[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pod deployment error: couldn't get deployment: dial tcp 172.30.0.1:443: getsockopt: no route to host



Isn’t flushing iptable rules a dangerous option? I thought iptables was heavily utilized for destination NAT’ing for the kube service…



-- 
John Skarbek

On April 19, 2016 at 00:23:39, v (vekt0r7 gmx net) wrote:

Hey,

I'd try to disable all firewall rules and then see if the error message is still there.
For example:
iptables -F
iptables -t nat -F
systemctl restart origin-master origin-node docker openvswitch

Note that all iptables chains have to be set to policy "accept" for this to work.
"No route to host" can be caused by "--reject-with icmp-host-prohibited" so you can try looking for that in your firewall config too.

Regards,
v

Am 2016-04-19 um 07:38 schrieb Sebastian Wieseler:
> Hi Clayton,
> Thanks for your reply.
>
> I opened now the firewall and have only the iptables rules from ansible in place.
> 4789 UDP is open for the OVS as I saw.
>
> I ran ansible again and deployed the pod without any success.
> Restarting the OVS daemon everywhere in the masters,nodes doesn’t help either.
>
> What’s the procedure to get it fixed?
> Thanks again in advance.
>
> Greetings,
> Sebastian
>
>
>> On 19 Apr 2016, at 12:06 PM, Clayton Coleman <ccoleman redhat com> wrote:
>>
>> This is very commonly a misconfiguration of the network firewall rules
>> and the Openshift SDN. Pods attempt to connect over OVS bridges to
>> the masters, and the OVS traffic is carried over port 4789 (I think
>> that's the port, you may want to double check).
>>
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en_openshift-2Denterprise_3.1_cluster-2Dadministration_chapter-2D17-2Dtroubleshooting-2Dopenshift-2Dsdn&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=Iekdl0wEmzIYng61ltSIpzfAwlsvKjfViYDRUIAfsCk&e=
>>
>> Covers debugging network configuration issues
>>
>>> On Apr 18, 2016, at 11:28 PM, Sebastian Wieseler <sebastian myrepublic com sg> wrote:
>>>
>>> Hi community,
>>> We’re having difficulties to deploy pods.
>>> Our setup includes three masters plus three nodes.
>>>
>>> If we deploy a pod in the default project on a master, everything works fine.
>>> But when we’re deploying it on a node, we’re getting STATUS Error for the pod and the log shows:
>>> F0418 09:07:26.429738 1 deployer.go:70] couldn't get deployment project/pod-1: Get https://urldefense.proofpoint.com/v2/url?u=https-3A_172.30.0.1-3A443_api_v1_namespaces_project_replicationcontrollers_pod-2D1-3A&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=fTG-cS_Z2IyG5kH5Txkpg1bs1lu_Bnn9of2LJSCuFZ0&e= dial tcp X.X.X.X:443: getsockopt: no route to host
>>>
>>> 172.30.0.1 is the default address for kubernetes.
>>> If I execute curl https://urldefense.proofpoint.com/v2/url?u=https-3A__172.30.0.1-3A443_api_v1_namespaces_project_replicationcontrollers_pod-2D1on&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=kUv7hJlaucVB2gW1diMvJuAX88rwKYGPNyiJ-mdsRRw&e= the master or on the nodes, I’ll get a valid response.
>>>
>>> How come the pod doesn’t have a route? I couldn’t find much in the logs.
>>> First I thought it’s a firewall issue, but even with "allow any" it doesn’t work.
>>>
>>> Our syslog is also full of these messages, on master and nodes:
>>>
>>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 03:15:24.578086 32022 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 03:15:24.947147 32022 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 03:15:24.948047 32022 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:24 localhost atomic-openshift-master-api: I0419 03:15:24.948076 32022 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:25 localhost atomic-openshift-master-api: I0419 03:15:25.576047 32022 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:26 localhost atomic-openshift-master-api: I0419 03:15:26.207263 32022 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:27 localhost origin-master-controllers: I0419 03:15:27.947460 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:28 localhost origin-master-controllers: I0419 03:15:28.580092 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:28 localhost origin-master-controllers: I0419 03:15:28.961733 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:30 localhost origin-master-controllers: I0419 03:15:30.577072 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:31 localhost origin-master-controllers: I0419 03:15:31.947765 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:32 localhost origin-master-controllers: I0419 03:15:32.579114 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:33 localhost origin-master-controllers: I0419 03:15:33.199725 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:34 localhost origin-master-controllers: I0419 03:15:34.199899 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:34 localhost origin-master-controllers: I0419 03:15:34.200178 51283 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>> Apr 19 03:15:34 localhost origin-node: I0419 03:15:34.577084 32236 iowatcher.go:103] Unexpected EOF during watch stream event decoding: unexpected EOF
>>>
>>> Don’t know if this is related?
>>>
>>> Thanks a lot for your help!
>>> Greetings,
>>> Sebastian
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> users mailing list
>>> users lists openshift redhat com
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openshift.redhat.com_openshiftmm_listinfo_users&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=RmKv2YcUurLjqB7Wdlh-O4xH9kt3QKFoJlaK58f4A8k&e=
>
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openshift.redhat.com_openshiftmm_listinfo_users&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=RmKv2YcUurLjqB7Wdlh-O4xH9kt3QKFoJlaK58f4A8k&e=

_______________________________________________
users mailing list
users lists openshift redhat com
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openshift.redhat.com_openshiftmm_listinfo_users&d=CwIGaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=UbAkDuZnwbaSECJ-D6Hc6sF-w8cSCEURXpRl70Ht91s&s=RmKv2YcUurLjqB7Wdlh-O4xH9kt3QKFoJlaK58f4A8k&e=


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]