[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift origin cluster in VLAN



my user has cluster-admin priviledges.


Logs of my regsitry


10.1.1.1 - - [08/Dec/2016:09:13:25 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http"
10.1.1.1 - - [08/Dec/2016:09:13:25 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http"
10.1.1.1 - - [08/Dec/2016:09:13:35 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http"
10.1.1.1 - - [08/Dec/2016:09:13:35 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http"
10.1.1.1 - - [08/Dec/2016:09:13:45 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http"

But logs of my registry on the moment I try to login:

time="2016-12-08T09:15:42.932147341Z" level=debug msg="authorizing request" go.version=go1.6 http.request.host="172.30.250.73:5000" http.request.id=ea57e668-5a03-4ef4-bcbe-69b1a4a3771d http.request.method=GET http.request.remoteaddr="10.1.1.1:54378" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-327.36.3.el7.x86_64 os/linux arch/amd64" instance.id=2b1976e5-3ffc-4382-99bc-e6ae332da01d time="2016-12-08T09:15:42.932254033Z" level=error msg="error authorizing context: authorization header with basic token required" go.version=go1.6 http.request.host="172.30.250.73:5000" http.request.id=ea57e668-5a03-4ef4-bcbe-69b1a4a3771d http.request.method=GET http.request.remoteaddr="10.1.1.1:54378" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-327.36.3.el7.x86_64 os/linux arch/amd64" instance.id=2b1976e5-3ffc-4382-99bc-e6ae332da01d 10.1.1.1 - - [08/Dec/2016:09:15:42 +0000] "GET /v2/ HTTP/1.1" 401 87 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-327.36.3.el7.x86_64 os/linux arch/amd64"time="2016-12-08T09:15:42.934390662Z" level=debug msg="authorizing request" go.version=go1.6 http.request.host="172.30.250.73:5000" http.request.id=0cfc7634-b120-4969-a4a6-49762c09edab http.request.method=GET http.request.remoteaddr="10.1.1.1:54380" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-327.36.3.el7.x86_64 os/linux arch/amd64" instance.id=2b1976e5-3ffc-4382-99bc-e6ae332da01d 10.1.1.1 - - [08/Dec/2016:09:15:45 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http"10.1.1.1 - - [08/Dec/2016:09:15:45 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go 1.1 package http"time="2016-12-08T09:15:52.939762277Z" level=error msg="Get user failed with error: Get https://master.test.com:8443/oapi/v1/users/~: dial tcp: lookup master.test.com on 193.xx.xx.xx:53: read udp 10.1.1.2:59123->193.xx.xx.xx:53: i/o timeout" go.version=go1.6 http.request.host="172.30.250.73:5000" http.request.id=0cfc7634-b120-4969-a4a6-49762c09edab http.request.method=GET http.request.remoteaddr="10.1.1.1:54380" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-327.36.3.el7.x86_64 os/linux arch/amd64" instance.id=2b1976e5-3ffc-4382-99bc-e6ae332da01d time="2016-12-08T09:15:52.939827373Z" level=error msg="error checking authorization: Get https://master.test.com:8443/oapi/v1/users/~: dial tcp: lookup master.test.com on 193.xx.xx.xx:53: read udp 10.1.1.2:59123->193.xx.xx.xx:53: i/o timeout" go.version=go1.6 http.request.host="172.30.250.73:5000" http.request.id=0cfc7634-b120-4969-a4a6-49762c09edab http.request.method=GET http.request.remoteaddr="10.1.1.1:54380" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-327.36.3.el7.x86_64 os/linux arch/amd64" instance.id=2b1976e5-3ffc-4382-99bc-e6ae332da01d time="2016-12-08T09:15:52.939860796Z" level=error msg="error authorizing context: Get https://master.test.com:8443/oapi/v1/users/~: dial tcp: lookup master.test.com on 193.xx.xx.xx:53: read udp 10.1.1.2:59123->193.xx.xx.xx:53: i/o timeout" go.version=go1.6 http.request.host="172.30.250.73:5000" http.request.id=0cfc7634-b120-4969-a4a6-49762c09edab http.request.method=GET http.request.remoteaddr="10.1.1.1:54380" http.request.uri="/v2/" http.request.useragent="docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-327.36.3.el7.x86_64 os/linux arch/amd64" instance.id=2b1976e5-3ffc-4382-99bc-e6ae332da01d 10.1.1.1 - - [08/Dec/2016:09:15:42 +0000] "GET /v2/ HTTP/1.1" 400 0 "" "docker/1.10.3 go/go1.6.3 git-commit/cb079f6-unsupported kernel/3.10.0-327.36.3.el7.x86_64 os/linux arch/amd64"

The bold part is still showing some stuff with my public ip (193...) which does not exist anymore on the cluster
Extra note: I put this in comment in my node-configs.
# dnsIP: 193.70.58.121


Or is there a better way to run the playbook without needing public ip's and just create the cluster in the private VLAN?


Van: users-bounces lists openshift redhat com <users-bounces lists openshift redhat com> namens Den Cowboy <dencowboy hotmail com>
Verzonden: donderdag 8 december 2016 8:31:03
Aan: Clayton Coleman
CC: users lists openshift redhat com
Onderwerp: Re: OpenShift origin cluster in VLAN
 

I've changed the master-ip setting inside my master-config.yaml (which was still on the pub-ip of the installation). I replaced it with my private ip and restarted the cluster.

NAME         ENDPOINTS                                               AGE
kubernetes   192.168.20.1:8053,192.168.20.1:8443,192.168.20.1:8053   19h

I'm able to deploy my router + registry (images are pulled form a private registry in the same VLAN).
But I'm not able to authenticate on my registry. I didn't secure it yet.

docker login -u admin -e any mail com -p `oc whoami -t` 172.30.250.73:5000
Error response from daemon: no successful auth challenge for http://172.30.250.73:5000/v2/ - errors: [basic auth attempt to http://172.30.250.73:5000/v2/ realm "openshift" failed with status: 400 Bad Request]





Van: Clayton Coleman <ccoleman redhat com>
Verzonden: woensdag 7 december 2016 14:56:30
Aan: Den Cowboy
CC: users lists openshift redhat com
Onderwerp: Re: OpenShift origin cluster in VLAN
 
Each master still needs an IP registered that then backs the Kubernetes service that clients use to talk to the API.  So verify that each master is reporting the correct IP that is reachable from all nodes to "oc get endpoints kubernetes -n defaults"

On Dec 7, 2016, at 9:39 AM, Den Cowboy <dencowboy hotmail com> wrote:

We've installed OpenShift origin with the advanced playbook. There we used public ip's. But after the installation we've deleted the public ip's. The master and nodes are in a VLAN. I'm able to create a user, authenticate, visite the webconsole. restart node, master configs. I'm able to pull images from our local registry but I'm not able to do a deployment.


couldn't get deployment default/router-5: Get https://172.30.0.1:443/api/v1/namespaces/default/replicationcontrollers/router-5: dial tcp 172.30.0.1:443: getsockopt: network is unreachable

I'm even not able to curl the kubernetes service. What did we forgot/did wrong?

In our configs the dnsIP: option is in comment. So we did not specifiy it. The docker, origin-node, origin-master and openvswitch services are all running.

Logs of our origin-node show:
pkg/proxy/config/api.go:60: Failed to watch *api.Endpoints: Get https://master.xxx...ction refused
pkg/kubelet/kubelet.go:259: Failed to watch *api.Node: Get https://master.xxx:8443/..
pkg/kubelet/config/apiserver.go:43: Failed to watch *api.Pod
pkg/proxy/config/api.go:47: Failed to watch *api.Service: Get https://master.xxx refused


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]