Description: - After running sh <(curl -s https://install.openshift.com/ose/) on a 2 node, 1 master cluster in EC2, we can see that the ansible task for node startup fails. - Looking deeper, we can extract the error: [root@openshift ec2-user]# systemctl status openshift-node.service -o verbose - And the result is: MESSAGE=E0120 18:30:21.606933 5868 reflector.go:209] pkg/kubelet/kubelet.go:182: Failed to watch *api.Service: Get https://ip-172-18-14-218.ec2.internal:8443/api/v1/watch/services?resourceVersion=1912: dial tcp 172.18.14.218:8443: connection refused To do some sanity checks i confirmed: that this IP is reachable FROM the node... [root@openshift ec2-user]# wget https://ip-172-18-14-218.ec2.internal:8443/api/v1/watch/services?resourceVersion=1912 --no-check-certificate --2016-01-20 18:44:25-- https://ip-172-18-14-218.ec2.internal:8443/api/v1/watch/services?resourceVersion=1912 Resolving ip-172-18-14-218.ec2.internal (ip-172-18-14-218.ec2.internal)... 172.18.14.218 Connecting to ip-172-18-14-218.ec2.internal (ip-172-18-14-218.ec2.internal)|172.18.14.218|:8443... connected. WARNING: cannot verify ip-172-18-14-218.ec2.internal's certificate, issued by ‘/CN=openshift-signer@1453327451’: Self-signed certificate encountered. HTTP request sent, awaiting response... 403 Forbidden 2016-01-20 18:44:25 ERROR 403: Forbidden. So I assume that its related to certificates not being percolated properly to the node that is trying to connect to the apiserver on the master. DESIRED BEHAVIOUR Maybe there could be some checks before starting the Nodes in the installer, that the nodes can use certs to properly connect to the master.
If this is still a problem please let us know. If this was an origin v3 install you shouldn't be using install.openshift.com/ose now and instead follow https://docs.openshift.org/latest/install_config/install/index.html