1 2019-11-06T01:59:19.255Z honolulu-rke-w2 NSX 7 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO" security="True"] nsx_ujo.common.nsx_log_adaptor Initialized log configuration
1 2019-11-06T01:59:20.043Z honolulu-rke-w2 NSX 7 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="WARNING"] nsx_ujo.common.privilege Privsep daemon check failed for context nsx_ujo.common.privilege.kube_proxy_pri: 'NoneType' object has no attribute 'exchange_ping'
1 2019-11-06T01:59:20.046Z honolulu-rke-w2 NSX 7 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon Running privsep helper: ['sudo', '-E', 'privsep-helper', '--config-file', '/etc/nsx-ujo/ncp.ini', '--privsep_context', 'nsx_ujo.common.privilege.kube_proxy_pri', '--privsep_sock_path', '/tmp/tmpdY7wiq/privsep.sock']
1 2019-11-06T01:59:20.682Z honolulu-rke-w2 NSX 7 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon Spawned new privsep daemon via rootwrap
1 2019-11-06T01:59:20.683Z honolulu-rke-w2 NSX 7 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="DEBUG"] oslo.privsep.daemon Accepted privsep connection to /tmp/tmpdY7wiq/privsep.sock
1 2019-11-06T01:59:20.616Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon privsep daemon starting
1 2019-11-06T01:59:20.620Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon privsep process running with uid/gid: 0/0
1 2019-11-06T01:59:20.630Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon privsep process running with capabilities (eff/prm/inh): CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_NET_ADMIN|CAP_SYS_ADMIN|CAP_SYS_PTRACE/CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_NET_ADMIN|CAP_SYS_ADMIN|CAP_SYS_PTRACE/none
1 2019-11-06T01:59:20.630Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon privsep daemon running as pid 30
1 2019-11-06T01:59:20.986Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO" security="True"] nsx_ujo.nsx_kube_proxy.proxy Starting nsx_kube_proxy
1 2019-11-06T01:59:21.011Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] cli.server.container_cli_server Starting kube_proxy CLI server
Traceback (most recent call last):
File "/usr/bin/nsx_kube_proxy", line 10, in <module>
sys.exit(main())
File "/usr/lib/python2.7/site-packages/nsx_ujo/cmd/nsx_kube_proxy.py", line 11, in main
proxy_main.main()
File "/usr/lib/python2.7/site-packages/nsx_ujo/common/privilege.py", line 35, in _wrap
return self._keepalive_wrap(func, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/nsx_ujo/common/privilege.py", line 48, in _keepalive_wrap
return super(PrivContextPlus, self)._wrap(func, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/oslo_privsep/priv_context.py", line 207, in _wrap
return self.channel.remote_call(name, args, kwargs)
File "/usr/lib/python2.7/site-packages/oslo_privsep/daemon.py", line 202, in remote_call
raise exc_type(*result[2])
OpenSSL.SSL.Error: (('x509 certificate routines', 'X509_load_cert_crl_file', 'no certificate or crl found'),)
I am trying to deploy ncp to join my kubernetes cluster to my 2.5 nsx-t deployment. All the nsx-kube-proxy containers are returning these logs. I'm not sure what is trying to load a certificate or where it is trying to load this certificate from.
Is there something in the ncp.yaml that I need to declare to provide a certificate?
install kubeadm and check expirations with this:
kubeadm alpha certs check-expiration
Hey Raymundo, it looks like it is because I was passing in a base64 encoded CA into the config map. Switching it to just a basic cert fixed the issue.
Now there are new issues, but if I don't figure it out I can reach out again.
okies, thanks for sharing!