vSphere Integrated Container Returns "remote error: tls" to the Docker Client
search cancel

vSphere Integrated Container Returns "remote error: tls" to the Docker Client

book

Article ID: 342408

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:

When connecting the docker client to the Virtual Container Host, the following error is seen:
 

$ docker -H labvch.cloud.local:2376 --tlsverify --tlscert="client.crt" --tlskey="client.key" --tlscacert="/root/vic/certs/ca.crt" info An error occurred trying to connect: Get https://labvch.cloud.local:2376/v1.24/info: remote error: tls: handshake failure

 

 

Environment

VMware vSphere Integrated Containers 1.0.x
VMware vSphere Integrated Containers 1.x

Cause

The docker client defaults to the OS proxy settings. If the proxy does not pass the docker client's certificates unaltered to the VCH, then the connection will not succeed.

Resolution

Use the docker client switch option, --no-http-proxy to ignore the OS proxy settings.

For example:


$ docker -H labvch.cloud.local:2376 --tlsverify --tlscert="client.crt" --tlskey="client.key" --tlscacert="/root/vic/certs/ca.crt" --no-http-proxy info

 


Additional Information

More details using TLS verify with VIC VCH:
https://vmware.github.io/vic-product/assets/files/html/1.4/vic_vsphere_admin/vch_cert_options.html#client

Details on using the docker client with TLS and the VCH:
https://vmware.github.io/vic-product/assets/files/html/1.4/vic_app_dev/configure_docker_client.html

Docker Client Documentation:
https://docs.docker.com/engine/reference/commandline/cli/#description