Unable to add node failing with “Unable to update cni config: No networks found in /etc/cni/net.d” in Openshift Container Platform 3

January 9th, 2020 by ayad

Red Hat Openshift Container Platform 3.9
Showing errors
cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d There are no files in that directory as opposed to a working node which has a file named 80-openshift-network.conf kubelet_node_status.go:106] Unable to register node “ip-10-200-30-40.openshift-example.com” with API server: nodes “ip-10-200-30-40.openshift-example.com” is forbidden: node “ip-10-200-30-40.openshift-example.com” cannot modify node “ip-10-200-30-40.openshift-example.com”
This error is what happens when the host cannot resolve itself in DNS.
Root Cause
On this issue the VPC’s “DHCP Options Set”, had the value of domain-name = openshift-example.com instead of domain-name = openshift.example.com (notice the dash vs the period before the word ‘example’)

Service catalog fails because Template Service Broker won’t start

January 9th, 2020 by ayad

As a workaround, add the label region=infra to one or more nodes. Typically this should be added to existing infrastructure nodes.
# oc label node node1.example.com ‘region=infra’
Root Cause
The template service broker expects the label region=infra to install as part of the daemonset. This is not currently customizable, however a feature request is open:Issue
Upgrade playbook fails during the Upgrade Service Catalog play.
1. Error : Hosts: master-0.server.example.node.com Play: Upgrade Service Catalog Task: Verify that TSB is running Message: Status code was not [200]: Request failed: <urlopen error [Errno 111] Connection refused>
Returns error code similar to older non OCP issues here and here.
Add ‘template_service_broker_selector={‘zone’: ‘infra’}’ line in inventory file
Update daemonset with zone=infra value
Rerun the playbook

The route is not accepting traffic yet because it has not been admitted by a router.

January 9th, 2020 by ayad


Run the following command

#oc adm policy add-cluster-role-to-user -n default system:router -z router

Check if the system:serviceaccount:default:router has access to update routes and status:

#oc policy who-can update routes/status -n default

check number of CPU in Centos

January 7th, 2020 by ayad

lscpu |less

Error from server (Forbidden): users.user.openshift.io is forbidden: User “syste m:anonymous” cannot create users.user.openshift.io at the cluster scope: no RBAC policy matched

December 30th, 2019 by ayad


oc login -u system:admin

ansible playbook: Install httpd, start httpd and change hostname

December 26th, 2019 by ayad

  • name: just for testing by ayad hosts: web1 tasks:
    • name: installing httpd
      name: httpd
      state: present
    • name: starting the services
      name: httpd
      state: started
    • name: modify the hostname
      path: /etc/hosts
      regexp: ‘^’
      line: ayad.com.cm.my
      owner: root
      group: root
      mode: 0644

Pods status in openshift

December 25th, 2019 by ayad
kubectl get pods --all-namespaces
oc get pods --all-namespaces

Ansible with_team

December 25th, 2019 by ayad

  • hosts: webservers0
  • name: Execute a command using the shell module
    become: true
    become_user: root
    shell: touch {{ item }}
    with_items: “{{ groups[‘webservers0’] }}”

The following packages have pending transactions

December 23rd, 2019 by ayad

here is the solutions

#Unfinished transaction remaining

$sudo yum install yum-utils

$yum-complete-transaction –cleanup-only

back and restore iptables

December 19th, 2019 by ayad

$ iptables-save > /path/to/iptables.bkp

$ systemctl restart iptables

$ iptables-restore < /path/to/iptables.bkp