[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

service-cluster-ip-range (ClusterIP) inaccessible off node



Hi Everyone,

I used the Openshift-on-openstack Heat templates.  I deployed the system, except for the docker-registry and did that by hand.  Here's my services.

I can curl 172.30.195.55:5000 on the master-0 where it's deployed, but not from any other nodes

```
[root ossdell-openshift-master-0 ~]# oc get services
NAME              CLUSTER-IP       EXTERNAL-IP   PORT(S)                   AGE
docker-registry   172.30.195.55    <none>        5000/TCP                  5m
kubernetes        172.30.0.1       <none>        443/TCP,53/UDP,53/TCP     1d
router            172.30.112.213   <none>        80/TCP,443/TCP,1936/TCP   1d
[root ossdell-openshift-master-0 ~]# curl -v 172.30.195.55:5000
* About to connect() to 172.30.195.55 port 5000 (#0)
*   Trying 172.30.195.55...
* Connected to 172.30.195.55 (172.30.195.55) port 5000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 172.30.195.55:5000
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: no-cache
< Date: Fri, 10 Jun 2016 16:21:33 GMT
< Content-Length: 0
< Content-Type: text/plain; charset=utf-8
<
* Connection #0 to host 172.30.195.55 left intact
[root ossdell-openshift-master-0 ~]#
```

Here's master-1 trying to curl:

```
[root ossdell-openshift-master-1 ~]# curl -v 172.30.195.55:5000
* About to connect() to 172.30.195.55 port 5000 (#0)
*   Trying 172.30.195.55...
* No route to host
* Failed connect to 172.30.195.55:5000; No route to host
* Closing connection 0
curl: (7) Failed connect to 172.30.195.55:5000; No route to host
```
And the routing table on master-1
```
[root ossdell-openshift-master-1 ~]# ip r
default via 192.168.0.1 dev eth0  proto static  metric 100
10.0.0.0/24 dev eth1  proto kernel  scope link  src 10.0.0.4  metric 100
172.30.25.0/24 dev docker0  proto kernel  scope link  src 172.30.25.1
172.30.62.0/24 via 10.0.0.5 dev eth1
172.30.95.0/24 via 10.0.0.6 dev eth1
172.30.97.0/24 via 10.0.0.7 dev eth1
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.6  metric 100
[root ossdell-openshift-master-1 ~]#
```

Flannel is running on all the nodes:

```
[root ossdell-openshift-master-1 ~]# ps -ef | grep flann
root 8615 1 0 Jun08 ? 00:00:13 /usr/bin/flanneld -etcd-endpoints=https://ossdell-openshift-master-0.example.com:2379,https://ossdell-openshift-master-1.example.com:2379 -etcd-prefix=/openshift.com/network --iface eth1 --etcd-cafile=/etc/origin/node/node.etcd-ca.crt --etcd-keyfile=/etc/origin/node/node.etcd-client.key --etcd-certfile=/etc/origin/node/node.etcd-client.crt
```

And my OpenStack has port_security_enabled everywhere:

```
[heat-admin tan-controller-0 ~]$ neutron net-list | tail -n +4 | awk '{print $2}' | xargs -n 1 neutron net-show  | grep port
| port_security_enabled     | True                                 |
| port_security_enabled     | True                                 |
| port_security_enabled     | True                                               |
| port_security_enabled     | True                                 |
| port_security_enabled     | True                                 |
```
So, is there a config that Flannel is missing to build up the route to 172.30.195.55 ?

I can curl the router just fine:

```
[root ossdell-openshift-node-gptvbd41 ~]# curl -v 172.30.112.213:80  | grep 200
* About to connect() to 172.30.112.213 port 80 (#0)
*   Trying 172.30.112.213...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to 172.30.112.213 (172.30.112.213) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 172.30.112.213
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 503 Service Unavailable
< Pragma: no-cache
< Cache-Control: private, max-age=0, no-cache, no-store
< Connection: close
< Content-Type: text/html
<
{ [data not shown]

```

Any idea what I can jostle to get flannel to deliver packets down to the service-cluster-ip-range (which I'm assuming the docker-registry IP comes from)

Thanks VERY much,
Judd (at Dell)

--
Judd Maltin
T: 917-882-1270
Of Life immense in passion, pulse, and power, 
Cheerful—for freest action form’d, under the laws divine, 
The Modern Man I sing. -Walt Whitman


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]