https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# rancher-desktop
a
This message was deleted.
k
I meant 
dockerd
not 
containerd
c
Hey Bayo, can I get the full log?, I am wondering what cert validation is in conflict
And please let me know if you’re running on priv or not
k
Hi @creamy-vr-37996, I see quite a number of logs. Please let me know if those uploaded are not what you are looking for.
server.logintegrations.logwsl-exec.logupdate.log
I'm running on priv (I believe you mean private network, i.e. corporate network?)
c
Thanks Bayo, I was meaning if you’re running with a privileged permissions (root or administrator on win)
k
Oh yeah, runnning with admin rights (my bad! Busy head)
c
Hmmm, as long as the underlying container runtime is unable to validate the certificate the error will affect also k8s. About the certificate itself, the issuer and subjets looks weird:
Copy code
{
      subject: [Object: null prototype] {
        C: 'US',
        ST: 'California',
        O: 'Zscaler Inc.',
        OU: 'Zscaler Inc.',
        CN: 'Zscaler Intermediate Root CA (<http://zscalertwo.net|zscalertwo.net>) (t) '
      },
      issuer: [Object: null prototype] {
        C: 'US',
        ST: 'California',
        O: 'Zscaler Inc.',
        OU: 'Zscaler Inc.',
        CN: 'Zscaler Intermediate Root CA (<http://zscalertwo.net|zscalertwo.net>)',
        emailAddress: '<mailto:support@zscaler.com|support@zscaler.com>'
Anyway, the affected certificate is about to expire soon
subjectaltname: ‘DNS:k3s.io, DNS:*.k3s.io, DNS:sni.cloudflaressl.com’, valid_from: ‘Sep 17 074810 2022 GMT’, valid_to: ‘Oct 1 074810 2022 GMT’,
k
Yeah, I noticed the certificates look weird as well and I have no idea where that is originating from. I have also tried moved in and out of the VPN yet same situation. Background: I performed a factory reset on RD and then proceeded to restart my computer and re-install before getting into this issue.
Of all the certificates in the chain, this is the one whose serialNumber I get in the dialog of RD 
valid_from: 'Jun 24 15:44:19 2013 GMT',
valid_to: 'Nov  9 15:44:19 2040 GMT',
fingerprint: '9F:B5:0B:46:C7:31:28:6B:17:96:F0:AA:6C:2C:AE:82:69:C8:CC:D2',
fingerprint256: 'F3:D8:8E:5E:73:A9:FA:A8:7E:03:08:01:13:A3:9A:8B:A4:C5:27:5E:39:1C:27:30:3B:33:75:C3:6F:C6:FF:D4',
serialNumber: 'e4d802adc2f521ca'
c
Are you on your desktop directly or using a vms with rd?
k
Desktop directly. Tbh, I have not had the need to explore RD outside just running docker commands.
c
It also happens on docker, right?
k
Yup! I can't access docker because the Daemon (RD in this case) is down. Backstory: RD is the only accepted way to use Docker in my org.
c
If I am not wrong, RD requires a container runtime to run (docker, containerd….) to work, it looks like the certificate are a system-wide issue not allowing the container runtime to work which is a requirement for RD
k
Exactly, RD does require a container runtime (and my target will be dockerd) but when I close the error popup window to change my settings in "Preferences" it doesn't get applied. The blue "Apply" button remains blue without turning grey to mean my new settings hasn't been applied. About the certificates, I am not exactly sure how they clash with that of RD because everything was working fine just until the factory reset and then everything went South.
And since the error says Error starting Kubernetes, I will imagine that I should be able to launch other runtime containers (Docker in my case) without issues.
I should add that 
docker --version
does return a docker version. But strangely the daemon, hosted by RD, is down
User Interface wise, when the loading bar on RD gets to "Updating DNS", after WSL initialization, that is when the error popup window appears.
c
As far as I know, the docker daemon is not hosted by RD, RD depends on the container runtime, not vice versa
I would try to start a standalone container using docker to see if the problem is isolated to docker and that could cause the error on RD
k
True that @ vice versa
Here's a scenario (bear in mind that I don't have docker installed any other way. 
C:\WINDOWS\system32>docker network ls
error during connect: In the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect.: Get "<http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/networks>": open //./pipe/docker_engine: The system cannot find the file specified.
c
That’s a lack of privilege permissions issue, right?
k
The above was done with cmd in Administrator mode.
Err... How do I change that?
Never had to do it differently.
c
Unfortunately I am not even a windows user, but as per my understanding for your above message, docker client must be run with elevated privileges
Looks like the client is running as user instead of an administrator
k
Yup, I do believe your understanding is correct as well. And unfortunately, Windows isn't my favorite. haha!
Any tip on how I could change that to administrator?
c
hmmm
f
@kind-application-89221 Could you upload the 
networking.log
file as well?
k
@fast-garage-66093, the 
networking.log
file is strangely empty.
f
Can you try to 
type networking.log
anyways, to make sure? Sometimes the log files are listed with size 0 in the directory because the directory entries haven't been updated.
k
Should I be doing this in the command line?
f
Yes, but it looks like it is empty for me too, on a Windows machine. It has additional information about parsing certs on macOS, but I guess that code is not executed on Windows.
k
Indeed, it is indeed empty.
f
Can you check with your IT people if you are allowed to share the Zscaler cert from your machine? There should be nothing confidential in it (it is a cert, not a key, and the names are all from Zscaler and not your company).
If you can share the cert, we could install it on a test machine and see if we can reproduce the problem
k
Ah ha! I will check in with them, hopefully, they can.
f
It is always better to ask for permission first anyways
👍 1
k
Issue resolved. • Went to the physical office with VPN turned on for a while and then turned off. • Installed RD v1.0.1 • And all issues gone.
f
Did you really mean 1.0.1? Any reason you did not upgrade to 1.5.1?
k
Yup, 1.0.1 indeed was what cut it for me, and will try an upgrade when next in the office but that will be sometime next week and I'll ping here if everything is fine. Currently running behind a deadline so didn't want to risk it.
Tbh, it was hard to tell what the exact issue could be and so didn't further
Hi @fast-garage-66093, I said I was going to ping here when I upgrade to RD 1.5.1 when next at the office to avoid the networking issues but couldn't do that today. I will definitely ping here once I do and confirmed.
Hi @fast-garage-66093. The upgrade looks good.
👍 1
136 Views
Open in Slack
PreviousNext
Powered by