System environment:
win10 + virtualbox5.0.24
Docker,docker-machine version
JYC103@Fanne MINGW64 ~
$ docker-machine.exe -version
docker-machine.exe version 0.7.0, build a650a40
JYC103@Fanne MINGW64 ~
$ docker version
Client:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built: Thu Jul 28 23:54:00 2016
OS/Arch: windows/amd64
An error occurred trying to connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version: open //./pipe/docker_engine: The system cannot find the file specified.
There is now a docker host on docker-machine
$ docker-machine.exe ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
docker.20.127 - none Running tcp:// 192.168.20.127:2375 Unknown Unable to query docker version: Unable to read TLS config: open C:\Users\JYC103\.docker\machine\machines\ docker.20.127\server.pem: The system cannot find the file specified.
Direct docker info this docker host
$ docker -H 192.168.20.127:2375 info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 1.12.0
Storage Driver: devicemapper
Pool Name: docker-253:1-101251423-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 11.73 MB
Data Space Total: 107.4 GB
Data Space Available: 14.84 GB
Metadata Space Used: 581.6 kB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.147 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2016-06-09)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: null host bridge overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-123.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 987.2 MiB
Name: localhost.localdomain
ID: FMPB:NCHQ:ERTQ:YQMK:WUSA:QA2T:FCQO:TL7L:IHOH:3Z3Z:EXTV:3YMY
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
127.0.0.0/8
The problem has begun.
Now you want docker-machine env to look at the variables of the docke.20.127 host and the following prompt appears
$ docker-machine.exe env docker.20.127
Error checking TLS connection: Error checking and/ or regenerating the certs: There was an error validating certificates for host "192.168.20.127:2375": open C:\Users\JYC103\.docker\machine\machines\ docker.20.127\server.pem: The system cannot find the file specified.
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.
Server.pem does not exist, follow its prompts to create one
$ docker-machine.exe regenerate-certs docker.20.127
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available ...
Too many retries waiting for SSH to be available. Last error: Maximum number of retries (60) exceeded
However, after waiting for a few minutes, it was not successfully created and debug was opened.
$ docker-machine.exe -D regenerate-certs docker.20.127
Docker Machine Version: 0.7.0, build a650a40
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Found binary path at C:\Users\JYC103\bin\docker-machine.exe
Launching plugin server for driver none
Plugin server listening at address 127.0.0.1:58959
() Calling .GetVersion
Using API Version 1
() Calling .SetConfigRaw
() Calling .GetMachineName
command=configureAuth machine=docker.20.127
Waiting for SSH to be available ...
Getting to WaitForSSH function ...
(docker.20.127) Calling .GetSSHHostname
(docker.20.127) Calling .GetSSHPort
(docker.20.127) Calling .GetSSHKeyPath
(docker.20.127) Calling .GetSSHUsername
Using SSH client type: external
&{[-F /dev/null -o BatchMode=yes -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/ null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none @ -p 0] C:\Program Files\Git\usr\bin\ssh.exe <nil>}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255: usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port]
[-Q cipher | cipher-auth | mac | kex | key]
[-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] [user@]hostname [command]
Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
command : exit 0
err : exit status 255
output : usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port]
[-Q cipher | cipher-auth | mac | kex | key]
[-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] [user@]hostname [command]
Report ssh link error.
How to solve this problem and how to generate the server.pem file?
What you added was
--driver none
Therefore, it can only be operated through the Docker Remote API. SSH is not allowed. And usedocker-machine regenerate-certs
SSH is required. Therefore, it is not supported. If SSH is required, it should be used initially--driver generic
Driver, who is responsible for installing and configuring Docker.As for saying
docker-machine env
TLS errors are reported because the was created--driver none
In docker-machine’s record, TLS is considered configured and enabled by default (after all, this is the default security method). The specific key file should be given by parameters when the host is created, or the configuration file should be modified directly.And from the port you showed earlier
2375
Look, your Docker Host does not have any TLS protection, so it conflicts with TLS activation in the record. So when docker-machine tried to link this API, there was no local certificate and TLS was not enabled remotely. Naturally, they will make a mistake. However, since TLS is enabled in the configuration, it will be speculated that there is a problem with your certificate generation, and it is recommended to regenerate the certificate.The solution is either to generate TLS certificate configuration or to modify it.
~/.docker/machine/machines/<NAME>/config.json
, which willTlsVerify
insteadfalse
.