[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Certificate Problem?



Yes.  I also get a successful answer from on the URL that’s timing out

[root node1 ~]# curl -k https://master.example.com:8443/api/v1/namespaces/default/replicationcontrollers/docker-registry-1
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "User \"system:anonymous\" cannot get replicationcontrollers in project \"default\"",
  "reason": "Forbidden",
  "details": {
    "name": "docker-registry-1",
    "kind": "replicationcontrollers"
  },
  "code": 403

I’m looking for a way to bump the login level up.

Justin

> On 21/08/2015, at 10:04 am, Clayton Coleman <ccoleman redhat com> wrote:
> 
> Does master.example.com resolve from your node?  Is the IP address the
> same as your master instance?
> 
> On Thu, Aug 20, 2015 at 5:48 PM, Justin Wood <justin wood example co nz> wrote:
>> Ok here’s what I get.
>> 
>> [root master ~]# oc logs docker-registry-1-deploy
>> F0820 17:35:02.953324       1 deployer.go:64] couldn't get deployment default/docker-registry-1: Get https://master.example.com:8443/api/v1/namespaces/default/replicationcontrollers/docker-registry-1: dial tcp: i/o timeout
>> 
>> [root master ~]# oc get pods
>> NAME                       READY     STATUS         RESTARTS   AGE
>> docker-registry-1-deploy   0/1       ExitCode:255   0          3m
>> 
>> 
>> Aug 21 09:14:18 master.example.com openshift-master[1466]: 2015/08/21 09:14:18 etcdserver: saved snapshot at index 20002
>> Aug 21 09:34:31 master.example.com openshift-master[1466]: I0821 09:34:31.317638 1466 controller.go:72] Ignoring change for DeploymentConfig default/docker-registry:1; no existing Deployment found
>> Aug 21 09:34:31 master.example.com openshift-master[1466]: I0821 09:34:31.702437 1466 factory.go:214] About to try and schedule pod docker-registry-1-deploy
>> Aug 21 09:34:31 master.example.com openshift-master[1466]: I0821 09:34:31.703204 1466 factory.go:312] Attempting to bind docker-registry-1-deploy to node1.example.com
>> Aug 21 09:34:33 master.example.com openshift-master[1466]: I0821 09:34:33.492440    1466 controller.go:85] Ignoring DeploymentConfig change for default/docker-registry:1 (latestVersion=1); same as Deployment default/docker-registry-1
>> 
>> I took the firewall on node1 down, just for good measure and tried again, but got the same result
>> 
>> Justin
>> 
>>> On 21/08/2015, at 9:31 am, Clayton Coleman <ccoleman redhat com> wrote:
>>> 
>>> Hrm, the TLS error may be a red herring.  Pull the logs for the deploy
>>> pod - oc logs docker-registry-1-deploy
>>> 
>>> On Thu, Aug 20, 2015 at 5:29 PM, Justin Wood <justin wood example co nz> wrote:
>>>> Thanks Clayton.  This is what I have
>>>> 
>>>> ...
>>>> serviceAccountConfig:
>>>> managedNames:
>>>> - default
>>>> - builder
>>>> - deployer
>>>> masterCA: ca.crt
>>>> privateKeyFile: serviceaccounts.private.key
>>>> publicKeyFiles:
>>>> - serviceaccounts.public.key
>>>> servingInfo:
>>>> bindAddress: 0.0.0.0:8443
>>>> certFile: master.server.crt
>>>> clientCA: ca.crt
>>>> keyFile: master.server.key
>>>> maxRequestsInFlight: 500
>>>> requestTimeoutSeconds: 3600
>>>> …
>>>> 
>>>> and I was running the command as system:admin
>>>> 
>>>> [root master ~]# oc whoami
>>>> system:admin
>>>> 
>>>> 
>>>> Cheers
>>>> Justin
>>>> 
>>>>> On 21/08/2015, at 8:40 am, Clayton Coleman <ccoleman redhat com> wrote:
>>>>> 
>>>>> Hrm, check that you have "masterCA" set under the serviceAccountConfig field in your master-config.yaml
>>>>> 
>>>>> On Thu, Aug 20, 2015 at 4:05 PM, Justin Wood <justin wood example co nz> wrote:
>>>>> Hi All
>>>>> 
>>>>> I just did a fresh install of OpenShift using this guide
>>>>> 
>>>>> https://docs.openshift.com/enterprise/3.0/admin_guide/install/advanced_install.html
>>>>> 
>>>>> and everything comes up as it should but when I try to deploy a registry it fails
>>>>> 
>>>>> The logs indicate that I need to address some certificate issue.   Where do I had trusted certs configure it to just use plain http?
>>>>> 
>>>>> Here are the logs
>>>>> 
>>>>> Aug 20 19:26:18 master.example.com openshift-master[1466]: [676ns] [676ns] About to list directory
>>>>> Aug 20 19:26:18 master.example.com openshift-master[1466]: [819.978876ms] [819.9782ms] List extracted
>>>>> Aug 20 19:26:18 master.example.com openshift-master[1466]: [819.989248ms] [10.372µs] List filtered
>>>>> Aug 20 19:26:18 master.example.com openshift-master[1466]: [819.989814ms] [566ns] END
>>>>> Aug 20 19:26:18 master.example.com openshift-master[1466]: I0820 19:26:18.298101    1466 trace.go:57] Trace "List *api.PodList" (started 2015-08-20 19:26:17.394538848 +1200 NZST):
>>>>> Aug 20 19:26:18 master.example.com openshift-master[1466]: [490ns] [490ns] About to list directory
>>>>> Aug 20 19:26:18 master.example.com openshift-master[1466]: [903.534372ms] [903.533882ms] List extracted
>>>>> Aug 20 19:26:18 master.example.com openshift-master[1466]: [903.537414ms] [3.042µs] List filtered
>>>>> Aug 20 19:26:18 master.example.com openshift-master[1466]: [903.537779ms] [365ns] END
>>>>> Aug 20 19:26:19 master.example.com openshift-master[1466]: I0820 19:26:19.363015    1466 common.go:66] Self IP: 172.16.63.129.
>>>>> Aug 20 19:29:50 master.example.com openshift-master[1466]: I0820 19:29:50.900598 1466 controller.go:72] Ignoring change for DeploymentConfig default/docker-registry:1; no existing Deployment found
>>>>> Aug 20 19:29:51 master.example.com openshift-master[1466]: I0820 19:29:51.014624    1466 factory.go:214] About to try and schedule pod docker-registry-1-deploy
>>>>> Aug 20 19:29:51 master.example.com openshift-master[1466]: I0820 19:29:51.014842    1466 factory.go:312] Attempting to bind docker-registry-1-deploy to node1.example.com
>>>>> Aug 20 19:30:21 master.example.com openshift-master[1466]: I0820 19:30:21.843904 1466 controller.go:85] Ignoring DeploymentConfig change for default/docker-registry:1 (latestVersion=1); same as Deployment default/docker-registry-1
>>>>> Aug 20 19:32:22 master.example.com openshift-master[1466]: I0820 19:32:22.844859 1466 controller.go:85] Ignoring DeploymentConfig change for default/docker-registry:1 (latestVersion=1); same as Deployment default/docker-registry-1
>>>>> 
>>>>> Aug 20 19:33:35 master.example.com openshift-master[1466]: 2015/08/20 19:33:35 http: TLS handshake error from 172.16.63.129:56385: remote error: unknown certificate authority
>>>>> 
>>>>> Aug 20 19:34:23 master.example.com openshift-master[1466]: I0820 19:34:23.951961 1466 controller.go:85] Ignoring DeploymentConfig change for default/docker-registry:1 (latestVersion=1); same as Deployment default/docker-registry-1
>>>>> Aug 20 19:36:24 master.example.com openshift-master[1466]: I0820 19:36:24.873571 1466 controller.go:85] Ignoring DeploymentConfig change for default/docker-registry:1 (latestVersion=1); same as Deployment default/docker-registry-1
>>>>> Aug 20 19:37:03 master.example.com openshift-master[1466]: I0820 19:37:03.750158    1466 replication_controller.go:370] Replication Controller has been deleted default/docker-registry-1
>>>>> Aug 20 19:37:21 master.example.com openshift-master[1466]: I0820 19:37:21.932608    1466 controller.go:72] Ignoring change for DeploymentConfig default/docker-registry:1; no existing Deployment found
>>>>> 
>>>>> Cheers
>>>>> Justin
>>>>> 
>>>>> _______________________________________________
>>>>> users mailing list
>>>>> users lists openshift redhat com
>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> Clayton Coleman | Lead Engineer, OpenShift
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> Clayton Coleman | Lead Engineer, OpenShift
>> 
> 
> 
> 
> -- 
> Clayton Coleman | Lead Engineer, OpenShift



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]