0

I have setup HA openshift origin 3.1 env with one master and two nodes on AWS. This is just a test environment and I dont have registered DNS , I am using public DNS of AWS instances for this use. Here if I expose any service hosted in node1 (where router and master are deployed) and then add entry to system's hosts file with the public IP of master instance and exposed hostname, I can access app in browser successfully. But if pod gets deployed in second node and then i expose the service for external access, it doesn't allow access from browser as well as curl even after mapping master IP and hostname in hosts file. What could be the reason?? I really want to access apps in second node too from browser.

can anyone help?

priyank
  • 857
  • 2
  • 18
  • 35
  • Are you able to curl your application from inside your environment? Did you use the fake wildcard? E.g.: *.myapps.com? (so every app has the end with .myapps.com. You have to map every application on the IP of your node where the router is running. So in the hosts file of your PC: IP-OF-ROUTERNODE myapp1.myapps.com myapp2.myapps.com myapp3.myapps.com ... – lvthillo Aug 19 '16 at 09:49
  • @lorenzvth7 Hey thanks for response, yes I can curl application only if it is deployed in node where router is running. If application is running in other node I can't curl. So how it works do we need to have router in each node? Currently router is running on master host which also acts as first node. How to expose/access app if it is deployed in node 2. Thanks again! – priyank Aug 19 '16 at 16:27
  • No you need one router for one environment. When you deploy your app on node2. Are you curling on node2 too? Just to its service-ip:port? – lvthillo Aug 19 '16 at 18:40
  • @lorenzvth7 yes on node 2 curling using service-ip:port works fine, though I cant curl this on node1 if app is running in node 2 . And if I expose app running on node 2 using "oc expose svc --hostname=myapp.test.com", I cant curl on myapp.test.com. Any idea why this happens? – priyank Aug 20 '16 at 04:33
  • Difficult the debug this way. I would check the output of oc get nodes and check the logs (tail -n 200 /var/log/messages). What's the error when you try to curl the service on node1? (+ are you able to see the service: oc your-project and oc get svc) – lvthillo Aug 20 '16 at 13:12
  • @lorenzvth7: thanks for response again. I am getting the output of "oc get svc" as expected. But when I try to curl svc:port on node 1. It says "no route to host" any pointer on this? meanwhile I will tail logs too. – priyank Aug 22 '16 at 05:34
  • Sounds like a DNS failure. Is a firewall enabled? Hope the logs will tell you something more – lvthillo Aug 22 '16 at 06:37
  • @lorenzvth7 firewall is disabled in node1 and node 2 both. If I enable it in node 1 where master is also installed. It doesnt allow to access master URL even. I also checked logs but no useful information. – priyank Aug 23 '16 at 10:29

1 Answers1

0

Having a proper and fully functional DNS is a must for OpenShift to function properly, otherwise you will run through problems like these and have to install tools to cover the routes and act as fake dns, but you can't do this on the cloud.

Adding entries to hosts is not enough because hosts are not passed to pods or containers and these containers still need to resolve you master and other nodes sometimes.

As you are already on the AWS it is very easy to create a route53 hosted zone that points to your master and you will be on yourway, you can buy a .online domain from godaddy for 0.99$. If you need any help in doing this let me know and I'll record some step-by-step video for you. good luck

Mahmoud
  • 31
  • 3