Hi,
Define "after the deployment is nearly finished". Did it succeed? Or where
did it fail?
Can you tell us more about your network?
- what is the subnet your openshift instances are located into?
- what is the subnet your broken connections are coming from?
Troubleshooting that issue, I would look at a tcpdump, on the NIC ssh
connections should arrive from.
Look for TCP SYN packets not getting a SYN-ACK in response / broken
handshake.
Look for "ARP who-has" requests referencing an IP that shouldn't be in
OpenShift's subnet.
And obviously, look at the routes on your OpenShift nodes (ip r), ensure
there's nothing overlapping with the subnet your ssh connections are coming
from.
Eventually, look for iptables rules, and how many packets went through
(iptables -vL), for each rule, over time (watch -n 2 xxx), which could help
match a rule either blocking or diverting those connections.
Good luck,
Regards.
On Mon, Feb 4, 2019 at 6:22 PM Dan Steffen <dan.steffen...@googlemail.com>
wrote:
> Hello
>
> this is my first post in this list please excuse my mistakes but since some
> days I try to setup an openshift-origin-cluster on centos 7 in our company
> network but after the deployment with ansible is nearly finished the
> ssh-port will be blocked. It looks like that the cluster is running but the
> master (and the nodes) only reachable with ssh from hosts in the same
> network segment.
>
> My exactly doing at the moment is that I try to following this
> introduction[1] and after the installation of mentioned packages and the
> distrubtion of the ssh-keys to the servers.
> I try to deploy openshift with this inventory-configuration
>
> <code>
> [OSEv3:children]
> masters
> nodes
> etcd
>
> [OSEv3:vars]
> ansible_ssh_user=root
> openshift_deployment_type=origin
>
> openshift_master_identity_providers=[
> {'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind':
> 'HTPasswdPasswordIdentityProvider'}
>
> ]
> openshift_master_default_subdomain=apps.srv.world
> openshift_docker_insecure_registries=172.30.0.0/16
> openshift_http_proxy=http://proxy.example.com:8080
> openshift_https_proxy=http://proxy.example.com:8080
> openshift_no_proxy='.example.com'
> osm_cluster_network_cidr=10.233.0.0/18
>
> [masters]
> alm-okd-1.example.com openshift_schedulable=true containerized=false
>
> [etcd]
> alm-okd-1.example.com
>
> [nodes]
> alm-okd-1.example.com openshift_node_group_name='node-config-master-infra'
> alm-okd-2.example.com openshift_node_group_name='node-config-compute'
> alm-okd-3.example.com openshift_node_group_name='node-config-compute'
> </code>
>
> I think there is an entry in my configuration missing but I don't know
> entry is missing or malconfigured, maybe someone can give me a hint what I
> am doing wrong or give me an example of an working inventory? I would very
> thanksful because at the moment I have no idea why this don't work
> best regards
> Dan
>
>
> [1] https://www.server-world.info/en/note?os=CentOS_7&p=openshift311&f=1
> _______________________________________________
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
--
Samuel Martín Moro
{EPITECH.} 2011
"Nobody wants to say how this works.
Maybe nobody knows ..."
Xorg.conf(5)
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
