These are chat archives for ManageIQ/manageiq/containers

27th
Sep 2017
Beni Cherniavsky-Paskin
@cben
Sep 27 2017 10:31

moving from main room:

@jlaxmana
Hello All
I have configured 3-node Kubernetes Cluster on CentOS 7 VMs and manageIQ is configured separately, configured Hawkular service on Kubernetes Cluster and I was able access hawkular by 8443 port.
Hawkular installation link : - http://www.hawkular.org/blog.html
I was getting below error message while trying to add kuberrnetes as container provider in ManageIQ.
Certification error-Credential validation was not successful: SSL connect returned=1 errno=0 state=SSLv3 read server certificate B
Any idea how to fix this issue ?

ManageIQ Version fine-3.20170927041201_09b4f87
I tried all 3 modes

You mean "SSL without validation" doesn't work either?

I have a suspicion your hawkular serves HTTP instead of HTTPS on that port. can you try curl -v http://HOST:8443 vs curl -v https://HOST:8443
We're talking kubernetes, not openshift right? How did you expose Hawkular to outside port?
jlaxmana
@jlaxmana
Sep 27 2017 11:04
@cben , Yes Kubernetes, curl -v htps://<Kubernetes Master Server IP>:8443
I guess, hawkular is not configured properly on Kubernetes Master node, please share me if you any document ..
Beni Cherniavsky-Paskin
@cben
Sep 27 2017 12:23
I've actually never run hawkular on k8s, only on openshift :-/ Don't have docs for this, wish we had. But I know how it works on openshift, so let's try working through it.
Can you paste what the 2 curls output?
hmm, master:8443 is the master API port. That's HTTPS but it only serves k8s API, I don't think you can expose hawkular on same port.
sorry, I might be confusing with openshift, 8443 is not always master API port on k8s?
You're running hawkular is inside k8s? As a Pod? Service?
jlaxmana
@jlaxmana
Sep 27 2017 13:03
Hawkular is running on k8s as docker container
root# docker ps -a |grep cassandra
77cec2a80be3 cassandra:3.0.12 "/docker-entrypoint.s" About an hour ago Up About an hour 7000-7001/tcp, 7199/tcp, 9042/tcp, 9160/tcp hawkular-cassandra
8487b03cfb46 cassandra:3.7 "/docker-entrypoint.s" 2 hours ago Up 2 hours 7000-7001/tcp, 7199/tcp, 9042/tcp, 9160/tcp root_myCassandra_1
#
Beni Cherniavsky-Paskin
@cben
Sep 27 2017 20:16
you mean directly docker run p 8443:8443, outside of k8s awareness, simply on same machine? Hmm.
and your goal is hawkular monitoring kubernetes metrics, similar to its role in openshift, so you can attach it to ManageIQ as a provider with metrics working, right?
Beni Cherniavsky-Paskin
@cben
Sep 27 2017 20:22
I must warn you this is highly untested combo, you're breaking new territory :) @simon3z do we have any knowledge of k8s+Hawkular+MIQ setups?
@josejulio @abonas: is http://www.hawkular.org/blog/2017/09/agent-to-services-over-ssl.html that @jlaxmana followed relevant, if goal is monitoring k8s, like openshift?