Hi I am doing my first install of Rancher on RKE2 2 6 and am having some issues with accessing ` var lib rancher rke2 server manifests ` to configure nginx as a daemonset as outlined in <https rancher com docs rancher v2 6 en installation resources k8s tutorials ha rke2 5 configure nginx to be a daemonset|these docs> It appears the permissions for the `server` directory are not set properly on any of the nodes in this cluster I m seeing the steps were tested in 2 5 6 So is this a bug or intended Also what permissions should I set on that directory to complete the final step in those docs

A lot was slightly off wrong on the docs for me using RKE2 v1 21 amp Rancher 2 6 on the install Sad to hear they re still that way

The ones that I recall quickly are all on <https rancher com docs rancher v2 6 en installation resources k8s tutorials ha rke2 > When I was first using the page something in I think step 1 was malformed and I had to go back to the 2 5 install page to see the info but that looks fixed Steps 4 amp 5 are both incorrect if using RKE2 v1 21 x and presumably higher so noting what versions those are for and or having a link or note about differences in the different supported versions would be good I can t remember what it was from months ago past that

Hi I am doing my first install of Rancher on RKE2 2 6 and am rancher-users #rke2

Docs

Join the conversation Join Slack

Channels

Title

wonderful-helicopter-16401

05/03/2022, 4:23 AM

Hi, I am doing my first install of Rancher on RKE2 (2.6) and am having some issues with accessing

/var/lib/rancher/rke2/*server/manifests*

to configure nginx as a daemonset as outlined in these docs. It appears the permissions for the server
directory are not set properly on any of the nodes in this cluster. I'm seeing the steps were tested in 2.5.6. So, is this a bug or intended? Also, what permissions should I set on that directory to complete the final step in those docs?

creamy-pencil-82913

05/03/2022, 4:56 AM

What do you mean not set properly. What permissions are you expecting, and what do you see?

🤔 1

You're intended to do that as root, since having a world-writable directory that gets deployed to your cluster would be a bad thing.

🎯 1

wonderful-helicopter-16401

05/03/2022, 11:58 AM

Here is what I am getting...

user@srv1:/var/lib/rancher/rke2$ cd server

-bash: cd: server: Permission denied

user@srv1:/var/lib/rancher/rke2$ sudo cd server

sudo: cd: command not found

Thank you for the reply. I found the answer. I used

sudo bash

instead of trying to cd down to that level. I ended up at the rke2 directory trying to figure out why I couldn't

sudo cd

down to the location required. I found an article that discussed permissions as the issue, hence my question. Your response had me search other forums. The fourth one said I needed to use either

sudo bash

sudo su

and then I would be able to cd to the full path.

I get why the permissions would need to be changed back after making a change. I couldn't work out how to get step 5 of the docs done. And, since I was also thinking that if it was a permissions issue, I'd like to know what they should ultimately be so I could document the changes/requirements. It's been many years, but I seem to recall having to make frequent permissions changes to ultimately get everything properly accessible and secure in websites of yester-year. So, the notion was not completely foreign or made up. Hope this helps others that get the same issue as they learn.

rapid-helmet-86074

05/03/2022, 2:41 PM

If you did a recent RKE2 install you may not need to do the step of chaning nginx ingress controller to a DaemonSet as when I did it several months ago (with RKE2 v1.21.6 if I recall correctly), I was able to run

kubectl get daemonsets -A

and see that it was already a DaemonSet.

🤔 1

wonderful-helicopter-16401

05/04/2022, 3:21 PM

Thank you for that observation. It has me curious about the docs. I will be setting up a second cluster in the next week or so and I'll take a look at that. I'm going to create my own set of documentation that cleans up the process for me. While doing this first install, I felt like I was jumping back and forth and trying to figure out which was the chicken and which was the egg at times. I'll either validate that experience and have some feedback on docs or I'll realize I was just getting confused.

rapid-helmet-86074

05/04/2022, 3:23 PM

A lot was slightly off/wrong on the docs for me using RKE2 v1.21 & Rancher 2.6 on the install. Sad to hear they're still that way.

creamy-pencil-82913

05/04/2022, 3:38 PM

Can you link to the docs page that you're looking at?

rapid-helmet-86074

05/04/2022, 4:39 PM

The ones that I recall quickly are all on https://rancher.com/docs/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-rke2/ . When I was first using the page something in I think step 1 was malformed and I had to go back to the 2.5 install page to see the info but that looks fixed. Steps 4 & 5 are both incorrect if using RKE2 v1.21.x (and presumably higher), so noting what versions those are for and/or having a link or note about differences in the different supported versions would be good. I can't remember what it was from months ago past that.

creamy-pencil-82913

05/04/2022, 4:55 PM

interesting, I’ll pass that along to the docs team. If you ever notice something like that, there’s an Edit This Page button at the bottom of every page, if you can take a moment to even just comment on what you’d like improved in the docs that helps close the loop better than just noting it on Slack.

wonderful-helicopter-16401

05/04/2022, 7:13 PM

I suspect the consistent problem I had is that I was installing my first RKE2 (v1.23) and my first Rancher (v2.6) and the references/notes had me going to other docs to figure out some detail that the main doc assumed I'd know. Then those second docs might have a step/action that was inconsistent with what I was originally trying to do. I've watched numerous videos, read several docs outside of Rancher to try and piece it all together so that the HA RKE2 Rancher install made sense. I'm just about there, I think. of course, most resources in the wild pertain to docker, so it's been interesting. One area I had a lot of confusion on was setting up a load balancer. Looks like we need two load balancers? One for RKE2 and the other for Rancher. Anyway, the chicken/egg comment from above had a lot to do with documentation around load balancers and figuring out that I needed the RKE2 one in place before doing anything with the other one. When I write that it seems logical and simple, but when bouncing between several docs...

creamy-pencil-82913

05/04/2022, 7:15 PM

You don’t technically need two load-balancers, but if you are using dedicated agents to run the Rancher app to keep the server nodes free for running etcd+control-plane, then you would probably want that, since you won’t have the same nodes for the control-plane LB as you will for the ingress LB.

wonderful-helicopter-16401

05/04/2022, 7:20 PM

That makes sense. Separate LBs is what I prefer for our situation. The docs on the Rancher LB also emphasize not adding anything other than Rancher to its external LB.

rapid-helmet-86074

05/04/2022, 7:21 PM

I'm prototyping in small dev environments but trying to keep it moderately production-like. I have 3 nodes for Rancher HA RKE2 cluster, then a downstream RKE2 cluster with 3 control plane/etcd & 5 worker nodes. I have a DNS hostname pointing at the three Rancher RKE2 nodes (and if I set it up manually rather than with Rancher UI commands then another DNS hostname pointing at the three downstream RKE2 control plane nodes). I then have a single external HAProxy instance that points to port 443 on all 5 worker nodes that has a wildcard DNS entry for a subdomain and then I set up my Ingress objects to use that subdomain and go through that HAProxy (I expect the prod instance to put the HAProxy equivalent in a DMZ).

👍 1

View count: 3

Back to #rke2 Join thread in Slack