-
-
Save dav1x/4921437e3b50475724671e914d745eda to your computer and use it in GitHub Desktop.
| [root@e2e-vsphere1:~] vim-cmd vmsvc/get.guest 388 | |
| Guest information: | |
| (vim.vm.GuestInfo) { | |
| toolsStatus = "toolsOk", | |
| toolsVersionStatus = "guestToolsUnmanaged", | |
| toolsVersionStatus2 = "guestToolsUnmanaged", | |
| toolsRunningStatus = "guestToolsRunning", | |
| toolsVersion = "10277", | |
| toolsInstallType = "guestToolsTypeOpenVMTools", | |
| toolsUpdateStatus = (vim.vm.GuestInfo.ToolsUpdateStatus) null, | |
| guestId = "rhel7_64Guest", | |
| guestFamily = "linuxGuest", | |
| guestFullName = "Red Hat Enterprise Linux 7 (64-bit)", | |
| hostName = "master-1", | |
| ipAddress = "172.16.2.1", | |
| net = (vim.vm.GuestInfo.NicInfo) [ | |
| (vim.vm.GuestInfo.NicInfo) { | |
| network = <unset>, | |
| ipAddress = (string) [ | |
| "172.16.2.1", | |
| "fe80::bcab:1fff:fe84:fb2d" | |
| ], | |
| macAddress = "be:ab:1f:84:fb:2d", | |
| connected = true, | |
| deviceConfigId = -1, | |
| dnsConfig = (vim.net.DnsConfigInfo) null, | |
| ipConfig = (vim.net.IpConfigInfo) { | |
| ipAddress = (vim.net.IpConfigInfo.IpAddress) [ | |
| (vim.net.IpConfigInfo.IpAddress) { | |
| ipAddress = "172.16.2.1", | |
| prefixLength = 23, | |
| origin = <unset>, | |
| state = "preferred", | |
| lifetime = <unset> | |
| }, | |
| (vim.net.IpConfigInfo.IpAddress) { | |
| ipAddress = "fe80::bcab:1fff:fe84:fb2d", | |
| prefixLength = 64, | |
| origin = <unset>, | |
| state = "unknown", | |
| lifetime = <unset> | |
| } | |
| ], | |
| dhcp = (vim.net.DhcpConfigInfo) null, | |
| autoConfigurationEnabled = <unset> | |
| }, | |
| netBIOSConfig = (vim.net.NetBIOSConfigInfo) null | |
| }, | |
| (vim.vm.GuestInfo.NicInfo) { | |
| network = <unset>, | |
| ipAddress = (string) [ | |
| "fe80::b43c:d9ff:febb:c495" | |
| ], | |
| macAddress = "b6:3c:d9:bb:c4:95", | |
| connected = true, | |
| deviceConfigId = -1, | |
| dnsConfig = (vim.net.DnsConfigInfo) null, | |
| ipConfig = (vim.net.IpConfigInfo) { | |
| ipAddress = (vim.net.IpConfigInfo.IpAddress) [ | |
| (vim.net.IpConfigInfo.IpAddress) { | |
| ipAddress = "fe80::b43c:d9ff:febb:c495", | |
| prefixLength = 64, | |
| origin = <unset>, | |
| state = "unknown", | |
| lifetime = <unset> | |
| } | |
| ], | |
| dhcp = (vim.net.DhcpConfigInfo) null, | |
| autoConfigurationEnabled = <unset> | |
| }, | |
| netBIOSConfig = (vim.net.NetBIOSConfigInfo) null | |
| }, | |
| (vim.vm.GuestInfo.NicInfo) { | |
| network = <unset>, | |
| ipAddress = <unset>, | |
| macAddress = "b6:56:82:ca:64:4a", | |
| connected = true, | |
| deviceConfigId = -1, | |
| dnsConfig = (vim.net.DnsConfigInfo) null, | |
| ipConfig = (vim.net.IpConfigInfo) { | |
| ipAddress = <unset>, | |
| dhcp = (vim.net.DhcpConfigInfo) null, | |
| autoConfigurationEnabled = <unset> | |
| }, | |
| netBIOSConfig = (vim.net.NetBIOSConfigInfo) null | |
| }, | |
| (vim.vm.GuestInfo.NicInfo) { | |
| network = "external", | |
| ipAddress = (string) [ | |
| "10.19.114.242", | |
| "fe80::250:56ff:fea5:14ab", | |
| "2620:52:0:1372:250:56ff:fea5:14ab" | |
| ], | |
| macAddress = "00:50:56:a5:14:ab", | |
| connected = true, | |
| deviceConfigId = 4000, | |
| dnsConfig = (vim.net.DnsConfigInfo) null, | |
| ipConfig = (vim.net.IpConfigInfo) { | |
| ipAddress = (vim.net.IpConfigInfo.IpAddress) [ | |
| (vim.net.IpConfigInfo.IpAddress) { | |
| ipAddress = "10.19.114.242", | |
| prefixLength = 23, | |
| origin = <unset>, | |
| state = "preferred", | |
| lifetime = <unset> | |
| }, | |
| (vim.net.IpConfigInfo.IpAddress) { | |
| ipAddress = "fe80::250:56ff:fea5:14ab", | |
| prefixLength = 64, | |
| origin = <unset>, | |
| state = "unknown", | |
| lifetime = <unset> | |
| }, | |
| (vim.net.IpConfigInfo.IpAddress) { | |
| ipAddress = "2620:52:0:1372:250:56ff:fea5:14ab", | |
| prefixLength = 64, | |
| origin = <unset>, | |
| state = "unknown", | |
| lifetime = <unset> | |
| } | |
| ], | |
| dhcp = (vim.net.DhcpConfigInfo) null, | |
| autoConfigurationEnabled = <unset> | |
| }, | |
| netBIOSConfig = (vim.net.NetBIOSConfigInfo) null | |
| }, | |
| (vim.vm.GuestInfo.NicInfo) { | |
| network = <unset>, | |
| ipAddress = <unset>, | |
| macAddress = "a6:f3:ba:e4:4d:25", | |
| connected = true, | |
| deviceConfigId = -1, | |
| dnsConfig = (vim.net.DnsConfigInfo) null, | |
| ipConfig = (vim.net.IpConfigInfo) { | |
| ipAddress = <unset>, | |
| dhcp = (vim.net.DhcpConfigInfo) null, | |
| autoConfigurationEnabled = <unset> | |
| }, | |
| netBIOSConfig = (vim.net.NetBIOSConfigInfo) null | |
| }, | |
| (vim.vm.GuestInfo.NicInfo) { | |
| network = <unset>, | |
| ipAddress = (string) [ | |
| "172.17.0.1" | |
| ], | |
| macAddress = "02:42:42:8e:79:e8", | |
| connected = true, | |
| deviceConfigId = -1, | |
| dnsConfig = (vim.net.DnsConfigInfo) null, | |
| ipConfig = (vim.net.IpConfigInfo) { | |
| ipAddress = (vim.net.IpConfigInfo.IpAddress) [ | |
| (vim.net.IpConfigInfo.IpAddress) { | |
| ipAddress = "172.17.0.1", | |
| prefixLength = 16, | |
| origin = <unset>, | |
| state = "preferred", | |
| lifetime = <unset> | |
| } | |
| ], | |
| dhcp = (vim.net.DhcpConfigInfo) null, | |
| autoConfigurationEnabled = <unset> | |
| }, | |
| netBIOSConfig = (vim.net.NetBIOSConfigInfo) null | |
| } | |
| ], | |
| ipStack = (vim.vm.GuestInfo.StackInfo) [ | |
| (vim.vm.GuestInfo.StackInfo) { | |
| dnsConfig = (vim.net.DnsConfigInfo) { | |
| dhcp = false, | |
| hostName = "master-1", | |
| domainName = "ci.e2e.bos.redhat.com", | |
| ipAddress = (string) [ | |
| "10.19.114.242" | |
| ], | |
| searchDomain = (string) [ | |
| "ci.e2e.bos.redhat.com", | |
| "cluster.local" | |
| ] | |
| }, | |
| ipRouteConfig = (vim.net.IpRouteConfigInfo) { | |
| ipRoute = (vim.net.IpRouteConfigInfo.IpRoute) [ | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "0.0.0.0", | |
| prefixLength = 0, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = "10.19.115.254", | |
| device = "3" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "10.19.114.0", | |
| prefixLength = 23, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "3" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "172.16.0.0", | |
| prefixLength = 16, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "0" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "172.17.0.0", | |
| prefixLength = 16, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "5" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "172.30.0.0", | |
| prefixLength = 16, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "0" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "2620:52:0:1372::", | |
| prefixLength = 64, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "3" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "fe80::", | |
| prefixLength = 64, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "3" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "fe80::", | |
| prefixLength = 64, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "1" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "fe80::", | |
| prefixLength = 64, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "0" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "::", | |
| prefixLength = 0, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = "fe80::1fe", | |
| device = "3" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "ff00::", | |
| prefixLength = 8, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "3" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "ff00::", | |
| prefixLength = 8, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "1" | |
| } | |
| }, | |
| (vim.net.IpRouteConfigInfo.IpRoute) { | |
| network = "ff00::", | |
| prefixLength = 8, | |
| gateway = (vim.net.IpRouteConfigInfo.Gateway) { | |
| ipAddress = <unset>, | |
| device = "0" | |
| } | |
| } | |
| ] | |
| }, | |
| ipStackConfig = <unset>, | |
| dhcpConfig = (vim.net.DhcpConfigInfo) null | |
| } | |
| ], | |
| disk = (vim.vm.GuestInfo.DiskInfo) [ | |
| (vim.vm.GuestInfo.DiskInfo) { | |
| diskPath = "/", | |
| capacity = 59037143040, | |
| freeSpace = 55991943168 | |
| }, | |
| (vim.vm.GuestInfo.DiskInfo) { | |
| diskPath = "/boot", | |
| capacity = 520794112, | |
| freeSpace = 292384768 | |
| }, | |
| (vim.vm.GuestInfo.DiskInfo) { | |
| diskPath = "/tmp", | |
| capacity = 59037143040, | |
| freeSpace = 55991943168 | |
| }, | |
| (vim.vm.GuestInfo.DiskInfo) { | |
| diskPath = "/var/tmp", | |
| capacity = 59037143040, | |
| freeSpace = 55991943168 | |
| }, | |
| (vim.vm.GuestInfo.DiskInfo) { | |
| diskPath = "/var/lib/docker", | |
| capacity = 42924511232, | |
| freeSpace = 42890612736 | |
| }, | |
| (vim.vm.GuestInfo.DiskInfo) { | |
| diskPath = "/var/lib/origin/openshift.local.volumes", | |
| capacity = 42928701440, | |
| freeSpace = 42894929920 | |
| }, | |
| (vim.vm.GuestInfo.DiskInfo) { | |
| diskPath = "/var/lib/etcd", | |
| capacity = 40778076160, | |
| freeSpace = 40407949312 | |
| } | |
| ], | |
| screen = (vim.vm.GuestInfo.ScreenInfo) { | |
| width = 1280, | |
| height = 768 | |
| }, | |
| guestState = "running", | |
| powerPolicy = (vim.vm.PowerPolicy) null, | |
| appHeartbeatStatus = "appStatusGray", | |
| guestKernelCrashed = false, | |
| appState = "none", | |
| guestOperationsReady = true, | |
| interactiveGuestOperationsReady = false, | |
| guestStateChangeSupported = true, | |
| generationInfo = <unset> | |
| } |
[Global]
user = "[email protected]"
password = "x"
server = "x.x.x.x"
port = 443
insecure-flag = 1
datacenter = Boston
datastore = ose3-vmware-prod
working-dir = /Boston/vm/ocp37/
[Network]
public-network = "external"
[Disk]
scsicontrollertype = pvscsi
default via 10.19.115.254 dev ens192 proto static metric 100
10.19.114.0/23 dev ens192 proto kernel scope link src 10.19.114.242 metric 100
172.16.0.0/16 dev tun0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.30.0.0/16 dev tun0
NAME STATUS AGE VERSION EXTERNAL-IP OS-IMAGE KERNEL-VERSION
app-0 Ready 1h v1.7.6+a08f5eeb62 10.19.114.244 Unknown 3.10.0-693.el7.x86_64
infra-0 Ready 1h v1.7.6+a08f5eeb62 10.19.114.245 Unknown 3.10.0-693.el7.x86_64
master-0 Ready,SchedulingDisabled 1h v1.7.6+a08f5eeb62 10.19.114.241 Unknown 3.10.0-693.el7.x86_64
master-1 Ready,SchedulingDisabled 1h v1.7.6+a08f5eeb62 10.19.114.242 Unknown 3.10.0-693.el7.x86_64
master-2 Ready,SchedulingDisabled 1h v1.7.6+a08f5eeb62 10.19.114.243 Unknown 3.10.0-693.el7.x86_64
3.6 working ip route
default via 10.19.115.254 dev ens192 proto static metric 100
10.19.114.0/23 dev ens192 proto kernel scope link src 10.19.114.226 metric 100
172.16.0.0/16 dev tun0 proto kernel scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.30.0.0/16 dev tun0 scope link
Generated by iptables-save v1.4.21 on Thu Jan 11 20:05:18 2018
*nat
:PREROUTING ACCEPT [16:1794]
:INPUT ACCEPT [13:1078]
:OUTPUT ACCEPT [6:658]
:POSTROUTING ACCEPT [6:658]
:DOCKER - [0:0]
:KUBE-HOSTPORTS - [0:0]
:KUBE-MARK-DROP - [0:0]
:KUBE-MARK-MASQ - [0:0]
:KUBE-NODEPORT-CONTAINER - [0:0]
:KUBE-NODEPORT-HOST - [0:0]
:KUBE-NODEPORTS - [0:0]
:KUBE-PORTALS-CONTAINER - [0:0]
:KUBE-PORTALS-HOST - [0:0]
:KUBE-POSTROUTING - [0:0]
:KUBE-SEP-5BAZ35A2YVTTKLKO - [0:0]
:KUBE-SEP-5OCOLCINTIWRQHAV - [0:0]
:KUBE-SEP-6DGWQWSM54NCVTMO - [0:0]
:KUBE-SEP-7XZ3KWKYSEZZEOLC - [0:0]
:KUBE-SEP-F75SBREJTTMFN4TG - [0:0]
:KUBE-SEP-FQZ7LGEIRRUPQJHB - [0:0]
:KUBE-SEP-HTN2UZU3FDVHKVEJ - [0:0]
:KUBE-SEP-JHOC4KHQ2BMPEAOL - [0:0]
:KUBE-SEP-LVXNAWOKTZZIDF5G - [0:0]
:KUBE-SEP-MAC32CYLLIID6LK5 - [0:0]
:KUBE-SEP-N2RNVK5VTRWIGNQK - [0:0]
:KUBE-SEP-QNC53B67BTLXUS7R - [0:0]
:KUBE-SEP-SNZ6XHVJERM2KH4F - [0:0]
:KUBE-SEP-TNSTHOWKQC5U6OBL - [0:0]
:KUBE-SEP-X5T6SFD26EXME3NB - [0:0]
:KUBE-SEP-XKV34HDRSHMMR4OA - [0:0]
:KUBE-SERVICES - [0:0]
:KUBE-SVC-3VQ6B3MLH7E2SZT4 - [0:0]
:KUBE-SVC-45FDQWGIHPUKH23I - [0:0]
:KUBE-SVC-4JCRTMMYZAAYMIJ2 - [0:0]
:KUBE-SVC-52XAELSJYS7XYM5B - [0:0]
:KUBE-SVC-BA6I5HTZKAAAJT56 - [0:0]
:KUBE-SVC-DEGCXZMVXZMJS2KL - [0:0]
:KUBE-SVC-GQKZAHCS5DTMHUQ6 - [0:0]
:KUBE-SVC-IKV43KYNCXS2W7KZ - [0:0]
:KUBE-SVC-LY4FCGCV5NJRTFFA - [0:0]
:KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0]
:KUBE-SVC-OEA2LYDHMQ4UNN5R - [0:0]
:KUBE-SVC-RUZHPZDKZFEX47D4 - [0:0]
:OPENSHIFT-MASQUERADE - [0:0]
-A PREROUTING -m comment --comment "handle ClusterIPs; NOTE: this must be before the NodePort rules" -j KUBE-PORTALS-CONTAINER
-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A PREROUTING -m addrtype --dst-type LOCAL -m comment --comment "handle service NodePorts; NOTE: this must be the last rule in the chain" -j KUBE-NODEPORT-CONTAINER
-A PREROUTING -m comment --comment "kube hostport portals" -m addrtype --dst-type LOCAL -j KUBE-HOSTPORTS
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT -m comment --comment "handle ClusterIPs; NOTE: this must be before the NodePort rules" -j KUBE-PORTALS-HOST
-A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A OUTPUT -m addrtype --dst-type LOCAL -m comment --comment "handle service NodePorts; NOTE: this must be the last rule in the chain" -j KUBE-NODEPORT-HOST
-A OUTPUT -m comment --comment "kube hostport portals" -m addrtype --dst-type LOCAL -j KUBE-HOSTPORTS
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -m comment --comment "rules for masquerading OpenShift traffic" -j OPENSHIFT-MASQUERADE
-A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING
-A POSTROUTING -s 127.0.0.0/8 -o tun0 -m comment --comment "SNAT for localhost access to hostports" -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A KUBE-MARK-DROP -j MARK --set-xmark 0x8000/0x8000
-A KUBE-MARK-MASQ -j MARK --set-xmark 0x1/0x1
-A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x1/0x1 -j MASQUERADE
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE
-A KUBE-SEP-5BAZ35A2YVTTKLKO -s 10.19.114.243/32 -m comment --comment "default/kubernetes:dns-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-5BAZ35A2YVTTKLKO -p tcp -m comment --comment "default/kubernetes:dns-tcp" -m recent --set --name KUBE-SEP-5BAZ35A2YVTTKLKO --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.19.114.243:8053
-A KUBE-SEP-5OCOLCINTIWRQHAV -s 172.16.6.3/32 -m comment --comment "default/registry-console:registry-console" -j KUBE-MARK-MASQ
-A KUBE-SEP-5OCOLCINTIWRQHAV -p tcp -m comment --comment "default/registry-console:registry-console" -m tcp -j DNAT --to-destination 172.16.6.3:9090
-A KUBE-SEP-6DGWQWSM54NCVTMO -s 10.19.114.242/32 -m comment --comment "default/kubernetes:dns-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-6DGWQWSM54NCVTMO -p tcp -m comment --comment "default/kubernetes:dns-tcp" -m recent --set --name KUBE-SEP-6DGWQWSM54NCVTMO --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.19.114.242:8053
-A KUBE-SEP-7XZ3KWKYSEZZEOLC -s 10.19.114.242/32 -m comment --comment "default/kubernetes:dns" -j KUBE-MARK-MASQ
-A KUBE-SEP-7XZ3KWKYSEZZEOLC -p udp -m comment --comment "default/kubernetes:dns" -m recent --set --name KUBE-SEP-7XZ3KWKYSEZZEOLC --mask 255.255.255.255 --rsource -m udp -j DNAT --to-destination 10.19.114.242:8053
-A KUBE-SEP-F75SBREJTTMFN4TG -s 10.19.114.245/32 -m comment --comment "default/router:443-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-F75SBREJTTMFN4TG -p tcp -m comment --comment "default/router:443-tcp" -m tcp -j DNAT --to-destination 10.19.114.245:443
-A KUBE-SEP-FQZ7LGEIRRUPQJHB -s 10.19.114.245/32 -m comment --comment "default/router:80-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-FQZ7LGEIRRUPQJHB -p tcp -m comment --comment "default/router:80-tcp" -m tcp -j DNAT --to-destination 10.19.114.245:80
-A KUBE-SEP-HTN2UZU3FDVHKVEJ -s 10.19.114.241/32 -m comment --comment "default/kubernetes:dns" -j KUBE-MARK-MASQ
-A KUBE-SEP-HTN2UZU3FDVHKVEJ -p udp -m comment --comment "default/kubernetes:dns" -m recent --set --name KUBE-SEP-HTN2UZU3FDVHKVEJ --mask 255.255.255.255 --rsource -m udp -j DNAT --to-destination 10.19.114.241:8053
-A KUBE-SEP-JHOC4KHQ2BMPEAOL -s 10.19.114.241/32 -m comment --comment "default/kubernetes:dns-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-JHOC4KHQ2BMPEAOL -p tcp -m comment --comment "default/kubernetes:dns-tcp" -m recent --set --name KUBE-SEP-JHOC4KHQ2BMPEAOL --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.19.114.241:8053
-A KUBE-SEP-LVXNAWOKTZZIDF5G -s 172.16.0.4/32 -m comment --comment "kube-service-catalog/apiserver:secure" -j KUBE-MARK-MASQ
-A KUBE-SEP-LVXNAWOKTZZIDF5G -p tcp -m comment --comment "kube-service-catalog/apiserver:secure" -m tcp -j DNAT --to-destination 172.16.0.4:6443
-A KUBE-SEP-MAC32CYLLIID6LK5 -s 10.19.114.245/32 -m comment --comment "default/router:1936-tcp" -j KUBE-MARK-MASQ
-A KUBE-SEP-MAC32CYLLIID6LK5 -p tcp -m comment --comment "default/router:1936-tcp" -m tcp -j DNAT --to-destination 10.19.114.245:1936
-A KUBE-SEP-N2RNVK5VTRWIGNQK -s 172.16.6.7/32 -m comment --comment "openshift-template-service-broker/apiserver:" -j KUBE-MARK-MASQ
-A KUBE-SEP-N2RNVK5VTRWIGNQK -p tcp -m comment --comment "openshift-template-service-broker/apiserver:" -m tcp -j DNAT --to-destination 172.16.6.7:8443
-A KUBE-SEP-QNC53B67BTLXUS7R -s 10.19.114.243/32 -m comment --comment "default/kubernetes:dns" -j KUBE-MARK-MASQ
-A KUBE-SEP-QNC53B67BTLXUS7R -p udp -m comment --comment "default/kubernetes:dns" -m recent --set --name KUBE-SEP-QNC53B67BTLXUS7R --mask 255.255.255.255 --rsource -m udp -j DNAT --to-destination 10.19.114.243:8053
-A KUBE-SEP-SNZ6XHVJERM2KH4F -s 172.16.0.5/32 -m comment --comment "kube-service-catalog/controller-manager:" -j KUBE-MARK-MASQ
-A KUBE-SEP-SNZ6XHVJERM2KH4F -p tcp -m comment --comment "kube-service-catalog/controller-manager:" -m tcp -j DNAT --to-destination 172.16.0.5:6443
-A KUBE-SEP-TNSTHOWKQC5U6OBL -s 10.19.114.243/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ
-A KUBE-SEP-TNSTHOWKQC5U6OBL -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-TNSTHOWKQC5U6OBL --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.19.114.243:8443
-A KUBE-SEP-X5T6SFD26EXME3NB -s 10.19.114.241/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ
-A KUBE-SEP-X5T6SFD26EXME3NB -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-X5T6SFD26EXME3NB --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.19.114.241:8443
-A KUBE-SEP-XKV34HDRSHMMR4OA -s 10.19.114.242/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ
-A KUBE-SEP-XKV34HDRSHMMR4OA -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-XKV34HDRSHMMR4OA --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 10.19.114.242:8443
-A KUBE-SERVICES -d 172.30.38.61/32 -p tcp -m comment --comment "kube-service-catalog/controller-manager: cluster IP" -m tcp --dport 6443 -j KUBE-SVC-RUZHPZDKZFEX47D4
-A KUBE-SERVICES -d 172.30.15.246/32 -p tcp -m comment --comment "openshift-ansible-service-broker/asb:port-1338 cluster IP" -m tcp --dport 1338 -j KUBE-SVC-LY4FCGCV5NJRTFFA
-A KUBE-SERVICES -d 172.30.18.154/32 -p tcp -m comment --comment "openshift-ansible-service-broker/asb-etcd:port-2379 cluster IP" -m tcp --dport 2379 -j KUBE-SVC-OEA2LYDHMQ4UNN5R
-A KUBE-SERVICES -d 172.30.96.116/32 -p tcp -m comment --comment "openshift-template-service-broker/apiserver: cluster IP" -m tcp --dport 443 -j KUBE-SVC-45FDQWGIHPUKH23I
-A KUBE-SERVICES -d 172.30.0.1/32 -p udp -m comment --comment "default/kubernetes:dns cluster IP" -m udp --dport 53 -j KUBE-SVC-3VQ6B3MLH7E2SZT4
-A KUBE-SERVICES -d 172.30.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
-A KUBE-SERVICES -d 172.30.123.206/32 -p tcp -m comment --comment "default/router:80-tcp cluster IP" -m tcp --dport 80 -j KUBE-SVC-GQKZAHCS5DTMHUQ6
-A KUBE-SERVICES -d 172.30.123.206/32 -p tcp -m comment --comment "default/router:443-tcp cluster IP" -m tcp --dport 443 -j KUBE-SVC-IKV43KYNCXS2W7KZ
-A KUBE-SERVICES -d 172.30.123.206/32 -p tcp -m comment --comment "default/router:1936-tcp cluster IP" -m tcp --dport 1936 -j KUBE-SVC-4JCRTMMYZAAYMIJ2
-A KUBE-SERVICES -d 172.30.173.65/32 -p tcp -m comment --comment "default/registry-console:registry-console cluster IP" -m tcp --dport 9000 -j KUBE-SVC-DEGCXZMVXZMJS2KL
-A KUBE-SERVICES -d 172.30.172.88/32 -p tcp -m comment --comment "kube-service-catalog/apiserver:secure cluster IP" -m tcp --dport 443 -j KUBE-SVC-52XAELSJYS7XYM5B
-A KUBE-SERVICES -d 172.30.0.1/32 -p tcp -m comment --comment "default/kubernetes:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-SVC-BA6I5HTZKAAAJT56
-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
-A KUBE-SVC-3VQ6B3MLH7E2SZT4 -m comment --comment "default/kubernetes:dns" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-HTN2UZU3FDVHKVEJ --mask 255.255.255.255 --rsource -j KUBE-SEP-HTN2UZU3FDVHKVEJ
-A KUBE-SVC-3VQ6B3MLH7E2SZT4 -m comment --comment "default/kubernetes:dns" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-7XZ3KWKYSEZZEOLC --mask 255.255.255.255 --rsource -j KUBE-SEP-7XZ3KWKYSEZZEOLC
-A KUBE-SVC-3VQ6B3MLH7E2SZT4 -m comment --comment "default/kubernetes:dns" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-QNC53B67BTLXUS7R --mask 255.255.255.255 --rsource -j KUBE-SEP-QNC53B67BTLXUS7R
-A KUBE-SVC-3VQ6B3MLH7E2SZT4 -m comment --comment "default/kubernetes:dns" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-HTN2UZU3FDVHKVEJ
-A KUBE-SVC-3VQ6B3MLH7E2SZT4 -m comment --comment "default/kubernetes:dns" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-7XZ3KWKYSEZZEOLC
-A KUBE-SVC-3VQ6B3MLH7E2SZT4 -m comment --comment "default/kubernetes:dns" -j KUBE-SEP-QNC53B67BTLXUS7R
-A KUBE-SVC-45FDQWGIHPUKH23I -m comment --comment "openshift-template-service-broker/apiserver:" -j KUBE-SEP-N2RNVK5VTRWIGNQK
-A KUBE-SVC-4JCRTMMYZAAYMIJ2 -m comment --comment "default/router:1936-tcp" -j KUBE-SEP-MAC32CYLLIID6LK5
-A KUBE-SVC-52XAELSJYS7XYM5B -m comment --comment "kube-service-catalog/apiserver:secure" -j KUBE-SEP-LVXNAWOKTZZIDF5G
-A KUBE-SVC-BA6I5HTZKAAAJT56 -m comment --comment "default/kubernetes:dns-tcp" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-JHOC4KHQ2BMPEAOL --mask 255.255.255.255 --rsource -j KUBE-SEP-JHOC4KHQ2BMPEAOL
-A KUBE-SVC-BA6I5HTZKAAAJT56 -m comment --comment "default/kubernetes:dns-tcp" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-6DGWQWSM54NCVTMO --mask 255.255.255.255 --rsource -j KUBE-SEP-6DGWQWSM54NCVTMO
-A KUBE-SVC-BA6I5HTZKAAAJT56 -m comment --comment "default/kubernetes:dns-tcp" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-5BAZ35A2YVTTKLKO --mask 255.255.255.255 --rsource -j KUBE-SEP-5BAZ35A2YVTTKLKO
-A KUBE-SVC-BA6I5HTZKAAAJT56 -m comment --comment "default/kubernetes:dns-tcp" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-JHOC4KHQ2BMPEAOL
-A KUBE-SVC-BA6I5HTZKAAAJT56 -m comment --comment "default/kubernetes:dns-tcp" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-6DGWQWSM54NCVTMO
-A KUBE-SVC-BA6I5HTZKAAAJT56 -m comment --comment "default/kubernetes:dns-tcp" -j KUBE-SEP-5BAZ35A2YVTTKLKO
-A KUBE-SVC-DEGCXZMVXZMJS2KL -m comment --comment "default/registry-console:registry-console" -j KUBE-SEP-5OCOLCINTIWRQHAV
-A KUBE-SVC-GQKZAHCS5DTMHUQ6 -m comment --comment "default/router:80-tcp" -j KUBE-SEP-FQZ7LGEIRRUPQJHB
-A KUBE-SVC-IKV43KYNCXS2W7KZ -m comment --comment "default/router:443-tcp" -j KUBE-SEP-F75SBREJTTMFN4TG
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-X5T6SFD26EXME3NB --mask 255.255.255.255 --rsource -j KUBE-SEP-X5T6SFD26EXME3NB
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-XKV34HDRSHMMR4OA --mask 255.255.255.255 --rsource -j KUBE-SEP-XKV34HDRSHMMR4OA
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 10800 --reap --name KUBE-SEP-TNSTHOWKQC5U6OBL --mask 255.255.255.255 --rsource -j KUBE-SEP-TNSTHOWKQC5U6OBL
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-X5T6SFD26EXME3NB
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-XKV34HDRSHMMR4OA
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-TNSTHOWKQC5U6OBL
-A KUBE-SVC-RUZHPZDKZFEX47D4 -m comment --comment "kube-service-catalog/controller-manager:" -j KUBE-SEP-SNZ6XHVJERM2KH4F
-A OPENSHIFT-MASQUERADE -s 172.16.0.0/16 -m comment --comment "masquerade pod-to-service and pod-to-external traffic" -j MASQUERADE
COMMIT
Completed on Thu Jan 11 20:05:19 2018
Generated by iptables-save v1.4.21 on Thu Jan 11 20:05:19 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [19997:8350958]
:DOCKER - [0:0]
:DOCKER-ISOLATION - [0:0]
:KUBE-FIREWALL - [0:0]
:KUBE-NODEPORT-NON-LOCAL - [0:0]
:KUBE-SERVICES - [0:0]
:OPENSHIFT-ADMIN-OUTPUT-RULES - [0:0]
:OPENSHIFT-FIREWALL-ALLOW - [0:0]
:OPENSHIFT-FIREWALL-FORWARD - [0:0]
:OS_FIREWALL_ALLOW - [0:0]
-A INPUT -m comment --comment "Ensure that non-local NodePort traffic can flow" -j KUBE-NODEPORT-NON-LOCAL
-A INPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A INPUT -m comment --comment "firewall overrides" -j OPENSHIFT-FIREWALL-ALLOW
-A INPUT -j KUBE-FIREWALL
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j OS_FIREWALL_ALLOW
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -i tun0 ! -o tun0 -m comment --comment "administrator overrides" -j OPENSHIFT-ADMIN-OUTPUT-RULES
-A FORWARD -m comment --comment "firewall overrides" -j OPENSHIFT-FIREWALL-FORWARD
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A OUTPUT -j KUBE-FIREWALL
-A DOCKER-ISOLATION -j RETURN
-A KUBE-FIREWALL -m comment --comment "kubernetes firewall for dropping marked packets" -m mark --mark 0x8000/0x8000 -j DROP
-A KUBE-SERVICES -d 172.30.15.246/32 -p tcp -m comment --comment "openshift-ansible-service-broker/asb:port-1338 has no endpoints" -m tcp --dport 1338 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 172.30.18.154/32 -p tcp -m comment --comment "openshift-ansible-service-broker/asb-etcd:port-2379 has no endpoints" -m tcp --dport 2379 -j REJECT --reject-with icmp-port-unreachable
-A OPENSHIFT-FIREWALL-ALLOW -p udp -m udp --dport 4789 -m comment --comment "VXLAN incoming" -j ACCEPT
-A OPENSHIFT-FIREWALL-ALLOW -i tun0 -m comment --comment "from SDN to localhost" -j ACCEPT
-A OPENSHIFT-FIREWALL-ALLOW -i docker0 -m comment --comment "from docker to localhost" -j ACCEPT
-A OPENSHIFT-FIREWALL-FORWARD -s 172.16.0.0/16 -m comment --comment "attempted resend after connection close" -m conntrack --ctstate INVALID -j DROP
-A OPENSHIFT-FIREWALL-FORWARD -d 172.16.0.0/16 -m comment --comment "forward traffic from SDN" -j ACCEPT
-A OPENSHIFT-FIREWALL-FORWARD -s 172.16.0.0/16 -m comment --comment "forward traffic to SDN" -j ACCEPT
-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 2379 -j ACCEPT
-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 2380 -j ACCEPT
-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 8443 -j ACCEPT
-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 8444 -j ACCEPT
-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 8053 -j ACCEPT
-A OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport 8053 -j ACCEPT
-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 10250 -j ACCEPT
-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport 4789 -j ACCEPT
COMMIT
Completed on Thu Jan 11 20:05:19 2018
[root@master-0 ~]#
[root@master-0 ~]# oc get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE
docker-registry-1-8vvk9 1/1 Running 0 54m 172.16.4.13 infra-0
[root@master-0 ~]# curl -kv 172.16.4.13:5000
- About to connect() to 172.16.4.13 port 5000 (#0)
- Trying 172.16.4.13...
- No route to host
- Failed connect to 172.16.4.13:5000; No route to host
- Closing connection 0
curl: (7) Failed connect to 172.16.4.13:5000; No route to host
[root@master-0 ~]# curl -kv 172.30.136.67:5000
- About to connect() to 172.30.136.67 port 5000 (#0)
- Trying 172.30.136.67...
- No route to host
- Failed connect to 172.30.136.67:5000; No route to host
- Closing connection 0
curl: (7) Failed connect to 172.30.136.67:5000; No route to host
[root@master-0 ~]# curl -vk $(oc get svc docker-registry -n default -o 'jsonpath={.spec.clusterIP}:{.spec.ports[0].port}')
- About to connect() to 172.30.136.67 port 5000 (#0)
- Trying 172.30.136.67...
- No route to host
- Failed connect to 172.30.136.67:5000; No route to host
- Closing connection 0
curl: (7) Failed connect to 172.30.136.67:5000; No route to host
[root@master-0 ~]# curl -vk $(oc get svc kubernetes -n default -o 'jsonpath={.spec.clusterIP}:{.spec.ports[0].port}') - About to connect() to 172.30.0.1 port 443 (#0)
- Trying 172.30.0.1...
- Connected to 172.30.0.1 (172.30.0.1) port 443 (#0)
GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: 172.30.0.1:443
Accept: /
- Connection #0 to host 172.30.0.1 left intact
[root@master-0 ~]# curl -vk $(oc get svc registry-console -n default -o 'jsonpath={.spec.clusterIP}:{.spec.ports[0].port}') - About to connect() to 172.30.223.98 port 9000 (#0)
- Trying 172.30.223.98...
- No route to host
- Failed connect to 172.30.223.98:9000; No route to host
- Closing connection 0
curl: (7) Failed connect to 172.30.223.98:9000; No route to host
[root@master-0 ~]# curl -vk $(oc get svc router -n default -o 'jsonpath={.spec.clusterIP}:{.spec.ports[0].port}') - About to connect() to 172.30.162.126 port 80 (#0)
- Trying 172.30.162.126...
- Connected to 172.30.162.126 (172.30.162.126) port 80 (#0)
GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: 172.30.162.126
Accept: /
- HTTP 1.0, assume close after body
< HTTP/1.0 503 Service Unavailable
< Pragma: no-cache
< Cache-Control: private, max-age=0, no-cache, no-store
< Connection: close
< Content-Type: text/html
<
[root@master-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:a5:14:ab brd ff:ff:ff:ff:ff:ff
inet 10.19.114.242/23 brd 10.19.115.255 scope global ens192
valid_lft forever preferred_lft forever
inet6 2620:52:0:1372:250:56ff:fea5:14ab/64 scope global mngtmpaddr dynamic
valid_lft 2591939sec preferred_lft 604739sec
inet6 fe80::250:56ff:fea5:14ab/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:42:8e:79:e8 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether a6:f3:ba:e4:4d:25 brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether b6:56:82:ca:64:4a brd ff:ff:ff:ff:ff:ff
9: vxlan_sys_4789: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65470 qdisc noqueue master ovs-system state UNKNOWN qlen 1000
link/ether b6:3c:d9:bb:c4:95 brd ff:ff:ff:ff:ff:ff
inet6 fe80::b43c:d9ff:febb:c495/64 scope link
valid_lft forever preferred_lft forever
10: tun0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000
link/ether be:ab:1f:84:fb:2d brd ff:ff:ff:ff:ff:ff
inet 172.16.2.1/23 brd 172.16.3.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::bcab:1fff:fe84:fb2d/64 scope link
valid_lft forever preferred_lft forever