Hi,
I’m getting the following status
[root@kube01 anchors]# /opt/pwx/bin/pxctl status
Status: PX is operational
Telemetry: Disabled or Unhealthy
License: PX-Essential (ERROR: License is expired, Failed to register cluster with PX-Central)
Node ID: 8ccb2b62-2f47-4f73-b909-b4c183f19987
IP: 10.126.25.220
Local Storage Pool: 1 pool
POOL IO_PRIORITY RAID_LEVEL USABLE USED STATUS ZONE REGION
0 LOW raid0 80 GiB 6.0 GiB Online default default
Local Storage Devices: 1 device
Device Path Media Type Size Last-Scan
0:1 /dev/mapper/pxdatavg-pxdatalv STORAGE_MEDIUM_MAGNETIC 80 GiB 10 May 22 09:36 CEST
total - 80 GiB
Cache Devices:
* No cache devices
Kvdb Device:
Device Path Size
/dev/mapper/pxkvdbvg-pxkvdblv 24 GiB
* Internal kvdb on this node is using this dedicated kvdb device to store its data.
Cluster Summary
Cluster ID: px-cluster-523fd839-bd9e-4203-8e7e-3a60e176c7c7
Cluster UUID: b4f66bba-9149-476b-b844-409c31233a7c
Scheduler: kubernetes
Nodes: 4 node(s) with storage (4 online)
IP ID SchedulerNodeName Auth StorageNode Used Capacity Status StorageStatus Version Kernel OS
10.126.26.52 fddfe1cb-9867-4c7d-8423-fcadde807c67 kube04 Disabled Yes 6.0 GiB 80 GiB Online Up 2.10.0-352f52a 3.10.0-1160.el7.x86_64 Oracle Linux Server 7.9
10.126.25.230 eeb57626-a05a-451e-8bb7-a336f01b4366 kube03 Disabled Yes 6.0 GiB 80 GiB Online Up 2.10.0-352f52a 3.10.0-1160.el7.x86_64 Oracle Linux Server 7.9
10.126.25.227 ab51f91f-2b48-4020-8b7a-aff29b37c154 kube02 Disabled Yes 6.0 GiB 80 GiB Online Up 2.10.0-352f52a 3.10.0-1160.el7.x86_64 Oracle Linux Server 7.9
10.126.25.220 8ccb2b62-2f47-4f73-b909-b4c183f19987 kube01 Disabled Yes 6.0 GiB 80 GiB Online Up (This node) 2.10.0-352f52a 3.10.0-1160.el7.x86_64 Oracle Linux Server 7.9
Global Storage Pool
Total Used : 24 GiB
Total Capacity : 320 GiB
The error reported in pod’s logs and portworx alert is
CLUSTER MeteringAgentCritical ALARM 1 May 10 07:36:57 UTC 2022 May 10 07:36:57 UTC 2022 Unable to register cluster: Put "https://pxessentials.portworx.com/osb/billing/v1/register": x509: certificate signed by unknown authority
Portworx tries to access URL : “https://pxessentials.portworx.com/osb/billing/v1/register” to perform the registration but it fails.
I’m using an HTTP corporate proxy (zscaler) for an airgapped installation. the SSL certificatate of my proxy is:
- properly loaded in /etc/pki on my kubernetes nodes (tested with curl)
- properly loaded in /etc/pki on the portworx pod (tested also with curl)
It seems portworx is not using the zscaler CA certificate located in truststore. Only the proxy address and ports are used. Do i need to put my CA certificate in a specific location in order it can be considered properly by portworx?
Logs showing the curl is working is using the HTTP_PROXY/HTTPS_PROXY environment:
[root@kube01 anchors]# k exec -it portworx-pl4wh -- bash
Defaulting container name to portworx.
Use 'kubectl describe pod/portworx-pl4wh -n kube-system' to see all of the containers in this pod.
[root@kube01 /]# ls /etc/pki/ca-trust/source/anchors/zscaler.pem
/etc/pki/ca-trust/source/anchors/zscaler.pem
[root@kube01 /]# update-ca-trust
[root@kube01 /]#
[root@kube01 /]# set | grep PROXY
PX_HTTPS_PROXY=http://10.126.35.38:3128
PX_HTTP_PROXY=http://10.126.35.38:3128
[root@kube01 /]# export HTTPS_PROXY=http://10.126.35.38:3128
[root@kube01 /]# export HTTP_PROXY=http://10.126.35.38:3128
[root@kube01 /]# curl https://pxessentials.portworx.com/osb/billing/v1/register
[root@kube01 /]# *(no output means it's working properly here)*
[root@kube01 /]#
Some more output, from the kubernetes pod:
[root@kube01 anchors]# curl https://pxessentials.portworx.com/osb/ping
{"status":"pong","message":"PX-OSB is UP and running"}