Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate CentOS 7.8 #29738

Closed
sowmyav27 opened this issue Oct 23, 2020 · 5 comments
Closed

Validate CentOS 7.8 #29738

sowmyav27 opened this issue Oct 23, 2020 · 5 comments
Assignees
@izaac
Labels
kind/task Issues that represent work that needs to be done, but don't involve a code change
Milestone
v2.4.9

Comments

@sowmyav27
Copy link
Contributor

Validate CentOS 7.8 on 2.4 branch
@sowmyav27 sowmyav27 added this to the v2.4.9 milestone Oct 23, 2020
@zube zube bot removed this from the v2.4.9 milestone Oct 23, 2020
@sowmyav27 sowmyav27 added kind/task Issues that represent work that needs to be done, but don't involve a code change and removed [zube]: To Test labels Oct 23, 2020
@sowmyav27 sowmyav27 added this to the v2.4.9 milestone Oct 23, 2020
@izaac
Copy link
Contributor

izaac commented Oct 23, 2020
edited
Loading

Validated CentOS 7.8.2003 with Rancher v2.4-head (10/23/2020) (6ab3cb4) and K8s version v1.18.10-rancher1-2
Cluster provisioning and validation tests succeeded for the below:

  • CentOS 7.8 with Docker 17.03.2 with SELinux ON
  • CentOS 7.8 with Docker 17.03.2 with SELinux OFF
  • CentOS 7.8 with Docker 18.06.2 with SELinux ON
  • CentOS 7.8 with Docker 18.06.2 with SELinux OFF
  • CentOS 7.8 with Docker 18.09.9 with SELinux ON
  • CentOS 7.8 with Docker 18.09.9 with SELinux OFF
  • CentOS 7.8 with Docker 19.03.9 with SELinux ON
  • CentOS 7.8 with Docker 19.03.9 with SELinux OFF

@izaac izaac closed this as completed Oct 23, 2020
@izaac
Copy link
Contributor

izaac commented Oct 24, 2020

Reopening as I have to double check the container level selinux configuration

@izaac izaac reopened this Oct 24, 2020
@izaac
Copy link
Contributor

izaac commented Oct 24, 2020

Rancher v2.4-head (10/23/2020) (6ab3cb4)
CentOS 7.8 with Docker 17.03.2 with SELinux ON (Both at OS and Container/Docker levels)

Install command:

sudo yum install -y --setopt=obsoletes=0 docker-ce-17.03.2.ce-1.el7.centos docker-17.03.2.ce-1.el7.centos && sudo systemctl start docker && sudo systemctl enable docker.service && sudo usermod -aG docker centos

Cluster Error in Rancher Ember UI

[[network] Host [<REDACTED>] is not able to connect to the following ports: [standard_init_linux.go:178: exec user process caused "permission denied"]. Please check network policies and firewall rules]

docker info (before pulling anything)

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 17.03.2-ce
Storage Driver: overlay
 Backing Filesystem: xfs
 Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 4ab9917febca54791c5f071a9d1f404867857fcc
runc version: 54296cf40ad8143b62dbcaa1d90e520a2136ddfe
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
 selinux
Kernel Version: 3.10.0-1127.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.642 GiB
Name: ip-172-31-40-232.us-east-2.compute.internal
ID: UFGY:HYNG:PVN3:ZCAZ:PIRH:NBQP:SWCE:CTUN:NI5T:N6YX:A2XI:E52H
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

docker ps

CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS              PORTS               NAMES
fb7f0ddb1a76        rancher/rancher-agent:v2.4-4037-head   "run.sh --server h..."   8 minutes ago       Up 8 minutes                            priceless_mirzakhani

docker logs -f priceless_mirzakhani

INFO: Arguments: --server https://<REDACTED> --token REDACTED --ca-checksum 83657d5557b90d27f215f6b3133e731282281933d86674181cc6a1c33eec7652 --controlplane --address <REDACTED> --internal-address 172.31.1.61
INFO: Environment: CATTLE_ADDRESS=<REDACTED> CATTLE_INTERNAL_ADDRESS=172.31.1.61 CATTLE_NODE_NAME=ip-172-31-1-61 CATTLE_ROLE=,controlplane CATTLE_SERVER=https://<REDACTED> CATTLE_TOKEN=REDACTED
INFO: Using resolv.conf: ; generated by /usr/sbin/dhclient-script search us-east-2.compute.internal nameserver 172.31.0.2
INFO: https://<REDACTED>/ping is accessible
INFO: <REDACTED> resolves to 96.126.103.245
INFO: Value from https://<REDACTED>/v3/settings/cacerts is an x509 certificate
time="2020-10-24T02:44:29Z" level=info msg="Rancher agent version 6ab3cb450 is starting"
time="2020-10-24T02:44:29Z" level=info msg="Option customConfig=map[address:<REDACTED> internalAddress:172.31.1.61 label:map[] roles:[controlplane] taints:[]]"
time="2020-10-24T02:44:29Z" level=info msg="Option etcd=false"
time="2020-10-24T02:44:29Z" level=info msg="Option controlPlane=true"
time="2020-10-24T02:44:29Z" level=info msg="Option worker=false"
time="2020-10-24T02:44:29Z" level=info msg="Option requestedHostname=ip-172-31-1-61"
time="2020-10-24T02:44:29Z" level=info msg="Listening on /tmp/log.sock"
time="2020-10-24T02:44:29Z" level=info msg="Connecting to wss://<REDACTED>/v3/connect/register with token <REDACTED>"
time="2020-10-24T02:44:29Z" level=info msg="Connecting to proxy" url="wss://<REDACTED>/v3/connect/register"
time="2020-10-24T02:44:29Z" level=info msg="Starting plan monitor, checking every 15 seconds

sudo cat /var/log/messages | grep dockerd

Oct 24 02:44:01 ip-172-31-1-61 dockerd: time="2020-10-24T02:44:01.951789780Z" level=info msg="Loading containers: done."
Oct 24 02:44:02 ip-172-31-1-61 dockerd: time="2020-10-24T02:44:02.844463325Z" level=info msg="Daemon has completed initialization"
Oct 24 02:44:02 ip-172-31-1-61 dockerd: time="2020-10-24T02:44:02.844522320Z" level=info msg="Docker daemon" commit=f5ec1e2 graphdriver=overlay version=17.03.2-ce
Oct 24 02:44:02 ip-172-31-1-61 dockerd: time="2020-10-24T02:44:02.853593938Z" level=info msg="API listen on /var/run/docker.sock"
Oct 24 02:44:15 ip-172-31-1-61 dockerd: time="2020-10-24T02:44:15.925812635Z" level=error msg="Handler for POST /v1.27/containers/create returned error: No such image: rancher/rancher-agent:v2.4-4037-head"
Oct 24 02:45:10 ip-172-31-1-61 dockerd: time="2020-10-24T02:45:10.480228941Z" level=error msg="Handler for GET /v1.24/containers/rke-cp-port-listener/json returned error: No such container: rke-cp-port-listener"
Oct 24 02:45:10 ip-172-31-1-61 dockerd: time="2020-10-24T02:45:10.555568074Z" level=error msg="Handler for GET /v1.24/images/rancher/rke-tools:v0.1.65/json returned error: No such image: rancher/rke-tools:v0.1.65"
Oct 24 02:45:18 ip-172-31-1-61 dockerd: time="2020-10-24T02:45:18.599631300Z" level=error msg="Handler for GET /v1.24/containers/rke-port-checker/json returned error: No such container: rke-port-checker"
Oct 24 02:45:18 ip-172-31-1-61 dockerd: time="2020-10-24T02:45:18.675044769Z" level=error msg="Handler for GET /v1.24/containers/rke-port-checker/json returned error: No such container: rke-port-checker"
Oct 24 02:45:25 ip-172-31-1-61 dockerd: time="2020-10-24T02:45:25.938462896Z" level=error msg="Handler for GET /v1.24/containers/rke-port-checker/json returned error: No such container: rke-port-checker"
Oct 24 02:45:26 ip-172-31-1-61 dockerd: time="2020-10-24T02:45:26.017505223Z" level=error msg="Handler for GET /v1.24/containers/rke-port-checker/json returned error: No such container: rke-port-checker"
Oct 24 02:45:32 ip-172-31-1-61 dockerd: time="2020-10-24T02:45:32.974104609Z" level=error msg="Handler for GET /v1.24/containers/rke-port-checker/json returned error: No such container: rke-port-checker"
Oct 24 02:45:33 ip-172-31-1-61 dockerd: time="2020-10-24T02:45:33.049539763Z" level=error msg="Handler for GET /v1.24/containers/rke-port-checker/json returned error: No such container: rke-port-checker"
Oct 24 02:49:40 ip-172-31-1-61 dockerd: time="2020-10-24T02:49:40.671086422Z" level=error msg="Handler for GET /v1.24/containers/rke-port-checker/json returned error: No such container: rke-port-checker"
Oct 24 02:49:40 ip-172-31-1-61 dockerd: time="2020-10-24T02:49:40.745375795Z" level=error msg="Handler for GET /v1.24/containers/rke-port-checker/json returned error: No such container: rke-port-checker"

@izaac
Copy link
Contributor

izaac commented Oct 24, 2020

Rancher v2.4-head (10/23/2020) (6ab3cb4)

The following combinations are working

  • CentOS 7.8 with Docker 18.06.2 with SELinux ON
docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.06.2-ce
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
 seccomp
  Profile: default
 selinux
Kernel Version: 3.10.0-1127.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.642GiB
Name: ip-172-31-33-71.us-east-2.compute.internal
ID: RRAJ:EL35:2OXU:6C2O:UFUE:WZEM:E7M4:BR5E:L623:GFLX:ERQ7:MEWB
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
  • CentOS 7.8 with Docker 18.09.9 with SELinux ON
docker info
Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 18.09.9
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
  selinux
 Kernel Version: 3.10.0-1127.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 3.642GiB
 Name: ip-172-31-33-195.us-east-2.compute.internal
 ID: ZRXE:KTMK:WTZY:NLBA:JLIC:3HBJ:5RJ3:JPRY:FOGW:WGUM:IFZO:XJXF
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
  • CentOS 7.8 with Docker 19.03.9 with SELinux ON
docker info
Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 19.03.9
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
  selinux
 Kernel Version: 3.10.0-1127.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 3.642GiB
 Name: ip-172-31-45-160.us-east-2.compute.internal
 ID: OKWF:VPFT:2YGB:XAMQ:U4TK:Y226:Y2JW:72MI:OYKD:K7TM:OPA3:JORQ
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

@izaac izaac mentioned this issue Oct 24, 2020
Closed
@izaac
Copy link
Contributor

izaac commented Oct 26, 2020

#29749 (comment)

@izaac izaac closed this as completed Oct 26, 2020
@zube zube bot removed the [zube]: Done label Jan 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@izaac izaac

Labels
kind/task Issues that represent work that needs to be done, but don't involve a code change
Projects
None yet
Milestone
v2.4.9
Development

No branches or pull requests
3 participants
@izaac @maggieliu @sowmyav27