openshift/origin rebuilding default router from router/haproxy fails #14473
Assignees
Comments
|
@zjagust the docker file you're using might help troubleshoot this if you can share it. The I don't think that's the issue here though, it looks more like maybe the entrypoint is incorrect. In our file we use |
|
@pweil- I have used Dockerfile from here: https://raw.githubusercontent.com/openshift/origin/master/images/router/haproxy/Dockerfile The only modification I made is related to issue #14393 so I changed the original line: to this: Everithing else is the same I did no other modifications. Now, if I execute (docker run) the image, it starts up successfully: docker run -d -p 80:80 haproxy
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7b4b994bb2a4 haproxy "/usr/bin/openshift-r" 7 seconds ago Up 3 seconds 53/tcp, 443/tcp, 8443/tcp, 0.0.0.0:80->80/tcp jolly_easleyIf I execute the reload-haproxy script, HAProxy also starts successfully: sh reload-haproxy
- Proxy protocol 'FALSE'. Checking HAProxy /healthz on port 1936 ...
- HAProxy port 1936 health check ok : 0 retry attempt(s).
ps axu
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
1001 1 1.6 0.2 625204 52280 ? Ssl 08:37 0:02 /usr/bin/openshift-router
1001 16 0.2 0.0 15196 2000 ? Ss 08:39 0:00 bash
1001 55 0.0 0.0 52188 5560 ? Ss 08:39 0:00 /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p /var/lib/haproxy/run/haproxy.pidThis is the output of oadm command with "-o json" option: {
"kind": "List",
"apiVersion": "v1",
"metadata": {},
"items": [
{
"kind": "ServiceAccount",
"apiVersion": "v1",
"metadata": {
"name": "router",
"creationTimestamp": null
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "router-router-role",
"creationTimestamp": null
},
"userNames": [
"system:serviceaccount:default:router"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "default",
"name": "router"
}
],
"roleRef": {
"kind": "ClusterRole",
"name": "system:router"
}
},
{
"kind": "DeploymentConfig",
"apiVersion": "v1",
"metadata": {
"name": "router",
"creationTimestamp": null,
"labels": {
"router": "router"
}
},
"spec": {
"strategy": {
"type": "Rolling",
"rollingParams": {
"maxUnavailable": "25%",
"maxSurge": 0
},
"resources": {}
},
"triggers": [
{
"type": "ConfigChange"
}
],
"replicas": 1,
"test": false,
"selector": {
"router": "router"
},
"template": {
"metadata": {
"creationTimestamp": null,
"labels": {
"router": "router"
}
},
"spec": {
"volumes": [
{
"name": "server-certificate",
"secret": {
"secretName": "router-certs"
}
}
],
"containers": [
{
"name": "router",
"image": "haproxy",
"ports": [
{
"containerPort": 80
},
{
"containerPort": 443
},
{
"name": "stats",
"containerPort": 1936,
"protocol": "TCP"
}
],
"env": [
{
"name": "DEFAULT_CERTIFICATE_DIR",
"value": "/etc/pki/tls/private"
},
{
"name": "ROUTER_EXTERNAL_HOST_HOSTNAME"
},
{
"name": "ROUTER_EXTERNAL_HOST_HTTPS_VSERVER"
},
{
"name": "ROUTER_EXTERNAL_HOST_HTTP_VSERVER"
},
{
"name": "ROUTER_EXTERNAL_HOST_INSECURE",
"value": "false"
},
{
"name": "ROUTER_EXTERNAL_HOST_INTERNAL_ADDRESS"
},
{
"name": "ROUTER_EXTERNAL_HOST_PARTITION_PATH"
},
{
"name": "ROUTER_EXTERNAL_HOST_PASSWORD"
},
{
"name": "ROUTER_EXTERNAL_HOST_PRIVKEY",
"value": "/etc/secret-volume/router.pem"
},
{
"name": "ROUTER_EXTERNAL_HOST_USERNAME"
},
{
"name": "ROUTER_EXTERNAL_HOST_VXLAN_GW_CIDR"
},
{
"name": "ROUTER_SERVICE_HTTPS_PORT",
"value": "443"
},
{
"name": "ROUTER_SERVICE_HTTP_PORT",
"value": "80"
},
{
"name": "ROUTER_SERVICE_NAME",
"value": "router"
},
{
"name": "ROUTER_SERVICE_NAMESPACE",
"value": "default"
},
{
"name": "ROUTER_SUBDOMAIN"
},
{
"name": "STATS_PASSWORD",
"value": "eDMBWUFSAY"
},
{
"name": "STATS_PORT",
"value": "1936"
},
{
"name": "STATS_USERNAME",
"value": "admin"
}
],
"resources": {
"requests": {
"cpu": "100m",
"memory": "256Mi"
}
},
"volumeMounts": [
{
"name": "server-certificate",
"readOnly": true,
"mountPath": "/etc/pki/tls/private"
}
],
"livenessProbe": {
"httpGet": {
"path": "/healthz",
"port": 1936,
"host": "localhost"
},
"initialDelaySeconds": 10
},
"readinessProbe": {
"httpGet": {
"path": "/healthz",
"port": 1936,
"host": "localhost"
},
"initialDelaySeconds": 10
},
"imagePullPolicy": "IfNotPresent"
}
],
"nodeSelector": {
"region": "infra"
},
"serviceAccountName": "router",
"serviceAccount": "router",
"hostNetwork": true,
"securityContext": {}
}
}
},
"status": {
"latestVersion": 0,
"observedGeneration": 0,
"replicas": 0,
"updatedReplicas": 0,
"availableReplicas": 0,
"unavailableReplicas": 0
}
},
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "router",
"creationTimestamp": null,
"labels": {
"router": "router"
},
"annotations": {
"service.alpha.openshift.io/serving-cert-secret-name": "router-certs"
}
},
"spec": {
"ports": [
{
"name": "80-tcp",
"port": 80,
"targetPort": 80
},
{
"name": "443-tcp",
"port": 443,
"targetPort": 443
},
{
"name": "1936-tcp",
"protocol": "TCP",
"port": 1936,
"targetPort": 1936
}
],
"selector": {
"router": "router"
},
"clusterIP": "172.30.178.91"
},
"status": {
"loadBalancer": {}
}
}
]
}When trying to build a default OpenShift router out of the same image using oadm command, the issue described above happens. Please tell me if something is missing, or you require any additional info, I just hope I'm doing something terribly wrong :) |
|
@zjagust can you pull the pod yaml for the broken router please? |
|
Is this it, or you need something else: |
|
Sorry, I'm looking for what's actually running. So, 'oc get pods' and then get the name of the router and do 'oc get pod router-... -o yaml'. Thanks. |
|
Here it is: |
|
Guys, any news on this? Thanks in advance. |
|
Hi guys. A little update from my side. I named my image "haproxy" which made me realize when using the following command: it will not use a local image I just created and named "haproxy", but it will pull an image form "docker.io/haproxy" whose default config actually is in "/usr/local/etc/haproxy/haproxy.cfg". Please tell me if I'm wrong, but I'm pretty much sure I'm not. And if I'm right, this will take a whole new approach. |
|
@zjagust that could be it. You can try giving it a specific tag like haproxy:my-test and pass the tag to |
|
@pweil- I assumed right. Everything works, did a little modification to dockerfile itself, and now I have a default OpenShift router running HaProxy version 1.7. As far as I am concerned, this issue is resolved. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I tried to build an image for OpenShift Router by pulling files from here: https://github.com/openshift/origin/tree/master/images/router/haproxy but it fails.
Version
oc version
oc v1.5.0
kubernetes v1.5.2+43a9be4
features: Basic-Auth GSSAPI Kerberos SPNEGO
Steps To Reproduce
Remove a default haproxy router:
oc delete pods $(oc get pods | grep router | awk '{print $1}')
oc delete svc router
oc delete serviceaccount router
oc delete dc router
Pull files from here: https://github.com/openshift/origin/tree/master/images/router/haproxy and create a router Docker image from Dockerfile:
docker build -t=haproxy .
Try and build a default haproxy router from image created in step 2:
oadm router router --replicas=1 --selector='region=infra' --images=haproxy --service-account=router
Current Result
A creation of a default router fails, where "oc describe po router" gives the following output:
Back-off restarting failed docker container
Error syncing pod, skipping: failed to "StartContainer" for "router" with CrashLoopBackOff: "Back-off 10s restarting failed container=router pod=router
Output of the command "oc logs router" gives the following output:
<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -f /usr/local/etc/haproxy/haproxy.cfg -Ds
[ALERT] 151/175956 (6) : Cannot open configuration file/directory /usr/local/etc/haproxy/haproxy.cfg : No such file or directory
<5>haproxy-systemd-wrapper: exit, haproxy RC=1
Expected Result
Operation above should have the same result as when running:
oadm router router --replicas=1 --selector='region=infra' --images=docker.io/openshift/origin-haproxy-router --service-account=router
The text was updated successfully, but these errors were encountered: