I meant `dockerd` not `containerd` rancher-users #rancher-desktop

Title

kind-application-89221

09/21/2022, 12:10 PM

I meant

dockerd

not

containerd

creamy-vr-37996

09/21/2022, 1:04 PM

Hey Bayo, can I get the full log?, I am wondering what cert validation is in conflict

And please let me know if you’re running on priv or not

kind-application-89221

09/21/2022, 2:31 PM

Hi @creamy-vr-37996, I see quite a number of logs. Please let me know if those uploaded are not what you are looking for.

I'm running on priv (I believe you mean private network, i.e. corporate network?)

creamy-vr-37996

09/21/2022, 3:10 PM

Thanks Bayo, I was meaning if you’re running with a privileged permissions (root or administrator on win)

kind-application-89221

09/21/2022, 3:11 PM

Oh yeah, runnning with admin rights (my bad! Busy head)

creamy-vr-37996

09/21/2022, 3:19 PM

Hmmm, as long as the underlying container runtime is unable to validate the certificate the error will affect also k8s. About the certificate itself, the issuer and subjets looks weird:

{
      subject: [Object: null prototype] {
        C: 'US',
        ST: 'California',
        O: 'Zscaler Inc.',
        OU: 'Zscaler Inc.',
        CN: 'Zscaler Intermediate Root CA (<http://zscalertwo.net|zscalertwo.net>) (t) '
      },
      issuer: [Object: null prototype] {
        C: 'US',
        ST: 'California',
        O: 'Zscaler Inc.',
        OU: 'Zscaler Inc.',
        CN: 'Zscaler Intermediate Root CA (<http://zscalertwo.net|zscalertwo.net>)',
        emailAddress: '<mailto:support@zscaler.com|support@zscaler.com>'

Anyway, the affected certificate is about to expire soon

subjectaltname: ‘DNS:k3s.io, DNS:*.k3s.io, DNS:sni.cloudflaressl.com’, valid_from: ‘Sep 17 07:48:10 2022 GMT’, valid_to: ‘Oct 1 07:48:10 2022 GMT’,

kind-application-89221

09/21/2022, 3:22 PM

Yeah, I noticed the certificates look weird as well and I have no idea where that is originating from. I have also tried moved in and out of the VPN yet same situation. Background: I performed a factory reset on RD and then proceeded to restart my computer and re-install before getting into this issue.

Of all the certificates in the chain, this is the one whose serialNumber I get in the dialog of RD

valid_from: 'Jun 24 15:44:19 2013 GMT',

valid_to: 'Nov  9 15:44:19 2040 GMT',

fingerprint: '9F:B5:0B:46:C7:31:28:6B:17:96:F0:AA:6C:2C:AE:82:69:C8:CC:D2',

fingerprint256: 'F3:D8:8E:5E:73:A9:FA:A8:7E:03:08:01:13:A3:9A:8B:A4:C5:27:5E:39:1C:27:30:3B:33:75:C3:6F:C6:FF:D4',

serialNumber: 'e4d802adc2f521ca'

creamy-vr-37996

09/21/2022, 3:28 PM

Are you on your desktop directly or using a vms with rd?

kind-application-89221

09/21/2022, 3:29 PM

Desktop directly. Tbh, I have not had the need to explore RD outside just running docker commands.

creamy-vr-37996

09/21/2022, 3:30 PM

It also happens on docker, right?

kind-application-89221

09/21/2022, 3:31 PM

Yup! I can't access docker because the Daemon (RD in this case) is down. Backstory: RD is the only accepted way to use Docker in my org.

creamy-vr-37996

09/21/2022, 3:34 PM

If I am not wrong, RD requires a container runtime to run (docker, containerd….) to work, it looks like the certificate are a system-wide issue not allowing the container runtime to work which is a requirement for RD

kind-application-89221

09/21/2022, 3:39 PM

Exactly, RD does require a container runtime (and my target will be dockerd) but when I close the error popup window to change my settings in "Preferences" it doesn't get applied. The blue "Apply" button remains blue without turning grey to mean my new settings hasn't been applied. About the certificates, I am not exactly sure how they clash with that of RD because everything was working fine just until the factory reset and then everything went South.

And since the error says Error starting Kubernetes, I will imagine that I should be able to launch other runtime containers (Docker in my case) without issues.

I should add that

docker --version

does return a docker version. But strangely the daemon, hosted by RD, is down

User Interface wise, when the loading bar on RD gets to "Updating DNS", after WSL initialization, that is when the error popup window appears.

creamy-vr-37996

09/21/2022, 3:58 PM

As far as I know, the docker daemon is not hosted by RD, RD depends on the container runtime, not vice versa

I would try to start a standalone container using docker to see if the problem is isolated to docker and that could cause the error on RD

kind-application-89221

09/21/2022, 4:00 PM

True that @ vice versa

Here's a scenario (bear in mind that I don't have docker installed any other way.

C:\WINDOWS\system32>docker network ls

error during connect: In the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect.: Get "<http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/networks>": open //./pipe/docker_engine: The system cannot find the file specified.

creamy-vr-37996

09/21/2022, 4:02 PM

That’s a lack of privilege permissions issue, right?

kind-application-89221

09/21/2022, 4:02 PM

The above was done with cmd in Administrator mode.

Err... How do I change that?

Never had to do it differently.

creamy-vr-37996

09/21/2022, 4:03 PM

Unfortunately I am not even a windows user, but as per my understanding for your above message, docker client must be run with elevated privileges

Looks like the client is running as user instead of an administrator

kind-application-89221

09/21/2022, 4:06 PM

Yup, I do believe your understanding is correct as well. And unfortunately, Windows isn't my favorite. haha!

Any tip on how I could change that to administrator?

creamy-vr-37996

09/21/2022, 4:08 PM

hmmm

From the 100% ignorance, I would start here https://learn.microsoft.com/en-us/windows/win32/secbp/running-with-special-privileges

fast-garage-66093

09/21/2022, 10:17 PM

@kind-application-89221 Could you upload the

networking.log

file as well?

kind-application-89221

09/22/2022, 4:08 AM

@fast-garage-66093, the

networking.log

file is strangely empty.

fast-garage-66093

09/22/2022, 4:13 AM

Can you try to

type networking.log

anyways, to make sure? Sometimes the log files are listed with size 0 in the directory because the directory entries haven't been updated.

kind-application-89221

09/22/2022, 4:15 AM

Should I be doing this in the command line?

fast-garage-66093

09/22/2022, 4:16 AM

Yes, but it looks like it is empty for me too, on a Windows machine. It has additional information about parsing certs on macOS, but I guess that code is not executed on Windows.

kind-application-89221

09/22/2022, 4:17 AM

Indeed, it is indeed empty.

fast-garage-66093

09/22/2022, 4:17 AM

Can you check with your IT people if you are allowed to share the Zscaler cert from your machine? There should be nothing confidential in it (it is a cert, not a key, and the names are all from Zscaler and not your company).

If you can share the cert, we could install it on a test machine and see if we can reproduce the problem

kind-application-89221

09/22/2022, 4:19 AM

Ah ha! I will check in with them, hopefully, they can.

fast-garage-66093

09/22/2022, 4:19 AM

It is always better to ask for permission first anyways

👍 1

kind-application-89221

09/23/2022, 5:37 AM

Issue resolved. • Went to the physical office with VPN turned on for a while and then turned off. • Installed RD v1.0.1 • And all issues gone.

fast-garage-66093

09/23/2022, 5:38 AM

Did you really mean 1.0.1? Any reason you did not upgrade to 1.5.1?

kind-application-89221

09/23/2022, 5:40 AM

Yup, 1.0.1 indeed was what cut it for me, and will try an upgrade when next in the office but that will be sometime next week and I'll ping here if everything is fine. Currently running behind a deadline so didn't want to risk it.

Tbh, it was hard to tell what the exact issue could be and so didn't further

Hi @fast-garage-66093, I said I was going to ping here when I upgrade to RD 1.5.1 when next at the office to avoid the networking issues but couldn't do that today. I will definitely ping here once I do and confirmed.

Hi @fast-garage-66093. The upgrade looks good.

👍 1

61 Views

#rancher-desktop Join Slack