Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-29 Thread Vyacheslav Semushin
2018-05-17 15:15 GMT+02:00 Sam Padgett : > The file mode is 400, and I think anyuid breaks reading it since the user > changes. > > https://github.com/openshift/openshift-ansible/blob/master/ > roles/openshift_web_console/files/console-template.yaml#L90 > > The console doesn't need anyuid... I'm

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-28 Thread Vyacheslav Semushin
I'd like to continue this discussion because this broken configuration could be easily reproduced by following our own documentation: https://docs.openshift.org/latest/admin_guide/manage_scc.html#enable-images-to-run-with-user-in-the-dockerfile How we can fix this? Do we have a virtual group

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-24 Thread Daniel Comnea
Fair point Slava, hat off. Thanks for the info. On Thu, May 24, 2018 at 11:16 AM, Vyacheslav Semushin wrote: > 2018-05-24 10:10 GMT+02:00 Charles Moulliard : > >> +1 to document somewhere how SCC is working, priority defined, and >> what should be

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-24 Thread Vyacheslav Semushin
2018-05-24 10:10 GMT+02:00 Charles Moulliard : > +1 to document somewhere how SCC is working, priority defined, and > what should be done to resolve such issues > Perhaps this info is hard to find but it's there:

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-24 Thread Vyacheslav Semushin
2018-05-23 23:06 GMT+02:00 Daniel Comnea : > > > On Wed, May 23, 2018 at 5:20 PM, Vyacheslav Semushin > wrote: > >> 2018-05-17 17:18 GMT+02:00 Charles Moulliard : >> >>> The trick / solution described there doesn t work. I tried

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-24 Thread Charles Moulliard
+1 to document somewhere how SCC is working, priority defined, and what should be done to resolve such issues On Wed, May 23, 2018 at 11:06 PM, Daniel Comnea wrote: > > > On Wed, May 23, 2018 at 5:20 PM, Vyacheslav Semushin > wrote: > >>

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-23 Thread Vyacheslav Semushin
2018-05-17 17:18 GMT+02:00 Charles Moulliard : > The trick / solution described there doesn t work. I tried also using the > ansible playbook of Openshift to remove the project and recreate it and the > pod is always recreated with Openshift annotation = anyuid > The reason

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-17 Thread Charles Moulliard
Even if I add the webconsole ServiceAccount to scc anyuid, pod fails to start https://gist.github.com/cmoulliard/f05b9bc762cbab9993087b1a44aa1331 On Thu, May 17, 2018 at 7:42 PM, Charles Moulliard wrote: > Do you want that I create a ticket to report the error which is

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-17 Thread Charles Moulliard
Do you want that I create a ticket to report the error which is really blocking/critical ? On Thu, May 17, 2018 at 5:20 PM, Charles Moulliard wrote: > Personaly no. Fyi web console was installed using Openshift ansible > playbook > > On Thu, May 17, 2018, 15:03 Clayton

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-17 Thread Charles Moulliard
The trick / solution described there doesn t work. I tried also using the ansible playbook of Openshift to remove the project and recreate it and the pod is always recreated with Openshift annotation = anyuid On Thu, May 17, 2018, 15:01 Sam Padgett wrote: > Charles, I'd

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-17 Thread Sam Padgett
The file mode is 400, and I think anyuid breaks reading it since the user changes. https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_web_console/files/console-template.yaml#L90 The console doesn't need anyuid... I'm not sure what's adding it. Sam On Thu, May 17, 2018

Re: OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-17 Thread Clayton Coleman
anyuid is less restrictive than restricted, unless you customized restricted. Did youvustomize restricted? On May 17, 2018, at 8:56 AM, Charles Moulliard wrote: Hi, If we scale down/up the Replication Set of the OpenShift Web Console, then the new pod created will crash

OpenShift Web Console - 3.9 - Pod / CrashLoopBackOff

2018-05-17 Thread Charles Moulliard
Hi, If we scale down/up the Replication Set of the OpenShift Web Console, then the new pod created will crash and report "Error: unable to load server certificate: open /var/serving-cert/tls.crt: permission denied" This problem comes from the fact that when the pod is recreated, then the scc