问题描述
系统环境:win10 + virtualbox5.0.24docker,docker-machine版本
JYC103@Fanne MINGW64 ~$ docker-machine.exe -versiondocker-machine.exe version 0.7.0, build a650a40JYC103@Fanne MINGW64 ~$ docker versionClient: Version: 1.12.0 API version: 1.24 Go version: go1.6.3 Git commit: 8eab29e Built:Thu Jul 28 23:54:00 2016 OS/Arch: windows/amd64An error occurred trying to connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.24/version: open //./pipe/docker_engine: The system cannot find the file specified.
现在docker-machine上有一台docker主机
$ docker-machine.exe lsNAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORSdocker.20.127 -noneRunning tcp://192.168.20.127:2375 Unknown Unable to query docker version: Unable to read TLS config: open C:UsersJYC103.dockermachinemachinesdocker.20.127server.pem: The system cannot find the file specified.
直接docker info 这台docker主机
$ docker -H 192.168.20.127:2375 infoContainers: 0 Running: 0 Paused: 0 Stopped: 0Images: 0Server Version: 1.12.0Storage Driver: devicemapper Pool Name: docker-253:1-101251423-pool Pool Blocksize: 65.54 kB Base Device Size: 10.74 GB Backing Filesystem: xfs Data file: /dev/loop0 Metadata file: /dev/loop1 Data Space Used: 11.73 MB Data Space Total: 107.4 GB Data Space Available: 14.84 GB Metadata Space Used: 581.6 kB Metadata Space Total: 2.147 GB Metadata Space Available: 2.147 GB Thin Pool Minimum Free Space: 10.74 GB Udev Sync Supported: true Deferred Removal Enabled: false Deferred Deletion Enabled: false Deferred Deleted Device Count: 0 Data loop file: /var/lib/docker/devicemapper/devicemapper/data WARNING: Usage of loopback devices is strongly discouraged for production use. Use `--storage-opt dm.thinpooldev` to specify a custom block storage device. Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata Library Version: 1.02.107-RHEL7 (2016-06-09)Logging Driver: json-fileCgroup Driver: cgroupfsPlugins: Volume: local Network: null host bridge overlaySwarm: inactiveRuntimes: runcDefault Runtime: runcSecurity Options: seccompKernel Version: 3.10.0-123.el7.x86_64Operating System: CentOS Linux 7 (Core)OSType: linuxArchitecture: x86_64CPUs: 1Total Memory: 987.2 MiBName: localhost.localdomainID: FMPB:NCHQ:ERTQ:YQMK:WUSA:QA2T:FCQO:TL7L:IHOH:3Z3Z:EXTV:3YMYDocker Root Dir: /var/lib/dockerDebug Mode (client): falseDebug Mode (server): falseRegistry: https://index.docker.io/v1/WARNING: bridge-nf-call-iptables is disabledWARNING: bridge-nf-call-ip6tables is disabledInsecure Registries: 127.0.0.0/8
问题开始了现在要docker-machine env查看一下docke.20.127主机的变量,出现以下提示
$ docker-machine.exe env docker.20.127Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host '192.168.20.127:2375': open C:UsersJYC103.dockermachinemachinesdocker.20.127server.pem: The system cannot find the file specified.You can attempt to regenerate them using ’docker-machine regenerate-certs [name]’.Be advised that this will trigger a Docker daemon restart which will stop running containers.
server.pem不存在,按照它的提示创建一个
$ docker-machine.exe regenerate-certs docker.20.127Regenerate TLS machine certs? Warning: this is irreversible. (y/n): yRegenerating TLS certificatesWaiting for SSH to be available...Too many retries waiting for SSH to be available. Last error: Maximum number of retries (60) exceeded
但是等了几分钟后,没创建成功,打开debug调试
$ docker-machine.exe -D regenerate-certs docker.20.127Docker Machine Version: 0.7.0, build a650a40Regenerate TLS machine certs? Warning: this is irreversible. (y/n): yRegenerating TLS certificatesFound binary path at C:UsersJYC103bindocker-machine.exeLaunching plugin server for driver nonePlugin server listening at address 127.0.0.1:58959() Calling .GetVersionUsing API Version 1() Calling .SetConfigRaw() Calling .GetMachineNamecommand=configureAuth machine=docker.20.127Waiting for SSH to be available...Getting to WaitForSSH function...(docker.20.127) Calling .GetSSHHostname(docker.20.127) Calling .GetSSHPort(docker.20.127) Calling .GetSSHKeyPath(docker.20.127) Calling .GetSSHUsernameUsing SSH client type: external&{[-F /dev/null -o BatchMode=yes -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none @ -p 0] C:Program FilesGitusrbinssh.exe <nil>}About to run SSH command:exit 0SSH cmd err, output: exit status 255: usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q cipher | cipher-auth | mac | kex | key] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]Error getting ssh command ’exit 0’ : Something went wrong running an SSH command!command : exit 0err : exit status 255output : usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q cipher | cipher-auth | mac | kex | key] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]
报ssh链接错误。这问题要如何解决,要如何才能生成server.pem这个文件的?
问题解答
回答1:你添加的是 --driver none 的主机,因此只可以通过 Docker Remote API 操作。不可以SSH。而使用 docker-machine regenerate-certs 是需要 SSH 的。因此不支持。如果需要SSH,应该最初就是用 --driver generic 驱动,由其负责安装配置Docker。
至于说 docker-machine env 报告 TLS 错误,这是因为所创建的 --driver none 的Docker host,在 docker-machine 的记录中,默认视为已经配置好了TLS并启用(毕竟这才是默认安全的方式),具体的密钥文件应该在创建该主机时通过参数赋予,或者直接修改配置文件。
而从你之前显示的端口2375看,你这个Docker Host是没有加任何TLS保护的,因此和记录中的TLS启用矛盾。所以当 docker-machine 试图链接这个API时,既无本地证书,远程又不没启用TLS。自然会报错。而由于配置中启用了TLS,所以会猜测是你的证书生成有问题,建议重新生成证书。
解决办法,或者生成TLS证书配置上,或者去修改 ~/.docker/machine/machines/<NAME>/config.json,将其中的 TlsVerify 改为 false。
