Hey v, Hey Clayton, Thanks for your help. I didn’t flush the iptables in the end, but ALLOW’ed all communication and watched netstat -atn closely.
Figured out, that you need port 8443 for communication between nodes and masters as well. Previously I thought that nodes would establish the communication to the general master API address, instead of directly to the masters. So you actually need to allow port tcp,8443 for node -> master communication as well. Thanks again. Greetings, Sebastian > On 19 Apr 2016, at 2:21 PM, v <[email protected]> wrote: > > Hey, > > I'd try to disable all firewall rules and then see if the error message is > still there. > For example: > iptables -F > iptables -t nat -F > systemctl restart origin-master origin-node docker openvswitch > > Note that all iptables chains have to be set to policy "accept" for this to > work. > "No route to host" can be caused by "--reject-with icmp-host-prohibited" so > you can try looking for that in your firewall config too. > > Regards, > v > > Am 2016-04-19 um 07:38 schrieb Sebastian Wieseler: >> Hi Clayton, >> Thanks for your reply. >> >> I opened now the firewall and have only the iptables rules from ansible in >> place. >> 4789 UDP is open for the OVS as I saw. >> >> I ran ansible again and deployed the pod without any success. >> Restarting the OVS daemon everywhere in the masters,nodes doesn’t help >> either. >> >> What’s the procedure to get it fixed? >> Thanks again in advance. >> >> Greetings, >> Sebastian >> >> >>> On 19 Apr 2016, at 12:06 PM, Clayton Coleman <[email protected]> wrote: >>> >>> This is very commonly a misconfiguration of the network firewall rules >>> and the Openshift SDN. Pods attempt to connect over OVS bridges to >>> the masters, and the OVS traffic is carried over port 4789 (I think >>> that's the port, you may want to double check). >>> >>> https://access.redhat.com/documentation/en/openshift-enterprise/3.1/cluster-administration/chapter-17-troubleshooting-openshift-sdn >>> >>> Covers debugging network configuration issues >>> >>>> On Apr 18, 2016, at 11:28 PM, Sebastian Wieseler >>>> <[email protected]> wrote: >>>> >>>> Hi community, >>>> We’re having difficulties to deploy pods. >>>> Our setup includes three masters plus three nodes. >>>> >>>> If we deploy a pod in the default project on a master, everything works >>>> fine. >>>> But when we’re deploying it on a node, we’re getting STATUS Error for the >>>> pod and the log shows: >>>> F0418 09:07:26.429738 1 deployer.go:70] couldn't get deployment >>>> project/pod-1: Get >>>> https:/172.30.0.1:443/api/v1/namespaces/project/replicationcontrollers/pod-1: >>>> dial tcp X.X.X.X:443: getsockopt: no route to host >>>> >>>> 172.30.0.1 is the default address for kubernetes. >>>> If I execute curl >>>> https://172.30.0.1:443/api/v1/namespaces/project/replicationcontrollers/pod-1on >>>> the master or on the nodes, I’ll get a valid response. >>>> >>>> How come the pod doesn’t have a route? I couldn’t find much in the logs. >>>> First I thought it’s a firewall issue, but even with "allow any" it >>>> doesn’t work. >>>> >>>> Our syslog is also full of these messages, on master and nodes: >>>> >>>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 >>>> 03:15:24.578086 32022 iowatcher.go:103] Unexpected EOF during watch >>>> stream event decoding: unexpected EOF >>>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 >>>> 03:15:24.947147 32022 iowatcher.go:103] Unexpected EOF during watch >>>> stream event decoding: unexpected EOF >>>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 >>>> 03:15:24.948047 32022 iowatcher.go:103] Unexpected EOF during watch >>>> stream event decoding: unexpected EOF >>>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 >>>> 03:15:24.948076 32022 iowatcher.go:103] Unexpected EOF during watch >>>> stream event decoding: unexpected EOF >>>> Apr 19 03:15:25 localhost atomic-openshift-master-api: I0419 >>>> 03:15:25.576047 32022 iowatcher.go:103] Unexpected EOF during watch >>>> stream event decoding: unexpected EOF >>>> Apr 19 03:15:26 localhost atomic-openshift-master-api: I0419 >>>> 03:15:26.207263 32022 iowatcher.go:103] Unexpected EOF during watch >>>> stream event decoding: unexpected EOF >>>> Apr 19 03:15:27 localhost origin-master-controllers: I0419 03:15:27.947460 >>>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event >>>> decoding: unexpected EOF >>>> Apr 19 03:15:28 localhost origin-master-controllers: I0419 03:15:28.580092 >>>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event >>>> decoding: unexpected EOF >>>> Apr 19 03:15:28 localhost origin-master-controllers: I0419 03:15:28.961733 >>>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event >>>> decoding: unexpected EOF >>>> Apr 19 03:15:30 localhost origin-master-controllers: I0419 03:15:30.577072 >>>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event >>>> decoding: unexpected EOF >>>> Apr 19 03:15:31 localhost origin-master-controllers: I0419 03:15:31.947765 >>>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event >>>> decoding: unexpected EOF >>>> Apr 19 03:15:32 localhost origin-master-controllers: I0419 03:15:32.579114 >>>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event >>>> decoding: unexpected EOF >>>> Apr 19 03:15:33 localhost origin-master-controllers: I0419 03:15:33.199725 >>>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event >>>> decoding: unexpected EOF >>>> Apr 19 03:15:34 localhost origin-master-controllers: I0419 03:15:34.199899 >>>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event >>>> decoding: unexpected EOF >>>> Apr 19 03:15:34 localhost origin-master-controllers: I0419 03:15:34.200178 >>>> 51283 iowatcher.go:103] Unexpected EOF during watch stream event >>>> decoding: unexpected EOF >>>> Apr 19 03:15:34 localhost origin-node: I0419 03:15:34.577084 32236 >>>> iowatcher.go:103] Unexpected EOF during watch stream event decoding: >>>> unexpected EOF >>>> >>>> Don’t know if this is related? >>>> >>>> Thanks a lot for your help! >>>> Greetings, >>>> Sebastian >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> users mailing list >>>> [email protected] >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
