This are all the steps I'm performing:
oc new-project logging
$ oc secrets new logging-deployer nothing=/dev/null
$ oc process logging-deployer-account-template -n openshift \
| oc create -f -
$ oc policy add-role-to-user edit --serviceaccount logging-deployer
$ oc policy add-role-to-user daemonset-admin --serviceaccount logging-deployer
$ oadm policy add-cluster-role-to-user oauth-editor \
system:serviceaccount:logging:logging-deployer
$ oadm policy add-scc-to-user \
privileged system:serviceaccount:logging:aggregated-logging-fluentd
$ oadm policy add-cluster-role-to-user cluster-reader \
system:serviceaccount:logging:aggregated-logging-fluentd
Than I execute the deployer template:
$ oc process logging-deployer-template -n openshift \
-v
KIBANA_HOSTNAME=kibana.example.com,ES_CLUSTER_SIZE=1,PUBLIC_MASTER_URL=https://localhost:8443
\
| oc create -f -
This creates 3 logging-fluentd pods (I have 3 nodes, 1 unschedulable on master
machine) and some empty services (the logs of the pods are telling me the
permission error)
When I check oc edit scc privileged and oc edit scc hostmount-anyuid it's all
fine.
I sometimes perform (not very clear):
oc process logging-es-template | oc create -f -
It's creating a dc but isn't doing/creating anything
$ oc label nodes --all logging-infra-fluentd=true
I've edited /master/master-config.yaml + restart
$ oc scale dc/logging-kibana --replicas=2
$ oc delete oauthclient/kibana-proxy
$ oc process logging-support-template | oc create -f -
The last step creates also some pods. It's a bit weird for me that this step is
only mentioned for troubleshooting or is
it an issue that I don't have those pods after executing the deployer-template?
From: [email protected]
To: [email protected]
CC: [email protected]
Subject: RE: Aggregating container logs using Kibana
Date: Tue, 5 Apr 2016 18:00:02 +0200
I still have the same issue:
I've deleted it from scc hostmount-anyuid and added it on scc privileged.
I've deleted all fluentd pods but still the same issue. Even after recreating
the project.
From: [email protected]
Date: Tue, 5 Apr 2016 10:29:04 -0400
Subject: Re: Aggregating container logs using Kibana
To: [email protected]
CC: [email protected]
On Tue, Apr 5, 2016 at 10:26 AM, Luke Meyer <[email protected]> wrote:
2016-04-05 10:55:13 +0000 [error]: unexpected error error_class=Errno::EACCES
error=#<Errno::EACCES: Permission denied - /var/log/es-containers.log.pos>
This looks like
https://github.com/openshift/origin-aggregated-logging/issues/89 - keeps
fluentd from reading any logs on the node.
You should be able to resolve this by adding the fluentd service account to the
privileged SCC, then having fluentd restart everywhere.
oadm policy add-scc-to-user privileged
system:serviceaccount:logging:aggregated-logging-fluentd
Oh; probably need to also remove them from the hostmount-anyuid SCC.
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users