VIC Registry Reports "getsockopt: connection timed out" for Insecure Connections
Article ID: 317013
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Symptoms:
Note: The docker-personality logs can be see live from the VCH Admin Portal.
- Using docker-compose to deploy a template results in the following message.
ERROR: Head http://<VIC_Appliance_FQDN_IP/v2/: dial tcp <VIC_Appliance_IP>:80: getsockopt: connection timed out
- The live docker-personality log reports the following when docker-compose, docker-client or the container management portal attempts to create a login session between the VCH and the VIC registry.
Dec 31 2018 17:40:30.736Z DEBUG [BEGIN] [vic/lib/apiservers/engine/backends.(*SystemBackend).AuthenticateToRegistry:332]
Dec 31 2018 17:40:35.736Z INFO Attempting to log into <VIC_Appliance_FQDN_IP>:<port> insecurely
Dec 31 2018 17:40:47.877Z ERROR Looking up OAuth URL failed: context deadline exceeded
Dec 31 2018 17:40:47.877Z DEBUG [ END ]
Dec 31 2018 17:40:35.736Z INFO Attempting to log into <VIC_Appliance_FQDN_IP>:<port> insecurely
Dec 31 2018 17:40:47.877Z ERROR Looking up OAuth URL failed: context deadline exceeded
Dec 31 2018 17:40:47.877Z DEBUG [ END ]
Note: The docker-personality logs can be see live from the VCH Admin Portal.
Environment
VMware vSphere Integrated Containers 1.4.x
Resolution
VIC 1.4.4 no longer allows insecure connections by default.
Workaround:
Configure the VCH to use secure connections instead by adding VIC Appliance CA certificate the VCH registry-ca.
Redeployment method:
Reconfigure method:
Workaround:
Configure the VCH to use secure connections instead by adding VIC Appliance CA certificate the VCH registry-ca.
Redeployment method:
- Download the CA certificate for the VIC Appliance. See the documentation for details. Obtain the vSphere Integrated Containers Registry Certificate.
- Re-deploy the VCH with the "--registry-ca <Path to VIC Appliance CA Certificate>" option. Option details linked at Additional Registry Certificates.
Reconfigure method:
- Download the CA certificate for the VIC Appliance. See the documentation for details. Obtain the vSphere Integrated Containers Registry Certificate.
- Use the vic-machine configure option to add the "--registry-ca <Path to VIC Appliance CA Certificate>" option. Examples and details in the documentation under Add or Update Registry Server Certificates.
Feedback
Yes
No
Powered by
