Docker Community Forums

Share and learn in the Docker community.

Error adding nodes in UCP


(Garyld1962) #1

We are getting this error when trying to add a node in UCP

FATA[0084] Failed to add host to UCP: error from api: {“success”:false,“result”:null,“errors”:[{“code”:400,“message”:“missing parameter ‘certificate_request’”}],“messages”:[]}

any ideas?

Yhanks

Gary


(Vivek Saraswat) #2

Hi Gary, couple of things to check. More context is definitely helpful.

  • Can you display the node-join command you attempted to run?
  • Did you apply a valid license file prior to adding a node? UCP cannot join nodes without one.
  • I noticed a missing parameter around certificate requests. Are you using your own certs or the ones built into UCP? (If you made no changes it should be the built-in ones by default).
  • What does the docker logs look like for the UCP container when you get this error?

Thanks.


(Vijayramanan) #3

Hi Vivek

I work with Gary, replying to your comments.

  1. Can you display the node-join command you attempted to run?
    docker run --rm -it --name ucp -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/backup.tar:/backup.tar docker/ucp join -i --replica --fingerprint C2:C1:29:B0:2C:4F:D8:02:DE:45:3D:B0:F2:E1:DF:00:44:F2:4D:DB --external-server-cert --debug

  2. Did you apply a valid license file prior to adding a node? UCP cannot join nodes without one.
    Yes the UCP controller is fully setup with license and we are already using it to deploy containers

  3. I noticed a missing parameter around certificate requests. Are you using your own certs or the ones built into UCP? (If you made no changes it should be the built-in ones by default).

Custom Certs - and they have been transferred on a new volume as per instructions in the UCP installation page. Though I have tried this without custom certs in a fully new setup and failed with similar error

with the custom certs applied we now get the following error

DEBU[0007] Server cert(s) passed TOFU tests
DEBU[0007] Joining as a replica
DEBU[0007] Injecting user provided root CA cert/key pair
DEBU[0007] Injecting user supplied replica CA certs/keys
DEBU[0007] Failed to get CSR signed by UCP
FATA[0007] unexpected EOF

  1. What does the docker logs look like for the UCP container when you get this error?

I am not able to fire docker logs on the container as the container is not installed fully. Though a peep into /var/log/messages since this is a redhead box does not reveal much either.

Any help will be greatly appreciated.

Thanks,
Vijay


(Vijayramanan) #4

We were finally able to resolve this. Turns out this was due to root certificate chains that we had applied. We cleaned up the bench and just started over. Now we have a HA UCP cluster with 1 controller, 2 replicas, 2 UCP nodes and 1 DTR node