[caasp-beta] [Newsletter] Re: RE : kubectl requires username and password
Paul Gonin
paul.gonin at suse.com
Tue Oct 3 09:55:33 MDT 2017
Hi,
You need to check that between master node and admin node the port 389
is open - for example if you're using OpenStack you need the check that
the security group is properly defined to allow this port
rgdsPaul
Le mardi 03 octobre 2017 à 15:17 +0000, Rob de Canha-Knight a écrit :
> Rushi.
>
>
> The details I provided below on caasp-cli is how I’ve been using
> caasp-cli since day one.
>
> I’ve just tried again on a new cluster and running
>
>
> caasp-cli login -s https://master.caaspdemo.geeko.ninja:6443 -u
> rob.decanha-knight at suse.com -p mypassword
>
> Where –u is the email address of the user I created during velum
> first startup/login.
>
> Worked fine for me.
>
> I don’t have any other documents to hand (other than the attached)
> around logging in so all I can personally suggest is to make sure
> you’re using https and port 6443 of the kubernetes master
> after -s.
>
> I’ve also attached the main bit of documentation we have around the
> caasp-cli client (which will make it’s way into the version 2 final
> release).
>
>
> I would suggest trying again from scratch with a new cluster instance
> of RC1 (including downloading and installing the updated caasp-cli
> client available from
> https://github.com/kubic-project/caasp-cli/releases as this one is
> working fine for me).
> Make a note of every command you are running and the output it
> provides and you can send those details to this list as at the moment
> the information in the thread is a bit scattered and I can’t tell
> accurately what’s going on or what’s
> being done by the user.
>
> Yes there are a lot of changes in this release mainly an updated k8s
> version and a feature much requested by customers (I remember during
> 1.0 betas you also requested for user management and this is how
> we’ve implemented it). I’ve also
> attached the details on how to create/manage additional user
> accounts through ldap as well as the caasp-cli guidance that we have.
>
> As one of our closest partners you also have the option of reaching
> out to your partner sales engineer/rep for your region and discussing
> it directly with them. They should be able to go onsite and help you
> if asked to get things up and
> running for your team.
>
> All the best,
> Rob
>
>
> ----
> Rob de Canha-Knight
>
> EMEA Platform and Management Technical Strategist
>
> SUSE
>
> rob.decanha-knight at suse.com
> (Fuze/VOIP) +44 (0) 1635 937689
>
> (M) +44 (0) 7392 087303
> (TW)
> rssfed23
> ----
>
>
>
>
>
>
>
> From: "Ns, Rushi" <rushi.ns at sap.com>
>
> Date: Tuesday, 3 October 2017 at 16:07
>
> To: "caasp-beta at lists.suse.com" <caasp-beta at lists.suse.com>, Dan
> Elder <DElder at novacoast.com>, Rob de Canha-Knight <rob.decanha-knight
> @suse.com>
>
> Subject: Re: [caasp-beta] [Newsletter] Re: RE : kubectl requires
> username and password
>
>
>
>
> Hi Rob,
>
> Whatever you have mentioned is not really working in reality. Using
> CAASP-cli is not at all authenticating and I spent 2 days to find a
> way to connect to cluster.
>
>
> VELUM is fine, I can logon with registed email but nothing can be
> done after that such as installing kubernetes dashboard is not ?
> first of all need to know how to connect with CAASP-CLI because there
> is no users created other than VELUM web login which was
> registered.
>
> Can you provide some steps how you have doing with caasp-cli..i see
> lot of things changed on this new release.
>
>
>
>
> Best Regards,
>
> Rushi.
> I MAY BE ONLY ONE PERSON, BUT I CAN BE ONE PERSON WHO MAKES A
> DIFFERENCE
>
>
>
>
> From: <caasp-beta-bounces at lists.suse.com> on behalf of Rob de Canha-
> Knight <rob.decanha-knight at suse.com>
>
> Date: Tuesday, October 3, 2017 at 6:57 AM
>
> To: Dan Elder <DElder at novacoast.com>, "caasp-beta at lists.suse.com" <ca
> asp-beta at lists.suse.com>
>
> Subject: Re: [caasp-beta] [Newsletter] Re: RE : kubectl requires
> username and password
>
>
>
>
> Hi Dan.
>
> In the log you’ve provided you’re using the admin server for the –s
> argument I believe.
>
> You must use https://<your-master-fqdn>:8443 as the address for the
> k8s master node (noting correct port and https).
>
> Please let us know how you get on.
>
> Rob
>
>
>
>
> ----
> Rob de Canha-Knight
>
> EMEA Platform and Management Technical Strategist
>
> SUSE
>
> rob.decanha-knight at suse.com
> (Fuze/VOIP) +44 (0) 1635 937689
>
> (M) +44 (0) 7392 087303
> (TW)
> rssfed23
> ----
>
>
>
>
>
>
>
> From: <caasp-beta-bounces at lists.suse.com> on behalf of Dan Elder <DEl
> der at novacoast.com>
>
> Date: Tuesday, 3 October 2017 at 05:15
>
> To: "caasp-beta at lists.suse.com" <caasp-beta at lists.suse.com>
>
> Subject: Re: [caasp-beta] [Newsletter] Re: RE : kubectl requires
> username and password
>
>
>
>
>
> I haven't had any luck authentication with caasp-cli unfortunately.
> The credentials I supply work fine for Velum but caasp-cli says
> they're invalid (output attached). Is there some log I can pull from
> the admin node or somewhere else to troubleshoot this?
> I've done 2 installs and gotten the same result both times.
> Thanks,
>
> Dan
>
>
> On 09/27/2017 08:04 AM, Paul Gonin wrote:
>
> > Hi,
> >
> >
> >
> >
> >
> > It should be on the media so you can install it on the admin node
> >
> >
> > It is installed by default on admin node.
> >
> >
> >
> >
> >
> > You can also get (currently) rpms for different openSUSE/SUSE
> > flavors
> >
> >
> > https://build.opensuse.org/repositories/devel:CaaSP:Head:Controller
> > Node/caasp-cli
> >
> >
> >
> >
> >
> > And there is also a windows Build from Rob
> >
> >
> > https://github.com/rssfed23/caasp-cli-windows/releases
> >
> >
> >
> >
> >
> > Tested / works but not supported (yet, but I assume to come)
> >
> >
> >
> >
> >
> >
> >
> >
> > Once you have caasp-cli
> >
> >
> >
> > export KUBECONFIG=<pathtokubeconfig> (set KUBECONFIG=kubeconfig in
> > windows cmd shell)
> >
> >
> > caasp-cli login -u caasp-user -p caasp-password -s
> > https://caasp.fqdn:6443
> >
> >
> >
> >
> >
> > and then you can use kubectl as previously
> >
> >
> >
> >
> >
> > For caasp-user and caasp-password you can use caasp admin
> > credentials.
> >
> >
> > You can also create users in local ldap
> >
> >
> >
> >
> >
> > rgds
> >
> >
> > Paul
> >
> >
> >
> >
> >
> >
> > Le mercredi 27 septembre 2017 à 14:52 +0000, Ns, Rushi a écrit :
> >
> > > Thanks, where can I download . I see from github I can’t download
> > > the link .
> > >
> > > https://github.com/kubic-project/caasp-cli
> > >
> > >
> > >
> > > Best Regards,
> > >
> > > Rushi.
> > > I MAY BE ONLY ONE PERSON, BUT I CAN BE ONE PERSON WHO MAKES A
> > > DIFFERENCE
> > >
> > >
> > >
> > >
> > > From: Paul Gonin
> > > <pgonin at suse.com>
> > >
> > > Date: Tuesday, September 26, 2017 at 1:31 PM
> > >
> > > To: "caasp-beta at lists.suse.com"
> > > <caasp-beta at lists.suse.com>, Rushi NS
> > > <rushi.ns at sap.com>
> > >
> > > Subject: RE : [caasp-beta] kubectl requires username and password
> > >
> > >
> > >
> > >
> > > Hi,
> > >
> > >
> > >
> > >
> > > With RC1, RBAC is available
> > >
> > >
> > > Consequence is that you have to use caasp-ctl to login to CaaSP
> > > and modify your kubectl and inject credentials in it.
> > >
> > >
> > >
> > >
> > >
> > > Rgds
> > >
> > >
> > > Paul
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > -------- Message d'origine --------
> > >
> > >
> > > De : "Ns, Rushi" <rushi.ns at sap.com>
> > >
> > >
> > >
> > > Date : 26/09/2017 22:04 (GMT+01:00)
> > >
> > >
> > > À : SUSE Beta Program
> > > <beta-programs at lists.suse.com>, caasp-beta at lists.suse.com
> > >
> > >
> > >
> > > Objet : [caasp-beta] kubectl requires username and password
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > >>> "Ns, Rushi" 09/26/2017 21:04 >>>
> > >
> > > Hi
> > >
> > > I setup new cluster with this release and everything worked. I
> > > have 3 masters/10 workers ..looks fine VELUM web page as well and
> > > I have downloaded kubeconfig and tried to do some workload test
> > > but issue with
> > > access cluster.
> > >
> > >
> > > I have issue with using KUBECTL command line ..whatever “kubectl”
> > > I run requires permission. I setup velum with my userid email
> > > and password, I thought it requires that and I tried but its not
> > > ?
> > >
> > >
> > > I have also tried root (linux) master/workers but it doesn’t take
> > > that too?
> > >
> > >
> > > Does anyone know what is the issue.
> > >
> > >
> > > kubectl get cluster-info
> > >
> > >
> > > kubectl get nodes
> > > Please enter Username:
> > > rushi.ns at sap.com
> > > Please enter Password: *********
> > > Error from server (Forbidden):
> > > User "system:anonymous" cannot list nodes at the cluster scope.
> > > (get nodes)
> > >
> > > kubectl get nodes
> > > Please enter Username: admin
> > > Please enter Password: ********
> > > Unable to connect to the server:
> > > x509: certificate is valid for 172.24.0.1, 172.16.18.0,
> > > 127.0.0.1, 172.16.18.1, 10.48.164.142, not 10.48.164.144
> > >
> > > kubectl get nodes
> > > Please enter Username: root
> > > Please enter Password: ********
> > > Unable to connect to the server:
> > > x509: certificate is valid for 172.24.0.1, 172.16.22.0,
> > > 127.0.0.1, 172.16.22.1, 10.48.164.141, not 10.48.164.144
> > >
> > > Best Regards,
> > >
> > > Rushi.
> > > I MAY BE ONLY ONE PERSON, BUT I CAN BE ONE PERSON WHO MAKES A
> > > DIFFERENCE
> > >
> > >
> > >
> > >
> > > From: <caasp-beta-bounces at lists.suse.com> on behalf of SUSE Beta
> > > Program
> > > <beta-programs at lists.suse.com>
> > >
> > > Reply-To: SUSE Beta Program
> > > <beta-programs at lists.suse.com>
> > >
> > > Date: Friday, September 22, 2017 at 7:48 AM
> > >
> > > To: "caasp-beta at lists.suse.com"
> > > <caasp-beta at lists.suse.com>
> > >
> > > Subject: [caasp-beta] [ANNOUNCE] SUSE Container as a Service
> > > Platform 2 RC 1 is available!
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Having trouble viewing this email? Please check the plain text
> > > version of it with your mailer.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > We are happy to announce
> > > SUSE CaaS Platform 2
> > > Release Candidate 1!
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Download
> > > ›
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Please check out our dedicated
> > > SUSE CaaS Platform Beta web page, where you will find all the
> > > information needed around SUSE CaaS Platform Beta.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > What’s New with SUSE CaaS Platform 2 RC 1?
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > K8s Multi-Master: Kubernetes Multi Master for building High-
> > > Availability clusters.
> > >
> > > caasp-cli: It's the new command line client for interacting with
> > > a CaaS Platform cluster.
> > > See for details.
> > >
> > > Dex: Dex is an identity service that uses OpenID Connect to drive
> > > authentication for other
> > > apps. See for details.
> > >
> > > OpenLDAP2: OpenLDAP2 running on an SLE12 container guest.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Things to consider for this Beta?
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > DHCP
> > >
> > >
> > > Your DHCP server should provide resolveable hostnames. If this is
> > > not the case like with libvirt/KVM, you should consider providing
> > > one yourself by appending this kernel parameter
> > > "hostname=HOSTNAME" during installation.
> > >
> > > However, the kubeconfig file downloaded from the Dashboard could
> > > contain an incorrect "server" hostname that should be replaced
> > > with the IP address of your Master. For more information
> > > read: https://en.opensuse.org/SDB:Linuxrc#Network_Configuration
> > >
> > >
> > > Autoyast/VMX-Images
> > >
> > >
> > > If you install via autoyast or one of the provided VMX beta
> > > images (KVM,Xen,VMware,...) please set a password or SSH key via
> > > cloud-init to be able to login.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Release
> > > plan ›
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Release
> > > Notes ›
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Documentation
> > > ›
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Have fun beta testing!
> > >
> > > Your SUSE Linux Enterprise Team
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Please refer to our dedicated
> > > SUSE CaaSP Beta Program webpage for any general information.
> > > However, do not hesitate to contact us at
> > > beta-programs at lists.suse.com if you have any questions.
> > > You received this email because you're signed up to get updates
> > > from us.
> > >
> > > Click here to unsubscribe.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > caasp-beta mailing list
> > > caasp-beta at lists.suse.com
> > > http://lists.suse.com/mailman/listinfo/caasp-beta
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > caasp-beta mailing list
> > caasp-beta at lists.suse.com
> > http://lists.suse.com/mailman/listinfo/caasp-beta
>
>
> --
> Senior Engineer
> Linux Services Manager
> Novacoast, Inc.
> Mobile: (310) 243-6971
> Office: (800) 949-9933 x1337
> http://www.novacoast.com/
>
>
>
>
> _______________________________________________
> caasp-beta mailing list
> caasp-beta at lists.suse.com
> http://lists.suse.com/mailman/listinfo/caasp-beta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image014.png
Type: image/png
Size: 804 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image013.png
Type: image/png
Size: 946 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image012.png
Type: image/png
Size: 758 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image011.png
Type: image/png
Size: 766 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.png
Type: image/png
Size: 792 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.png
Type: image/png
Size: 1202 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 2959 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 802 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 944 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 756 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 764 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 790 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1200 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2957 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171003/451490c0/attachment-0013.png>
More information about the caasp-beta
mailing list