Ram, any debugging ideas? On Tue, Feb 16, 2016 at 3:20 AM, Fran Barrera <[email protected]> wrote: > Hello Clayton, > > True, it was that, now I can access to this pod and watch the > keepalived.conf but seems be correctly. > From this node I can ping and telnet 80 correctly, but if I put this IP in > the wildcard, I can't access to anything. If I try telnet VIP 80 from other > Node I can't access. > > Regards. > > 2016-02-15 16:58 GMT+01:00 Clayton Coleman <[email protected]>: >> >> Are you logged in as a system admin when you try to rsh? You can't >> rsh into a pod unless you (the user) have access to the SCC. >> >> On Mon, Feb 15, 2016 at 10:44 AM, Fran Barrera <[email protected]> >> wrote: >> > Hello Clayton, >> > >> > The service account is router (I've tried to create a new service >> > account >> > for ipfailover but the same error). Yes, the SCC is privileged, if I >> > edit >> > this I can see the service account: >> > >> > - system:serviceaccount:default:router >> > >> > Regards. >> > >> > 2016-02-15 16:13 GMT+01:00 Clayton Coleman <[email protected]>: >> >> >> >> What service account is the ipfa-pod using, and can you verify that >> >> the SCC correctly points to it? >> >> >> >> On Mon, Feb 15, 2016 at 8:53 AM, Fran Barrera <[email protected]> >> >> wrote: >> >> > If I try "oc rsh ipfa-pod" this is the output: >> >> > >> >> > Error from server: pods "ipfa-ha-router-1-2e2t7" is forbidden: unable >> >> > to >> >> > validate against any security context constraint: [provider >> >> > restricted: >> >> > .spec.securityContext.hostNetwork: invalid value 'true', Details: >> >> > Host >> >> > network is not allowed to be used provider restricted: >> >> > .spec.containers[0].securityContext.privileged: invalid value 'true', >> >> > Details: Privileged containers are not allowed provider restricted: >> >> > .spec.containers[0].securityContext.VolumeMounts: invalid value >> >> > 'lib-modules', Details: Host Volumes are not allowed to be used >> >> > provider >> >> > restricted: >> >> > .spec.containers[0].securityContext.containers.0.hostPort: >> >> > invalid value '1985', Details: Host ports are not allowed to be used] >> >> > >> >> > I've created the ip failover with the same scc that the router. >> >> > >> >> > >> >> > >> >> > 2016-02-15 13:54 GMT+01:00 Fran Barrera <[email protected]>: >> >> >> >> >> >> Hello, >> >> >> >> >> >> I've a problem to deploy router in HA. I've following the steps >> >> >> >> >> >> (https://docs.openshift.org/latest/admin_guide/high_availability.html). >> >> >> >> >> >> Everything was correct. I can see the VIP that I've assigned in the >> >> >> Node: >> >> >> >> >> >> [root@openshift-master1 ~]# ip addr show >> >> >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> >> >> state >> >> >> UP qlen 1000 >> >> >> inet 192.168.0.77/16 brd 192.168.255.255 scope global dynamic >> >> >> eth0 >> >> >> valid_lft 80140sec preferred_lft 80140sec >> >> >> inet 10.14.128.155/32 scope global eth0 >> >> >> valid_lft forever preferred_lft forever >> >> >> >> >> >> From this Node I can ping correctly, but from other node or other PC >> >> >> I >> >> >> can't access to this VIP, so I can't put his VIP in the DNS. >> >> >> >> >> >> It's like that the problem is Iptables of this node, but I'm not >> >> >> sure, >> >> >> so >> >> >> I don't know what is happening. >> >> >> >> >> >> Any suggestions? >> >> >> >> >> >> Best Regards, >> >> >> Fran. >> >> > >> >> > >> >> > >> >> > _______________________________________________ >> >> > users mailing list >> >> > [email protected] >> >> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > >> > >> > > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
