cadvisor on mesos with ssl

[jomach]

Hi everyone,

It seems that there is no documentation (or probably is not implemented) that the cadvisor cannot speak with mesos slaves if the following environment vars are set on mesos agent.

Environment=LIBPROCESS_SSL_ENABLED=true
Environment=LIBPROCESS_SSL_SUPPORT_DOWNGRADE=false
Environment=LIBPROCESS_SSL_CIPHERS=AES128-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA
Environment=LIBPROCESS_SSL_KEY_FILE=/etc/ssl/private/server_2048.key
Environment=LIBPROCESS_SSL_CERT_FILE=/etc/ssl/server.crt

I always get:

W0729 15:20:39.614966 17621 process.cpp:903] Failed to accept socket: Failed accept: connection error: error:1408F09C:SSL routines:ssl3_get_record:http request
W0729 15:20:39.615309 17621 process.cpp:903] Failed to accept socket: Failed accept: connection error: error:1408F09C:SSL routines:ssl3_get_record:http request

Is this known and documented how to fix it?

[dashpole]

cc @sashankreddya

[jomach]

I'm not a go programmer but I think I found the issue here (Or it should be handled my the httpcli from mesos-go lib):

 func Client() (mesosAgentClient, error) {
	mesosClientOnce.Do(func() {
		// Start Client
		apiURL := url.URL{
			Scheme: "http",
			Host:   *MesosAgentAddress,
			Path:   "/api/v1",
		}
		mesosClient = &client{
			hc: httpcli.New(
				httpcli.Endpoint(apiURL.String()),
				httpcli.Codec(codecs.ByMediaType[codecs.MediaTypeProtobuf]),
				httpcli.Do(httpcli.With(httpcli.Timeout(*MesosAgentTimeout))),
			),
		}
	})

under container/mesos/client.go.
Update:
I tried to patch it with adding https to the scheme same problem. It can be that the lib mesos-go is the problem. I asked for help here mesos/mesos-go#377