I have two vagrant VMs running Ubuntu16.04 over VirtualBox with docker installed. I want to create an overlay-network for the docker containers running on these two VMs. Hence, I followed the tutorial here.
I have created the VMs and tried to run eval "$(docker-machine env mh-keystore)". However, it failed with the following error:
Error checking TLS connection: Error checking and/or regenerating the certs:
There was an error validating certificates for host "172.28.128.5:2376": dial tcp 172.28.128.5:2376: getsockopt: connection refused
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
I then tried to regenerate the certificates as mentioned in the error. However, it fails to establish ssh connection to the VM.
Regenerating TLS certificates
Waiting for SSH to be available...
Too many retries waiting for SSH to be available. Last error: Maximum number of retries (60) exceeded
I can still vagrant ssh to the VMs. Can somebody help me use the vagrant VMs using docker-machine.
I faced a similar issue "waiting for ssh to be available" and it turns out to be unsigned drivers in the network stack installed by some corporate proxy interception software called proxycap that were causing virtualbox to error when setting up port forwarding from the localmachine into the boot2docker vm. Check you VM machine logs and look for an error message while setting up port forwarding. It should also list the unsigned drivers causing errors and then you just need to uninstall the corresponding application.
Related
Maybe someone has or has had the same problem that can help me see what could be happening, I have a Docker with MariaDB, I have this Docker mounted on a Mac OS Catalalina, from my Mac to the base everything without a problem. but I have a vbox with Ubuntu 18.04 where I have test applications and I need to connect from this virtual box to the mac host which in turn has the docker with MariaDB. but when i try to connect i get the error:
"ERROR 2026 (HY000): SSL connection error: self signed certificate in certificate chain"
Docker handles encryption with AWS services and certificates. If I see inside the container's log, the error it registers is this:
"2022-04-05 1:38:31 113 [Warning] Aborted connection 113 to db: 'unconnected' user: 'unauthenticated' host: '17x.xx.0.1' (This connection closed normally without authentication)"
I had speculated that there was suddenly a communication problem between the vBox and the host, but if this were the case, the container log would not record the attempt.
I thought that I could be a user of the database and I created a new one and neither.
I think it could be in the certificates but because from the Mac if I connect without problem and I have a server where the container is on linux and it is transparent that we all connect to it but in this case from the Virtual Box trying to reach the container is where it does not work.
I appreciate any possible solution.
P.S. by the way I have tried with the mariadb client I am not even using something more complex.
I'm running Ubuntu 20.4. and installed Docker by following the steps from the docs https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository .
I installed Rider from Jetbrains Toolbox and want to setup Docker for my project. The Docker plugin is installed by default. I made sure that Docker is running via systemctl status docker.
I followed this guide on how to setup Docker for Rider https://blog.jetbrains.com/dotnet/2018/07/18/debugging-asp-net-core-apps-local-docker-container/ but unfortunately I get this error
Cannot connect:
io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection
refused: localhost/127.0.0.1:2375 caused by:
java.net.ConnectException: Connection refused
What is missing or wrong?
In that dialog, check "Unix socket".
This will contact the Docker daemon via the special file /var/run/docker.sock. You may need to adjust your user's permissions (typically by making yourself a member of the docker group) to get access to that file.
The "TCP socket" option is for an unusual and hard-to-securely-configure mode of connecting to Docker. (Anyone who can run any docker command can run a container as root, and bind-mount any file from the host; you really don't want to make this level of access network-accessible.) You shouldn't ever need the TCP socket mode..
I am new to docker and am trying to create a docker host using the docker-machine create [name] command on Windows 7 but I always get a connection attempt failed error.
I added the HTTP_PROXY and HTTPS_PROXY to Docker Toolbox\start.sh but that did not help
Also tried :
--engine-env HTTP_PROXY=http://proxy IP:port CLI option for docker-machine create command
Windows powershell command $env:HTTP_PROXY=http://proxy IP:port to set the environment variable at global level
But none of these have resolved the issue.
docker-machine version and the error:
C:\Windows\system32> docker-machine -v
docker-machine.exe version 0.14.0, build 89b8332
C:\Windows\system32> docker-machine create node-1
(node-1) Unable to get the latest Boot2Docker ISO release version:
Get
https://api.github.com/repos/boot2docker/boot2docker/releases/latest:
dial tcp 192.30.253.116:443: connectex: A connection attempt failed
because the connected party did not properly respond after a period of
time, or established connection failed because connected host has
failed to respond.
Since there was no response to my query above I uninstalled docker toolbox and installed docker on a VM. It is working perfectly now. I have written an article on Medium for all you are trying this for the first time and need help in setting up Docker on Win7 behind a corporate proxy. The article can be found here : https://medium.com/#uvnikgupta/installing-docker-on-win7-pc-79db4217bbae
I created a docker stack to deploy to a swarm. Now I´m a bit confused how the proper way looks like to deploy it to a real server?
Of course I can
scp my docker-stack.yml file to a node of my swarm
ssh into the node
run docker stack deploy -c docker-stack.yml stackname
So there is the docker-machine tool I thought.
I tried
docker-machine -d none --url=tcp://<RemoteHostIp>:2375 node1
what only seems to work if you open the port without TLS?
I received following:
$ docker-machine env node1
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.178.49:2375": dial tcp 192.168.178.49:2375: connectex: No connection could be made because the target machine actively refused it.
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
I already tried to generate a certificate & copy it over to the host:
ssh-keygen -t rsa
ssh-copy-id myuser#node1
Then I ran
docker-machine --tls-ca-cert PathToMyCert --tls-client-cert PathToMyCert create -d none --url=tcp://192.168.178.49:2375 node1
With the following result:
$ docker-machine env node1
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "node1:2375": There was an error reading certificate
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
I also tried it with the generic driver
$ docker-machine create -d generic --generic-ssh-port "22" --generic-ssh-user "MyRemoteUser" --generic-ip-address 192.168.178.49 node1
Running pre-create checks...
Creating machine...
(node1) No SSH key specified. Assuming an existing key at the default location.
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Error creating machine: Error detecting OS: OS type not recognized
How do I add the remote docker host with docker-machine properly with TLS?
Or is there a better way to deploy stacks to a server/into production?
I read often that you shouldn´t expose the docker port but not once how to do it. And I can´t believe that they doesn´t provide a simple way to do this.
Update & Solution
I think both answers have there qualification.
I found Deploy to Azure Offical Doc (it´s the same for AWS).
The answer from #Tarun Lalwani pointed me into the right direction and it´s almost the official solution. Thats the reason I accepted his answer.
For me the following commands worked:
ssh -fNL localhost:2374:/var/run/docker.sock myuser#node1
Then you can run either:
docker -H localhost:2374 stack deploy -c stack-compose.yml stackname
or
DOCKER_HOST=localhost:2374
docker stack deploy -c stack-compose.yml stackname
The answer from #BMitch is also valid and the security concern he mentioned shouldn´t be ignored.
Update 2
The answer from #bretf is a awesome way to connect to your swarm. Especially if you have more than one. It´s still beta but works for swarms which are available to the internet and don´t have a ARM architecture.
I would prefer not opening/exposing the docker port even if I am thinking of TLS. I would rather use a SSH tunnel and then do the deployment
ssh -L 2375:127.0.0.1:2375 myuser#node1
And then use
DOCKER_HOST=tcp://127.0.0.1:2375
docker stack deploy -c docker-stack.yml stackname
You don't need docker-machine for this. Docker has the detailed steps to configure TLS in their documentation. The steps involve:
creating a CA
create and sign a server certificate
configuring the dockerd daemon to use this cert and validate client certs
create and sign a client certificate
copy the ca and client certificate files to your client machine's .docker folder
set some environment variables to use the client certificates and remote docker host
I wouldn't use the ssh tunnel method on a multi-user environment since any user with access to 127.0.0.1 would have root access to the remote docker host without a password or any auditing.
If you're using Docker for Windows or Docker for Mac, Docker Cloud has a more automated way to setup your TLS certs and get you securely connected to a remote host for free. Under "Swarms" there's "Bring your own Swarm" which runs an agent container on your Swarm managers to let you easily use your local docker cli without manual cert setup. It still requires the Swarm port open to internet, but this setup ensures it has TLS mutual auth enabled.
Here's a youtube video showing how to set it up. It can also support group permissions for adding/removing other admins from remotely accessing the Swarm.
All of a sudden I can't create new machines with docker machine on AWS. I can connect to old machines just fine, but when trying to create new ones I get this output:
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(upstart)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "x.x.155.174:2376": read tcp x.x.x.x:xxxxx->x.x.155.174:2376: read: connection reset by peer
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
I'm using this AMI ami-5e63d13e
Anyone have a workaround for this? Been stuck for hours
This was a bug in Docker, fixed with the latest release (0.12.1): https://github.com/docker/machine/issues/4156