Rancher across VPN

jjrp78 · May 31, 2016, 8:00am

Hi all. Im in the need for some help.
I and deploying rancher on AWS. the rancher server is in the region eu-1a. It is in a private subnet i.e. does not have a public ip.

The vpc where my server is hosted is joined to a second VPC in the region us-east-1. (VPC is openswan)

Adding a host on the same subnet than the server works fine. But adding a host on the other VPC (us-east-1) doesnt.

I have checked already and all networking seems to be working fine. I can ping servers across regions, security groups have all tcp and udp ports open, from the host Im trying to add I can curl the rancher server but it just wont work.

Manually adding a host looks like this:

INFO: Running Agent Registration Process, CATTLE_URL=http://rancher01.amersportsdigital.com:8080/v1
INFO: Checking for Docker version >= 1.6.0
INFO: Found Server version: 1.9.1
INFO: docker version: Client version: 1.6.0
INFO: docker version: Client API version: 1.18
INFO: docker version: Go version (client): go1.4.2
INFO: docker version: Git commit (client): 4749651
INFO: docker version: OS/Arch (client): linux/amd64
INFO: docker version: Server version: 1.9.1
INFO: docker version: Server API version: 1.21
INFO: docker version: Go version (server): go1.4.2
INFO: docker version: Git commit (server): a34a1d5/1.9.1
INFO: docker version: OS/Arch (server): linux/amd64
INFO: docker info: Containers: 5
INFO: docker info: Images: 15
INFO: docker info: Storage Driver: devicemapper
INFO: docker info: Pool Name: docker-202:1-263649-pool
INFO: docker info: Pool Blocksize: 65.54 kB
INFO: docker info: Base Device Size: 107.4 GB
INFO: docker info: Backing Filesystem: xfs
INFO: docker info: Data file: /dev/loop0
INFO: docker info: Metadata file: /dev/loop1
INFO: docker info: Data Space Used: 895.8 MB
INFO: docker info: Data Space Total: 107.4 GB
INFO: docker info: Data Space Available: 14.57 GB
INFO: docker info: Metadata Space Used: 1.81 MB
INFO: docker info: Metadata Space Total: 2.147 GB
INFO: docker info: Metadata Space Available: 2.146 GB
INFO: docker info: Udev Sync Supported: true
INFO: docker info: Deferred Removal Enabled: false
INFO: docker info: Deferred Deletion Enabled: false
INFO: docker info: Deferred Deleted Device Count: 0
INFO: docker info: Data loop file: /var/lib/docker/devicemapper/devicemapper/data
INFO: docker info: Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
INFO: docker info: Library Version: 1.02.93-RHEL7 (2015-01-28)
INFO: docker info: Execution Driver: native-0.2
INFO: docker info: Kernel Version: 4.4.8-20.46.amzn1.x86_64
INFO: docker info: Operating System: Amazon Linux AMI 2016.03
INFO: docker info: CPUs: 1
INFO: docker info: Total Memory: 995.4 MiB
INFO: docker info: Name: ip-172-31-71-202
INFO: docker info: ID: 4UKJ:3RA4:XHJW:74UL:YM6E:ZCEY:X7SC:HZ6X:7ZR3:LFRP:Y2G3:RPHX
INFO: docker info: Http Proxy:
INFO: docker info: Https Proxy:
INFO: docker info: No Proxy:
INFO: Attempting to connect to: http://rancher01.amersportsdigital.com:8080/v1
INFO: http://rancher01.amersportsdigital.com:8080/v1 is accessible
INFO: Inspecting host capabilities
INFO: System: false
INFO: Host writable: true
INFO: Token: xxxxxxxx
INFO: Running registration
INFO: Printing Environment
INFO: ENV: CATTLE_ACCESS_KEY=4B737B9B1033E847C54F
INFO: ENV: CATTLE_AGENT_IP=172.31.4.224
INFO: ENV: CATTLE_HOME=/var/lib/cattle
INFO: ENV: CATTLE_REGISTRATION_ACCESS_KEY=registrationToken
INFO: ENV: CATTLE_REGISTRATION_SECRET_KEY=xxxxxxx
INFO: ENV: CATTLE_SECRET_KEY=xxxxxxx
INFO: ENV: CATTLE_SYSTEMD=false
INFO: ENV: CATTLE_URL=http://rancher01.amersportsdigital.com:8080/v1
INFO: ENV: DETECTED_CATTLE_AGENT_IP=172.31.4.224
INFO: ENV: RANCHER_AGENT_IMAGE=rancher/agent:v1.0.1
INFO: Deleting container rancher-agent
INFO: Launched Rancher Agent: b21e202dc538b67c2cebdf8156860c46162c1c9d0710163521896d766097ee0a

and then it never shows up in the rancher hosts. If added through the AWS API it gets stuck copying the certificates.

Any ideas of how to trouble shoot?

leodotcloud · June 2, 2016, 6:15am

Some of the things to check:

Can you SSH from the host to rancher01.amersportsdigital.com?
Are the ports opened in both the Security groups? server and host?
Can you do curl http://rancher01.amersportsdigital.com:8080 on the host?

jjrp78 · June 2, 2016, 6:38am

yes all of those are doable
very strange issue. I ended up taking down the rancher server and creating it again, same security groups and it just worked. I guess we’ll never know

But thanks for the help !

leodotcloud · June 2, 2016, 6:23pm

Glad it worked. Let us know if you see any issue in future.

Topic		Replies	Views
Cross host container linking doesn't work (AWS) Rancher 1.x	3	1259	January 11, 2016
Rancher Hybrid AWS and Private - VPN not established Rancher 1.x	2	1244	July 7, 2017
Rancher unable to find vpc/subnets when adding host on AWS	1	1119	January 3, 2018
Rancher Server and hosts on AWS - cannot create host Rancher 1.x	5	1193	August 10, 2017
Rancher Cross AWS VPC Management Rancher 1.x	5	2003	March 30, 2017

Rancher across VPN

Related topics