This message was deleted Rancher Users #harvester

Join Slack

This message was deleted.

# harvester

adamant-kite-43734

06/28/2022, 7:28 PM

This message was deleted.

square-orange-60123

06/28/2022, 7:47 PM

I can't get harvester to trust the self-signed cert

-> what issue are you seeing? I wouldn’t think you would get any issues from the yaml generated from rancher.

sparse-art-48043

06/28/2022, 8:07 PM

Where should I check for the logs?

sparse-art-48043

06/28/2022, 8:07 PM

I kinda just assumed it would be the self-signed cert as I can't curl the yaml file due to that

sparse-art-48043

06/28/2022, 8:07 PM

but it could be something else

square-orange-60123

06/28/2022, 8:08 PM

can you curl it from your own machine on the same network?

sparse-art-48043

06/28/2022, 8:08 PM

no. SSL cert error

sparse-art-48043

06/28/2022, 8:09 PM

Copy code

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: <https://curl.se/docs/sslcerts.html>

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

square-orange-60123

06/28/2022, 8:09 PM

oh 😅 well then its still a rancher cert issue. Can you curl with the insecure flag? And also post dig results?

sparse-art-48043

06/28/2022, 8:10 PM

I can visit the web interface with a security exception

sparse-art-48043

06/28/2022, 8:10 PM

I just want to know how to trust the self-signed cert in Harvester (for now)

square-orange-60123

06/28/2022, 8:11 PM

right. So tldr, you shouldn’t need to trust the cert. It doesn’t matter if rancher is using self-signed certs or not for registering a harvester setup to use in rancher.

sparse-art-48043

06/28/2022, 8:11 PM

Yes I can cURL it with --insecure

sparse-art-48043

06/28/2022, 8:11 PM

Copy code

; <<>> DiG 9.16.28-RH <<>> rancher.box
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51584
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;rancher.box.			IN	A

;; ANSWER SECTION:
rancher.box.		0	IN	A	10.10.1.201

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Jun 28 15:10:58 CDT 2022
;; MSG SIZE  rcvd: 56

sparse-art-48043

06/28/2022, 8:11 PM

really? it will just bypass the self-signed cert?

square-orange-60123

06/28/2022, 8:12 PM

yup. it should anyways 🙂

sparse-art-48043

06/28/2022, 8:12 PM

it's still not registering with rancher though...

😮 1

sparse-art-48043

06/28/2022, 8:13 PM

where would I get the logs for that stuff?

square-orange-60123

06/28/2022, 8:14 PM

I don’t have a setup right now to check unfortunately. You should be able to ssh in to your harvester node, and get the logs of the harvester deployment. I’d assume that it would show up there.

sparse-art-48043

06/28/2022, 8:15 PM

well i'm giving it a good ol' reboot and i'll see if that fixes it

😄 1

sparse-art-48043

06/28/2022, 8:15 PM

thanks for your help!

14 Views

Open in Slack

Previous Next