Author Archive

Saturday, June 20th, 2020

If you received the following error

2020-06-15 09:09:48.816 [nioEventLoopGroup-3-1] tcp – Error in Netty pipeline: io.netty.handler.codec.DecoderException: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTI

you need to include this in the input  ssl_verify => false , refer to the screenshot

Pacemaker (pcs) commands

Thursday, May 28th, 2020

to delete cluster # pcs cluster destory

to remove node # pcs cluster node remove node

to cleanup errors in cluster # pcs resource cleanup

to list constraint # pcs constraint list –full

to remove constraint # pcs constraint remove constraintName for example pcs constraint remove cli-ban-test_sg-on-server01-cpn

to Add constraint

pcs constraint colocation add VirtualIP with HAProxy with mariadb score=INFINITY


pcs constraint colocation set VirtualIP HAProxy mariadb

invalid metric type “dictionary_file_words_count untyped”

Sunday, April 5th, 2020

This problem apparently caused to pluggin:
mysql> SHOW VARIABLES LIKE ‘%dictionary%’;
| Variable_name | Value |
| validate_password.dictionary_file | |
1 row in set (0.00 sec)
To resolve this problem, I disabled in the mysql:
mysql> SELECT @@plugin_dir;
| @@plugin_dir |
| /usr/lib64/mysql/plugin/ |
1 row in set (0.00 sec)
mysql> UNINSTALL COMPONENT ‘file://component_validate_password’;
Restart mysql and the mysqld_export connect to Prometheus.

Error codes explanations

Thursday, March 12th, 2020
The status code is always 3-digit. The first digit indicates a general status :
 - 1xx = informational message to be skipped (e.g. 100, 101)
 - 2xx = OK, content is following   (e.g. 200, 206)
 - 3xx = OK, no content following   (e.g. 302, 304)
 - 4xx = error caused by the client (e.g. 401, 403, 404)
 - 5xx = error caused by the server (e.g. 500, 502, 503)

pulling image error : Get https://docker-registry.default.svc:5000/v2/: http: server gave HTTP response to HTTPS client error: build error: unable to get

Sunday, February 2nd, 2020


 Add –insecure-registry in /etc/sysconfig/docker # vim /etc/sysconfig/docker … OPTIONS=’ –selinux-enabled –log-driver=journald –signature-verification=False –insecure-registry docker-registry.default.svc:5000 ‘ … — Restart docker service to take effect. # systemctl restart docker.service

Which service using which port – linux command

Monday, January 20th, 2020

$ netstat -tulpn

wait for the sync daemonset to become ready and available

Saturday, January 11th, 2020


need to set this for each master node


refer to the screenshot

Unable to add node failing with “Unable to update cni config: No networks found in /etc/cni/net.d” in Openshift Container Platform 3

Thursday, January 9th, 2020

Red Hat Openshift Container Platform 3.9
Showing errors
cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d There are no files in that directory as opposed to a working node which has a file named 80-openshift-network.conf kubelet_node_status.go:106] Unable to register node “” with API server: nodes “” is forbidden: node “” cannot modify node “”
This error is what happens when the host cannot resolve itself in DNS.
Root Cause
On this issue the VPC’s “DHCP Options Set”, had the value of domain-name = instead of domain-name = (notice the dash vs the period before the word ‘example’)

Service catalog fails because Template Service Broker won’t start

Thursday, January 9th, 2020

As a workaround, add the label region=infra to one or more nodes. Typically this should be added to existing infrastructure nodes.
# oc label node ‘region=infra’
Root Cause
The template service broker expects the label region=infra to install as part of the daemonset. This is not currently customizable, however a feature request is open:Issue
Upgrade playbook fails during the Upgrade Service Catalog play.
1. Error : Hosts: Play: Upgrade Service Catalog Task: Verify that TSB is running Message: Status code was not [200]: Request failed: <urlopen error [Errno 111] Connection refused>
Returns error code similar to older non OCP issues here and here.
Add ‘template_service_broker_selector={‘zone’: ‘infra’}’ line in inventory file
Update daemonset with zone=infra value
Rerun the playbook

The route is not accepting traffic yet because it has not been admitted by a router.

Thursday, January 9th, 2020


Run the following command

#oc adm policy add-cluster-role-to-user -n default system:router -z router

Check if the system:serviceaccount:default:router has access to update routes and status:

#oc policy who-can update routes/status -n default