Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

CDSW worker status is false

avatar
author-rank ronys
Explorer

Created ‎12-20-2021 07:05 AM

I added anew worker to the CDSW cluster and the status of this worker is false,

In the logs I gut this message:

Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

 

 

2,971 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank GangWar author-rank
Master Guru

Created ‎12-21-2021 01:38 AM

@ronys The requirements are valid for all worker and master hosts. 

  • All Cloudera Data Science Workbench gateway hosts must be part of the same datacenter and use the same network. Hosts from different data-centers or networks can result in unreliable performance.
  • A wildcard subdomain such as *.cdsw.company.com must be configured. Wildcard subdomains are used to provide isolation for user-generated content.

    The wildcard DNS hostname configured for Cloudera Data Science Workbench must be resolvable from both, the CDSW cluster, and your browser.

So you have to make sure the DNS and wildcard with TLS host cert (if any) is properly configured. For reference use any of the working hosts. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

2,935 Views
0 Kudos
0
6 REPLIES 6

avatar
author-rank GangWar author-rank
Master Guru

Created ‎12-20-2021 10:48 AM

@ronys This seems an issue with the TLS setup within CDSW. You have to make sure the wildcard domain is properly configured and then restart CDSW again to see if this makes progress. 

 

https://docs.cloudera.com/cdsw/1.9.2/installation/topics/cdsw-set-up-a-wildcard-dns-subdomain.html


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,954 Views
0 Kudos

avatar
author-rank ronys
Explorer

Created ‎12-21-2021 01:32 AM

Hi,

I will dtail the problem, the cluster have five workers that working OK, the problem is with the new worker that we aadded.

The document refers to the master.

 

Thank you,

Rony

2,938 Views
0 Kudos

avatar
author-rank GangWar author-rank
Master Guru

Created ‎12-21-2021 01:38 AM

@ronys The requirements are valid for all worker and master hosts. 

  • All Cloudera Data Science Workbench gateway hosts must be part of the same datacenter and use the same network. Hosts from different data-centers or networks can result in unreliable performance.
  • A wildcard subdomain such as *.cdsw.company.com must be configured. Wildcard subdomains are used to provide isolation for user-generated content.

    The wildcard DNS hostname configured for Cloudera Data Science Workbench must be resolvable from both, the CDSW cluster, and your browser.

So you have to make sure the DNS and wildcard with TLS host cert (if any) is properly configured. For reference use any of the working hosts. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,936 Views
0 Kudos
0

avatar
author-rank ronys
Explorer

Created ‎12-21-2021 03:38 AM

Hi,

 

When we run  CDSW validate  command on the problem worker we gut this message :

[Validating networking setup]

> Checking if kubelet iptables rules exist

The following chains are missing from iptables: [KUBE-EXTERNAL-SERVICES, WEAVE-NPC-EGRESS, WEAVE-NPC, WEAVE-NPC-EGRESS-ACCEPT, KUBE-SERVICES, WEAVE-NPC-INGRESS, WEAVE-NPC-EGRESS-DEFAULT, WEAVE-NPC-DEFAULT, WEAVE-NPC-EGRESS-CUSTOM, KUBE-FIREWALL]

WARNING:: Verification of iptables rules failed: 1

> Checking if DNS server is running on localhost

> Checking the number of DNS servers in resolv.conf

> Checking DNS entries for CDSW main domain

> Checking reverse DNS entries for CDSW main domain

> Checking DNS entries for CDSW wildcard domain

> Checking that firewalld is disabled

> Checking if ipv6 is enabled

 

[Validating Kubernetes versions]

> Checking kubernetes client version

> Checking kubernetes server version

 

--------------------------------------------------------------------------

Errors detected.

 

Please review the issues listed above. Further details can be collected by

capturing logs from all nodes using "cdsw logs".

 

Is this related to the problem?

 

Thank you,

Rony

2,922 Views
0 Kudos

avatar
author-rank GangWar author-rank
Master Guru

Created ‎12-27-2021 05:20 AM

No @ronys I think the installation of the worker node is corrupted somehow. This error seems related with kubeconfig file and may be you want to try delete the node again and clean that and then re add as worker. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,867 Views
0 Kudos

avatar
author-rank ronys
Explorer

Created ‎12-27-2021 10:53 PM

Hi @GangWar

it works fine now

Thanks,

Rony

2,848 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements