Are there known issues using a .local domain in Rancher/Docker? I keep getting stack traces similar to Rancher upgrade to 1.3.3 not working on CentOs 7 when I run Catalog services.
I have seen problems when running Consul, Rancher-NFS, Rancher Secrets and Container Crontab.
Are there any workarounds besides using a .com/net domain? I don’t control the DNS infrastructure, so I can’t change the domain we are using.
.local is for multicast DNS and is not really a great idea to use in general. There’s a big red warning in the UI for this in something like 1.4+ on host registration URL settings.
It requires the client to send a multicast request to resolve the name (which will fail here, because it’s not really a mDNS name), and then the client can optionally also try to use their regular unicast resolver.
For Golang specifically (most of our microservices) this causes it to (correctly) change resolving behavior but in some cases (…not correctly…) panic with the way things are packaged.
This should have been fixed in 1.6 by recompiling everything with different flags, but I don’t know of any real-world user reports confirming that yet (probably because the big red warning remains).
Ok, I changed the registration URL to point to the IP instead of the .local domain. The SSL certificate has alternative names for the domain and IP.
Now when I try to register the agent, it complains that the hostname (IP) is not right, but the IP correct and is in the list of domains that don’t match!
user@cattle-01:~$ docker run -e CATTLE_AGENT_IP="10.102.50.60" --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.2 hhttps://10.102.50.12/v1/scripts/<***registration-key***>
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
INFO: Running Agent Registration Process, CATTLE_URL=https://10.3.238.204/v1
INFO: Attempting to connect to: https://10.3.238.204/v1
INFO: https://10.3.238.204/v1 is accessible
Traceback (most recent call last):
File "./resolve_url.py", line 9, in <module>
r = requests.get(url)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 70, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 56, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: hostname '10.102.50.12' doesn't match either of 'rancher.mydomain.local', '10.102.50.12'
curl: no URL specified!
curl: try 'curl --help' or 'curl --manual' for more information
ERROR: --- START ---
ERROR: --- END ---
ERROR: Failed to load registration env from CATTLE_URL=https://10.3.238.204/v1 ENV_URL=
ERROR: Please ensure the proper value for the Host Registration URL is set
It looks like this new issue is related to SNI.