Giter VIP home page Giter VIP logo

Comments (7)

andyshinn avatar andyshinn commented on July 19, 2024

That is the Hashicorp Checkpoint service (http://checkpoint.hashicorp.com/). It is actually something more specific to Consul itself. But the error could be because this particular image has no SSL root CAs in it.

from docker-consul.

lgs avatar lgs commented on July 19, 2024

@andyshinn
great, thank you for clarifying

from docker-consul.

JeanMertz avatar JeanMertz commented on July 19, 2024

I just ran into this warning as well.

Regarding:

But the error could be because this particular image has no SSL root CAs in it.

Should the ca-certificates (or more specifically, the apt-get call) be added to this Docker repo to resolve this issue?

from docker-consul.

andyshinn avatar andyshinn commented on July 19, 2024

A quick test shows that there is probably a little more needed than just install ca-certificates:

$ dri --entrypoint sh progrium/consul
/ # opkg-install libopenssl ca-certificates
Downloading http://downloads.openwrt.org/snapshots/trunk/x86_64/packages/base/Packages.gz.
Inflating http://downloads.openwrt.org/snapshots/trunk/x86_64/packages/base/Packages.gz.
Updated list of available packages in /var/opkg-lists/base.
Downloading http://downloads.openwrt.org/snapshots/trunk/x86_64/packages/packages/Packages.gz.
Inflating http://downloads.openwrt.org/snapshots/trunk/x86_64/packages/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/packages.
Installing libopenssl (1.0.1j-3) to root...
Downloading http://downloads.openwrt.org/snapshots/trunk/x86_64/packages/base/libopenssl_1.0.1j-3_x86_64.ipk.
Installing zlib (1.2.8-1) to root...
Downloading http://downloads.openwrt.org/snapshots/trunk/x86_64/packages/base/zlib_1.2.8-1_x86_64.ipk.
Installing ca-certificates (20141019) to root...
Downloading http://downloads.openwrt.org/snapshots/trunk/x86_64/packages/base/ca-certificates_20141019_x86_64.ipk.
Configuring ca-certificates.
Configuring zlib.
Configuring libopenssl.
/ # export SSL_CERT_DIR=/etc/ssl/certs
/ # curl "https://checkpoint-api.hashicorp.com/v1/check/consul?arch=amd64&os=linux&signature=c874b96b-027e-f6be-1ec4-3d28feebf641&version=0.4.1"
{"product":"consul","current_version":"0.4.1","current_release":1413568929,"current_download_url":"http://www.consul.io/downloads.html","current_changelog_url":"https://github.com/hashicorp/consul/blob/v0.4.1/CHANGELOG.md","project_website":"http://www.consul.io","alerts":[]}/ #
/ # /bin/start
==> WARNING: It is highly recommended to set GOMAXPROCS higher than 1
==> Starting Consul agent...
==> Starting Consul agent RPC...
==> Consul agent running!
         Node name: '5368e29a2557'
        Datacenter: 'dc1'
            Server: false (bootstrap: false)
       Client Addr: 0.0.0.0 (HTTP: 8500, DNS: 53, RPC: 8400)
      Cluster Addr: 172.17.0.7 (LAN: 8301, WAN: 8302)
    Gossip encrypt: false, RPC-TLS: false, TLS-Incoming: false

==> Log data will now stream in as it occurs:

    2014/12/15 17:24:21 [INFO] serf: EventMemberJoin: 5368e29a2557 172.17.0.7
    2014/12/15 17:24:21 [ERR] agent: failed to sync remote state: No known Consul servers
    2014/12/15 17:24:41 [ERR] agent: failed to sync remote state: No known Consul servers
==> Failed to check for updates: Get https://checkpoint-api.hashicorp.com/v1/check/consul?arch=amd64&os=linux&signature=872af0d7-b388-9ebf-ab30-f348dd3fbabc&version=0.4.1: x509: failed to load system roots and no roots provided

There is probably a known place Consul is looking for root CA certs. But I'm not sure where that is yet.

from docker-consul.

JeanMertz avatar JeanMertz commented on July 19, 2024

@andyshinn this might be of interest (75% down):

Also, some Go applications make external calls to SSL endpoints, which will fail with the following error when running from the scratch image:

x509: failed to load system roots and no roots provided

The reason for this is that on Linux systems the tls package reads the root CA certificates from /etc/ssl/certs/ca-certificates.crt, which is missing from the scratch image. The Contributors app gets around this problem by bundling a copy of the root CA certificates and configuring outbound calls to use them.

However, also see moby/moby#5157. This might actually be a bug.

from docker-consul.

skippy avatar skippy commented on July 19, 2024

@progrium can we re-open this one until it is resolved?

from docker-consul.

skippy avatar skippy commented on July 19, 2024

nm; I see #28

from docker-consul.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.