OpenShift, by default does not allow running privileged containers, and iirc guestbook does that:
Handler for POST /containers/create returned error: Relabeling content in /usr is not allowed. I'd suggest starting of with hello-openshift [1] which although creates just a pod can be easily turned into a deployment either manually or preferably using oc run, like this: oc run hello --image=openshift/hello-openshift You can read about the security constraints in [2]. Maciej [1] https://github.com/openshift/origin/tree/master/examples/hello-openshift [2] https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints On Mon, Nov 28, 2016 at 9:38 PM, Ashby, Jason (IMS) <ash...@imsweb.com> wrote: > Sorry all, for over-posting, I just need a little help getting my first > OpenShift origin cluster running. I’ve got a cluster consisting of two > hosts: a master (CentOS 7) and a node (CentOS 7 Atomic) set up and > communicating, but every time I fire off a deployment (I used the > kubernetes/guestbook app to test), I get the following on the node: > > > > > > Nov 28 15:22:53 oshift-node-01 kernel: docker0: port 1(veth86f9a99) > entered forwarding state > > Nov 28 15:22:54 oshift-node-01 openshift: I1128 15:22:54.195173 13633 > reconciler.go:254] MountVolume operation started for volume " > kubernetes.io/secret/670f607d-b5a8-11a4-b673-005056b7468b-deployer-token- > p37u0" (spec.Name: "deployer-token-p37u0") to pod > "670f607d-b5a8-11a4-b673-005056b7468b" (UID: > "670f607d-b5a8-11a4-b673-005056b7468b"). > Volume is already mounted to pod, but remount was requested. > > Nov 28 15:22:54 oshift-node-01 openshift: I1128 15:22:54.206060 13633 > operation_executor.go:740] MountVolume.SetUp succeeded for volume " > kubernetes.io/secret/670f607d-b5a8-11a4-b673-005056b7468b-deployer-token- > p37u0" (spec.Name: "deployer-token-p37u0") pod > "670f607d-b5a8-11a4-b673-005056b7468b" > (UID: "670f607d-b5a8-11a4-b673-005056b7468b"). > > Nov 28 15:22:54 oshift-node-01 docker-current: > time="2016-11-28T15:22:54.598594417-05:00" > level=info msg="{Action=create, LoginUID=4294967295, PID=13633}" > > Nov 28 15:22:54 oshift-node-01 systemd: Device > dev-disk-by\x2duuid-ac161f25\x2d0ff5\x2d4ef0\x2d97dd\x2dc7f9f86647c0.device > appeared twice with different sysfs paths /sys/devices/virtual/block/dm-5 > and /sys/devices/virtual/block/dm-6 > > Nov 28 15:22:54 oshift-node-01 kernel: XFS (dm-6): Mounting V4 Filesystem > > Nov 28 15:22:54 oshift-node-01 kernel: XFS (dm-6): Ending clean mount > > Nov 28 15:22:54 oshift-node-01 kernel: XFS (dm-6): Unmounting Filesystem > > Nov 28 15:22:54 oshift-node-01 docker-current: > time="2016-11-28T15:22:54.952177189-05:00" > level=error msg="Handler for POST /containers/create returned error: > Relabeling content in /usr is not allowed." > > Nov 28 15:22:54 oshift-node-01 openshift: E1128 15:22:54.953748 13633 > docker_manager.go:2094] container start failed: RunContainerError: > runContainer: Error response from daemon: Relabeling content in /usr is not > allowed. > > Nov 28 15:22:54 oshift-node-01 openshift: E1128 15:22:54.953845 13633 > pod_workers.go:183] Error syncing pod 670f607d-b5a8-11a4-b673-005056b7468b, > skipping: *failed to "StartContainer" for "deployment" with > RunContainerError: "runContainer: Error response from daemon: Relabeling > content in /usr is not allowed."* > > > > It appears the node is having trouble running pods. I temporarily disabled > SELinux on the node and restarted OpenShift, but the error still happens. > So it doesn’t appear to be an SELinux thing. > > > > Google just points me to a Bugzilla > <https://bugzilla.redhat.com/show_bug.cgi?id=1216151> that says it was an > issue with an older Docker (1.6) that’s now resolved. I’m running the > following which I believe is the default in Atomic: > > > > $ docker -v > > Docker version 1.10.3, build cb079f6-unsupported > > > > I’m running OpenShift Origin v1.3.1 on both nodes. > > > > Any ideas? > > ------------------------------ > > Information in this e-mail may be confidential. It is intended only for > the addressee(s) identified above. If you are not the addressee(s), or an > employee or agent of the addressee(s), please note that any dissemination, > distribution, or copying of this communication is strictly prohibited. If > you have received this e-mail in error, please notify the sender of the > error. > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
