ansible-role-rke2
ansible-role-rke2 copied to clipboard
lablabs
bug: Warning on token
Summary
Jul 01 13:23:15 server04 rke2[997]: time="2022-07-01T13:23:15+02:00" level=warning msg="Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation."
We get this error when token is just plain token for agents.
but should actually get
/var/lib/rancher/rke2/server/node-token
from one of the master nodes i guess.
Issue Type
Bug Report
Ansible Version
ansible [core 2.11.12]
config file = /home/benji/code/ansible-infrastructure/ansible.cfg
configured module search path = ['/home/benji/code/ansible-infrastructure/library']
ansible python module location = /home/benji/.pyenv/versions/3.9.7/envs/ansible-infrastructure-3.9.7/lib/python3.9/site-packages/ansible
ansible collection location = /home/benji/.ansible/collections:/usr/share/ansible/collections
executable location = /home/benji/.pyenv/versions/ansible-infrastructure-3.9.7/bin/ansible
python version = 3.9.7 (default, Apr 7 2022, 12:58:08) [GCC 9.4.0]
jinja version = 3.0.1
libyaml = True
Steps to Reproduce
Expected Results
Expect not go get the warning
Actual Results
...
Hi @newbenji , i don't think this is the case because /var/lib/rancher/rke2/server/node-token is being used only if you do not specify pre-shared secret ( in this role it is rke2_token ansible variable). https://rancher.com/docs/rancher/v2.5/en/installation/resources/k8s-tutorials/ha-rke2/
What RKE2 version are you using plz? I will test it...
Actually as it seem it gets generated with the token you give so it consists of the token and i think the ca will try investigate in my vacation coming up