This message was deleted.
# generala
adamant-kite-43734
10/19/2022, 3:43 PMThis message was deleted.
d
damp-painting-69352
10/19/2022, 4:50 PMCheck firewall, and node's logs for kubelet/rke2-server/agent and rancher-system-agent logs
a
ancient-ambulance-88071
10/19/2022, 5:15 PMufw status
Status: inactive
kubelet:
Copy code
1315 pod_workers.go:190] "Error syncing pod, skipping" err="failed to \"StartContainer\" for \"cluster-register\" with CrashLoopBackOff: \"back-off 5m0s restarting failed container=cluster-register pod=cattle-cluster-agent-77586f7db9-xq5jm_cattle-system(0aa84aae-5963-460a-a11e-3202064ac9f5)\"" pod="cattle-system/cattle-cluster-agent-77586f7db9-xq5jm" podUID=0aa84aae-5963-460a-a11e-3202064ac9f5 Copy code
time="2022-10-19T15:51:30Z" level=info msg="Option customConfig=map[address:XXXXX internalAddress: label:map[] roles:[] taints:[]]"
time="2022-10-19T15:51:30Z" level=info msg="Connecting to <wss://rancher.norma.co/v3/connect> with token starting with XXXX"
time="2022-10-19T15:51:30Z" level=info msg="Connecting to proxy" url="<wss://rancher.XXX.co/v3/connect>"
time="2022-10-19T15:51:30Z" level=info msg="Starting plan monitor, checking every 120 seconds"ancient-ambulance-88071
10/19/2022, 5:16 PM@damp-painting-69352 do you have any suggestion?
d
damp-painting-69352
10/19/2022, 5:17 PMcheck the logs on the cattle-system-agent pod
damp-painting-69352
10/19/2022, 5:18 PMthat 2nd block is all
infoa
ancient-ambulance-88071
10/19/2022, 5:26 PMcattle-system
Copy code
E1019 17:25:11.295120 1 reflector.go:139] pkg/mod/github.com/rancher/client-go@v0.21.0-rancher.1/tools/cache/reflector.go:168: Failed to watch *v1.ClusterRepo: failed to list *v1.ClusterRepo: the server could not find the requested resource (get <http://clusterrepos.meta.k8s.io|clusterrepos.meta.k8s.io>)d
damp-painting-69352
10/19/2022, 5:40 PMso i think that is fine, as cattle-agent isn't able to connect to provision itself from rancher yet
damp-painting-69352
10/19/2022, 5:41 PMcan you try curling the management cluster /v3/connect url from that downstream node? see if you get a timeout
damp-painting-69352
10/19/2022, 5:41 PMcheck to see if the Management cluster's firewall is setup and API is responding
a
ancient-ambulance-88071
10/19/2022, 5:45 PM Copy code
curl -IL <http://rancher.XXX.co/v3/connect>
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: <https://rancher.XXX.co/v3/connect>
Date: Wed, 19 Oct 2022 17:45:05 GMT
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: <https://curl.haxx.se/docs/sslcerts.html>
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.ancient-ambulance-88071
10/19/2022, 5:47 PMI saved rancher.XXX.co into /etc/hosts at my downstream server.
d
damp-painting-69352
10/19/2022, 5:47 PMOkay the TLS is an issue
damp-painting-69352
10/19/2022, 5:48 PMso do you have Rancher setup with an internal/self signed cert
a
ancient-ambulance-88071
10/19/2022, 5:50 PMno, i don't have a cert. in my previous experience, i installed a rancher cluster with default config and run the scripts on downstream servers. i didn't do anything more.
ancient-ambulance-88071
10/19/2022, 5:52 PMI used a docker-compose file to up rancher
d
damp-painting-69352
10/19/2022, 6:17 PMRancher does create a cert, but that is as far as i can help. As my knowledge is specifically k8s
a
ancient-ambulance-88071
10/19/2022, 8:17 PM@damp-painting-69352 thank you for your support✌️
👍 1
39 Views