monitor_docker icon indicating copy to clipboard operation
monitor_docker copied to clipboard
verified publisher icon ualex73

Cannot connect to Docker Engine since v1.19

Open kcofoni opened this issue 1 year ago • 3 comments

Hello,

After upgrading to v1.19 (running HA 2027.7.1), I cannot connect any more to my docker engine. I got the following error when starting home assistant in the log file:

2024-07-06 01:48:02.797 ERROR (MainThread) [custom_components.monitor_docker] Failed Docker connect: DockerError(900, "Cannot connect to Docker Engine via tcp://<my_ip>:2376 [Cannot connect to host <my_ip>:2376 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unsuitable certificate purpose (_ssl.c:1000)')]]")

Here is the docker configuration in my configuration.yaml file:

monitor_docker:
  - name: Docker Prod
    url: tcp://<my_ip>:2376
    certpath: /config/docker_certs
    monitored_conditions:
      - allinone

<my_ip> being replaced by a real lan ip address

My certificate files have been properly generated for a while. It was perfectly working with the previous version (in particular v1.8). Coming back to v1.18 makes it work again.

kcofoni avatar Jul 05 '24 23:07 kcofoni

Can you modify the "custom_components/monitor_docker/manifest.json" to the line: "requirements": ["aiodocker==0.21.0", "python-dateutil==2.8.2"]

Basically downgrading the aiodocker version. Check if after restart the problem persists. Also, are you using the following environment variables: environment: - DOCKER_TLS_VERIFY=0 - DOCKER_CERT_PATH=/certs

ualex73 avatar Jul 06 '24 12:07 ualex73

Thanks for the quick answer. It is actually fixing the issue. What is the lasting solution ? I do not use the variables you are referring to.

kcofoni avatar Jul 06 '24 13:07 kcofoni

Ok, the problem is in the underlying library. I will try to do a diff on it.

But ... I need to dig in my memory, it is possible the only way TLS is supported with aiodocker is to use certificates (through environment variables). That it worked before, is possible just luck.

ualex73 avatar Jul 06 '24 14:07 ualex73

I also have this issue, however it only just showed itself when updating to HA 2024.12.1.

Fix above has sorted it though.

bobbinz avatar Dec 09 '24 13:12 bobbinz

I'm getting a different error starting in 2024.12, however the same fix @ualex73 posted also fixed it for me.

Failed Docker connect: DockerError(900, "Cannot connect to Docker Engine via http://<server>:2376 [Cannot connect to host <server>:2376 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1020)')]]")

TarheelGrad1998 avatar Dec 15 '24 20:12 TarheelGrad1998

Please try 1.20b2, it should have fixed the TLS problems.

ualex73 avatar Jan 16 '25 17:01 ualex73

It should be fixed, so I will close ticket in 7 days if nobody objects :-)

ualex73 avatar Jan 16 '25 17:01 ualex73

I updated to 1.20b2, then had to update my urls to https, and then it worked fine (and no more warnings). Thanks!

TarheelGrad1998 avatar Jan 16 '25 21:01 TarheelGrad1998

I will close this one. I it reoccurs, please reopen.

ualex73 avatar Jan 26 '25 10:01 ualex73