Comments (10)
this was using libvirt with rhcos qcow
from installer.
I see this will be fixed tomorrow
from installer.
tried with new image, still have issues with bootkube output:
[core@test1-master-0 ~]$ journalctl --no-pager -u bootkube
-- Logs begin at Wed 2018-08-15 13:56:27 UTC, end at Wed 2018-08-15 14:00:01 UTC. --
Aug 15 13:56:48 test1-master-0 systemd[1]: Starting Bootstrap a Kubernetes cluster...
Aug 15 13:56:48 test1-master-0 bash[1404]: Rendering Kubernetes core manifests...
Aug 15 13:56:48 test1-master-0 bash[1404]: Unable to find image 'quay.io/coreos/kube-core-renderer-dev:df42b97af403702013f4739fc82cd005cfd0c766' locally
Aug 15 13:56:48 test1-master-0 bash[1404]: Trying to pull repository quay.io/coreos/kube-core-renderer-dev ...
Aug 15 13:56:49 test1-master-0 bash[1404]: df42b97af403702013f4739fc82cd005cfd0c766: Pulling from quay.io/coreos/kube-core-renderer-dev
Aug 15 13:56:49 test1-master-0 bash[1404]: 4d472840d001: Pulling fs layer
Aug 15 13:56:49 test1-master-0 bash[1404]: dd5cfda89e72: Pulling fs layer
Aug 15 13:56:50 test1-master-0 bash[1404]: 4d472840d001: Verifying Checksum
Aug 15 13:56:50 test1-master-0 bash[1404]: 4d472840d001: Download complete
Aug 15 13:56:50 test1-master-0 bash[1404]: dd5cfda89e72: Verifying Checksum
Aug 15 13:56:50 test1-master-0 bash[1404]: dd5cfda89e72: Download complete
Aug 15 13:57:03 test1-master-0 bash[1404]: 4d472840d001: Pull complete
Aug 15 13:57:05 test1-master-0 bash[1404]: dd5cfda89e72: Pull complete
Aug 15 13:57:05 test1-master-0 bash[1404]: Digest: sha256:b7441413d170e803ca71a020863ac66f435d9b713664ba8074e994288268e712
Aug 15 13:57:05 test1-master-0 bash[1404]: Status: Downloaded newer image for quay.io/coreos/kube-core-renderer-dev:df42b97af403702013f4739fc82cd005cfd0c766
Aug 15 13:57:07 test1-master-0 bash[1404]: F0815 13:57:07.218416 1 main.go:24] Failure reading config from "/assets/kco-config.yaml": read config from "/assets/kco-config.yaml": open /assets/kco-config.yaml: permission denied
Aug 15 13:57:07 test1-master-0 systemd[1]: bootkube.service: main process exited, code=exited, status=255/n/a
Aug 15 13:57:07 test1-master-0 systemd[1]: Failed to start Bootstrap a Kubernetes cluster.
Aug 15 13:57:07 test1-master-0 systemd[1]: Unit bootkube.service entered failed state.
Aug 15 13:57:07 test1-master-0 systemd[1]: bootkube.service failed.
the perm denied still appears related to selinux.
from installer.
journalctl | grep -i avc
Aug 15 13:56:33 test1-master-0.tt.testing ignition[687]: "source": "data:text/plain;charset=utf-8;base64,LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbk5YSWtsM2VtRFdyeU03aFNPQlN1WVlqYkFYd1VaN0hwZE9YVEpTck8xbzQ1YURHCmN6QUF1ZFl5ZTVnem9zeWUzWDZXL3hNNGVJR3JCR3ZGTS9Ucno1TUdHd3dpUnRRdk5ydHJMKzBoTlFSRXB4T00KMXRRWW5yeFc4N3pzV2w5bmFBWEY5cG45RFBYU0dmOCs2aXpab3NrYk5aWmt5aVY0SzRjM2dzYVVJR2s3bXRGbwora3JqQVFzQldvQWN0Ykt5SlJITS9wSkozTUI1K0lQQkZzK0Q4OXlTQ3ZjcGVyWUZZcXRPYlF3NGpWUnI0bmhEClZpR3VrbVFYdDBDOUhETDIwWm9GT1lKbjQ0YWJKemM2TEZuaDZXYjlaa1pSNFQyalF1bThOSTdPOUlDemhCOFYKclFOdm1rRnZkQzd0K1FpQVc2L0Z3c2NUVVdYa2lNamdoUTJDK1FJREFRQUJBb0lCQUFqMlNuVGF1bHFXVG8rMgpDcmVnWWZuS0NZSWx3THJaU08xWDd3Qm9TblNrempXSS8yNGJveDc3ZDMwS2tJRFFFby96cU90QWpPeU45RmpYClU3aUpXV1JPTVg0Z0xtRS94TWJxNU5BalM4OTh3L09NTVhNaFFacm9oa3Q5VTBCQ3pXVHJWNG1rK1FuaGpqVUEKR2ZkRnd0WURpZk9BK1pkM2xxdGVHYlQyWmdhSUJmNXVMNDBMSEZqdlA3TlhlQ3dTbkFQZFBwZ1FSSENDOVEyMgprT242cFhDazM0bVVzZVI4UlVpUWhYTFpTSWFrcUxVWE1ndndHL0pGNDNQZDZFQVdiYXkveTlraWtYZDRyUk1vCkRManB2YkhyeWpyVDM0d0N0UXpCNXJZRUd1MytEVGpvNGRKQ1pHeVg2QWw0T1ZFdFMxRUxTajdmT1FBelhMYysKTEZ5SVpKRUNnWUVBd1IyNlVpU21pWlhwdGdEL1YvMUF2cVNHdEJ2clhROEliOTF3OTNCc0haNlZLNXA2WEkwUQpyOEQwUTJjczB6ckJ3cXhKVThwU0FNYituVHY1dnFjaTdyK24wV2RmbGpwOE8rYVl3V1dXYldnMFNTZVNVUCtZClBsVzdmR3NtUi9KZUxNSmxKWlRFYjBNOGVHcFlTZUZUcWhmSVUzQzVoNVFvcjY2SXVnbFhyalVDZ1lFQXorZWwKMGxNSWlQNE8vOWVjamhESFFYZE1HN3crazV5Y1ltRFRDUXg1LzEzTlhucVdyUDR0WWVFSEZ0TFQ0dFVmcU1BUgpVOUZqaTNQbzRZTjBwaU9yb1ZEd2x1QkI4dkttOFVheHdjajgxWWNMTHRZdFVCMjNHRVAvbU56Vm9WSEY0d3JjCnJwa25nZ1FDcW9VMDJrWGYzbUJ2cWZQa1p6VUxweHIrTmt0QzZqVUNnWUVBZ09ZMjExMWZTN2FrcUxkQnVKbHgKL2M0VG0yU0hWVFlUaTVkakw4WDZaRXJWaHFVMXgxRGhNbTY0bThUaVJwdVJlVDlHTW9kNDlNdmVaMVVBL2lEUgpVRXJjMlFrRzVGOWxUUlkrSDlpTzc3ZitMbFliYzdVbkNYUndFRHYwOFZEMVN5cjJHSCtVSGkvaXpQMHVzU0dWCmxwTUpRNmlhTGNUVzQyeThGbkRsOVlFQ2dZQXJNcFY0c3ZuMkJOdTIrdVN6ZS9iNnVqL2REMnJ0SHNBN2pLU3MKbjZRRmxFYmtsNUlSRmFyMlNGeEJ1TUovd2dxVzlIbGxNZjk5N1RKNUVPZyswUENMVHhiK01sQmhtMXRtakdySQp1ZXNXcnIxN0dOTkhielVvM0pBU0FlaDlZVkU5a0hjejYreVNqaVREcTNQRTJubmVhYWtwNWR3U09hcFhLVHVpCnFsYVg5UUtCZ1FDV3J5dWUxYk9pdmE2TzdHb01FQzFtOGlhd3NkLzFzZ2VTZnBJZnRWUGh6bnM2RU1PMVVHa2UKaUVhOUFaMmdCY1RXd3Y2MWpzaFgwWXhmaC9Lc1ZOVkk1cUhBbG9VOGdDUmlCblkxL2xRQy9SRGJMNzJWcjd0Ngp3cjk2bzd0WFN3dzlaY0ZKc3c1TG85K3AwYkxWUWFNMUFpYVlBUk44Zm54V3FRaVcyQ3hDTFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=",
Aug 15 13:56:34 test1-master-0.tt.testing ignition[687]: "source": "data:text/plain;charset=utf-8;base64,LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBd2MrWHdWZEFxa0hlSERuQjcwMkxOcXJaYXJ0b1ZRSTM5L2dkN2h3WnpqdnVCU1hvCmprTjFpK004dTRNRi9IWUIzdzdBZHd1N1dOeXIwN2tSazNBemZpTitBNDd4cjE1ajZ0djEraklIVDlrRDdveSsKUzBlRC8wQUM4bmFYeHdlNFdJUGV2TGU1Qm1LOTMvTkR6cjRBdXR2ZTVsUDliQnFQK25INElMck82WlF0Sm1BNgpFTmhsOHBnRGxZVFZDanBYbUxhZFBBbHEwSm1TZytSVSt5NEpyTkpybGk4NWFWRS91UW04b2gzK1BrSWhKNncyCkxaTTEva2tzNEVCQml2cUVwZUVHYXZ4TnUxUFo0YVl0S1lweVc0SHJ2R25tQ2tua3Z0VzJ1ZjFaTFgzaUl2aG4KdWdBT1AyeEFqSktxbWdSVVBYcXRIdnhaQ2RLZ3g5L0ZLaFArcFFJREFRQUJBb0lCQVFDM0VyTVV6S2ltcXdWMQp3QkV6VFJwZGoxRkVnclp3NW1HYitHRzlWQW9FUjVQMGhQU0J2Yk5CYW1zcDdRQXdrLy84aGVERUV1N3JaN2RmCmpZZk9yOFBVT1E2RnFmY2VZcGtiZHArSnNNdzdYcEZhT3RSZUk3WEozTnRyMFI1WndTOGZYYUYrdmtVbWhRczYKaW4zWXdwM0o1SHRQTXJORjlHbGdkMXVjL3hrSWhXd0Q2Q2lhQTUyRmgvUkRGYUc1bmM3cTNDNHVnNEsxeCtwUApldG5Obzd3U01aczI5bW5MS0pmR1h5NDU1RnZHQmlOQmJHLzNXL1pNT0lCKzI3aURib2l0QzIvYkZrWGJMQzJECnUrUXpOb25SNzJvZXVmTWh0aFNWUUw1WnNIU3NVRENoSkI5cEIzYWhvdlo0ZFdqWEpoYjY4bzVxdjFrQ3RuZmsKa25QUXlIeFpBb0dCQU93QUhvNm13U3QyeGVXNVh4azErWi9BR2JObXljdy9iMk9XV2dubHBWWVVYaEhGMVp2Zwpmcm1nUEZ6VWl6TGZTckVlbXNNWTV3Qk9pcTJ5cUh4TGlPMjU0MDZ3VlovTDYrLzBGTkliUE5yc1RxSDk5NDRoCnM3aGdqMmtZNklYSGdqc3ozTThkdHVmODFzYXZkc1kzZlNCMGpzYWFzS0w5citqaDROQlRpL2hiQW9HQkFOSTgKTXAxdnRyN1psamFvd1JvWG9JZm9McFJKaXZGb2lYZnptUWExZ1lQOWYyK1dpQ1NGVUdQcEZjNUN3ZGJJWm94RAp5bXlTbDhwL3JBemx4U0VMK0s1ZTZTRGhJQnJERjRWS3FnYjByNXhIYkFIMFdxcE5QQjhyejJnY0l1YWR0dzFDCnZLNHZDU1VJRUJJY2d3dkdoQkV6ZjVkY21RclNJdExJSjNiV3FaVC9Bb0dCQUpIaWdRRXRrN3VLY0VyUmpEZkoKWmNXYXVraHNBZEtBWkJycmxqMEgrR3g5cXFqUjRubTVESjB5c0IyeVJWbnRMZjdQTEZ2dHlONG5yeEl3bm5ZMwpPeTI0K3dwcGRvU1JTZ2ZLbWhSSFFoY1NmSWttdFNEbk5IR0ZQeUY0aEVRdVVCTEl2SFpMcUFWQUJvUkxjdUNVCjdJUmppTjY4UVBTQVhYMVlJK0NqeEtLQkFvR0JBTFFacThhaFlDMUkyMTFCM2dNTFFKT00vUEk5dWxDcW5ERnQKTnFlL3NBOHhpQTFCS0tvWXB0Q2dhZlREemFqQkR0Q1Vkb0hpWnpTcmdPbWZvT3Q1aFBWa0MxVUdadWxtUGUwTApGSE5YQkdYZDdaSVRFZVNZdTZ0OGJYYWp1K1pTTC9HbFBWditvVmZlKzExNG5XN21CbGR5QlpqV1U2a29jWHFlCnl1Z01aMFJqQW9HQVQ5WnY5Uk44cVBwMGRHaml1TmxGYWs3ZC9DRXBiMDI2bEovSmtkN0Z6bXVGekNrL0ZHc1QKL0w4U0x1dXZHY3dLSnFUNWZLdm9TT0FwUmdBUlhYMHpwdVZ3cGhJNWlQby9EM2VwaXJJMVlkdVZPM016WUQrWApiU3V1SFNpZU1aT0Z0aWx3NlJCQjNubnJUV0ErWHRWSCtpQVFlbUJEUnJCSnlSNWlNVjJROEFFPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=",
Aug 15 13:57:07 test1-master-0 kernel: type=1400 audit(1534341427.214:4): avc: denied { read } for pid=1475 comm="renderer" name="kco-config.yaml" dev="dm-0" ino=5728740 scontext=system_u:system_r:container_t:s0:c115,c381 tcontext=system_u:object_r:var_t:s0 tclass=file
from installer.
looks like this should be privileged
https://github.com/openshift/installer/blob/master/modules/bootkube/resources/bootkube.sh#L7
from installer.
or all of the volume mounts should be with :z
from installer.
Correct the /var/.../kco-config.yml file is mislabeled. Just needs to be loaded in with a volume mount telling the container engine to relabel the content.
from installer.
It looks like #137 is related to this to, although I don't understand the situation clearly enough to know how #134 and #137 interact. Do we need both of them?
from installer.
I don't know which problem alex was trying to fix in #137, but #134 is definitely right....
from installer.
Since we can't really customize the ignition configs, one way to work around this for now is:
$ cp /path/to/rhcos{,.permissive}.qcow2
$ virt-edit -a /path/to/rhcos.permissive.qcow2 -m /dev/sda1 /grub2/grub.cfg
$ # add enforcing=0 to the cmdline
from installer.
Related Issues (20)
- RHOS 4.14 on vsphere environment
- Azure install fails (4.12, 4.13, and 4.14) HOT 6
- Why were the patch versions for CVE-2021-20198 released so late? HOT 4
- No host is compatible with the virtual machine. HOT 2
- Manifest files creation error - SIGSEGV: segmentation violation HOT 3
- Installer does not recognize Azure platform cloud name USSec for Azure secret cloud (IL6) HOT 6
- [Question]: Does the installer support non-dhcp network for openstack platform? HOT 4
- [Question] Specify static IPs on AWS IPI HOT 2
- bootstrap node do not boot HOT 1
- ERROR Attempted to gather ClusterOperator status after installation failure
- ERROR Attempted to gather ClusterOperator status after installation failure HOT 2
- Unable to install Redhat OpenShift using the IPI Method. HOT 4
- Feature Request: Option to Select Specific Nutanix Storage Container for VM Creation in IPI Installation HOT 1
- containerd dependency has known vulnerability HOT 4
- deploying openshift cluster 4.14 i got the below error HOT 2
- Monitoring Cluster Operator is degaraded for OCP 4.14 HOT 2
- unabel to install OpenShift Single Node 4.14.10 HOT 4
- IPI fails on IBM Cloud due to pre_provisioning DNS Services HOT 3
- Openshift is configured with the sriov network card, but the network card cannot be seen in the pod. But it can be seen in the yaml configuration HOT 4
- Unable to install OpenShift SNO 4.14.12. Bootstrapping does not complete. Possibly same as issue #7982. HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from installer.