magnificent-vr-88571
06/30/2022, 12:24 PMambitious-plastic-3551
06/30/2022, 7:18 PMmagnificent-vr-88571
07/01/2022, 12:15 AMmagnificent-vr-88571
07/02/2022, 8:03 PMJul 2 042001 svr-node1 rke2[10011]: {“level”“warn”,“ts”“2022-07-02T042001.751+0900”,“caller”“clientv3/retry interceptor.go62”,“msg”:“retrying of unary invoker failed”,“target”:“endpoint://client-c6d7298a-2a65/127.0.0.1:2379”,“attempt”:0,“error”:“rpc error: code = Unknown desc = etcdserver: re-configuration failed due to not enough started members”}
Jul 2 042001 svr-node1 rke2[10011]: E0702 042001.751299 10011 controller.go:135] error syncing ‘svr-node1 ’: handler managed-etcd-controller: etcdserver: re-configuration failed due to not enough started members, requeuing
curved-caravan-26314
07/02/2022, 8:15 PMkind-air-74358
07/04/2022, 9:37 AMlevel=warning msg="Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation."
level=fatal msg="starting kubernetes: preparing server: failed to validate server configuration: critical configuration value mismatch"
Any idea how to fix this?ambitious-plastic-3551
07/04/2022, 7:26 PMambitious-plastic-3551
07/04/2022, 7:28 PMbored-rain-98291
07/05/2022, 7:37 PMbored-rain-98291
07/05/2022, 7:44 PMbored-rain-98291
07/07/2022, 8:59 AMmodern-dress-80156
07/08/2022, 11:14 AMrke2 server \
--cluster-reset \
--cluster-reset-restore-path=<PATH-TO-SNAPSHOT>
faint-airport-83518
07/08/2022, 8:23 PMbored-rain-98291
07/11/2022, 3:30 PMfaint-airport-83518
07/12/2022, 3:41 PMcloud-provider-name
as an argument?great-flag-38820
07/12/2022, 11:58 PMPodSecurityPolicy
for enforcing the CIS-1.6 hardening guide?bored-rain-98291
07/13/2022, 1:23 PMrapid-helmet-86074
07/19/2022, 7:34 PM--protect-kernel-defaults must be true when using --profile=cis-1.6
, which I thought got set automatically when profile was set to cis-1.6.
So my question is did I mess something up with a conflict like the default pod security policy? Is CIS-1.6 not supported? Something else? Should I file a bug?straight-nest-8449
07/20/2022, 7:58 AMjournalctl -eu rancher-system-agent
after using the registration command shows the following:
msg="[Applyinator] Applying one-time instructions for plan with checksum 297f183b2277d90415cace1b3222523e893fe83ca0918af7cf3f58f73377f387"
msg="[Applyinator] Extracting image registry.[REDACTED]-educ.local/rancher/system-agent-installer-rke2:v1.23.6-rke2r2 to directory /var/lib/rancher/agent/work/20220720-095240/297f183b2277d90415cace1b3222523e893fe83ca0918af7cf3f58f73377f387_0"
msg="Using private registry config file at /etc/rancher/agent/registries.yaml"
msg="Pulling image registry.[REDACTED]-educ.local/rancher/system-agent-installer-rke2:v1.23.6-rke2r2"
msg="[Applyinator] Running command: sh [-c run.sh]"
msg="[297f183b2277d90415cace1b3222523e893fe83ca0918af7cf3f58f73377f387_0:stderr]: sh: run.sh: command not found"
msg="[Applyinator] Command sh [-c run.sh] finished with err: <nil> and exit code: 127"
msg="error executing instruction 0: <nil>"
I'm running out of ideas. I'm not sure if the image is being pulled since a watch on the filesystem only shows the work directory being created but not a file being writtenbored-rain-98291
07/20/2022, 8:39 PMambitious-motherboard-40337
07/21/2022, 9:11 AMbored-rain-98291
07/21/2022, 1:39 PMripe-journalist-3231
07/22/2022, 2:28 PMfaint-airport-83518
07/22/2022, 4:28 PMfaint-traffic-61866
07/22/2022, 4:38 PMstale-painting-80203
07/26/2022, 5:56 AMfailed to get CA certs: Get \"<https://rancher.mydomain.com:9345/cacerts>\": dial tcp... connect: connection refused"
The following suggests setting up a listener https://rancher.com/docs/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-rke2/
Note that in order for RKE2 to work correctly with the load balancer, you need to set up two listeners: one for the supervisor on port 9345, and one for the Kubernetes API on port 6443.
How should these be setup? Is it an nginx configuration?victorious-kite-35099
07/26/2022, 5:07 PM--kube-proxy-arg
settings. Any hints for me?future-monitor-61871
07/26/2022, 8:36 PMfuture-monitor-61871
07/26/2022, 9:46 PMbland-jackal-22983
07/27/2022, 6:01 AMpause
processes get started by rke2
?
i was investigating a "too many file descriptor open" issue, after bootstrapping rke2, i see there are 17868 of lsof: no pwd entry for UID 65535
by checking which process owned by uid 65535:
# ps -U 65535
PID TTY TIME CMD
3247 ? 00:00:00 pause
3372 ? 00:00:00 pause
3472 ? 00:00:00 pause
3895 ? 00:00:00 pause
3934 ? 00:00:00 pause
3974 ? 00:00:00 pause
4427 ? 00:00:00 pause
4767 ? 00:00:00 pause
5519 ? 00:00:00 pause
the lsof shows a lot of
pause 3247 65535 cwd DIR 0,44 51 10910627 /
pause 3247 65535 rtd DIR 0,44 51 10910627 /
pause 3247 65535 txt REG 0,44 682696 170978 /pause
pause 3247 65535 mem REG 253,0 170978 /pause (stat: No such file or directory)
pause 3247 65535 0u CHR 1,3 0t0 5 /dev/null
pause 3247 65535 1u CHR 1,3 0t0 5 /dev/null
pause 3247 65535 2u CHR 1,3 0t0 5 /dev/null
pause 3372 65535 cwd DIR 0,63 51 10915996 /
pause 3372 65535 rtd DIR 0,63 51 10915996 /
pause 3372 65535 txt REG 0,63 682696 170978 /pause
pause 3372 65535 mem REG 253,0 170978 /pause (stat: No such file or directory)
pause 3372 65535 0u CHR 1,3 0t0 5 /dev/null
pause 3372 65535 1u CHR 1,3 0t0 5 /dev/null
pause 3372 65535 2u CHR 1,3 0t0 5 /dev/null
...