DOCKER - Zato Components SSL error

Hi Guys

Hope that you can help!

We are creating two docker containers. One with a web admin and one with the load balancer and four servers.

I am getting the could not fetch the load balancers configuration error in the GUI. More specifically in the web admin logs I am getting this

21:MainThread - zato.admin.web.views.cluster:174 - Could not invoke agent, client:[<ServerProxy for>], e:[Traceback (most recent call last):
  File "/opt/zato/2.0.7/zato-web-admin/src/zato/admin/web/views/", line 165, in index
    lb_config = client.get_config()
  File "/usr/lib/python2.7/", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.7/", line 1587, in __request
  File "/usr/lib/python2.7/", line 1273, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib/python2.7/", line 1301, in single_request
    self.send_content(h, request_body)
  File "/usr/lib/python2.7/", line 1448, in send_content
  File "/usr/lib/python2.7/", line 1013, in endheaders
  File "/usr/lib/python2.7/", line 864, in _send_output
  File "/usr/lib/python2.7/", line 826, in send
  File "/opt/zato/2.0.7/eggs/springpython-1.3.0rc1-py2.7.egg/springpython/remoting/", line 48, in connect
    self.sock = self.wrap_socket(sock)
  File "/opt/zato/2.0.7/eggs/springpython-1.3.0rc1-py2.7.egg/springpython/remoting/", line 56, in wrap_socket
  File "/usr/lib/python2.7/", line 487, in wrap_socket
  File "/usr/lib/python2.7/", line 241, in __init__
SSLError: [Errno 0] _ssl.c:344: error:00000000:lib(0):func(0):reason(0)

This is the content of my dockerfile in the webadmin

RUN mkdir -p /opt/zato/env/web-admin
RUN mkdir -p /opt/zato/env/ca

# Create the CA
RUN $ZATO_BIN ca create ca $CA_PATH
RUN $ZATO_BIN ca create web_admin $CA_PATH

# Create the web admin
RUN $ZATO_BIN create web_admin \
  --odb_host=$ODB_HOST \
  --odb_port=$ODB_PORT \
  --odb_user=$ODB_USER \
  --odb_db_name=$ODB_DB_NAME \
  --odb_password=$ODB_PASSWORD \
  --tech_account_password=$TECH_ACCOUNT_PASSWORD \

And then the load balancer/server dockerfile.

# Create the CAs needed
# ========================================
RUN $ZATO_BIN ca create ca $CA_PATH
RUN $ZATO_BIN ca create web_admin $CA_PATH

# Load balancer ca create
# ========================================

# Create the cluster if it does not exist.
# If the clustor does exist,
# ignore the error and continue
# ========================================
RUN $ZATO_BIN create cluster \
    --odb_host=$ODB_HOST \
    --odb_port=$ODB_PORT \
    --odb_user=$ODB_USER \
    --odb_db_name=$ODB_DB_NAME \
    --odb_password=$ODB_PASSWORD \
    --tech_account_password=$TECH_ACCOUNT_PASSWORD \

# Create the load balancer.
# ========================================
RUN $ZATO_BIN create load_balancer \
    $LB_PATH \
    $CA_PATH/out-pub/lb-agent-*.pem \
    $CA_PATH/out-priv/lb-agent-*.pem \
    $CA_PATH/out-cert/lb-agent-*.pem \

I’ve tried to use the same csr across the webadmin and load balancer and have also used the same csr in the ca-material folder. I’m all out of ideas of why this is not working.

Both docker containers are running on the same machine.

The load-balancer has an agent in front of it:

That agent runs on port 20151 by default - does web-admin have access to that port?

Hey Dsuch

Sorry for not gettig back to you sooner. Things have been super crazy lately.

I found the problem here, the issue is due to me creating the CA incorrectly and the WA couldn’t talk to the LB.

Thanks for the help!