Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

CDSW worker status is false

avatar
Explorer

I added anew worker to the CDSW cluster and the status of this worker is false,

In the logs I gut this message:

Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

 

 

1 ACCEPTED SOLUTION

avatar
Master Guru

@ronys The requirements are valid for all worker and master hosts. 

  • All Cloudera Data Science Workbench gateway hosts must be part of the same datacenter and use the same network. Hosts from different data-centers or networks can result in unreliable performance.
  • A wildcard subdomain such as *.cdsw.company.com must be configured. Wildcard subdomains are used to provide isolation for user-generated content.

    The wildcard DNS hostname configured for Cloudera Data Science Workbench must be resolvable from both, the CDSW cluster, and your browser.

So you have to make sure the DNS and wildcard with TLS host cert (if any) is properly configured. For reference use any of the working hosts. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

6 REPLIES 6

avatar
Master Guru

@ronys This seems an issue with the TLS setup within CDSW. You have to make sure the wildcard domain is properly configured and then restart CDSW again to see if this makes progress. 

 

https://docs.cloudera.com/cdsw/1.9.2/installation/topics/cdsw-set-up-a-wildcard-dns-subdomain.html


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
Explorer

Hi,

I will dtail the problem, the cluster have five workers that working OK, the problem is with the new worker that we aadded.

The document refers to the master.

 

Thank you,

Rony

avatar
Master Guru

@ronys The requirements are valid for all worker and master hosts. 

  • All Cloudera Data Science Workbench gateway hosts must be part of the same datacenter and use the same network. Hosts from different data-centers or networks can result in unreliable performance.
  • A wildcard subdomain such as *.cdsw.company.com must be configured. Wildcard subdomains are used to provide isolation for user-generated content.

    The wildcard DNS hostname configured for Cloudera Data Science Workbench must be resolvable from both, the CDSW cluster, and your browser.

So you have to make sure the DNS and wildcard with TLS host cert (if any) is properly configured. For reference use any of the working hosts. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
Explorer

Hi,

 

When we run  CDSW validate  command on the problem worker we gut this message :

[Validating networking setup]

> Checking if kubelet iptables rules exist

The following chains are missing from iptables: [KUBE-EXTERNAL-SERVICES, WEAVE-NPC-EGRESS, WEAVE-NPC, WEAVE-NPC-EGRESS-ACCEPT, KUBE-SERVICES, WEAVE-NPC-INGRESS, WEAVE-NPC-EGRESS-DEFAULT, WEAVE-NPC-DEFAULT, WEAVE-NPC-EGRESS-CUSTOM, KUBE-FIREWALL]

WARNING:: Verification of iptables rules failed: 1

> Checking if DNS server is running on localhost

> Checking the number of DNS servers in resolv.conf

> Checking DNS entries for CDSW main domain

> Checking reverse DNS entries for CDSW main domain

> Checking DNS entries for CDSW wildcard domain

> Checking that firewalld is disabled

> Checking if ipv6 is enabled

 

[Validating Kubernetes versions]

> Checking kubernetes client version

> Checking kubernetes server version

 

--------------------------------------------------------------------------

Errors detected.

 

Please review the issues listed above. Further details can be collected by

capturing logs from all nodes using "cdsw logs".

 

Is this related to the problem?

 

Thank you,

Rony

avatar
Master Guru

No @ronys I think the installation of the worker node is corrupted somehow. This error seems related with kubeconfig file and may be you want to try delete the node again and clean that and then re add as worker. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
Explorer

Hi @GangWar

it works fine now

Thanks,

Rony