Open javadevmtl opened 7 years ago
yup. 17.06 doesn't work with any released RancherOS, I've a patch to fix it, but its not released yet.
Cool :)
RancherOS Version: (ros os version) 1.5.1
sudo system-docker version Client: Version: 17.06-ros6
Tried setting sudo ros engine docker-18.09.1 docker-18.09.2 docker-17.12.0-ce docker-17.12.1-ce
Where are you running RancherOS? (docker-machine, AWS, GCE, baremetal, etc.) baremetal
RancherOS loads and I can login
sudo system-docker ps
Shows the ros user-docker machine stuck in a reboot loop, but if I try to just run a regular docker user command it throws the error Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.38/containers/json?all=1: dial unix /var/run/docker.sock: connect: permission denied
I'm thinking it's possible this is tls related with my cloud config? But I'm not sure.
Edit: Removing this from my config fixed it.
docker: tls: true tls_args:
- "--tlsverify"
- "--tlscacert=/etc/docker/tls/ca.pem"
- "--tlscert=/etc/docker/tls/server-cert.pem"
- "--tlskey=/etc/docker/tls/server-key.pem"
- "-H=0.0.0.0:2376"
I'm going to try and clean the certs and do it again.
edit: docker --tlsverify could not read CA certificate "/home/docker/.docker/ca.pem": open /home/docker/.docker/ca.pem: no such file or directory
I moved the tls_args to that directory, but same issue.
@MikePadge Could you check /var/log/docker.log
after switching the engine.
I cannot reproduce:
[rancher@ip-172-31-14-0 ~]$ sudo ros -v
version v1.5.1 from os image rancher/os:v1.5.1
[rancher@ip-172-31-14-0 ~]$ sudo ros engine switch docker-17.12.1-ce
[rancher@ip-172-31-14-0 ~]$ docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 17.12.1-ce
@niusmallnan
Failed to create API server: Could not load X509 key pair (cert: "/etc/docker/tls/server-cert.pem", key: "/etc/docker/tls/server-key.pem"): open /etc/docker/tls/server-cert.pem: no such file or directory
Which is in line with what I found earlier. Declaring the following in my config didn't actually create the certs.
docker:
tls: true
tls_args:
- "--tlsverify"
- "--tlscacert=/etc/docker/tls/ca.pem"
- "--tlscert=/etc/docker/tls/server-cert.pem"
- "--tlskey=/etc/docker/tls/server-key.pem"
- "-H=0.0.0.0:2376"
Here's my full config
# Cloud-Config
hostname: P3X-984
rancher:
docker:
tls: true
tls_args:
- "--tlsverify"
- "--tlscacert=/etc/docker/tls/ca.pem"
- "--tlscert=/etc/docker/tls/server-cert.pem"
- "--tlskey=/etc/docker/tls/server-key.pem"
- "-H=0.0.0.0:2376"
storage_driver: overlay2
network:
interfaces:
eth0:
address: 10.16.0.6/24
gateway: 10.16.0.1
mtu: 1500
dhcp: false
dns:
nameservers:
- 1.1.1.1
- 9.9.9.9
ssh_authorized_keys:
- ssh pubkey
@MikePadge Did you try this? https://rancher.com/docs/os/v1.x/en/installation/configuration/setting-up-docker-tls/
@niusmallnan those configuration settings have always worked, I was under the impression, I could set them in the cloud-config, and have them auto apply to at least the localhost, but I see now that's not actually declared anywhere in my cloud-config.
Thank you.
RancherOS Version: (ros os version) 1.0.3
Where are you running RancherOS? (docker-machine, AWS, GCE, baremetal, etc.) Openstack.
Installed the Rancher OS fine. Log in as rancher by certificate... Run sudo ros engine switch https://raw.githubusercontent.com/rancher/os-services/master/d/docker-17.06.0-ce.yml
Then: docker version Client: Version: 17.06.0-ce API version: 1.30 Go version: go1.8.3 Git commit: 02c1d87 Built: Fri Jun 23 21:15:15 2017 OS/Arch: linux/amd64 Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.30/version: dial unix /var/run/docker.sock: connect: permission denied
And: sudo docker version Client: Version: 17.06.0-ce API version: 1.30 Go version: go1.8.3 Git commit: 02c1d87 Built: Fri Jun 23 21:15:15 2017 OS/Arch: linux/amd64 Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?