Rke2-server重启报错

owenbush · 2024 年4 月 6 日 07:23

环境信息:
RKE2 版本: v1.27.8 +rke2r1

集群配置:

问题描述:

rancher2.8.2 安装 v1.27.8 +rke2r1 集群，然后在宿主机系欸但重启rke2-server操作，无法成功。

日志


重启rke2-server后，使用journalctl -xe查看报错如下：

-- Subject: Unit rke2-server.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit rke2-server.service has failed.
--
-- The result is failed.
Apr 06 15:18:27 rke2-03 systemd[1]: Unit rke2-server.service entered failed state.
Apr 06 15:18:27 rke2-03 systemd[1]: rke2-server.service failed.
Apr 06 15:18:27 rke2-03 polkitd[787]: Unregistered Authentication Agent for unix-process:123985:16432679 (system bus name :1.665, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF
Apr 06 15:18:32 rke2-03 systemd[1]: rke2-server.service holdoff time over, scheduling restart.
Apr 06 15:18:32 rke2-03 systemd[1]: Stopped Rancher Kubernetes Engine v2 (server).
-- Subject: Unit rke2-server.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit rke2-server.service has finished shutting down.
Apr 06 15:18:32 rke2-03 systemd[1]: Starting Rancher Kubernetes Engine v2 (server)...
-- Subject: Unit rke2-server.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit rke2-server.service has begun starting up.
Apr 06 15:18:32 rke2-03 sh[124475]: + /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service
Apr 06 15:18:32 rke2-03 sh[124475]: Failed to get unit file state for nm-cloud-setup.service: No such file or directory
Apr 06 15:18:32 rke2-03 rke2[124485]: time="2024-04-06T15:18:32+08:00" level=warning msg="not running in CIS mode"
Apr 06 15:18:32 rke2-03 rke2[124485]: time="2024-04-06T15:18:32+08:00" level=info msg="Applying Pod Security Admission Configuration"
Apr 06 15:18:32 rke2-03 rke2[124485]: time="2024-04-06T15:18:32+08:00" level=info msg="Starting rke2 v1.27.8+rke2r1 (77c9470934d7073341fb297aefa2dda0b97909c9)"
Apr 06 15:18:32 rke2-03 rke2[124485]: time="2024-04-06T15:18:32+08:00" level=warning msg="Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full t
Apr 06 15:18:32 rke2-03 rke2[124485]: time="2024-04-06T15:18:32+08:00" level=info msg="Managed etcd cluster not yet initialized"
Apr 06 15:18:32 rke2-03 rke2[124485]: time="2024-04-06T15:18:32+08:00" level=warning msg="Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full t
Apr 06 15:18:32 rke2-03 rke2[124485]: time="2024-04-06T15:18:32+08:00" level=fatal msg="starting kubernetes: preparing server: https://[2409:8a02:482b:f910:20c:29ff:fe80:2f4]:9345/v1-rke2/server-bootstrap: 4
Apr 06 15:18:32 rke2-03 systemd[1]: rke2-server.service: main process exited, code=exited, status=1/FAILURE
Apr 06 15:18:32 rke2-03 systemd[1]: Failed to start Rancher Kubernetes Engine v2 (server).
-- Subject: Unit rke2-server.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit rke2-server.service has failed.
--
-- The result is failed.
Apr 06 15:18:32 rke2-03 systemd[1]: Unit rke2-server.service entered failed state.
Apr 06 15:18:32 rke2-03 systemd[1]: rke2-server.service failed.

ksd · 2024 年4 月 7 日 01:40

owenbush:

Apr 06 15:18:32 rke2-03 rke2[124485]: time="2024-04-06T15:18:32+08:00" level=fatal msg="starting kubernetes: preparing server: https://[2409:8a02:482b:f910:20c:29ff:fe80:2f4]:9345/v1-rke2/server-bootstrap: 4

从这个日志排查下吧，重启后，你的服务器 IP 或者 RKE2 连接地址变成了 IPV6 地址，不知道你是故意这么弄的还是咋回事，如果是故意的，就看这个地址和端口是否通

owenbush · 2024 年4 月 7 日 03:02

感谢大佬，已经解决。主要原因是对rke2架构不熟悉。另外，请问下，目前遇到问题。rke2链接harbor只能pull不能push。

push命令：
ctr -a /run/k3s/containerd/containerd.sock -n k8s.io images push 192.168.1.105/demo/regstry:2
push报错：
ctr: content digest sha256:b43aed67d039503439ce74787aa1e1497258190f20151193ca3bfe1cd0b87d3e: not found

registries.yaml配置如下：
[root@rke2-02 rke2]# cat registries.yaml
mirrors:
192.168.1.105:
endpoint:
- “https://192.168.1.105”
configs:
“192.168.1.105”:
auth:
username: admin
password: xxxxx
tls:
cert_file: /etc/rancher/yourdomain.com.cert
key_file: /etc/rancher/yourdomain.com.key
ca_file: /etc/rancher/ca.crt
insecure_skip_verify: true

harbor配置：
常规配置，由于harbor和gitlab在一台主机上因此，主机名为gitlab.demo.com，其他开放http和https以及配置证书。

额外问题：请问ctr使用harbor，registries.yaml中只能使用https吗，可以使用http吗。

ksd · 2024 年4 月 7 日 03:15

百度查的，你可以试试 [containerd] ctr push镜像时提示：ctr: content digest xxxxxx not found_ctr content digest not found-CSDN博客