[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Trouble accessing docker image of openshift



It's an origin flag - add it at the end.

On Tue, Feb 16, 2016 at 10:41 AM, Marc Boorshtein <mboorshtein gmail com> wrote:
> Thanks Clayton.  Is "--public-master" a docker flag?  When I try it I get:
>
> [root openshift ~]# docker run -d --name "origin"         --privileged
> --pid=host --net=bridge -p 8443:8443         -v /:/rootfs:ro -v
> /var/run:/var/run:rw -v /sys:/sys -v /var/lib/docker:/var/lib/docker:rw
> -v
> /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes
> --public-master openshift.tremolo.lan  -h openshift.tremolo.lan
> openshift/origin start
>
> flag provided but not defined: --public-master
>
> It looks like its passed to the openshift command, not docker?
>
> Thanks
>
>
> On Tue, Feb 16, 2016 at 10:21 AM, Clayton Coleman <ccoleman redhat com>
> wrote:
>>
>> The console is served on whatever you provide as "--public-master" to
>> the docker run command.
>>
>> I don't think we've seen this particular one yet - we definitely
>> tightened our accepted ciphers list to pull the insecure ones out, but
>> please open an issue and we'll track it down.
>>
>> On Tue, Feb 16, 2016 at 9:18 AM, Marc Boorshtein <mboorshtein gmail com>
>> wrote:
>> > All,
>> >
>> > I tried downloading and setting up openshift on docker
>> > docker-engine-1.10.1-1 on centos7.  I used the following command to get
>> > up
>> > and running:
>> >
>> > docker run -d --name "origin"         --privileged --pid=host
>> > --net=bridge
>> > -p 8443:8443         -v /:/rootfs:ro -v /var/run:/var/run:rw -v
>> > /sys:/sys -v
>> > /var/lib/docker:/var/lib/docker:rw         -v
>> >
>> > /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes
>> > -h openshift.xxx.lan    openshift/origin start
>> >
>> > When I try to go to the console on 8443 I get redirected to a 172
>> > address
>> > and firefox complains that the SSL connection is broken:
>> >
>> > Secure Connection Failed
>> >
>> > An error occurred during a connection to openshift.xxxx.lan:8443.
>> > security
>> > library: improperly formatted DER-encoded message. (Error code:
>> > sec_error_bad_der)
>> >
>> >     The page you are trying to view cannot be shown because the
>> > authenticity
>> > of the received data could not be verified.
>> >     Please contact the website owners to inform them of this problem.
>> >
>> > but when I check the connection I get the following:
>> > [root openshift ~]# openssl s_client -connect
>> > 'openshift.tremolo.lan:8443'
>> > CONNECTED(00000003)
>> > depth=1 CN = openshift-signer 1455630818
>> > verify error:num=19:self signed certificate in certificate chain
>> > verify return:0
>> > ---
>> > Certificate chain
>> >  0 s:/CN=127.0.0.1
>> >    i:/CN=openshift-signer 1455630818
>> >  1 s:/CN=openshift-signer 1455630818
>> >    i:/CN=openshift-signer 1455630818
>> > ---
>> > Server certificate
>> > -----BEGIN CERTIFICATE-----
>> > MIID8TCCAtugAwIBAgIBBjALBgkqhkiG9w0BAQswJjEkMCIGA1UEAwwbb3BlbnNo
>> > aWZ0LXNpZ25lckAxNDU1NjMwODE4MB4XDTE2MDIxNjEzNTM0MloXDTE4MDIxNTEz
>> > NTM0M1owFDESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOC
>> > AQ8AMIIBCgKCAQEA8NVlc/xYxrdo6ucYHoCtKvAjTxyCfdsAPGBm/VHbFQ+qLEIn
>> > 6zk9eIKQ8kIHbm7xYFLFsvgBcmZwg6vf3NJoovaQREGqUo43Kuv2yk1NBVK5t3c9
>> > bA4fmNJFCjy31JsoSyYm/ndsVatF0y5K8YlFzgyFyMoOuWGuMTiAZAKqHW307/QM
>> > IHkmMBt6++tO04F2f9T2Z9h/V677iJ9QC7YiGF+KL9hM7F4S/dwQWiwPso4gMaQF
>> > QdvXv9OZoRQ6/0YY/UnLJFoF/hfLt4oODu0GSMK9BAuS/67aJilexcSDXXGeSuIh
>> > OgN79UAW70bbd+OR8AqxU3EjiE8P9LMb87EpwwIDAQABo4IBPjCCATowDgYDVR0P
>> > AQH/BAQDAgCgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwggED
>> > BgNVHREEgfswgfiCCmt1YmVybmV0ZXOCEmt1YmVybmV0ZXMuZGVmYXVsdIIWa3Vi
>> > ZXJuZXRlcy5kZWZhdWx0LnN2Y4Ika3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVz
>> > dGVyLmxvY2Fsgglsb2NhbGhvc3SCCW9wZW5zaGlmdIIRb3BlbnNoaWZ0LmRlZmF1
>> > bHSCFW9wZW5zaGlmdC5kZWZhdWx0LnN2Y4Ijb3BlbnNoaWZ0LmRlZmF1bHQuc3Zj
>> > LmNsdXN0ZXIubG9jYWyCCTEyNy4wLjAuMYIKMTcyLjE3LjAuMoIKMTcyLjMwLjAu
>> > MYcEfwAAAYcErBEAAocErB4AATALBgkqhkiG9w0BAQsDggEBAAgxc6TRaCcT5jBP
>> > Mj6K3CUkhN8S/3Us0gHIQ0ZYIvpzfi+HH9vUggS44E3I9OI2TN5pTZ0vDSbLMEva
>> > VfvlZHsi4qlA/72rP50Gw+GMooofc8FHo08AXM2Lf/jE8/w88F4kXLZqVvnsQ/N4
>> > bxSDg+0tydEAVoBopcvIyUj7QGFT7MT7icHe2ql6vnoXwZzeTLEKoNSk/NXlbLs8
>> > IDW9bAa941SBYoVwyXsL5e4y7xqI4fKMX/gbF2FjAIwxa9PfeZKZ4bFNKY0b4LAr
>> > Jl3NXbpbzmYlGqJwCBjY5JdOmXpjvkUv7ynYuV/ov65zz9RCfDp4CYDiZG80cgdj
>> > Z1EmREE=
>> > -----END CERTIFICATE-----
>> > subject=/CN=127.0.0.1
>> > issuer=/CN=openshift-signer 1455630818
>> > ---
>> > Acceptable client certificate CA names
>> > /CN=openshift-signer 1455630818
>> > Server Temp Key: ECDH, prime256v1, 256 bits
>> > ---
>> > SSL handshake has read 2414 bytes and written 385 bytes
>> > ---
>> > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
>> > Server public key is 2048 bit
>> > Secure Renegotiation IS supported
>> > Compression: NONE
>> > Expansion: NONE
>> > SSL-Session:
>> >     Protocol  : TLSv1.2
>> >     Cipher    : ECDHE-RSA-AES128-GCM-SHA256
>> >     Session-ID:
>> > 0F1D94EB43646490A6FAFE006BEC3149C48B8A11ACA71CD7B04FD6FA9EAFA0CC
>> >     Session-ID-ctx:
>> >     Master-Key:
>> >
>> > 3885305A1D2D8CCFB59A8C535ED0FD23388E774B6262EEF848A5E6B916C2471D1171A87A07AAF7D981916E2F57DDB8A1
>> >     Key-Arg   : None
>> >     Krb5 Principal: None
>> >     PSK identity: None
>> >     PSK identity hint: None
>> >     TLS session ticket:
>> >     0000 - f9 2d fc 2d 20 77 06 2a-eb 9d 85 e1 ea 9f 3a 82   .-.-
>> > w.*......:.
>> >     0010 - a1 c4 b2 10 89 ee 94 33-31 62 fe f4 44 3f e1 16
>> > .......31b..D?..
>> >     0020 - 4d af 2a 01 b6 f6 d2 62-b7 c2 a6 6c 75 d1 c3 a2
>> > M.*....b...lu...
>> >     0030 - 90 89 2f 22 eb 02 71 08-38 3b aa 7e ee 0f 39 ee
>> > ../"..q.8;.~..9.
>> >     0040 - 52 2e f2 1f 47 63 56 a8-65 79 01 7a ab 0d f7 de
>> > R...GcV.ey.z....
>> >     0050 - 13 b0 6c 49 58 23 46 dc-ec 00 9a 3c 95 3d 87 6c
>> > ..lIX#F....<.=.l
>> >     0060 - b2 da de d4 25 e6 94 87-                          ....%...
>> >
>> >     Start Time: 1455632113
>> >     Timeout   : 300 (sec)
>> >     Verify return code: 19 (self signed certificate in certificate
>> > chain)
>> > ---
>> >
>> > A couple of questions:
>> > 1.  Is there an environment variable I can set that lets me set the host
>> > name openshift console redirects to? (so i don't get redirected to an
>> > IP)
>> > 2.  Has anyone run into this issue with firefox?  Google seems to think
>> > its
>> > because firefox doesn't support the cipher.
>> >
>> > Any help would be greatly appreciated.
>> >
>> > Thanks
>> > Marc
>> >
>> > _______________________________________________
>> > users mailing list
>> > users lists openshift redhat com
>> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>> >
>
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]