Using docker-machine to import hosts using --driver=generic and/or --url, does not work. #1221
Comments
Hi @smakam, I believe what you are looking for is the |
Hi @nathanleclaire First, I tried without any TLS: On Windows, where I had docker-machine installed, I did this: I get this error: Not sure if docker-machine enforces TLS. I tried starting docker agent with certificate and key and tried with docker client, no luck with that either. Thanks |
We do essentially mandate TLS in our current form. If you set up your own CA and certs/keys, I think you could probably use them via the |
Hi I tried with TLS, I still couldnt get it working, not sure what I am missing: Then I tried to create a docker-machine host without driver: When I tried to see environment, I get the following error: Thanks |
You would most likely want to use existing CA, client, etc for all machine related stuff as the As for your docker daemon, you want to use the CA and server cert /keys -- in the above you are using the CA cert, but client key and cert. You would need something like: docker -d --tlsverify --tlscacert ca.pem --tlscakey ca-key.pem --tlscert server.pem --tlskey server-key.pem |
@ehazlett I was able to connect between docker client and docker agent on separate machine using TLS without using docker-machine. Thanks |
Can you show the command line args used? If you specify the certs machine should just use them. If not, it's a bug :) |
Hi @ehazlett Then I started docker-machine client like this: I got this error when setting environment: Here, I am running docker agent and docker-machine on same Ubuntu machine. I get similar error when running docker agent in Ubuntu and docker-machine in Windows. Thanks |
You should not be using For the environment, how did you create the |
Hi @ehazlett This is how I created custom3 machine. This didnt give me any error. Should I be creating server key/cert pair manually like what machine would do if driver was used with docker-machine? Thanks |
@smakam this should be correct. It should generate a server key based on that existing CA. I will do some testing to see if there is an issue. |
@smakam Any update on this issue or can we close it? |
@nathanleclaire I am still not able to get it to work. I even tried with docker-machine 3.0 with generic driver procedure mentioned here(http://blog.docker.com/2015/06/docker-machine-0-3-0-deep-dive/) I assume .pub is a typo and we need to give private key. I got 2 kinds of errors in 2 different hosts: case 1: case 2: btw, where does docker-machine detailed logs get stored? Thanks |
The same problem. |
I tried the same steps as original poster and got similar issue at which point I tried the generic driver and ran into error similar to case 1 (CentOS 7) |
Same problem. Can't use --url and specify the certificate. |
Might I suggest the Docker team write a short tutorial taking us through step by step, it would be very helpful. |
Same issue here with anyconnect vpn connected, well after I restarted my laptop without anyconnect, it is gone. |
+1 for the issue. |
Same problem. I tried same steps, but still no server cert/keys generated. |
Same problem. I tried same steps, but still no server cert/keys generated. |
@csokun @miracle-in-sunday @narqo Generally it is assumed that using If you would like certficates and keys to be generated automatically, try the If that doesn't work for your use case, can I please ask that you file a separate issue detailing the exact steps you are taking, and the results you are seeing? Thanks! |
Hi Guys, Did you try with --virtualbox-hostonly-cidr speciefied? Worked for me: BartSlaman@VLRNB176 ~ BartSlaman@VLRNB176 ~ Regards |
Any update on this issue? I tried --url with --tls-* but I got err "open /Users/user/.docker/machine/machine/ss/ca.pem no such file or directory". I use docker-machine version 0.4.1 |
Same here, but different error on creating: Importing SSH key... And then when runing eval "$(docker-machine env internal)": That means the certs are not being generated. Funny thing, I can ssh to the machine running "docker-machine ssh internal". |
I was able to get To use
Now I can docker-machine version 0.4.0 |
How to authenticate client and server in docker.whose username and password I have to configure with it |
Guys for the sake of the God, add tutorial how to import existent docker machines. |
@nathanleclaire wdyt? |
@jeanlaurent the problem with the |
Agree with @metasim on this. The |
I'm not saying we shouldn't be able to 'register' existing machine into docker-machine one way or the other, we just need to do it properly. There is a lot of confusion around the But once a machine is 'hacked' into docker-machine through the none driver there is a lot of stuff that is going to break down the chain -> @metasim Upgrading the @vpusher We may need to design a proper register feature. |
@jeanlaurent Thanks for your response. I can see that that upgrading FYI. #2260 and #2269 (closed but not really addressed) were an attempt at capturing some of this confusion around the PS: I think it's wholly acceptable for some commands to be explicitly unsupported in this use case (e.g. |
@metasim Yup a dedicated driver is probably the best way actually to handle a register feature but not the only one, a dedicated command is another. But before deciding how to do it, we need to clarify/define in which case we all need to register a new machine without If you take a look at PR #2442 for instance we ping the docker host for the docker version. Because we want to be able to provide upgrading at some point, or warn you that your docker host is too old with your current docker client. With a machine on which we didn't install the docker daemon this will prove difficult or at the very least very flaky. If we consider that we can update the What's yours ? Let's list them. |
Some commentary on defining the use case for My feeling is that we (the Machine team) should:
@dgageot @jeanlaurent How does that sound? |
@jeanlaurent I can see that |
I use That said, I realize that my use-case is not the only use-case, but I hope that it's something to consider at least. |
I could probably replace |
Here is a sample use case in case it helps: I would like to create my ec2 machines in amazon using elasticbeanstalk instead of docker-machine, because elasticbeanstalk has a lot of goodies (like auto-scaling and machine restarts). I would like to register those with docker-machine and control them using docker-swarm. Upgrading those machines to have docker 1.9 is trivial, but they run some amazon linux (ancient centos fork) and generic does not work with them. Because the docker engine there does not have tls, the trick I use to manage them remotely with plain docker is to expose the docker.sock in localhost:2375 using socat (much like in https://github.com/sequenceiq/docker-socat) and do a ssh tunnel from my local machine with something like ssh -i id_rsa ubuntu@ec2.xxx -L 2375:localhost:2375 -N . Then I can connect over the network with docker --tls=false -H tcp://localhost:2375. It is a lot of gymnastics. The combination of ssh access and a working docker setup (even without ssl) should be all that docker-machine needs for many interesting cases (no upgrade, restart as other noticed, but I never use those anyway). Hope that is useful. |
@bonitao Glad you spelled that out. I also have the "tunnel through ssh" use case in some enterprise engagements. |
I'm just starting trying again to use Docker machine with existing hosts... I agree with @metasim statements on around the I speng a good amount of time on #2628 and this is a use case that we have... Supporting existing teams across the company with docker... |
I've been googling, assuming I was just completely missing some understanding, trying to figure out how to connect up to an azure docker machine from my CI server that I created elsewhere. I ended up here and am surprised this actually is not possible (without hackery). I created and got azure docker machine instances fully up and running from a workstation and I just want to be able to control it and deploy to it from CI scripts, which can run from a number of CI slave instances. Is there really no official way this is supposed to be accomplished? |
I've updated my docker and now I can no longer connect to my old docker-machine instance. I get
the regeenrate-certs commands gives me
funny thing is that I can
without any problems.. any fixes? |
Scenario: Existing and working server with Docker and TLS enabled. Add existing server/machine to docker-machine:
In your user directory (~/.docker/machine/machines/NAME) add the same client certificate as "cert.pem" and "server.pem" and the client certificate key as "key.pem" and "server-key.pem" also adjust your config.json to include the relevant SSH settings... |
I had raised this issue. I recently got this working and I have put the instructions here(https://sreeninet.wordpress.com/2015/05/31/docker-machine/) in case anyone wants to refer. |
Here's a script that's kinda working for me: |
@devcrust where exactly are those :
???
I cannot set it up properly. I have this issue too :
after upgrading to |
@nathanleclaire Any update on this? I'm trying to figure out how I'd connect to a Docker Host running in Microsoft Azure, that I created from a different computer, using |
Solution: (you wish) docker-machine add <
|
For what it's worth. You can create a machine using the generic driver but that will restart all your containers. |
I'm also game for having a docker-machine add option. |
Here are two projects with different approaches to machine sharing: |
My idea was to connect my local machine to an existing physical server with a load of containers running. Doing Well, I can simply run commands over ssh, but from its description it looked like But then, if you created a VM from a computer, and want to manage it from another one. Or you reinstalled your local OS... Or want to delegate control over the VM to somebody else... P.S. I'm making my first steps with Docker, so there might be points I'm missing... |
@x-yuri To "create" a machine manually, just copy its files from |
hi folks
This is not an issue. I am sorry if this is the wrong place to ask this question. If this is not the right place, please point me to the right place.
I understand that we can use docker-machine to connect to different hosts using drivers like Virtualbox, cloud provider driver etc. If I already have a host running Docker inside baremetal Linux, how do we integrate this with docker-machine? Without docker-machine, I could do the same by running a Docker daemon on a particular port and connecting externally from docker client to the docker daemon ip and port. There is an option in docker-machine to create a host without any driver, is that for this purpose? I couldnt find how to use it to connect.
Thanks
Sreenivas
The text was updated successfully, but these errors were encountered: