Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DockerEnv Test: #10107

Closed
medyagh opened this issue Jan 7, 2021 · 9 comments · Fixed by #10118
Closed

DockerEnv Test: #10107

medyagh opened this issue Jan 7, 2021 · 9 comments · Fixed by #10118
Assignees

Comments

@medyagh
Copy link
Member

medyagh commented Jan 7, 2021

https://storage.googleapis.com/minikube-builds/logs/10100/0b52244/Docker_Linux.html#fail_TestFunctional%2fparallel%2fDockerEnv

functional_test.go:194: (dbg) Non-zero exit: /bin/bash -c "eval $(out/minikube-linux-amd64 -p functional-20210106230346-2918037 docker-env) && docker images": exit status 1 (631.613712ms)
** stderr ** 
	The server probably has client authentication (--tlsverify) enabled. Please check your TLS client certification settings: Get https://192.168.124.150:2376/v1.40/images/json: remote error: tls: bad certificate
** /stderr **

I suspect this could be because the other parallel clusters are putting a lock on the Cert and it is not useable by the user. snice it hasppanes mostly in integration test and not in Github action where we run less parallel.

one solution could be generating Certs per cluster

export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://127.0.0.1:55010"
export DOCKER_CERT_PATH="/Users/medya/.minikube/certs"
export MINIKUBE_ACTIVE_DOCKERD="minikube"

rght now the certs used for docker-env are shared across all clusters

Users/medya/.minikube/certs

@medyagh
Copy link
Member Author

medyagh commented Jan 7, 2021

@azhao155

@medyagh
Copy link
Member Author

medyagh commented Jan 7, 2021

one thing to check is if our Lock is getting activated each time we try to look at the cert

https://github.com/medyagh/minikube/blob/dce38fb331b6172c0c618ad486ac1b60661af687/pkg/util/crypto.go#L158

currentlty we do NOT regerenreate the cert if it exists. I wonder if we activate the Lock while checking if the cert exists.

@medyagh
Copy link
Member Author

medyagh commented Jan 7, 2021

we should add debgging to the DockerEnv test if it fails, to give us the timestamp for the certs in home folder and the last time they were changed.

@medyagh
Copy link
Member Author

medyagh commented Jan 7, 2021

/assign azhao155

@k8s-ci-robot
Copy link
Contributor

@medyagh: GitHub didn't allow me to assign the following users: azhao155.

Note that only kubernetes members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign azhao155

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@azhao155
Copy link
Contributor

azhao155 commented Jan 7, 2021

/assign @azhao155

@azhao155
Copy link
Contributor

very possible related to this issue: docker/machine#3634

@medyagh
Copy link
Member Author

medyagh commented Jan 12, 2021

very possible related to this issue: docker/machine#3634

good find that could pretty much be the reason

@medyagh
Copy link
Member Author

medyagh commented Jan 14, 2021

fixed by #10118

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants