Bug 1293578
| Summary: | Ansible should open port '1936' in iptables | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Ma xiaoqiang <xiama> | |
| Component: | Installer | Assignee: | Scott Dodson <sdodson> | |
| Status: | CLOSED ERRATA | QA Contact: | Ma xiaoqiang <xiama> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 3.1.0 | CC: | akostadi, aos-bugs, bleanhar, jdetiber, jialiu, jokerman, knakayam, misalunk, mmccomas, pep, sdodson, xiama, xtian, zzhao | |
| Target Milestone: | --- | Keywords: | Regression | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | atomic-openshift-3.1.1.6-2.git.10.15b47fc.el7aos | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1301654 1316615 (view as bug list) | Environment: | ||
| Last Closed: | 2016-02-23 20:31:41 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1301654 | |||
| Bug Blocks: | 1267746 | |||
|
Description
Ma xiaoqiang
2015-12-22 09:23:18 UTC
This issue causes that the router pod can not be started. *** Bug 1231127 has been marked as a duplicate of this bug. *** Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/9e34a1c25f1a763af2ec6a65f00e1fa89087d981 Bug 1293578 - The Router liveness/readiness probes should always use localhost Pods using the hostNetwork are getting the default IP from the Node entry for their liveness probe today. In some common misconfigurations this IP will not actually be physically present on the Node running the probes and therefore will not be short-circuited to use the loopback interface. In those cases the probes will fail unless an admin manually opens up port that allows the probe to pass. We're putting checks in place for this situation but this seems like a reasonable safeguard to make sure a critical piece of infrastructure comes up the first time. This has been fixed via a two pronged approach. 1) The new build should use localhost for the router liveness probes 2) openshift-ansible will now ensure openshift_hostname resolves to an ip address on the host in question. If it detects that the hostname does not it will pause the install waiting for the user to abort or continue. This behavior can be overridden by setting `openshift_override_hostname_check=true` which will simply pause the install for 10 seconds then move on. See https://github.com/openshift/openshift-ansible/pull/1291 for details on the installer change Check on the Errata puddle. The router pod is running, move this issue to VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:0293 Scott, Brenton Because of this fix, we don't necessary to open 1936 port now, since the livenessProbe prove access to the localhost, right? As this bz's subject is "Ansible should open port '1936' in iptables", the fix looks like opening the 1936 by ansible installer, but I believe it is wrong. If my understanding is correct, I hope either of you update the doc https://docs.openshift.com/enterprise/3.1/release_notes/ose_3_1_release_notes.html#ose-3-1-1-known-issues Kenjiro, That's correct, we no longer need to open port 1936. I'm not sure if we should retroactively change the title of this bug or not. PR to clarify those docs |