我在测试 docker UCP 设置上配置代理时遇到了问题。我有一个 3 节点测试设置,但只有一个控制器(因此没有 HA)
我在控制器节点(192.168.123.14,boot2docker)内下载了 UCP 客户端包,并将 ca.pem、cert.pem 和 key.pem 放在 /etc/docker/ssl/ 中。之后我运行以下命令:
docker exec -ti ucp-kv curl --cacert /etc/docker/ssl/ca.pem --cert /etc/docker/ssl/cert.pem --key /etc/docker/ssl/key.pem https://192.168.123.14:12379/v2/keys/interlock/v1/config -XPUT -d \
value='listenAddr=":8080"
dockerURL="tcp://192.168.123.14:2376"
tlsCaCert="/certs/ca.pem"
tlsCert="/certs/cert.pem"
tlsKey="/certs/key.pem"
[[Extensions]]
Name="nginx"
ConfigPath="/etc/conf/nginx.conf"
PidPath="/etc/conf/nginx.pid"
BackendOverrideAddress=""
ConnectTimeout=5000
ServerTimeout=10000
ClientTimeout=10000
MaxConn=1024
Port=80
SyslogAddr=""
NginxPlusEnabled=false
AdminUser="admin"
AdminPass=""
SSLCertPath=""
SSLCert=""
SSLPort=443
SSLOpts=""
User="www-data"
WorkerProcesses=2
RLimitNoFile=65535
ProxyConnectTimeout=600
ProxySendTimeout=600
ProxyReadTimeout=600
SendTimeout=600
SSLCiphers=
"HIGH:!aNULL:!MD5"
SSLProtocols="SSLv3 TLSv1 TLSv1.1 TLSv1.2"'
运行该命令后,我得到了一个类似 json 的键值对字符串,所以我想它起作用了? /certs/ca.pem 等是空的...我不记得为任何 docker 节点设置了证书和密钥(所以也许这是问题所在?)
然后,我转到将运行负载均衡器的节点 (192.168.123.39,boot2docker)。此节点也是 UCP 集群的一部分。我拉取了 git interlock-lbs 仓库
我设置了 CONTROLLER_IP=19.168.123.14 并在内部执行了 docker-compose up -d (interlock-lbs/interlock-nginx)。但是当我检查 docker-compose 日志时,出现以下错误:
nginx_1 | 2016/04/19 12:32:33 [emerg] 1#1: open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | nginx: [emerg] open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | 2016/04/19 12:32:34 [emerg] 1#1: open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | nginx: [emerg] open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | 2016/04/19 12:32:35 [emerg] 1#1: open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | nginx: [emerg] open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | 2016/04/19 12:32:36 [emerg] 1#1: open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | nginx: [emerg] open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | 2016/04/19 12:32:38 [emerg] 1#1: open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
interlock_1 | time="2016-04-19T12:32:31Z" level=info msg="interlock 1.0.0 (49863fc)"
interlock_1 | time="2016-04-19T12:32:31Z" level=debug msg="using kv: addr=etcd://192.168.123.14:12379"
nginx_1 | nginx: [emerg] open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
interlock_1 | time="2016-04-19T12:32:31Z" level=debug msg="Trusting certs with subjects: [0\x1e1\x1c0\x1a\x06\x03U\x04\x03\x13\x13UCP Cluster Root CA]"
interlock_1 | time="2016-04-19T12:32:31Z" level=debug msg="configuring TLS for KV"
nginx_1 | 2016/04/19 12:32:40 [emerg] 1#1: open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
interlock_1 | time="2016-04-19T12:32:31Z" level=fatal msg="Near line 31 (last key parsed 'Extensions.SSLCiphers'): Expected value but found '\n' instead."
nginx_1 | nginx: [emerg] open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | 2016/04/19 12:32:44 [emerg] 1#1: open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | nginx: [emerg] open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
interlock_1 | time="2016-04-19T12:32:32Z" level=info msg="interlock 1.0.0 (49863fc)"
nginx_1 | 2016/04/19 12:32:50 [emerg] 1#1: open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | nginx: [emerg] open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
interlock_1 | time="2016-04-19T12:32:32Z" level=debug msg="using kv: addr=etcd://192.168.123.14:12379"
nginx_1 | 2016/04/19 12:33:04 [emerg] 1#1: open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | nginx: [emerg] open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
interlock_1 | time="2016-04-19T12:32:32Z" level=debug msg="Trusting certs with subjects: [0\x1e1\x1c0\x1a\x06\x03U\x04\x03\x13\x13UCP Cluster Root CA]"
nginx_1 | 2016/04/19 12:33:30 [emerg] 1#1: open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
nginx_1 | nginx: [emerg] open() "/etc/conf/nginx.conf" failed (2: No such file or directory)
有人知道我做错了什么吗?我的资料来源是:https://www.docker.com/sites/default/files/RA_UCP%20Load%20Balancing-Feb%202016_1.pdf第 11 页(3A Interlock 和 NGINX)
提前致谢
答案1
需要注意的是,您不需要在控制器节点上安装客户端包来执行该docker exec
命令。--cacert /etc/docker/ssl/ca.pem --cert /etc/docker/ssl/cert.pem --key /etc/docker/ssl/key.pem
选项指的是ucp-kv
容器内的证书。
至于 nginx 问题,我也遇到了同样的问题。如果我找到解决方案,我会回来的!