Rancher agent registration failing

I am setting up a private network of 3 VMs (1 rancher agent + 2 nodes) on my workstation using vagrant and docker provisioning.

Here is the Vagrantfile used:

    Vagrant.configure("2") do |config|
    config.vm.define "lb", primary: true do |lb|
      lb.vm.box = "ubuntu/xenial64"
      lb.vm.synced_folder ".", "/vagrant", disabled: true
      lb.vm.hostname = "server.node.test.com"
      lb.vm.synced_folder "../somefolder/", "/workspace"
      lb.vm.network :private_network, ip: ""
      lb.vm.provider "virtualbox" do |vb|
        vb.memory = "2048"
        vb.cpus = "2"
      lb.vm.provision "docker" do |dock|
        dock.run "rancher/server",
        args: "-v '/workspace:/workspace' -p 8080:8080"
        (1..2).each do |i|
        config.vm.define "esnode#{i}" do |esnode|
          esnode.vm.box = "ubuntu/xenial64"
          esnode.vm.synced_folder ".", "/vagrant", disabled: true
          esnode.vm.hostname = "client#{i}.node.test.com"
          esnode.vm.network :private_network, ip: "{i}"
          # esnode.vm.network "forwarded_port", guest: 80, host: "808#{i}"
          esnode.vm.provider "virtualbox" do |vb|
            vb.memory = "2048"

Direct docker provisioning for the two hosts fails (but that’s another issue).

Once the nodes are provisioned, I am trying to register the rancher agent e.g. on esnode1 via:

sudo docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.6


INFO: Running Agent Registration Process, CATTLE_URL=
INFO: Attempting to connect to:
ERROR: is not accessible (The requested URL returned error: 404 Not Found)

But …


does work and returns a json response with the api details.

What could be wrong?

I am new to Rancher and linux certificates. Trying to run agent registration with SSL under V. 1.6.16, which is server:stable.

Keep getting this error:
INFO: Running Agent Registration Process, CATTLE_URL=https://:8080/v1
INFO: Attempting to connect to: https://:8080/v1
ERROR: https://:8080/v1 is not accessible (server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none)

So here is the setup after reading several posts on same subject.

  • This is CentOS 7
  • Start command line: docker run -d --restart=unless-stopped -p 8080:8080 -v /etc/ssl/certs/rancher.crt:/var/lib/rancher/etc/ssl/ca.crt rancher/server
  • So created a self signed certificate with a self created random key and put it under /etc/ssl/certs/rancher.crt, CN used was hostname, which happens to be - svdcpm1008.nms.fnc.fujitsu.com (also tried just svdcpm1008)
  • Did not do any of the update-ca-trust stuff, not yet, so certificate file has just one certificate
  • Copied same file to agent host - /var/lib/rancher/etc/ssl/.
  • Access Control is turned on (local)

Get the above error with agent registration URL with https, with http it goes through

Have looked at all kinds of documentation and specifically - https://rancher.com/docs/rancher/v1.6/en/installing-rancher/installing-server/basic-ssl-config/, I am new to linux certificates and hate them :slight_smile: some questions:

  • Prereq is CA certificate in PEM format, I am assuming this is self generated singular certificate with .crt extension (.pem not required, do I have to change extension)
  • Prereq is signed by CA for Rancher Server, what is that, where is this so called certificate, what is command line to sign my certificate with this certificate
  • An instance of NGINX server…to terminate… I just started server using above command line did not install anything else, do I have to (I did try adding --name=rancher-server to command line did not help)
  • I do not see any directory /var/lib/rancher on my server host, find that weird
  • I do see /var/lib/cattle/logs inside the container, is this where server log file are
  • Sometimes I see a file host.key in one of the sub-directories, is this file needed for above registration, why is it generated

Any help appreciated.