Hide Forgot
Description of problem: Skydive is provided with OSP for real-time network topology and protocols analyzer for complex SDN environments. Certify Skydive with RHV and the oVirt OVN provider to provide the same capabilities on RHV.
Ansible playbook that deploy analyzers and agents: http://skydive.network/documentation/deployment#ansible
Here a fix that address etcd server list generation issue when using skydive_listen_ip=0.0.0.0 https://github.com/skydive-project/skydive/pull/1057
Still have the same issue: May 29 11:57:10 network-ge-1.scl.lab.tlv.redhat.com skydive[615]: 2018-05-29T11:57:10.383+0300 ERROR analyzer/server.go:222 NewServerFromConfig network network-ge-1: Etcd server not ready: client: etcd cluster is unavailable or misconfigured;client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 10.35.161.250:12379: getsockopt: connection refused /etc/skydive/skydive.yml etcd: embedded: true listen: 0.0.0.0:12379 peers: network-ge-1: http://10.35.161.250:12380 servers: - http://10.35.161.250:12379 netstat: tcp 0 0 127.0.0.1:12379 0.0.0.0:* LISTEN 615/skydive tcp 0 0 127.0.0.1:12380 0.0.0.0:* LISTEN 615/skydive curl 10.35.161.250:12379 curl: (7) Failed connect to 10.35.161.250:12379; Connection refused iptables is not running.
can you give the skydive version used: $ skydive version As the "listen" parameter is set to "0.0.0.0:12379" and the peers is set too, you should have in your netstat result 2 entries per IP present in you host. Is selinux enabled and blocking the port binding ?
For the version I took this PR https://github.com/skydive-project/skydive/pull/1057 git fetch origin pull/1057/head:etcd_fix After disable selinux I can open the webUI. How can I make it works with selinux?
@Meni : could you share 1/ the skydive configuration /etc/skydive/skydive.yml 2/ grep skydive /var/log/audit/audit.log I don't known what's differ from your setup, but here my working test : 1/ I did install a centos with selinux enabled by default 2/ deploy with ansible from the PR 1057 3/ edit skydive configuration file /etc/skydive/skydive.yml o set 0.0.0.0:8082 for analyzer.listen o set 0.0.0.0:12379 for etcd.listen curl 192.168.0.7:12379 curl 192.168.0.7:8082 working find with selinux enabled (enforcing) [root@centos7-1804 centos]# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.0.7:12380 0.0.0.0:* LISTEN 12357/skydive tcp 0 0 127.0.0.1:12380 0.0.0.0:* LISTEN 12357/skydive tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 505/rpcbind tcp 0 0 127.0.0.1:8081 0.0.0.0:* LISTEN 10637/skydive tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1386/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 999/master tcp 0 0 192.168.0.7:12379 0.0.0.0:* LISTEN 12357/skydive tcp 0 0 127.0.0.1:12379 0.0.0.0:* LISTEN 12357/skydive tcp6 0 0 ::1:12380 :::* LISTEN 12357/skydive tcp6 0 0 :::111 :::* LISTEN 505/rpcbind tcp6 0 0 :::8082 :::* LISTEN 12357/skydive tcp6 0 0 :::22 :::* LISTEN 1386/sshd tcp6 0 0 ::1:25 :::* LISTEN 999/master tcp6 0 0 ::1:12379 :::* LISTEN 12357/skydive [root@centos7-1804 centos]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31
I don't know what changed but now it's working with selinux on, so for now, we are good.
SELinux in Skydive, you call follow the PR here : https://github.com/skydive-project/skydive/pull/1068
while verifying this, please try verifying Bug 994170 - [RFE] [SkyDive] Ability to test network connectivity to logical networks on a host
Final verification with public OSP14 repos is still missing.