[jira] [Commented] (MESOS-10218) Mesos slave fails to connect after enabling ssl

Tue, 06 Apr 2021 06:03:05 -0700 


    [ 
https://issues.apache.org/jira/browse/MESOS-10218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17315520#comment-17315520
 ] 

Andreas Peters commented on MESOS-10218:
----------------------------------------

Ok... The sandbox failure happened, because your webbrowser want to connect the 
agent but it cannot because of the self signed SSL certificate. The workaround 
is very easy. :-) Connect one time the agent with your browser. As example: 
"https://<YOUR_AGENT>:5051/slave(1)/state?jsonp=JSON_CALLBACK". Then accept the 
self signed SSL certificate message in your browser. After that you can access 
all sanboxes at these agent via the mesos WebUI. 

Next to the http request!

Did you change the configuration on both sites? Server and Agent? If yes, are 
the SSL certificates on both sites the same?

> Mesos slave fails to connect after enabling ssl
> -----------------------------------------------
>
>                 Key: MESOS-10218
>                 URL: https://issues.apache.org/jira/browse/MESOS-10218
>             Project: Mesos
>          Issue Type: Bug
>          Components: agent
>    Affects Versions: 1.9.0
>            Reporter: prasadkulkarni0711
>            Priority: Major
>
> Mesos agent fails to connect to the master after setting the following 
> variables:
> LIBPROCESS_SSL_ENABLED=1
> LIBPROCESS_SSL_KEY_FILE=/etc/mesos/conf/ssl/server.key
> LIBPROCESS_SSL_CERT_FILE=/etc/mesos/conf/ssl/server.pem
> LIBPROCESS_SSL_REQUIRE_CERT=false
> LIBPROCESS_SSL_VERIFY_SERVER_CERT=false
> LIBPROCESS_SSL_REQUIRE_CLIENT_CERT=false
> LIBPROCESS_SSL_HOSTNAME_VALIDATION_SCHEME=openssl
> LIBPROCESS_SSL_VERIFY_CERT=false
> LIBPROCESS_SSL_CA_DIR=/etc/mesos/conf/ssl
> LIBPROCESS_SSL_CA_FILE=/etc/mesos/conf/ssl/ca.pem
> LIBPROCESS_SSL_SUPPORT_DOWNGRADE=false
> LIBPROCESS_SSL_VERIFY_IPADD=false
> #LIBPROCESS_SSL_ENABLE_TLS_V1_2=true
> Error in logs:
> Failed to accept socket: Failed accept: connection error: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request
> Connectivity works after setting:
> LIBPROCESS_SSL_SUPPORT_DOWNGRADE=true
> But then the sandbox fails to open in the web UI:
> Potential reasons:
>  * The agent is not accessible
>  * The agent timed out or went offline
> With the following error in the logs:
> Failed to recv on socket 38 to peer 'unknown': Failed recv, connection error: 
> Connection reset by peer



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to