This message was deleted.
# elemental
a
This message was deleted.
w
Hi Sweta! Hmm, do you see this error often? Whenever I have seen it has been because I try to use an old ISO with a newly provisioned Rancher cluster..
b
I recreated a new Rancher on my local and then with the help of the elemental operator generated an iso that is still giving same error
w
If you check the certificate of rancher is it generated by dynamiclistener org?
Are you using jetstack cert-manager?
b
yes it is getting generated by dynamiclistener.
I am using this cloudinit to spin up rancher in Harvester VM:
Copy code
write_files:  
      - path: /var/lib/rancher/k3s/server/manifests/rancher-manifest.yaml  
        permissions: "0644"  
        content: |  
          ---
          apiVersion: v1
          kind: Namespace
          metadata:
            name: cattle-system
          ---
          apiVersion: <http://helm.cattle.io/v1|helm.cattle.io/v1>
          kind: HelmChart
          metadata:
            name: rancher
            namespace: kube-system
          spec:
            repo: <https://releases.rancher.com/server-charts/stable>
            chart: rancher
            version: v2.7.6
            targetNamespace: cattle-system
            valuesContent: |-
              features: rke1-custom-node-cleanup=false,harvester=false,istio-virtual-service-ui=false,continuous-delivery=false
              auditLog:
                level: 1              
              ingress:
                enabled: false                           
              replicas: -2
              tls: external
              bootstrapPassword: testtesttest
              useBundledSystemChart: true
      - path: /var/lib/rancher/k3s/server/manifests/rancher-service.yaml 
        permissions: "0644"  
        content: |  
          ---
          apiVersion: v1  
          kind: Service  
          metadata:  
            name: rancherexternal  
            namespace: cattle-system  
          spec:  
            selector:  
              app: rancher  
            ports:  
              - name: http  
                port: 80  
                targetPort: 80  
                protocol: TCP  
                nodePort: 30080  
              - name: https  
                port: 443  
                targetPort: 443  
                protocol: TCP  
                nodePort: 30443  
            type: NodePort       
      - path: /var/lib/rancher/k3s/server/manifests/rancher-elemental-operator.yaml 
        permissions: "0644"  
        content: | 
          ---
          apiVersion: v1
          kind: Namespace
          metadata:
            name: cattle-elemental-system 
          ---
          apiVersion: <http://helm.cattle.io/v1|helm.cattle.io/v1>
          kind: HelmChart
          metadata:
            name: elemental-operator-crd
            namespace: kube-system
          spec:            
            chart: <https://github.com/rancher/elemental-operator/releases/download/v1.3.5/elemental-operator-crds-chart-1.3.5.tgz>            
            targetNamespace: cattle-elemental-system            
          ---  
          apiVersion: <http://helm.cattle.io/v1|helm.cattle.io/v1>
          kind: HelmChart
          metadata:
            name: elemental-operator
            namespace: kube-system
          spec:            
            chart: <https://github.com/rancher/elemental-operator/releases/download/v1.3.5/elemental-operator-chart-1.3.5.tgz>            
            targetNamespace: cattle-elemental-system
Do you think some configuration needs to be added for certificate?
Issuer information from secrets for Rancher-tls
w
Is that expiry-date really correct?
b
yes
w
aha, not this year...
can you try fetching the registration yaml from outside rancher (should have the URL in the MachineRegistration) and compare the
elemental.registration.ca-cert
with the actual cert that rancher uses?
b
the ca.cert in registration yaml is different from cert in tls-rancher-cert.
the registration yaml ca cert is same as the tls-rancher-internal ca cert