Error activating portworx lisense on AKS cluster - azure-aks

Having an intermittent issue when deploying portworx to my AKS clusters whereby the pvc's cannot create the volumes in Azure with the below error
Failed to provision volume with StorageClass "crunchy-portworx-sc": rpc error: code = Internal desc = Failed to create volume: Volume (Name: pvc-1c0bcebc-863b-482d-81c7-1cc29febff1c) create failed: Feature upgrade needed. Licensed maximum reached for 'VolumeSize' feature (allowed 0 GiB, requested 100 GiB)
I have tried activating the license from a portworx container on the cluster like so
./pxctl license activate <license-key>
However I get the below error
couldn't get: /config with error: Access denied token is empty
I'm not sure what token it refers to as this step worked on other clusters .. I looked at the secrets in my portworx namespace and I see a few tokens . I couldnt find much in the portworx docs

Related

Error on etcd health check while setting up RKE cluster

i'm trying to set up a rke cluster, the connection to the nodes goes well but when it starts to check etcd health returns:
failed to check etcd health: failed to get /health for host [xx.xxx.x.xxx]: Get "https://xx.xxx.x.xxx:2379/health": remote error: tls: bad certificate
If you are trying to upgrade the RKE and facing this issue then it could be due to the missing of kube_config_<file>.yml file from the local directory when you perform rke up.
This similar kind of issue was reported and reproduced in this git link . Can you refer to the work around and reproduce it by using the steps provided in the link and let me know if this works.
Refer to this latest SO and doc for more information.

Azure Application gateway fails with terminal provisioning state "Failed"

I am deploying azure application gateway (internal) with V2, it succeeded couple of times in other subscriptions (Environments), however, it is failing with strange error and without much details about the error.
deployment fails after 30 mins of applying/creating
there is a UDR but which is for different purpose and not blocking or restricting the default internet route
The deployment is using terraform and everything worked well in other instances deployment
I tried to reproduce the same in my environment and got the same error like below.
"details": [
{
"code": "Conflict",
"message": "{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"![The resource operation completed with terminal provisioning state 'Failed](https://i.imgur.com/eipLRgp.png)'.\"\r\n }\r\n}"
}
]
This issue generally occurs, when an unsupported route typically a 0.0.0.0/0 route to a firewall being advertised via BGP is affecting the Application Gateway Subnet.
Try to deploy with a default vnet and manage subnet configuration like below:
When I tried to deploy, Azure Application gateway deployment succeeded successfully like below:
If your deployment fails after 30 mins you can make use of diagnose logs to check error messages in any logs pertaining to the unsuccessful procedure.
Once you determine the cause of the issue diagnosis will guide you to take the necessary steps and fix the issue. Resolving network issues, depending on the cause of the failure.
Found the issue and resolution
Raised a Microsoft case to see the logs of the APPGW at the platform level
Microsoft verified the logs and identified that AppGW is not able to communicate with the Keyvault to read the ssl certificate as we are using Keyvault to store ssl cert for TLS encryption
Found out that subnet to subnet communication is blocked and hence AppGW is unable to communicate with KV in another subnet
Resolution:
Allowed subnet to subnet communication where appgw and kv are present
Conclusion:
Microsoft would have enabled better logging information (error details) in the AppGW resource deployment and or resource activity logs

Org Policy Violation triggered on Pushing First Docker Image to Google Container Registry

I'm trying to Push a Docker Image to Google Container Registry for the First Time.
On Pushing the Image to GKE , the Org Policy Violation 'constraints/gcp.resourceLocations' gets triggered.
The Cloud Resources are tagged to location south-asia-1
I have tried the following DNS for Container Registry.
docker push gcr.io/PROJECT-NAME/IMAGE-NAME:v1
docker push asia.gcr.io/PROJECT-NAME/IMAGE-NAME:v1
Both of command trigger an error as follows : -
Error while using docker push gcr.io/PROJECT-NAME/IMAGE-NAME:v1
denied: Token exchange failed for project 'PROJECT-NAME'. Org Policy Violated: 'us' violates constraint 'constraints/gcp.resourceLocations'
Error while using docker push asia.gcr.io/PROJECT-NAME/IMAGE-NAME:v1
denied: Token exchange failed for project 'PROJECT-NAME'. Org Policy Violated: 'asia' violates constraint 'constraints/gcp.resourceLocations'
I have Cloud Storage ADMIN Rights as I understand the First Image which gets pushed , also creates a Storage Bucket.
I'm not sure how to go about this now.
Any help is appreciated.
I've tried creating a Storage Bucket , but pushing the image doesn't seem to check any default storage buckets created.
I can see the Storage Bucket in gsutil list
Regards,
Ashish .A. Poojary

OpenShift 4 error: Error reading manifest

during OpenShift installation from a local mirror registry, after I started the bootstrap machine i see the following error in the journal log:
release-image-download.sh[1270]:
Error: error pulling image "quay.io/openshift-release-dev/ocp-release#sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129":
unable to pull quay.io/openshift-release-dev/ocp-release#sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129: unable to pull image:
Error initializing source docker://quay.io/openshift-release-dev/ocp-release#sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129:
(Mirrors also failed: [my registry:5000/ocp4/openshift4#sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129: Error reading manifest
sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129 in my registry:5000/ocp4/openshift4: manifest unknown: manifest unknown]):
quay.io/openshift-release-dev/ocp-release#sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129: error pinging docker registry quay.io:
Get "https://quay.io/v2/": dial tcp 50.16.140.223:443: i/o timeout
Does anyone have any idea what it can be?
The answer is here in the error:
... dial tcp 50.16.140.223:443: i/o timeout
Try this on the command line:
$ podman pull quay.io/openshift-release-dev/ocp-release#sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129
You'll need to be authenticated to actually download the content (this is what the pull secret does). However, if you can't get the "unauthenticated" error then this would more solidly point to some network configuration.
That IP resolves to a quay host (you can verify that with "curl -k https://50.16.140.223"). Perhaps you have an internet filter or firewall in place that's blocking egress?
Resolutions:
fix your network issue, if you have one
look at doing an disconnected /airgap install -- https://docs.openshift.com/container-platform/4.7/installing/installing-mirroring-installation-images.html has more details on that
(If you're already doing an airgap install and it's your local mirror that's failing, then your local mirror is failing)

Hyperledger - Blockchain Peers not connecting - Docker container properties

I am creating a sample Blockchain network using tutorial https://hyperledger-fabric.readthedocs.io/en/release-1.2/build_network.html. I am facing an error while connecting the peers :
Error: failed to create deliver client: orderer client failed to connect to orderer.example.com:7050: failed to create new connection: context deadline exceeded.
I found a probable solution here which I would like to test but I need help for below :
How to update default network of the containers
How to add property for each container.
While accessing my etc/docker directory I am getting error 'Server returned empty listing for directory '/etc/docker' and also it says permission denied when I try to access it from terminal. Any help will be appreciated.
There is no need for making any changes in Docker containers. I faced similar issue, you can clean up the system space or if you are using a VM you install a fresh network in a new VM(assuming you already have all configuration files copied).

Resources