https://rancher.com/ logo
#rke2
Title
# rke2
h

hallowed-window-565

05/24/2023, 7:16 AM
Hello. I am trying to join a worker node to a rancher deployed rke2 cluster. but this node gives me this error level=error msg="failed to get CA certs: Get \"https://127.0.0.1:6444/cacerts\": EOF " if i try to restart rke2-server after a reboot, i get this error "Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation." google have lead me to think the worker can not talk to the controllplane, but using curl to test /cacerts reachabillity, works with ipv4 address, ipv6 address, hostname, and loadbalancer ip and host. anyone have an idea of where to troubleshoot next ?
c

creamy-pencil-82913

05/24/2023, 7:36 AM
Try adding
debug: true
to the agent config, see what else shows up in the logs
h

hallowed-window-565

05/24/2023, 8:01 AM
ooh awesome, tryting that now
i do not see anything stange in the agent, it seems to download and install as normal. https://paste.debian.net/hidden/d5d6543d/ i get the same error on rke2 as before "failed to get CA certs: Get \"https://127.0.0.1:6444/cacerts\": EOF" "Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation."
when i try to add the worker. the server: address in /etc/rancher/rke2/config.yaml.d/50-rancher.yaml seems odd to me. sometimes it is an ipv6 address, and it is not the load balancer address that i have made for 6443 and 9345. and it seems to become reset all the time. do any of you know where the worker node gets this address comes from ?
I tried making a cluster with a new name in rancher, and this time the nodes do not get the old ip stuck in /etc/rancher/rke2/config.yaml.d/50-rancher.yaml I am on rancher 2.6.6, is there a known way to clear old data from a custom cluster that is deleted from rancher, so the cluster name can be reused ? or is that just not possible ?
249 Views