This message was deleted Rancher Users #rancher-desktop

Join Slack

This message was deleted.

# rancher-desktop

adamant-kite-43734

03/26/2024, 3:23 PM

This message was deleted.

proud-jewelry-46860

03/26/2024, 4:54 PM

The duplicate certificates are benign; would you be able post the logs (here, or file a new issue in the repo) so we can take a look?

billowy-traffic-45695

03/26/2024, 5:16 PM

Hi and thanks. I just found this in my k8s.log 2024-03-26T170549.882Z: Updating release version cache with 181 items in cache 2024-03-26T170552.231Z: Skipping pre-release v1.29.3-rc1+k3s1 2024-03-26T170552.231Z: Found old version v1.29.3+k3s1, stopping. 2024-03-26T170552.232Z: Got 181 versions. Could this be the issue?

billowy-traffic-45695

03/26/2024, 5:20 PM

Here’s a bunch more info in background.log 2024-03-26T170545.908Z: Still processing the first-run dialog: not opening main window 2024-03-26T170550.026Z: mainEvents settings-update: {“version”11,“application”{“adminAccess”false,“debug”false,“pathManagementStrategy”“rcfiles”,“telemetry”{“enabled”true},“updater”{“enabled”false},“autoStart”true,“startInBackground”true,“hideNotificationIcon”true,“window”{“quitOnClose”true},“extensions”{“allowed”{“enabled”false,“list”[]},“installed”{}}},“containerEngine”{“allowedImages”{“enabled”false,“patterns”[]},“name”“moby”},“virtualMachine”{“memoryInGB”6,“numberCPUs”6,“hostResolver”true},“WSL”{“integrations”{}},“kubernetes”{“version”“1.26.4”,“port”6443,“enabled”false,“options”{“traefik”true,“flannel”true},“ingress”{“localhostOnly”false}},“portForwarding”{“includeKubernetesServices”false},“images”{“showAll”true,“namespace”“k8s.io”},“diagnostics”{“showMuted”true,“mutedChecks”{}},“experimental”{“virtualMachine”{“type”“qemu”,“useRosetta”false,“socketVMNet”false,“mount”{“type”“reverse-sshfs”,“9p”{“securityModel”“none”,“protocolVersion”“9p2000.L”,“msizeInKB”128,“cacheMode”“mmap”,“msizeInKib”128}},“networkingTunnel”false,“proxy”{“enabled”false,“address”“”,“password”“”,“port”3128,“username”“”,“noproxy”[“0.0.0.0/8”,“10.0.0.0/8",“127.0.0.0/8”,“169.254.0.0/16",“172.16.0.0/12”,“192.168.0.0/16",“224.0.0.0/4”,“240.0.0.0/4"]}},“containerEngine”{“webAssembly”{“enabled”false}}},“containers”{“showAll”true,“namespace”“default”}} 2024-03-26T170550.090Z: UnhandledRejectionWarning: Error: ENOENT: no such file or directory, watch ‘/Users/paulrandall/.kube/config’ at FSWatcher.<anonymous> (nodeinternal/fs/watchers247:19) at Object.watch (nodefs2343:34) at /Applications/Rancher Desktop.app/Contents/Resources/app.asar/dist/app/background.js:41:109025 at Array.map (<anonymous>) at Ks.watchForChanges (/Applications/Rancher Desktop.app/Contents/Resources/app.asar/dist/app/background.js:41:109013) { errno: -2, syscall: ‘watch’, code: ‘ENOENT’, path: ‘/Users/paulrandall/.kube/config’, filename: ‘/Users/paulrandall/.kube/config’ } 2024-03-26T170627.076Z: Kubernetes was unable to start: c [Error]: /Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura exited with code 1 at ChildProcess.<anonymous> (/Applications/Rancher Desktop.app/Contents/Resources/app.asar/dist/app/background.js:2:138053) at ChildProcess.emit (nodeevents513:28) at Process.onexit (nodeinternal/child process291:12) { command: [ ‘/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura’, ‘shell’, ‘--workdir=.’, ‘0’, ‘sudo’, ‘update-ca-certificates’ ],

billowy-traffic-45695

03/26/2024, 5:22 PM

Here is the last entry in the lima.log 2024-03-26T170550.308Z: > /Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura list --json {“name”:“0",“status”“Stopped”,“dir”“/Users/paulrandall/.rdlima/0",“vmType”“qemu”,“arch”“x86_64",“cpuType”“host, pdpe1gb”,“cpus”6,“memory”6442450944,“disk”107374182400,“sshLocalPort”49200,“sshConfigFile”“/Users/paulrandall/.rdlima/0/ssh.config”,“config”{“vmType”“qemu”,“os”“Linux”,“arch”“x86_64”,“images”[{“location”“/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/alpine-lima-v0.2.35.rd2-rd-3.19.0.iso”,“arch”:“x86_64"}],“cpuType”:{“aarch64"“cortex a72”,“armv7l”“cortex-a7”,“riscv64":“rv64”,“x86_64"“host, pdpe1gb”},“cpus”6,“memory”:“6442450944",“disk”“100GiB”,“mounts”[{“location”“~”,“mountPoint”“~”,“writable”true,“sshfs”{“cache”true,“followSymlinks”false,“sftpDriver”“”},“9p”{“securityModel”“none”,“protocolVersion”“9p2000.L”,“msize”“128KiB”,“cache”“mmap”},“virtiofs”{}},{“location”“/tmp/rancher-desktop”,“mountPoint”“/tmp/rancher desktop”,“writable”true,“sshfs”{“cache”true,“followSymlinks”false,“sftpDriver”“”},“9p”{“securityModel”“none”,“protocolVersion”“9p2000.L”,“msize”“128KiB”,“cache”“mmap”},“virtiofs”{}},{“location”“/Volumes”,“mountPoint”“/Volumes”,“writable”true,“sshfs”{“cache”true,“followSymlinks”false,“sftpDriver”“”},“9p”{“securityModel”“none”,“protocolVersion”“9p2000.L”,“msize”“128KiB”,“cache”“mmap”},“virtiofs”{}},{“location”“/var/folders”,“mountPoint”“/var/folders”,“writable”true,“sshfs”{“cache”true,“followSymlinks”false,“sftpDriver”“”},“9p”{“securityModel”“none”,“protocolVersion”“9p2000.L”,“msize”“128KiB”,“cache”“mmap”},“virtiofs”{}},{“location”“/private/tmp”,“mountPoint”“/private/tmp”,“writable”true,“sshfs”{“cache”true,“followSymlinks”false,“sftpDriver”“”},“9p”{“securityModel”“none”,“protocolVersion”“9p2000.L”,“msize”“128KiB”,“cache”“mmap”},“virtiofs”{}},{“location”“/private/var/folders”,“mountPoint”“/private/var/folders”,“writable”true,“sshfs”{“cache”true,“followSymlinks”false,“sftpDriver”“”},“9p”{“securityModel”“none”,“protocolVersion”“9p2000.L”,“msize”“128KiB”,“cache”“mmap”},“virtiofs”{}},{“location”:“/Applications/Rancher Desktop.app/Contents/Resources/resources”,“mountPoint”:“/Applications/Rancher Desktop.app/Contents/Resources/resources”,“writable”:true,“sshfs”:{“cache”:true,“followSymlinks”:false,“sftpDriver”:“”},“9p”:{“securityModel”:“none”,“protocolVersion”:“9p2000.L”,“msize”:“128KiB”,“cache”:“mmap”},“virtiofs”:{}}],“mountType”:“reverse-sshfs”,“ssh”:{“localPort”:49200,“loadDotSSHPubKeys”:false,“forwardAgent”:false,“forwardX11":false,“forwardX11Trusted”:false},“firmware”:{“legacyBIOS”:false},“audio”:{“device”:“”},“video”:{“display”:“none”,“vnc”:{“display”:“127.0.0.1:0,to=9"}},“provision”:[{“mode”:“system”,“script”:“#!/bin/sh\nset -o errexit -o nounset -o xtrace\nmkdir -p /bootfs\nmount --bind / /bootfs\n# /bootfs/etc is empty on first boot because it has been moved to /mnt/data/etc by lima\nif [ -f /bootfs/etc/os-release ] && ! diff -q /etc/os-release /bootfs/etc/os-release; then\n cp /etc/machine-id /bootfs/etc\n cp /etc/ssh/ssh_host* /bootfs/etc/ssh/\n mkdir -p /etc/docker /etc/rancher\n cp -pr /etc/docker /bootfs/etc\n cp -pr /etc/rancher /bootfs/etc\n\n rm -rf /mnt/data/etc.prev\n mkdir /mnt/data/etc.prev\n mv /etc/* /mnt/data/etc.prev\n mv /bootfs/etc/* /etc\n\n # install updated files from /usr/local, e.g. nerdctl, buildkit, cni plugins\n cp -pr /bootfs/usr/local /usr\n\n # lima has applied changes while the \“old\” /etc was in place; restart to apply them to the updated one.\n reboot\nfi\numount /bootfs\nrmdir /bootfs\n”},{“mode”“system”,“script”“#!/bin/sh\nset -o errexit -o nounset -o xtrace\n[[ \“${RC_CGROUP_MODE:-}\” =~ \“unified|hybrid|legacy\” ]] || exit 0\nif ! grep -q -E \“^#?rc_cgroup_mode=\\\“$RC_CGROUP_MODE\\\“\” /etc/rc.conf; then\n sed -i -E \“s/^#?rc_cgroup_mode=\\\“.*\\\“/rc_cgroup_mode=\\\“$RC_CGROUP_MODE\\\“/\” /etc/rc.conf\n # avoid reboot loop if sed failed for any reason\n if grep -q -E \“^rc_cgroup_mode=\\\“$RC_CGROUP_MODE\\\“\” /etc/rc.conf; then\n reboot\n fi\nfi\n”},{“mode”“system”,“script”“#!/bin/sh\nset -o errexit -o nounset -o xtrace\nfstrim /mnt/data\n”},{“mode”“system”,“script”“#!/bin/sh\nset -o errexit -o nounset -o xtrace\nsed -i -E ‘s/^#?MaxSessions +[0-9]+/MaxSessions 25/g’ /etc/ssh/sshd_config\nrc-service --ifstarted sshd reload\n”},{“mode”“system”,“script”“#!/bin/sh\nset -o errexit -o nounset -o xtrace\nif ! [ -d /mnt/data/root ]; then\n mkdir -p /root\n mv /root /mnt/data/root\nfi\nmkdir -p /root\nmount --bind /mnt/data/root /root\n”},{“mode”“system”,“script”“#!/bin/sh\nset -o errexit -o nounset -o xtrace\nmkdir -p /etc/docker\n\n# Delete certs.d if it is a symlink (from previous boot).\n[ -L /etc/docker/certs.d ] && rm /etc/docker/certs.d\n\n# Create symlink if certs.d doesn’t exist (user may have created a regular directory).\nif [ ! -e /etc/docker/certs.d ]; then\n # We don’t know if the host is Linux or macOS, so we take a guess based on which mountpoint exists.\n if [ -d \“/Users/${LIMA_CIDATA_USER}\” ]; then\n ln -s \“/Users/${LIMA_CIDATA_USER}/.docker/certs.d\” /etc/docker\n elif [ -d \“/home/${LIMA_CIDATA_USER}\” ]; then\n ln -s \“/home/${LIMA_CIDATA_USER}/.docker/certs.d\” /etc/docker\n fi\nfi\n”},{“mode”“system”,“script”“#!/bin/sh\nhostname lima-rancher-desktop\n”},{“mode”“system”,“script”“#!/bin/sh\nset -o errexit -o nounset -o xtrace\n# During boot is the only safe time to delete old k3s versions.\nrm -rf /var/lib/rancher/k3s/data\n# Delete all tmp files older than 3 days.\nfind /tmp -depth -mtime +3 -delete\n”},{“mode”“system”,“script”“#!/bin/sh\nset -o errexit -o nounset -o xtrace\nfor dir in / /etc /tmp /var/lib; do\n mount --make-shared \“${dir}\“\ndone\n”},{“mode”“system”,“script”“#!/bin/sh\n# Move logrotate to hourly, because busybox crond only handles time jumps up\n# to one hour; this ensures that if the machine is suspended over long\n# periods, things will still happen often enough. This is idempotent.\nmv -n /etc/periodic/daily/logrotate /etc/periodic/hourly/\nrc-update add crond default\nrc-service crond start\n”},{“mode”“system”,“script”“set -o errexit -o nounset -o xtrace\nusermod --append --groups docker \“${LIMA_CIDATA_USER}\“\n”},{“mode”“system”,“script”“export CAROOT=/run/mkcert\nmkdir -p $CAROOT\ncd $CAROOT\nmkcert -install\nmkcert localhost\nchown -R nobody:nobody $CAROOT\n”},{“mode”“system”,“script”“set -o errexit -o nounset -o xtrace\n\n# openresty is backgrounding itself (and writes its own pid file)\nsed -i ‘s/^command_background/#command_background/’ /etc/init.d/rd-openresty\n\n# configure proxy only when allowed-images exists\nallowed_images_conf=/usr/local/openresty/nginx/conf/allowed-images.conf\n# Remove the reference to an obsolete image conf filename\nobsolete_image_allow_list_conf=/usr/local/openresty/nginx/conf/image-allow-list.conf\nsetproxy=\“[ -f $allowed_images_conf ] && supervise_daemon_args=\\\“-e HTTPS_PROXY=http://127.0.0.1:3128 \\${supervise_daemon_args:-}\\\” || true\“\nfor svc in containerd docker; do\n sed -i \“\\#-f $allowed_images_conf#d\” /etc/init.d/$svc\n sed -i \“\\#-f $obsolete_image_allow_list_conf#d\” /etc/init.d/$svc\n echo \“$setproxy\” >> /etc/init.d/$svc\ndone\n\n# Make sure openresty log directory exists\ninstall -d -m755 /var/log/openresty\n”},{“mode”“system”,“script”“#!/bin/sh\nset -o errexit\n\nmount bpffs -t bpf /sys/fs/bpf\nmount --make-shared /sys/fs/bpf\nmount --make-shared /sys/fs/cgroup\n”}],“containerd”{“system”false,“user”false,“archives”[{“location”:“https://github.com/containerd/nerdctl/releases/download/v1.7.1/nerdctl-full-1.7.1-linux-amd64.tar.gz”,“arch”:“x86_64",“digest”“sha2567c174a9ccc4dffdef08fe43eeb99e62ed00d7a4fd0b3a2fe60b3bfdd044c9135"},{“location”:“https://github.com/containerd/nerdctl/releases/download/v1.7.1/nerdctl-full-1.7.1-linux-arm64.tar.gz”,“arch”:“aarch64",“digest”“sha25641127a03c407465d6ba419d63dece475a65d5a0c59c46113eb30f99e9db35407"}]},“guestInstallPrefix”“/usr/local”,“portForwards”[{“guestIPMustBeZero”true,“guestIP”“0.0.0.0",“guestPortRange”[1,65535],“hostIP”“0.0.0.0”,“hostPortRange”[1,65535],“proto”“tcp”},{“guestIP”:“127.0.0.1",“guestPortRange”[1,65535],“guestSocket”“/var/run/docker.sock”,“hostIP”“127.0.0.1”,“hostPortRange”[1,65535],“hostSocket”“/Users/paulrandall/.rd/docker.sock”,“proto”“tcp”}],“env”{“RC CGROUP MODE”“unified”},“hostResolver”{“enabled”true,“ipv6"false,“hosts”{“host.docker.internal”“host.lima.internal”,“host.rancher desktop.internal”“host.lima.internal”,“lima-rancher-desktop”“lima 0”}},“propagateProxyEnv”true,“caCerts”{“removeDefaults”false},“rosetta”{“enabled”false,“binfmt”false},“plain”false},“sshAddress”:“127.0.0.1",“protected”false,“HostOS”“darwin”,“HostArch”“x86 64”,“LimaHome”“/Users/paulrandall/.rdlima”,“IdentityFile”:“/Users/paulrandall/.rdlima/_config/user”}

proud-jewelry-46860

03/26/2024, 5:46 PM

k8s.log

seems fine.

background.log

not having

.kube/config

is fine; the only issue is the failure to run

update-ca-certificates

lima.log

doesn't tell us anything interesting in that line (just that it's stopped). It might be useful to enable debug logs then trying again, but this time focus on

lima.log

around where it's updating the certs (that is, examine the bits right around it running

limactl.ventura --debug shell --workdir=. 0 sudo update-ca-certificates

billowy-traffic-45695

03/26/2024, 5:47 PM

OK. I’ll go and turn that on and restart and see what comes in 🙂 Thanks again.

billowy-traffic-45695

03/26/2024, 5:54 PM

There is a lot of lines in there at that time.

billowy-traffic-45695

03/26/2024, 5:55 PM

code: 1, [Symbol(child-process.command)]: ‘/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura --debug shell --workdir=. 0 sudo update-ca-certificates’ } 2024-03-26T174954.849Z: Progress: errored Starting Backend: Error: /Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura exited with code 1

billowy-traffic-45695

03/26/2024, 5:56 PM

WARNING: Skipping duplicate certificate in file ca-cert-emSign_Root_CA_-_G1.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-1.pem WARNING: Skipping duplicate certificate in file ca-cert-Actalis_Authentication_Root_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-TWCA_Global_Root_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-61.pem WARNING: Skipping duplicate certificate in file ca-cert-DigiCert_Global_Root_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-83.pem run-parts: /etc/ca-certificates/update.d/certhash: exit status 132 2024-03-26T174954.848Z: Progress: errored Installing CA certificates: Error: /Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura exited with code 1 2024-03-26T174954.848Z: Error starting lima: c [Error]: /Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura exited with code 1 at ChildProcess.<anonymous> (/Applications/Rancher Desktop.app/Contents/Resources/app.asar/dist/app/background.js:2:138053) at ChildProcess.emit (nodeevents513:28) at Process.onexit (nodeinternal/child process291:12) { command: [ ‘/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura’, ‘--debug’, ‘shell’, ‘--workdir=.’, ‘0’, ‘sudo’, ‘update-ca-certificates’ ], stdout: ‘’, stderr: ‘time=“2024-03-26T174954Z” level=debug msg=“changeDirCmd=\\“cd . || exit 1\\“”\n’ + ‘time=“2024-03-26T174954Z” level=debug msg=“OpenSSH version 9.6.1 detected”\n’ + ‘time=“2024-03-26T174954Z” level=debug msg=“AES accelerator seems available, prioritizing aes128-gcm@openssh.com and aes256-gcm@openssh.com”\n’ +

time=“2024-03-26T17:49:54Z” level=debug msg=“executing ssh (may take a long)): [/usr/bin/ssh -F /dev/null -o IdentityFile=\\“/Users/paulrandall/.rdlima/_config/user\\” -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\\“^<mailto:aes128-gcm@openssh.com|aes128-gcm@openssh.com>,<mailto:aes256-gcm@openssh.com|aes256-gcm@openssh.com>\\” -o User=paulrandall -o ControlMaster=auto -o ControlPath=\\“/Users/paulrandall/.rdlima/0/ssh.sock\\” -o ControlPersist=yes -q -p 49287 127.0.0.1 -- cd . || exit 1 ; exec \\“$SHELL\\” --login -c ‘sudo update-ca-certificates’]“\n

+ ‘WARNING: Skipping duplicate certificate in file ca-cert-Certum_Trusted_Network_CA.pem\n’ + ‘WARNING: Skipping duplicate certificate in file ca-cert-emSign_ECC_Root_CA_-_G3.pem\n’ + ‘WARNING: Skipping duplicate certificate in file ca-cert-rd-37.pem\n’ + ‘WARNING: Skipping duplicate certificate in file ca-cert-GlobalSign_Root_E46.pem\n’ +

billowy-traffic-45695

03/26/2024, 5:58 PM

These are the last lines before a huge list of SSL certs are mentioned.

billowy-traffic-45695

03/26/2024, 5:58 PM

Here is some more info from the log. tar: rd-137.crt: time stamp 2024-03-26 174954 is 0.586216635 s in the future tar: rd-138.crt: time stamp 2024-03-26 174954 is 0.586195903 s in the future tar: rd-139.crt: time stamp 2024-03-26 174954 is 0.586175838 s in the future tar: rd-140.crt: time stamp 2024-03-26 174954 is 0.586156062 s in the future tar: rd-141.crt: time stamp 2024-03-26 174954 is 0.586135371 s in the future tar: rd-142.crt: time stamp 2024-03-26 174954 is 0.586112676 s in the future tar: rd-143.crt: time stamp 2024-03-26 174954 is 0.58609248 s in the future tar: rd-144.crt: time stamp 2024-03-26 174954 is 0.586071738 s in the future tar: rd-145.crt: time stamp 2024-03-26 174954 is 0.586051924 s in the future tar: rd-146.crt: time stamp 2024-03-26 174954 is 0.586032039 s in the future tar: rd-147.crt: time stamp 2024-03-26 174954 is 0.586008273 s in the future tar: rd-148.crt: time stamp 2024-03-26 174954 is 0.585987788 s in the future 2024-03-26T174954.848Z: Lima: executing: sudo update-ca-certificates: Error: /Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura exited with code 1 2024-03-26T174954.848Z: stdout: 2024-03-26T174954.848Z: stderr: time=“2024-03-26T174954Z” level=debug msg=“changeDirCmd=\“cd . || exit 1\“” time=“2024-03-26T174954Z” level=debug msg=“OpenSSH version 9.6.1 detected” time=“2024-03-26T174954Z” level=debug msg=“AES accelerator seems available, prioritizing aes128-gcm@openssh.com and aes256-gcm@openssh.com” time=“2024-03-26T174954Z” level=debug msg=“executing ssh (may take a long)): [/usr/bin/ssh -F /dev/null -o IdentityFile=\“/Users/paulrandall/.rdlima/_config/user\” -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\“^aes128-gcm@openssh.com,aes256-gcm@openssh.com\” -o User=paulrandall -o ControlMaster=auto -o ControlPath=\“/Users/paulrandall/.rdlima/0/ssh.sock\” -o ControlPersist=yes -q -p 49287 127.0.0.1 -- cd . || exit 1 ; exec \“$SHELL\” --login -c ‘sudo update-ca-certificates’]” WARNING: Skipping duplicate certificate in file ca-cert-Certum_Trusted_Network_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-emSign_ECC_Root_CA_-_G3.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-37.pem WARNING: Skipping duplicate certificate in file ca-cert-GlobalSign_Root_E46.pem WARNING: Skipping duplicate certificate in file ca-cert-IdenTrust_Public_Sector_Root_CA_1.pem

billowy-traffic-45695

03/26/2024, 6:00 PM

Some lines mostly with debug messages: “enabled”false,“binfmt”false},“plain”false},“sshAddress”“127.0.0.1”,“protected”false,“HostOS”“darwin”,“HostArch”:“x86_64",“LimaHome”“/Users/paulrandall/.rdlima”,“IdentityFile”“/Users/paulrandall/.rdlima/_config/user”} 2024-03-26T174953.001Z: > limactl --debug start --tty=false 0 time=“2024-03-26T174921Z” level=debug msg=“interpreting argument \“0\” as an instance name” time=“2024-03-26T174921Z” level=info msg=“Using the existing instance \“0\“” time=“2024-03-26T174921Z” level=debug msg=“Failed to look up socket_vmnet path \“/opt/socket_vmnet/bin/socket_vmnet\“” error=“exec: \“/opt/socket_vmnet/bin/socket_vmnet\“: stat /opt/socket_vmnet/bin/socket_vmnet: no such file or directory” time=“2024-03-26T174921Z” level=debug msg=“Failed to look up socket_vmnet path \“socket_vmnet\“” error=“exec: \“socket_vmnet\“: executable file not found in $PATH” time=“2024-03-26T174921Z” level=debug msg=“Failed to look up socket_vmnet path \“/usr/local/opt/socket_vmnet/bin/socket_vmnet\“” error=“exec: \“/usr/local/opt/socket_vmnet/bin/socket_vmnet\“: stat /usr/local/opt/socket_vmnet/bin/socket_vmnet: no such file or directory” time=“2024-03-26T174921Z” level=debug msg=“Failed to look up socket_vmnet path \“/opt/homebrew/opt/socket_vmnet/bin/socket_vmnet\“” error=“exec: \“/opt/homebrew/opt/socket_vmnet/bin/socket_vmnet\“: stat /opt/homebrew/opt/socket_vmnet/bin/socket_vmnet: no such file or directory” time=“2024-03-26T174921Z” level=debug msg=“Make sure \“rancher-desktop-shared\” network is stopped” time=“2024-03-26T174921Z” level=debug msg=“Make sure \“host\” network is stopped” time=“2024-03-26T174921Z” level=debug msg=“Make sure \“user-v2\” network is stopped” time=“2024-03-26T174921Z” level=debug msg=“Make sure usernet network is stopped” time=“2024-03-26T174921Z” level=info msg=“Starting the instance \“0\” with VM driver \“qemu\“” time=“2024-03-26T174921Z” level=debug msg=“Executed [codesign --verify /Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/qemu-system-x86_64]: out=\“\”" error=“<nil>” time=“2024-03-26T174921Z” level=debug msg=“Executed [codesign --display --entitlements - --xml /Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/qemu-system-x86_64]: out=\“Executable=/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/qemu-system-x86_64\\n<?xml version=\\\“1.0\\\” encoding=\\\“UTF-8\\\“?><!DOCTYPE plist PUBLIC \\\“-//Apple//DTD PLIST 1.0//EN\\\” \\\“https://www.apple.com/DTDs/PropertyList-1.0.dtd\\\“><plist version=\\\“1.0\\\“><dict><key>com.apple.security.cs.allow-jit</key><true/><key>com.apple.security.hypervisor</key><true/></dict></plist>\\n\“” error=“<nil>” time=“2024-03-26T174921Z” level=info msg=“QEMU binary \“/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/qemu-system-x86_64\” seems properly signed with the \“com.apple.security.hypervisor\” entitlement” time=“2024-03-26T174921Z” level=debug msg=“[hostagent] Creating iso file /Users/paulrandall/.rdlima/0/cidata.iso” time=“2024-03-26T174921Z” level=debug msg=“[hostagent] Using /var/folders/0c/5mb43wlx2ql91xty8r8vwhq40000gn/T/diskfs_iso3616294512 as workspace” time=“2024-03-26T174922Z” level=debug msg=“[hostagent] OpenSSH version 9.6.1 detected” time=“2024-03-26T174922Z” level=debug msg=“[hostagent] AES accelerator seems available, prioritizing aes128-gcm@openssh.com and aes256-gcm@openssh.com” time=“2024-03-26T174922Z” level=info msg=“[hostagent] hostagent socket created at /Users/paulrandall/.rdlima/0/ha.sock” time=“2024-03-26T174922Z” level=debug msg=“[hostagent] Start udp DNS listening on: 127.0.0.1:55013" time=“2024-03-26T174922Z” level=debug msg=“[hostagent] Start tcp DNS listening on: 127.0.0.1:49288" time=“2024-03-26T174922Z” level=debug msg=“[hostagent] QEMU version 7.1.0 detected” time=“2024-03-26T174922Z” level=debug msg=“[hostagent] firmware candidates = [/Users/paulrandall/.local/share/qemu/edk2-x86_64-code.fd /Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/share/qemu/edk2-x86_64-code.fd /usr/share/OVMF/OVMF_CODE.fd /usr/share/qemu/ovmf-x86_64-code.bin /usr/share/edk2-ovmf/x64/OVMF_CODE.fd]” time=“2024-03-26T174922Z” level=info msg=“[hostagent] Starting QEMU (hint: to watch the boot progress, see \“/Users/paulrandall/.rdlima/0/serial*.log\“)” time=“2024-03-26T174922Z” level=debug msg=“[hostagent] qCmd.Args: [/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/qemu-system-x86_64 -m 6144 -cpu host,-pdpe1gb -machine q35,accel=hvf -smp 6,sockets=1,cores=6,threads=1 -drive if=pflash,format=raw,readonly=on,file=/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/share/qemu/edk2-x86_64-code.fd -boot order=d,splash-time=0,menu=on -drive file=/Users/paulrandall/.rdlima/0/basedisk,format=raw,media=cdrom,readonly=on -drive file=/Users/paulrandall/.rdlima/0/diffdisk,if=virtio,discard=on -drive id=cdrom0,if=none,format=raw,readonly=on,file=/Users/paulrandall/.rdlima/0/cidata.iso -device virtio-scsi-pci,id=scsi0 -device scsi-cd,bus=scsi0.0,drive=cdrom0 -netdev user,id=net0,net=192.168.5.0/24,dhcpstart=192.168.5.15,hostfwd=tcp127.0.0.149287-:22 -device virtio-net-pci,netdev=net0,mac=525555f5c7:b3 -device virtio-rng-pci -display none -device virtio-vga -device virtio-keyboard-pci -device virtio-mouse-pci -device qemu-xhci,id=usb-bus -parallel none -chardev socket,id=char-serial,path=/Users/paulrandall/.rdlima/0/serial.sock,server=on,wait=off,logfile=/Users/paulrandall/.rdlima/0/serial.log -serial chardev:char-serial -chardev socket,id=char-serial-virtio,path=/Users/paulrandall/.rdlima/0/serialv.sock,server=on,wait=off,logfile=/Users/paulrandall/.rdlima/0/serialv.log -device virtio-serial-pci,id=virtio-serial0,max_ports=1 -device virtconsole,chardev=char-serial-virtio,id=console0 -chardev socket,id=char-qmp,path=/Users/paulrandall/.rdlima/0/qmp.sock,server=on,wait=off -qmp chardev:char-qmp -chardev socket,path=/Users/paulrandall/.rdlima/0/ga.sock,server=on,wait=off,id=qga0 -device virtio-serial -device virtserialport,chardev=qga0,name=io.lima-vm.guest_agent.0 -name lima-0 -pidfile /Users/paulrandall/.rdlima/0/qemu.pid]”

billowy-traffic-45695

03/26/2024, 6:04 PM

There are 936 lines in the log. All from 17:49. Here it is if that helps.

lima.log

proud-jewelry-46860

03/26/2024, 6:30 PM

run-parts: /etc/ca-certificates/update.d/certhash: exit status 132

That's probably the actual problem? That script actually runs

/usr/bin/c_rehash /etc/ssl/certs

, so there's probably one cert that it didn't like.

billowy-traffic-45695

03/26/2024, 6:31 PM

Whw that would be good. I have no idea where the certs are installed or what would happen if I deleted one of them. My setup is like this for MySQL. version: “3” # Creates MariaDB container and phpMyAdmin service to manage it services: db: image: mariadb:latest container_name: db hostname: db restart: always networks: - mysql-net environment: MYSQL_ROOT_PASSWORD: dbrootpassword volumes: # Will use db volume and inside to path /var/lib/mysql - db:/var/lib/mysql phpmyadmin: # Depends on only works within same stack, but not between remote containers (even on user-defined network) depends_on: - db image: phpmyadmin/phpmyadmin restart: always networks: - mysql-net container_name: phpmyadmin hostname: phpmyadmin ports: # Exposes external port 7000 mapped to internal of 80 # Database required no external port of its own - 7000:80 environment: PMA_HOST: db MYSQL_ROOT_PASSWORD: dbrootpassword # Variable to increase upload limit for importing sql db files UPLOAD_LIMIT: 200000K volumes: # Creates persistent storage volume for database # Specify name so it does not append stack name in front db: name: db networks: # This will create a user-defined network with name of mysql-net # Specify name so that it does not append stack name and become db_mysql-net mysql-net: name: mysql-net

proud-jewelry-46860

03/26/2024, 6:32 PM

It's possible to manually start lima to troubleshoot: • Set the

LIMA_HOME

environment variable to

/Users/paulrandall/.rdlima/

• Run

/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura> start 0

• (This starts the same VM Rancher Desktop starts, but without all the things we do to make it works as a container thing) • Run

/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura> shell 0

to get into the VM • Run

/usr/bin/c_rehash -v /etc/ssl/certs

to see if that tell you which cert is breaking things.

billowy-traffic-45695

03/26/2024, 6:32 PM

I need to make sure that those databases don’t disappear. Is there a safe way of sorting this out Mook?

proud-jewelry-46860

03/26/2024, 6:33 PM

Those are the certs from your host system (that is, macOS).

proud-jewelry-46860

03/26/2024, 6:34 PM

You might be able to do the same lima start thing above to get to a shell where you can run

nerdctl

or `docker`; but before you do that, use the Rancher Desktop UI to make a snapshot so you have more chances to roll back?

billowy-traffic-45695

03/26/2024, 6:36 PM

OK. I’ll do a snapshot now first but I have no idea where I change the environment variables. Sorry to sound dumb but this is hte first time I have had to edit stuff in Rancher Desktop. I usually just drag and drop a new version into my Applications folder and run it.

billowy-traffic-45695

03/26/2024, 6:38 PM

It said that it wouldn’t create the snapshot because the state is Error.

proud-jewelry-46860

03/26/2024, 6:39 PM

Oh, sorry, I should be more explicit. • Start

<http://Terminal.app|Terminal.app>

(as in, the application) • enter

export LIMA_HOME=/Users/paulrandall/.rdlima/

to set the variable for that session (it goes away once you close the window) • Run the things I had above.

proud-jewelry-46860

03/26/2024, 6:42 PM

Ugh, right… I think you can still create the snapshot from the command line (

rdctl snapshot create --help

for instructions) after you quit Rancher Desktop.

billowy-traffic-45695

03/26/2024, 6:45 PM

So I ran this in Terminal: export LIMA_HOME=/Users/paulrandall/.rdlima/ Not sure what that does. Do I quit RD now and run this: rdctl snapshot create --help

billowy-traffic-45695

03/26/2024, 6:49 PM

I am not sure of exactly what to run to create the snapshot. Here is the help. Usage: rdctl snapshot create <name> [flags] Flags: --description string snapshot description --description-from string snapshot description from a file (or - for stdin) -h, --help help for create --json output json format Global Flags: --config-path string config file (default /Users/paulrandall/Library/Application Support/rancher-desktop/rd-engine.json) --host string default is 127.0.0.1; most useful for WSL --password string overrides the password setting in the config file --port int overrides the port setting in the config file --user string overrides the user setting in the config file --verbose Be verbose paulrandall@Mac-Mini-Server ~ %

proud-jewelry-46860

03/26/2024, 6:49 PM

Yeah; the

export …

line is set up to let

limactl

later know what your setup looks like.

proud-jewelry-46860

03/26/2024, 6:49 PM

You should be able to do

rdctl snapshot create abcdef

or something to create a snapshot

billowy-traffic-45695

03/26/2024, 6:51 PM

I assume if I reboot RD I will see that in the snapshots list in the RD GUI yes?

proud-jewelry-46860

03/26/2024, 6:52 PM

Yeah

billowy-traffic-45695

03/26/2024, 6:53 PM

Yes it’s there. So do I run this now: export LIMA_HOME=/Users/paulrandall/.rdlima/ Then these: • Set the

LIMA_HOME

environment variable to

/Users/paulrandall/.rdlima/

• Run

/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura> start 0

• (This starts the same VM Rancher Desktop starts, but without all the things we do to make it works as a container thing) • Run

/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura> shell 0

to get into the VM • Run

/usr/bin/c_rehash -v /etc/ssl/certs

to see if that tell you which cert is breaking things. Also do I run them while RD is running or when it’s quit?

proud-jewelry-46860

03/26/2024, 6:53 PM

The

export

line is what is used to _Set the

LIMA_HOME

environment variable_.

billowy-traffic-45695

03/26/2024, 6:53 PM

I’m kinda old and dumb so I apologise if it shows Mook.

proud-jewelry-46860

03/26/2024, 6:54 PM

And do all of that while Rancher Desktop is not running.

billowy-traffic-45695

03/26/2024, 6:54 PM

Thanks. One sec. I’ll give it a go 🙂 Fingers crossed.

proud-jewelry-46860

03/26/2024, 6:54 PM

No worries, you're not bad at all (and old and not knowing looks exactly the same as young and not knowing… 😄 )

billowy-traffic-45695

03/26/2024, 6:55 PM

I’m 58. When I get stressed my brain sloooooooooowwwwwwsssss right down!

billowy-traffic-45695

03/26/2024, 6:56 PM

OK so I set that variable first with the export line then do the other things yes? I just want to get this right.

billowy-traffic-45695

03/26/2024, 6:57 PM

I hugely appreciate your help by the way.

proud-jewelry-46860

03/26/2024, 6:59 PM

Yeah. To re-summarize everything, it would be: • (I think you already have the snapshot; if not, do that first) •

export LIMA_HOME=/Users/paulrandall/.rdlima/

•

/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura> start 0

• (wait for things to happen) •

/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura> shell 0

•

/usr/bin/c_rehash -v /etc/ssl/certs

billowy-traffic-45695

03/26/2024, 6:59 PM

paulrandall@Mac-Mini-Server ~ % /Applications/Rancher\ Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura start 0 INFO[0000] Using the existing instance “0” INFO[0000] Starting the instance “0" with VM driver “qemu” FATA[0000] failed to find the QEMU binary for the architecture “x86_64": exec: “qemu-system-x86_64”: executable file not found in $PATH paulrandall@Mac-Mini-Server ~ %

proud-jewelry-46860

03/26/2024, 7:00 PM

Sigh. Sorry, it's been too long since I've done this and trying to do things off the top of my head isn't working 😛 I must be getting old too…

billowy-traffic-45695

03/26/2024, 7:01 PM

I hope you’re not 30 and saying that 😉 It will mean I get an upgrade from “old” to “ancient”!

proud-jewelry-46860

03/26/2024, 7:02 PM

Yeah. To re-summarize everything, it would be: • (I think you already have the snapshot; if not, do that first) •

export LIMA_HOME=/Users/paulrandall/.rdlima/

•

export PATH="$PATH:/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin|Desktop.app/Contents/Resources/resources/darwin/lima/bin>"

•

"/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura>" start 0

• (wait for things to happen) •

"/Applications/Rancher <http://Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura|Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura>" shell 0

•

/usr/bin/c_rehash -v /etc/ssl/certs

(Added the second line with

export PATH

)

billowy-traffic-45695

03/26/2024, 7:04 PM

I also escaped the space with a backslash in “Rancher Desktop”. Having said that I now get this. paulrandall@Mac-Mini-Server ~ % export LIMA_HOME=/Users/paulrandall/.rdlima/ paulrandall@Mac-Mini-Server ~ % export PATH=“$PATH:/Applications/Rancher\ Desktop.app/Contents/Resources/resources/darwin/lima/bin” paulrandall@Mac-Mini-Server ~ % “/Applications/Rancher\ Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura” start 0 zsh: no such file or directory: /Applications/Rancher\ Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura

billowy-traffic-45695

03/26/2024, 7:13 PM

One question I do have is that I set up a persistent file store in my docker-compose.yml for the MySQL database so I could restart and still get back all my databases. But I have no ideas where in the Mac filesystem RD stores those files. Would it be possible to take those files and rebuild everything from scratch and then import them in some way? If this doesn’t work.

billowy-traffic-45695

03/26/2024, 7:21 PM

As well as this Intel Mac I have an M1 Mac too. Is there a way to set RD up on that then to copy all the files (including the persistant DB files onto that and then run it on that and get up all my data? Just trying to think outside the box here. Also I was wondering if I set up Docker Desktop and somehow moved all my DB files into that from RD. Just so I can do a dump of the databases.

proud-jewelry-46860

03/26/2024, 7:24 PM

I noticed the space so quoted it, so you didn't need to escape it, I think?

proud-jewelry-46860

03/26/2024, 7:26 PM

Everything is stored in

/Users/paulrandall/.rdlima/0/diffdisk

(it's a qemu disk image, or a raw disk if you're on VZ)

billowy-traffic-45695

03/26/2024, 7:26 PM

Ok it’s now doing stuff 🙂

billowy-traffic-45695

03/26/2024, 7:26 PM

Thanks 🙂

proud-jewelry-46860

03/26/2024, 7:26 PM

And everything is in that directory (a snapshot is just a tarball of the thing, plus random prefs and things, if I remember correctly)

billowy-traffic-45695

03/26/2024, 7:27 PM

paulrandall@Mac-Mini-Server ~ % export PATH=“$PATH:/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin” paulrandall@Mac-Mini-Server ~ % “/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura” start 0 INFO[0000] Using the existing instance “0” INFO[0000] Starting the instance “0" with VM driver “qemu” INFO[0000] QEMU binary “/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/qemu-system-x86_64" seems properly signed with the “com.apple.security.hypervisor” entitlement INFO[0000] [hostagent] hostagent socket created at /Users/paulrandall/.rdlima/0/ha.sock INFO[0001] [hostagent] Starting QEMU (hint: to watch the boot progress, see “/Users/paulrandall/.rdlima/0/serial*.log”) INFO[0001] SSH Local Port: 49399 INFO[0001] [hostagent] Waiting for the essential requirement 1 of 4: “ssh” INFO[0029] [hostagent] Waiting for the essential requirement 1 of 4: “ssh” INFO[0029] [hostagent] The essential requirement 1 of 4 is satisfied INFO[0029] [hostagent] Waiting for the essential requirement 2 of 4: “user session is ready for ssh” INFO[0029] [hostagent] The essential requirement 2 of 4 is satisfied INFO[0029] [hostagent] Waiting for the essential requirement 3 of 4: “sshfs binary to be installed” INFO[0029] [hostagent] The essential requirement 3 of 4 is satisfied INFO[0029] [hostagent] Waiting for the essential requirement 4 of 4: “/etc/fuse.conf (/etc/fuse3.conf) to contain \“user_allow_other\“” INFO[0029] [hostagent] The essential requirement 4 of 4 is satisfied INFO[0029] [hostagent] Mounting “/Users/paulrandall” on “/Users/paulrandall” INFO[0029] [hostagent] Mounting “/tmp/rancher-desktop” on “/tmp/rancher-desktop” INFO[0030] [hostagent] Mounting “/Volumes” on “/Volumes” INFO[0030] [hostagent] Mounting “/var/folders” on “/var/folders” INFO[0030] [hostagent] Mounting “/private/tmp” on “/private/tmp” INFO[0030] [hostagent] Mounting “/private/var/folders” on “/private/var/folders” INFO[0031] [hostagent] Mounting “/Applications/Rancher Desktop.app/Contents/Resources/resources” on “/Applications/Rancher Desktop.app/Contents/Resources/resources” INFO[0031] [hostagent] Waiting for the guest agent to be running INFO[0031] [hostagent] Forwarding “/var/run/docker.sock” (guest) to “/Users/paulrandall/.rd/docker.sock” (host) INFO[0031] [hostagent] Forwarding “/run/lima-guestagent.sock” (guest) to “/Users/paulrandall/.rdlima/0/ga.sock” (host) INFO[0031] [hostagent] Guest agent is running INFO[0031] [hostagent] Waiting for the final requirement 1 of 1: “boot scripts must have finished” INFO[0031] [hostagent] Not forwarding TCP 0.0.0.0:22 INFO[0031] [hostagent] Not forwarding TCP [:]22 INFO[0031] [hostagent] The final requirement 1 of 1 is satisfied INFO[0031] READY. Run

limactl shell 0

to open the shell. paulrandall@Mac-Mini-Server ~ % “/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl.ventura” shell 0 lima-rancher-desktop:/Users/paulrandall$ /usr/bin/c_rehash -v /etc/ssl/certs ERROR: Access denied ‘/etc/ssl/certs’ lima-rancher-desktop:/Users/paulrandall$

billowy-traffic-45695

03/26/2024, 7:28 PM

do I need to run the last line with sudo?

proud-jewelry-46860

03/26/2024, 7:30 PM

Yeah, I think so

proud-jewelry-46860

03/26/2024, 7:30 PM

Because

/etc/ssl/

is owned by root

proud-jewelry-46860

03/26/2024, 7:31 PM

(This is all in the VM, of course; don't do anything sudo outside of the VM if it's not expected…)

billowy-traffic-45695

03/26/2024, 7:31 PM

lima-rancher-desktop:/Users/paulrandall$ sudo /usr/bin/c_rehash -v /etc/ssl/certs Doing /etc/ssl/certs WARNING: Skipping duplicate certificate in file ca-cert-Certum_Trusted_Network_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-emSign_ECC_Root_CA_-_G3.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-37.pem WARNING: Skipping duplicate certificate in file ca-cert-GlobalSign_Root_E46.pem WARNING: Skipping duplicate certificate in file ca-cert-IdenTrust_Public_Sector_Root_CA_1.pem WARNING: Skipping duplicate certificate in file ca-cert-Microsoft_ECC_Root_Certificate_Authority_2017.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-43.pem WARNING: Skipping duplicate certificate in file ca-cert-TrustCor_ECA-1.pem WARNING: Skipping duplicate certificate in file ca-cert-Amazon_Root_CA_3.pem WARNING: Skipping duplicate certificate in file ca-cert-AC_RAIZ_FNMT-RCM.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-11.pem WARNING: Skipping duplicate certificate in file ca-cert-USERTrust_ECC_Certification_Authority.pem WARNING: Skipping duplicate certificate in file ca-cert-GlobalSign_Root_R46.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-28.pem WARNING: Skipping duplicate certificate in file ca-cert-Certum_Trusted_Root_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-SwissSign_Silver_CA_-_G2.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-119.pem WARNING: Skipping duplicate certificate in file ca-cert-TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-53.pem WARNING: Skipping duplicate certificate in file ca-cert-Microsec_e-Szigno_Root_CA_2009.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-107.pem WARNING: Skipping duplicate certificate in file ca-cert-Certum_EC-384_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-56.pem WARNING: Skipping duplicate certificate in file ca-cert-QuoVadis_Root_CA_2.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-60.pem Skipping /etc/ssl/certs/ca-certificates.crt file WARNING: Skipping duplicate certificate in file ca-cert-Certainly_Root_R1.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-63.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-20.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-31.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-121.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-72.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-0.pem WARNING: Skipping duplicate certificate in file ca-cert-GlobalSign_Root_CA_-_R6.pem WARNING: Skipping duplicate certificate in file ca-cert-TeliaSonera_Root_CA_v1.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-38.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-68.pem WARNING: Skipping duplicate certificate in file ca-cert-GDCA_TrustAUTH_R5_ROOT.pem WARNING: Skipping duplicate certificate in file ca-cert-SecureTrust_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-111.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-137.pem WARNING: Skipping duplicate certificate in file ca-cert-Amazon_Root_CA_4.pem WARNING: Skipping duplicate certificate in file ca-cert-SwissSign_Gold_CA_-_G2.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-36.pem WARNING: Skipping duplicate certificate in file ca-cert-DigiCert_Assured_ID_Root_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-GLOBALTRUST_2020.pem WARNING: Skipping duplicate certificate in file ca-cert-Telia_Root_CA_v2.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-125.pem WARNING: Skipping duplicate certificate in file ca-cert-SSL.com_EV_Root_Certification_Authority_ECC.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-97.pem WARNING: Skipping duplicate certificate in file ca-cert-Entrust_Root_Certification_Authority_-_EC1.pem WARNING: Skipping duplicate certificate in file ca-cert-Security_Communication_RootCA2.pem WARNING: Skipping duplicate certificate in file ca-cert-HiPKI_Root_CA_-_G1.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-12.pem WARNING: Skipping duplicate certificate in file ca-cert-Amazon_Root_CA_2.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-104.pem WARNING: Skipping duplicate certificate in file ca-cert-ISRG_Root_X2.pem WARNING: Skipping duplicate certificate in file ca-cert-Go_Daddy_Class_2_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-86.pem WARNING: Skipping duplicate certificate in file ca-cert-SSL.com_Root_Certification_Authority_ECC.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-59.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-134.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-128.pem WARNING: Skipping duplicate certificate in file ca-cert-GlobalSign_ECC_Root_CA_-_R5.pem WARNING: Skipping duplicate certificate in file ca-cert-T-TeleSec_GlobalRoot_Class_2.pem WARNING: Skipping duplicate certificate in file ca-cert-AffirmTrust_Premium_ECC.pem WARNING: Skipping duplicate certificate in file ca-cert-DigiCert_Assured_ID_Root_G2.pem WARNING: Skipping duplicate certificate in file ca-cert-Entrust.net_Premium_2048_Secure_Server_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-41.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-25.pem WARNING: Skipping duplicate certificate in file ca-cert-Starfield_Services_Root_Certificate_Authority_-_G2.pem WARNING: Skipping duplicate certificate in file ca-cert-Amazon_Root_CA_1.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-17.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-93.pem WARNING: Skipping duplicate certificate in file ca-cert-COMODO_RSA_Certification_Authority.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-148.pem WARNING: Skipping duplicate certificate in file ca-cert-CFCA_EV_ROOT.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-5.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-91.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-27.pem WARNING: Skipping duplicate certificate in file ca-cert-GlobalSign_Root_CA_-_R3.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-51.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-10.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-94.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-127.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-46.pem WARNING: Skipping duplicate certificate in file ca-cert-NAVER_Global_Root_Certification_Authority.pem WARNING: Skipping duplicate certificate in file ca-cert-USERTrust_RSA_Certification_Authority.pem WARNING: Skipping duplicate certificate in file ca-cert-Starfield_Root_Certificate_Authority_-_G2.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-112.pem WARNING: Skipping duplicate certificate in file ca-cert-TrustCor_RootCert_CA-1.pem WARNING: Skipping duplicate certificate in file ca-cert-QuoVadis_Root_CA_3.pem WARNING: Skipping duplicate certificate in file ca-cert-OISTE_WISeKey_Global_Root_GC_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-110.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-109.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-57.pem WARNING: Skipping duplicate certificate in file ca-cert-Izenpe.com.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-64.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-142.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-144.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-19.pem WARNING: Skipping duplicate certificate in file ca-cert-TWCA_Root_Certification_Authority.pem WARNING: Skipping duplicate certificate in file ca-cert-emSign_Root_CA_-_G1.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-1.pem WARNING: Skipping duplicate certificate in file ca-cert-Actalis_Authentication_Root_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-TWCA_Global_Root_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-61.pem WARNING: Skipping duplicate certificate in file ca-cert-DigiCert_Global_Root_CA.pem WARNING: Skipping duplicate certificate in file ca-cert-rd-83.pem link ca-cert-D-TRUST_Root_Class_3_CA_2_EV_2009.pem -> d4dae3dd.0 link ca-cert-Entrust_Root_Certification_Authority_-_G4.pem -> 5e98733a.0 link ca-cert-BJCA_Global_Root_CA2.pem -> 3e359ba6.0 link ca-cert-ANF_Secure_Server_Root_CA.pem -> b433981b.0 link ca-cert-Security_Communication_ECC_RootCA1.pem -> 5860aaa6.0 link ca-cert-rd-22.pem -> 9b46e03d.0 link ca-cert-rd-85.pem -> ce5e74ef.1 link ca-cert-Amazon_Root_CA_1.pem -> ce5e74ef.0 link ca-cert-rd-96.pem -> 896c8bb4.0 link ca-cert-rd-73.pem -> 3bde41ac.1 link ca-cert-Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem -> 3bde41ac.0 link ca-cert-Certum_Trusted_Network_CA_2.pem -> 40193066.0 link ca-cert-rd-117.pem -> 0c4c9b6c.0 link ca-cert-Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem -> 7719f463.0 link ca-cert-rd-140.pem -> 7719f463.1 link ca-cert-COMODO_Certification_Authority.pem -> 40547a79.0 link ca-cert-rd-58.pem -> 2dab9e33.0 link ca-cert-rd-23.pem -> 865fbdf9.0 link ca-cert-DigiCert_Assured_ID_Root_CA.pem -> b1159c4c.0 link ca-cert-rd-62.pem -> b1159c4c.1 link ca-cert-rd-49.pem -> cd8c0d63.1 link ca-cert-AC_RAIZ_FNMT-RCM.pem -> cd8c0d63.0 link ca-cert-Buypass_Class_2_Root_CA.pem -> 54657681.0 link ca-cert-rd-92.pem -> de6d66f3.1 link ca-cert-Amazon_Root_CA_4.pem -> de6d66f3.0 link ca-cert-Buypass_Class_3_Root_CA.pem -> e8de2f56.0 link ca-cert-HARICA_TLS_RSA_Root_CA_2021.pem -> 9f727ac7.0 link ca-cert-Microsoft_RSA_Root_Certificate_Authority_2017.pem -> bf53fb88.0 link ca-cert-GlobalSign_ECC_Root_CA_-_R4.pem -> b0e59380.0 link ca-cert-rd-50.pem -> b0e59380.1 link ca-cert-rd-135.pem -> fa5da96b.1 link ca-cert-GLOBALTRUST_2020.pem -> fa5da96b.0 link ca-cert-vTrus_Root_CA.pem -> 7a3adc42.0 link ca-cert-T-TeleSec_GlobalRoot_Class_2.pem -> 1e09d511.0 link ca-cert-rd-67.pem -> 1e09d511.1 link ca-cert-TrustCor_RootCert_CA-2.pem -> 3e44d2f7.0 link ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem -> 32888f65.0 link ca-cert-rd-120.pem -> 062cdee6.1 link ca-cert-GlobalSign_Root_CA_-_R3.pem -> 062cdee6.0 Illegal instruction lima-rancher-desktop:/Users/paulrandall$

proud-jewelry-46860

03/26/2024, 7:33 PM

That's not what I expected, but okay 🙂

billowy-traffic-45695

03/26/2024, 7:34 PM

The “Illegal instruction” line looks ominous!

proud-jewelry-46860

03/26/2024, 7:35 PM

Oh, right, I should be looking at signals and not error, so 132 is 128+4, and 4 is SIGILL…

billowy-traffic-45695

03/26/2024, 7:35 PM

I’m glad you have a 200 IQ - that went right over my head!

proud-jewelry-46860

03/26/2024, 7:36 PM

It's double embarrassing because I've seen this before, in https://github.com/rancher-sandbox/rancher-desktop/issues/2778#issuecomment-1228736601 … oops, sorry for the giant circle to get here 🙂

billowy-traffic-45695

03/26/2024, 7:37 PM

Don’t apologise. If we can get this working I’d seriously like to buy you a beer. You’re a hero!

proud-jewelry-46860

03/26/2024, 7:42 PM

One thing I can think of to try is to make a temporary directory and copy half the `rd-*.crt`s in there, and run

c_rehash

on that and try to see if you can narrow things down to a single cert that breaks things. Given the previous comments, though, I don't expect good results.

billowy-traffic-45695

03/26/2024, 7:43 PM

Oh dear. And I thought you were being positive.

billowy-traffic-45695

03/26/2024, 7:44 PM

Are you saying you think I won’t be able to get this working? (he says while starting to panic!)

proud-jewelry-46860

03/26/2024, 7:45 PM

The next thing after that is to delete all the

rd-

certs in

/usr/local/share/ca-certificates/

, and all the dangling symlinks that creates in

/etc/ssl/certs/

, and see if that magically helps (since people have claimed that a factory reset was useful…)

proud-jewelry-46860

03/26/2024, 7:45 PM

(Testing by running

c_rehash

again)

proud-jewelry-46860

03/26/2024, 7:46 PM

I don't know if we can get this to work, but I can try to give suggestions that shouldn't break your system completely… but you'll need to poke at things to try to recover it.

billowy-traffic-45695

03/26/2024, 7:50 PM

Are these certs something pertinent to my Mac in general or just to RD? Also what If I set up DockerDesktop and put the contents of this lot in the correct corresponding directory, ran it and spun up the containers? lima-rancher-desktop:/Users/paulrandall/.rdlima/0$ ls -Flah total 44G drwx------ 1 paulrand dialout 608 Mar 26 19:26 ./ drwxr-xr-x 1 paulrand dialout 160 Apr 27 2023 ../ -rw-r--r-- 1 paulrand dialout 262.0M Mar 19 12:55 basedisk -rw-r--r-- 1 paulrand dialout 37.3M Mar 26 19:26 cidata.iso -rw-r--r-- 1 paulrand dialout 43.6G Mar 26 19:47 diffdisk srw------- 1 paulrand dialout 0 Mar 26 19:26 ga.sock= -rw-r--r-- 1 paulrand dialout 5 Mar 26 19:26 ha.pid srwxr-xr-x 1 paulrand dialout 0 Mar 26 19:26 ha.sock= -rw-r--r-- 1 paulrand dialout 35.4K Mar 26 19:26 ha.stderr.log -rw-r--r-- 1 paulrand dialout 157 Mar 26 19:26 ha.stdout.log -rw-r--r-- 1 paulrand dialout 6.3K Mar 26 18:50 lima.yaml -rw------- 1 paulrand dialout 5 Mar 26 19:26 qemu.pid srwxr-xr-x 1 paulrand dialout 0 Mar 26 19:26 qmp.sock= -rw-r--r-- 1 paulrand dialout 54.6K Mar 26 19:26 serial.log srwxr-xr-x 1 paulrand dialout 0 Mar 26 19:26 serial.sock= -rw-r--r-- 1 paulrand dialout 7.1K Mar 26 19:26 serialv.log srwxr-xr-x 1 paulrand dialout 0 Mar 26 19:26 serialv.sock= -rw------- 1 paulrand dialout 687 Mar 26 19:26 ssh.config srw------- 1 paulrand dialout 0 Mar 26 19:26 ssh.sock=

billowy-traffic-45695

03/26/2024, 7:51 PM

Because I am worried I will never get this working again with RD and lose all my work. This is so depressing!

proud-jewelry-46860

03/26/2024, 7:52 PM

They're all things for RD only (we run a virtual machine, and you're inside of it right now); they're things copied from your mac into the VM to help support people who have things like corporate registries that are signed by their IT department.

proud-jewelry-46860

03/26/2024, 7:52 PM

I have no tried to spin up Docker Desktop with RD's files, so I have no idea if that would work (but as long as you don't delete anything, that's always a thing you can try I guess?)

proud-jewelry-46860

03/26/2024, 7:53 PM

Oh, sorry, no, for the second part: if you get the files out of

diffdisk

you might be able to copy it in; Docker Desktop has no idea how to deal with the lima files you have (because they have a completely different backend).

proud-jewelry-46860

03/26/2024, 7:53 PM

Well, I have dug into their implementation to be able to tell, but I'm pretty sure they predated lima 🙂

billowy-traffic-45695

03/26/2024, 7:54 PM

I see. So these certs are not somewhere in my keychain. Just inside the lima VM?

billowy-traffic-45695

03/26/2024, 7:56 PM

So all the stuff I am doing is inside that VM. Is there not a way to reinstall the entire thing or will that kill all the data I have. Even though I set my docker-compose.yml file to store it persistently. Unless I didn’t understand it correctly. Which is entirely possible.

proud-jewelry-46860

03/26/2024, 7:58 PM

Yeah; we copy all the certs from your keychain into the VM on startup.

proud-jewelry-46860

03/26/2024, 7:59 PM

You can wipe the whole thing (including your data) via the factory reset option in the UI; but it sounds like you very much don't want that right now.

proud-jewelry-46860

03/26/2024, 7:59 PM

Unless you told your docker compose file to store everything on a mount on the host, it'd be inside the VM and therefore get wiped with everything else.

billowy-traffic-45695

03/26/2024, 8:01 PM

version: “3” # Creates MariaDB container and phpMyAdmin service to manage it services: db: image: mariadb:latest container_name: db hostname: db restart: always networks: - mysql-net environment: MYSQL_ROOT_PASSWORD: dbrootpassword volumes: # Will use db volume and inside to path /var/lib/mysql - db:/var/lib/mysql phpmyadmin: # Depends on only works within same stack, but not between remote containers (even on user-defined network) depends_on: - db image: phpmyadmin/phpmyadmin restart: always networks: - mysql-net container_name: phpmyadmin hostname: phpmyadmin ports: # Exposes external port 7000 mapped to internal of 80 # Database required no external port of its own - 7000:80 environment: PMA_HOST: db MYSQL_ROOT_PASSWORD: dbrootpassword # Variable to increase upload limit for importing sql db files UPLOAD_LIMIT: 200000K volumes: # Creates persistent storage volume for database # Specify name so it does not append stack name in front db: name: db networks: # This will create a user-defined network with name of mysql-net # Specify name so that it does not append stack name and become db_mysql-net mysql-net: name: mysql-net

billowy-traffic-45695

03/26/2024, 8:01 PM

That’s the compose file.

proud-jewelry-46860

03/26/2024, 8:07 PM

Yeah, that's just using named volumes (

db

) and not mapped to a place on the host, so it's inside the diffdisk

billowy-traffic-45695

03/26/2024, 8:08 PM

Oh dear. IS there no way of getting the files off this VM. Then launching MySQL and doing a dump? Again sorry to sound like a newb.

proud-jewelry-46860

03/26/2024, 8:15 PM

We already got into the vm (with

limactl shell

), right? You can just copy files off of it…

proud-jewelry-46860

03/26/2024, 8:16 PM

limactl start

started the VM, and you got a ssh session with

limactl shell

, so you can poke around already.

billowy-traffic-45695

03/26/2024, 8:17 PM

Aah so not all is lost. So if I copied all the files off the vm into the Mac itself (is that possible? If so what’s the command please?) then I could re-install Rancher Desktop somehow, copy the files back over into the lima VM and hopefully get it all back? Is that realistic or wishfull thinking?

billowy-traffic-45695

03/26/2024, 8:18 PM

Then can you tell me how I could get the database files to copy over to the Mac’s environment by editing the docker-compose.yml config. So if this happens again it’s not so stressful 😉

billowy-traffic-45695

03/26/2024, 8:19 PM

I already did this with the files. Just not the database.

proud-jewelry-46860

03/26/2024, 8:19 PM

There's a `/Users/paulrandall/.rdlima/0/ssh.config`; so you can do

scp -F /Users/paulrandall/.rdlima/0/ssh.config lima-0:/path/to/file /path/on/mac-os

to copy files out

proud-jewelry-46860

03/26/2024, 8:20 PM

(From the mac side, not inside the VM)

proud-jewelry-46860

03/26/2024, 8:21 PM

You will, however, need to figure out where the file to copy is; you'll need to explore the disk to do that.

billowy-traffic-45695

03/26/2024, 8:22 PM

When you say explore the disk you mean the virtual disk on the VM yes?

proud-jewelry-46860

03/26/2024, 8:22 PM

Yeah

billowy-traffic-45695

03/26/2024, 8:23 PM

Do you think Chat GPT might be able to help me figure that bit out?

proud-jewelry-46860

03/26/2024, 8:25 PM

No idea?

billowy-traffic-45695

03/26/2024, 8:28 PM

So if I can find the files for the MySQL db then copy them over I may have a chance to get them working somehow?

proud-jewelry-46860

03/26/2024, 8:31 PM

Yeah. At that point (save your snapshot somewhere else first, though we shouldn't delete it) you can factory reset RD and see if that works again too, if you want to try that.

proud-jewelry-46860

03/26/2024, 8:32 PM

FWIW, it should be in

/var/lib/docker/volumes

in the VM.

billowy-traffic-45695

03/26/2024, 8:33 PM

lima-rancher-desktop:~$ cd /var/lib/docker/ /bin/ash: cd: can’t cd to /var/lib/docker/: Permission denied

proud-jewelry-46860

03/26/2024, 8:33 PM

Yes, please use

su

sudo

billowy-traffic-45695

03/26/2024, 8:34 PM

lima-rancher-desktop:~$ sudo /var/lib/docker/ sudo: /var/lib/docker/: command not found lima-rancher-desktop:~$ su /var/lib/docker su: unknown user /var/lib/docker lima-rancher-desktop:~$

billowy-traffic-45695

03/26/2024, 8:34 PM

What would the super user password be?

billowy-traffic-45695

03/26/2024, 8:35 PM

lima-rancher-desktop:~$ su /var/lib/docker su: unknown user /var/lib/docker lima-rancher-desktop:~$ su su: incorrect password lima-rancher-desktop:~$

proud-jewelry-46860

03/26/2024, 8:36 PM

sudo su

billowy-traffic-45695

03/26/2024, 8:37 PM

It didn’t recognise the command sudo so I tried to type su to see if it would let me put in a password to get to super user level. No dice.

billowy-traffic-45695

03/26/2024, 8:38 PM

Aah yes I am at super user now. Thanks.

billowy-traffic-45695

03/26/2024, 8:39 PM

lima-rancher-desktop:~$ sudo su /home/paulrandall.linux # cd /var/lib/docker /var/lib/docker # ls -Fla total 92 drwx--x--- 14 root root 4096 Mar 20 07:31 ./ drwxr-xr-x 10 root root 4096 Mar 26 20:00 ../ drwx--x--x 5 root root 4096 Mar 19 12:56 buildkit/ drwx--x--x 3 root root 4096 Apr 27 2023 containerd/ drwx--x--- 22 root root 4096 Mar 20 12:07 containers/ -rw------- 1 root root 59 Jun 22 2023 engine-id drwx------ 3 root root 4096 Apr 27 2023 image/ drwxr-x--- 3 root root 4096 Apr 27 2023 network/ drwx--x--- 283 root root 32768 Mar 20 12:07 overlay2/ drwx------ 4 root root 4096 Apr 27 2023 plugins/ drwx------ 2 root root 4096 Mar 20 07:31 runtimes/ drwx------ 2 root root 4096 Apr 27 2023 swarm/ drwx------ 2 root root 4096 Mar 20 07:31 tmp/ drwx------ 2 root root 4096 Apr 27 2023 trust/ drwx-----x 19 root root 4096 Mar 20 07:31 volumes/ /var/lib/docker # cd volumes/ /var/lib/docker/volumes # ls -Fla total 108 drwx-----x 19 root root 4096 Mar 20 07:31 ./ drwx--x--- 14 root root 4096 Mar 20 07:31 ../ drwx-----x 3 root root 4096 May 22 2023 1f0076d106462677e862559d9193184c93b06a7e445aebfc27a007ab97dbbc8a/ drwx-----x 3 root root 4096 Apr 27 2023 29ef97c4ce9cf4f272a461cd43ff0b765696590c9abcb1fc5e702c1dd6528d68/ drwx-----x 3 root root 4096 Apr 27 2023 2be26f8d784858d219d0702ffc09bd09e5edcc21d2d941f7f4bc0de6d0e717a8/ drwx-----x 3 root root 4096 Apr 27 2023 306afa1418c5ced10aa96627cff9d57478ce1a8152eeefea4428186055e230f8/ drwx-----x 3 root root 4096 Apr 27 2023 3ed6062e8b5839ab5995df8537ffaf63688fb055b2d884696a0516298c63980a/ drwx-----x 3 root root 4096 Apr 27 2023 4d51e898875515b15524ef9b819e6f2d6774d636512711673cb6aacb8c0e7007/ drwx-----x 3 root root 4096 Apr 27 2023 55289962bf6c88eab2e8291e571793901a373e4dc3e44b965ebf05996b54e632/ drwx-----x 3 root root 4096 Apr 27 2023 9c6dc3894b359a81aacd2ed5aaf9da0d15a93a153da784802389c911584a0f2f/ drwx-----x 3 root root 4096 May 4 2023 a6bb320c11bb67358f488c8ff0c8624fe3dcd75bea55716fb7242203bcd13c18/ drwx-----x 3 root root 4096 May 4 2023 a730714fc16dfc94e80bbbc62aa53c8dbde83a5273053418fefc5370dbbedacb/ drwx-----x 3 root root 4096 Apr 27 2023 b13d4185ac267d48346a920d1b0bc32cb10e6463f946e21bed4f6238fc61220c/ brw------- 1 root root 253, 1 Mar 20 07:31 backingFsBlockDev drwx-----x 3 root root 4096 Apr 27 2023 db/ drwx-----x 3 root root 4096 Apr 27 2023 e3718836a70b2cf5bbe9a163f5971fd051048a783b9fcfea61570f6798c6a9ee/ drwx-----x 3 root root 4096 Apr 27 2023 f955bc2fea2015c4fb8b71bbb7d4009efa42ac88d7758c85b6ee409e63772fb5/ drwx-----x 3 root root 4096 May 19 2023 guacamole_guac-data/ -rw------- 1 root root 65536 Mar 20 07:31 metadata.db drwx-----x 3 root root 4096 May 4 2023 prometheus_grafana-storage/ drwx-----x 3 root root 4096 May 22 2023 prometheus_prometheus_data/ /var/lib/docker/volumes

billowy-traffic-45695

03/26/2024, 8:41 PM

Ooh. This looks more promising. drwxr-xr-x 18 999 ping 4096 Mar 20 12:07 ./ drwx-----x 3 root root 4096 Apr 27 2023 ../ drwx------ 2 999 ping 4096 Feb 2 10:29 achieve/ drwx------ 2 999 ping 4096 Jun 2 2023 alanhydes/ -rw-rw---- 1 999 ping 16932864 Mar 25 16:59 aria_log.00000001 -rw-rw---- 1 999 ping 52 Mar 25 16:59 aria_log_control drwx------ 2 999 ping 4096 May 1 2023 aztec/ -rw-rw---- 1 999 ping 9 Mar 19 12:56 ddl_recovery-backup.log -rw-rw---- 1 999 ping 16384 Mar 22 12:22 ddl_recovery.log drwx------ 2 999 ping 4096 Jun 22 2023 fictional/ drwx------ 2 999 ping 12288 May 1 2023 haywood/ drwx------ 2 999 ping 4096 Jul 5 2023 htfstainless/ -rw-rw---- 1 999 ping 14649 Mar 19 23:39 ib_buffer_pool -rw-rw---- 1 999 ping 100663296 Mar 25 23:39 ib_logfile0 -rw-rw---- 1 999 ping 79691776 Mar 19 23:39 ibdata1 -rw-rw---- 1 999 ping 12582912 Mar 20 07:31 ibtmp1 drwx------ 2 999 ping 4096 May 15 2023 lyme/ -rw-rw---- 1 999 ping 0 Apr 27 2023 multi-master.info drwx------ 2 999 ping 4096 Apr 27 2023 mysql/ -rw-r--r-- 1 999 ping 15 Apr 27 2023 mysql_upgrade_info drwx------ 2 999 ping 12288 May 2 2023 nova/ drwx------ 2 999 ping 4096 May 7 2023 oxytest/ drwx------ 2 999 ping 4096 Apr 27 2023 performance_schema/ drwx------ 2 999 ping 12288 May 8 2023 pynk/ drwx------ 2 999 ping 12288 Apr 27 2023 sys/ drwx------ 2 999 ping 4096 Mar 22 12:22 tayloraccounting/ drwx------ 2 999 ping 4096 May 6 2023 twoalpha/ drwx------ 2 999 ping 4096 May 12 2023 twobeta/

billowy-traffic-45695

03/26/2024, 8:45 PM

I can see the .ibd and .frm files for the database for the Wordpress site I built over the last few days. If I use your scp -F command to copy them over to my Mac then I can get the thing working again. Like I said. I already copy over the files to my Mac’s user homepage. I just need the databases. Oh dude. I am not as stressed as I was and it’s all thanks to you and you totally rock because of it.

proud-jewelry-46860

03/26/2024, 8:46 PM

Yay! That's something, at least

billowy-traffic-45695

03/26/2024, 8:48 PM

I know right. I wonder if I could write a bash shellscript to run that command through the directory and copy the files over to my Mac somewhere? Maybe ChatGPT could help me with that. Do you think it’s possible? If not then I’ll have to do it one at a time.

proud-jewelry-46860

03/26/2024, 8:50 PM

Why not create an archive first (

tar czf /tmp/db.tgz .

) and copy that?

proud-jewelry-46860

03/26/2024, 8:51 PM

(Actually, we mount

/Users/paulrandall

if I remember correctly, so you might be able to just create the archive there and check that it shows up)

billowy-traffic-45695

03/26/2024, 8:53 PM

Yeah. I can see the directories in there. Looks like my home directory on the Mac: /var/lib/docker/volumes/db/_data/tayloraccounting # cd /Users/paulrandall/ /Users/paulrandall # ls -Fla total 336 drwxr-x--- 1 paulrand dialout 2272 Mar 26 20:00 ./ drwxr-xr-x 3 root root 60 Mar 26 19:26 ../ -rw------- 1 paulrand dialout 3 Apr 26 2023 .CFUserTextEncoding -rw-r--r-- 1 paulrand dialout 28676 Mar 26 19:11 .DS_Store drwx------ 1 paulrand dialout 64 Sep 22 2023 .Trash/ -rw------- 1 paulrand dialout 169 Apr 30 2023 .bash_history -rw-r--r-- 1 paulrand dialout 147 Apr 27 2023 .bash_profile -rw-r--r-- 1 paulrand dialout 147 Apr 27 2023 .bashrc drwx------ 1 paulrand dialout 96 Jun 22 2023 .config/ -rw-r--r-- 1 paulrand dialout 150 Apr 27 2023 .cshrc drwxr-xr-x 1 paulrand dialout 448 Mar 26 13:58 .docker/ -rw------- 1 paulrand dialout 74 May 22 2023 .git-credentials -rw-rw-r-- 1 paulrand dialout 29 May 14 2023 .gitconfig -rw------- 1 paulrand dialout 20 Nov 26 10:11 .lesshst drwxr-xr-x 1 paulrand dialout 128 Mar 26 19:26 .rd/ drwxr-xr-x 1 paulrand dialout 160 Apr 27 2023 .rdlima/ -rw-r--r-- 1 paulrand dialout 12455 May 10 2023 .shellfishrc drwx------ 1 paulrand dialout 160 May 14 2023 .ssh/ -rw-r--r-- 1 paulrand dialout 150 Apr 27 2023 .tcshrc drwx------ 1 paulrand dialout 128 Jun 22 2023 .vnc/ -rw------- 1 paulrand dialout 16966 Mar 26 16:40 .zsh_history drwx------ 1 paulrand dialout 288 Mar 26 20:00 .zsh_sessions/ -rw-r--r-- 1 paulrand dialout 208 May 10 2023 .zshrc drwx------ 1 paulrand dialout 2080 Mar 26 18:03 Desktop/ drwxr-xr-x 1 paulrand dialout 64 Apr 27 2023 Docker/ drwx------ 1 paulrand dialout 1728 Mar 26 16:52 Documents/ drwx------ 1 paulrand dialout 800 Mar 26 13:50 Downloads/ drwx------ 1 paulrand dialout 192 May 10 2023 JetBrainsMono/ drwx------ 1 paulrand dialout 3104 Mar 26 12:52 Library/ drwx------ 1 paulrand dialout 128 Apr 27 2023 Movies/ drwx------ 1 paulrand dialout 96 May 20 2023 Music/ drwx------ 1 paulrand dialout 128 Apr 26 2023 Pictures/ drwxr-xr-x 1 paulrand dialout 128 Apr 26 2023 Public/ drwxr-xr-x 1 paulrand dialout 128 May 17 2023 WP-DB-BACKUPS/ drwxr-xr-x 1 paulrand dialout 160 Apr 27 2023 Wordpress/ drwxr-xr-x 1 paulrand dialout 576 Jul 5 2023 achieve/ drwxr-xr-x 1 paulrand dialout 320 May 5 2023 alanhydes/ drwxrwxrwx 1 paulrand dialout 768 Mar 20 12:07 all_volumes/ drwxr-xr-x 1 paulrand dialout 480 May 2 2023 aztec/ drwxr-xr-x 1 paulrand dialout 96 Apr 27 2023 db/ drwxr-xr-x 1 paulrand dialout 160 May 1 2023 dev-env-master/ -rw-r--r-- 1 paulrand dialout 261 May 3 2023 docker-compose.yml drwxr-xr-x 1 paulrand dialout 160 Jul 5 2023 env-template/ drwxr-xr-x 1 paulrand dialout 448 Mar 20 14:53 fictional/ drwxr-xr-x 1 paulrand dialout 224 May 17 2023 flaskapp/ drwxr-xr-x 1 paulrand dialout 96 May 21 2023 glances/ drwxr-xr-x 1 paulrand dialout 416 May 7 2023 haywood/ drwxr-xr-x 1 paulrand dialout 768 Jul 5 2023 htfstainless/ drwxr-xr-x 1 paulrand dialout 704 May 15 2023 lyme/ drwxr-xr-x 1 paulrand dialout 64 May 13 2023 montypython/ drwxr-xr-x 1 paulrand dialout 224 Apr 28 2023 my-code-bak/ -rw-r--r-- 1 paulrand dialout 595 May 3 2023 nginx.conf drwxr-xr-x 1 paulrand dialout 96 Apr 27 2023 nginxproxymanager/ drwxr-xr-x 1 paulrand dialout 416 May 8 2023 nova/ drwxr-xr-x 1 paulrand dialout 544 May 21 2023 oxytest/ drwxr-xr-x 1 paulrand dialout 96 May 3 2023 php/ drwxr-xr-x 1 paulrand dialout 1120 Jul 5 2023 plugin-files/ drwxr-xr-x 1 paulrand dialout 160 May 22 2023 prometheus/ drwxr-xr-x 1 paulrand dialout 480 May 8 2023 pynk/ drwxr-xr-x 1 paulrand dialout 64 May 3 2023 sababa-wp/ drwxr-xr-x 1 paulrand dialout 768 Mar 20 15:06 tayloraccounting/ drwxr-xr-x 1 paulrand dialout 160 May 14 2023 themes-files/ drwxr-xr-x 1 paulrand dialout 64 May 16 2023 threealpha/ drwxr-xr-x 1 paulrand dialout 160 May 19 2023 ttyd/ drwxr-xr-x 1 paulrand dialout 512 May 10 2023 two-alpha/ drwxr-xr-x 1 paulrand dialout 96 May 20 2023 two-beta/ drwxr-xr-x 1 paulrand dialout 768 Mar 20 14:39 twobeta/ drwxr-xr-x 1 paulrand dialout 704 May 16 2023 twobeta-bak/ drwxr-xr-x 1 paulrand dialout 608 May 19 2023 webfonts/ drwxr-xr-x 1 paulrand dialout 128 May 19 2023 wetty/ drwxr-xr-x 1 paulrand dialout 416 May 6 2023 wordpress_template/ /Users/paulrandall

billowy-traffic-45695

03/26/2024, 8:54 PM

So what would the command be to create a tarball of the databases into /Users/paulrandall/?

proud-jewelry-46860

03/26/2024, 8:55 PM

Yeah, so you should be able to

cd /var/lib/docker/volumes/db ; tar czf /Users/paulrandall/wordpress-db.tgz .

billowy-traffic-45695

03/26/2024, 8:56 PM

It’s doing something. Looks like it will take a while which is promising I guess.

billowy-traffic-45695

03/26/2024, 8:57 PM

OMG. I have a .tgz file in my user directory on my Mac. It’s 62 Mb. What kind of alchemy is this?

billowy-traffic-45695

03/26/2024, 9:00 PM

Thanks man. I need to figure out how to turn these files into SQL but this is a much greater outcome than I thought. Maybe I need to simply reset, spin up the containers and drop these database files and folders into the right place and see what happens.

proud-jewelry-46860

03/26/2024, 9:04 PM

Yeah, that should work, but that's why we have snapshots…

billowy-traffic-45695

03/26/2024, 9:05 PM

Yeah. I wish I knew about them before. it’s all been a learning curve. I will use them copiously in future. Thanks again and I really feel much better now I have these raw db files.

billowy-traffic-45695

03/26/2024, 9:06 PM

I think I need to go sleep. This much stress is not good for anyone let alone someone my age. D’oh! Thanks again. You are really good at this. Are you one of the devs? Just curious.

proud-jewelry-46860

03/26/2024, 9:10 PM

You're welcome! And yes, I'm one of the devs.

proud-jewelry-46860

03/26/2024, 9:11 PM

I'm basically responding lots while waiting for tests to run (also, this is much more fun than debugging a failing test…)

billowy-traffic-45695

03/26/2024, 9:13 PM

I can imagine. So you work for Suze? My first box was on Suze Linux over 20 years ago. When I started web hosting

billowy-traffic-45695

03/26/2024, 9:14 PM

Back then we had no Plesk or CPanel. We had to edit files to set up websites, DNS etc. it was complicated.

billowy-traffic-45695

03/26/2024, 9:15 PM

Gonna watch some TV and chill. Thanks so much and I’ll tell you when it’s back up.

👋 1

billowy-traffic-45695

03/27/2024, 8:20 AM

Hi Mook. I tried to restore some databases from the MySQL data files but it didn’t work. However I have had an idea. I have a snapshot of the installation including the CA certs that are having issues so I wondered, if I do a factory reset to get RD with Moby back up and running. Grab the CA certs from the working version (that has no data) and save them in my user directory then restore my snapshot then remove all of the certs from whatever directory they are stored in in the VM and replace them with the good certs from my user directory then restart. Is this possible? Do you think it has a chance of working?

proud-jewelry-46860

03/27/2024, 4:36 PM

That might work, yes. Or you can (as suggested above) just delete all the certs and let it get copied from your host again.

billowy-traffic-45695

04/01/2024, 4:39 PM

I fixed it thanks to you mate. I logged in with rdctl shell then deleted the certs with sudo rm /etc/ssl/certs/* Then booted back into Rancher Desktop and it re-copied the certificates into /etc/ssl/certs on the VM and re-booted into my environment. Everything spins up, it’s all great. I have also taken a snapshot of it. I do have one request though. I think this all occurred because I am using a timed shutdown at 11:30pm each day of my Mac. I don’t think it shuts down RD gracefully though. Which is possibly why, it corrupted one or more of the certificates. Is there a way for RD to respect the Mac shutdown process and to trigger a graceful shutdown of itself? Or alternatively is there qa way for me to set a timed shutdown of RD itself at say 11:20pm so it gracefully shuts down ten minutes before the Mac does?

proud-jewelry-46860

04/01/2024, 7:03 PM

You can run

rdctl shutdown

from

cron

, I guess? We might need to dig into the behaviour when the host shuts down, though, yes.

billowy-traffic-45695

04/02/2024, 1:29 PM

Ok so I tried that. I set up a cronjob for it. Not sure it if actually shutdown though but this morning the certs were coming up with that error again so I had to delete them again and got it booted back up again. So I am wondering if some bug was introduced in the last RD update maybe? Odd that it would do that. Having said that i just tried rdctl shutdown manually and then started up Rancher Desktop and it shutdown and started up fine with no certificate issue so maybe I did my cronjob incorrectly. paulrandall@Mac-Mini-Server % crontab -l 20 23 * * * rdctl shutdown

proud-jewelry-46860

04/02/2024, 4:56 PM

Hmm, could you file an issue about the bit about shutting down the host causing bad certs? It would be good to see if we can track that down so you don't need to do the workaround.

14 Views

Open in Slack

Previous Next