红帽全球峰会4.3. 绕过自动网络验证
如果要将已知网络配置问题部署到现有的 Virtual Private Cloud (VPC)中,可以绕过自动网络验证。
如果您在创建集群时绕过网络验证,集群的支持状态是有限的。安装后,您可以解决这个问题,然后手动运行网络验证。在验证成功后,有限的支持状态会被删除。
当使用 Red Hat OpenShift Cluster Manager 将集群安装到现有的 VPC 时,您可以通过在 Virtual Private Cloud (VPC) 子网设置页面中选择 Bypass network verification 来绕过自动验证。
4.3.1. 使用 CLI 手动运行网络验证
复制链接链接已复制到粘贴板!
您可以使用 ROSA CLI (rosa)手动运行网络验证检查 AWS 集群上的现有 Red Hat OpenShift Service。
运行网络验证时,您可以指定一组 VPC 子网 ID 或集群名称。
先决条件
-
您已在安装主机上安装和配置了最新的 ROSA CLI (
rosa)。 - 在 AWS 集群上已有 Red Hat OpenShift Service。
- 您是集群所有者,或具有集群编辑器角色。
流程
使用以下方法之一验证网络配置:
通过指定集群名称来验证网络配置。自动检测子网 ID:
rosa verify network --cluster <cluster_name>
$ rosa verify network --cluster <cluster_name>1 Copy to Clipboard Copied! Toggle word wrap Toggle overflow - 1
- 将
<cluster_name>替换为集群的名称。
输出示例
I: Verifying the following subnet IDs are configured correctly: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc] I: subnet-03146b9b52b6024cb: pending I: subnet-03146b9b52b2034cc: passed I: Run the following command to wait for verification to all subnets to complete: rosa verify network --watch --status-only --region us-east-1 --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc
I: Verifying the following subnet IDs are configured correctly: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc] I: subnet-03146b9b52b6024cb: pending I: subnet-03146b9b52b2034cc: passed I: Run the following command to wait for verification to all subnets to complete: rosa verify network --watch --status-only --region us-east-1 --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034ccCopy to Clipboard Copied! Toggle word wrap Toggle overflow 确保所有子网的验证已完成:
rosa verify network --watch \ --status-only \ --region <region_name> \ --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc$ rosa verify network --watch \1 --status-only \2 --region <region_name> \3 --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc4 Copy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
I: Checking the status of the following subnet IDs: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc] I: subnet-03146b9b52b6024cb: passed I: subnet-03146b9b52b2034cc: passed
I: Checking the status of the following subnet IDs: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc] I: subnet-03146b9b52b6024cb: passed I: subnet-03146b9b52b2034cc: passedCopy to Clipboard Copied! Toggle word wrap Toggle overflow 提示要输出验证测试的完整列表,您可以在运行
rosa verify network命令时包含--debug参数。
通过指定 VPC 子网 ID 来验证网络配置。将
<region_name> 替换为您的 AWS 区域,将<AWS_account_ID> 替换为您的 AWS 帐户 ID:rosa verify network --subnet-ids 03146b9b52b6024cb,subnet-03146b9b52b2034cc --region <region_name> --role-arn arn:aws:iam::<AWS_account_ID>:role/my-Installer-Role
$ rosa verify network --subnet-ids 03146b9b52b6024cb,subnet-03146b9b52b2034cc --region <region_name> --role-arn arn:aws:iam::<AWS_account_ID>:role/my-Installer-RoleCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
I: Verifying the following subnet IDs are configured correctly: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc] I: subnet-03146b9b52b6024cb: pending I: subnet-03146b9b52b2034cc: passed I: Run the following command to wait for verification to all subnets to complete: rosa verify network --watch --status-only --region us-east-1 --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc
I: Verifying the following subnet IDs are configured correctly: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc] I: subnet-03146b9b52b6024cb: pending I: subnet-03146b9b52b2034cc: passed I: Run the following command to wait for verification to all subnets to complete: rosa verify network --watch --status-only --region us-east-1 --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034ccCopy to Clipboard Copied! Toggle word wrap Toggle overflow 确保所有子网的验证已完成:
rosa verify network --watch --status-only --region us-east-1 --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc
$ rosa verify network --watch --status-only --region us-east-1 --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034ccCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
I: Checking the status of the following subnet IDs: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc] I: subnet-03146b9b52b6024cb: passed I: subnet-03146b9b52b2034cc: passed
I: Checking the status of the following subnet IDs: [subnet-03146b9b52b6024cb subnet-03146b9b52b2034cc] I: subnet-03146b9b52b6024cb: passed I: subnet-03146b9b52b2034cc: passedCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}