Hi,
I am trying to make use of the custom CA option for the rke-tools docker image to use when trusting our private CA certificate for S3. I want to setup recurring etcd-snapshots, but testing with the one-time etcd snapshot has shown me that the etcd-snapshot-once container is failing whenever I provide it with the custom CA to trust. Specifically, I am trying to execute this command:
rke etcd snapshot-save --config rancher-cluster.yaml --name test --s3 --folder snapshots --bucket-name rancher-bucket --s3-endpoint s3.xxx.yyy.zzz --s3-endpoint-ca ca.pem
The following is the output:
INFO[0000] Starting saving snapshot on etcd hosts
INFO[0000] [dialer] Setup tunnel for host [X.X.X.X]
INFO[0000] [dialer] Setup tunnel for host [Y.Y.Y.Y]
INFO[0000] [dialer] Setup tunnel for host [Z.Z.Z.Z]
INFO[0000] [etcd] Saving snapshot [test] on host [Z.Z.Z.Z]
INFO[0001] [etcd] Successfully started [etcd-snapshot-once] container on host [Z.Z.Z.Z]
INFO[0001] Waiting for [etcd-snapshot-once] container to exit on host [Z.Z.Z.Z]
INFO[0001] Container [etcd-snapshot-once] is still running on host [Z.Z.Z.Z]
INFO[0002] Waiting for [etcd-snapshot-once] container to exit on host [Z.Z.Z.Z]
FATA[0002] Failed to take one-time snapshot, exit code [1]:
I am using rke:v0.2.7 and rancher v2.2.6.
I have tried providing the CA certificate as a base64 encoded string but the command results in an error saying:
WARN[0000] Failed to read s3-endpoint-ca [${base64 encoded cert}]: failed to read certificate [${base64 encoded cert}]: open [${base64 encoded cert}]: file name too long
Can someone please tell me how I should be providing the value for the flag: --s3-endpoint-ca, and maybe any other useful information on the format of the CA certificate that I need to pass in? Perhaps I need to remove all the line breaks or something likewise?
Appreciate all the help,
Zach