Skip to content

Instantly share code, notes, and snippets.

@paolobueno

paolobueno/dockerc.xml

Last active December 11, 2017 15:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save paolobueno/1c33a0c5e7e6b833836099bb15ae24e9 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save paolobueno/1c33a0c5e7e6b833836099bb15ae24e9 to your computer and use it in GitHub Desktop.
Download ZIP
mcp troubleshooting
Raw
dockerc.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<source address="172.17.0.0/16"/>
<port port="8443" protocol="tcp"/>
<port port="53" protocol="udp"/>
<port port="8053" protocol="udp"/>
<port port="443" protocol="tcp"/>
</zone>
Raw
dockerps.log
# after failed installer.sh
# docker -ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4e10886e44f6 openshift/origin:v3.7.0-rc.0 "/usr/bin/openshif..." 59 seconds ago Up 58 seconds origin
f7922f377126 redis "docker-entrypoint..." 6 weeks ago Up 31 minutes 0.0.0.0:6379->6379/tcp redis
e2c914daf8b8 mongo "docker-entrypoint..." 6 weeks ago Up 31 minutes 0.0.0.0:27017->27017/tcp mongo
# after successful `oc cluster up`
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9bbb946be914 openshift/origin-pod:v3.7.0-rc.0 "/usr/bin/pod" 2 seconds ago Up 1 second k8s_POD_persistent-volume-setup-b2xtn_default_7c5bb6be-de76-11e7-8cd2-b82a729d4418_0
8d3914b8ae0b openshift/origin:v3.7.0-rc.0 "/usr/bin/openshif..." 37 seconds ago Up 36 seconds origin
f7922f377126 redis "docker-entrypoint..." 6 weeks ago Up 33 minutes 0.0.0.0:6379->6379/tcp redis
e2c914daf8b8 mongo "docker-entrypoint..." 6 weeks ago Up 33 minutes 0.0.0.0:27017->27017/tcp mongo
Raw
install.log
__ __ ____ ____
| \/ |/ ___| _ \
| |\/| | | | |_) |
| | | | |___| __/
|_| |_|\____|_|
Checking Docker version. Should be using Stable channel
✓ Docker check passed.
Checking NPM exists
✓ NPM check passed.
Checking Python exists
✓ Python check passed.
Checking Python version. Should be >= 2.7
✓ Python check passed.
Checking Ansible exists
✓ Ansible check passed.
Checking Ansible version. Should be >= 2.3
✓ Ansible check passed.
Checking OpenShift client tools exists
✓ OpenShift Client Tools check passed.
Checking OpenShift client tools version. Should be >= 3.7
✓ OpenShift Client Tools check passed.
The Mobile Control Panel installer requires valid DockerHub credentials
to communicate with the DockerHub API. If you enter invalid credentials or then
Mobile Services will not be available in the Service Catalog.
DockerHub Username: DockerHub Password:
Checking DockerHub credentials are valid...
Credentials are valid. Continuing...
DockerHub Tag (Defaults to latest): DockerHub Orgnisation (Defaults to feedhenry): Wildcard DNS Host (Defaults to nip.io): Performing and clean and running the installer. You will be asked for your password.
Installing roles to /home/paolo/go/src/github.com/feedhenry/mcp-standalone/installer/roles
[WARNING]: - openshift-origin-client-tools (v1.0.3) is already installed - use --force to
change version to unspecified
[WARNING]: - install-socat (master) is already installed - use --force to change version to
unspecified
Skipping OpenShift client tools installation...
[WARNING]: Unable to parse /etc/ansible/hosts as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: Could not match supplied host pattern, ignoring: all
[WARNING]: provided hosts list is empty, only localhost is available
[DEPRECATION WARNING]: The use of 'include' for tasks has been deprecated. Use 'import_tasks'
for static inclusions or 'include_tasks' for dynamic inclusions. This feature will be removed
in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False
in ansible.cfg.
[DEPRECATION WARNING]: include is kept for backwards compatibility but usage is discouraged.
The module documentation details page may explain more about this rationale.. This feature will
be removed in a future release. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
[WARNING]: Found variable using reserved name: roles
PLAY [Setup OpenShift cluster with Mobile Control Panel and Service Brokers] *******************
TASK [Gathering Facts] *************************************************************************
ok: [localhost]
TASK [install-socat : Check socat exists] ******************************************************
skipping: [localhost]
TASK [install-socat : Create download directory] ***********************************************
skipping: [localhost]
TASK [install-socat : Retrieve socat tarball] **************************************************
skipping: [localhost]
TASK [install-socat : Unarchive socat tarball] *************************************************
skipping: [localhost]
TASK [install-socat : Configure] ***************************************************************
skipping: [localhost]
TASK [install-socat : Make] ********************************************************************
skipping: [localhost]
TASK [install-socat : Move to install directory] ***********************************************
skipping: [localhost]
TASK [install-socat : file] ********************************************************************
skipping: [localhost]
TASK [oc-cluster-up : Create alias for lo0 (macos)] ********************************************
skipping: [localhost]
TASK [oc-cluster-up : Create alias for lo0 (linux)] ********************************************
skipping: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : Obtain status of oc cluster] *********************************************
ok: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
skipping: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : Obtain host config directory with allowed format] ************************
changed: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : debug] *******************************************************************
ok: [localhost] => {
"msg": "Host config dir is /home/paolo/go/src/github.com/feedhenry/mcp-standalone/ui"
}
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
skipping: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : set_fact] ****************************************************************
ok: [localhost]
TASK [oc-cluster-up : debug] *******************************************************************
ok: [localhost] => {
"msg": "Executing oc cluster up command - oc cluster up --service-catalog=true --host-config-dir=/home/paolo/go/src/github.com/feedhenry/mcp-standalone/ui --host-data-dir=/home/paolo/go/src/github.com/feedhenry/mcp-standalone/ui/openshift-data --host-pv-dir=/home/paolo/go/src/github.com/feedhenry/mcp-standalone/ui/openshift-pvs --host-volumes-dir=/home/paolo/go/src/github.com/feedhenry/mcp-standalone/ui/openshift-volumes --routing-suffix=192.168.37.1.nip.io --public-hostname=192.168.37.1 --version=v3.7.0-rc.0 --image=openshift/origin"
}
TASK [oc-cluster-up : Cluster up] **************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": "oc cluster up --service-catalog=true --host-config-dir=/home/paolo/go/src/github.com/feedhenry/mcp-standalone/ui --host-data-dir=/home/paolo/go/src/github.com/feedhenry/mcp-standalone/ui/openshift-data --host-pv-dir=/home/paolo/go/src/github.com/feedhenry/mcp-standalone/ui/openshift-pvs --host-volumes-dir=/home/paolo/go/src/github.com/feedhenry/mcp-standalone/ui/openshift-volumes --routing-suffix=192.168.37.1.nip.io --public-hostname=192.168.37.1 --version=v3.7.0-rc.0 --image=openshift/origin
delta": "0:01:07.455884
end": "2017-12-11 13:09:47.772124
failed": true, "msg": "non-zero return code
rc": 1, "start": "2017-12-11 13:08:40.316240
stderr": "
stderr_lines": [], "stdout": "Starting OpenShift using openshift/origin:v3.7.0-rc.0 ...
-- Checking OpenShift client ... OK
-- Checking Docker client ... OK
-- Checking Docker version ... OK
-- Checking for existing OpenShift container ... OK
-- Checking for openshift/origin:v3.7.0-rc.0 image ... OK
-- Checking Docker daemon configuration ... OK
-- Checking for available ports ...
WARNING: Binding DNS on port 8053 instead of 53, which may not be resolvable from all clients.
-- Checking type of volume mount ...
Using Docker shared volumes for OpenShift volumes
-- Creating host directories ... OK
-- Finding server IP ...
Using public hostname IP 192.168.37.1 as the host IP
Using 192.168.37.1 as the server IP
-- Checking service catalog version requirements ... OK
-- Starting OpenShift container ...
Creating initial OpenShift configuration
Starting OpenShift using container 'origin'
Waiting for API server to start listening
FAIL
Error: timed out waiting for OpenShift container \"origin\"
WARNING: 192.168.37.1:8443 may be blocked by firewall rules
Details:
Last 10 lines of \"origin\" container log:
I1211 15:09:22.628627 31923 controller_utils.go:1032] Caches are synced for stateful set controller
I1211 15:09:22.629570 31923 controller_utils.go:1032] Caches are synced for resource quota controller
I1211 15:09:22.634120 31923 controller_utils.go:1032] Caches are synced for namespace controller
I1211 15:09:22.671920 31923 controller_utils.go:1032] Caches are synced for garbage collector controller
I1211 15:09:22.671946 31923 garbagecollector.go:135] Garbage collector: all resource monitors have synced. Proceeding to collect garbage
I1211 15:09:23.879192 31923 start_master.go:690] Started \"openshift.io/build\"
I1211 15:09:23.979387 31923 build_controller.go:243] Starting build controller
I1211 15:09:24.703341 31923 start_master.go:690] Started \"openshift.io/build-config-change\"
I1211 15:09:24.703368 31923 start_master.go:693] Started Origin Controllers
I1211 15:09:24.803521 31923 buildconfig_controller.go:185] Starting buildconfig controller
Solution:
Ensure that you can access 192.168.37.1:8443 from your machine
stdout_lines": ["Starting OpenShift using openshift/origin:v3.7.0-rc.0 ...
-- Checking OpenShift client ... OK
-- Checking Docker client ... OK
-- Checking Docker version ... OK
-- Checking for existing OpenShift container ... OK
-- Checking for openshift/origin:v3.7.0-rc.0 image ... OK
-- Checking Docker daemon configuration ... OK
-- Checking for available ports ...
WARNING: Binding DNS on port 8053 instead of 53, which may not be resolvable from all clients.
-- Checking type of volume mount ...
Using Docker shared volumes for OpenShift volumes
-- Creating host directories ... OK
-- Finding server IP ...
Using public hostname IP 192.168.37.1 as the host IP
Using 192.168.37.1 as the server IP
-- Checking service catalog version requirements ... OK
-- Starting OpenShift container ...
Creating initial OpenShift configuration
Starting OpenShift using container 'origin'
Waiting for API server to start listening
FAIL
Error: timed out waiting for OpenShift container \"origin\"
WARNING: 192.168.37.1:8443 may be blocked by firewall rules
Details:
Last 10 lines of \"origin\" container log:
I1211 15:09:22.628627 31923 controller_utils.go:1032] Caches are synced for stateful set controller
I1211 15:09:22.629570 31923 controller_utils.go:1032] Caches are synced for resource quota controller
I1211 15:09:22.634120 31923 controller_utils.go:1032] Caches are synced for namespace controller
I1211 15:09:22.671920 31923 controller_utils.go:1032] Caches are synced for garbage collector controller
I1211 15:09:22.671946 31923 garbagecollector.go:135] Garbage collector: all resource monitors have synced. Proceeding to collect garbage
I1211 15:09:23.879192 31923 start_master.go:690] Started \"openshift.io/build\"
I1211 15:09:23.979387 31923 build_controller.go:243] Starting build controller
I1211 15:09:24.703341 31923 start_master.go:690] Started \"openshift.io/build-config-change\"
I1211 15:09:24.703368 31923 start_master.go:693] Started Origin Controllers
I1211 15:09:24.803521 31923 buildconfig_controller.go:185] Starting buildconfig controller
Solution:
Ensure that you can access 192.168.37.1:8443 from your machine"]}
to retry, use: --limit @/home/paolo/go/src/github.com/feedhenry/mcp-standalone/installer/playbook.retry
PLAY RECAP *************************************************************************************
localhost : ok=16 changed=1 unreachable=0 failed=1
Raw
iptables
#also tried with:
# sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -j ACCEPT
# sudo iptables -S
# iptables output from firewalld rules
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_dockerc
-N FWDI_dockerc_allow
-N FWDI_dockerc_deny
-N FWDI_dockerc_log
-N FWDI_public
-N FWDI_public_allow
-N FWDI_public_deny
-N FWDI_public_log
-N FWDO_dockerc
-N FWDO_dockerc_allow
-N FWDO_dockerc_deny
-N FWDO_dockerc_log
-N FWDO_public
-N FWDO_public_allow
-N FWDO_public_deny
-N FWDO_public_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_dockerc
-N IN_dockerc_allow
-N IN_dockerc_deny
-N IN_dockerc_log
-N IN_public
-N IN_public_allow
-N IN_public_deny
-N IN_public_log
-N OUTPUT_direct
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -j OUTPUT_direct
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 27017 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 6379 -j ACCEPT
-A DOCKER-ISOLATION -j RETURN
-A FORWARD_IN_ZONES -i wlp6s0 -g FWDI_public
-A FORWARD_IN_ZONES -i docker0 -g FWDI_dockerc
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_IN_ZONES_SOURCE -s 172.17.0.0/16 -g FWDI_dockerc
-A FORWARD_OUT_ZONES -o wlp6s0 -g FWDO_public
-A FORWARD_OUT_ZONES -o docker0 -g FWDO_dockerc
-A FORWARD_OUT_ZONES -g FWDO_public
-A FORWARD_OUT_ZONES_SOURCE -d 172.17.0.0/16 -g FWDO_dockerc
-A FWDI_dockerc -j FWDI_dockerc_log
-A FWDI_dockerc -j FWDI_dockerc_deny
-A FWDI_dockerc -j FWDI_dockerc_allow
-A FWDI_dockerc -p icmp -j ACCEPT
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_dockerc -j FWDO_dockerc_log
-A FWDO_dockerc -j FWDO_dockerc_deny
-A FWDO_dockerc -j FWDO_dockerc_allow
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -i wlp6s0 -g IN_public
-A INPUT_ZONES -i docker0 -g IN_dockerc
-A INPUT_ZONES -g IN_public
-A INPUT_ZONES_SOURCE -s 172.17.0.0/16 -g IN_dockerc
-A IN_dockerc -j IN_dockerc_log
-A IN_dockerc -j IN_dockerc_deny
-A IN_dockerc -j IN_dockerc_allow
-A IN_dockerc -p icmp -j ACCEPT
-A IN_dockerc_allow -p tcp -m tcp --dport 8443 -m conntrack --ctstate NEW -j ACCEPT
-A IN_dockerc_allow -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
-A IN_dockerc_allow -p udp -m udp --dport 8053 -m conntrack --ctstate NEW -j ACCEPT
-A IN_dockerc_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment