boot w/ the dev-dist build about hook HOT 7 CLOSED

Same issue here; running on macOS with vagrant-virtualbox.

I tracked this down in the tink-docker container where you can find this:

{"level":"info","ts":1651047221.0680003,"caller":"cmd/root.go:45"
*msg": "starting","service":"github.com/tinkerbell/tink","version": "2h87714"}
Error: worker Finished with error: failed to get workflow context: rpc error:
code = Unavailable desc = connection error:
desc = "transport: authentication handshake failed: x509: certificate signed
by unknown authority"
Usage:
  tink-worker [flags]
 <more usage() stripped>

I tried several permutations in /etc/docker/certs.d - to no avail. Debugging certs via calling that directly, so from
the hook getty shell:
ctr -n services.linuxkit task exec -t --exec-id testit docker sh
docker login ...
docker run 192.168.56.4/tink-worker -i 1 -r 192.168.56.4 -u admin -p Admin1234 --tinkerbell-grpc-authority 192.168.56.4:42113

Also tried by storing the presented server cert on 192.168.56.4:443 in /etc/docker/certs.d under 192.168.56.4 and 192.168.56.4:443 to no avail.

from hook.

ok, this is gRPC and has nothing along docker certs. the ca.pem needs to be added to the tink-worker container FS (/etc/ssl/certs/ca-certificates.crt or extra /etc/ssl/certs/myveryca.pem -- both work).
Fiddling on how to build such an image....

from hook.

fallout from tinkerbell/tink#584

from hook.

fallout from tinkerbell/tink#584

Caused by that PR, or resolved by it?

from hook.

Caused.. I was able to rollback the image hashes used in the sandbox and there it works. More bits of diagnose and blister help in this issue tinkerbell/playground#133

from hook.

Hey @ylxxwx, quite a bit of change to Hook since you reported this. Mind trying with the latest commit?

from hook.

Please reopen if the issue still exists in the latest hook, thanks.

from hook.