- Create CNI config
cat > cni.cfg << EOF
{
"name": "mynet",
"cniVersion": "0.3.0",
"type": "host-device",
#!/usr/bin/bpftrace | |
BEGIN | |
{ | |
printf("Tracing masked_flow_lookup... Hit Ctrl-C to end\n"); | |
} | |
kprobe:masked_flow_lookup{ | |
@start[tid] = nsecs; | |
@count++ |
#!/usr/bin/bpftrace | |
BEGIN | |
{ | |
printf("Tracing fsync and fdatasync syscalls... Hit Ctrl-C to end.\n"); | |
} | |
tracepoint:syscalls:sys_enter_fsync, | |
tracepoint:syscalls:sys_enter_fdatasync /pid==4320/ { | |
@start[tid] = nsecs; |
for p in $(oc get pod -o name -l app=ovnkube-master); do | |
oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 2000 | |
oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 4000 | |
oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 8000 | |
oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 16000 | |
oc exec -n openshift-ovn-kubernetes -c sbdb $p -- ovn-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/change-election-timer OVN_Southbound 2000 | |
oc exec -n openshift-ovn-kubernetes -c sbdb $p -- ovn-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/change-election-timer OVN_Southbound 4000 | |
oc exec -n openshift-ovn-kubernetes -c sbdb $p -- ovn-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/change-electio |
for p in $(oc get pod -o name -l app=ovnkube-master -n openshift-ovn-kubernetes -o name); do | |
oc exec -c nbdb ${p} -- sh -c "ovn-kube-util ovn-db-exporter &" | |
done | |
oc apply -f - << EOF | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
labels: | |
app: ovnkube-master |
root@ip-172-31-71-55: ~ # oc describe svc router-default | |
Name: router-default | |
Namespace: openshift-ingress | |
Labels: app=router | |
ingresscontroller.operator.openshift.io/owning-ingresscontroller=default | |
router=router-default | |
Annotations: service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: 2 | |
service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: 5 | |
service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: 4 | |
service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: 2 |
root@ip-172-31-72-85: ~/workloads-shorcuts # oc describe svc -n openshift-ingress router-default | |
Name: router-default | |
Namespace: openshift-ingress | |
Labels: app=router | |
ingresscontroller.operator.openshift.io/owning-ingresscontroller=default | |
router=router-default | |
Annotations: service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: 2 | |
service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: 5 | |
service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: 4 | |
service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: 2 |
sh-4.2# ovn-trace --ct=trk,est --detailed ip-10-0-165-188.us-west-2.compute.internal 'inport == "openshift-ingress_router-default-6cbfff9f69-g5dwj" | |
&& eth.src == 9a:90:f0:83:04:0a && | |
eth.dst == 0A:58:0A:83:04:01 && | |
ip4.src == 10.131.4.9 && | |
ip4.dst == 10.128.2.31 && |
Create a 2048 bit RSA private key
$ openssl genrsa -out ca.key 2048
Its' also possible to generate an encrypted RSA key with the following options -aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea
- hosts: all | |
become: yes | |
gather_facts: no | |
remote_user: cloud-user | |
tasks: |