This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# for i in oc get project | grep -i -v '^openshift\| ^kube' | awk '{print $1}'; do for y in oc get pods -n $i | grep -i completed | awk '{print $1}'; do oc delete pods $y -n $i; done; done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ipv4] | |
address1=10.10.10.29/24,10.10.10.1 | |
dns=10.10.100.12;10.10.100.13; | |
dns-search=ocp.example.com | |
method=manual |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### One of the MCP degraded, machine-config-daemon show error log : expected target osImageURL | |
### Pause of the update procedure (in console), then on the degraded node: | |
# ssh core@degraded-node | |
# sudo -i | |
# rpm-ostree rollback | |
# systemctl reboot | |
### After the node is up again, force the node to re-pull the image and extract the osImage : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###Data Collection for Red Hat Threescale | |
$ oc adm must-gather --image=quay.io/3scale/must-gather | |
###Data Collection Audit logs | |
$ oc adm must-gather -- /usr/bin/gather_audit_logs | |
#It's also possible to generate the default must-gather including the audit logs: | |
$ oc adm must-gather -- '/usr/bin/gather && /usr/bin/gather_audit_logs' | |
#Also see https://access.redhat.com/solutions/5373481 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Red Hat Internal KB : | |
https://access.redhat.com/solutions/7023254?band=se&seSessionId=522ca7b0-a002-43d3-a5d2-9a7e387186c0&seSource=Recommendation&seResourceOriginID=09abffc5-23dc-465e-a013-9e52e91306cf | |
Openshift 4.8 below doesn't have auto rotation for etcd certificate and it will be expired within 3 years | |
High Level steps : | |
1) Copy etcd-signer and etcd-metric-signer CA from etcd DB to some folder, create the crt and key file for each signer | |
2) Backup all manifests for static pods in each master | |
3) Backup all existing etcd certificates inside /etc/kubernetes/static-pod-resources/etcd-certs/secrets/ | |
4) Create new folder inside above folder ie. call as "all-certs", copy all certificate inside secrets folder to the "all-certs" folder |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###The workaround consist on modifying the settings to accept the internal hostname. The steps are the following: | |
###Copy the settings.yml file from system-app: | |
oc rsh -c system-provider dc/system-app cat /opt/system/config/settings.yml > settings.yml | |
###Edit the field apicast_internal_host_regexp from | |
# '\Asystem-(master|provider|developer)\Z' | |
# to | |
# '\Asystem-(master|developer|provider)(\.(.*)(\.svc\.cluster\.local))?\Z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# It's not recommended to change the active running OCP Master nodes IP Properties unless it's really required to be done. | |
# To do that, please follow below guide : | |
# 1. Update the DNS server to use new IP for the target master nodes | |
# 2. Change the node IP Address from "nmcli" or "nmtui", and reboot the server | |
# 3. Post reboot, the existing will act normally, but somehow, etcd is not in healthy state. Re-add the etcd member will solve | |
# 4. Check which etcd pods is CLBO | |
oc project openshift-etcd | |
oc get pods -l k8s-app=etcd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Removal from RHV Manager UI is not possible anymore, remove button has been greyed out | |
# SSH to RHV Manager hosts | |
su - postgres | |
psql -d engine | |
SELECT vds_id FROM vds_static WHERE vds_name = 'hostname of the unresponsive hosts'; | |
# Capture the vds_id | |
DELETE FROM vds_dynamic WHERE vds_id = 'vds_id of the unresponsive hosts'; | |
DELETE FROM vds_statistics WHERE vds_id = 'vds_id of the unresponsive hosts'; | |
DELETE FROM vds_static WHERE vds_name = 'hostname of the unresponsive hosts'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### List down all API that in False state | |
[root@bastion-1 ~]# oc get apiservices | grep -i false | |
v1alpha1.mutators.kubedb.com kubedb/kubedb-kubedb-community False (ServiceNotFound) 494d | |
v1alpha1.validators.kubedb.com kubedb/kubedb-kubedb-community False (ServiceNotFound) 494d | |
### Simply remove the not responding API | |
oc delete apiservices v1alpha1.mutators.kubedb.com | |
oc delete apiservices v1alpha1.validators.kubedb.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# After 2 years deployment, suddenly Authentication and Console Operator is degraded, and after we check the operator status, it shows that | |
# the certificate is expired. To solve this, just delete the secret, and Operator will create new certificate. Assume we still use | |
# Openshift default certificate | |
### Delete Ingress CA Secret | |
oc project openshift-ingress-operator | |
oc get secret router-ca -oyaml > router-ca.yaml | |
oc delete secret router-ca | |
oc delete pod --all | |
oc get secret router-ca |
NewerOlder