machine中修复过期的客户端证书

machine中修复过期的客户端证书

关注
发信
关注(28)粉丝(399)

如何在docker-machine中修复过期的客户端证书

本文介绍了如何在docker-machine中修复过期的客户端证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

执行 docker-machine ls 时得到了意外的无法查询docker版本:获取https://xxxx:2376/v1.15/version:x509:证书已过期或并非对每台机器都有效.

我最近什么都没做.依此类推,我尝试了一些常见的罪魁祸首,VPN,病毒,奇怪的时钟问题等.所有这些都不适用.如何解决使它们再次可用的问题(通过 docker-machine 接口)?

I hadn't done anything recently. Looking on SO, I tried some common culprits, VPN, virus, weird clock issues, etc. None of that applied. How can I fix make them useable again (via the docker-machine interface)?

使用Docker for Mac,17.12.0-ce-49

Using Docker for Mac, 17.12.0-ce-49

推荐答案

更新-正如我在2018年2月14日评论的那样,它现在是docker-machine的一部分.
尝试: docker-machine regenerate-certs --client-certs

Update - as I commented on 2/14/2018, this is now part of docker-machine.
Try: docker-machine regenerate-certs --client-certs

下面的历史答案:

首先, docker-machine regenerate-certs 不会重新生成客户端证书.

First, docker-machine regenerate-certs does NOT regenerate the client certificate(s).

在使用 openssl 闲逛之后,我发现实际上是已经过期的客户端证书.验证:

After poking around with openssl I discovered that it was actually the client certificate that had expired. Verify:

openssl x509 -in〜/.docker/machine/certs/cert.pem -text |grep之后没有"

我尝试使用相同的 ca.pem 在原位重新创建证书 ,但对我而言却没有成功.我猜想,考虑到更多的时间和反复试验,它最终会奏效的.

I tried recreating the certs in situ with the same ca.pem but it didn't work out (for me). I'm guessing it would have eventually worked, given a lot more time and trial and error.

最终可行的方法是备份整个目录,创建一个虚拟的一次性机器(强制docker-machine创建新的证书),移动配置,ssh密钥和服务器证书(客户端证书)),然后为每台计算机发出一个重新生成的文件.注意,这是破坏性和痛苦的.如警告所示, docker-machine regenerate-certs 将在目标计算机上重新启动docker.尽管对我来说太迟了,但我希望看到一个更好的答案.

What eventually worked was backing up the whole dir, creating a dummy throwaway machine (to force docker-machine to create new certs), moving configs, ssh keys, and server certificates (not client certificates), then issuing a regenerate for each machine. NB, it's disruptive and painful. As the warning shows, docker-machine regenerate-certs will restart docker on the target machine. Though it's too late for me, I would like to see a better answer.

该过程类似于:

#!/bin/bash

cd ~/.docker || exit
cp -R machine machine.bak
rm -rf machine
docker-machine create deleteme
docker-machine rm -rf deleteme
cd machine/machines || exit

for m in $(~/.docker/machine.bak/machines)
do
    cp -R "../../machine.bak/machines/$m" .
    rm "$m/cert.pem"
    rm "$m/key.pem"
    cp certs/cert.pem "$m"
    cp certs/key.pem "$m"
    docker-machine regenerate-certs -f
done

这篇关于如何在docker-machine中修复过期的客户端证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-24 15:30
Powered by LMLPHP ©2024 machine中修复过期的客户端证书 0.037191