This message was deleted.
# rancher-setupa
adamant-kite-43734
11/01/2024, 11:10 AMThis message was deleted.
l
late-truck-88135
11/01/2024, 11:13 AM Copy code
controller-0:~/rancher-discovery$ kubectl get pods -n cattle-system
NAME READY STATUS RESTARTS AGE
cattle-cluster-agent-7c769954c6-wcb2t 0/1 CrashLoopBackOff 5 (44s ago) 3m59s
controller-0:~/rancher-discovery$ kubectl logs -n cattle-system cattle-cluster-agent-7c769954c6-wcb2t
INFO: Environment: CATTLE_ADDRESS=172.14.43.22 CATTLE_CA_CHECKSUM=690b4bc492153647b35b018f9a39b2fd720121a6835365287a36086a1d41e5e6 CATTLE_CLUSTER=true CATTLE_CLUSTER_AGENT_PORT=<tcp://11.106.56.16:80> CATTLE_CLUSTER_AGENT_PORT_443_TCP=<tcp://11.106.56.16:443> CATTLE_CLUSTER_AGENT_PORT_443_TCP_ADDR=11.106.56.16 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PORT=443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_PORT_80_TCP=<tcp://11.106.56.16:80> CATTLE_CLUSTER_AGENT_PORT_80_TCP_ADDR=11.106.56.16 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PORT=80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_SERVICE_HOST=11.106.56.16 CATTLE_CLUSTER_AGENT_SERVICE_PORT=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTP=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTPS_INTERNAL=443 CATTLE_CLUSTER_REGISTRY= CATTLE_INGRESS_IP_DOMAIN=<http://sslip.io|sslip.io> CATTLE_INSTALL_UUID=c7417022-3f20-4243-ba1c-81653a01265a CATTLE_INTERNAL_ADDRESS= CATTLE_IS_RKE=false CATTLE_K8S_MANAGED=true CATTLE_NODE_NAME=cattle-cluster-agent-7c769954c6-wcb2t CATTLE_RANCHER_PROVISIONING_CAPI_VERSION= CATTLE_RANCHER_WEBHOOK_VERSION=104.0.3+up0.5.3 CATTLE_SERVER=<https://192.168.1.10:30166> CATTLE_SERVER_VERSION=v2.9.3
INFO: Using resolv.conf: search cattle-system.svc.cluster.local svc.cluster.local cluster.local nameserver 11.96.0.10 options ndots:5
INFO: <https://192.168.1.10:30166/ping> is accessible
INFO: Value from <https://192.168.1.10:30166/v3/settings/cacerts> is an x509 certificate
time="2024-11-01T11:06:39Z" level=info msg="Listening on /tmp/log.sock"
time="2024-11-01T11:06:39Z" level=info msg="Rancher agent version v2.9.3 is starting"
time="2024-11-01T11:06:39Z" level=info msg="Testing connection to <https://192.168.1.10:30166> using trusted certificate authorities within: /etc/kubernetes/ssl/certs/serverca"
time="2024-11-01T11:06:39Z" level=info msg="Certificate details from <https://192.168.1.10:30166>"
time="2024-11-01T11:06:39Z" level=info msg="Certificate #0 (<https://192.168.1.10:30166>)"
time="2024-11-01T11:06:39Z" level=info msg="Subject: CN=dynamic,O=dynamic"
time="2024-11-01T11:06:39Z" level=info msg="Issuer: CN=dynamiclistener-ca@1730453595,O=dynamiclistener-org"
time="2024-11-01T11:06:39Z" level=info msg="IsCA: false"
time="2024-11-01T11:06:39Z" level=info msg="DNS Names: <none>"
time="2024-11-01T11:06:39Z" level=info msg="IPAddresses: [11.108.43.46 11.109.106.183 11.99.227.49 192.168.1.10 172.14.114.47]"
time="2024-11-01T11:06:39Z" level=info msg="NotBefore: 2024-11-01 09:33:15 +0000 UTC"
time="2024-11-01T11:06:39Z" level=info msg="NotAfter: 2025-11-01 10:54:24 +0000 UTC"
time="2024-11-01T11:06:39Z" level=info msg="SignatureAlgorithm: ECDSA-SHA256"
time="2024-11-01T11:06:39Z" level=info msg="PublicKeyAlgorithm: ECDSA"
time="2024-11-01T11:06:39Z" level=info msg="Certificate #1 (<https://192.168.1.10:30166>)"
time="2024-11-01T11:06:39Z" level=info msg="Subject: CN=dynamiclistener-ca@1730453595,O=dynamiclistener-org"
time="2024-11-01T11:06:39Z" level=info msg="Issuer: CN=dynamiclistener-ca@1730453595,O=dynamiclistener-org"
time="2024-11-01T11:06:39Z" level=info msg="IsCA: true"
time="2024-11-01T11:06:39Z" level=info msg="DNS Names: <none>"
time="2024-11-01T11:06:39Z" level=info msg="IPAddresses: <none>"
time="2024-11-01T11:06:39Z" level=info msg="NotBefore: 2024-11-01 09:33:15 +0000 UTC"
time="2024-11-01T11:06:39Z" level=info msg="NotAfter: 2034-10-30 09:33:15 +0000 UTC"
time="2024-11-01T11:06:39Z" level=info msg="SignatureAlgorithm: ECDSA-SHA256"
time="2024-11-01T11:06:39Z" level=info msg="PublicKeyAlgorithm: ECDSA"
time="2024-11-01T11:06:39Z" level=info msg="Certificate details for /etc/kubernetes/ssl/certs/serverca"
time="2024-11-01T11:06:39Z" level=info msg="Certificate #0 (/etc/kubernetes/ssl/certs/serverca)"
time="2024-11-01T11:06:39Z" level=info msg="Subject: CN=starlingx"
time="2024-11-01T11:06:39Z" level=info msg="Issuer: CN=starlingx"
time="2024-11-01T11:06:39Z" level=info msg="IsCA: true"
time="2024-11-01T11:06:39Z" level=info msg="DNS Names: [starlingx]"
time="2024-11-01T11:06:39Z" level=info msg="IPAddresses: <none>"
time="2024-11-01T11:06:39Z" level=info msg="NotBefore: 2024-10-08 11:34:52 +0000 UTC"
time="2024-11-01T11:06:39Z" level=info msg="NotAfter: 2034-10-06 11:34:52 +0000 UTC"
time="2024-11-01T11:06:39Z" level=info msg="SignatureAlgorithm: SHA256-RSA"
time="2024-11-01T11:06:39Z" level=info msg="PublicKeyAlgorithm: RSA"
time="2024-11-01T11:06:39Z" level=error msg="Issuer of last certificate found in chain (CN=dynamiclistener-ca@1730453595,O=dynamiclistener-org) does not match with CA certificate Issuer (CN=starlingx). Please check if the configured server certificate contains all needed intermediate certificates and make sure they are in the correct order (server certificate first, intermediates after)"
time="2024-11-01T11:06:39Z" level=fatal msg="Certificate chain is not complete, please check if all needed intermediate certificates are included in the server certificate (in the correct order) and if the cacerts setting in Rancher either contains the correct CA certificate (in the case of using self signed certificates) or is empty (in the case of using a certificate signed by a recognized CA). Certificate information is displayed above. error: Get \"<https://192.168.1.10:30166>\": tls: failed to verify certificate: x509: certificate signed by unknown authority"9 Views