Channels
extensions
rancher-extensions
supermicro-sixsq
ozt
os
one-point-x
rio
onlinemeetup
v16-v21-migration
events
onlinetraining
training-1220
training-0110
training-0124
k3s-contributor
submariner
storage
k3os
windows
ci-cd
theranchcast
rfed_ara
nederlands
ukranian
danish
training-0131
masterclass
training-0207
training-0214
terraform-controller
epinio
phillydotnet
swarm
rancher-wrangler
deutsch
russian
chinese
mesos
français
japanese
arm
longhorn-dev
terraform-provider-rke
service-mesh
azure
gcp
academy
random
elemental
espanol
lima
harvester-dev
portugues
kubernetes
kim
hypper
kubewarden
opni
logging
neuvector-security
rancher-setup
developer
office-hours
mexico
cabpr
rke
vsphere
longhorn-storage
k3s
k3d
terraform-provider-rancher2
fleet
amazon
harvester
rke2
s3gw
hobbyfarm
rancher-desktop
general
Title
b
big-jordan-45387
04/03/2023, 8:51 PMhi, the registration script to register nodes hangs/fails, I narrowed down to this command:
curl --connect-timeout 60 --max-time 60 --write-out "%{http_code}\n" -sS -H "Authorization: Bearer xxxxxxxxx" -H "X-Cattle-Id: yyyyyyyyyyy" -H "X-Cattle-Role-Etcd: true" -H "X-Cattle-Role-Control-Plane: true" -H "X-Cattle-Role-Worker: true" -H "X-Cattle-Node-Name: " -H "X-Cattle-Address: " -H "X-Cattle-Internal-Address: " -H "X-Cattle-Labels: <http://cattle.io/os=linux|cattle.io/os=linux>" -H "X-Cattle-Taints: " "<https://zzzzzzzzzzz>"/v3/connect/agent -o /var/lib/rancher/agent/rancher2_connection_info.jsonc
creamy-pencil-82913
04/03/2023, 9:12 PMBasic network troubleshooting is where i’d start. Can you resolve the address? can you ping it? Can you perform a basic curl of that address without the extra parameters?
b
big-jordan-45387
04/03/2023, 9:13 PMyeah, I don't think it is network issue since the node did download the script over the network from the rancher server
also I get an 401 http error running the curl command without the X-Cattle_Id header
if I run curl in verbose mode, I can see the traffic, both client and server agrees on the https cert ... then it hangs
and I can see traffic going both ways when I run tcpdump
c
creamy-pencil-82913
04/03/2023, 9:20 PMare you sure that curl command is actually where it’s hanging then, and not actually some command after that?
b
big-jordan-45387
04/03/2023, 9:21 PMI put "echo" everywhere to trace the script execution and that curl command is where it hangs
now that you ask, let me double check
so, as mentioned, I have the script like this
echo "3"
echo "######## ATTEMPT $i of $RETRYCOUNT"
echo "calling ===> curl $noproxy --connect-timeout 60 --max-time 60 --write-out \"%{http_code}\n\" ${CURL_CAFLAG} ${CURL_LOG} -H \"Authorization: Bearer ${CATTLE_TOKEN}\" -H \"X-Cattle-Id: ${CATTLE_ID}\" -H \"X-Cattle-Role-Etcd: ${CATTLE_ROLE_ETCD}\" -H \"X-Cattle-Role-Control-Plane: ${CATTLE_ROLE_CONTROLPLANE}\" -H \"X-Cattle-Role-Worker: ${CATTLE_ROLE_WORKER}\" -H \"X-Cattle-Node-Name: ${CATTLE_NODE_NAME}\" -H \"X-Cattle-Address: ${CATTLE_ADDRESS}\" -H \"X-Cattle-Internal-Address: ${CATTLE_INTERNAL_ADDRESS}\" -H \"X-Cattle-Labels: ${CATTLE_LABELS}\" -H \"X-Cattle-Taints: ${CATTLE_TAINTS}\" \"${CATTLE_SERVER}\"/v3/connect/agent -o ${CATTLE_AGENT_VAR_DIR}/rancher2_connection_info.json"
RESPONSE=$(curl $noproxy --connect-timeout 60 --max-time 60 --write-out "%{http_code}\n" ${CURL_CAFLAG} ${CURL_LOG} -H "Authorization: Bearer ${CATTLE_TOKEN}" -H "X-Cattle-Id: ${CATTLE_ID}" -H "X-Cattle-Role-Etcd: ${CATTLE_ROLE_ETCD}" -H "X-Cattle-Role-Control-Plane: ${CATTLE_ROLE_CONTROLPLANE}" -H "X-Cattle-Role-Worker: ${CATTLE_ROLE_WORKER}" -H "X-Cattle-Node-Name: ${CATTLE_NODE_NAME}" -H "X-Cattle-Address: ${CATTLE_ADDRESS}" -H "X-Cattle-Internal-Address: ${CATTLE_INTERNAL_ADDRESS}" -H "X-Cattle-Labels: ${CATTLE_LABELS}" -H "X-Cattle-Taints: ${CATTLE_TAINTS}" "${CATTLE_SERVER}"/v3/connect/agent -o ${CATTLE_AGENT_VAR_DIR}/rancher2_connection_info.json)
echo "call done with response $RESPONSE"3
######## ATTEMPT 1 of 4500
calling ===> curl --connect-timeout 60 --max-time 60 --write-out "%{http_code}\n" -sS -H "Authorization: Bearer ..." -H "X-Cattle-Id: ..." -H "X-Cattle-Role-Etcd: true" -H "X-Cattle-Role-Control-Plane: true" -H "X-Cattle-Role-Worker: true" -H "X-Cattle-Node-Name: " -H "X-Cattle-Address: " -H "X-Cattle-Internal-Address: " -H "X-Cattle-Labels: <http://cattle.io/os=linux|cattle.io/os=linux>" -H "X-Cattle-Taints: " "https://..."/v3/connect/agent -o /var/lib/rancher/agent/rancher2_connection_info.jsonand I manually call the script like
./system-agent-install.sh --server https://... --label '<http://cattle.io/os=linux|cattle.io/os=linux>' --token .... --etcd --controlplane --workerim pretty sure the curl command hangs --> the rancher server is not sending a response back
h
hundreds-evening-84071
04/03/2023, 9:28 PMDNS? If its curl command, can you resolve the name?
b
big-jordan-45387
04/03/2023, 9:28 PMyes can resolve the name
h
hundreds-evening-84071
04/03/2023, 9:30 PMnc -v server 443 ?
b
big-jordan-45387
04/03/2023, 9:33 PMif I do curl to the rancher server I get a json back
network is fine
requests with authorization bearer and x-cattle-id headers hangs (at least to the /v3/connect/agent endpoint)
c
creamy-pencil-82913
04/03/2023, 9:34 PMmaybe check logs on the rancher pod then?
b
big-jordan-45387
04/03/2023, 9:35 PMis this rancher pod running on the rke2 machine or is it running in the hosts running rancher?
c
creamy-pencil-82913
04/03/2023, 9:48 PMthe one that you’re making the request against
b
big-jordan-45387
04/03/2023, 9:49 PMah, ok I dont have access to that host, I will ask for help to the rancher sys admins tomorrow