Origin: router-3-deploy pod Error

Created on 20 Apr 2018  路  2Comments  路  Source: openshift/origin

Description

when run ansible to deploy openshift v3.6.1
on centos 7.2
pod router-3-deploy status become error

ansible logs:

TASK [openshift_hosted : Ensure OpenShift router correctly rolls out (best-effort today)] ***********************************************************************************************************************
changed: [master.example.com] => (item={u'name': u'router', u'certificate': {u'keyfile': u'/etc/origin/master/openshift-router.key', u'certfile': u'/etc/origin/master/openshift-router.crt', u'cafile': u'/etc/origin/master/ca.crt'}, u'replicas': u'3', u'serviceaccount': u'router', u'namespace': u'default', u'stats_port': 1936, u'edits': [{u'action': u'put', u'value': 1, u'key': u'spec.strategy.rollingParams.intervalSeconds'}, {u'action': u'put', u'value': 1, u'key': u'spec.strategy.rollingParams.updatePeriodSeconds'}, {u'action': u'put', u'value': 21600, u'key': u'spec.strategy.activeDeadlineSeconds'}], u'images': u'openshift/origin-${component}:${version}', u'selector': u'region=infra', u'ports': [u'80:80', u'443:443']})

TASK [openshift_hosted : Determine the latest version of the OpenShift router deployment] ***********************************************************************************************************************
changed: [master.example.com] => (item={u'name': u'router', u'certificate': {u'keyfile': u'/etc/origin/master/openshift-router.key', u'certfile': u'/etc/origin/master/openshift-router.crt', u'cafile': u'/etc/origin/master/ca.crt'}, u'replicas': u'3', u'serviceaccount': u'router', u'namespace': u'default', u'stats_port': 1936, u'edits': [{u'action': u'put', u'value': 1, u'key': u'spec.strategy.rollingParams.intervalSeconds'}, {u'action': u'put', u'value': 1, u'key': u'spec.strategy.rollingParams.updatePeriodSeconds'}, {u'action': u'put', u'value': 21600, u'key': u'spec.strategy.activeDeadlineSeconds'}], u'images': u'openshift/origin-${component}:${version}', u'selector': u'region=infra', u'ports': [u'80:80', u'443:443']})

TASK [openshift_hosted : Poll for OpenShift router deployment success] ******************************************************************************************************************************************
failed: [master.example.com] (item=[{u'name': u'router', u'certificate': {u'certfile': u'/etc/origin/master/openshift-router.crt', u'keyfile': u'/etc/origin/master/openshift-router.key', u'cafile': u'/etc/origin/master/ca.crt'}, u'replicas': u'3', u'serviceaccount': u'router', u'namespace': u'default', u'stats_port': 1936, u'edits': [{u'action': u'put', u'key': u'spec.strategy.rollingParams.intervalSeconds', u'value': 1}, {u'action': u'put', u'key': u'spec.strategy.rollingParams.updatePeriodSeconds', u'value': 1}, {u'action': u'put', u'key': u'spec.strategy.activeDeadlineSeconds', u'value': 21600}], u'images': u'openshift/origin-${component}:${version}', u'selector': u'region=infra', u'ports': [u'80:80', u'443:443']}, {'_ansible_parsed': True, 'stderr_lines': [], '_ansible_item_result': True, u'end': u'2018-04-19 05:25:15.086361', '_ansible_no_log': False, u'stdout': u'3', u'cmd': [u'oc', u'get', u'deploymentconfig', u'router', u'--namespace', u'default', u'--config', u'/etc/origin/master/admin.kubeconfig', u'-o', u'jsonpath={ .status.latestVersion }'], u'rc': 0, 'item': {u'name': u'router', u'certificate': {u'keyfile': u'/etc/origin/master/openshift-router.key', u'certfile': u'/etc/origin/master/openshift-router.crt', u'cafile': u'/etc/origin/master/ca.crt'}, u'replicas': u'3', u'serviceaccount': u'router', u'namespace': u'default', u'selector': u'region=infra', u'edits': [{u'action': u'put', u'value': 1, u'key': u'spec.strategy.rollingParams.intervalSeconds'}, {u'action': u'put', u'value': 1, u'key': u'spec.strategy.rollingParams.updatePeriodSeconds'}, {u'action': u'put', u'value': 21600, u'key': u'spec.strategy.activeDeadlineSeconds'}], u'images': u'openshift/origin-${component}:${version}', u'stats_port': 1936, u'ports': [u'80:80', u'443:443']}, u'delta': u'0:00:00.525480', u'stderr': u'', u'changed': True, u'invocation': {u'module_args': {u'creates': None, u'executable': None, u'_uses_shell': False, u'_raw_params': u"oc get deploymentconfig router --namespace default --config /etc/origin/master/admin.kubeconfig -o jsonpath='{ .status.latestVersion }'", u'removes': None, u'warn': True, u'chdir': None, u'stdin': None}}, 'stdout_lines': [u'3'], u'start': u'2018-04-19 05:25:14.560881', 'failed': False}]) => {"attempts": 1, "changed": true, "cmd": ["oc", "get", "replicationcontroller", "router-3", "--namespace", "default", "--config", "/etc/origin/master/admin.kubeconfig", "-o", "jsonpath={ .metadata.annotations.openshift\\.io/deployment\\.phase }"], "delta": "0:00:00.530060", "end": "2018-04-19 05:25:16.397730", "failed": true, "failed_when_result": true, "item": [{"certificate": {"cafile": "/etc/origin/master/ca.crt", "certfile": "/etc/origin/master/openshift-router.crt", "keyfile": "/etc/origin/master/openshift-router.key"}, "edits": [{"action": "put", "key": "spec.strategy.rollingParams.intervalSeconds", "value": 1}, {"action": "put", "key": "spec.strategy.rollingParams.updatePeriodSeconds", "value": 1}, {"action": "put", "key": "spec.strategy.activeDeadlineSeconds", "value": 21600}], "images": "openshift/origin-${component}:${version}", "name": "router", "namespace": "default", "ports": ["80:80", "443:443"], "replicas": "3", "selector": "region=infra", "serviceaccount": "router", "stats_port": 1936}, {"_ansible_item_result": true, "_ansible_no_log": false, "_ansible_parsed": true, "changed": true, "cmd": ["oc", "get", "deploymentconfig", "router", "--namespace", "default", "--config", "/etc/origin/master/admin.kubeconfig", "-o", "jsonpath={ .status.latestVersion }"], "delta": "0:00:00.525480", "end": "2018-04-19 05:25:15.086361", "failed": false, "invocation": {"module_args": {"_raw_params": "oc get deploymentconfig router --namespace default --config /etc/origin/master/admin.kubeconfig -o jsonpath='{ .status.latestVersion }'", "_uses_shell": false, "chdir": null, "creates": null, "executable": null, "removes": null, "stdin": null, "warn": true}}, "item": {"certificate": {"cafile": "/etc/origin/master/ca.crt", "certfile": "/etc/origin/master/openshift-router.crt", "keyfile": "/etc/origin/master/openshift-router.key"}, "edits": [{"action": "put", "key": "spec.strategy.rollingParams.intervalSeconds", "value": 1}, {"action": "put", "key": "spec.strategy.rollingParams.updatePeriodSeconds", "value": 1}, {"action": "put", "key": "spec.strategy.activeDeadlineSeconds", "value": 21600}], "images": "openshift/origin-${component}:${version}", "name": "router", "namespace": "default", "ports": ["80:80", "443:443"], "replicas": "3", "selector": "region=infra", "serviceaccount": "router", "stats_port": 1936}, "rc": 0, "start": "2018-04-19 05:25:14.560881", "stderr": "", "stderr_lines": [], "stdout": "3", "stdout_lines": ["3"]}], "rc": 0, "start": "2018-04-19 05:25:15.867670", "stderr": "", "stderr_lines": [], "stdout": "Failed", "stdout_lines": ["Failed"]}
    to retry, use: --limit @/root/openshift-ansible-openshift-ansible-3.6.173.0.81-1/playbooks/byo/config.retry

PLAY RECAP ******************************************************************************************************************************************************************************************************
localhost                  : ok=12   changed=0    unreachable=0    failed=0   
master.example.com         : ok=602  changed=40   unreachable=0    failed=1   
node1.example.com          : ok=233  changed=10   unreachable=0    failed=0   
node2.example.com          : ok=233  changed=10   unreachable=0    failed=0

Run " oc get all -o wide":

[root@master ~]# oc get all -o wide
NAME        REVISION   DESIRED   CURRENT   TRIGGERED BY
dc/router   3          3         0         config

NAME          DESIRED   CURRENT   READY     AGE       CONTAINER(S)   IMAGE(S)                                 SELECTOR
rc/router-1   0         0         0         19h       router         openshift/origin-haproxy-router:v3.6.1   deployment=router-1,deploymentconfig=router,router=router
rc/router-2   0         0         0         8h        router         openshift/origin-haproxy-router:v3.6.1   deployment=router-2,deploymentconfig=router,router=router
rc/router-3   0         0         0         8m        router         openshift/origin-haproxy-router:v3.6.1   deployment=router-3,deploymentconfig=router,router=router

NAME             CLUSTER-IP      EXTERNAL-IP   PORT(S)                   AGE       SELECTOR
svc/kubernetes   172.30.0.1      <none>        443/TCP,53/UDP,53/TCP     19h       <none>
svc/router       172.30.194.86   <none>        80/TCP,443/TCP,1936/TCP   19h       router=router

NAME                 READY     STATUS    RESTARTS   AGE       IP        NODE
po/router-3-deploy   0/1       Error     0          8m        <none>    node2.example.com

and the logs of pod router-3-deploy

[root@master ~]# oc logs po/router-3-deploy
/usr/bin/openshift-deploy: error while loading shared libraries: libpthread.so.0: failed to map segment from shared object: Permission denied

run "oc edit scc restricted"

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegedContainer: true
allowedCapabilities: []
apiVersion: v1
defaultAddCapabilities: []
fsGroup:
  type: MustRunAs
groups:
- system:authenticated
kind: SecurityContextConstraints
metadata:
  annotations:
    kubernetes.io/description: restricted denies access to all host features and requires
      pods to be run with a UID, and SELinux context that are allocated to the namespace.  This
      is the most restrictive SCC and it is used by default for authenticated users.
  creationTimestamp: 2018-04-18T13:40:27Z
  name: restricted
  resourceVersion: "28667"
  selfLink: /api/v1/securitycontextconstraints/restricted
  uid: 0da03a71-430e-11e8-85f4-000c29dc8abd
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- MKNOD
- SYS_CHROOT
- SETUID
- SETGID
runAsUser:
  type: MustRunAsRange
picture lindao99

Most helpful comment

now it`s ok.
because docker must close selinux
edit /etc/sysconfig/docker "----selinux-enabled=false"

picture lindao99 on 27 Apr 2018
👍3 👎1

All 2 comments

now it`s ok.
because docker must close selinux
edit /etc/sysconfig/docker "----selinux-enabled=false"

lindao99 picture lindao99 on 27 Apr 2018
👍3 👎1

not worked

thatsk picture thatsk on 12 Sep 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

guangxuli picture guangxuli  路  4Comments
slmzig picture slmzig  路  3Comments
warmchang picture warmchang  路  4Comments
nicolaferraro picture nicolaferraro  路  3Comments
theone4ever picture theone4ever  路  3Comments