Docker Community Forums

Share and learn in the Docker community.

Installing UCP aborts with certificate error

(Isaach) #1

I am trying to install UCP 2.1.8 on a docker 17.06.2-ee-8 swarm. The install aborts with

INFO[0014] Deploying UCP Service
ERRO[0152] Unable to successfully setup local node. Run “docker logs ucp-reconcile” for more details
FATA[0152] reconcile exited with non-zero status: 1

and log tells me

$ docker logs ucp-reconcile
{“level”:“info”,“msg”:“Configuring node as agent with the following SANs: [ localhost 6v4h-wwg6-hxtz-hvow-6pgu-477m-braf-7t25-74fg-keqb-sy73-vf76 l]”,“time”:“2018-04-26T14:07:09Z”}
{“level”:“info”,“msg”:“Reconciling state of component Docker Proxy”,“time”:“2018-04-26T14:07:09Z”}
{“level”:“error”,“msg”:“unable to load certs from /var/lib/docker/ucp/ucp-node-certs - must regenerate: unable to verify certificate chain: x509: certificate signed by unknown authority (possibly because of “x509: ECDSA verification failure” while trying to verify candidate authority certificate “swarm-ca”)”,“time”:“2018-04-26T14:07:09Z”}

What did I miss?

(Isaach) #2

It turns out that my already existing swarm caused the trouble. I removed the swarm, then ucp could create its own swarm, and the CA sharing worked:

INFO[0000] Initializing a new swarm at
INFO[0018] Establishing mutual Cluster Root CA with Swarm