Unable to resolve github.com from OpenShift origin pods - openshift-origin

I have a basic OpenShift origin cluster started with oc cluster up
Now, in the default 'MyProject' i wanted to build a source from git repo and it's failing with the error
Could not resolve host: github.com; Name or service not known
Even I tried setting up gogs and migrate the public hosted source code on github.com to gogs pod but throwing same error.
Kindly advise if there are any additional network settings required during OpenShift cluster setup in order to access github.com or any other public domains. I can sense it's a network issue but not sure what exactly needs to be configured on the cluster.

I know this is an old ticket, but I came across this issue when looking for a solution for my problem. I had exactly the same problem as described in this issue. For me, the problem lies within the combination between Ubuntu 18.04 and docker. I followed solution B from this answer.
Hopefully this helps someone as I've lost a lot of time trying to resolve this issue by looking for the problem as if it was a problem from openshift/okd while the actual cause lies within the combination between docker and ubuntu (at least for me).

You can edit the config Map of Node in master server ( In order to provide proper information of your nameserver to the pods.)
# oc get cm -n openshift-node
for all compute nodes edit the config map by below command.( Only need to perform in master server)
# oc edit cm node-config-compute -n openshift-node
......
dnsBindAddress: 127.0.0.1:53
dnsDomain: cluster.local
dnsIP: 10.0.80.11
dnsNameservers: null
dnsRecursiveResolvConf: /etc/origin/node/resolv.conf
.......
Edit dnsIP section with your DNS IP. Then restart the service
# systemctl restart atomic-openshift-node.service
The DNS ip will be prepended in all /etc/resolv.conf file of Pods.
Click for detail info

Shutdown the cluster with: oc cluster down
Edit the file: openshift.local.clusterup/node/node-config.yml and set dnsIP: "" to 8.8.8.8
Edit the file openshift.local.clusterup/kubedns/resolv.conf
and add
nameserver 8.8.8.8
nameserver 8.8.4.4
Also make sure you have the DNS options inside the docker config file
Edit /etc/docker/daemon.json and add
"dns": ["8.8.8.8", "8.8.4.4"]
Then start your cluster with
oc cluster up
and now it should work fine.

Related

Why SSH is not working in kubernetes pods/container?

We have an application which uses SSH to copy artifact from one node to other. While creating the Docker image (Linux Centos 8 based), I have installed the Openssh server and client, when I run the image from Docker command and exec into it, I am successfully able to run the SSH command and I also see the port 22 enabled and listening ( $ lsof -i -P -n | grep LISTEN).
But if I start a POD/Container using the same image in the Kubernetes cluster, I do not see port 22 enabled and listening inside the container. Even if I try to start the sshd from inside the k8s container then it gives me below error:
Redirecting to /bin/systemctl start sshd.service Failed to get D-Bus connection: Operation not permitted.
Is there any way to start the K8s container with SSH enabled?
There are three things to consider:
Like David said in his comment:
I'd redesign your system to use a communication system that's easier
to set up, like with HTTP calls between pods.
If you put a service in front of your deployment, it is not going to relay any SSH connections. So you have to point to the pods directly, which might be pretty inconvenient.
In case you have missed that: you need to declare port 22 in your deployment template.
Please let me know if that helped.

Minishift: Could not resolve: *.192.168.64.2.nip.io

I have installed minishift on OSX with brew:
brew cask install minishift-beta
...
$ minishift version
Minishift version: 1.0.0
I have sucessfuly started minishift, and created node-ex example application and exported it:
$ oc get route
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
nodejs-ex nodejs-ex-myproject.192.168.64.2.nip.io nodejs-ex 8080-tcp None
However I can not reach .192.168.64.2.nip.io:
$ curl nodejs-ex-myproject.192.168.64.2.nip.io
curl: (6) Could not resolve host: nodejs-ex-myproject.192.168.64.2.nip.io
$ dig +short nodejs-ex-myproject.192.168.64.2.nip.io
$
All is working with minishift web console and oc command, but I can not reach the application domain.
Thank you #enj. The explanation at http://nip.io is clear about how it works.
I have seen that queries to 8.8.8.8 and to my ISP DNS are resolved to my private IP. But it is my router (my primary DNS) which do respond nip.io
My router run DD-WRT and has enabled
Rebind protection Discard upstream RFC1918 responses
then I add nip.io at
Domain whitelist nip.io
and now I resolve queries:
≻ dig +short test.10.0.0.1.nip.io
10.0.0.1
Is something on your machine or network blocking DNS queries to nip.io?
When playing with Minishift at home, where I am connected to the internet via Deutsche Telekom's VDSL and Speedport-Router, I cannot resolve these xip.io or nip.io addresses.
My workaround is to put 8.8.8.8 into /etc/resolv.conf
I had the same issue on Windows 10. My workaround was to add an entry in C:\Windows\System32\drivers\etc\hosts file. Here is an example
192.160.90.101 nodejs-ex-nodejs-echo.192.160.90.101.nip.io # needed for minishift to work

"nodename nor servname provided" when trying to start a mesos-slave

I was following this simple guide on installing Mesos locally https://mesosphere.com/2014/07/07/installing-mesos-on-your-mac-with-homebrew/
I was able to start a mesos master and was able to see the master's console perfectly fine at localhost:5050. However when I tried to start a new slave using sudo /usr/local/sbin/mesos-slave --master=127.0.0.1:5050 , it gave me
WARNING: Logging before InitGoogleLogging() is written to STDERR
F0328 16:14:45.329051 2041414416 process.cpp:889] nodename nor servname provided, or not known
* Check failure stack trace: *
Any help will be appreciated, thanks
This can also happen if you working on a Framework and attempting to connect to a Mesos Master. Mesos is attempting to resolve your computer's name via DNS and isn't finding an entry. This can happen if you've changed your Mac's hostname post setup ( as I did, and had this same error ).
To fix, run hostname -f, that will will give you the value of what OS/X thinks it's name is. Then simply ensure you've got 127.0.0.1 VALUE_OF_HOSTNAME_-F in your /etc/hosts file.

openshift create app ask for passwd

all. when I try 'rhc create-app demo python-2.7', I meet an issue not able to check out the git repo. system will ask for the password of the cartridge or something. but in fact I have upload the default key from openshift console.
here is what I have done:
install openshift from puppet
oo-diagnostics check pass
create app
then I remove the default files in /root/.ssh and remove the key file from openshift console, and recreate the ssh key, and run rhc setup again to upload key. then create app again, but failed again.
In the Broker Virtual Machine, while running - oo-register-dns -h node -d domainX.example.com XXX.XXX.XXX.XXX -k /var/named/domainX.example.com.key,
The proxy XXX.XXX.XXX.XXX should be your Node Virtual Machine's IP Address (as I think most probabily you have used Broker's IP Address. Change accordingly and run this command again,
It will work.
Can you try with a different (main) domain name instead of example.com? I think it might be the issue as per wikipedia explanation:
Example.com, example.net, example.org, and example.edu are second-level domain names reserved for documentation purposes and examples of the use of domain names.
Even if you've masked it with your hosts file or local DNS it still might be confusing the Openshift's DNS.

unable to connect to the aws ec2 instance,Host key verification failed

I had set up a ubuntu instance with rails package and also deployed my app, it is working fine.
But when i try to do SSH I its not allowing me for the remote login and throws errors like host key verification failed.
The problem seem to be persisting, kindly recommend the solution and I have attached a elastic IP to that and I am not able to see the public DNS, my instance is running in singapure region.
You may need to turn off StrictHostChecking by adding this option to ssh command line
-o StrictHostKeyChecking=no
As answered in more detail in your cross posted question on ServerFault: https://serverfault.com/questions/342228/unable-to-connect-to-the-aws-ec2-instance-host-key-verification-failed/342696#342696
Basically your ec2 elastic IP has previously been used with another server instance and your ssh client known hosts file does not match the new one for this IP. Remove offending line in known_host file. (More detail on Server Fault answer)
You need to log in to your instance with the private key that you set it to use.
Depending on your instance, the user might vary
ssh -i [private key file] [user]#[host]
Where user could be one of the following in my experience (or possibly others)
root
ec2-user
ec2user
bitnami
ubuntu