cadvisor on mesos with ssl

[jomach]

Hi everyone,

It seems that there is no documentation (or probably is not implemented) that the cadvisor cannot speak with mesos slaves if the following environment vars are set on mesos agent.

Environment=LIBPROCESS_SSL_ENABLED=true
Environment=LIBPROCESS_SSL_SUPPORT_DOWNGRADE=false
Environment=LIBPROCESS_SSL_CIPHERS=AES128-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA
Environment=LIBPROCESS_SSL_KEY_FILE=/etc/ssl/private/server_2048.key
Environment=LIBPROCESS_SSL_CERT_FILE=/etc/ssl/server.crt

I always get:

W0729 15:20:39.614966 17621 process.cpp:903] Failed to accept socket: Failed accept: connection error: error:1408F09C:SSL routines:ssl3_get_record:http request
W0729 15:20:39.615309 17621 process.cpp:903] Failed to accept socket: Failed accept: connection error: error:1408F09C:SSL routines:ssl3_get_record:http request

Is this known and documented how to fix it?

[dashpole]

cc @sashankreddya

[jomach]

I'm not a go programmer but I think I found the issue here (Or it should be handled my the httpcli from mesos-go lib):

 func Client() (mesosAgentClient, error) {
    mesosClientOnce.Do(func() {
        // Start Client
        apiURL := url.URL{
            Scheme: "http",
            Host:   *MesosAgentAddress,
            Path:   "/api/v1",
        }
        mesosClient = &client{
            hc: httpcli.New(
                httpcli.Endpoint(apiURL.String()),
                httpcli.Codec(codecs.ByMediaType[codecs.MediaTypeProtobuf]),
                httpcli.Do(httpcli.With(httpcli.Timeout(*MesosAgentTimeout))),
            ),
        }
    })

under container/mesos/client.go. Update: I tried to patch it with adding https to the scheme same problem. It can be that the lib mesos-go is the problem. I asked for help here https://github.com/mesos/mesos-go/issues/377