问题
Everytime I try to create a new instance via docker-machine on open stack, I always get this error for validating the certs. I have to end up regenerating the certs right after I create the instance for me to be able to use the instances.
$ docker-machine create --driver openstack --openstack-ssh-user root --openstack-keypair-name "KeyName" --openstack-private-key-file ~/.ssh/id_rsa --openstack-flavor-id 50 --openstack-image-name "Ubuntu-16.04" manager1
Running pre-create checks...
Creating machine...
(staging-worker1) Creating machine...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "xxx.xxx.xxx.xxx:2376": dial tcp xxx.xxx.xxx.xxx:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
$ docker-machine regenerate-certs manager1
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Then it seems to work
$ docker-machine ssh manager1 pwd
/home/ubuntu
But when I try to do env
$ docker-machine env manager1
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "xxx.xxx.xxx.xx:2376": dial tcp xxx.xxx.xxx.xx:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
Any ideas on what might be causing this?
I've documented it further in github https://github.com/docker/machine/issues/3829
回答1:
It turns out my hosting service locked down everything other than 22, 80, and 443 on the Open Stack Security Group Rules. I had to add 2376 TCP Ingress for docker-machine's commands to work.
It helps explain why docker-machine ssh worked but not docker-machine env
回答2:
On Ubuntu you will need to SSH to your machine and cd into following directory:
cd /etc/systemd/system/docker.service.d/
list all files in it with:
ls -l
you will probably have something like this:
-rw-r--r-- 1 root root 274 Jul 2 17:47 10-machine.conf
-rw-r--r-- 1 root root 101 Jul 2 17:46 override.conf
you will need to delete all files except 10-machine.conf with sudo rm. After that remove existing machine which is failing with:
docker-machine rm machine1
and try to create it one more time like this:
docker-machine create -d generic --generic-ip-address ip --generic-ssh-key ~/.ssh/key --generic-ssh-user username --generic-ssh-port 22 machine1
please change ip, key, username and machine1 with you actual values. It should work now. I hope this helps.
来源:https://stackoverflow.com/questions/48602329/creating-new-docker-machine-instance-always-fails-validating-certs-using-opensta