If you received the following error
2020-06-15 09:09:48.816 [nioEventLoopGroup-3-1] tcp – Error in Netty pipeline: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTI
you need to include this in the input ssl_verify => false , refer to the screenshot
to delete cluster # pcs cluster destory
to remove node # pcs cluster node remove node
to cleanup errors in cluster # pcs resource cleanup
to list constraint # pcs constraint list –full
to remove constraint # pcs constraint remove constraintName for example pcs constraint remove cli-ban-test_sg-on-server01-cpn
to Add constraint
pcs constraint colocation add VirtualIP with HAProxy with mariadb score=INFINITY
or
pcs constraint colocation set VirtualIP HAProxy mariadb
Solution
This problem apparently caused to pluggin:
mysql> SHOW VARIABLES LIKE ‘%dictionary%’;
+———————————–+——-+
| Variable_name | Value |
+———————————–+——-+
| validate_password.dictionary_file | |
+———————————–+——-+
1 row in set (0.00 sec)
To resolve this problem, I disabled in the mysql:
mysql> SELECT @@plugin_dir;
+————————–+
| @@plugin_dir |
+————————–+
| /usr/lib64/mysql/plugin/ |
+————————–+
1 row in set (0.00 sec)
mysql> UNINSTALL COMPONENT ‘file://component_validate_password’;
Restart mysql and the mysqld_export connect to Prometheus.
The status code is always 3-digit. The first digit indicates a general status : - 1xx = informational message to be skipped (e.g. 100, 101) - 2xx = OK, content is following (e.g. 200, 206) - 3xx = OK, no content following (e.g. 302, 304) - 4xx = error caused by the client (e.g. 401, 403, 404) - 5xx = error caused by the server (e.g. 500, 502, 503)
Solutions
Add –insecure-registry in /etc/sysconfig/docker # vim /etc/sysconfig/docker … OPTIONS=’ –selinux-enabled –log-driver=journald –signature-verification=False –insecure-registry docker-registry.default.svc:5000 ‘ … — Restart docker service to take effect. # systemctl restart docker.service
$ netstat -tulpn
Solution:
need to set this for each master node
openshift_ip=192.168.0.51
refer to the screenshot
Environment
Red Hat Openshift Container Platform 3.9
Issue
Showing errors
Raw
cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d There are no files in that directory as opposed to a working node which has a file named 80-openshift-network.conf kubelet_node_status.go:106] Unable to register node “ip-10-200-30-40.openshift-example.com” with API server: nodes “ip-10-200-30-40.openshift-example.com” is forbidden: node “ip-10-200-30-40.openshift-example.com” cannot modify node “ip-10-200-30-40.openshift-example.com”
Resolution
This error is what happens when the host cannot resolve itself in DNS.
Root Cause
On this issue the VPC’s “DHCP Options Set”, had the value of domain-name = openshift-example.com instead of domain-name = openshift.example.com (notice the dash vs the period before the word ‘example’)
Resolution
As a workaround, add the label region=infra to one or more nodes. Typically this should be added to existing infrastructure nodes.
Raw
# oc label node node1.example.com ‘region=infra’
Root Cause
The template service broker expects the label region=infra to install as part of the daemonset. This is not currently customizable, however a feature request is open:Issue
Upgrade playbook fails during the Upgrade Service Catalog play.
Raw
1. Error : Hosts: master-0.server.example.node.com Play: Upgrade Service Catalog Task: Verify that TSB is running Message: Status code was not [200]: Request failed: <urlopen error [Errno 111] Connection refused>
Returns error code similar to older non OCP issues here and here.
Resolution
Add ‘template_service_broker_selector={‘zone’: ‘infra’}’ line in inventory file
Update daemonset with zone=infra value
Rerun the playbook
Solution:
Run the following command
#oc adm policy add-cluster-role-to-user -n default system:router -z router
Check if the system:serviceaccount:default:router has access to update routes and status:
#oc policy who-can update routes/status -n default