Tink_worker on sandbox deployment fails with CERT issue #145
Comments
|
@gianarb , Did you get a chance to have a look at this issue? because I am also facing some cert related issues in tink-worker from last couple of days while setting it up on local machine using vagrant and virtualbox on Ubuntu 20.04. |
|
Hey @umashankar1988, sorry for the delayed response. I've experienced this before and was able to resolve it by deleting the |
|
Hi @jacobweinstock I tried using the steps suggested above but the issue still remains the same. Below is a screenshot of docker container logs from the worker
|
## Description This PR brings up the sandbox via Docker compose using the Kubernetes backend for all service. This does not completely remove the postgres backend setup but moves all the compose with postgres into an isolated directory (deploy/compose/postgres) that can be removed when we're ready. > I did not touch the terraform setup. I need some help validating that one. please and thank you. CC @mmlb @displague ## Why is this needed Fixes: #142 #45 #118 #131 #133 #145 #148 - This "fixes" a quite a few issues related to TLS cert generation. This is the case because we are not using TLS in this deployment. Also see, tinkerbell/tink#555. - This also "fixes" any issues related to the internal registry as that is removed as the default. ## How Has This Been Tested? Manually tested vagrant with virtualbox (on a Mac), vagrant with libvirt (on Ubuntu 22.04), and docker-compose (on on Ubuntu 22.04). ## How are existing users impacted? What migration steps/scripts do we need? There is no migration support. Users will need to follow a quick start guide to get started. ## Checklist: I have: - [x] updated the documentation and/or roadmap (if required) - [ ] added unit or e2e tests - [ ] provided instructions on how to upgrade
## Description This PR brings up the sandbox via Docker compose using the Kubernetes backend for all service. This does not completely remove the postgres backend setup but moves all the compose with postgres into an isolated directory (deploy/compose/postgres) that can be removed when we're ready. > I did not touch the terraform setup. I need some help validating that one. please and thank you. CC @mmlb @displague ## Why is this needed Fixes: tinkerbell#142 tinkerbell#45 tinkerbell#118 tinkerbell#131 tinkerbell#133 tinkerbell#145 tinkerbell#148 - This "fixes" a quite a few issues related to TLS cert generation. This is the case because we are not using TLS in this deployment. Also see, tinkerbell/tink#555. - This also "fixes" any issues related to the internal registry as that is removed as the default. ## How Has This Been Tested? Manually tested vagrant with virtualbox (on a Mac), vagrant with libvirt (on Ubuntu 22.04), and docker-compose (on on Ubuntu 22.04). ## How are existing users impacted? What migration steps/scripts do we need? There is no migration support. Users will need to follow a quick start guide to get started. ## Checklist: I have: - [x] updated the documentation and/or roadmap (if required) - [ ] added unit or e2e tests - [ ] provided instructions on how to upgrade
As soon as the tink_worker is started it fails with an error x509 : certificate signed by unknown authority at linuxkit
Expected Behaviour
The tink_worker should work as the certificate is signed by Tinkerbell CA
Current Behaviour
The linuxkit boot screen is stuck waiting for the deployment. Upon checking the logs of the container we see that it fails to start with Unknown certificate issue.
Possible Solution
Need to sign the certificate properly
Steps to Reproduce (for bugs)
Context
We are using tinkerbell in production to provision multiple linux physical machines and this issue has stopped us from moving forward.
Your Environment
Ubuntu 18.04
Using docker-compose from sandbox ( https://github.com/tinkerbell/sandbox/tree/main/deploy/compose)
The text was updated successfully, but these errors were encountered: