Error while importing cluster to rancher

I following the installation guidelines for deployment guide for V3, after the executing the cluster import command the cluster status in rancher shows pending and there is no progress.

When you go to the related resource tab of the cluster it says:
This resource is currently in a transitioning state, but there isn’t a detailed message available.
Clicking on the Mgmt Cluster there is a message Waiting for API to be available.

In the error log I can see the below for the pod
ERROR: .xyz Domain Names | Join Generation XYZ is not accessible (Could not resolve host: rancher.xyz.com).
But I don’t see any issues in resolution of the url. Please note I am using a selfsigned certificate for nginix generated through openssl.

Hi Arjun,

Thank you for reaching out regarding the deployment of V3 using the installation guidelines. We apologize for the inconvenience you are facing with the cluster import command.

Upon reviewing your message, it appears that the cluster status in Rancher is showing as “pending,” and there is no progress. Additionally, when accessing the related resource tab of the cluster, it indicates that the resource is in a transitioning state, but there is no detailed message available. Furthermore, clicking on the Mgmt Cluster shows a message stating “Waiting for API to be available.”

We aim to get back to you as soon as possible with a detailed and comprehensive answer to address your concerns. Your satisfaction is our priority, and we want to ensure that you have a smooth and successful experience with MOSIP.

Best Regards,
Team MOSIP

Ensure to resolve DNS rancher.xyz.com from your local as well as from the k8s cluster.

Setup DNS ( K8S cluster )

kubectl -n kube-system edit cm coredns

Update and add the below block In coredns cm.

hosts {
  <INTERNAL_IP_OF_OBS_NGINX_NODE>    rancher.xyz.net keycloak.xyz.net
  fallthrough
}

Restart coredns pods

kubectl -n kube-system rollout restart deploy coredns coredns-autoscaler

Set DNS local

  • Add the below values in the /etc/hosts file.
<INTERNAL_IP_OF_OBS_NGINX_NODE>    rancher.xyz.net keycloak.xyz.net

Hi

Thanks for getting back with the solution.

After the below steps should I remove the cluster showing pending state in the rancher console and re-register it?

Hi Syed,

The name resolution issue on the pod is resolved , but even after re-registering the cluster the status is pending and “Waiting for API to be available” on the rancher portal.

Hi Arun,

Thanks for the update as I can see you have followed up the steps shared by @syed.salman but still issue on the re-registration of cluster status is pending our team is looking into this and get back to you asap.

Best Regards,
Team MOSIP

@arjunsukumar can you please provide more information on this?

List the pods via

kubectl get pods -A

If any pod is crashing, please provide us the logs via the below command:

kubectl -n <NAMESPACE> logs <POD-NAME> --previous

Hi Syed,

Please find attached the requested logs for review and advise.

(Attachment Logs.rtf is missing)

Hello Syed,

Arjun not able to post. i’m sharing the logs

arjun@mass-master:~$ kubectl get pods -A
NAMESPACE         NAME                                            READY   STATUS             RESTARTS        AGE
cattle-system     cattle-cluster-agent-547f7959b8-9z7s5           0/1     CrashLoopBackOff   239 (77s ago)   19h
httpbin           httpbin-74fb669cc6-rmp56                        2/2     Running            3 (17h ago)     41h
istio-operator    istio-operator-f89b46bdf-s9x5w                  1/1     Running            2 (17h ago)     2d21h
istio-system      istio-ingressgateway-bbcd89c48-jhmzv            1/1     Running            2 (17h ago)     2d21h
istio-system      istio-ingressgateway-internal-bcd5d5876-blrn8   1/1     Running            2 (17h ago)     2d21h
istio-system      istiod-d97cbc5f-d4xls                           1/1     Running            3 (17h ago)     2d21h
kube-system       calico-kube-controllers-5685fbd9f7-cbjvh        1/1     Running            2 (17h ago)     3d16h
kube-system       canal-2h9nq                                     2/2     Running            4 (17h ago)     3d16h
kube-system       canal-78qjn                                     2/2     Running            4 (17h ago)     3d15h
kube-system       canal-9k4b7                                     2/2     Running            5 (17h ago)     3d16h
kube-system       canal-jwkhv                                     2/2     Running            4 (17h ago)     3d16h
kube-system       canal-vv662                                     2/2     Running            4 (17h ago)     3d16h
kube-system       coredns-6784669b74-qb75g                        1/1     Running            1 (17h ago)     23h
kube-system       coredns-6784669b74-x59gk                        1/1     Running            1 (17h ago)     23h
kube-system       coredns-autoscaler-7f74c8f58b-4sbr4             1/1     Running            1 (17h ago)     23h
kube-system       metrics-server-6bc7854fb5-szwnw                 1/1     Running            2 (17h ago)     3d16h
kube-system       rke-coredns-addon-deploy-job--1-p9gkq           0/1     Completed          0               3d16h
kube-system       rke-metrics-addon-deploy-job--1-dww4k           0/1     Completed          0               3d16h
kube-system       rke-network-plugin-deploy-job--1-lqwhf          0/1     Completed          0               3d16h
longhorn-system   csi-attacher-5f46994f7-b2dg4                    1/1     Running            2 (17h ago)     2d21h
longhorn-system   csi-attacher-5f46994f7-j7jjk                    1/1     Running            3 (17h ago)     2d21h
longhorn-system   csi-attacher-5f46994f7-v9hr4                    1/1     Running            2 (17h ago)     2d21h
longhorn-system   csi-provisioner-6ccbfbf86f-jrsb7                1/1     Running            2 (17h ago)     2d21h
longhorn-system   csi-provisioner-6ccbfbf86f-ncd4s                1/1     Running            3 (17h ago)     2d21h
longhorn-system   csi-provisioner-6ccbfbf86f-pt79b                1/1     Running            2 (17h ago)     2d21h
longhorn-system   csi-resizer-6dd8bd4c97-5t22b                    1/1     Running            2 (17h ago)     2d21h
longhorn-system   csi-resizer-6dd8bd4c97-j8vw8                    1/1     Running            2 (17h ago)     2d21h
longhorn-system   csi-resizer-6dd8bd4c97-tkvg8                    1/1     Running            3 (17h ago)     2d21h
longhorn-system   csi-snapshotter-86f65d8bc-dpwdc                 1/1     Running            2 (17h ago)     2d21h
longhorn-system   csi-snapshotter-86f65d8bc-gf64f                 1/1     Running            2 (17h ago)     2d21h
longhorn-system   csi-snapshotter-86f65d8bc-vzs9z                 1/1     Running            3 (17h ago)     2d21h
longhorn-system   engine-image-ei-fa2dfbf0-42d94                  1/1     Running            2 (17h ago)     2d21h
longhorn-system   engine-image-ei-fa2dfbf0-9zt45                  1/1     Running            2 (17h ago)     2d21h
longhorn-system   engine-image-ei-fa2dfbf0-dcq6l                  1/1     Running            2 (17h ago)     2d21h
longhorn-system   engine-image-ei-fa2dfbf0-pshmv                  1/1     Running            2 (17h ago)     2d21h
longhorn-system   engine-image-ei-fa2dfbf0-ttg9c                  1/1     Running            2 (17h ago)     2d21h
longhorn-system   instance-manager-e-059e27d4                     1/1     Running            0               17h
longhorn-system   instance-manager-e-15adf935                     1/1     Running            0               17h
longhorn-system   instance-manager-e-2151ddc3                     1/1     Running            0               17h
longhorn-system   instance-manager-e-4241c261                     1/1     Running            0               17h
longhorn-system   instance-manager-e-cd1550f9                     1/1     Running            0               17h
longhorn-system   instance-manager-r-624b4869                     1/1     Running            0               17h
longhorn-system   instance-manager-r-9bb300a1                     1/1     Running            0               17h
longhorn-system   instance-manager-r-c3bf960e                     1/1     Running            0               17h
longhorn-system   instance-manager-r-cbab1bb8                     1/1     Running            0               17h
longhorn-system   instance-manager-r-dcbbb8a5                     1/1     Running            0               17h
longhorn-system   longhorn-csi-plugin-7f6nv                       2/2     Running            5 (17h ago)     2d21h
longhorn-system   longhorn-csi-plugin-csrlp                       2/2     Running            6 (17h ago)     2d21h
longhorn-system   longhorn-csi-plugin-ddn6b                       2/2     Running            5 (17h ago)     2d21h
longhorn-system   longhorn-csi-plugin-pfbcn                       2/2     Running            7 (17h ago)     2d21h
longhorn-system   longhorn-csi-plugin-rrthh                       2/2     Running            6 (17h ago)     2d21h
longhorn-system   longhorn-driver-deployer-6db849975f-2lc6t       1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-iscsi-installation-5wxx7               1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-iscsi-installation-6mzdn               1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-iscsi-installation-9hwdx               1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-iscsi-installation-jfpvw               1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-iscsi-installation-v5fz5               1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-manager-5fd85                          1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-manager-5sc8l                          1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-manager-bdtcd                          1/1     Running            3 (17h ago)     2d21h
longhorn-system   longhorn-manager-h52fj                          1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-manager-mgj5f                          1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-nfs-installation-7dwdf                 1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-nfs-installation-8rwz6                 1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-nfs-installation-bm27k                 1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-nfs-installation-f7zfm                 1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-nfs-installation-mkds2                 1/1     Running            2 (17h ago)     2d21h
longhorn-system   longhorn-ui-6f547c964-8gj5t                     1/1     Running            4 (17h ago)     2d21h

arjun@mass-master:~$ kubectl -n cattle-system logs cattle-cluster-agent-547f7959b8-9z7s5 --previous
INFO: Environment: CATTLE_ADDRESS=10.42.3.26 CATTLE_CA_CHECKSUM= CATTLE_CLUSTER=true CATTLE_CLUSTER_AGENT_PORT=tcp://10.43.158.148:80 CATTLE_CLUSTER_AGENT_PORT_443_TCP=tcp://10.43.158.148:443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_ADDR=10.43.158.148 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PORT=443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_PORT_80_TCP=tcp://10.43.158.148:80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_ADDR=10.43.158.148 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PORT=80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_SERVICE_HOST=10.43.158.148 CATTLE_CLUSTER_AGENT_SERVICE_PORT=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTP=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTPS_INTERNAL=443 CATTLE_CLUSTER_REGISTRY= CATTLE_INGRESS_IP_DOMAIN=sslip.io CATTLE_INSTALL_UUID=7dfa2c7b-7ca4-4104-80ad-1dc41e457a2b CATTLE_INTERNAL_ADDRESS= CATTLE_IS_RKE=false CATTLE_K8S_MANAGED=true CATTLE_NODE_NAME=cattle-cluster-agent-547f7959b8-9z7s5 CATTLE_RANCHER_WEBHOOK_MIN_VERSION= CATTLE_RANCHER_WEBHOOK_VERSION=2.0.5+up0.3.5 CATTLE_SERVER=https://rancher.kvaliteta.com CATTLE_SERVER_VERSION=v2.7.5
INFO: Using resolv.conf: nameserver 10.43.0.10 search cattle-system.svc.kvaliteta.com svc.kvaliteta.com kvaliteta.com options ndots:5
INFO: https://rancher.kvaliteta.com/ping is accessible
INFO: rancher.kvaliteta.com resolves to 192.168.1.46
time="2023-07-21T05:07:12Z" level=info msg="Listening on /tmp/log.sock"
time="2023-07-21T05:07:12Z" level=info msg="Rancher agent version v2.7.5 is starting"
time="2023-07-21T05:07:12Z" level=info msg="Certificate details from https://rancher.kvaliteta.com"
time="2023-07-21T05:07:12Z" level=info msg="Certificate #0 (https://rancher.kvaliteta.com)"
time="2023-07-21T05:07:12Z" level=info msg="Subject: CN=*.kvaliteta.com,O=Kvaliteta,L=Tvm,ST=Ker,C=IN"
time="2023-07-21T05:07:12Z" level=info msg="Issuer: CN=*.kvaliteta.com,O=Kvaliteta,L=Tvm,ST=Ker,C=IN"
time="2023-07-21T05:07:12Z" level=info msg="IsCA: true"
time="2023-07-21T05:07:12Z" level=info msg="DNS Names: <none>"
time="2023-07-21T05:07:12Z" level=info msg="IPAddresses: <none>"
time="2023-07-21T05:07:12Z" level=info msg="NotBefore: 2023-07-10 11:21:25 +0000 UTC"
time="2023-07-21T05:07:12Z" level=info msg="NotAfter: 2024-07-09 11:21:25 +0000 UTC"
time="2023-07-21T05:07:12Z" level=info msg="SignatureAlgorithm: SHA256-RSA"
time="2023-07-21T05:07:12Z" level=info msg="PublicKeyAlgorithm: RSA"
time="2023-07-21T05:07:12Z" level=fatal msg="Get \https://rancher.kvaliteta.com\: x509: certificate relies on legacy Common Name field, use SANs instead"
arjun@mass-master:~$

Hi @ramkumar.kvaliteta

The import is getting failed due to a self-signed certificate, Use the curl --insecure option displayed on rancher UI to import the cluster

![image

Hi Syed,

we are already using the insecure option
this warning is generated while registration

Warning: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key: beta.kubernetes.io/os is deprecated since v1.14; use "kubernetes.io/os" instead

Hey @ramkumar.kvaliteta

Thanks for letting us know where is the issue coming @syed.salman will look into this and help you out.

Best Regards,
MOSIP Team

Kindly note that the warning issued can be disregarded. However, it is imperative to confirm whether all the prerequisites outlined in the MOSIP documentation have been diligently followed.

Furthermore, please ensure that the Kubernetes cluster version precisely matches v1.22.9. To retrieve this information, kindly execute the provided command below.

$ kubectl get nodes
NAME    STATUS                     ROLES                      AGE   VERSION
node1   Ready,SchedulingDisabled   controlplane,etcd,worker   14d   v1.22.9
node2   Ready,SchedulingDisabled   controlplane,etcd,worker   14d   v1.22.9

Hello Syed pls check the below```

arjun@mass-master:~$ kubectl get nodes
NAME                STATUS   ROLES                      AGE   VERSION
mosip-app-host-01   Ready    controlplane,etcd,worker   10d   v1.22.9
mosip-app-host-02   Ready    controlplane,etcd,worker   10d   v1.22.9
mosip-app-host-03   Ready    controlplane,etcd,worker   10d   v1.22.9
mosip-app-host-04   Ready    controlplane,worker        10d   v1.22.9
mosip-app-host-05   Ready    controlplane,worker        10d   v1.22.9
1 Like

The version looks fine…

you can ignore the warning

1 Like

Hi @ramkumar.kvaliteta

Do let us know if you are facing any issues further !

Best Regards,
Team MOSIP

Hi Syed

So what is the next step, the cluster import is till in pending state.

Can you please check which pods are failing or in not ready state? And also provide us with the logs.

Hi Syed,

Please find below.

NAMESPACE         NAME                                            READY   STATUS             RESTARTS           AGE
cattle-system     cattle-cluster-agent-7b8fcf9545-qf5tv           0/1     CrashLoopBackOff   2459 (4m30s ago)   8d


kubectl -n cattle-system logs cattle-cluster-agent-7b8fcf9545-qf5tv --previous
INFO: Environment: CATTLE_ADDRESS=10.42.1.34 CATTLE_CA_CHECKSUM= CATTLE_CLUSTER=true CATTLE_CLUSTER_AGENT_PORT=tcp://10.43.158.148:80 CATTLE_CLUSTER_AGENT_PORT_443_TCP=tcp://10.43.158.148:443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_ADDR=10.43.158.148 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PORT=443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_PORT_80_TCP=tcp://10.43.158.148:80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_ADDR=10.43.158.148 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PORT=80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_SERVICE_HOST=10.43.158.148 CATTLE_CLUSTER_AGENT_SERVICE_PORT=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTP=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTPS_INTERNAL=443 CATTLE_CLUSTER_REGISTRY= CATTLE_INGRESS_IP_DOMAIN=sslip.io CATTLE_INSTALL_UUID=7dfa2c7b-7ca4-4104-80ad-1dc41e457a2b CATTLE_INTERNAL_ADDRESS= CATTLE_IS_RKE=false CATTLE_K8S_MANAGED=true CATTLE_NODE_NAME=cattle-cluster-agent-7b8fcf9545-qf5tv CATTLE_RANCHER_WEBHOOK_MIN_VERSION= CATTLE_RANCHER_WEBHOOK_VERSION=2.0.5+up0.3.5 CATTLE_SERVER=https://rancher.kvaliteta.com CATTLE_SERVER_VERSION=v2.7.5
INFO: Using resolv.conf: nameserver 10.43.0.10 search cattle-system.svc.kvaliteta.com svc.kvaliteta.com kvaliteta.com options ndots:5
INFO: https://rancher.kvaliteta.com/ping is accessible
INFO: rancher.kvaliteta.com resolves to 192.168.1.46
time="2023-08-02T06:11:39Z" level=info msg="Listening on /tmp/log.sock"
time="2023-08-02T06:11:39Z" level=info msg="Rancher agent version v2.7.5 is starting"
time="2023-08-02T06:11:39Z" level=info msg="Certificate details from https://rancher.kvaliteta.com"
time="2023-08-02T06:11:39Z" level=info msg="Certificate #0 (https://rancher.kvaliteta.com)"
time="2023-08-02T06:11:39Z" level=info msg="Subject: CN=*.kvaliteta.com,O=Kvaliteta,L=Tvm,ST=Ker,C=IN"
time="2023-08-02T06:11:39Z" level=info msg="Issuer: CN=*.kvaliteta.com,O=Kvaliteta,L=Tvm,ST=Ker,C=IN"
time="2023-08-02T06:11:39Z" level=info msg="IsCA: true"
time="2023-08-02T06:11:39Z" level=info msg="DNS Names: <none>"
time="2023-08-02T06:11:39Z" level=info msg="IPAddresses: <none>"
time="2023-08-02T06:11:39Z" level=info msg="NotBefore: 2023-07-10 11:21:25 +0000 UTC"
time="2023-08-02T06:11:39Z" level=info msg="NotAfter: 2024-07-09 11:21:25 +0000 UTC"
time="2023-08-02T06:11:39Z" level=info msg="SignatureAlgorithm: SHA256-RSA"
time="2023-08-02T06:11:39Z" level=info msg="PublicKeyAlgorithm: RSA"
time="2023-08-02T06:11:39Z" level=fatal msg="Get \"https://rancher.kvaliteta.com\": x509: certificate relies on legacy Common Name field, use SANs instead"

It appears to be a self-signed certificate problem. Could you kindly regenerate the self-signed certificates using Docker, following the instructions provided in this link and try to import again ?

Furthermore, I have noticed that the Kubernetes nodes are currently in the SchedulingDisabled state. Have you manually disabled them?