hook icon indicating copy to clipboard operation
hook copied to clipboard

Published 20 hours ago verified publisher icon tinkerbell

boot w/ the dev-dist build

Open ylxxwx opened this issue 2 years ago • 5 comments

I build w/ dev-dist. The boot stuck.

Expected Behaviour

Expect boot successful and see shell.

Current Behaviour

Stuck in boot. Pls see the attached picture. it stuck after init

Possible Solution

Steps to Reproduce (for bugs)

  1. build dev-dist
  2. put the vmlinuxz and initramfs into current dir
  3. boot client
  4. client stuck

Screenshot from 2022-04-18 15-58-38

Context

Your Environment

  • Operating System and version (e.g. Linux, Windows, MacOS):

  • How are you running Tinkerbell? Using Vagrant & VirtualBox, Vagrant & Libvirt, on Packet using Terraform, or give details:

  • Link to your project or a code example to reproduce issue:

ylxxwx avatar Apr 18 '22 20:04 ylxxwx

Same issue here; running on macOS with vagrant-virtualbox.

I tracked this down in the tink-docker container where you can find this:

{"level":"info","ts":1651047221.0680003,"caller":"cmd/root.go:45"
*msg": "starting","service":"github.com/tinkerbell/tink","version": "2h87714"}
Error: worker Finished with error: failed to get workflow context: rpc error:
code = Unavailable desc = connection error:
desc = "transport: authentication handshake failed: x509: certificate signed
by unknown authority"
Usage:
  tink-worker [flags]
 <more usage() stripped>

I tried several permutations in /etc/docker/certs.d - to no avail. Debugging certs via calling that directly, so from the hook getty shell: ctr -n services.linuxkit task exec -t --exec-id testit docker sh docker login ... docker run 192.168.56.4/tink-worker -i 1 -r 192.168.56.4 -u admin -p Admin1234 --tinkerbell-grpc-authority 192.168.56.4:42113

Also tried by storing the presented server cert on 192.168.56.4:443 in /etc/docker/certs.d under 192.168.56.4 and 192.168.56.4:443 to no avail.

double-p avatar Apr 27 '22 08:04 double-p

ok, this is gRPC and has nothing along docker certs. the ca.pem needs to be added to the tink-worker container FS (/etc/ssl/certs/ca-certificates.crt or extra /etc/ssl/certs/myveryca.pem -- both work). Fiddling on how to build such an image....

double-p avatar Apr 27 '22 09:04 double-p

fallout from https://github.com/tinkerbell/tink/pull/584

double-p avatar Apr 27 '22 12:04 double-p

fallout from tinkerbell/tink#584

Caused by that PR, or resolved by it?

nshalman avatar May 03 '22 15:05 nshalman

Caused.. I was able to rollback the image hashes used in the sandbox and there it works. More bits of diagnose and blister help in this issue https://github.com/tinkerbell/sandbox/issues/133

double-p avatar May 03 '22 15:05 double-p

Hey @ylxxwx, quite a bit of change to Hook since you reported this. Mind trying with the latest commit?

jacobweinstock avatar Jan 28 '23 22:01 jacobweinstock

Please reopen if the issue still exists in the latest hook, thanks.

jacobweinstock avatar Aug 25 '23 22:08 jacobweinstock