This message was deleted.
# rke2a
adamant-kite-43734
01/25/2024, 4:36 PMThis message was deleted.
c
creamy-pencil-82913
01/25/2024, 5:29 PMfor server roles, we have
etcdcontrol-planemasterworkercreamy-pencil-82913
01/25/2024, 5:30 PMit looks like this control-plane node is just starting up and has been configured to join a server that is not available. Is that correct?
creamy-pencil-82913
01/25/2024, 5:31 PMif you’re using Rancher, it should manage the initial node (the one that the others are configured to join) for you. However, if you interfere with that by intentionally disabling that node, you may see strange results.
creamy-pencil-82913
01/25/2024, 5:32 PMIn a production outage scenario, we would suggest removing that node and letting rancher select a new init node for you.
creamy-pencil-82913
01/25/2024, 5:34 PMIf this was a standalone cluster (not managed by rancher) we would suggest that you configure a HA registration endpoint: https://docs.rke2.io/install/ha#1-configure-the-fixed-registration-address
but rancher-managed clusters do this differently, by picking a single node as the registration endpoint.
p
powerful-table-93807
01/25/2024, 5:50 PMSo as I understand in rke2 terminology
serveragentserver9345powerful-table-93807
01/25/2024, 5:52 PM Copy code
if you're using Rancher, it should manage the initial node (the one that the others are configured to join) for you. However, if you interfere with that by intentionally disabling that node, you may see strange results.
brandond [7:32 PM]
In a production outage scenario, we would suggest removing that node and letting rancher select a new init node for you.powerful-table-93807
01/25/2024, 5:55 PM@creamy-pencil-82913 Or you mean in Rancher case I don't need load balancer just remove a failed node and it will continue working ?
c
creamy-pencil-82913
01/25/2024, 7:07 PMcorrect
p
powerful-table-93807
01/25/2024, 7:22 PMOk. So with no load balance should be fine. We just have on rancher configure alerts to send when node is down, so we can remove it and let rancher to select a new init server
c
creamy-pencil-82913
01/25/2024, 7:28 PMWell I’m confused by what exactly you’re testing here. There’s no reason that shutting down one of your etcd nodes should cause other nodes to restart, why is rke2 on the control-plane node restarting at this particular moment?
p
powerful-table-93807
01/25/2024, 7:34 PMI'm also confused. It's current state of cluster . Let me turn of etcd 1 VM on proxmox
powerful-table-93807
01/25/2024, 7:36 PMBtw, It started showing Updating state what is also strange
powerful-table-93807
01/25/2024, 7:40 PMBut it still shows all nodes are running
c
creamy-pencil-82913
01/25/2024, 7:41 PMwhat exactly did you do? just stopped one of the VMs?
creamy-pencil-82913
01/25/2024, 7:42 PMWhat caused the rke2 service on the other node to restart?
p
powerful-table-93807
01/25/2024, 7:43 PMYes. Just stopped VM to emulate it went down
powerful-table-93807
01/25/2024, 7:43 PMcontrol plane 2 started failing
powerful-table-93807
01/25/2024, 7:45 PMother cp is also crashing with the same error. So no control plane servers are working now
c
creamy-pencil-82913
01/25/2024, 7:47 PMwas it working before you shut the other node down? Why did the service get stopped?
creamy-pencil-82913
01/25/2024, 7:47 PMThe logs should show what caused it to get restarted.
p
powerful-table-93807
01/25/2024, 7:49 PMSee also this logs
c
creamy-pencil-82913
01/25/2024, 7:55 PMthats all normal, pods remain running when the service restarts, and systemd complains about it
p
powerful-table-93807
01/25/2024, 7:55 PM Copy code
The logs should show what caused it to get restarted.powerful-table-93807
01/25/2024, 7:58 PMI opened */etc/rancher/rke2/config.yaml.d/*50-rancher.yaml and server points 120.11
Copy code
"server": "<https://xx.xx.120.11:9345>",c
creamy-pencil-82913
01/25/2024, 7:58 PMyes, that’s managed by rancher
creamy-pencil-82913
01/25/2024, 7:58 PMbut once servers have joined the cluster, they should not need that server to be accessible any longer. it is just for joining.
creamy-pencil-82913
01/25/2024, 7:59 PMLook through the journald logs for restarts of the rke2-server service. see why it was stopped or exited, around the time you shut down the etcd node.
p
powerful-table-93807
01/25/2024, 8:00 PMHmm. Changed adress from 120.11 to 120.19 to another etcd node it worked
powerful-table-93807
01/25/2024, 8:02 PMWhat logs it shows now. And it configures with differernt load balanced ip addresses for etcd
powerful-table-93807
01/25/2024, 8:05 PManother cp is also up. Do you want to me to turn 120.19 etcd and see what logs it will show ?
powerful-table-93807
01/25/2024, 8:09 PMWhen other etcd is down
c
creamy-pencil-82913
01/25/2024, 8:09 PMsure? I think you’re kinda pushing the edge of rancher’s cluster management here though. You’re modifying the config out from under rancher; it will likely try to put it back for you.
p
powerful-table-93807
01/25/2024, 8:11 PMOther cp is not crashing but trying to connect to cp 2
powerful-table-93807
01/25/2024, 9:31 PMBTW. For production do you recommend to use separate etcd, control-plane nodes or deploy servers with etcd + control-plane ?
c
creamy-pencil-82913
01/25/2024, 9:32 PMetcd+cp is generally fine, unless you have IO load or something like that and can’t scale the disks up sufficiently to keep etcd happy
creamy-pencil-82913
01/25/2024, 9:32 PMI don’t generally see it as necessary on most clusters
p
powerful-table-93807
01/25/2024, 9:35 PMIt will me small cluster for now with up to 10 worker nodes. But they will be big with 50 vCPU and 200 GB of RAM each
powerful-table-93807
01/25/2024, 9:36 PMI'll try setup etcd+cp for servers and will recreate a cluster. After this will test HA mode one more time by stopping server VMs
powerful-table-93807
01/25/2024, 10:02 PMWhen I create a cluster with Custom what should I choose -> Default RKE2 Embedded or External ?
c
creamy-pencil-82913
01/25/2024, 10:17 PMare you planning on deploying your own cloud controller, or using one of the other choices?
p
powerful-table-93807
01/25/2024, 10:27 PMSorry I'm not familiar with cloud controller. I want to setup cluster on prem datacenter.
c
creamy-pencil-82913
01/25/2024, 10:28 PMif you don’t know, I would probably leave it at the default then
p
powerful-table-93807
01/25/2024, 10:29 PMOk. Thanks
powerful-table-93807
01/25/2024, 11:16 PMThis time it looks like worked.
Jan 25 231206 my-cluster-master-2 rke2[1218]: time="2024-01-25T231206Z" level=info msg="Stopped tunnel to 10.73.120.11:9345"
Jan 25 231206 my-cluster-master-2 rke2[1218]: time="2024-01-25T231206Z" level=info msg="Proxy done" err="context canceled" url="wss://10.73.120.11:9345/v1-rke2/connect"
Jan 25 231215 my-cluster-master-2 rke2[1218]: time="2024-01-25T231215Z" level=info msg="Creating helm-controller event broadcaster"
Jan 25 231215 my-cluster-master-2 rke2[1218]: time="2024-01-25T231215Z" level=info msg="Creating reencrypt-controller event broadcaster"
Jan 25 231216 my-cluster-master-2 rke2[1218]: time="2024-01-25T231216Z" level=info msg="Starting helm.cattle.io/v1, Kind=HelmChart controller"
Jan 25 231216 my-cluster-master-2 rke2[1218]: time="2024-01-25T231216Z" level=info msg="Starting helm.cattle.io/v1, Kind=HelmChartConfig controller"
Jan 25 231216 my-cluster-master-2 rke2[1218]: time="2024-01-25T231216Z" level=info msg="Starting rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding controller"
Jan 25 231216 my-cluster-master-2 rke2[1218]: time="2024-01-25T231216Z" level=info msg="Starting batch/v1, Kind=Job controller"
Jan 25 231216 my-cluster-master-2 rke2[1218]: time="2024-01-25T231216Z" level=info msg="Starting /v1, Kind=ConfigMap controller"
Jan 25 231216 my-cluster-master-2 rke2[1218]: time="2024-01-25T231216Z" level=info msg="Starting /v1, Kind=ServiceAccount controller"
Jan 25 231224 my-cluster-master-2 rke2[1218]: time="2024-01-25T231224Z" level=info msg="Starting managed etcd apiserver addresses controller"
Jan 25 231224 my-cluster-master-2 rke2[1218]: time="2024-01-25T231224Z" level=info msg="Starting managed etcd member removal controller"
Jan 25 231224 my-cluster-master-2 rke2[1218]: time="2024-01-25T231224Z" level=info msg="Starting managed etcd snapshot ConfigMap controller"
Jan 25 231226 my-cluster-master-2 rke2[1218]: time="2024-01-25T231226Z" level=info msg="error in remotedialer server [400]: read tcp 10.73.120.129345 >10.73.120.1156142: i/o timeout"
powerful-table-93807
01/25/2024, 11:17 PMIn previous cluster I remember I wanted to troubleshoot something and removed etcd db on all nodes with no restoration. Looks like it was a cause
powerful-table-93807
01/25/2024, 11:18 PMIf I have 3 servers nodes with etcd + cp how node failures it will allow, 1 or 2 ?
powerful-table-93807
01/25/2024, 11:20 PMAfter stopping 2 vms of 3 last one was giving these errors
Jan 25 231859 my-cluster-master-2 rke2[17873]: time="2024-01-25T231859Z" level=info msg="Waiting for etcd server to become available"
Jan 25 231859 my-cluster-master-2 rke2[17873]: time="2024-01-25T231859Z" level=info msg="Waiting for API server to become available"
Jan 25 231901 my-cluster-master-2 rke2[17873]: time="2024-01-25T231901Z" level=info msg="Defragmenting etcd database"
Jan 25 231901 my-cluster-master-2 rke2[17873]: time="2024-01-25T231901Z" level=info msg="Waiting to retrieve kube-proxy configuration; server is not ready: https://127.0.0.1:9345/v1-rke2/readyz: 500 Internal Server Error"
Jan 25 231906 my-cluster-master-2 rke2[17873]: time="2024-01-25T231906Z" level=info msg="Waiting to retrieve kube-proxy configuration; server is not ready: https://127.0.0.1:9345/v1-rke2/readyz: 500 Internal Server Error"
Jan 25 231911 my-cluster-master-2 rke2[17873]: time="2024-01-25T231911Z" level=info msg="Waiting to retrieve kube-proxy configuration; server is not ready: https://127.0.0.1:9345/v1-rke2/readyz: 500 Internal Server Error"
Jan 25 231913 my-cluster-master-2 rke2[17873]: {"level":"warn","ts":"2024-01-25T231913.886557Z","logger":"etcd-client","caller":"v3@v3.5.9-k3s1/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc000759340/127.0.0.1:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = context deadline exceeded"}
Jan 25 231913 my-cluster-master-2 rke2[17873]: {"level":"info","ts":"2024-01-25T231913.88666Z","logger":"etcd-client","caller":"v3@v3.5.9-k3s1/client.go:210","msg":"Auto sync endpoints failed.","error":"context deadline exceeded"}
Jan 25 231916 my-cluster-master-2 rke2[17873]: {"level":"warn","ts":"2024-01-25T231916.554983Z","logger":"etcd-client","caller":"v3@v3.5.9-k3s1/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc000759340/127.0.0.1:2379","attempt":0,"error":"rpc error: code = Unknown desc = context deadline exceeded"}
Jan 25 231916 my-cluster-master-2 rke2[17873]: time="2024-01-25T231916Z" level=info msg="Failed to test data store connection: failed to report and disarm etcd alarms: etcd alarm list failed: rpc error: code = Unknown desc = context deadline exceeded"
Jan 25 231916 my-cluster-master-2 rke2[17873]: time="2024-01-25T231916Z" level=info msg="Waiting to retrieve kube-proxy configuration; server is not ready: https://127.0.0.1:9345/v1-rke2/readyz: 500 Internal Server Error"
Jan 25 231921 my-cluster-master-2 rke2[17873]: time="2024-01-25T231921Z" level=info msg="Defragmenting etcd database"
Jan 25 231921 my-cluster-master-2 rke2[17873]: time="2024-01-25T231921Z" level=info msg="Waiting to retrieve kube-proxy configuration; server is not ready: https://127.0.0.1:9345/v1-rke2/readyz: 500 Internal Server Error"
Jan 25 231926 my-cluster-master-2 rke2[17873]: time="2024-01-25T231926Z" level=info msg="Waiting to retrieve kube-proxy configuration; server is not ready: https://127.0.0.1:9345/v1-rke2/readyz: 500 Internal Server Error"
Jan 25 231928 my-cluster-master-2 rke2[17873]: {"level":"warn","ts":"2024-01-25T231928.886947Z","logger":"etcd-client","caller":"v3@v3.5.9-k3s1/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc000759340/127.0.0.1:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = context deadline exceeded"}
Jan 25 231928 my-cluster-master-2 rke2[17873]: {"level":"info","ts":"2024-01-25T231928.887031Z","logger":"etcd-client","caller":"v3@v3.5.9-k3s1/client.go:210","msg":"Auto sync endpoints failed.","error":"context deadline exceeded"}
Jan 25 231929 my-cluster-master-2 rke2[17873]: time="2024-01-25T231929Z" level=info msg="Waiting for API server to become available"
Jan 25 231929 my-cluster-master-2 rke2[17873]: time="2024-01-25T231929Z" level=info msg="Waiting for etcd server to become available"
Jan 25 231931 my-cluster-master-2 rke2[17873]: time="2024-01-25T231931Z" level=info msg="Waiting to retrieve kube-proxy configuration; server is not ready: https://127.0.0.1:9345/v1-rke2/readyz: 500 Internal Server Error"
Jan 25 231936 my-cluster-master-2 rke2[17873]: {"level":"warn","ts":"2
c
creamy-pencil-82913
01/25/2024, 11:24 PM> I wanted to troubleshoot something and removed etcd db on all nodes with no restoration
Yes that would cause problems for sure
> If I have 3 servers nodes with etcd + cp how node failures it will allow
https://etcd.io/docs/v3.5/faq/#what-is-failure-tolerance
p
powerful-table-93807
01/25/2024, 11:25 PMThanks you so much. Will continue experimenting with a cluster
powerful-table-93807
01/25/2024, 11:36 PMAfter server node vm was restarted it is showing 0 size for newly create etcd snapshot
c
creamy-pencil-82913
01/25/2024, 11:39 PMthat is a rancher bug. if you look on the nodes, they actually have a non-zero size. they were taken before the rancher agent was deployed, probably because you configured snapshots to run on an interval, and the snapshots are lacking metadata that rancher expects.
creamy-pencil-82913
01/25/2024, 11:39 PMYou can trigger additional manual snapshots, or just wait for the next automatic interval.
p
powerful-table-93807
01/25/2024, 11:40 PMOk
c
creamy-pencil-82913
01/25/2024, 11:40 PMyou can just ignore them, they’ll get cleaned up eventually after you take more snapshots.
👍 1
p
powerful-table-93807
01/26/2024, 2:37 PMIt still showing 0 size
34 Views