Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1507051 - Port 10010 is closed
Port 10010 is closed
Status: CLOSED CURRENTRELEASE
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.7.0
x86_64 Linux
unspecified Severity medium
: ---
: 3.7.0
Assigned To: Steve Milner
Gan Huang
: Unconfirmed
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-27 10:13 EDT by Chris Evich
Modified: 2017-11-28 03:28 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-11-13 10:53:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:3188 normal SHIPPED_LIVE Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update 2017-11-28 21:34:54 EST

  None (edit)
Description Chris Evich 2017-10-27 10:13:05 EDT 
Description of problem:
The installer needs to: iptables -A OS_FIREWALL_ALLOW -p tcp --destination-port 10010 -m state --state NEW -j ACCEPT

Version-Release number of the following components:
Upstream openshift-ansible, PR 5880
commit id 1d77b02f72795cef4ce5a9552fcdb97d16b7e3b9

Ansible 2.3.1 running on a F25 control-host.

How reproducible:
always

Steps to Reproduce:
1. cd openstack-ansible
2. Run ansible-playbook -i inventory_file ./playbooks/byo/config.yml
3. No errors reported
4. On master node: oc run myhttpd --image=httpd:2.4
5. On master node: oc describe pod myhttpd
6. On master node: oc run -it --rm myshell --image=busybox -- sh

Actual results:
No installer error generated.  Problem found after step 6:

[root@rhel7-4-a ~]# oc run -it --rm myshell --image=busybox -- sh
If you don't see a command prompt, try pressing enter.
                                                      Error attaching, falling back to logs: error dialing backend: dial tcp 172.16.12.11:10010: getsockopt: no route to host

Expected results:

The oc run command should work
Comment 1 Scott Dodson 2017-10-27 10:46:59 EDT 
What is myshell? what's 172.16.12.11, is that a service ip? why does my myshell expect it to exist and be ready for connections?
Comment 2 Scott Dodson 2017-10-27 12:28:15 EDT 
apparently this is some cri-o thing?

https://github.com/openshift/openshift-ansible/pull/5911
Comment 3 Steve Milner 2017-10-27 12:30:20 EDT 
(In reply to Scott Dodson from comment #1)
> What is myshell? what's 172.16.12.11, is that a service ip? why does my
> myshell expect it to exist and be ready for connections?

myshell is the name of a container they are using to test with. It's verifying they are able to actually communicate with a container.
Comment 4 Steve Milner 2017-10-27 12:48:55 EDT 
The merged PR listed by Scott does indeed fix the problem. It's been tested by a few of us. Apologies for the misunderstanding.
Comment 5 Xiaoli Tian 2017-10-30 02:13:07 EDT 
The fix is merged since openshift-ansible-3.7.0-0.184.0 , please test it on latest version.
Comment 6 Gan Huang 2017-10-31 04:41:26 EDT 
Verified in openshift-ansible-3.7.0-0.184.0.git.0.d407445.el7.noarch.rpm

Tested with iptables and firewalld enabled. Both working well as the steps of the bug description.
Comment 7 Gan Huang 2017-10-31 04:43:28 EDT 
iptables rule added correctly for nodes:

# iptables-save |grep 10010
-A IN_public_allow -p tcp -m tcp --dport 10010 -m conntrack --ctstate NEW -j ACCEPT
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.