-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue when uploading endpoint TLS files #768
Comments
Thanks for opening that issue, unfortunately I'm not able to reproduce all the cases. There is a bug with the endpoint-init wizard at the moment when trying to define a remote endpoint with TLS and I'm working on fixing that, you can track the evolution here: #782
As this error is raised after choosing the creation of a remote TLS endpoint, I'd say it's related to Portainer not being able to transmit a correct endpoint ID with the HTTP query, that would lead to the creation of the I'm wondering if this could be related to the Windows platform as I've already seen filesystem issues with the Go file library before. Would it be possible for you to try it on another platform to confirm that? I was able to reproduce the last issue (C) and will push a fix for that soon. You can track the evolution here: #781 |
I will install it on my VPS and see if the error occurs there as well. Once I know more I will let you know. |
Looks like you are right, on my Linux VPS Version B is not reproducible. This might really be a Windows exclusive bug. |
Interesting, what about Version A ? |
Sorry, forgot to mention that because of #782. |
I'm sorry but this doesn't look like it's Windows specific at all. I have same problems on Linux when trying to add remote endpoints protected with TLS. First this:
Then I tried to fool it by deleting tls folder, only to get this:
Then I deleted everything in data volume and restarted the container, to try from scratch, after entering all info again. now it blocks on clicking "Connect" button. Clicked a few more times, gave up, clicked on the local again, suddenly I'm in and have 4 endpoints (all those clicks that did nothing...), and actually I'm connected to remote endpoint?! So, with a lot of clicking, restarts, deletia - it worked! But, it's a mess... |
Oh, great news! Although I somehow managed to add 4 more endpoints in the meantime, no problem at all. :) Thank you for this very neat utility @deviantony! |
Quick summary on this issue, the problem is the following on the Windows platform: Version B using endpoint-settings: Start the container and mount the data-volume and local socket: docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v D:\Docker\portainer-config:/data --name portainer portainer/portainer |
I'm having this exact same issue using portainer/portainer:1.14.3 running on Ubuntu 16.04 LTS. I'm getting the below error:
When I look in /data/tls/14, I see only two files created: ca.pem and key.pem. If I manually add the third missing file and then reload the GUI, it works. |
@GetchaDEAGLE could you paste the full container logs here? Also, could you give us some reproduction steps? |
@deviantony, I will paste the logs when I get access to the server again and provide further details. Stay tuned. |
ping @GetchaDEAGLE |
@deviantony, I'm sorry to say that the server was redeployed and we lost the logs but the persistent data from the volume is still intact. As mentioned in my previous comment, from within the UI, adding an endpoint and uploading the cert files is what causes the issue. The data is being persisted to a network share via NFS v4. I don't believe anything special has been done to the permissions on the files/folders for the volume. After the error occurs, adding the files manually to the volume solves the problem. If I gather anything else that could be useful I'll let you know. Also, sorry for the delay as I just had a baby and was down for awhile. |
Hey @GetchaDEAGLE, so you are still having this issue? What about using the latest version of Portainer? PS: Congratulations ! :-) |
I'm not having the issue anymore after performing the workaround. I'll report back if the problem happens again. Thanks for your help. |
Having the exact same issue as @GetchaDEAGLE |
@r3pek could you give us some details about your env? Platform & docker version at least. |
@deviantony sure. # docker --version Running in swarm mode with 2 nodes. Portainer installed as a service with a custom made docker-compose.yml and /data of the container image pointing to an NFS share. |
@r3pek thanks, will investigate and see if I can reproduce. |
@deviantony btw, this is what's in the logs of the container: Seems like you're trying to create the directory 18/ again on file upload, erroring out if mkdir fails. |
Thanks for that last comment, it's probably what I thought and related to NFS. The HTTP handler calls the Which will try to create the It seems that the directory check for existence is failing when the underlying filesystem is using NFS: https://github.com/portainer/portainer/blob/develop/api/filesystem/filesystem.go#L211-L222 Might be an issue with Go, I'll search if there is an existing issue open related to os.Stat and NFS. EDIT: I'm thinking that switching from |
Remember, if you are using NFS with Docker volumes, you MUST have "root squash” enabled on your NFS backend.
|
"MUST" ? For services running as root on the container? |
Yeah, dockerd is running as root. |
@r3pek could you try with the image |
@deviantony confirmed working |
Thanks for the feedback @r3pek, will merge. |
@deviantony Exact same scenario: create endpoint, upload tls, the creation of the endpoint hangs with:
But then I refresh the page and it is there; however, trying to connect to the endpoint gives me the |
@ianseyer I'm unable to reproduce this. Care to share more details so that we can try to reproduce? |
Description
Adding a new TLS-endpoint using the GUI seems to be a bit buggy at the moment and will create endpoints without the necessary TLS-files or will not upload the files.
Steps to reproduce the issue:
Version A using wizard:
docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v D:\Docker\portainer-config:/data --name portainer portainer/portainer
Version B using endpoint-settings:
docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v D:\Docker\portainer-config:/data --name portainer portainer/portainer
Version C using endpoint-settings:
docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v D:\Docker\portainer-config:/data --name portainer portainer/portainer
Any other info e.g. Why do you consider this to be a bug? What did you expect to happen instead?
Technical details:
The text was updated successfully, but these errors were encountered: