215666 (2) [Avatar] Offline
#1
Hi there

I'm going through the examples in the second chapter, and I have created the service for app-cli, but I cannot seem to access it from outside the cluster. The two node cluster is running inside two virtualbox VMs. I can access the internal cluster IP using curl from the master node but not from the host machine. I can access the web ui from the host, so I dont think its a virtualbox networking issue.


(the external route - not accessible)
[root@ocp-1 ~]# curl app-cli-image-uploader.apps.192.168.56.100.nip.io:8080
curl: (7) Failed connect to app-cli-image-uploader.apps.192.168.56.100.nip.io:8080; Connection refused

[root@ocp-1 ~]# oc describe route app-cli -n image-uploader
Name:                   app-cli
Namespace:              image-uploader
Created:                31 minutes ago
Labels:                 app=app-cli
Annotations:            openshift.io/host.generated=true
Requested Host:         app-cli-image-uploader.apps.192.168.56.100.nip.io
                          exposed on router router 31 minutes ago
Path:                   <none>
TLS Termination:        <none>
Insecure Policy:        <none>
Endpoint Port:          8080-tcp

Service:        app-cli
Weight:         100 (100%)
Endpoints:      10.128.0.10:8080, 10.128.0.10:8443

[root@ocp-1 ~]# oc get svc
NAME      CLUSTER-IP     EXTERNAL-IP   PORT(S)             AGE
app-cli   172.30.6.204   <none>        8080/TCP,8443/TCP   38m

(I can access the internal ip)
[root@ocp-1 ~]# curl 172.30.6.204:8080 | head
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1091  100  1091    0     0   149k      0 --:--:-- --:--:-- --:--:--  177k
<html>
<head>
<title>Image Library Demo Application by </title><style>
body {
    background-color: lightgrey;
    font-family: arial;
}

#body-wrapper {
    background-color: white;


What should be the next thing I check here?

Thanks
John Osborne (20) [Avatar] Offline
#2
Try removing the port number from the route URL. The OpenShift router only listens on port 80 and 443 by default. The port of 8080 that you see in the endpoint for 'oc describe' is showing you the port number for the service, which is only accessible inside the cluster.

The OpenShift router will forward the request on port 80 to port 8080 for the service.
215666 (2) [Avatar] Offline
#3
I forgot to mention - I had tried port 80 as well as 443 first and it also did not work. I tried a few things since posting to fix this but eventually gave up and reinstalled centos into a single node cluster running on a VM after changing the ansible hosts file from the appendix-a and removing all traces of the second node and leaving just the master in it.

After the install completed the docker-registry and the router pods were both not running as seen in oc status -v and oc get all, so I deleted everything like dc/svc/rc etc related to these two and then used the oadm command to create the router and the registry. After this I was able to create a new app and the route to it works now. The router and registry are both running now:

[root@ocp-1 ~]# oc project default
Now using project "default" on server "https://ocp-1.192.168.0.200.nip.io:8443".

[root@ocp-1 ~]# oc get nodes
NAME                         STATUS    AGE       VERSION
ocp-1.192.168.0.200.nip.io   Ready     2h        v1.6.1+5115d708d7

[root@ocp-1 ~]# oc get po
NAME                       READY     STATUS    RESTARTS   AGE
docker-registry-1-w1lk2    1/1       Running   1          36m
registry-console-1-kzhj6   0/1       Running   1          56m
router-1-29x4t             1/1       Running   2          37m

[root@ocp-1 ~]# oc get route
NAME               HOST/PORT                                            PATH      SERVICES           PORT      TERMINATION   WILDCARD
registry-console   registry-console-default.apps.192.168.0.200.nip.io             registry-console   <all>     passthrough   None



I can access the website from outside now.

I'm not quite sure where I went wrong initially (I'm really new to containers) but I think the registry and router were both not running the first time around and I failed to check this. I also used a single bridged NIC in the VM this time, last time I used two NICs, one NAT and one host only. Not sure if that was related.

I'll try the two node cluster again when I have some time.

On the plus side I got to know a bit about troubleshooting openshift.
John Osborne (20) [Avatar] Offline
#4
Great job troubleshooting!

The most common problem people have when trying to access the cluster from outside is DNS. The router especially requires wildcard DNS. For instance, if you spin up a new application with route myapp.apps.mycluster.com then you need a DNS entry to point everything at *.apps.mycluster.com to the OpenShift router. OpenShift uses dnsmasq by default to set that up.
Jamie Duncan (53) [Avatar] Offline
#5
I've heard other people getting some networking weirdness out of host-only interfaces and virtualbox.

I'm working on a vagrantfile that will support libvirt and virtualbox this weekend. It'll be part of the OpenShiftInAction github organization.

-jamie

215666 wrote:I forgot to mention - I had tried port 80 as well as 443 first and it also did not work. I tried a few things since posting to fix this but eventually gave up and reinstalled centos into a single node cluster running on a VM after changing the ansible hosts file from the appendix-a and removing all traces of the second node and leaving just the master in it.

After the install completed the docker-registry and the router pods were both not running as seen in oc status -v and oc get all, so I deleted everything like dc/svc/rc etc related to these two and then used the oadm command to create the router and the registry. After this I was able to create a new app and the route to it works now. The router and registry are both running now:

[root@ocp-1 ~]# oc project default
Now using project "default" on server "https://ocp-1.192.168.0.200.nip.io:8443".

[root@ocp-1 ~]# oc get nodes
NAME                         STATUS    AGE       VERSION
ocp-1.192.168.0.200.nip.io   Ready     2h        v1.6.1+5115d708d7

[root@ocp-1 ~]# oc get po
NAME                       READY     STATUS    RESTARTS   AGE
docker-registry-1-w1lk2    1/1       Running   1          36m
registry-console-1-kzhj6   0/1       Running   1          56m
router-1-29x4t             1/1       Running   2          37m

[root@ocp-1 ~]# oc get route
NAME               HOST/PORT                                            PATH      SERVICES           PORT      TERMINATION   WILDCARD
registry-console   registry-console-default.apps.192.168.0.200.nip.io             registry-console   <all>     passthrough   None



I can access the website from outside now.

I'm not quite sure where I went wrong initially (I'm really new to containers) but I think the registry and router were both not running the first time around and I failed to check this. I also used a single bridged NIC in the VM this time, last time I used two NICs, one NAT and one host only. Not sure if that was related.

I'll try the two node cluster again when I have some time.

On the plus side I got to know a bit about troubleshooting openshift.
Samuel P (1) [Avatar] Offline
#6
I am facing the same issue
http://app-cli-image-uploader.apps.192.168.0.54.nip.io is reachable from within the VMs but not from the host.
I run the cluster on 2 VMs, via Hyper-V