Docker in Unraid - certificate not signed by any CA in the whitelist

plarsson · September 11, 2022, 2:14am

Working on setting up my first storage node, using docker.
After setup my node is offline QUIC misconfigured.
I keep getting a bunch of:

ERROR contact:service ping satellite failed {“Process”: “storagenode”, “Satellite ID”: “xxxxxxxxxxxxxxxxxxx”, “attempts”: 11, “error”: “ping satellite: failed to dial storage node (ID: xxxxxxxxxxx) at address zzzzzzzzzzzz:28967: rpc: tcp connector failed: rpc: tls peer certificate verification: not signed by any CA in the whitelist: CA cert”, “errorVerbose”: “ping satellite: failed to dial storage node (ID: xxxxxxxxxxxxxx) at address zzzzzzzzzz:28967: rpc: tcp connector failed: rpc: tls peer certificate verification: not signed by any CA in the whitelist: CA cert\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatelliteOnce:139\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatellite:98\n\tstorj.io/storj/storagenode/contact.(*Chore).updateCycles.func1:87\n\tstorj.io/common/sync2.(*Cycle).Run:99\n\tstorj.io/common/sync2.(*Cycle).Start.func1:77\n\tgolang.org/x/sync/errgroup.(*Group).Go.func1:57”}

I followed (Since it I issues, I guess not successfully)

I checked my port forward it works, both udp and tcp are forwarded (and checked that they really are opened and forwarded a portchecker

The identity was generated on my windows pc, then copied over to the unraid server and using the identity tool in the container. (and I can now see the 6 total files in the directory with the certs

And I still can’t get it to work… Any help is appreciated.
If it helps, here is also an output from the start of the container

2022-09-10 22:09:31,155 2022-09-10 22:09:31,171 2022-09-10 22:09:31,171 2022-09-10 22:09:32,175 2022-09-10 22:09:32,180 2022-09-10 22:09:32,183 2022-09-10T22:09:32.207-0400 2022-09-10T22:09:32.207-0400 2022-09-10T22:09:32.207-0400 2022-09-10T22:09:32.207-0400 2022-09-10T22:09:32.207-0400 2022-09-10T22:09:32.207-0400 2022-09-10T22:09:32.207-0400 2022-09-10T22:09:32.207-0400 2022-09-10T22:09:32.207-0400 2022-09-10T22:09:32.207-0400 2022-09-10T22:09:32.208-0400 2022-09-10T22:09:32.211-0400 2022-09-10T22:09:32.211-0400 2022-09-10T22:09:32.255-0400 2022-09-10T22:09:32.256-0400 2022-09-10T22:09:32.261-0400 2022-09-10T22:09:32.261-0400 2022-09-10T22:09:32.368-0400 2022-09-10T22:09:32.369-0400 2022-09-10T22:09:32.397-0400 2022-09-10T22:09:32.397-0400 2022-09-10T22:09:32.741-0400 2022-09-10T22:09:32.864-0400 2022-09-10 22:09:33,866 2022-09-10 22:09:33,866 2022-09-10 22:09:33,866 2022-09-10T22:09:36.542-0400 2022-09-10T22:09:37.159-0400 2022-09-10T22:09:37.160-0400 2022-09-10T22:09:37.160-0400 2022-09-10T22:09:37.160-0400 INFO Set uid to user 0 succeeded
INFO RPC interface ‘supervisor’ initialized
INFO supervisord started with pid 1
INFO spawned: ‘processes-exit-eventlistener’ with pid 57
INFO spawned: ‘storagenode’ with pid 58
INFO spawned: ‘storagenode-updater’ with pid 59
INFO Configuration loaded {“Process”: “storagenode-updater”, “Location”: “/app/config/config.yaml”}
INFO Invalid configuration file key {“Process”: “storagenode-updater”, “Key”: “server.private-address”}
INFO Invalid configuration file key {“Process”: “storagenode-updater”, “Key”: “storage.allocated-bandwidth”}
INFO Invalid configuration file key {“Process”: “storagenode-updater”, “Key”: “console.address”}
INFO Invalid configuration file key {“Process”: “storagenode-updater”, “Key”: “operator.wallet”}
INFO Invalid configuration file key {“Process”: “storagenode-updater”, “Key”: “contact.external-address”}
INFO Invalid configuration file key {“Process”: “storagenode-updater”, “Key”: “operator.wallet-features”}
INFO Invalid configuration file key {“Process”: “storagenode-updater”, “Key”: “operator.email”}
INFO Invalid configuration file key {“Process”: “storagenode-updater”, “Key”: “storage.allocated-disk-space”}
INFO Invalid configuration file key {“Process”: “storagenode-updater”, “Key”: “server.address”}
INFO Anonymized tracing enabled {“Process”: “storagenode-updater”}
INFO Running on version {“Process”: “storagenode-updater”, “Service”: “storagenode-updater”, “Version”: “v1.62.3”}
INFO Downloading versions. {“Process”: “storagenode-updater”, “Server Address”: “https://version.storj.io”}
INFO Configuration loaded {“Process”: “storagenode”, “Location”: “/app/config/config.yaml”}
INFO Anonymized tracing enabled {“Process”: “storagenode”}
INFO Operator email {“Process”: “storagenode”, “Address”: “yyyyyyyyyyyyyyyyyyy”}
INFO Operator wallet {“Process”: “storagenode”, “Address”: “zzzzzzzzzzzzzzzzzzzzzzz”}
INFO Current binary version {“Process”: “storagenode-updater”, “Service”: “storagenode”, “Version”: “v1.62.3”}
INFO New version is being rolled out but hasn’t made it to this node yet {“Process”: “storagenode-updater”, “Service”: “storagenode”}
INFO Current binary version {“Process”: “storagenode-updater”, “Service”: “storagenode-updater”, “Version”: “v1.62.3”}
INFO New version is being rolled out but hasn’t made it to this node yet {“Process”: “storagenode-updater”, “Service”: “storagenode-updater”}
INFO Telemetry enabled {“Process”: “storagenode”, “instance ID”: “xxxxxxxxxxxxxxxx”}
INFO db.migration Database Version {“Process”: “storagenode”, “version”: 54}
INFO success: processes-exit-eventlistener entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
INFO success: storagenode entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
INFO success: storagenode-updater entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
INFO preflight:localtime start checking local system clock with trusted satellites’ system clock. {“Process”: “storagenode”}
INFO preflight:localtime local system clock is in sync with trusted satellites’ system clock. {“Process”: “storagenode”}
INFO Node xxxxxxxxxxxxxxxx started {“Process”: “storagenode”}
INFO Public server started on [::]:28967 {“Process”: “storagenode”}
INFO Private server started on 127.0.0.1:7778 {“Process”: “storagenode”}

Alexey · September 11, 2022, 6:35am

Hello @plarsson,
Welcome to the forum!

Meaning that the loaded identity is not signed with authorization token. If your path to the identity folder is correct in your docker run command and your config.yaml didn’t have a different path for the identity, then you need to sign your identity with a new authorization token.

You also should not use the :beta tag, you should use :latest

plarsson · September 11, 2022, 10:05am

Thanks,
so

updated the paths to the certs in config.yaml from

# path to the certificate chain for this identity
identity.cert-path: identity/identity.cert

# path to the private key for this identity
identity.key-path: identity/identity.key

to

# path to the certificate chain for this identity
identity.cert-path: identity/storagenode/identity.cert

# path to the private key for this identity
identity.key-path: identity/storagenode/identity.key

move the certs from …/storagenode/identity to …/storagenode/identity/storagenode
sign with a new token and it worked

thanks

Alexey · September 11, 2022, 12:14pm

Usually you do not need to move identity files to subfolder.
Perhaps only signing with a new authorization token could be enough.