Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

CDSW worker status is false

avatar
author-rank ronys
Explorer

Created ‎12-20-2021 07:05 AM

I added anew worker to the CDSW cluster and the status of this worker is false,

In the logs I gut this message:

Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

 

 

2,603 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank GangWar author-rank
Master Guru

Created ‎12-21-2021 01:38 AM

@ronys The requirements are valid for all worker and master hosts. 

  • All Cloudera Data Science Workbench gateway hosts must be part of the same datacenter and use the same network. Hosts from different data-centers or networks can result in unreliable performance.
  • A wildcard subdomain such as *.cdsw.company.com must be configured. Wildcard subdomains are used to provide isolation for user-generated content.

    The wildcard DNS hostname configured for Cloudera Data Science Workbench must be resolvable from both, the CDSW cluster, and your browser.

So you have to make sure the DNS and wildcard with TLS host cert (if any) is properly configured. For reference use any of the working hosts. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

2,567 Views
0 Kudos
6 REPLIES 6

avatar
author-rank GangWar author-rank
Master Guru

Created ‎12-20-2021 10:48 AM

@ronys This seems an issue with the TLS setup within CDSW. You have to make sure the wildcard domain is properly configured and then restart CDSW again to see if this makes progress. 

 

https://docs.cloudera.com/cdsw/1.9.2/installation/topics/cdsw-set-up-a-wildcard-dns-subdomain.html


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,586 Views
0 Kudos

avatar
author-rank ronys
Explorer

Created ‎12-21-2021 01:32 AM

Hi,

I will dtail the problem, the cluster have five workers that working OK, the problem is with the new worker that we aadded.

The document refers to the master.

 

Thank you,

Rony

2,570 Views
0 Kudos

avatar
author-rank GangWar author-rank
Master Guru

Created ‎12-21-2021 01:38 AM

@ronys The requirements are valid for all worker and master hosts. 

  • All Cloudera Data Science Workbench gateway hosts must be part of the same datacenter and use the same network. Hosts from different data-centers or networks can result in unreliable performance.
  • A wildcard subdomain such as *.cdsw.company.com must be configured. Wildcard subdomains are used to provide isolation for user-generated content.

    The wildcard DNS hostname configured for Cloudera Data Science Workbench must be resolvable from both, the CDSW cluster, and your browser.

So you have to make sure the DNS and wildcard with TLS host cert (if any) is properly configured. For reference use any of the working hosts. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,568 Views
0 Kudos

avatar
author-rank ronys
Explorer

Created ‎12-21-2021 03:38 AM

Hi,

 

When we run  CDSW validate  command on the problem worker we gut this message :

[Validating networking setup]

> Checking if kubelet iptables rules exist

The following chains are missing from iptables: [KUBE-EXTERNAL-SERVICES, WEAVE-NPC-EGRESS, WEAVE-NPC, WEAVE-NPC-EGRESS-ACCEPT, KUBE-SERVICES, WEAVE-NPC-INGRESS, WEAVE-NPC-EGRESS-DEFAULT, WEAVE-NPC-DEFAULT, WEAVE-NPC-EGRESS-CUSTOM, KUBE-FIREWALL]

WARNING:: Verification of iptables rules failed: 1

> Checking if DNS server is running on localhost

> Checking the number of DNS servers in resolv.conf

> Checking DNS entries for CDSW main domain

> Checking reverse DNS entries for CDSW main domain

> Checking DNS entries for CDSW wildcard domain

> Checking that firewalld is disabled

> Checking if ipv6 is enabled

 

[Validating Kubernetes versions]

> Checking kubernetes client version

> Checking kubernetes server version

 

--------------------------------------------------------------------------

Errors detected.

 

Please review the issues listed above. Further details can be collected by

capturing logs from all nodes using "cdsw logs".

 

Is this related to the problem?

 

Thank you,

Rony

2,554 Views
0 Kudos

avatar
author-rank GangWar author-rank
Master Guru

Created ‎12-27-2021 05:20 AM

No @ronys I think the installation of the worker node is corrupted somehow. This error seems related with kubeconfig file and may be you want to try delete the node again and clean that and then re add as worker. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,499 Views
0 Kudos

avatar
author-rank ronys
Explorer

Created ‎12-27-2021 10:53 PM

Hi @GangWar

it works fine now

Thanks,

Rony

2,480 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements