June 20th, 2020 by ayad

If you received the following error

2020-06-15 09:09:48.816 [nioEventLoopGroup-3-1] tcp – Error in Netty pipeline: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTI

you need to include this in the input  ssl_verify => false , refer to the screenshot

Pacemaker (pcs) commands

May 28th, 2020 by ayad

to delete cluster # pcs cluster destory

to remove node # pcs cluster node remove node

to cleanup errors in cluster # pcs resource cleanup

to list constraint # pcs constraint list –full

to remove constraint # pcs constraint remove constraintName for example pcs constraint remove cli-ban-test_sg-on-server01-cpn

to Add constraint

pcs constraint colocation add VirtualIP with HAProxy with mariadb score=INFINITY


pcs constraint colocation set VirtualIP HAProxy mariadb

invalid metric type “dictionary_file_words_count untyped”

April 5th, 2020 by ayad

This problem apparently caused to pluggin:
mysql> SHOW VARIABLES LIKE ‘%dictionary%’;
| Variable_name | Value |
| validate_password.dictionary_file | |
1 row in set (0.00 sec)
To resolve this problem, I disabled in the mysql:
mysql> SELECT @@plugin_dir;
| @@plugin_dir |
| /usr/lib64/mysql/plugin/ |
1 row in set (0.00 sec)
mysql> UNINSTALL COMPONENT ‘file://component_validate_password’;
Restart mysql and the mysqld_export connect to Prometheus.

Error codes explanations

March 12th, 2020 by ayad
The status code is always 3-digit. The first digit indicates a general status :
 - 1xx = informational message to be skipped (e.g. 100, 101)
 - 2xx = OK, content is following   (e.g. 200, 206)
 - 3xx = OK, no content following   (e.g. 302, 304)
 - 4xx = error caused by the client (e.g. 401, 403, 404)
 - 5xx = error caused by the server (e.g. 500, 502, 503)

pulling image error : Get https://docker-registry.default.svc:5000/v2/: http: server gave HTTP response to HTTPS client error: build error: unable to get

February 2nd, 2020 by ayad


 Add –insecure-registry in /etc/sysconfig/docker # vim /etc/sysconfig/docker … OPTIONS=’ –selinux-enabled –log-driver=journald –signature-verification=False –insecure-registry docker-registry.default.svc:5000 ‘ … — Restart docker service to take effect. # systemctl restart docker.service

Which service using which port – linux command

January 20th, 2020 by ayad

$ netstat -tulpn

wait for the sync daemonset to become ready and available

January 11th, 2020 by ayad


need to set this for each master node


refer to the screenshot

Unable to add node failing with “Unable to update cni config: No networks found in /etc/cni/net.d” in Openshift Container Platform 3

January 9th, 2020 by ayad

Red Hat Openshift Container Platform 3.9
Showing errors
cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d There are no files in that directory as opposed to a working node which has a file named 80-openshift-network.conf kubelet_node_status.go:106] Unable to register node “ip-10-200-30-40.openshift-example.com” with API server: nodes “ip-10-200-30-40.openshift-example.com” is forbidden: node “ip-10-200-30-40.openshift-example.com” cannot modify node “ip-10-200-30-40.openshift-example.com”
This error is what happens when the host cannot resolve itself in DNS.
Root Cause
On this issue the VPC’s “DHCP Options Set”, had the value of domain-name = openshift-example.com instead of domain-name = openshift.example.com (notice the dash vs the period before the word ‘example’)

Service catalog fails because Template Service Broker won’t start

January 9th, 2020 by ayad

As a workaround, add the label region=infra to one or more nodes. Typically this should be added to existing infrastructure nodes.
# oc label node node1.example.com ‘region=infra’
Root Cause
The template service broker expects the label region=infra to install as part of the daemonset. This is not currently customizable, however a feature request is open:Issue
Upgrade playbook fails during the Upgrade Service Catalog play.
1. Error : Hosts: master-0.server.example.node.com Play: Upgrade Service Catalog Task: Verify that TSB is running Message: Status code was not [200]: Request failed: <urlopen error [Errno 111] Connection refused>
Returns error code similar to older non OCP issues here and here.
Add ‘template_service_broker_selector={‘zone’: ‘infra’}’ line in inventory file
Update daemonset with zone=infra value
Rerun the playbook

The route is not accepting traffic yet because it has not been admitted by a router.

January 9th, 2020 by ayad


Run the following command

#oc adm policy add-cluster-role-to-user -n default system:router -z router

Check if the system:serviceaccount:default:router has access to update routes and status:

#oc policy who-can update routes/status -n default