4 Replies Latest reply on Nov 8, 2019 8:49 AM by RaymundoEC

    NCP nsx kube proxy crashing on startup

    estork09 Lurker

      1 2019-11-06T01:59:19.255Z honolulu-rke-w2 NSX 7 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO" security="True"] nsx_ujo.common.nsx_log_adaptor Initialized log configuration

      1 2019-11-06T01:59:20.043Z honolulu-rke-w2 NSX 7 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="WARNING"] nsx_ujo.common.privilege Privsep daemon check failed for context nsx_ujo.common.privilege.kube_proxy_pri: 'NoneType' object has no attribute 'exchange_ping'

      1 2019-11-06T01:59:20.046Z honolulu-rke-w2 NSX 7 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon Running privsep helper: ['sudo', '-E', 'privsep-helper', '--config-file', '/etc/nsx-ujo/ncp.ini', '--privsep_context', 'nsx_ujo.common.privilege.kube_proxy_pri', '--privsep_sock_path', '/tmp/tmpdY7wiq/privsep.sock']

      1 2019-11-06T01:59:20.682Z honolulu-rke-w2 NSX 7 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon Spawned new privsep daemon via rootwrap

      1 2019-11-06T01:59:20.683Z honolulu-rke-w2 NSX 7 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="DEBUG"] oslo.privsep.daemon Accepted privsep connection to /tmp/tmpdY7wiq/privsep.sock

      1 2019-11-06T01:59:20.616Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon privsep daemon starting

      1 2019-11-06T01:59:20.620Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon privsep process running with uid/gid: 0/0

      1 2019-11-06T01:59:20.630Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon privsep process running with capabilities (eff/prm/inh): CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_NET_ADMIN|CAP_SYS_ADMIN|CAP_SYS_PTRACE/CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_NET_ADMIN|CAP_SYS_ADMIN|CAP_SYS_PTRACE/none

      1 2019-11-06T01:59:20.630Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] oslo.privsep.daemon privsep daemon running as pid 30

      1 2019-11-06T01:59:20.986Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO" security="True"] nsx_ujo.nsx_kube_proxy.proxy Starting nsx_kube_proxy

      1 2019-11-06T01:59:21.011Z honolulu-rke-w2 NSX 30 - [nsx@6876 comp="nsx-container-node" subcomp="nsx_kube_proxy" level="INFO"] cli.server.container_cli_server Starting kube_proxy CLI server

      Traceback (most recent call last):

      File "/usr/bin/nsx_kube_proxy", line 10, in <module>

      sys.exit(main())

      File "/usr/lib/python2.7/site-packages/nsx_ujo/cmd/nsx_kube_proxy.py", line 11, in main

      proxy_main.main()

      File "/usr/lib/python2.7/site-packages/nsx_ujo/common/privilege.py", line 35, in _wrap

      return self._keepalive_wrap(func, *args, **kwargs)

      File "/usr/lib/python2.7/site-packages/nsx_ujo/common/privilege.py", line 48, in _keepalive_wrap

      return super(PrivContextPlus, self)._wrap(func, *args, **kwargs)

      File "/usr/lib/python2.7/site-packages/oslo_privsep/priv_context.py", line 207, in _wrap

      return self.channel.remote_call(name, args, kwargs)

      File "/usr/lib/python2.7/site-packages/oslo_privsep/daemon.py", line 202, in remote_call

      raise exc_type(*result[2])

      OpenSSL.SSL.Error: (('x509 certificate routines', 'X509_load_cert_crl_file', 'no certificate or crl found'),)

       

      I am trying to deploy ncp to join my kubernetes cluster to my 2.5 nsx-t deployment. All the nsx-kube-proxy containers are returning these logs. I'm not sure what is trying to load a certificate or where it is trying to load this certificate from.

       

      Is there something in the ncp.yaml that I need to declare to provide a certificate?