全新安装RHEL7.4:
# install the oc client and docker
[root@openshift1 ~]# yum install atomic-openshift-clients.x86_64 docker
# configure and start docker
[root@openshift1 ~]# sed -i '/^\[registries.insecure\]/!b;n;cregistries = ['172.30.0.0\/16']' /etc/containers/registries.conf
[root@openshift1 ~]# systemctl start docker; systemctl enable docker
# these links recommend running 'iptables -F' as a workaround for pod DNS issues
# https://github.com/openshift/origin/issues/12110
# https://github.com/openshift/origin/issues/10139
[root@openshift1 ~]# iptables -F; iptables -F -t nat
[root@openshift1 ~]# oc cluster up --public-hostname 192.168.146.200
尝试测试apache构建会给我这个错误:
Cloning "https://github.com/openshift/httpd-ex.git " ...
WARNING: timed out waiting for git server, will wait 1m4s
error: fatal: unable to access 'https://github.com/openshift/httpd-ex.git/': Could not resolve host: github.com; Unknown error
存在DNS服务器
[root@openshift1 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.146.2
我可以确认主机可以解析名称:
[root@openshift1 ~]# host github.com
github.com has address 192.30.255.113
github.com has address 192.30.255.112
然而,这个DNS服务器还没有进入pods
[root@openshift1 ~]# oc get pods
NAME READY STATUS RESTARTS AGE
docker-registry-1-rqm9h 1/1 Running 0 38s
persistent-volume-setup-fdbv5 1/1 Running 0 50s
router-1-m6z8w 1/1 Running 0 31s
[root@openshift1 ~]# oc rsh docker-registry-1-rqm9h
sh-4.2$ cat /etc/resolv.conf
nameserver 172.30.0.1
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
我有什么遗漏的吗?
答案 0 :(得分:2)
您不应该清除规则,而是应该创建一个新区域并打开其他端口,例如:
firewall-cmd --permanent --new-zone dockerc
firewall-cmd --permanent --zone dockerc --add-source $(docker network inspect -f "{{range .IPAM.Config }}{{ .Subnet }}{{end}}" bridge)
firewall-cmd --permanent --zone dockerc --add-port 8443/tcp --add-port 53/udp --add-port 8053/udp
firewall-cmd --reload
来源: https://github.com/openshift/origin/blob/release-3.7/docs/cluster_up_down.md#linux
编辑: 您的/etc/resolv.conf中的DNS服务器也应该可以从您的OCP实例路由。