创建新的docker机器实例总是无法使用openstack驱动程序验证证书_Docker_Virtual Machine_Openstack_Docker Machine

创建新的docker机器实例总是无法使用openstack驱动程序验证证书

docker virtual-machine openstack

创建新的docker机器实例总是无法使用openstack驱动程序验证证书,docker,virtual-machine,openstack,docker-machine,Docker,Virtual Machine,Openstack,Docker Machine,每次我试图通过open stack上的docker machine创建一个新实例时，我总是在验证证书时遇到这个错误。我必须在创建实例之后立即重新生成证书，以便能够使用这些实例 $ docker-machine create --driver openstack --openstack-ssh-user root --openstack-keypair-name "KeyName" --openstack-private-key-file ~/.ssh/id_rsa --openstack-fla

每次我试图通过open stack上的

docker machine

创建一个新实例时，我总是在验证证书时遇到这个错误。我必须在创建实例之后立即重新生成证书，以便能够使用这些实例

$ docker-machine create --driver openstack --openstack-ssh-user root --openstack-keypair-name "KeyName" --openstack-private-key-file ~/.ssh/id_rsa --openstack-flavor-id 50 --openstack-image-name "Ubuntu-16.04" manager1
Running pre-create checks...
Creating machine...
(staging-worker1) Creating machine...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "xxx.xxx.xxx.xxx:2376": dial tcp xxx.xxx.xxx.xxx:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.


$ docker-machine regenerate-certs manager1
Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...

那么它似乎起作用了

$ docker-machine ssh manager1 pwd
/home/ubuntu

但是当我试着做env的时候

$ docker-machine env manager1
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "xxx.xxx.xxx.xx:2376": dial tcp xxx.xxx.xxx.xx:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.

你知道是什么引起的吗

我在github中进一步记录了它，结果是我的托管服务锁定了开放堆栈安全组规则中除22、80和443之外的所有内容。我不得不为docker机器的命令添加2376 TCP入口

这有助于解释为什么在Ubuntu上，

docker machine ssh

起作用，而不是

docker machine env

，您需要将ssh连接到您的机器上，并将其刻录到以下目录中：

cd /etc/systemd/system/docker.service.d/

列出其中的所有文件，包括：

ls -l

您可能会遇到如下情况：

-rw-r--r--  1 root root  274 Jul  2 17:47 10-machine.conf
-rw-r--r--  1 root root  101 Jul  2 17:46 override.conf

docker-machine create -d generic --generic-ip-address ip --generic-ssh-key ~/.ssh/key --generic-ssh-user username --generic-ssh-port 22 machine1

您需要使用sudo rm删除除10-machine.conf之外的所有文件。之后，移除出现以下故障的现有机器：

docker-machine rm machine1

试着像这样再创建一次：

-rw-r--r--  1 root root  274 Jul  2 17:47 10-machine.conf
-rw-r--r--  1 root root  101 Jul  2 17:46 override.conf

docker-machine create -d generic --generic-ip-address ip --generic-ssh-key ~/.ssh/key --generic-ssh-user username --generic-ssh-port 22 machine1

请使用实际值更改ip、密钥、用户名和机器1。现在应该可以了。我希望这有帮助