【发布时间】:2021-03-16 16:03:29
【问题描述】:
我刚刚完成了部署 OKD 3.11 的练习,并且大部分成功,直到对先决条件的第一个 ansible playbook 进行了预检查。在运行第二个 ansible playbook 以执行 OKD 的安装时,我看到 oc get master 在端口 8443 上超时。该端口应该被阻止,因为 firewalld 服务没有运行。请高手指点!
TASK [openshift_control_plane : fail]
**************************************************************************
skipping: [192.168.56.122]
TASK [openshift_control_plane : Wait for all control plane pods to come up and become ready]
*******************
FAILED - RETRYING: Wait for all control plane pods to come up and become ready (72 retries left).
FAILED - RETRYING: Wait for all control plane pods to come up and become ready (71 retries left).
FAILED - RETRYING: Wait for all control plane pods to come up and become ready (70 retries left).
failed: [192.168.56.122] (item=etcd) => {"attempts": 72, "changed": false, "item": "etcd", "msg":
{"cmd": "/usr/bin/oc get pod master-etcd-master.cccd-lab.local -o json -n kube-system", "results":
[{}], "returncode": 1, "stderr": "The connection to the server master.cccd-lab.local:8443 was refused
- did you specify the right host or port?\n", "stdout": ""}}
我的库存文件是这样的,
[root@master opt]# cat inventory.ini [OSEv3:儿童] 掌握 节点 等等
[OSEv3:vars]
ansible_ssh_user=root
ansible_become=true
openshift_master_default_subdomain=infra.cccd-lab.local
deployment_type=origin
#New addition
[nodes:vars]
openshift_disable_check=disk_availability,memory_availability,docker_storage
[masters:vars]
openshift_disable_check=disk_availability,memory_availability,docker_storage
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true',
'kind': 'HTPasswdPasswordIdentityProvider'}]
[masters]
192.168.56.122
[etcd]
192.168.56.122
[nodes]
192.168.56.120 openshift_node_group_name='node-config-compute'
192.168.56.121 openshift_node_group_name='node-config-infra'
192.168.56.122 openshift_node_group_name='node-config-master'
#compute openshift_ip=192.168.56.120 openshift_schedulable=true openshift_node_group_name='node-c
config-compute'
#infra openshift_ip=192.168.56.121 openshift_schedulable=true openshift_node_group_name='node-config-
infra'
#master openshift_ip=192.168.56.122 openshift_schedulable=true openshift_node_group_name='node-
config-master'
在进一步调查中,我注意到以下内容
oc get pod master-etcd-master.cccd-lab.local -o json -n kube-system", "results": [{}],
这是 . . .
The connection to the server master.cccd-lab.local:8443 was refused - did you specify the right host
or port?\n", "stdout": ""}}
[root@master opt]# netstat -tupln | grep LISTEN
tcp 0 0 10.0.2.15:53 0.0.0.0:* LISTEN 19370/dnsmasq
tcp 0 0 192.168.56.122:53 0.0.0.0:* LISTEN 19370/dnsmasq
tcp 0 0 172.17.0.1:53 0.0.0.0:* LISTEN 19370/dnsmasq
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1753/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1354/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1357/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1846/master
tcp 0 0 127.0.0.1:43644 0.0.0.0:* LISTEN 17379/hyperkube
tcp 0 0 0.0.0.0:8444 0.0.0.0:* LISTEN 14284/openshift
tcp 0 0 10.0.2.15:2379 0.0.0.0:* LISTEN 14349/etcd
tcp 0 0 10.0.2.15:2380 0.0.0.0:* LISTEN 14349/etcd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 760/rpcbind
tcp6 0 0 fe80::5fe7:910c:c2de:53 :::* LISTEN 19370/dnsmasq
tcp6 0 0 fe80::a00:27ff:fe5d::53 :::* LISTEN 19370/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 1354/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1357/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 1846/master
tcp6 0 0 :::10250 :::* LISTEN 17379/hyperkube
tcp6 0 0 :::111 :::* LISTEN 760/rpcbind
[root@master opt]# ^C
[root@master opt]#
不确定如何解决问题。
【问题讨论】:
-
从
netstat输出中可以看出,由于某种原因,似乎没有运行 API 的 Pod。可以在Master上使用docker ps和docker logs查看Master Pod无法启动的原因吗?这应该会给你更多的提示。 -
嘿,西蒙!我几乎打破了互联网试图解决这个问题。请允许我添加一些细节。我使用的是 Virtualbox 6.1,最初我试图在“Air Gagged”环境中构建这个集群,在该环境中我下载了大多数 RPM 并运行了“yum localinstall”等。所以,这一切都说我配置了两个 NIC。所以,长话短说发现认证拉取了 NAT IP 而不是 Host-Only IP,所以我认为这可能导致 master:8443 的连接被拒绝。更糟糕的是,我不确定如何让证书将 Host-Only IP 放入 Virtualbox。