Hi Scott, Yes, we'll upgrade our environment as soon as possible,
Thanks, Fran. 2016-10-05 18:19 GMT+02:00 Scott Dodson <[email protected]>: > Ok, I think maybe that was a limitation of old versions. Any chance > you'll be upgrading soon? > > On Wed, Oct 5, 2016 at 12:12 PM, Fran Barrera <[email protected]> > wrote: > > Ok, I think that now it's working good, the problem was in kubernetes > > service, I had to edit manually and change the port 5353 to 53 and > > targetPort was 5353 so was ok. > > > > But if origin-master is restarted it is changed again. > > > > Fran. > > > > 2016-10-05 17:56 GMT+02:00 Scott Dodson <[email protected]>: > >> > >> Is the node running on the host in question? That would be required > >> for dnsmasq to connect to 172.30.0.1:53 as the kubelet provides those > >> iptables rules. Can you verify that the kubernetes service looks like > >> you'd expect it with the right ports and endpoints? `oc -n default > >> describe svc/kubernetes` > >> > >> -- > >> Scott > >> > >> On Wed, Oct 5, 2016 at 11:51 AM, Fran Barrera <[email protected]> > >> wrote: > >> > I tried this: > >> > > >> > # dig @master_ip -p 5353 kubernetes.default.svc.cluster.local > >> > 172.30.0.1 > >> > > >> > # dig @master_ip kubernetes.default.svc.cluster.local > >> > - > >> > > >> > If i do this in the other environment, working good. Iptables is > >> > allowing > >> > port 53 and 5353(skydns). It's like dnsmasq isn't working good but the > >> > logs > >> > appears ok > >> > > >> > Fran. > >> > > >> > 2016-10-05 14:05 GMT+02:00 Scott Dodson <[email protected]>: > >> >> > >> >> If skydns is running on a port other than 53 you'll need to pass -p > >> >> flag to dig to specify the port. The kubernetes service (172.30.0.1) > >> >> translates port 53 into the port that skydns is running on so when > >> >> using the service ip that's not necessary, but if you're accessing > the > >> >> master's ip you'll have to account for that. Also, this means you > need > >> >> firewall rules allowing access on that port between all nodes and > your > >> >> master, maybe that's the missing piece? > >> >> > >> >> -- > >> >> Scott > >> >> > >> >> On Wed, Oct 5, 2016 at 5:17 AM, Fran Barrera <[email protected] > > > >> >> wrote: > >> >> > Ok, I found this: > >> >> > > >> >> > # dig @IP_MASTER kubernetes.default.svc.cluster.local > >> >> > no resolve > >> >> > > >> >> > And if I do this on the other environment resolved correctly. > >> >> > > >> >> > The logs of dnsmasq seems look good: > >> >> > > >> >> > using nameserver 8.8.8.8#53 > >> >> > using nameserver 172.30.0.1#53 for domain 30.172.in-addr.arpa > >> >> > using nameserver 172.30.0.1#53 for domain cluster.local > >> >> > read /etc/hosts - 11 addresses > >> >> > > >> >> > Is the same in both environments. > >> >> > > >> >> > And node-config.yaml the dnsIP is set correctly. > >> >> > > >> >> > Thanks, > >> >> > Fran. > >> >> > > >> >> > > >> >> > 2016-10-04 18:08 GMT+02:00 Scott Dodson <[email protected]>: > >> >> >> > >> >> >> Ok, to debug this, at the host level `dig @node-ip > >> >> >> kubernetes.default.svc.cluster.local` and `dig @node-ip > >> >> >> www.google.es` > >> >> >> replace node-ip with the node's ip address, and then review the > >> >> >> journal for dnsmasq, `journalctl -lu dnsmasq`. If everything looks > >> >> >> fine there then I'd verify that the dnsIP is set correctly in > >> >> >> node-config.yaml > >> >> >> > >> >> >> -- > >> >> >> Scott > >> >> >> > >> >> >> On Tue, Oct 4, 2016 at 11:35 AM, Fran Barrera > >> >> >> <[email protected]> > >> >> >> wrote: > >> >> >> > No, the problem isn't a conflict port because i've moved skydns > to > >> >> >> > port > >> >> >> > 5353. > >> >> >> > > >> >> >> > Now, I have seen a bit more the problem, from a pod I can't > >> >> >> > resolver > >> >> >> > any > >> >> >> > openshift service and if I try a ping to www.google.es for > example > >> >> >> > take > >> >> >> > ~ 10 > >> >> >> > seconds. It's like dnsmasq is not forwarding to skydns? but my > >> >> >> > configuration > >> >> >> > is the same in both environments. > >> >> >> > > >> >> >> > Thanks, > >> >> >> > Fran. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > 2016-10-04 14:53 GMT+02:00 Scott Dodson <[email protected]>: > >> >> >> >> > >> >> >> >> Hmm, I thought it was there in more recent versions too? The > >> >> >> >> reason > >> >> >> >> that this is there is because we want 'fran.project' or 'frans' > >> >> >> >> to > >> >> >> >> use > >> >> >> >> the search path to resolve 'fransapp.project.svc.cluster. > local' > >> >> >> >> so > >> >> >> >> pods can reference the service without knowing the FQDN. > >> >> >> >> > >> >> >> >> Can you elaborate on how it's failing in the 1.0.8 > environment? I > >> >> >> >> imagine the problem there is that there's probably a conflict > on > >> >> >> >> port > >> >> >> >> 53 on your masters which are also nodes? To work around this > >> >> >> >> we've > >> >> >> >> moved skydns to port 8053, check master-config.yaml for > >> >> >> >> dnsConfig.bindAddress and see if it's binding to port 53 or > 8053. > >> >> >> >> If > >> >> >> >> you move it to 8053 and restart the master does it help? > >> >> >> >> > >> >> >> >> -- > >> >> >> >> Scott > >> >> >> >> > >> >> >> >> On Tue, Oct 4, 2016 at 4:25 AM, Fran Barrera > >> >> >> >> <[email protected]> > >> >> >> >> wrote: > >> >> >> >> > Hi Scott, > >> >> >> >> > > >> >> >> >> > I have configured dnsmasq as you commented and working good > in > >> >> >> >> > my > >> >> >> >> > environment, but I have another environment in 1.0.8 version > >> >> >> >> > and > >> >> >> >> > the > >> >> >> >> > problem > >> >> >> >> > is the "option ndots:5" If i delete this option everything > >> >> >> >> > working > >> >> >> >> > good > >> >> >> >> > but > >> >> >> >> > I don't know why Openshift set this automatically in > >> >> >> >> > /etc/resolv.conf > >> >> >> >> > > >> >> >> >> > I see in other version that this options is dissapeared but > in > >> >> >> >> > older > >> >> >> >> > version > >> >> >> >> > not. Is there any way to delete this option? > >> >> >> >> > > >> >> >> >> > Thanks, > >> >> >> >> > Fran > >> >> >> >> > > >> >> >> >> > 2016-10-03 14:43 GMT+02:00 Scott Dodson <[email protected] > >: > >> >> >> >> >> > >> >> >> >> >> Maybe I'm misunderstanding the question, but you'd configure > >> >> >> >> >> dnsmasq > >> >> >> >> >> to forward 'cluster.local' to skydns and all other requests > to > >> >> >> >> >> your > >> >> >> >> >> desired nameservers, place a file in /etc/dnsmasq.d/ like > this > >> >> >> >> >> > >> >> >> >> >> strict-order > >> >> >> >> >> no-resolv > >> >> >> >> >> domain-needed > >> >> >> >> >> server=/cluster.local/172.30.0.1 > >> >> >> >> >> server=/30.172.in-addr.arpa/172.30.0.1 > >> >> >> >> >> server=4.4.4.4 > >> >> >> >> >> server=8.8.8.8 > >> >> >> >> >> > >> >> >> >> >> Again, the installer does this for you automatically using a > >> >> >> >> >> NetworkManager dispatcher script to configure dnsmasq. You > can > >> >> >> >> >> see > >> >> >> >> >> what it does here > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> https://github.com/openshift/openshift-ansible/blob/master/ > roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh > >> >> >> >> >> > >> >> >> >> >> On Mon, Oct 3, 2016 at 3:41 AM, Fran Barrera > >> >> >> >> >> <[email protected]> > >> >> >> >> >> wrote: > >> >> >> >> >> > Hi Scott, > >> >> >> >> >> > > >> >> >> >> >> > If I set dnsmasq in the node-config.yaml. How I can > forward > >> >> >> >> >> > cluster > >> >> >> >> >> > dns > >> >> >> >> >> > to > >> >> >> >> >> > skydns? Because Openshift services don't have any domain, > >> >> >> >> >> > right? > >> >> >> >> >> > > >> >> >> >> >> > Thanks, > >> >> >> >> >> > Fran > >> >> >> >> >> > > >> >> >> >> >> > 2016-09-30 14:56 GMT+02:00 Scott Dodson > >> >> >> >> >> > <[email protected]>: > >> >> >> >> >> >> > >> >> >> >> >> >> Fran, > >> >> >> >> >> >> > >> >> >> >> >> >> If you set dnsIP in your node-config.yaml file it will > make > >> >> >> >> >> >> that > >> >> >> >> >> >> IP > >> >> >> >> >> >> address the first nameserver in your pod's resolv.conf. I > >> >> >> >> >> >> don't > >> >> >> >> >> >> know > >> >> >> >> >> >> how to add timeout options to pod's resolv.conf, but > >> >> >> >> >> >> hopefully > >> >> >> >> >> >> you > >> >> >> >> >> >> should have timeout issues. > >> >> >> >> >> >> > >> >> >> >> >> >> BTW, the installer should be configuring dnsmasq on each > >> >> >> >> >> >> node > >> >> >> >> >> >> and > >> >> >> >> >> >> setting dnsIP to the local host's IP address starting > with > >> >> >> >> >> >> Origin > >> >> >> >> >> >> 1.2 > >> >> >> >> >> >> and OCP 3.2. dnsmasq is then responsible for forwarding > >> >> >> >> >> >> cluster > >> >> >> >> >> >> dns > >> >> >> >> >> >> to > >> >> >> >> >> >> skydns and other requests to the host's default resolver. > >> >> >> >> >> >> > >> >> >> >> >> >> -- > >> >> >> >> >> >> Scott > >> >> >> >> >> >> > >> >> >> >> >> >> On Fri, Sep 30, 2016 at 8:39 AM, Fran Barrera > >> >> >> >> >> >> <[email protected]> > >> >> >> >> >> >> wrote: > >> >> >> >> >> >> > Hi All, > >> >> >> >> >> >> > > >> >> >> >> >> >> > In my environment, the master is the DNS server > (dnsmasq) > >> >> >> >> >> >> > and > >> >> >> >> >> >> > my > >> >> >> >> >> >> > problem > >> >> >> >> >> >> > is > >> >> >> >> >> >> > that I have very slow resolution. The resolv.conf of > pods > >> >> >> >> >> >> > is: > >> >> >> >> >> >> > > >> >> >> >> >> >> > nameserver 172.30.0.1 > >> >> >> >> >> >> > nameserver master_ip > >> >> >> >> >> >> > > >> >> >> >> >> >> > I need to change this conf adding first the master IP > or > >> >> >> >> >> >> > add > >> >> >> >> >> >> > a > >> >> >> >> >> >> > options > >> >> >> >> >> >> > timeout because the slow is because try first with > >> >> >> >> >> >> > kubernetes > >> >> >> >> >> >> > dns > >> >> >> >> >> >> > and > >> >> >> >> >> >> > 10 > >> >> >> >> >> >> > seconds later try with dns master. I've followed this > >> >> >> >> >> >> > guide > >> >> >> >> >> >> > https://access.redhat.com/solutions/2215521 but not > >> >> >> >> >> >> > change > >> >> >> >> >> >> > anything. > >> >> >> >> >> >> > > >> >> >> >> >> >> > Any helps? > >> >> >> >> >> >> > > >> >> >> >> >> >> > > >> >> >> >> >> >> > > >> >> >> >> >> >> > _______________________________________________ > >> >> >> >> >> >> > users mailing list > >> >> >> >> >> >> > [email protected] > >> >> >> >> >> >> > > >> >> >> >> >> >> > http://lists.openshift.redhat. > com/openshiftmm/listinfo/users > >> >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> > > >> >> >> >> > > >> >> >> > > >> >> >> > > >> >> > > >> >> > > >> > > >> > > > > > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
