anyone seen this error from ansible install?

[Alan Jones]

Error followed by /etc/ansible/hosts below.
Alan
---
TASK: [openshift_facts | Verify Ansible version is greater than or equal to
1.9.4] ***
fatal: [pocsj41] => Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line
586, in _executor
exec_rc = self._executor_internal(host, new_stdin)
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line
789, in _executor_internal
return self._executor_internal_inner(host, self.module_name,
self.module_args, inject, port, complex_args=complex_args)
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line
869, in _executor_internal_inner
if not utils.check_conditional(cond, self.basedir, inject,
fail_on_undefined=self.error_on_undefined_vars):
  File "/usr/lib/python2.7/site-packages/ansible/utils/__init__.py", line
269, in check_conditional
conditional = template.template(basedir, presented, inject)
  File "/usr/lib/python2.7/site-packages/ansible/utils/template.py", line
124, in template
varname = template_from_string(basedir, varname, templatevars,
fail_on_undefined)
  File "/usr/lib/python2.7/site-packages/ansible/utils/template.py", line
382, in template_from_string
res = jinja2.utils.concat(rf)
  File "", line 6, in root
  File "/usr/lib/python2.7/site-packages/jinja2/runtime.py", line 153, in
resolve
return self.parent[key]
  File "/usr/lib/python2.7/site-packages/ansible/utils/template.py", line
205, in __getitem__
return template(self.basedir, var, self.vars,
fail_on_undefined=self.fail_on_undefined)
  File "/usr/lib/python2.7/site-packages/ansible/utils/template.py", line
124, in template
varname = template_from_string(basedir, varname, templatevars,
fail_on_undefined)
  File "/usr/lib/python2.7/site-packages/ansible/utils/template.py", line
382, in template_from_string
res = jinja2.utils.concat(rf)
  File "", line 10, in root
  File "/usr/share/ansible_plugins/filter_plugins/oo_filters.py", line 742,
in oo_persistent_volumes
if len(groups['oo_nfs_to_config']) > 0:
KeyError: 'oo_nfs_to_config'


FATAL: all hosts have already failed -- aborting

--- /etc/ansible/hosts
[OSEv3:children]
masters
nodes
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=openshift-enterprise
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login':
'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider',
'filename': '/etc/origin/master/htpasswd'}]
[masters]
pocsj41
[nodes]
pocsj41 openshift_node_labels="{'region': 'primary', 'zone': 'default'}"
openshift_hostname=pocsj41 openshift_public_hostname=pocsj41
openshift_ip=172.16.51.2 openshift_public_ip=172.16.51.2
pocsj42 openshift_node_labels="{'region': 'primary', 'zone': 'default'}"
openshift_hostname=pocsj42 openshift_public_hostname=pocsj42
openshift_ip=172.16.51.4 openshift_public_ip=172.16.51.4
pocsj43 openshift_node_labels="{'region': 'primary', 'zone': 'default'}"
openshift_hostname=pocsj43 openshift_public_hostname=pocsj43
openshift_ip=172.16.51.7 openshift_public_ip=172.16.51.7
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: 503 - Maintenance page

[Ram Ranganathan]

Hmm, so 503 is also returned by haproxy if no server is available to
service a request (example for a backend with no servers or if the server
is not available failing the health check).  As I recall, we did the error
page on a request as it gives the ability to override it in a custom
template.

Now that said, if the app (server associated with a haproxy backend) is
returning 503s, that content should get passed back as is. Meaning you
should see your custom error page being returned back to the server.

I just tested this out with a repo I have:
https://github.com/ramr/nodejs-header-echo/blob/master/server.js#L12
and it returns the content + status code back to the requester.

If that's not the case - from what you are seeing, it is more than likely
that haproxy has marked the backend server down as unavailable - which
means its failing health checks.

Is your server always returning 503 - example for a GET/HEAD on / ? That
could cause haproxy to mark it as down.

You can also see the stats in haproxy to look at if the server has been
marked down:
cmd="echo 'show stat' | socat
unix-connect:/var/lib/haproxy/run/haproxy.sock stdio"
echo "$cmd"  | oc rsh #  replace with router pod
name.

HTH


On Tue, Jun 7, 2016 at 12:56 PM, Philippe Lafoucrière <
philippe.lafoucri...@tech-angels.com> wrote:

>
> On Tue, Jun 7, 2016 at 3:46 PM, Luke Meyer  wrote:
>
>> It sounds like what he wants is for the router to simply not interfere
>> with passing along something that's already returning a 503. It sounds like
>> haproxy is replacing the page content with its own in that use case.
>
>
> THANKS Luke :))
> I don't want to change the router, I just want it to point to a specific
> service returning 503 for most URLs.
> On the other hand, the SAME router is used (with another route) to point
> to the production service, with a different URL if we want to test the
> change.
> Imagine a migration from pg 9.4 to 9.5, you have to shutdown your site.
> That doesn't mean traffic can't be routed any more, we like to test the
> site after the migration, and before resuming all the public traffic.
>
>


-- 
Ram//
main(O,s){s=--O;10>4*s)*(O++?-1:1):10)&&\
main(++O,s++);}
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Evacuation of pods and scheduling

[Skarbek, John]

Good Morning,

I’d like to ask a question regarding the use of evacuating pods and how 
openshift/kubernetes schedules the replacement.

We have 3 nodes configured to run applications, and we went through a cycle of 
applying patches. So we’ve created an ansible playbook that goes through, 
evacuates the pods and restarts that node, one node at a time.

Prior to starting, we had an application running 3 pods, one one each node. 
When node1 was forced to evac the pods, kubernetes scheduled the replacement 
pod on node3. Node2 was next in line, when ansible forced the evac of pods, the 
final pod was placed on node3. So at this point, all pods were on the same 
physical node.

When ansible forced the evac of pods on node3, I then had an outage. The three 
pods were put in a “terminating” state, while 3 others were in a “pending” 
state. It took approximately 30 seconds to terminate the pods. The new 
‘pending’ pods sat pending for about 65 seconds, after which they were finally 
scheduled on nodes 1 and 2 and X time to start the containers.

Is this expected behavior? I was hoping that the replication controller woud 
recognize this behavior a bit better for scheduling nodes to ensure pods don’t 
get shifted to the same physical box when there’s two boxes available. I’m also 
hoping that before pods are term’ed, replacements are brought online.


--
John Skarbek
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: 503 - Maintenance page

[Philippe Lafoucrière]

On Tue, Jun 7, 2016 at 3:46 PM, Luke Meyer  wrote:

> It sounds like what he wants is for the router to simply not interfere
> with passing along something that's already returning a 503. It sounds like
> haproxy is replacing the page content with its own in that use case.


THANKS Luke :))
I don't want to change the router, I just want it to point to a specific
service returning 503 for most URLs.
On the other hand, the SAME router is used (with another route) to point to
the production service, with a different URL if we want to test the change.
Imagine a migration from pg 9.4 to 9.5, you have to shutdown your site.
That doesn't mean traffic can't be routed any more, we like to test the
site after the migration, and before resuming all the public traffic.
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: 503 - Maintenance page

[Luke Meyer]

It sounds like what he wants is for the router to simply not interfere with
passing along something that's already returning a 503. It sounds like
haproxy is replacing the page content with its own in that use case.

On Mon, Jun 6, 2016 at 11:53 PM, Ram Ranganathan 
wrote:

> Not clear if you want the router to automatically serve the 503 page or
> not. If you do, this line in the haproxy config template:
>
> https://github.com/openshift/origin/blob/master/images/router/haproxy/conf/haproxy-config.template#L198
>
> automatically sends a 503 page if your service is down (example has 0 pods
> backing the service).
> The actual error page template is at:
>
> https://github.com/openshift/origin/blob/master/images/router/haproxy/conf/error-page-503.http
>
>
> You could customize the template and/or error page (and the router image)
> to use a different page.
>
> Alternatively, if you desire some other behavior, you can disable it by
> removing that haproxy directive. Does still need a custom template + router
> image.
>
> HTH.
>
>
> On Mon, Jun 6, 2016 at 12:58 PM, Philippe Lafoucrière <
> philippe.lafoucri...@tech-angels.com> wrote:
>
>> @Clayton:
>> Sorry for the confusion. I'm not updating the routeR, I'm updating the
>> route directly. The route to our website is pointing to a "maintenance"
>> service during maintenance. This service serves 503 pages for most URLs,
>> except a few for testing purprose.
>>
>> The problem is: If I browse my website, I get the expected 503 code, but
>> a blank page, instead of the desired maintenance page served by the
>> "maintenance" pods. I don't understand this blank page, it's like haproxy
>> is not forwarding it because the pods responded with a 503.
>>
>> @v: Can I use a dedicated router per project?
>> ​
>> Thanks
>>
>> ___
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>>
>
>
> --
> Ram//
> main(O,s){s=--O;10>4*s)*(O++?-1:1):10)&&\
> main(++O,s++);}
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: back-off restarting container

[Candide Kemmler]

I think I figured that one out in the mean time: there was no process running 
in the foreground and so the container just shut down. Just running my node app 
using node and not pm2 (which would run it as a daemon) seems to have done the 
trick.

> On 07 Jun 2016, at 16:15, Clayton Coleman  wrote:
> 
> When it crashes, what is in the logs?
> 
> On Tue, Jun 7, 2016 at 7:04 AM, Candide Kemmler  > wrote:
> I am trying to deploy a docker container that needs to run as USER admin, 
> basically non root, in order for bower to execute correctly.
> 
> However it keeps crashing on me.
> 
> I just tried specifying
> 
> > oadm policy add-scc-to-group anyuid system:authenticated
> 
> to no effect.
> 
> Here's the end of my Dockerfile:
> 
> USER admin
> RUN bower install
> EXPOSE 8080
> CMD ["pm2", "start", "app.js"]
> 
> What am I missing
> 
> ___
> users mailing list
> users@lists.openshift.redhat.com 
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users 
> 
> 

___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: cannot expose docker service

[Clayton Coleman]

>From the outside, what are you trying to curl?

On Tue, Jun 7, 2016 at 9:32 AM, Candide Kemmler 
wrote:

> I have trouble exposing a service as a docker container.
>
> My Dockerfile ends with EXPOSE 8080 and I have a route using that port:
>
> https://gist.github.com/anonymous/d76d9c04c7417bc8bcf455b91db70424
>
> I don't see where I'm doing things differently and yet I can `curl
> localhost:8080` from the pod itself but not access it from the outside
> world where I'm consistently seeing a 503 Service Unavailable.
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users