de >> > R...GcV.ey.z.... >> > 0050 - 13 b0 6c 49 58 23 46 dc-ec 00 9a 3c 95 3d 87 6c >> > ..lIX#F....<.=.l >> > 0060 - b2 da de d4 25 e6 94 87- ....%... >> > >> > Start Time: 1455632113 >> > Timeout : 300 (sec) >> > Verify return code: 19 (self signed certificate in certificate >> > chain) >> > --- >> > >> > A couple of questions: >> > 1. Is there an environment variable I can set that lets me set the host >> > name openshift console redirects to? (so i don't get redirected to an >> > IP) >> > 2. Has anyone run into this issue with firefox? Google seems to think >> > its >> > because firefox doesn't support the cipher. >> > >> > Any help would be greatly appreciated. >> > >> > Thanks >> > Marc >> > >> > _______________________________________________ >> > users mailing list >> > [email protected] >> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
