https://netmaker.org logo
Powered by
Title
b

bumpy-lifeguard-12741

12/01/2022, 3:34 PM
@quiet-continent-24852 I am hitting one more problem on the message broker pod: 
$ kubectl logs pod/mosquitto-7966bf5f56-4wxnd -n netmaker
chown: /mosquitto/config/mosquitto.conf: Read-only file system
1669908757: mosquitto version 2.0.11 starting
1669908757: Config loaded from /mosquitto/config/mosquitto.conf.
1669908757: Opening ipv4 listen socket on port 8883.
1669908757: Opening ipv6 listen socket on port 8883.
1669908757: Error: Unable to load CA certificates. Check cafile "/mosquitto/certs/root.pem".
1669908757: Error: Unable to load server certificate "/mosquitto/certs/server.pem". Check certfile.
1669908757: OpenSSL Error[0]: error:02001002:system library:fopen:No such file or directory
1669908757: OpenSSL Error[1]: error:20074002:BIO routines:file_ctrl:system lib
1669908757: OpenSSL Error[2]: error:140DC002:SSL routines:use_certificate_chain_file:system lib
Am I missing some other undocumented step ?
q

quiet-continent-24852

12/01/2022, 3:39 PM
What version of Netmaker is this?
the need for cert management was removed in v0.16+, as there was a switch to dynamic security. Hence the MQ_ADMIN_PASSWORD conf field.
b

bumpy-lifeguard-12741

12/01/2022, 3:53 PM
image: gravitl/netmaker:v0.16.3
image: eclipse-mosquitto:2.0.11-openssl
I am using manifests from the master branch: https://github.com/gravitl/netmaker/tree/master/k8s/server
j

jolly-london-20127

12/01/2022, 4:32 PM
ahh yes those need to be updated, I'll submit a PR
unless you'd be implemented in submitting a PR yourself to get some credit. It's worth trying to just add MQ_ADMIN_PASSWORD to the manifest to see if that works
actually the mosquitto.conf also needs updating
per_listener_settings false
listener 8883
allow_anonymous false

listener 1883
allow_anonymous false

plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/data/dynamic-security.json
this should be the contents of the configmap
b

bumpy-lifeguard-12741

12/01/2022, 6:45 PM
@jolly-london-20127 its ok, I am afraid right now I would be only able to create PR only for stuff that I ran into without knowing what else needs to be updated as I am only starting with netmaker
$ kubectl logs pod/netmaker-0 -n netmaker
              
 __   __     ______     ______   __    __     ______     __  __     ______     ______    
/\ "-.\ \   /\  ___\   /\__  _\ /\ "-./  \   /\  __ \   /\ \/ /    /\  ___\   /\  == \   
\ \ \-.  \  \ \  __\   \/_/\ \/ \ \ \-./\ \  \ \  __ \  \ \  _"-.  \ \  __\   \ \  __<   
 \ \_\\"\_\  \ \_____\    \ \_\  \ \_\ \ \_\  \ \_\ \_\  \ \_\ \_\  \ \_____\  \ \_\ \_\ 
  \/_/ \/_/   \/_____/     \/_/   \/_/  \/_/   \/_/\/_/   \/_/\/_/   \/_____/   \/_/ /_/ 
                                                                                                                                                                                                                                                                                 

[netmaker] 2022-12-01 20:37:29 connecting to postgres 
[netmaker] 2022-12-01 20:37:30 database successfully connected 
[netmaker] 2022-12-01 20:37:30 no OAuth provider found or not configured, continuing without OAuth 
[netmaker] 2022-12-01 20:37:30 Configuring MQ... 
[netmaker] 2022-12-01 20:37:30 MQ config exists already, So Updating Existing Config... 
[netmaker] 2022-12-01 20:37:30 REST Server successfully started on port  8081  (REST) 
[netmaker] 2022-12-01 20:37:30 connecting to mq broker at ws://mq:1883 with TLS? false 
[netmaker] 2022-12-01 20:38:00 Admin: unable to connect to broker, retrying ... 
[netmaker] Fatal: Admin: could not connect to broker, token timeout, exiting ...
@jolly-london-20127 parhaps something else is missing ?
$ kubectl describe svc mq -n netmaker
Name:              mq
Namespace:         netmaker
Labels:            <none>
Annotations:       <none>
Selector:          app.kubernetes.io/instance=mosquitto,app.kubernetes.io/name=mosquitto
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                172.20.13.2
IPs:               172.20.13.2
Port:              mqtt  1883/TCP
TargetPort:        mqtt/TCP
Endpoints:         10.4.0.154:1883
Port:              mqtt2  8883/TCP
TargetPort:        mqtt2/TCP
Endpoints:         10.4.0.154:8883
Session Affinity:  None
Events:            <none>
the service should be there ^
@jolly-london-20127 @quiet-continent-24852 I tried to use IP of pod directly just to verify there isn't a name resolution problem but the problem persists, I am wondering there is not something missing on the mqtt or authentication level missing: 
[netmaker] 2022-12-02 15:09:03 connecting to mq broker at ws://10.4.0.154:1883 with TLS? false 
[netmaker] 2022-12-02 15:09:33 Admin: unable to connect to broker, retrying ... 
[netmaker] Fatal: Admin: could not connect to broker, token timeout, exiting ...
actually, the connection on the networking level works, I think the netmaker is able to connect to the MQ over network because in the MQ logs I can see this: 
1670067857: Client <unknown> disconnected due to protocol error.
1670067859: New connection from 10.4.0.220:41706 on port 1883.
and 10.4.0.220 is an IP address of my netmaker server pod
so it must be some misconfiguration on protocol level, I suppose MQTT
#installJoin Discord
Powered by