I fix ERROR with starting the process console #5

vorlon001 · 2020-07-24T08:37:07Z

[vorlon@okd4-services ~]$ oc logs pods console-867c58d9cf-r88nc -n openshift-console
Error from server (NotFound): pods "pods" not found
[vorlon@okd4-services ~]$ oc logs console-867c58d9cf-r88nc -n openshift-console
2020-07-24T08:27:07Z cmd/main: cookies are secure!
2020-07-24T08:27:07Z auth: error contacting auth provider (retrying in 10s): discovery through endpoint https://kubernetes.default.svc/.well-known/oauth-authorization-server failed: 404 Not Found
2020-07-24T08:27:17Z auth: error contacting auth provider (retrying in 10s): discovery through endpoint https://kubernetes.default.svc/.well-known/oauth-authorization-server failed: 404 Not Found
2020-07-24T08:27:27Z auth: error contacting auth provider (retrying in 10s): discovery through endpoint https://kubernetes.default.svc/.well-known/oauth-authorization-server failed: 404 Not Found
2020-07-24T08:27:37Z auth: error contacting auth provider (retrying in 10s): discovery through endpoint https://kubernetes.default.svc/.well-known/oauth-authorization-server failed: 404 Not Found

[vorlon@okd4-services ~]$ oc get clusteroperators
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE
authentication False True False 7m40s
cloud-credential 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 26m
cluster-autoscaler 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 12m
config-operator 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 12m
console 4.5.0-0.okd-2020-06-29-110348-beta6 False True True 8m27s
csi-snapshot-controller 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 7m37s
dns 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 16m
etcd 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 16m
image-registry 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 12m
ingress 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 7m48s
insights 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 12m
kube-apiserver 4.5.0-0.okd-2020-06-29-110348-beta6 True True True 16m
kube-controller-manager 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 16m
kube-scheduler 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 16m
kube-storage-version-migrator 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 8m28s
machine-api 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 13m
machine-approver 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 16m
machine-config 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 17m
marketplace 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 12m
monitoring 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 2m7s
network 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 18m
node-tuning 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 18m
openshift-apiserver 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 8m37s
openshift-controller-manager 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 13m
openshift-samples 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 11m
operator-lifecycle-manager 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 17m
operator-lifecycle-manager-catalog 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 17m
operator-lifecycle-manager-packageserver 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 13m
service-ca 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 18m
storage 4.5.0-0.okd-2020-06-29-110348-beta6 True False False 13m
[vorlon@okd4-services ~]$ oc get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
okd4-compute-1.lab.okd.local Ready worker 10m v1.18.3 11.0.0.116 Fedora CoreOS 32.20200619.20.0 5.6.19-300.fc32.x86_64 cri-o://1.18.1
okd4-compute-2.lab.okd.local Ready worker 10m v1.18.3 11.0.0.117 Fedora CoreOS 32.20200619.20.0 5.6.19-300.fc32.x86_64 cri-o://1.18.1
okd4-control-plane-1.lab.okd.local Ready master 20m v1.18.3 11.0.0.113 Fedora CoreOS 32.20200619.20.0 5.6.19-300.fc32.x86_64 cri-o://1.18.1
okd4-control-plane-2.lab.okd.local Ready master 20m v1.18.3 11.0.0.114 Fedora CoreOS 32.20200619.20.0 5.6.19-300.fc32.x86_64 cri-o://1.18.1
okd4-control-plane-3.lab.okd.local Ready master 19m v1.18.3 11.0.0.115 Fedora CoreOS 32.20200619.20.0 5.6.19-300.fc32.x86_64 cri-o://1.18.1
[vorlon@okd4-services ~]$

CONFIG

sed -i 's/mastersSchedulable: true/mastersSchedulable: False/' install_dir/manifests/cluster-scheduler-02-config.yml

[vorlon@okd4-services okd4_files]$ cat db.11.0.0
$TTL 604800
@ IN SOA okd4-services.okd.local. admin.okd.local. (
7 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)

; name servers - NS records
IN NS okd4-services.okd.local.

; name servers - PTR records
111 IN PTR okd4-services.okd.local.

; OpenShift Container Platform Cluster - PTR records
112 IN PTR okd4-bootstrap.lab.okd.local.
113 IN PTR okd4-control-plane-1.lab.okd.local.
114 IN PTR okd4-control-plane-2.lab.okd.local.
115 IN PTR okd4-control-plane-3.lab.okd.local.
116 IN PTR okd4-compute-1.lab.okd.local.
117 IN PTR okd4-compute-2.lab.okd.local.
111 IN PTR api.lab.okd.local.
111 IN PTR api-int.lab.okd.local.
[vorlon@okd4-services okd4_files]$ cat db.okd.local
$TTL 604800
@ IN SOA okd4-services.okd.local. admin.okd.local. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)

; name servers - NS records
IN NS okd4-services

; name servers - A records
okd4-services.okd.local. IN A 11.0.0.111

; OpenShift Container Platform Cluster - A records
okd4-bootstrap.lab.okd.local. IN A 11.0.0.112
okd4-control-plane-1.lab.okd.local. IN A 11.0.0.113
okd4-control-plane-2.lab.okd.local. IN A 11.0.0.114
okd4-control-plane-3.lab.okd.local. IN A 11.0.0.115
okd4-compute-1.lab.okd.local. IN A 11.0.0.116
okd4-compute-2.lab.okd.local. IN A 11.0.0.117

; OpenShift internal cluster IPs - A records
api.lab.okd.local. IN A 11.0.0.111
api-int.lab.okd.local. IN A 11.0.0.111
*.apps.lab.okd.local. IN A 11.0.0.111
etcd-0.lab.okd.local. IN A 11.0.0.113
etcd-1.lab.okd.local. IN A 11.0.0.114
etcd-2.lab.okd.local. IN A 11.0.0.115
console-openshift-console.apps.lab.okd.local. IN A 11.0.0.111
oauth-openshift.apps.lab.okd.local. IN A 11.0.0.111

; OpenShift internal cluster IPs - SRV records
_etcd-server-ssl._tcp.lab.okd.local. 86400 IN SRV 0 10 2380 etcd-0.lab
_etcd-server-ssl._tcp.lab.okd.local. 86400 IN SRV 0 10 2380 etcd-1.lab
_etcd-server-ssl._tcp.lab.okd.local. 86400 IN SRV 0 10 2380 etcd-2.lab

[vorlon@okd4-services okd4_files]$ cat install-config.yaml
apiVersion: v1
baseDomain: okd.local
metadata:
name: lab

compute:

hyperthreading: Enabled
name: worker
replicas: 0

controlPlane:
hyperthreading: Enabled
name: master
replicas: 3

networking:
clusterNetwork:

cidr: 10.128.0.0/14
hostPrefix: 23
networkType: OpenShiftSDN
serviceNetwork:
172.30.0.0/16

platform:
none: {}

fips: false

pullSecret: '{"auths":{"fake":{"auth": "bar"}}}'
sshKey: 'ssh-ed25519 AAAA...'
[vorlon@okd4-services okd4_files]$ cat htpasswd_provider.yaml
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:

name: htpasswd_provider
mappingMethod: claim
type: HTPasswd
htpasswd:
fileData:
name: htpass-secret
[vorlon@okd4-services okd4_files]$ cat named.conf.local
zone "okd.local" {
type master;
file "/etc/named/zones/db.okd.local"; # zone file path
};

zone "0.0.11.in-addr.arpa" {
type master;
file "/etc/named/zones/db.11.0.0"; # 11.0.0.0/24 subnet
};
[vorlon@okd4-services okd4_files]$ cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; 11.0.0.111; };

listen-on-v6 port 53 { ::1; };

    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { localhost; 11.0.0.0/24; };

    /*
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable
       recursion.
     - If your recursive DNS server has a public IP address, you MUST enable access
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface
    */
    recursion yes;

    forwarders {
            8.8.8.8;
            8.8.4.4;
    };

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";

[vorlon@okd4-services okd4_files]$

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

I fix ERROR with starting the process console #5

I fix ERROR with starting the process console #5

vorlon001 commented Jul 24, 2020

I fix ERROR with starting the process console #5

I fix ERROR with starting the process console #5

Comments

vorlon001 commented Jul 24, 2020

listen-on-v6 port 53 { ::1; };