[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Router High Availability



Ram, any debugging ideas?

On Tue, Feb 16, 2016 at 3:20 AM, Fran Barrera <franbarrera6 gmail com> wrote:
> Hello Clayton,
>
> True, it was that, now I can access to this pod and watch the
> keepalived.conf but seems be correctly.
> From this node I can ping and telnet 80 correctly, but if I put this IP in
> the wildcard, I can't access to anything. If I try telnet VIP 80 from other
> Node I can't access.
>
> Regards.
>
> 2016-02-15 16:58 GMT+01:00 Clayton Coleman <ccoleman redhat com>:
>>
>> Are you logged in as a system admin when you try to rsh?  You can't
>> rsh into a pod unless you (the user) have access to the SCC.
>>
>> On Mon, Feb 15, 2016 at 10:44 AM, Fran Barrera <franbarrera6 gmail com>
>> wrote:
>> > Hello Clayton,
>> >
>> > The service account is router (I've tried to create a new service
>> > account
>> > for ipfailover but the same error). Yes, the SCC is privileged, if I
>> > edit
>> > this I can see the service account:
>> >
>> > - system:serviceaccount:default:router
>> >
>> > Regards.
>> >
>> > 2016-02-15 16:13 GMT+01:00 Clayton Coleman <ccoleman redhat com>:
>> >>
>> >> What service account is the ipfa-pod using, and can you verify that
>> >> the SCC correctly points to it?
>> >>
>> >> On Mon, Feb 15, 2016 at 8:53 AM, Fran Barrera <franbarrera6 gmail com>
>> >> wrote:
>> >> > If I try "oc rsh ipfa-pod" this is the output:
>> >> >
>> >> > Error from server: pods "ipfa-ha-router-1-2e2t7" is forbidden: unable
>> >> > to
>> >> > validate against any security context constraint: [provider
>> >> > restricted:
>> >> > .spec.securityContext.hostNetwork: invalid value 'true', Details:
>> >> > Host
>> >> > network is not allowed to be used provider restricted:
>> >> > .spec.containers[0].securityContext.privileged: invalid value 'true',
>> >> > Details: Privileged containers are not allowed provider restricted:
>> >> > .spec.containers[0].securityContext.VolumeMounts: invalid value
>> >> > 'lib-modules', Details: Host Volumes are not allowed to be used
>> >> > provider
>> >> > restricted:
>> >> > .spec.containers[0].securityContext.containers.0.hostPort:
>> >> > invalid value '1985', Details: Host ports are not allowed to be used]
>> >> >
>> >> > I've created the ip failover with the same scc that the router.
>> >> >
>> >> >
>> >> >
>> >> > 2016-02-15 13:54 GMT+01:00 Fran Barrera <franbarrera6 gmail com>:
>> >> >>
>> >> >> Hello,
>> >> >>
>> >> >> I've a problem to deploy router in HA. I've following the steps
>> >> >>
>> >> >> (https://docs.openshift.org/latest/admin_guide/high_availability.html).
>> >> >>
>> >> >> Everything was correct. I can see the VIP that I've assigned in the
>> >> >> Node:
>> >> >>
>> >> >> [root openshift-master1 ~]# ip addr show
>> >> >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> >> >> state
>> >> >> UP qlen 1000
>> >> >>     inet 192.168.0.77/16 brd 192.168.255.255 scope global dynamic
>> >> >> eth0
>> >> >>        valid_lft 80140sec preferred_lft 80140sec
>> >> >>     inet 10.14.128.155/32 scope global eth0
>> >> >>        valid_lft forever preferred_lft forever
>> >> >>
>> >> >> From this Node I can ping correctly, but from other node or other PC
>> >> >> I
>> >> >> can't access to this VIP, so I can't put his VIP in the DNS.
>> >> >>
>> >> >> It's like that the problem is Iptables of this node, but I'm not
>> >> >> sure,
>> >> >> so
>> >> >> I don't know what is happening.
>> >> >>
>> >> >> Any suggestions?
>> >> >>
>> >> >> Best Regards,
>> >> >> Fran.
>> >> >
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > users mailing list
>> >> > users lists openshift redhat com
>> >> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>> >> >
>> >
>> >
>
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]