问题描述
每次我尝试通过打开堆栈上的docker-machine
创建新实例时,总是会收到此错误以验证证书.创建实例后,我必须最终重新生成证书,以便能够使用实例.
Everytime I try to create a new instance via docker-machine
on open stack, I always get this error for validating the certs. I have to end up regenerating the certs right after I create the instance for me to be able to use the instances.
$ docker-machine create --driver openstack --openstack-ssh-user root --openstack-keypair-name "KeyName" --openstack-private-key-file ~/.ssh/id_rsa --openstack-flavor-id 50 --openstack-image-name "Ubuntu-16.04" manager1
Running pre-create checks...
Creating machine...
(staging-worker1) Creating machine...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "xxx.xxx.xxx.xxx:2376": dial tcp xxx.xxx.xxx.xxx:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
$ docker-machine regenerate-certs manager1
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
然后它似乎起作用
$ docker-machine ssh manager1 pwd
/home/ubuntu
但是当我尝试做环境时
$ docker-machine env manager1
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "xxx.xxx.xxx.xx:2376": dial tcp xxx.xxx.xxx.xx:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
关于可能是什么原因的任何想法?
Any ideas on what might be causing this?
我已经在github > https://github.com/docker/machine中进一步记录了它/issues/3829
I've documented it further in github https://github.com/docker/machine/issues/3829
推荐答案
事实证明,我的托管服务已锁定了Open Stack Security Group Rules上除22、80和443之外的所有内容.我必须添加2376 TCP Ingress才能使docker-machine的命令正常工作.
It turns out my hosting service locked down everything other than 22, 80, and 443 on the Open Stack Security Group Rules. I had to add 2376 TCP Ingress for docker-machine's commands to work.
它有助于解释为什么docker-machine ssh
有效但docker-machine env
It helps explain why docker-machine ssh
worked but not docker-machine env
这篇关于创建新的docker-machine实例始终无法使用OpenStack驱动程序验证证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!