Docker-machineregionate-certs problem

  docker, question

System environment:
win10 + virtualbox5.0.24
Docker,docker-machine version

JYC103@Fanne MINGW64 ~
 $  docker-machine.exe -version
 docker-machine.exe version 0.7.0, build a650a40
 
 JYC103@Fanne MINGW64 ~
 $ docker version
 Client:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 23:54:00 2016
 OS/Arch:      windows/amd64
 An error occurred trying to connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version: open //./pipe/docker_engine: The system cannot find the file specified.

There is now a docker host on docker-machine

$  docker-machine.exe ls
 NAME            ACTIVE   DRIVER      STATE     URL                         SWARM   DOCKER    ERRORS
 docker.20.127   -        none        Running   tcp://  192.168.20.127:2375           Unknown   Unable to query docker version: Unable to read TLS config: open C:\Users\JYC103\.docker\machine\machines\  docker.20.127\server.pem: The system cannot find the file specified.

Direct docker info this docker host

$ docker -H 192.168.20.127:2375 info
 Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
 Images: 0
 Server Version: 1.12.0
 Storage Driver: devicemapper
 Pool Name: docker-253:1-101251423-pool
 Pool Blocksize: 65.54 kB
 Base Device Size: 10.74 GB
 Backing Filesystem: xfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 11.73 MB
 Data Space Total: 107.4 GB
 Data Space Available: 14.84 GB
 Metadata Space Used: 581.6 kB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.147 GB
 Thin Pool Minimum Free Space: 10.74 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Deferred Deletion Enabled: false
 Deferred Deleted Device Count: 0
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.107-RHEL7 (2016-06-09)
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
 Volume: local
 Network: null host bridge overlay
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Security Options: seccomp
 Kernel Version: 3.10.0-123.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 987.2 MiB
 Name: localhost.localdomain
 ID: FMPB:NCHQ:ERTQ:YQMK:WUSA:QA2T:FCQO:TL7L:IHOH:3Z3Z:EXTV:3YMY
 Docker Root Dir: /var/lib/docker
 Debug Mode (client): false
 Debug Mode (server): false
 Registry:  https://index.docker.io/v1/
 WARNING: bridge-nf-call-iptables is disabled
 WARNING: bridge-nf-call-ip6tables is disabled
 Insecure Registries:
 127.0.0.0/8

The problem has begun.
Now you want docker-machine env to look at the variables of the docke.20.127 host and the following prompt appears

$  docker-machine.exe env docker.20.127
 Error checking TLS connection: Error checking and/  or regenerating the certs: There was an error validating certificates for host "192.168.20.127:2375": open C:\Users\JYC103\.docker\machine\machines\  docker.20.127\server.pem: The system cannot find the file specified.
 You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
 Be advised that this will trigger a Docker daemon restart which will stop running containers.

Server.pem does not exist, follow its prompts to create one

$  docker-machine.exe regenerate-certs docker.20.127
 Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
 Regenerating TLS certificates
 Waiting for SSH to be available  ...
 Too many retries waiting for SSH to be available.  Last error: Maximum number of retries (60) exceeded

However, after waiting for a few minutes, it was not successfully created and debug was opened.

$  docker-machine.exe -D regenerate-certs docker.20.127
 Docker Machine Version:  0.7.0, build a650a40
 Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
 Regenerating TLS certificates
 Found binary path at C:\Users\JYC103\bin\docker-machine.exe
 Launching plugin server for driver none
 Plugin server listening at address 127.0.0.1:58959
 () Calling .GetVersion
 Using API Version  1
 () Calling .SetConfigRaw
 () Calling .GetMachineName
 command=configureAuth machine=docker.20.127
 Waiting for SSH to be available  ...
 Getting to WaitForSSH function  ...
 (docker.20.127) Calling .GetSSHHostname
 (docker.20.127) Calling .GetSSHPort
 (docker.20.127) Calling .GetSSHKeyPath
 (docker.20.127) Calling .GetSSHUsername
 Using SSH client type: external
 &{[-F /dev/null -o BatchMode=yes -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/  null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none @ -p 0] C:\Program Files\Git\usr\bin\ssh.exe <nil>}
 About to run SSH command:
 exit 0
 SSH cmd err, output: exit status 255: usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
 [-D [bind_address:]port] [-E log_file] [-e escape_char]
 [-F configfile] [-I pkcs11] [-i identity_file]
 [-L address] [-l login_name] [-m mac_spec]
 [-O ctl_cmd] [-o option] [-p port]
 [-Q cipher | cipher-auth | mac | kex | key]
 [-R address] [-S ctl_path] [-W host:port]
 [-w local_tun[:remote_tun]] [user@]hostname [command]
 
 Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
 command : exit 0
 err     : exit status 255
 output  : usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
 [-D [bind_address:]port] [-E log_file] [-e escape_char]
 [-F configfile] [-I pkcs11] [-i identity_file]
 [-L address] [-l login_name] [-m mac_spec]
 [-O ctl_cmd] [-o option] [-p port]
 [-Q cipher | cipher-auth | mac | kex | key]
 [-R address] [-S ctl_path] [-W host:port]
 [-w local_tun[:remote_tun]] [user@]hostname [command]

Report ssh link error.
How to solve this problem and how to generate the server.pem file?

What you added was--driver noneTherefore, it can only be operated through the Docker Remote API. SSH is not allowed. And usedocker-machine regenerate-certsSSH is required. Therefore, it is not supported. If SSH is required, it should be used initially--driver genericDriver, who is responsible for installing and configuring Docker.

As for sayingdocker-machine envTLS errors are reported because the was created--driver noneIn docker-machine’s record, TLS is considered configured and enabled by default (after all, this is the default security method). The specific key file should be given by parameters when the host is created, or the configuration file should be modified directly.

And from the port you showed earlier2375Look, your Docker Host does not have any TLS protection, so it conflicts with TLS activation in the record. So when docker-machine tried to link this API, there was no local certificate and TLS was not enabled remotely. Naturally, they will make a mistake. However, since TLS is enabled in the configuration, it will be speculated that there is a problem with your certificate generation, and it is recommended to regenerate the certificate.

The solution is either to generate TLS certificate configuration or to modify it.~/.docker/machine/machines/<NAME>/config.json, which willTlsVerifyinsteadfalse.