Open SalaryTheft opened 6 months ago
Hey team, we just ran into this same exact issue, same symptoms as well. I thought perhaps we just had a one-off issue, but then noticed this issue, so I thought I'd add a comment. I'll get some troubleshooting logs posted here. I can connect via netcat to port 8443
and have ruled out selinux, fapolicyd, etc as potential contributors.
It just.... stops responding to http traffic.
I should have captured the output, but failed to - I did notice that a curl
results in something similar to the following:
curl -vvv https://<quay-server>:8443 | head
* Rebuilt URL to: https://<quay-server>:8443/
* TCP_NODELAY set
* Connected to <quay-server> port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
< hangs right here where we should get a Server hello>
We never get the server hello back, nor anything beyond that - and, as noted above the port is open and responds via nc
and the logs keep on rolling by for journalctl -fu quay-app.service
or podman logs -f <pod_id>
All the pods are running but registry server is unresponsive at some point after installation. (no response at
curl https://localhost:8443
)I have to restart the pods or even have to reboot the host to get it working.
All the pods are running:
New logs are comming up, so the containers are running fine... I guess?
Nothing strange on the
quay-app
container deatails.