Hello Concourse team,
We encountered an issue with image-resource where docker image could not be pulled due to missing certificates on our Concourse 4.2.1. The relevant error in this one:
resource script ‘/opt/resource/check ’ failed: exit status 1
failed to ping registry: 2 error(s) occurred:
- ping https: Get [docker host]: x509: failed to load system roots and no roots provided
- ping http: Get [docker host]: x509: failed to load system roots and no roots provided
The connection to docker host was possible from all workers. Most of the containers also did not have any issue. After some investigation was found that containers on only one worker had this connectivity issue. Logging in one of these containers revealed that /etc/ssl/certs directory was empty. As the baggageclaim hold the data which should be mounted in the containers including the ssl certificates, we checked its content, but all files were there. We tested the content propagation further by creating some files in the baggageclaim volume outside …/etc/ssl/certs directory and they appeared in the container while /etc/ssl/certs remained empty in the container.
Based on the finding described above we assume there was some issue with mounting …/etc/ssl/certs directory from baggageclaim volume. Worker recreation helped in this case, but we’d like to avoid further occurrences. Could you help here? Many thanks in advance!