[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Openshift Origin 11: SSH is only reachable from hosts in the same net-segment



Hi,

Define "after the deployment is nearly finished". Did it succeed? Or where did it fail?

Can you tell us more about your network?
- what is the subnet your openshift instances are located into?
- what is the subnet your broken connections are coming from?

Troubleshooting that issue, I would look at a tcpdump, on the NIC ssh connections should arrive from.
Look for TCP SYN packets not getting a SYN-ACK in response / broken handshake.
Look for "ARP who-has" requests referencing an IP that shouldn't be in OpenShift's subnet.
And obviously, look at the routes on your OpenShift nodes (ip r), ensure there's nothing overlapping with the subnet your ssh connections are coming from.

Eventually, look for iptables rules, and how many packets went through (iptables -vL), for each rule, over time (watch -n 2 xxx), which could help match a rule either blocking or diverting those connections.

Good luck,

Regards.



On Mon, Feb 4, 2019 at 6:22 PM Dan Steffen <dan steffen de googlemail com> wrote:

Hello

this is my first post in this list please excuse my mistakes but since some
days I try to setup an openshift-origin-cluster on centos 7 in our company
network but after the deployment with ansible is nearly finished the
ssh-port will be blocked. It looks like that the cluster is running but the
master (and the nodes) only reachable with ssh from hosts in the same
network segment.

My exactly doing at the moment is that I try to following this
introduction[1] and after the installation of mentioned packages and the
distrubtion of the ssh-keys to the servers.
I try to deploy openshift with this inventory-configuration

<code>
[OSEv3:children]
masters
nodes
etcd

[OSEv3:vars]
ansible_ssh_user=root
openshift_deployment_type=origin

openshift_master_identity_providers=[

{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}

]
openshift_master_default_subdomain=apps.srv.world
openshift_docker_insecure_registries=172.30.0.0/16
openshift_http_proxy=http://proxy.example.com:8080
openshift_https_proxy=http://proxy.example.com:8080
openshift_no_proxy='.example.com'
osm_cluster_network_cidr=10.233.0.0/18

[masters]
alm-okd-1.example.com openshift_schedulable=true containerized=false

[etcd]
alm-okd-1.example.com

[nodes]
alm-okd-1.example.com openshift_node_group_name='node-config-master-infra'
alm-okd-2.example.com openshift_node_group_name='node-config-compute'
alm-okd-3.example.com openshift_node_group_name='node-config-compute'
</code>

I think there is an entry in my configuration missing but I don't know
entry is missing or malconfigured, maybe someone can give me a hint what I
am doing wrong or give me an example of an working inventory? I would very
thanksful because at the moment I have no idea why this don't work
best regards
Dan


[1] https://www.server-world.info/en/note?os=CentOS_7&p=openshift311&f=1

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


--
Samuel Martín Moro
{EPITECH.} 2011

"Nobody wants to say how this works.
 Maybe nobody knows ..."
                      Xorg.conf(5)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]