搜尋

首頁  >  問答  >  主體

docker-machine regenerate-certs 問題

系統環境:
win10 + virtualbox5.0.24
docker,docker-machine版本

JYC103@Fanne MINGW64 ~
$ docker-machine.exe -version
docker-machine.exe version 0.7.0, build a650a40

JYC103@Fanne MINGW64 ~
$ docker version
Client:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 23:54:00 2016
 OS/Arch:      windows/amd64
An error occurred trying to connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version: open //./pipe/docker_engine: The system cannot find the file specified.

現在docker-machine上有一台docker主機

$ docker-machine.exe ls
NAME            ACTIVE   DRIVER      STATE     URL                         SWARM   DOCKER    ERRORS
docker.20.127   -        none        Running   tcp://192.168.20.127:2375           Unknown   Unable to query docker version: Unable to read TLS config: open C:\Users\JYC103\.docker\machine\machines\docker.20.127\server.pem: The system cannot find the file specified.

直接docker info 這台docker主機

$ docker -H 192.168.20.127:2375 info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 1.12.0
Storage Driver: devicemapper
 Pool Name: docker-253:1-101251423-pool
 Pool Blocksize: 65.54 kB
 Base Device Size: 10.74 GB
 Backing Filesystem: xfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 11.73 MB
 Data Space Total: 107.4 GB
 Data Space Available: 14.84 GB
 Metadata Space Used: 581.6 kB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.147 GB
 Thin Pool Minimum Free Space: 10.74 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Deferred Deletion Enabled: false
 Deferred Deleted Device Count: 0
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.107-RHEL7 (2016-06-09)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: null host bridge overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-123.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 987.2 MiB
Name: localhost.localdomain
ID: FMPB:NCHQ:ERTQ:YQMK:WUSA:QA2T:FCQO:TL7L:IHOH:3Z3Z:EXTV:3YMY
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
 127.0.0.0/8

問題開始了
現在要docker-machine env查看docke.20.127主機的變量,出現以下提示

$ docker-machine.exe env docker.20.127
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.20.127:2375": open C:\Users\JYC103\.docker\machine\machines\docker.20.127\server.pem: The system cannot find the file specified.
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.

server.pem不存在,按照它的提示建立一個

$ docker-machine.exe regenerate-certs docker.20.127
Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Too many retries waiting for SSH to be available.  Last error: Maximum number of retries (60) exceeded

但是等了幾分鐘後,沒創建成功,打開debug調試

$ docker-machine.exe -D regenerate-certs docker.20.127
Docker Machine Version:  0.7.0, build a650a40
Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Found binary path at C:\Users\JYC103\bin\docker-machine.exe
Launching plugin server for driver none
Plugin server listening at address 127.0.0.1:58959
() Calling .GetVersion
Using API Version  1
() Calling .SetConfigRaw
() Calling .GetMachineName
command=configureAuth machine=docker.20.127
Waiting for SSH to be available...
Getting to WaitForSSH function...
(docker.20.127) Calling .GetSSHHostname
(docker.20.127) Calling .GetSSHPort
(docker.20.127) Calling .GetSSHKeyPath
(docker.20.127) Calling .GetSSHUsername
Using SSH client type: external
&{[-F /dev/null -o BatchMode=yes -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none @ -p 0] C:\Program Files\Git\usr\bin\ssh.exe <nil>}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255: usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-E log_file] [-e escape_char]
           [-F configfile] [-I pkcs11] [-i identity_file]
           [-L address] [-l login_name] [-m mac_spec]
           [-O ctl_cmd] [-o option] [-p port]
           [-Q cipher | cipher-auth | mac | kex | key]
           [-R address] [-S ctl_path] [-W host:port]
           [-w local_tun[:remote_tun]] [user@]hostname [command]

Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
command : exit 0
err     : exit status 255
output  : usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-E log_file] [-e escape_char]
           [-F configfile] [-I pkcs11] [-i identity_file]
           [-L address] [-l login_name] [-m mac_spec]
           [-O ctl_cmd] [-o option] [-p port]
           [-Q cipher | cipher-auth | mac | kex | key]
           [-R address] [-S ctl_path] [-W host:port]
           [-w local_tun[:remote_tun]] [user@]hostname [command]

報ssh連結錯誤。
這問題要如何解決,要如何才能產生server.pem這個檔案的?

黄舟黄舟2770 天前1122

全部回覆(1)我來回復

  • 黄舟

    黄舟2017-04-25 09:03:32

    你加入的是 --driver none 的主机,因此只可以通过 Docker Remote API 操作。不可以SSH。而使用 docker-machine regenerate-certs 是需要 SSH 的。因此不支持。如果需要SSH,应该最初就是用 --driver generic 驅動,由其負責安裝配置Docker。

    至於說docker-machine env 报告 TLS 错误,这是因为所创建的 --driver none 的Docker host,在docker-machine 的記錄中,預設視為已經配置了TLS並啟用(畢竟這才是預設安全的方式),具體的金鑰檔案應該在建立該主機時通過參數賦予,或直接修改設定檔。

    而從你之前顯示的連接埠2375看,你這個Docker Host是沒有加任何TLS保護的,因此和記錄中的TLS啟用矛盾。所以當 docker-machine 試圖連結這個API時,既無本機證書,遠端又不沒啟用TLS。自然會報錯。而由於設定中啟用了TLS,所以會猜測是你的憑證產生有問題,建議重新產生憑證。

    解決辦法,或是產生TLS憑證設定上,或去修改 ~/.docker/machine/machines/<NAME>/config.json,将其中的 TlsVerify 改为 false

    回覆
    0
  • 取消回覆