Skip to content
This repository has been archived by the owner on Feb 1, 2021. It is now read-only.

Swarm watch to local non-TLS etcd proxy mode with TLS etcd cluster fail #2365

Closed
qkboy opened this issue Jun 21, 2016 · 0 comments
Closed

Swarm watch to local non-TLS etcd proxy mode with TLS etcd cluster fail #2365

qkboy opened this issue Jun 21, 2016 · 0 comments

Comments

@qkboy
Copy link

qkboy commented Jun 21, 2016
edited
Loading

For security reason,I built three nodes TLS-enabled etcd cluster as swarm/docker kv backend.
But the libnetwork plugin just can connect to non-TLS etcd service.

So I follow this reference :https://coreos.com/etcd/docs/latest/etcd-live-http-to-https-migration.html.

If you typically connect to a remote etcd cluster, this is a good time to configure an etcd proxy that handles the remote connection and TLS termination, and to reconfigure your apps to communicate through the proxy on localhost.

I startup a local non-TLS etcd proxy as those service to use.
When I run swarm join or manage service , the first connection is sucess, the second and others are all error.

swarm manage:

[root@docker-node01 ~]# ./swarm manage -H :2476 --advertise docker-node01:2476 --replication --discovery-opt kv.disable_autosync=true --tlsverify --tlscacert=/etc/docker/certs.d/ca.pem --tlscert=/etc/docker/certs.d/docker-node01-member.pem --tlskey=/etc/docker/certs.d/docker-node01-member-key.pem etcd://localhost:2379              INFO[0000] Initializing discovery without TLS           
INFO[0000] Listening for HTTP                            addr=:2476 proto=tcp
INFO[0000] Leader Election: Cluster leadership lost     
INFO[0000] New leader elected: docker-contiv02.idc.vipshop.com:2476 
INFO[0000] Registered Engine docker-node02 at docker-node02:2376 
INFO[0000] Registered Engine docker-node01 at docker-node01:2376 
ERRO[0003] Discovery error: Unexpected watch error      
ERRO[0005] client: etcd cluster is unavailable or misconfigured 
ERRO[0005] Leader Election: watch leader channel closed, the store may be unavailable...

swarm join:

# ./swarm join --advertise=docker-node02:2376 etcd://localhost:2379
INFO[0000] Initializing discovery without TLS           
INFO[0000] Registering on the discovery service every 1m0s...  addr=docker-node02:2376 discovery=etcd://localhost:2379
INFO[0060] Registering on the discovery service every 1m0s...  addr=docker-node02:2376 discovery=etcd://localhost:2379
ERRO[0060] client: etcd cluster is unavailable or misconfigured 
INFO[0120] Registering on the discovery service every 1m0s...  addr=docker-node02:2376 discovery=etcd://localhost:2379
ERRO[0120] client: etcd cluster is unavailable or misconfigured

I think it may something like this issue:
etcd-io/etcd#3894

So how can I use like etcdctl --no-sync options in swarm ?
THX.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@justincormack @qkboy