Open colindembovsky opened 7 years ago
@colindembovsky, we will look into it. Meanwhile can you please report this against https://github.com/Microsoft/VSTS-Docker for posterity purpose..
Also, can you please checkout suggestions on https://github.com/docker/compose/issues/3365
Hi @RoopeshNair - not sure how that article is supposed to help. I created the docker host using the azure cli which generates the certs as part of the command - is there a problem with the certs or a problem with docker-compose or a problem with the vsts task?
@colindembovsky I suspect certificate issue or python libraries pointing to homebrew openssl.
Here is one which has similar issues reported by multiple users https://github.com/docker/compose/issues/890
@RoopeshNair I'm using the microsoft/vsts-agent image to run the release (which in turn runs the docker and docker-compose commands). Is there some environment setting I can set on the docker-compose task that will make this work? I can't even get this command to work locally unless I pass the certs to docker-compose explicitly.
@colindembovsky You dont need to pass --tls or --tlsverify option in the docker-config path as the task already sets DOCKER_TSL_VERIFY environment varaible. I debugged docker-compose and docker-py library and verified that if you pass any flag --tls or --tlsverify flag it tries to create tslConfig object out of options and not from environment and hence either ca_cert object or verify is none in TFSConfig file. You can use the task without using these flags. Check the variable getting set here https://github.com/Microsoft/vsts-docker/blob/cdccda9323abe8e861d0891f03922d0e3f8fd8d1/src/tasks/dockerCompose/dockerComposeConnection.ts Let me know if you need more details.
I have created a release with a several docker tasks. I have an endpoint to a docker host machine. I am able to run docker commands successfully (like docker run) against the docker host. However, the
docker-compose up
commands fail with ERROR: SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661). (In the task I'm using the "Run Services" action).I can repro this on my client machine by running
docker-compose ps
against the same host - I get the cert error. However, if I specify the tls settings explicitly like this:then the command succeeds. Is there some issue with the environment variables that the task is using to run docker-compose up?