On OCP 4.3 the oc login command generated from the dashboard "Copy Login Command"
oc login --token=asdfghjk... --server=https://api.xxx.com:6443
fails with:
error: dial tcp: lookup api.xxx.com on 192.168.0.1:53: no such host - verify you have provided the correct host and port and that the server is currently running.
When I substitute the public ip of my cluster for the hostname it works.
oc login --token=asdfghjk... --server=https://1.2.3.4:6443
I can successfully ping api.xxx.com, the curl command generated by "Copy Login Command" resolves the hostname, and the curl url also works in chrome. I've tried adding the host and public ip to my /etc/hosts file but it still fails.
Is there some oc command configuration option I'm missing? Or perhaps a local proxy that I need to start? (Odd that the error msg says ...on 192.168.0.1:53...)
Versions:
$ oc version
Client Version: openshift-clients-4.3.0-201910250623-88-g6a937dfe
Server Version: 4.3.0
Kubernetes Version: v1.16.2
$
Update:
I've opened an oc issue for this:
https://github.com/openshift/oc/issues/315
This is not a problem with the oc client. It is working as expected.
The DNS server the machine you're running the oc command on does not know about the OpenShift DNS entries.
Judging by the IP 192.168.0.1 its your router.
If you deployed OpenShift in the cloud you need to make sure you're using a Public DNS zone so the DNS entries are resolvable from anywhere.
Alternately you could put those entries in the /etc/hosts file on your local linux machine (if its Windows the path is different) or you could put them in the DNS settings in your router.
I encounter the similar "No such host" problem run oc rsh command. After oc logout and oc login again, the problem is resolved.
Had same problem today on MacOS.
Ping worked to resolve the host BUT nslookup and dig both could NOT resolve the host, and the nameserver that dig and nslookup used was my default gateway address / port 53.
Fix:
Go to System Preferences > Network > Advanced > DNS tab. Add in name servers that resolve the hostname, which in my case are intranet nameservers (i'm VPN'ed). I also added in several public nameservers just in case.
Now Dig / nslookup resolve the host, and my oc login works
Conclusion?
I'm not sure this is an oc issue as much as it is a VPN configuration problem. Seems VPN did not add in intranet DNS properly. However I cannot explain why, before i added the nameservers, ping worked but dig/nslookup did not.
Related
So I followed this tutorial to install and configure a MySQL server on an AWS instance that was originally running on EC2.
When I tried to login back to the server via ssh, I would get a port 22: Connection timed out error.
So I tried to do the same on Lightsail and ended up getting the same error when I try to login back.
Is this a known issue? Am I doing anything wrong? Is there a way to fix this?
Thanks.
mentioned tutorial says: enable firewall to allow mysql remote access.
sudo ufw enable
sudo ufw allow mysql
which is allowing only mysql and stopping every incoming request it can be either ssh or http or anything else which you have defied in security group of ec2 instance.
In my case i have allowed following inbound rule but nothing was working even ssh also says connection refused
To get this working either disable firewall or allow required port in firewall. Off course, still you need to login into ec2 instance to get this done.
There are 3 ways to connect with ec2 instance
SSH is not working so I choose Session Manager (Browser based ssh). I follow this video and was able to connect with instance through session manager.
After login i just disable the firewall and every thing works fine.
sudo ufw disable
All the inbound rules working properly. Hope it will work for you.
I created an instance (CentOS7) in GCE. I then installed Glassfish 4. However, I can't seem to access it via http/https.
[ank#instance-1 bin]$ sudo ./asadmin start-domain
Waiting for domain1 to start .........
Successfully started the domain : domain1
domain Location: /opt/glassfish4/glassfish/domains/domain1
Log File: /opt/glassfish4/glassfish/domains/domain1/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.
When trying to access http://ip_address or even http://ip_address:4848 I get "refused to connect" error.
Appreciate any help.
you'd need to open port tcp:80, tcp:443 (and tcp:4848) on the firewall; assuming you have already assigned an external IP (or are accessing it from another internal IP on the same network, which I'd suggest for tcp:4848). see the documentation, concerning: Using Firewall Rules.
So I'm hoping someone can give me some insight in my problem.
Been googling, reading blogs/articles, checking the documentation, but can't really figure it out...
So, if I want to deploy Openshift/OKD to a VPS, doesn't matter if it's the all-in-one deployment or not: how do I secure the web console?
I was expecting that it would be possible to e.g. execute an "oc cluster up" with public-master equal to my local-ip or public ip. Then, use iptables to block access to this port publicly and use ssh port forwarding (in putty) to access the webconsole. However, apparently accessing the web-console executes some form of forwarding, which basically makes ssh port forwarding for accessing it fail. I tried with ssh port forwarding by both setting the public master to my localhost ip and my public ip of the vps: same issue, ssh port forwarding doesn't work.
What I definitely do NOT want to do, is just expose the web-console to everyone with just a username and password combination.
So what options are there to actually secure the web console for openshift for public access over the internet?
There are a lot of articles to be found online on how to deploy it, but basically they all just seem to expose the web console publicly to everyone...
had the same problem, that is, ssh port forwarding didn't work due to web-console forwarding and redirects.
Solved it by forwarding to the same port, which seems to work:
ssh -L 8443:localhost:8443 -f -N user#host
Forwarding to different port didn't work:
ssh -L 1443:localhost:8443 -f -N user#host
Apologies for the bad english, i'm french. :D
I've been looking for an answer since approximatively 4 days, and I don't know how to fix my issue.
So:
I want to virtualize two servers using virtualBox on Windows7 and i want them all on the same local network.
My VMs are running on Ubuntu 16.04
On the first VM I installed a lamp web server with MySQL 5.7 and i add phpmyadmin.
On the second VM I installed Jira standalone
--> I need to connect to my Database from my Jira server
So I used the Bridge adapter on each machine:
network configuration
network configuration
Ip adresses are attributed with the DHCP protocol.
The SQL machine ip is 192.168.6.80
The Jira machine ip is 192.168.6.101
The Host machine ip is 192.168.6.87
I'm able to ping each machine so there is no problem.
SQL server
When I start the machine everything seems to work, i can access from my SQL server:
localhost : home page of apache 2 saying "It Works"
localhost:5671 :
[���
5.7.18-0ubuntu0.16.04.1� ���UKBeM�ÿ÷�ÿ����������T(DGKg1hwd=�mysql_native_password���ÿ„Got
packets out of order
localhost/phpmyadmin : the index page where I can connect perfectly with root.
Host Machine (Windows)
192.168.6.80 : home page of apache 2 saying "It Works"
192.168.6.80:5671 :
[���
5.7.18-0ubuntu0.16.04.1� ���UKBeM�ÿ÷�ÿ����������T(DGKg1hwd=�mysql_native_password���ÿ„Got
packets out of order
192.168.6.80/phpmyadmin : the index page where I can connect perfectly with root.
Jira server
Here when i start the machine it works during approximatively 2-3 minutes,
I'am able to connect via:
mysql -u root -p -h 192.168.6.80 -P 5671
I am perfectly connected and i can also access to all the other adresses.
And then it stop working on this machine only.
Unable to connect
Firefox can’t establish a connection to the server at 192.168.6.80.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
And when i re-try to connect via mysql on terminal I get the Error 2003 (HYOOO)
This happen only when i use the connection of my work, at home it works perfectly without stopping!!
I have few leads:
problems of proxy authentication
problems of firewall configuration
i am in a private network with a domain name called something.eu
And when i launch firefox the proxy shows up automatically:
and-etc-ha.something.eu:9090
So i'm invited to enter my id and password.
My id is : luc.myName#something.eu
After that i'm connected to internet with firefox but not in terminal when i want to use apt.
I search on the web and i found this:
export http_proxy="http://Username:password#proxyip:port/"
and
export http_proxy="http://Domain\user:pasword#proxyip:port/"
So I tried different ways and i was able to download with apt. But the internet connexion with firefox was unstable. But if I use firefox on my host machine the connexion is perfect.
I also tried with settings -> network -> network proxy -> method manual
http: and-etc-ha.something.eu port: 9090
I don't know if I was understandable, tell me!^^
If you have any ideas to help me to solve this problem let me know.
Bye!
I found the cause: In fact there was a ip conflict inside the LAN because the DHCP was giving in-use ip address.
I decide to use the NAT connection with Port Forwarding on VirtualBox.
With that configuration I'm able to access my VMs on my LAN using the host ip address followed by the port of my choice.
I am using Bluemix container service and am unable to do cf ic login from behind a firewall, even though I have configured proxies.
When I do
cf ic -v login
I get the error message:
Authenticating with the IBM Containers registry host
registry.ng.bluemix.net... FAILED The attempt to authenticate with the
IBM Containers registry host registry.ng.bluemix.net was unsuccessful.
****Warning: '-e' is deprecated, it will be removed soon. See usage. Error response from daemon: Get
https://registry.ng.bluemix.net/v1/users/: dial tcp
198.23.117.106:443: i/o timeout
To test that my proxy is configured, I do this:
wget https://registry.ng.bluemix.net/v1/users/
--2016-10-25 11:25:23-- https://registry.ng.bluemix.net/v1/users/ Resolving proxy-chain.intel.com (proxy-chain.intel.com)... 10.19.8.225
Connecting to proxy-chain.intel.com
(proxy-chain.intel.com)|10.19.8.225|:912... connected. Proxy request
sent, awaiting response... 404 Not Found 2016-10-25 11:25:24 ERROR
404: Not Found.
If I disconnect VPN so I no longer have a firewall and need a proxy, and unset my proxies, it works.
These are the proxies I have set:
printenv | grep -i proxy
http_proxy=http://proxy-chain.intel.com:911
ftp_proxy=http://proxy-chain.intel.com:911
socks_proxy=http://proxy-chain.intel.com:1080
https_proxy=http://proxy-chain.intel.com:912
no_proxy=intel.com,.intel.com,10.0.0.0/8,192.168.0.0/16,localhost,127.0.0.0/8,134.134.0.0/16
>
More experiments:
When I set the proxy to something bogus, it fails immediately:
> export https_proxy=http://foobarsfsdf.com
> cf ic login
FAILED
auth request failed: Error performing request: Post https://login.ng.bluemix.net/UAALoginServerWAR/oauth/token: http: error connecting to proxy http://foobarsfsdf.com: dial tcp: lookup foobarsfsdf.com on 10.0.2.3:53: no such host
>
When I set the proxy correctly, it fails later:
> cf ic login
Deleting old configuration file...
Retrieving client certificates for IBM Containers...
Storing client certificates in /home/rscohn1/.ice/certs/...
Storing client certificates in /home/rscohn1/.ice/certs/containers-api.ng.bluemix.net/80cc2e8c-4df0-4700-bd04-77f2e8777f80...
OK
The client certificates were retrieved.
Checking local Docker configuration...
OK
Authenticating with the IBM Containers registry host registry.ng.bluemix.net...
FAILED
The attempt to authenticate with the IBM Containers registry host registry.ng.bluemix.net was unsuccessful.
****Warning: '-e' is deprecated, it will be removed soon. See usage.
Error response from daemon: Get https://registry.ng.bluemix.net/v1/users/: dial tcp 198.23.117.106:443: i/o timeout
When you are not connected to the IBM Containers registry host, you can run only a limited number of IBM Containers commands. Check the spelling of the host URL and try again. If the host URL is correct, open a new command line or terminal window before retrying.
It looks like some parts of the ic plugin uses proxies, and some parts do not.
You need to add the proxy on to your Docker daemon configuration. Also note that as Alex says, you should make sure to configure a HTTPS proxy.
See here for some information on how to do that with Systemd on Linux (Ubuntu 16.04+): https://docs.docker.com/engine/admin/systemd/#http-proxy
For older Linux distributions, such as Ubuntu versions before 16.04, Docker uses Upstart. You'll find the Upstart configuration file at /etc/default/docker, with a sample of how to set the proxy up in comments inside that file.
If you're using the Docker for Mac or Docker for Windows apps, you'll find the proxy configuration options in Preferences -> Advanced.
Make sure to restart Docker after changing the configuration, so that your changes take effect. On Linux: sudo service docker restart. On Mac or Windows, right-click the Docker icon and click restart.