etcd-wrapper error - certificate signed by unknown authority
97 views
Skip to first unread message
Brandon McClure
Jun 28, 2021, 8:57:49 AM6/28/21
to Flatcar Container Linux User
I am deploying flatcar to VMware and am getting the error in the etcd-member.service unit when it starts.
etcd-wrapper[1320]: run: Get https://quay.io/v2/: x509: certificate signed by unknown authority
I expect this error when I try to access internet resources due to a security appliance that we run in my organization. Digging into this, the error is being thrown by the script at /usr/lib/coreos/etcd-wrapper (which is symlinked to /usr/lib64/flatcar/etcd-wrapper) when rkt appears to try to pull the target image.
looking at the etcd_wrapper script it appears that I can set a variable ETCD_IMAGE to specify my own image/repository but I can't seem to get that set. I even tried saving/loading the exact image that the wrapper script is trying to load onto the VM but I am still getting the cert error, indicating that it is trying to pull from the internet.
How can I configure etcd on my instances so that they use the exact image that I need them to/they do not access the internet for any of the configuration.
Kai Lüke
Jun 28, 2021, 9:22:09 AM6/28/21
to Brandon McClure, Flatcar Container Linux User
Hi,
you can create a systemd drop-in unit where you set the environment variables.
You can either specify your custom ETCD_IMAGE value (including the
optional tag) or both a custom ETCD_IMAGE_URL and ETCD_IMAGE_TAG
value.
> --
> You received this message because you are subscribed to the Google Groups "Flatcar Container Linux User" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to flatcar-linux-u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/flatcar-linux-user/1c0ea244-27fc-4c62-ab81-bf9d7cc4be0bn%40googlegroups.com.
--
Kinvolk GmbH | Adalbertstr.6a, 10999 Berlin | tel: +491755589364
Geschäftsführer/Directors: Benjamin Owen Orndorff
Registergericht/Court of registration: Amtsgericht Charlottenburg
Registernummer/Registration number: HRB 171414 B
Ust-ID-Nummer/VAT ID number: DE302207000
you can create a systemd drop-in unit where you set the environment variables.
You can either specify your custom ETCD_IMAGE value (including the
optional tag) or both a custom ETCD_IMAGE_URL and ETCD_IMAGE_TAG
value.
> You received this message because you are subscribed to the Google Groups "Flatcar Container Linux User" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to flatcar-linux-u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/flatcar-linux-user/1c0ea244-27fc-4c62-ab81-bf9d7cc4be0bn%40googlegroups.com.
--
Kinvolk GmbH | Adalbertstr.6a, 10999 Berlin | tel: +491755589364
Geschäftsführer/Directors: Benjamin Owen Orndorff
Registergericht/Court of registration: Amtsgericht Charlottenburg
Registernummer/Registration number: HRB 171414 B
Ust-ID-Nummer/VAT ID number: DE302207000
Brandon McClure
Jun 29, 2021, 4:19:37 PM6/29/21
to Flatcar Container Linux User
Thanks, that makes alot of sense to use systemd.
There are good docs explaining how to do that:
Using environment variables in systemd units | Kinvolk
Reply all
Reply to author
Forward
0 new messages