创建新的 docker-machine 实例总是无法使用 openstack 驱动程序验证证书
Creating new docker-machine instance always fails validating certs using openstack driver
每次我尝试通过 docker-machine 在开放堆栈上创建一个新实例时,我总是会收到此错误以验证证书。我必须在为我创建实例后立即重新生成证书才能使用这些实例。
$ docker-machine create --driver openstack --openstack-ssh-user root --openstack-keypair-name "KeyName" --openstack-private-key-file ~/.ssh/id_rsa --openstack-flavor-id 50 --openstack-image-name "Ubuntu-16.04" manager1
Running pre-create checks...
Creating machine...
(staging-worker1) Creating machine...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "xxx.xxx.xxx.xxx:2376": dial tcp xxx.xxx.xxx.xxx:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
$ docker-machine regenerate-certs manager1
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
然后它似乎工作
$ docker-machine ssh manager1 pwd
/home/ubuntu
但是当我尝试做 env
$ docker-machine env manager1
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "xxx.xxx.xxx.xx:2376": dial tcp xxx.xxx.xxx.xx:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
关于可能导致此问题的原因有什么想法吗?
中进一步记录了它
事实证明,我的托管服务在 Open Stack 安全组规则中锁定了除 22、80 和 443 之外的所有内容。我必须添加 2376 TCP Ingress 才能使 docker-machine 的命令正常工作。
这有助于解释为什么 docker-machine ssh 有效但 docker-machine env
在 Ubuntu 上,您需要通过 SSH 连接到您的计算机并 cd 进入以下目录:
cd /etc/systemd/system/docker.service.d/
列出其中的所有文件:
ls -l
你可能会遇到这样的事情:
-rw-r--r-- 1 root root 274 Jul 2 17:47 10-machine.conf
-rw-r--r-- 1 root root 101 Jul 2 17:46 override.conf
您需要使用 sudo rm 删除除 10-machine.conf 以外的所有文件。之后删除失败的现有机器:
docker-machine rm machine1
并尝试像这样再创建一次:
docker-machine create -d generic --generic-ip-address ip --generic-ssh-key ~/.ssh/key --generic-ssh-user username --generic-ssh-port 22 machine1
请将 ip、密钥、用户名和 machine1 更改为您的实际值。它现在应该工作了。希望对您有所帮助。
每次我尝试通过 docker-machine 在开放堆栈上创建一个新实例时,我总是会收到此错误以验证证书。我必须在为我创建实例后立即重新生成证书才能使用这些实例。
$ docker-machine create --driver openstack --openstack-ssh-user root --openstack-keypair-name "KeyName" --openstack-private-key-file ~/.ssh/id_rsa --openstack-flavor-id 50 --openstack-image-name "Ubuntu-16.04" manager1
Running pre-create checks...
Creating machine...
(staging-worker1) Creating machine...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "xxx.xxx.xxx.xxx:2376": dial tcp xxx.xxx.xxx.xxx:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
$ docker-machine regenerate-certs manager1
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
然后它似乎工作
$ docker-machine ssh manager1 pwd
/home/ubuntu
但是当我尝试做 env
$ docker-machine env manager1
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "xxx.xxx.xxx.xx:2376": dial tcp xxx.xxx.xxx.xx:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
关于可能导致此问题的原因有什么想法吗?
中进一步记录了它事实证明,我的托管服务在 Open Stack 安全组规则中锁定了除 22、80 和 443 之外的所有内容。我必须添加 2376 TCP Ingress 才能使 docker-machine 的命令正常工作。
这有助于解释为什么 docker-machine ssh 有效但 docker-machine env
在 Ubuntu 上,您需要通过 SSH 连接到您的计算机并 cd 进入以下目录:
cd /etc/systemd/system/docker.service.d/
列出其中的所有文件:
ls -l
你可能会遇到这样的事情:
-rw-r--r-- 1 root root 274 Jul 2 17:47 10-machine.conf
-rw-r--r-- 1 root root 101 Jul 2 17:46 override.conf
您需要使用 sudo rm 删除除 10-machine.conf 以外的所有文件。之后删除失败的现有机器:
docker-machine rm machine1
并尝试像这样再创建一次:
docker-machine create -d generic --generic-ip-address ip --generic-ssh-key ~/.ssh/key --generic-ssh-user username --generic-ssh-port 22 machine1
请将 ip、密钥、用户名和 machine1 更改为您的实际值。它现在应该工作了。希望对您有所帮助。