Cannot add EC2 host with rancher/nginx but Rancher is accessible over HTTPS - SOLVED

cthiebault · April 12, 2017, 4:39pm

I’m running Rancher server with Nginx using docker-compose:

version: '2'

services:

  rancher-server:
    image: rancher/server:stable
    restart: always
    ports:    
      - "8080:8080"  # this is the only way to add new hosts :(
    expose:
      - "8080"
    volumes:
      - rancher-server:/var/lib/mysql

  nginx:
    image: nginx:1.11
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/rancher.conf:/etc/nginx/conf.d/rancher.conf:ro
      - ./ssl/cert.key:/etc/ssl/cert.key:ro
      - ./ssl/cert.crt:/etc/ssl/cert.crt:ro
    links:
      - rancher-server

volumes:
  rancher-server:
    driver: local

Here is my Nginx config:

upstream rancher {
  server rancher-server:8080;
}

server {
  listen 443 ssl http2;
  server_name rancher.company.com;

  ssl_certificate     /etc/ssl/cert.crt;
  ssl_certificate_key /etc/ssl/cert.key;

  location / {
    proxy_set_header  Host              $host;
    proxy_set_header  X-Forwarded-Proto $scheme;
    proxy_set_header  X-Forwarded-Port  $server_port;
    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Ssl   on;
    proxy_set_header  X-Real-IP         $remote_addr;

    proxy_pass  http://rancher;

    proxy_http_version  1.1;
    proxy_set_header    Upgrade     $http_upgrade;
    proxy_set_header    Connection  "Upgrade";

    # This allows the ability for the execute shell window to remain open for up to 15 minutes.
    # Without this parameter, the default is 1 minute and will automatically close.
    proxy_read_timeout 900s;
  }
}

# force https
server {
  listen 80;
  server_name rancher.company.com;
  return 301 https://$server_name$request_uri;
}

I’ve configured Rancher settings to use https address.
I’m able to access rancher with https.
I’m able to add a new EC2 host (default Ubuntu and RancherOS) but it fails with a message “Failed to find rancher-agent container”.
It seems that server/host communication is not working well. My EC security group allows everything for server & host.

When I configure Rancher settings to use http on 8080, I’m able to add new EC2 host.

I must have miss something in my nginx config but I cannot figure what

Thanks for your help

Here are the server logs:

time="2017-04-12T16:44:05Z" level=info msg="pulling rancher/agent:v1.2.2 image." 
time="2017-04-12T16:44:17Z" level=info msg="Container created for machine" containerId=a0fe070deffcd462dae62ae29111e1070eb482150c774d695e384416445d880e machineId=1ph7 resourceId=1ph7 
time="2017-04-12T16:45:18Z" level=error msg="Failed to find rancher-agent container" machineId=1ph7 resourceId=1ph7 
time="2017-04-12T16:45:18Z" level=error msg="Error processing event" err="Failed to find rancher-agent container" eventId=6d812d06-6902-4b67-b5f1-8d604d6cb5e9 eventName="physicalhost.bootstrap;handler=goMachineService" resourceId=1ph7 
2017-04-12 16:45:18,148 ERROR [6237860a-e5de-4cd3-8e3b-efa5726b24a0:664] [physicalHost:7] [physicalhost.bootstrap] [] [ecutorService-4] [c.p.e.p.i.DefaultProcessInstanceImpl] Agent error for [physicalhost.bootstrap.reply;handler=goMachineService]: Failed to find rancher-agent container 
2017-04-12 16:45:18,157 ERROR [:] [] [] [] [ecutorService-4] [.e.s.i.ProcessInstanceDispatcherImpl] Agent error for [physicalhost.bootstrap.reply;handler=goMachineService]: Failed to find rancher-agent container 
2017-04-12 16:45:22,270 ERROR [bfdef993-f82f-48f7-8dd2-f1639133c02b:665] [host:7] [host.provision] [] [ecutorService-5] [c.p.e.p.i.DefaultProcessInstanceImpl] Unknown exception io.cattle.platform.util.exception.ExecutionException: Failed to find rancher-agent container
  at io.cattle.platform.process.host.HostProvision.handle(HostProvision.java:77) ~[cattle-iaas-logic-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.runHandler(DefaultProcessInstanceImpl.java:470) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl$4.execute(DefaultProcessInstanceImpl.java:421) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl$4.execute(DefaultProcessInstanceImpl.java:415) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.idempotent.Idempotent.execute(Idempotent.java:42) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.runHandlers(DefaultProcessInstanceImpl.java:415) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.runLogic(DefaultProcessInstanceImpl.java:517) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.runWithProcessLock(DefaultProcessInstanceImpl.java:345) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl$2.doWithLockNoResult(DefaultProcessInstanceImpl.java:245) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.LockCallbackNoReturn.doWithLock(LockCallbackNoReturn.java:7) ~[cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.LockCallbackNoReturn.doWithLock(LockCallbackNoReturn.java:3) ~[cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl$3.doWithLock(AbstractLockManagerImpl.java:40) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.LockManagerImpl.doLock(LockManagerImpl.java:33) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.lock(AbstractLockManagerImpl.java:13) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.lock(AbstractLockManagerImpl.java:37) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.acquireLockAndRun(DefaultProcessInstanceImpl.java:242) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.runDelegateLoop(DefaultProcessInstanceImpl.java:184) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.executeWithProcessInstanceLock(DefaultProcessInstanceImpl.java:157) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl$1.doWithLock(DefaultProcessInstanceImpl.java:116) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl$1.doWithLock(DefaultProcessInstanceImpl.java:113) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl$3.doWithLock(AbstractLockManagerImpl.java:40) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.LockManagerImpl.doLock(LockManagerImpl.java:33) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.lock(AbstractLockManagerImpl.java:13) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.lock(AbstractLockManagerImpl.java:37) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.execute(DefaultProcessInstanceImpl.java:113) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.server.impl.ProcessInstanceDispatcherImpl.processExecuteWithLock(ProcessInstanceDispatcherImpl.java:117) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.server.impl.ProcessInstanceDispatcherImpl$1.doWithLock(ProcessInstanceDispatcherImpl.java:104) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.server.impl.ProcessInstanceDispatcherImpl$1.doWithLock(ProcessInstanceDispatcherImpl.java:101) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl$4.doWithLock(AbstractLockManagerImpl.java:50) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.LockManagerImpl.doLock(LockManagerImpl.java:33) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.tryLock(AbstractLockManagerImpl.java:25) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.tryLock(AbstractLockManagerImpl.java:47) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.server.impl.ProcessInstanceDispatcherImpl.execute(ProcessInstanceDispatcherImpl.java:101) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.server.ProcessInstanceReference.doRun(ProcessInstanceReference.java:58) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.NoExceptionRunnable.runInContext(NoExceptionRunnable.java:15) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:108) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_72]
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_72]
  at java.lang.Thread.run(Thread.java:745) [na:1.8.0_72]

2017-04-12 16:45:22,285 ERROR [:] [] [] [] [ecutorService-5] [.e.s.i.ProcessInstanceDispatcherImpl] Unknown exception running process [host.provision:665] on [7] io.cattle.platform.util.exception.ExecutionException: Failed to find rancher-agent container
  at io.cattle.platform.process.host.HostProvision.handle(HostProvision.java:77) ~[cattle-iaas-logic-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.runHandler(DefaultProcessInstanceImpl.java:470) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl$4.execute(DefaultProcessInstanceImpl.java:421) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl$4.execute(DefaultProcessInstanceImpl.java:415) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.idempotent.Idempotent.execute(Idempotent.java:42) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.runHandlers(DefaultProcessInstanceImpl.java:415) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.runLogic(DefaultProcessInstanceImpl.java:517) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.runWithProcessLock(DefaultProcessInstanceImpl.java:345) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl$2.doWithLockNoResult(DefaultProcessInstanceImpl.java:245) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.LockCallbackNoReturn.doWithLock(LockCallbackNoReturn.java:7) ~[cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.LockCallbackNoReturn.doWithLock(LockCallbackNoReturn.java:3) ~[cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl$3.doWithLock(AbstractLockManagerImpl.java:40) ~[cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.LockManagerImpl.doLock(LockManagerImpl.java:33) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.lock(AbstractLockManagerImpl.java:13) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.lock(AbstractLockManagerImpl.java:37) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.acquireLockAndRun(DefaultProcessInstanceImpl.java:242) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.runDelegateLoop(DefaultProcessInstanceImpl.java:184) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.executeWithProcessInstanceLock(DefaultProcessInstanceImpl.java:157) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl$1.doWithLock(DefaultProcessInstanceImpl.java:116) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl$1.doWithLock(DefaultProcessInstanceImpl.java:113) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl$3.doWithLock(AbstractLockManagerImpl.java:40) ~[cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.LockManagerImpl.doLock(LockManagerImpl.java:33) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.lock(AbstractLockManagerImpl.java:13) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.lock(AbstractLockManagerImpl.java:37) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.process.impl.DefaultProcessInstanceImpl.execute(DefaultProcessInstanceImpl.java:113) ~[cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.server.impl.ProcessInstanceDispatcherImpl.processExecuteWithLock(ProcessInstanceDispatcherImpl.java:117) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.server.impl.ProcessInstanceDispatcherImpl$1.doWithLock(ProcessInstanceDispatcherImpl.java:104) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.server.impl.ProcessInstanceDispatcherImpl$1.doWithLock(ProcessInstanceDispatcherImpl.java:101) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl$4.doWithLock(AbstractLockManagerImpl.java:50) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.LockManagerImpl.doLock(LockManagerImpl.java:33) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.tryLock(AbstractLockManagerImpl.java:25) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.lock.impl.AbstractLockManagerImpl.tryLock(AbstractLockManagerImpl.java:47) [cattle-framework-lock-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.server.impl.ProcessInstanceDispatcherImpl.execute(ProcessInstanceDispatcherImpl.java:101) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at io.cattle.platform.engine.server.ProcessInstanceReference.doRun(ProcessInstanceReference.java:58) [cattle-framework-engine-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.NoExceptionRunnable.runInContext(NoExceptionRunnable.java:15) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:108) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46) [cattle-framework-managed-context-0.5.0-SNAPSHOT.jar:na]
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_72]
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_72]
  at java.lang.Thread.run(Thread.java:745) [na:1.8.0_72]

cthiebault · April 18, 2017, 2:30pm

I found the problem: I was not using a chained certificate
http://nginx.org/en/docs/http/configuring_https_servers.html#chains

Maybe a small note about chained certificate could be added to documentation:
https://docs.rancher.com/rancher/v1.5/en/installing-rancher/installing-server/basic-ssl-config/#example-nginx-configuration

Topic		Replies	Views
Enabling https on Rancher Rancher 1.x	8	3091	April 11, 2017
Add host - https - cert issue Rancher 1.x	1	1243	August 8, 2018
Configure SSL on Rancher using Nginx	0	1052	December 10, 2018
Web app context for rancher Rancher 1.x	6	2277	May 9, 2018
How to upgrade Rancher agents to use SSL? Rancher 1.x	3	3899	June 28, 2018

Cannot add EC2 host with rancher/nginx but Rancher is accessible over HTTPS - SOLVED

Related topics