系統環境:
win10 + virtualbox5.0.24
docker,docker-machine版本
JYC103@Fanne MINGW64 ~
$ docker-machine.exe -version
docker-machine.exe version 0.7.0, build a650a40
JYC103@Fanne MINGW64 ~
$ docker version
Client:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built: Thu Jul 28 23:54:00 2016
OS/Arch: windows/amd64
An error occurred trying to connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version: open //./pipe/docker_engine: The system cannot find the file specified.
現在docker-machine上有一台docker主機
$ docker-machine.exe ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
docker.20.127 - none Running tcp://192.168.20.127:2375 Unknown Unable to query docker version: Unable to read TLS config: open C:\Users\JYC103\.docker\machine\machines\docker.20.127\server.pem: The system cannot find the file specified.
直接docker info 這台docker主機
$ docker -H 192.168.20.127:2375 info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 1.12.0
Storage Driver: devicemapper
Pool Name: docker-253:1-101251423-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 11.73 MB
Data Space Total: 107.4 GB
Data Space Available: 14.84 GB
Metadata Space Used: 581.6 kB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.147 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2016-06-09)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: null host bridge overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-123.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 987.2 MiB
Name: localhost.localdomain
ID: FMPB:NCHQ:ERTQ:YQMK:WUSA:QA2T:FCQO:TL7L:IHOH:3Z3Z:EXTV:3YMY
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
127.0.0.0/8
問題開始了
現在要docker-machine env查看docke.20.127主機的變量,出現以下提示
$ docker-machine.exe env docker.20.127
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.20.127:2375": open C:\Users\JYC103\.docker\machine\machines\docker.20.127\server.pem: The system cannot find the file specified.
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.
server.pem不存在,按照它的提示建立一個
$ docker-machine.exe regenerate-certs docker.20.127
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Too many retries waiting for SSH to be available. Last error: Maximum number of retries (60) exceeded
但是等了幾分鐘後,沒創建成功,打開debug調試
$ docker-machine.exe -D regenerate-certs docker.20.127
Docker Machine Version: 0.7.0, build a650a40
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Found binary path at C:\Users\JYC103\bin\docker-machine.exe
Launching plugin server for driver none
Plugin server listening at address 127.0.0.1:58959
() Calling .GetVersion
Using API Version 1
() Calling .SetConfigRaw
() Calling .GetMachineName
command=configureAuth machine=docker.20.127
Waiting for SSH to be available...
Getting to WaitForSSH function...
(docker.20.127) Calling .GetSSHHostname
(docker.20.127) Calling .GetSSHPort
(docker.20.127) Calling .GetSSHKeyPath
(docker.20.127) Calling .GetSSHUsername
Using SSH client type: external
&{[-F /dev/null -o BatchMode=yes -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none @ -p 0] C:\Program Files\Git\usr\bin\ssh.exe <nil>}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255: usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port]
[-Q cipher | cipher-auth | mac | kex | key]
[-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] [user@]hostname [command]
Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
command : exit 0
err : exit status 255
output : usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port]
[-Q cipher | cipher-auth | mac | kex | key]
[-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] [user@]hostname [command]
報ssh連結錯誤。
這問題要如何解決,要如何才能產生server.pem這個檔案的?
黄舟2017-04-25 09:03:32
你加入的是 --driver none
的主机,因此只可以通过 Docker Remote API 操作。不可以SSH。而使用 docker-machine regenerate-certs
是需要 SSH 的。因此不支持。如果需要SSH,应该最初就是用 --driver generic
驅動,由其負責安裝配置Docker。
至於說docker-machine env
报告 TLS 错误,这是因为所创建的 --driver none
的Docker host,在docker-machine 的記錄中,預設視為已經配置了TLS並啟用(畢竟這才是預設安全的方式),具體的金鑰檔案應該在建立該主機時通過參數賦予,或直接修改設定檔。
而從你之前顯示的連接埠2375
看,你這個Docker Host是沒有加任何TLS保護的,因此和記錄中的TLS啟用矛盾。所以當 docker-machine 試圖連結這個API時,既無本機證書,遠端又不沒啟用TLS。自然會報錯。而由於設定中啟用了TLS,所以會猜測是你的憑證產生有問題,建議重新產生憑證。
解決辦法,或是產生TLS憑證設定上,或去修改 ~/.docker/machine/machines/<NAME>/config.json
,将其中的 TlsVerify
改为 false
。