Apologies, reading back, I just realized connections are broken within your network segment - not from a separate subnet. Same question applies, except for the "ARP who-has" stuff, which would be normal, within a same network / you can still look for those, though.
Regards. On Mon, Feb 4, 2019 at 9:47 PM Samuel Martín Moro <[email protected]> wrote: > Hi, > > Define "after the deployment is nearly finished". Did it succeed? Or where > did it fail? > > Can you tell us more about your network? > - what is the subnet your openshift instances are located into? > - what is the subnet your broken connections are coming from? > > Troubleshooting that issue, I would look at a tcpdump, on the NIC ssh > connections should arrive from. > Look for TCP SYN packets not getting a SYN-ACK in response / broken > handshake. > Look for "ARP who-has" requests referencing an IP that shouldn't be in > OpenShift's subnet. > And obviously, look at the routes on your OpenShift nodes (ip r), ensure > there's nothing overlapping with the subnet your ssh connections are coming > from. > > Eventually, look for iptables rules, and how many packets went through > (iptables -vL), for each rule, over time (watch -n 2 xxx), which could help > match a rule either blocking or diverting those connections. > > Good luck, > > Regards. > > > > On Mon, Feb 4, 2019 at 6:22 PM Dan Steffen <[email protected]> > wrote: > >> Hello >> >> this is my first post in this list please excuse my mistakes but since >> some >> days I try to setup an openshift-origin-cluster on centos 7 in our company >> network but after the deployment with ansible is nearly finished the >> ssh-port will be blocked. It looks like that the cluster is running but >> the >> master (and the nodes) only reachable with ssh from hosts in the same >> network segment. >> >> My exactly doing at the moment is that I try to following this >> introduction[1] and after the installation of mentioned packages and the >> distrubtion of the ssh-keys to the servers. >> I try to deploy openshift with this inventory-configuration >> >> <code> >> [OSEv3:children] >> masters >> nodes >> etcd >> >> [OSEv3:vars] >> ansible_ssh_user=root >> openshift_deployment_type=origin >> >> openshift_master_identity_providers=[ >> {'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': >> 'HTPasswdPasswordIdentityProvider'} >> >> ] >> openshift_master_default_subdomain=apps.srv.world >> openshift_docker_insecure_registries=172.30.0.0/16 >> openshift_http_proxy=http://proxy.example.com:8080 >> openshift_https_proxy=http://proxy.example.com:8080 >> openshift_no_proxy='.example.com' >> osm_cluster_network_cidr=10.233.0.0/18 >> >> [masters] >> alm-okd-1.example.com openshift_schedulable=true containerized=false >> >> [etcd] >> alm-okd-1.example.com >> >> [nodes] >> alm-okd-1.example.com >> openshift_node_group_name='node-config-master-infra' >> alm-okd-2.example.com openshift_node_group_name='node-config-compute' >> alm-okd-3.example.com openshift_node_group_name='node-config-compute' >> </code> >> >> I think there is an entry in my configuration missing but I don't know >> entry is missing or malconfigured, maybe someone can give me a hint what I >> am doing wrong or give me an example of an working inventory? I would very >> thanksful because at the moment I have no idea why this don't work >> best regards >> Dan >> >> >> [1] https://www.server-world.info/en/note?os=CentOS_7&p=openshift311&f=1 >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > > > -- > Samuel Martín Moro > {EPITECH.} 2011 > > "Nobody wants to say how this works. > Maybe nobody knows ..." > Xorg.conf(5) > -- Samuel Martín Moro {EPITECH.} 2011 "Nobody wants to say how this works. Maybe nobody knows ..." Xorg.conf(5)
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
