Trying to join my first worker node to the rke2 cl...
# rke2r
ripe-photographer-20183
08/19/2025, 8:06 PMTrying to join my first worker node to the rke2 cluster by following the official instructions.
• Installed the RKE2 binaries:
curl -sfL <https://get.rke2.io> | INSTALL_RKE2_VERSION="v1.32.7+rke2r1" INSTALL_RKE2_TYPE="agent" sh -systemctl enable rke2-agent.service/etc/rancher/rke2/config.yamlsystemctl start rke2-agent.servicejournalctl -u rke2-agent -f Copy code
Aug 19 20:05:59 worker1.dcodes.dev rke2[14080]: time="2025-08-19T20:05:59Z" level=info msg="Waiting to retrieve agent configuration; server is not ready: failed to retrieve configuration from server: not authorized"
Aug 19 20:06:08 worker1.dcodes.dev rke2[14080]: time="2025-08-19T20:06:08Z" level=info msg="Waiting to retrieve agent configuration; server is not ready: failed to retrieve configuration from server: not authorized"
Aug 19 20:06:16 worker1.dcodes.dev rke2[14080]: time="2025-08-19T20:06:16Z" level=info msg="Waiting to retrieve agent configuration; server is not ready: failed to retrieve configuration from server: not authorized"c
creamy-pencil-82913
08/19/2025, 8:28 PMyou’ve got something wrong with the token or the server in the agent config
creamy-pencil-82913
08/19/2025, 8:28 PMCan you show what you’ve got in your config.yaml, and how you checked the token from the server?
r
ripe-photographer-20183
08/19/2025, 8:33 PMHere is my config from the worker node and how I got the token from the server node.
ripe-photographer-20183
08/19/2025, 8:34 PMOne thing to note is that running
rke2 token rotate Copy code
rke2 token rotate
WARNING: Recommended to keep a record of the old token. If restoring from a snapshot, you must use the token associated with that snapshot.
FATA[0000] not authorizedripe-photographer-20183
08/19/2025, 8:36 PMAlso running
journalctl Copy code
journalctl -u rke2-server -f
Aug 19 20:35:02 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:02Z" level=error msg="Failed to authenticate request from 64.112.43.185:43264: invalid username/password combination"
Aug 19 20:35:02 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:02Z" level=error msg="Sending HTTP/1.1 401 response to 64.112.43.185:43264: not authorized"
Aug 19 20:35:09 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:09Z" level=error msg="Failed to authenticate request from 64.112.43.185:43294: invalid username/password combination"
Aug 19 20:35:09 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:09Z" level=error msg="Sending HTTP/1.1 401 response to 64.112.43.185:43294: not authorized"
Aug 19 20:35:16 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:16Z" level=error msg="Failed to authenticate request from 64.112.43.185:43028: invalid username/password combination"
Aug 19 20:35:16 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:16Z" level=error msg="Sending HTTP/1.1 401 response to 64.112.43.185:43028: not authorized"
Aug 19 20:35:24 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:24Z" level=error msg="Failed to authenticate request from 64.112.43.185:60120: invalid username/password combination"
Aug 19 20:35:24 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:24Z" level=error msg="Sending HTTP/1.1 401 response to 64.112.43.185:60120: not authorized"
Aug 19 20:35:33 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:33Z" level=error msg="Failed to authenticate request from 64.112.43.185:47492: invalid username/password combination"
Aug 19 20:35:33 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:33Z" level=error msg="Sending HTTP/1.1 401 response to 64.112.43.185:47492: not authorized"
Aug 19 20:35:41 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:41Z" level=error msg="Failed to authenticate request from 64.112.43.185:56476: invalid username/password combination"
Aug 19 20:35:41 k8s.dcodes.dev rke2[1664509]: time="2025-08-19T20:35:41Z" level=error msg="Sending HTTP/1.1 401 response to 64.112.43.185:56476: not authorized"c
creamy-pencil-82913
08/19/2025, 8:37 PMwhat?
creamy-pencil-82913
08/19/2025, 8:38 PMwhy are you running “token rotate” to get a token for the agent?
r
ripe-photographer-20183
08/19/2025, 8:38 PMI'm not, that was just an observation and to give you context.
c
creamy-pencil-82913
08/19/2025, 8:39 PMDid you specify an agent token in your server config?
r
ripe-photographer-20183
08/19/2025, 8:39 PMNo.
c
creamy-pencil-82913
08/19/2025, 8:41 PMDid you leave a character off the begining or end when copying it?
r
ripe-photographer-20183
08/19/2025, 8:41 PMI'm sure that I didn't, I use ansible to automatically do it and checked it again manually.
c
creamy-pencil-82913
08/19/2025, 8:42 PMDid you try to rotate the server token at some point in the past?
creamy-pencil-82913
08/19/2025, 8:42 PMSomething is misconfigured on your server if you can’t even run commands there successfully
r
ripe-photographer-20183
08/19/2025, 8:42 PMI think I did once.
c
creamy-pencil-82913
08/19/2025, 8:42 PMDid you follow the steps to restart rke2 afterwards?
creamy-pencil-82913
08/19/2025, 8:43 PMIt really sounds like you got halfway through something
r
ripe-photographer-20183
08/19/2025, 8:43 PMRestarting rke2 server?
ripe-photographer-20183
08/19/2025, 8:44 PMI presume running
rke2 token rotatec
creamy-pencil-82913
08/19/2025, 8:51 PMno. that indicates that something is broken on your server. like, you ran the rotate command but then didn’t finish the job.
creamy-pencil-82913
08/19/2025, 8:51 PMyou shouldn’t be just running that for fun. You need to do things afterwards. see the docs: https://docs.rke2.io/security/token#server-token-rotation
r
ripe-photographer-20183
08/19/2025, 9:05 PMThank you, restarting if fixed it, my bad for missing that part of the docs.
4 Views