Created
October 19, 2015 05:31
-
-
Save chunyunchen/19122b09b62cc178af2d to your computer and use it in GitHub Desktop.
The logs of logging-deployer Pod
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ oc logs logging-deployer-5ncoo | |
+ dir=/etc/deploy | |
+ image_prefix=rcm-img-docker01.build.eng.bos.redhat.com:5001/openshift3/ | |
+ image_version=latest | |
+ hostname=kibana.example.com | |
+ ops_hostname=kibana-ops.example.com | |
+ public_master_url=https://openshift-134.lab.sjc.redhat.com:8443 | |
+ project=chunpj | |
+ master_url=https://kubernetes.default.svc.cluster.local | |
+ master_ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
+ token_file=/var/run/secrets/kubernetes.io/serviceaccount/token | |
+ es_instance_ram=1024M | |
+ es_cluster_size=1 | |
+ es_node_quorum=1 | |
+ es_recover_after_nodes=0 | |
+ es_recover_expected_nodes=1 | |
+ es_recover_after_time=5m | |
+ es_ops_instance_ram=8G | |
+ es_ops_cluster_size=1 | |
+ es_ops_node_quorum=1 | |
+ es_ops_recover_after_nodes=0 | |
+ es_ops_recover_expected_nodes=1 | |
+ es_ops_recover_after_time=5m | |
+ '[' '' '!=' true ']' | |
+ rm -rf /etc/deploy | |
rm: cannot remove '/etc/deploy': Permission denied | |
+ : | |
+ '[' -n 1 ']' | |
+ oc config set-cluster master --api-version=v1 --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt --server=https://kubernetes.default.svc.cluster.local | |
++ cat /var/run/secrets/kubernetes.io/serviceaccount/token | |
+ oc config set-credentials account --token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJjaHVucGoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoibG9nZ2luZy1kZXBsb3llci10b2tlbi10cG9pdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJsb2dnaW5nLWRlcGxveWVyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNDUxNzU1N2ItNzYyMS0xMWU1LWE4NjQtZmExNjNlYjExZGZmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNodW5wajpsb2dnaW5nLWRlcGxveWVyIn0.l67J6VFfR2TUWJ8HjFPiNaEKv12_JVrKy-gVk0OPMbx731Cl-hNnge2MkC8I9wNxRyjV5v37NeRZEchebLANZgntLObX-qRq_WsltE2Mlx30qcTUh0GyUA5mAU8o8NZPKe3TXIAJsW7uhXSzVDlEPaz6Ee_oLuj2C7coZ_fblukQh_3m_D_F935HBy_NQn4sw_6VL0nPAht_SyuR7LFCo4wINBU-jla9FpQqs3BkTItZ8OqvWt52daEoTG_nIWpcGQ3T2jYiEkKQWtizyoA6xklgf69-Ed7iDY19cJx1v4aCbXu6BHZlBbf8zoOCvlPhLCz3re8GdX2woHXt1L9qxA | |
+ oc config set-context current --cluster=master --user=account --namespace=chunpj | |
+ oc config use-context current | |
+ '[' '' '!=' true ']' | |
+ '[' -s /secret/ca.key ']' | |
++ date +%Y%m%d%H%M%S | |
+ openshift admin ca create-signer-cert --key=/etc/deploy/ca.key --cert=/etc/deploy/ca.crt --serial=/etc/deploy/ca.serial.txt --name=logging-signer-20151019012451 | |
+ '[' -n '' ']' | |
+ '[' -s /secret/kibana.crt ']' | |
+ openshift admin ca create-server-cert --key=/etc/deploy/kibana.key --cert=/etc/deploy/kibana.crt --hostnames=kibana,kibana.example.com,kibana-ops.example.com --signer-cert=/etc/deploy/ca.crt --signer-key=/etc/deploy/ca.key --signer-serial=/etc/deploy/ca.serial.txt | |
+ '[' -s /secret/kibana-ops.crt ']' | |
+ cp /etc/deploy/kibana.key /etc/deploy/kibana-ops.key | |
+ cp /etc/deploy/kibana.crt /etc/deploy/kibana-ops.crt | |
Generating signing configuration file | |
+ echo 03 | |
+ echo Generating signing configuration file | |
+ cat - conf/signing.conf | |
+ '[' -n '' ']' | |
+ '[' -s /secret/server-tls.json ']' | |
+ cp conf/server-tls.json /etc/deploy | |
+ cat /dev/null | |
+ cat /dev/null | |
+ fluentd_user=system.logging.fluentd | |
+ kibana_user=system.logging.kibana | |
+ sh scripts/generatePEMCert.sh system.logging.fluentd | |
Generating keystore and certificate for node system.logging.fluentd | |
+ NODE_NAME=system.logging.fluentd | |
+ dir=/etc/deploy | |
+ echo Generating keystore and certificate for node system.logging.fluentd | |
+ openssl req -out /etc/deploy/system.logging.fluentd.csr -new -newkey rsa:2048 -keyout /etc/deploy/system.logging.fluentd.key -subj /CN=system.logging.fluentd/OU=OpenShift/O=Logging/L=Test/C=DE -days 712 -nodes | |
Generating a 2048 bit RSA private key | |
...........................+++ | |
...........................+++ | |
writing new private key to '/etc/deploy/system.logging.fluentd.key' | |
----- | |
+ echo Sign certificate request with CA | |
+ openssl ca -in /etc/deploy/system.logging.fluentd.csr -notext -out /etc/deploy/system.logging.fluentd.crt -config /etc/deploy/signing.conf -extensions v3_req -batch -extensions server_ext | |
Sign certificate request with CA | |
Using configuration from /etc/deploy/signing.conf | |
Check that the request matches the signature | |
Signature ok | |
Certificate Details: | |
Serial Number: 3 (0x3) | |
Validity | |
Not Before: Oct 19 05:24:53 2015 GMT | |
Not After : Oct 18 05:24:53 2017 GMT | |
Subject: | |
countryName = DE | |
localityName = Test | |
organizationName = Logging | |
organizationalUnitName = OpenShift | |
commonName = system.logging.fluentd | |
X509v3 extensions: | |
X509v3 Key Usage: critical | |
Digital Signature, Key Encipherment | |
X509v3 Basic Constraints: | |
CA:FALSE | |
X509v3 Extended Key Usage: | |
TLS Web Server Authentication, TLS Web Client Authentication | |
X509v3 Subject Key Identifier: | |
51:11:7E:42:E0:CB:7B:10:C0:08:FA:C3:3D:86:B2:81:87:C7:8E:8A | |
X509v3 Authority Key Identifier: | |
0. | |
Certificate is to be certified until Oct 18 05:24:53 2017 GMT (730 days) | |
Write out database with 1 new entries | |
Data Base Updated | |
+ sh scripts/generatePEMCert.sh system.logging.kibana | |
+ NODE_NAME=system.logging.kibana | |
+ dir=/etc/deploy | |
+ echo Generating keystore and certificate for node system.logging.kibana | |
+ openssl req -out /etc/deploy/system.logging.kibana.csr -new -newkey rsa:2048 -keyout /etc/deploy/system.logging.kibana.key -subj /CN=system.logging.kibana/OU=OpenShift/O=Logging/L=Test/C=DE -days 712 -nodes | |
Generating keystore and certificate for node system.logging.kibana | |
Generating a 2048 bit RSA private key | |
......+++ | |
.....+++ | |
writing new private key to '/etc/deploy/system.logging.kibana.key' | |
----- | |
Sign certificate request with CA | |
+ echo Sign certificate request with CA | |
+ openssl ca -in /etc/deploy/system.logging.kibana.csr -notext -out /etc/deploy/system.logging.kibana.crt -config /etc/deploy/signing.conf -extensions v3_req -batch -extensions server_ext | |
Using configuration from /etc/deploy/signing.conf | |
Check that the request matches the signature | |
Signature ok | |
Certificate Details: | |
Serial Number: 4 (0x4) | |
Validity | |
Not Before: Oct 19 05:24:53 2015 GMT | |
Not After : Oct 18 05:24:53 2017 GMT | |
Subject: | |
countryName = DE | |
localityName = Test | |
organizationName = Logging | |
organizationalUnitName = OpenShift | |
commonName = system.logging.kibana | |
X509v3 extensions: | |
X509v3 Key Usage: critical | |
Digital Signature, Key Encipherment | |
X509v3 Basic Constraints: | |
CA:FALSE | |
X509v3 Extended Key Usage: | |
TLS Web Server Authentication, TLS Web Client Authentication | |
X509v3 Subject Key Identifier: | |
59:A5:50:C0:E0:C4:6C:2A:9A:5E:95:B2:57:26:C0:55:F0:32:92:50 | |
X509v3 Authority Key Identifier: | |
0. | |
Certificate is to be certified until Oct 18 05:24:53 2017 GMT (730 days) | |
Write out database with 1 new entries | |
Data Base Updated | |
++ join , logging-es logging-es.chunpj.svc.cluster.local logging-es-cluster logging-es-cluster.chunpj.svc.cluster.local logging-es-ops logging-es-ops.chunpj.svc.cluster.local logging-es-ops-cluster logging-es-ops-cluster.chunpj.svc.cluster.local | |
++ local IFS=, | |
++ shift | |
++ echo logging-es,logging-es.chunpj.svc.cluster.local,logging-es-cluster,logging-es-cluster.chunpj.svc.cluster.local,logging-es-ops,logging-es-ops.chunpj.svc.cluster.local,logging-es-ops-cluster,logging-es-ops-cluster.chunpj.svc.cluster.local | |
+ sh scripts/generateJKSChain.sh logging-es logging-es,logging-es.chunpj.svc.cluster.local,logging-es-cluster,logging-es-cluster.chunpj.svc.cluster.local,logging-es-ops,logging-es-ops.chunpj.svc.cluster.local,logging-es-ops-cluster,logging-es-ops-cluster.chunpj.svc.cluster.local | |
+ dir=/etc/deploy | |
+ NODE_NAME=logging-es | |
+ CERT_NAMES=logging-es,logging-es.chunpj.svc.cluster.local,logging-es-cluster,logging-es-cluster.chunpj.svc.cluster.local,logging-es-ops,logging-es-ops.chunpj.svc.cluster.local,logging-es-ops-cluster,logging-es-ops-cluster.chunpj.svc.cluster.local | |
+ ks_pass=kspass | |
+ ts_pass=tspass | |
+ rm -rf logging-es | |
Generating keystore and certificate for node logging-es | |
+ extension_names= | |
+ for name in '${CERT_NAMES//,/ }' | |
+ extension_names=,dns:logging-es | |
+ for name in '${CERT_NAMES//,/ }' | |
+ extension_names=,dns:logging-es,dns:logging-es.chunpj.svc.cluster.local | |
+ for name in '${CERT_NAMES//,/ }' | |
+ extension_names=,dns:logging-es,dns:logging-es.chunpj.svc.cluster.local,dns:logging-es-cluster | |
+ for name in '${CERT_NAMES//,/ }' | |
+ extension_names=,dns:logging-es,dns:logging-es.chunpj.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.chunpj.svc.cluster.local | |
+ for name in '${CERT_NAMES//,/ }' | |
+ extension_names=,dns:logging-es,dns:logging-es.chunpj.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.chunpj.svc.cluster.local,dns:logging-es-ops | |
+ for name in '${CERT_NAMES//,/ }' | |
+ extension_names=,dns:logging-es,dns:logging-es.chunpj.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.chunpj.svc.cluster.local,dns:logging-es-ops,dns:logging-es-ops.chunpj.svc.cluster.local | |
+ for name in '${CERT_NAMES//,/ }' | |
+ extension_names=,dns:logging-es,dns:logging-es.chunpj.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.chunpj.svc.cluster.local,dns:logging-es-ops,dns:logging-es-ops.chunpj.svc.cluster.local,dns:logging-es-ops-cluster | |
+ for name in '${CERT_NAMES//,/ }' | |
+ extension_names=,dns:logging-es,dns:logging-es.chunpj.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.chunpj.svc.cluster.local,dns:logging-es-ops,dns:logging-es-ops.chunpj.svc.cluster.local,dns:logging-es-ops-cluster,dns:logging-es-ops-cluster.chunpj.svc.cluster.local | |
+ echo Generating keystore and certificate for node logging-es | |
+ /bin/keytool -genkey -alias logging-es -keystore /etc/deploy/keystore.jks -keypass kspass -storepass kspass -keyalg RSA -keysize 2048 -validity 712 -dname 'CN=logging-es, OU=SSL, O=Test, L=Test, C=DE' -ext san=dns:localhost,ip:127.0.0.1,dns:logging-es,dns:logging-es.chunpj.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.chunpj.svc.cluster.local,dns:logging-es-ops,dns:logging-es-ops.chunpj.svc.cluster.local,dns:logging-es-ops-cluster,dns:logging-es-ops-cluster.chunpj.svc.cluster.local | |
Generating certificate signing request for node logging-es | |
+ echo Generating certificate signing request for node logging-es | |
+ /bin/keytool -certreq -alias logging-es -keystore /etc/deploy/keystore.jks -storepass kspass -file /etc/deploy/logging-es.csr -keyalg rsa -dname 'CN=logging-es, OU=SSL, O=Test, L=Test, C=DE' -ext san=dns:localhost,ip:127.0.0.1,dns:logging-es,dns:logging-es.chunpj.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.chunpj.svc.cluster.local,dns:logging-es-ops,dns:logging-es-ops.chunpj.svc.cluster.local,dns:logging-es-ops-cluster,dns:logging-es-ops-cluster.chunpj.svc.cluster.local | |
Sign certificate request with CA | |
+ echo Sign certificate request with CA | |
+ openssl ca -in /etc/deploy/logging-es.csr -notext -out /etc/deploy/logging-es.crt -config /etc/deploy/signing.conf -extensions v3_req -batch -extensions server_ext | |
Using configuration from /etc/deploy/signing.conf | |
Check that the request matches the signature | |
Signature ok | |
Certificate Details: | |
Serial Number: 5 (0x5) | |
Validity | |
Not Before: Oct 19 05:24:54 2015 GMT | |
Not After : Oct 18 05:24:54 2017 GMT | |
Subject: | |
countryName = DE | |
localityName = Test | |
organizationName = Test | |
organizationalUnitName = SSL | |
commonName = logging-es | |
X509v3 extensions: | |
X509v3 Key Usage: critical | |
Digital Signature, Key Encipherment | |
X509v3 Basic Constraints: | |
CA:FALSE | |
X509v3 Extended Key Usage: | |
TLS Web Server Authentication, TLS Web Client Authentication | |
X509v3 Subject Key Identifier: | |
7F:32:FC:06:0D:49:6C:14:00:6F:04:1D:0F:26:FD:47:5F:E7:5F:94 | |
X509v3 Authority Key Identifier: | |
0. | |
X509v3 Subject Alternative Name: | |
DNS:localhost, IP Address:127.0.0.1, DNS:logging-es, DNS:logging-es.chunpj.svc.cluster.local, DNS:logging-es-cluster, DNS:logging-es-cluster.chunpj.svc.cluster.local, DNS:logging-es-ops, DNS:logging-es-ops.chunpj.svc.cluster.local, DNS:logging-es-ops-cluster, DNS:logging-es-ops-cluster.chunpj.svc.cluster.local | |
Certificate is to be certified until Oct 18 05:24:54 2017 GMT (730 days) | |
Write out database with 1 new entries | |
Data Base Updated | |
Import back to keystore (including CA chain) | |
+ echo 'Import back to keystore (including CA chain)' | |
+ /bin/keytool -import -file /etc/deploy/ca.crt -keystore /etc/deploy/keystore.jks -storepass kspass -noprompt -alias sig-ca | |
Certificate was added to keystore | |
+ /bin/keytool -import -file /etc/deploy/logging-es.crt -keystore /etc/deploy/keystore.jks -storepass kspass -noprompt -alias logging-es | |
Certificate reply was installed in keystore | |
+ echo 'Import CA to truststore for validating client certs' | |
+ /bin/keytool -import -file /etc/deploy/ca.crt -keystore /etc/deploy/truststore.jks -storepass tspass -noprompt -alias sig-ca | |
Import CA to truststore for validating client certs | |
Certificate was added to keystore | |
All done for logging-es | |
+ echo All done for logging-es | |
+ openssl rand 16 | |
+ openssl enc -aes-128-cbc -nosalt -out /etc/deploy/searchguard_node_key.key -pass pass:pass | |
+ cat /dev/urandom | |
+ head -n 1 | |
+ fold -w 200 | |
+ tr -dc a-zA-Z0-9 | |
+ cat /dev/urandom | |
+ tr -dc a-zA-Z0-9 | |
+ fold -w 64 | |
+ head -n 1 | |
Deleting existing secrets | |
+ echo 'Deleting existing secrets' | |
+ oc delete secret logging-fluentd logging-elasticsearch logging-kibana logging-kibana-proxy logging-kibana-ops-proxy | |
error: couldn't read version from server: Get https://kubernetes.default.svc.cluster.local/api: dial tcp: lookup kubernetes.default.svc.cluster.local: no such host | |
+ : | |
+ echo 'Creating secrets' | |
Creating secrets | |
+ oc secrets new logging-elasticsearch key=/etc/deploy/keystore.jks truststore=/etc/deploy/truststore.jks searchguard.key=/etc/deploy/searchguard_node_key.key | |
error: couldn't read version from server: Get https://kubernetes.default.svc.cluster.local/api: dial tcp: lookup kubernetes.default.svc.cluster.local: no such host | |
see 'oc secrets new -h' for help. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment