search

balena-io / balena-cli

The official balena CLI tool.
Apache License 2.0
455 stars 141 forks source link

resin build / deploy issue with key file #562

Closed imrehg closed 6 years ago

imrehg commented 7 years ago

When using TLS CA/cert/key files, get an Error: error:0906D06C:PEM routines:PEM_read_bio:no start line error instead of the call properly authenticating with the remote Docker service

Here's the command running

DEBUG=1 resin deploy <project> \
    --build \
    --source . \
    --dockerHost <host> \
    --dockerPort <port> \
        --ca ca.pem \
    --cert cert.pem \
        --key key.pem

The output:

[Debug]   Connecting with the following options:
[Debug]   {
[Debug]     "host": "<host>",
[Debug]     "port": <port>,
[Debug]     "ca": "ca.pem",
[Debug]     "cert": "cert.pem",
[Debug]     "key": "key.pem"
[Debug]   }
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Object.createSecureContext (_tls_common.js:89:17)
    at Object.exports.connect (_tls_wrap.js:1038:48)
    at Agent.createConnection (https.js:105:22)
    at Agent.createSocket (_http_agent.js:222:26)
    at Agent.addRequest (_http_agent.js:184:10)
    at new ClientRequest (_http_client.js:272:16)
    at Object.request (http.js:39:10)
    at Object.request (https.js:233:15)
    at Object.request (/usr/lib/node_modules/resin-cli/node_modules/agent-base/patch-core.js:52:20)
    at h.request (/usr/lib/node_modules/resin-cli/node_modules/docker-modem/lib/http.js:51:52)
    at Modem.buildRequest (/usr/lib/node_modules/resin-cli/node_modules/docker-modem/lib/modem.js:173:33)
    at Modem.dial (/usr/lib/node_modules/resin-cli/node_modules/docker-modem/lib/modem.js:168:8)
    at Docker.buildImage (/usr/lib/node_modules/resin-cli/node_modules/resin-docker-build/node_modules/dockerode/lib/docker.js:199:14)
    at Docker.tryCatcher (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/util.js:16:23)
    at Docker.ret [as buildImageAsync] (eval at makeNodePromisifiedEval (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promisify.js:184:12), <anonymous>:13:39)
    at Builder.createBuildStream (/usr/lib/node_modules/resin-cli/node_modules/resin-docker-build/build/builder.js:55:26)
    at /usr/lib/node_modules/resin-cli/build/utils/docker.js:219:22
    at Promise._execute (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/debuggability.js:300:9)
    at Promise._resolveFromExecutor (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:483:18)
    at new Promise (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:79:10)
    at /usr/lib/node_modules/resin-cli/build/utils/docker.js:162:12
    at tryCatcher (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:512:31)
    at Promise._settlePromise (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:569:18)
    at Promise._settlePromise0 (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:614:10)
    at Promise._settlePromises (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:693:18)
    at Promise._fulfill (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:638:18)
    at Promise._resolveCallback (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:432:57)
    at Promise._settlePromiseFromHandler (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:524:17)
    at Promise._settlePromise (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:569:18)
    at Promise._settlePromise0 (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:614:10)
    at Promise._settlePromises (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:693:18)
    at Promise._fulfill (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:638:18)
    at MappingPromiseArray.PromiseArray._resolve (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise_array.js:126:19)
    at MappingPromiseArray._promiseFulfilled (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/map.js:101:18)
    at Promise._settlePromise (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:574:26)
    at Promise._settlePromise0 (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:614:10)
    at Promise._settlePromises (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:693:18)
    at Promise._fulfill (/usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/promise.js:638:18)
    at /usr/lib/node_modules/resin-cli/node_modules/bluebird/js/release/nodeback.js:42:21
    at _combinedTickCallback (internal/process/next_tick.js:95:7)
    at process._tickDomainCallback (internal/process/next_tick.js:198:9)

If you need help, don't hesitate in contacting us at:

  GitHub: https://github.com/resin-io/resin-cli/issues/new
  Forums: https://forums.resin.io

[Info]    Building Standard Dockerfile project

(the keys are fine as openssl s_client -connect <host>:<port> -cert cert.pem -key private.key can connect to the server)

CameronDiver commented 7 years ago

There is a disconnect between the way that the remote API and docker command line work, where on the command line the CA files are passed using filename, whereas the remote API expects strings. PR incoming.

pimterry commented 6 years ago

@CameronDiver I just found this while trawling CLI issues. Looks like it was resolved a year ago. Sound right? I'm going to assume so and close for now, but shout if I'm wrong.

CameronDiver commented 6 years ago

@pimterry yes this was fixed - must've missed this issue. Thanks!