-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VCH created by wizard docker endpoint and admin portal unavailable: docker persona hangs #6978
Comments
Tried to re-create several more times with CLI command, some of the CLI create processes failed with EOF when uploading isos to datastore:
Then it hangs:
Have seen the same failure multiple times in nightly #6933 |
Video capture of the process by @pdaigle : |
Needs a priority - putting in Not Ready. |
The only thing that I could think of that has changed is that we are now using the datacenter specific endpoint: {vc_ip}/datacenter/{datacenter_ip}/vch/ I tried reverting back to using the previous endpoint: {vc_ip}/vch/ And I was able to create a vch that responded to docker info: docker -H 10.192.120.215:2376 --tls info Using the datacenter specific endpoint this consistently failed. |
However, I was seeing the ‘incorrect username or password’ error consistently (same thing we were seeing with the datacenter specific endpoint initially) until i turned off secure access. So that may be something to investigate also. |
@AngieCris @jak-atx is this issue due to a regression from a recent change? I'm not familiar with the creation wizard's code and I'm trying to understand why running the From @pdaigle's video, I couldn't see that the
@jak-atx Do you mean the tls settings for the VCH in the wizard? |
@anchal-agrawal this appears to be a regression. We recently changed the api endpoint the wizard posts to. when I revert to use the previous endpoint it works (if i turn off the tls verify in the wizard settings, which may be an unrelated issue specific to that enpoint). |
@anchal-agrawal I'm not very familiar how portlayer works...Do you happen to have an idea for the possible reasons why portlayer is getting this error: (or have you seen it before)
What could cause a 400 Bad Request? Could it be an incorrect auth (that would more possibly be a 401)? |
@AngieCris that error is returned while creating a govmomi session here: vic/lib/apiservers/portlayer/restapi/configure_port_layer.go Lines 90 to 92 in 42136bf
We don't have more granular logs, but based on the error message I suspect the error is originating from vic/pkg/vsphere/session/session.go Lines 168 to 170 in 42136bf
The 400 response is odd if
If the user/pass are invalid, we'd get the Some questions:
|
@anchal-agrawal thanks for the update.
I think so, at least in @jak-atx 's case it's reproduce-able. If you have the most recent rc4 appliance deployed, and a Nimbus multi-dc VC, and the wizard plugin installed on the VC, you can try using the create wizard to deploy a VCH with all the minimal settings, and try to do a docker info and connect to admin portal when the endpoints become available.
When the VCH is created from the wizard, it's using API create endpoint, not the CLI |
@anchal-agrawal we are sending the same payload that worked with RC3 so that shouldn't be an issue. Also UI sends a vSphere SessionTicket to authenticate, that vic-machine cli does require. There seems to have been some session related updates in this PR (related to datacenter endpoint): |
Root cause identified with help from @hickeng : The
Here we see the VC_URL is On the code side, the CLI provides the full target URL, both host and path, and later on validator strips away the path part of the URL. On the API side, we set the path to datacenter mo inventory path, so the path is included in the target URL and goes into VCH config. PR up: #6994 |
Details
Create a VCH with the wizard, wait after docker endpoint and admin portal to come up. Once they're available, connecting to docker endpoint via
docker -H VCH_IP:2376 --tls info
gives:Cannot connect to the Docker daemon at tcp://10.192.124.47:2375. Is the docker daemon running?
Also, the admin portal cannot authenticate.
Deploy again with the generated CLI command, it succeeds and the VCH is up and running (docker endpoint and admin portal both work alright).
The generated CLI command:
Logs
From the docker-persona logs, portlayer never comes up, so the persona hangs waiting for portlayer:
Portlayer gives bad request trying to connect:
The log bundle:
vch_logs_20171218.zip
Since the CLI works, there's probably something in the API that caused this error, might be related to network configuration.
Cc: @zjs
The text was updated successfully, but these errors were encountered: