Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question]edge raven-agent addrConn.createTransport failed to connect to cloud publicIP #2191

Open
nelzhang02184516 opened this issue Nov 18, 2024 · 3 comments
Open

[Question]edge raven-agent addrConn.createTransport failed to connect to cloud publicIP #2191

nelzhang02184516 opened this issue Nov 18, 2024 · 3 comments
Labels
kind/question kind/question

Comments

@nelzhang02184516
Copy link

What happened:
I tried to use raven Gateways for cloud-edge communication in the new cluster. After configuring Gateways, the edge node raven-agent reported an error.
What you expected to happen:
cloud-edge communication
How to reproduce it (as minimally and precisely as possible):
my address:
image

raven gateways setting:
image
image

cloud error:
image

edge raven-agent error log:
W1118 03:49:31.470619 1 logging.go:59] [core] [Channel #499 SubChannel #500] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36"
E1118 03:49:31.470816 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36""
W1118 03:49:49.030518 1 logging.go:59] [core] [Channel #501 SubChannel #502] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36"
E1118 03:49:49.030622 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36""
W1118 03:50:06.996726 1 logging.go:59] [core] [Channel #503 SubChannel #504] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36"
E1118 03:50:06.996851 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36""
W1118 03:50:24.981607 1 logging.go:59] [core] [Channel #505 SubChannel #506] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36"
E1118 03:50:24.981755 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36""
W1118 03:50:42.861499 1 logging.go:59] [core] [Channel #507 SubChannel #508] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36"
E1118 03:50:42.861599 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36""
W1118 03:51:00.591151 1 logging.go:59] [core] [Channel #509 SubChannel #510] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36"
E1118 03:51:00.591278 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36""
W1118 03:51:17.813888 1 logging.go:59] [core] [Channel #511 SubChannel #512] grpc: addrConn.createTransport failed to connect to {Addr: "47.121.201.36:10262", ServerName: "47.121.201.36", }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36"
E1118 03:51:17.813991 1 clientset.go:156] "cannot sync once" err="rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 172.16.132.133, 127.0.0.1, 10.96.79.62, not 47.121.201.36""

Anything else we need to know?:

Environment:

  • OpenYurt version:v1.4.4
  • Kubernetes version (use kubectl version):v1.25.6
  • OS (e.g: cat /etc/os-release):Linux
  • Kernel (e.g. uname -a):3.10.0-1160.119.1.el7.x86_64
  • Install tools:
  • Others:

others
/kind question
@nelzhang02184516 nelzhang02184516 added the kind/question kind/question label Nov 18, 2024
@nelzhang02184516
Copy link
Author

cloud raven-agent log:

I1118 03:00:42.484473 1 engine.go:121] "RavenEngine: updating gateway, gw-cd"
I1118 03:00:42.484497 1 engine.go:95] RavenEngine: enqueue gateway gw-cd to tunnel queue
I1118 03:00:42.484555 1 engine.go:100] RavenEngine: enqueue gateway gw-cd to proxy queue
I1118 03:00:42.484611 1 tunnel.go:55] RavenEngine: update raven l3 tunnel config for gateway gw-cd
I1118 03:00:42.484691 1 tunnelagent.go:216] "no public IP for gateway, waiting for sync" gateway="gw-cd"
I1118 03:00:42.484712 1 tunnelagent.go:119] network not changed, skip to process
I1118 03:00:42.484792 1 proxy.go:214] ProxyClient: start raven l7 proxy client
I1118 03:00:42.484813 1 proxy.go:218] ProxyClient: dest address is empty, will not connected it
I1118 03:00:46.482265 1 engine.go:121] "RavenEngine: updating gateway, gw-cd"
I1118 03:00:46.482290 1 engine.go:95] RavenEngine: enqueue gateway gw-cd to tunnel queue
I1118 03:00:46.482305 1 engine.go:100] RavenEngine: enqueue gateway gw-cd to proxy queue
I1118 03:00:46.482342 1 tunnel.go:55] RavenEngine: update raven l3 tunnel config for gateway gw-cd
I1118 03:00:46.482420 1 tunnelagent.go:216] "no public IP for gateway, waiting for sync" gateway="gw-cd"
I1118 03:00:46.482440 1 tunnelagent.go:119] network not changed, skip to process
I1118 03:00:46.484068 1 proxy.go:214] ProxyClient: start raven l7 proxy client
I1118 03:00:46.484095 1 proxy.go:218] ProxyClient: dest address is empty, will not connected it
I1118 03:00:46.487877 1 engine.go:121] "RavenEngine: updating gateway, gw-cd"
I1118 03:00:46.487895 1 engine.go:95] RavenEngine: enqueue gateway gw-cd to tunnel queue
I1118 03:00:46.487911 1 engine.go:100] RavenEngine: enqueue gateway gw-cd to proxy queue
I1118 03:00:46.487944 1 tunnel.go:55] RavenEngine: update raven l3 tunnel config for gateway gw-cd
I1118 03:00:46.488812 1 tunnelagent.go:123] "applying network" localEndpoint="172.16.132.133" remoteEndpoint=map[gw-cd:172.16.16.89]
I1118 03:00:46.488843 1 libreswan.go:187] Tunnel: desired edge connections: map[], desired relay connections: map[172.16.132.133-172.16.16.89-10.244.0.0/24-10.244.2.0/24:0xc00058bfb0]
I1118 03:00:46.488848 1 libreswan.go:201] no desired edge connections
I1118 03:00:46.490384 1 proxy.go:214] ProxyClient: start raven l7 proxy client
I1118 03:00:46.490404 1 proxy.go:218] ProxyClient: dest address is empty, will not connected it
I1118 03:00:46.497050 1 libreswan.go:448] "whacking with" args=[--psk --encrypt --forceencaps --name 172.16.132.133-172.16.16.89-10.244.0.0/24-10.244.2.0/24 --id @172.16.132.133-10.244.0.0/24-10.244.2.0/24 --host 172.16.132.133 --client 10.244.0.0/24 --ikeport 4500 --to --id @172.16.16.89-10.244.2.0/24-10.244.0.0/24 --host %any --client 10.244.2.0/24 --dpddelay 15 --dpdtimeout 30 --dpdaction restart] output="whack: IKEv2 liveness uses --retransmit-timeout, option --dpdtimeout ignored\n002 "172.16.132.133-172.16.16.89-10.244.0.0/24-10.244.2.0/24": added IKEv2 connection\n"
I1118 03:00:46.497075 1 vxlan.go:83] Tunnel: only gateway node exist in current gateway, cleaning up route setting
I1118 03:01:18.280193 1 manageheader.go:77] ProxyServer: request from apiserver with host iz2vcbqht61jy7tsvof5u7z:10250 and url /containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub is processed by header manager
I1118 03:01:18.280341 1 manageheader.go:120] ProxyServer: start handling request GET https://172.16.16.89:10250/containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub, req.Host changed from iz2vcbqht61jy7tsvof5u7z:10250 to 172.16.16.89:10250, remote address is 172.16.132.133:38234
E1118 03:01:18.280545 1 tunnel.go:76] "currently no tunnels available" err="No backend available"
E1118 03:01:18.280808 1 interceptor.go:279] ProxyServer: failed to setup the proxy for 172.16.16.89:10250, error fail to setup TLS handshake to 172.16.16.89:10250: error write unix @->/tmp/interceptor-proxier.sock: write: broken pipe
I1118 03:01:18.280834 1 manageheader.go:124] ProxyServer: finish handle request GET https://172.16.16.89:10250/containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub, handle lasts 475.904µs
I1118 03:52:41.751691 1 manageheader.go:77] ProxyServer: request from apiserver with host iz2vcbqht61jy7tsvof5u7z:10250 and url /containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub is processed by header manager
I1118 03:52:41.751838 1 manageheader.go:120] ProxyServer: start handling request GET https://172.16.16.89:10250/containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub, req.Host changed from iz2vcbqht61jy7tsvof5u7z:10250 to 172.16.16.89:10250, remote address is 172.16.132.133:32036
E1118 03:52:41.752032 1 tunnel.go:76] "currently no tunnels available" err="No backend available"
E1118 03:52:41.752191 1 interceptor.go:279] ProxyServer: failed to setup the proxy for 172.16.16.89:10250, error fail to setup TLS handshake to 172.16.16.89:10250: error write unix @->/tmp/interceptor-proxier.sock: write: broken pipe
I1118 03:52:41.752210 1 manageheader.go:124] ProxyServer: finish handle request GET https://172.16.16.89:10250/containerLogs/kube-system/yurt-hub-iz2vcbqht61jy7tsvof5u7z/yurt-hub, handle lasts 360.251µs

@zyjhtangtang
Copy link
Contributor

Add this parameter --server-cert-ips=47.121.201.36

@nelzhang02184516
Copy link
Author

Add this parameter --server-cert-ips=47.121.201.36

Thank you for your answer. I can get the edge pod information after reset raven-agent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/question kind/question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zyjhtangtang @nelzhang02184516