Hello,
We are using Docker Swarm (not Swarm Mode) and would like to setup our swarm to use a Compose.io hosted version of etcd for discovery. The Compose service requires TLS, and they do not make the CA certs, and public and private keys available. Contacting their support I was able to get them to send me the self-signed cert, and I found their CA cert online. I don’t have the private key though. So, I’m not certain that we can make Swarm work with Compose.io at all right now without this, but I still have questions and would like to have some better strategies here…
Here is what is happening:
docker run -v /path/to/certs:/ssl -p 4000:4000 swarm manage -H :4000 --replication --advertise 10.142.0.7:4000 --discovery-opt kv.cacertfile=/ssl/isrgrootx1.pem --discovery-opt kv.certfile=/ssl/our-cert.crt etcd://compose-user-name:compose-password@compose-host1:15674,compose-host2:15674/v2/keys
time="2017-04-12T22:37:59Z" level=info msg="Initializing discovery without TLS"
time="2017-04-12T22:37:59Z" level=info msg="Listening for HTTP" addr=":4000" proto=tcp
time="2017-04-12T22:37:59Z" level=info msg="Leader Election: Cluster leadership lost"
time="2017-04-12T22:38:00Z" level=error msg="Leader Election: watch leader channel closed, the store may be unavailable..."
time="2017-04-12T22:38:00Z" level=error msg="Discovery error: client: etcd cluster is unavailable or misconfigured"
time="2017-04-12T22:38:00Z" level=error msg="Discovery error: client: etcd cluster is unavailable or misconfigured"
time="2017-04-12T22:38:00Z" level=error msg="client: etcd cluster is unavailable or misconfigured"
Questions:
- Is there a way to get more info about what is happening here? No matter what I do I’m only seeing a generic “unavailable or misconfigured” error message.
- Why is it reporting
Initializing discovery without TLS
? Do I need to do more to enable TLS?