Isn’t flushing iptable rules a dangerous option? I thought iptables was heavily utilized for destination NAT’ing for the kube service…
-- John Skarbek On April 19, 2016 at 00:23:39, v ([email protected]<mailto:[email protected]>) wrote: Hey, I'd try to disable all firewall rules and then see if the error message is still there. For example: iptables -F iptables -t nat -F systemctl restart origin-master origin-node docker openvswitch Note that all iptables chains have to be set to policy "accept" for this to work. "No route to host" can be caused by "--reject-with icmp-host-prohibited" so you can try looking for that in your firewall config too. Regards, v Am 2016-04-19 um 07:38 schrieb Sebastian Wieseler: > Hi Clayton, > Thanks for your reply. > > I opened now the firewall and have only the iptables rules from ansible in > place. > 4789 UDP is open for the OVS as I saw. > > I ran ansible again and deployed the pod without any success. > Restarting the OVS daemon everywhere in the masters,nodes doesn’t help either. > > What’s the procedure to get it fixed? > Thanks again in advance. > > Greetings, > Sebastian > > >> On 19 Apr 2016, at 12:06 PM, Clayton Coleman <[email protected]> wrote: >> >> This is very commonly a misconfiguration of the network firewall rules >> and the Openshift SDN. Pods attempt to connect over OVS bridges to >> the masters, and the OVS traffic is carried over port 4789 (I think >> that's the port, you may want to double check). >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en_openshift-2Denterprise_3.1_cluster-2Dadministration_chapter-2D17-2Dtroubleshooting-2Dopenshift-2Dsdn&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=Iekdl0wEmzIYng61ltSIpzfAwlsvKjfViYDRUIAfsCk&e= >> >> Covers debugging network configuration issues >> >>> On Apr 18, 2016, at 11:28 PM, Sebastian Wieseler >>> <[email protected]> wrote: >>> >>> Hi community, >>> We’re having difficulties to deploy pods. >>> Our setup includes three masters plus three nodes. >>> >>> If we deploy a pod in the default project on a master, everything works >>> fine. >>> But when we’re deploying it on a node, we’re getting STATUS Error for the >>> pod and the log shows: >>> F0418 09:07:26.429738 1 deployer.go:70] couldn't get deployment >>> project/pod-1: Get >>> https://urldefense.proofpoint.com/v2/url?u=https-3A_172.30.0.1-3A443_api_v1_namespaces_project_replicationcontrollers_pod-2D1-3A&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=fTG-cS_Z2IyG5kH5Txkpg1bs1lu_Bnn9of2LJSCuFZ0&e= >>> dial tcp X.X.X.X:443: getsockopt: no route to host >>> >>> 172.30.0.1 is the default address for kubernetes. >>> If I execute curl >>> https://urldefense.proofpoint.com/v2/url?u=https-3A__172.30.0.1-3A443_api_v1_namespaces_project_replicationcontrollers_pod-2D1on&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=kUv7hJlaucVB2gW1diMvJuAX88rwKYGPNyiJ-mdsRRw&e= >>> the master or on the nodes, I’ll get a valid response. >>> >>> How come the pod doesn’t have a route? I couldn’t find much in the logs. >>> First I thought it’s a firewall issue, but even with "allow any" it doesn’t >>> work. >>> >>> Our syslog is also full of these messages, on master and nodes: >>> >>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 >>> 03:15:24.578086 32022 iowatcher.go:103] Unexpected EOF during watch stream >>> event decoding: unexpected EOF >>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 >>> 03:15:24.947147 32022 iowatcher.go:103] Unexpected EOF during watch stream >>> event decoding: unexpected EOF >>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 >>> 03:15:24.948047 32022 iowatcher.go:103] Unexpected EOF during watch stream >>> event decoding: unexpected EOF >>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 >>> 03:15:24.948076 32022 iowatcher.go:103] Unexpected EOF during watch stream >>> event decoding: unexpected EOF >>> Apr 19 03:15:25 localhost atomic-openshift-master-api: I0419 >>> 03:15:25.576047 32022 iowatcher.go:103] Unexpected EOF during watch stream >>> event decoding: unexpected EOF >>> Apr 19 03:15:26 localhost atomic-openshift-master-api: I0419 >>> 03:15:26.207263 32022 iowatcher.go:103] Unexpected EOF during watch stream >>> event decoding: unexpected EOF >>> Apr 19 03:15:27 localhost origin-master-controllers: I0419 03:15:27.947460 >>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>> unexpected EOF >>> Apr 19 03:15:28 localhost origin-master-controllers: I0419 03:15:28.580092 >>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>> unexpected EOF >>> Apr 19 03:15:28 localhost origin-master-controllers: I0419 03:15:28.961733 >>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>> unexpected EOF >>> Apr 19 03:15:30 localhost origin-master-controllers: I0419 03:15:30.577072 >>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>> unexpected EOF >>> Apr 19 03:15:31 localhost origin-master-controllers: I0419 03:15:31.947765 >>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>> unexpected EOF >>> Apr 19 03:15:32 localhost origin-master-controllers: I0419 03:15:32.579114 >>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>> unexpected EOF >>> Apr 19 03:15:33 localhost origin-master-controllers: I0419 03:15:33.199725 >>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>> unexpected EOF >>> Apr 19 03:15:34 localhost origin-master-controllers: I0419 03:15:34.199899 >>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>> unexpected EOF >>> Apr 19 03:15:34 localhost origin-master-controllers: I0419 03:15:34.200178 >>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>> unexpected EOF >>> Apr 19 03:15:34 localhost origin-node: I0419 03:15:34.577084 32236 >>> iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>> unexpected EOF >>> >>> Don’t know if this is related? >>> >>> Thanks a lot for your help! >>> Greetings, >>> Sebastian >>> >>> >>> >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openshift.redhat.com_openshiftmm_listinfo_users&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=RmKv2YcUurLjqB7Wdlh-O4xH9kt3QKFoJlaK58f4A8k&e= > > _______________________________________________ > users mailing list > [email protected] > https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openshift.redhat.com_openshiftmm_listinfo_users&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=RmKv2YcUurLjqB7Wdlh-O4xH9kt3QKFoJlaK58f4A8k&e= _______________________________________________ users mailing list [email protected] https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openshift.redhat.com_openshiftmm_listinfo_users&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=RmKv2YcUurLjqB7Wdlh-O4xH9kt3QKFoJlaK58f4A8k&e=
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
