This message was deleted.
# rke2a
adamant-kite-43734
06/21/2024, 7:40 PMThis message was deleted.
s
stale-portugal-8315
06/21/2024, 11:07 PMHey, we saw the same behavior as well, however the provisioning process in our case succeeds
e
enough-carpet-20915
06/21/2024, 11:14 PMWhat did you do? Just let it go for a while?
s
stale-portugal-8315
06/21/2024, 11:16 PMYeah, provisioning in our environs takes about 10-12 minutes, but we see a lot of these error messages
e
enough-carpet-20915
06/21/2024, 11:16 PMHmm, this has been going for about 2.5 hours and still same thing. π
s
stale-portugal-8315
06/21/2024, 11:22 PMOh wow
h
hundreds-evening-84071
06/21/2024, 11:41 PMwhat RKE2 version and OS ?
Firewall settings ?
From second node, can you reach 1st node on port 9345?
what's in your config.yaml ?
hundreds-evening-84071
06/21/2024, 11:42 PMsorry - if you have already worked thru all that - but those are some of the things I would look
e
enough-carpet-20915
06/21/2024, 11:44 PMI'll go through it all again if it means I can get this working. π€£
π 1
π€ 1
enough-carpet-20915
06/21/2024, 11:45 PM Copy code
β― kubectl --kubeconfig master1.yaml get node
NAME STATUS ROLES AGE VERSION
master1 Ready control-plane,etcd,master 3h4m v1.28.10+rke2r1enough-carpet-20915
06/21/2024, 11:45 PMOS: NixOS
enough-carpet-20915
06/21/2024, 11:46 PMCurrently firewall is disabled
enough-carpet-20915
06/21/2024, 11:48 PM Copy code
$ cat /etc/rancher/rke2/config.yaml
disable-kube-proxy: trueh
hundreds-evening-84071
06/21/2024, 11:48 PMalso in your
config.yamltokene
enough-carpet-20915
06/21/2024, 11:49 PM Copy code
rke2 'server' '--token-file=/join.token' '--server=<https://10.22.30.11:6443|https://10.22.30.11:6443>' '--cni=cilium' '--disable-kube-proxy' '--cluster-cidr=10.24.0.0/16'enough-carpet-20915
06/21/2024, 11:50 PMOn the second machine
/join.token/var/lib/rancher/rke2/server/node-tokenπ 1
enough-carpet-20915
06/21/2024, 11:52 PM Copy code
$ curl <https://10.22.30.11:9345|https://10.22.30.11:9345>
curl: (35) OpenSSL/3.0.13: error:16000069:STORE routines::unregistered schemeenough-carpet-20915
06/21/2024, 11:53 PMWait, should
--serverh
hundreds-evening-84071
06/21/2024, 11:54 PMon all my RKE2 config.yaml I have 9345
hundreds-evening-84071
06/21/2024, 11:54 PMv1.28.10
e
enough-carpet-20915
06/21/2024, 11:54 PMThen I bet that's it
π 1
h
hundreds-evening-84071
06/21/2024, 11:54 PMI believe k3s uses 6443 (but I maybe wrong)
e
enough-carpet-20915
06/21/2024, 11:55 PMI think you're right. I came from k3s and I'm pretty sure it was always 6443 there.
h
hundreds-evening-84071
06/21/2024, 11:55 PMper this doc, it should be 9345 (on rke2)
https://docs.rke2.io/install/ha#3-launch-additional-server-nodes
hundreds-evening-84071
06/21/2024, 11:57 PMchange config.yaml
rke2-killall.sh
systemctl start rke2-server (assuming NixOS uses systemd)
e
enough-carpet-20915
06/21/2024, 11:58 PMPROGRESS!
enough-carpet-20915
06/21/2024, 11:59 PM Copy code
Jun 21 23:58:41 master3 rke2[1014]: time="2024-06-21T23:58:41Z" level=fatal msg="starting kubernetes: preparing server: CA cert validation failed: Get \"<https://10.22.30.11:9345/cacerts>\": tls: failed to verify certificate: x509: certificate is valid for 10.22.20.11, 10.43.0.1, 127.0.0.1, ::1, not 10.22.30.11"enough-carpet-20915
06/21/2024, 11:59 PMThat's easy to fix
enough-carpet-20915
06/21/2024, 11:59 PMBut that's for tomorrow, not tonight. Thanks though dude, you just solved my issue!
π 1
π 1
h
hundreds-evening-84071
06/22/2024, 12:14 AMno problem - have a great weekend
e
enough-carpet-20915
06/22/2024, 7:58 AMThanks! You too!
enough-carpet-20915
06/22/2024, 9:29 AM Copy code
β― kubectl --kubeconfig master1.yaml get nodes
NAME STATUS ROLES AGE VERSION
master1 Ready control-plane,etcd,master 8m46s v1.28.10+rke2r1
master2 Ready control-plane,etcd,master 67s v1.28.10+rke2r1π 1
π 1
156 Views