Docker Community Forums

Share and learn in the Docker community.

Installing UCP aborts with certificate error


(Isaach) #1

I am trying to install UCP 2.1.8 on a docker 17.06.2-ee-8 swarm. The install aborts with

INFO[0014] Deploying UCP Service
ERRO[0152] Unable to successfully setup local node. Run “docker logs ucp-reconcile” for more details
FATA[0152] reconcile exited with non-zero status: 1

and log tells me

$ docker logs ucp-reconcile
{“level”:“info”,“msg”:“Configuring node as agent with the following SANs: [172.17.0.1 127.0.0.1 localhost 192.168.90.100 node-7301.acme.com 6v4h-wwg6-hxtz-hvow-6pgu-477m-braf-7t25-74fg-keqb-sy73-vf76 l]”,“time”:“2018-04-26T14:07:09Z”}
{“level”:“info”,“msg”:“Reconciling state of component Docker Proxy”,“time”:“2018-04-26T14:07:09Z”}
{“level”:“error”,“msg”:“unable to load certs from /var/lib/docker/ucp/ucp-node-certs - must regenerate: unable to verify certificate chain: x509: certificate signed by unknown authority (possibly because of “x509: ECDSA verification failure” while trying to verify candidate authority certificate “swarm-ca”)”,“time”:“2018-04-26T14:07:09Z”}

What did I miss?


(Isaach) #2

It turns out that my already existing swarm caused the trouble. I removed the swarm, then ucp could create its own swarm, and the CA sharing worked:

INFO[0000] Initializing a new swarm at 192.168.90.100
INFO[0018] Establishing mutual Cluster Root CA with Swarm