-
Notifications
You must be signed in to change notification settings - Fork 2k
Certificates do not install properly, always regenerate #1954
Comments
Thanks for the detailed summary. I've seen issues like this before as well and I'll look into it. |
Are you on the latest VirutalBox? i.e. 5.0.6? |
I was using the 5.0.4 which ships with the latest version of Docker Toolbox (1.8.2c). I just removed that version, installed 5.0.6 and I am experiencing the same behavior. |
OK thanks. |
@carolynvs If you remove the host only network that you have (can do this in VirtualBox GUI) and try again, does it work? |
I deleted the machine, removed the adapter and tried again with the same result. |
OK thanks. Very peculiar behavior. I might make a test build which dumps more information about the certs and suggest that you try that if you're agreeable. |
Of course! I'm happy to help out however I can. If you want to just make a branch and point me to it, I can build it myself (:heart: containerized builds!). That way you don't need to throw multiple builds over the wall if this takes more than one attempt. |
Another thing to possibly consider while fixing this, some folks like myself actually write out the contents of So lines like the following will cause issues:
I experienced this issue on |
I experienced exactly the same behavior today on the release candidate. |
Hi @carolynvs @blaggacao, thanks a lot for your feedback. I'm trying to reproduce/fix this bug. Could you try this PR (#2006) that I created to help investigate the bug |
Looks like I'm seeing this too. I'm using the latest |
Hi @hairyhenderson, can you try build PR #2006 and tell me the output for |
@dgageot - will do when I get a chance. I'm also thinking a bit more about this and realizing that I've been doing a local build (i.e. But I'll rebuild with #2006 and try it out. Thanks! |
@hairyhenderson That's a good point. I'll run my tests with a cross-compiled docker-machine |
@dgageot Here is the failed output https://gist.github.com/carolynvs/e2473d21c3376f1ebec2 from I built #2006 and copied docker-machine.exe and docker-machine-driver-virtualbox.exe to the Docker Toolbox installation directory. I am using Docker Toolbox 1.8.2c on Windows 10. |
I'm not sufficiently proficient as to know how to build, maybe I will have a look on it tis evening, if I can figure it out. |
@carolynvs Thanks a lot. I still don't understand what's going on but your logs will help me. |
@carolynvs Can you provide the output of:
|
C:\Program Files\Oracle\VirtualBox>VBoxManage list hostonlyifs
Name: VirtualBox Host-Only Ethernet Adapter
GUID: 3729f60a-d9c3-4daa-96ca-7ce7bae4ddcc
DHCP: Disabled
IPAddress: 192.168.56.1
NetworkMask: 255.255.255.0
IPV6Address: fe80:0000:0000:0000:9d6d:4449:fce1:e1cb
IPV6NetworkMaskPrefixLength: 64
HardwareAddress: 0a:00:27:00:00:00
MediumType: Ethernet
Status: Up
VBoxNetworkName: HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter
Name: VirtualBox Host-Only Ethernet Adapter #2
GUID: 99076a32-c9e5-4930-895a-a35ee45c2542
DHCP: Disabled
IPAddress: 192.168.99.1
NetworkMask: 255.255.255.0
IPV6Address: fe80:0000:0000:0000:118b:39e1:36b9:a336
IPV6NetworkMaskPrefixLength: 64
HardwareAddress: 0a:00:27:00:00:00
MediumType: Ethernet
Status: Up
VBoxNetworkName: HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter #2
C:\Program Files\Oracle\VirtualBox>VBoxManage list dhcpservers
NetworkName: HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter
IP: 192.168.56.100
NetworkMask: 255.255.255.0
lowerIPAddress: 192.168.56.101
upperIPAddress: 192.168.56.254
Enabled: Yes
NetworkName: HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter #2
IP: 192.168.99.6
NetworkMask: 255.255.255.0
lowerIPAddress: 192.168.99.100
upperIPAddress: 192.168.99.254
Enabled: Yes I have found that I still occasionally get double host only adapters. I just deleted them both and created a new machine. The certs are still regenerating when I run Here is the output of the VBoxManage commands the second time around (with only 1 host adapter). C:\Program Files\Oracle\VirtualBox>VBoxManage list hostonlyifs
Name: VirtualBox Host-Only Ethernet Adapter
GUID: 2883b47a-862d-454e-9db7-42c3789585eb
DHCP: Disabled
IPAddress: 192.168.99.1
NetworkMask: 255.255.255.0
IPV6Address: fe80:0000:0000:0000:90ff:fd25:e5f0:8c92
IPV6NetworkMaskPrefixLength: 64
HardwareAddress: 0a:00:27:00:00:00
MediumType: Ethernet
Status: Up
VBoxNetworkName: HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter
C:\Program Files\Oracle\VirtualBox>VBoxManage list dhcpservers
NetworkName: HostInterfaceNetworking-VirtualBox Host-Only Ethernet Adapter
IP: 192.168.99.6
NetworkMask: 255.255.255.0
lowerIPAddress: 192.168.99.100
upperIPAddress: 192.168.99.254
Enabled: Yes |
@carolynvs I have no idea so far. ping @nathanleclaire @dmp42 any idea? |
Here's the new output: https://gist.github.com/carolynvs/84cd140bcbf9b696e20f. Let me know if there's another way to go about debugging the connection problem. I'm not quite sure what docker-machine is detecting that is causing it to regenerate the certs but am happy to poke around in /var/lib/boot2docker on the host or compare certs between windows and the host, etc if I knew what to look for. |
I now have this issue after upgrading from version 1.8 to 1.9.1 using the docker toolbox on MacOSX 10.10.5
|
This is happening to me periodically too. Docker v1.9.1 |
Same problem here with azure driver. Every time that we I create a new azure machine it fails with the error:
After running In docker-machine v0.5.5 there is no problem, and the creation of a docker host works ok:
|
@alambike You're hitting this issue with 0.6.0? |
Yep, from 0.5.5 onwards. I have test this with 0.5.6 and 0.6.0. |
same for me on 0.6.0 with aws driver (constantly) on mac 10.10.5. Not happening with virtual box driver. |
fixed after changing |
I think im battling the same issue on my machine. I'm using ubuntu 14.04 Tried everything suggested with time on the machines, here is output i get from curl curl -v --cacert ~/.docker/machine/certs/ca.pem --cert ~/.docker/machine/machines/$NODE_NAME/cert.pem --key ~/.docker/machine/machines/$NODE_NAME/key.pem https://$(docker-machine ip $NODE_NAME):2376/version
|
@nathanleclaire I have found the cultprit! prltoolsd from boot2docker is constantly setting my date/timezone incorrectly.
After stopping I still don't know why the timezone is set to UTC and the time to localtime after making a new machine, so this is just a workaround, not a fix. |
Nice @carolynvs ! We'll work on seeing if we can fix this in boot2docker. |
@carolynvs Wow 😨 . It looks really weird, because Have you reproduced this issue on Virtualbox VM? What Boot2Docker version are you using? P.s. Also, if we assume that |
@legal90 That makes more sense. My environment is a bit wonky, but it did used to work just fine:
This explains why That is the root problem that caused me to open this bug. I create a new docker machine at 10 AM CST (-6). The system clock ( Looking at the boot2docker Dockerfile, I noticed that it is setting see https://github.com/boot2docker/boot2docker/blob/master/Dockerfile#L311
But on my docker machine host, the tzdata package is not installed, so |
@carolynvs Ah, now I got it.
Yeah, that's the root of issue.
Well, it's hard to commit but it is a known issue of Parallels Desktop (and its guest tools). It was originally reported here: Parallels/vagrant-parallels#186. I'm sorry, but the only solution I can suggest you at the moment is to prevent |
Thanks for the extra info about how prltoolsd works! I'll do as you suggest and make a custom iso for my setup. 🍺 I would close this issue, as this fixes my problem, but I'll leave that up to you since other people seem to be hitting it (though probably for different reasons!). |
I think we can treat it as effectively resolved; we can re-open if any new issues are discovered. Thanks everyone for your contributions in reporting and triaging this epically long issue! |
I am using DockerToolbox 1.10.3 on Windows. It was working fine until I restarted, and I am now having this same issue. I am also not that familiar with Docker, so can someone tell me what the fix is? |
@mtrtm Does |
Yes, docker-machine regenerate-certs -f does. It also seems to do it every time I start up Docker Quickstart Terminal |
+1 |
+1 Macbook late 2009 $ docker-machine ls $ docker-machine env vbox-test $ docker-machine regenerate-certs vbox-test $ docker-machine env vbox-test |
I had this on the default install of the Docker Tookit (installed on Windows 10 Home) downloaded 2016-10-30. The error went away after running:
|
Having this issue on macOS.
Regenerating the certificates (even with Any ideas? |
@paddor Regenerating the certificates incl. client certificates ( |
I am using Docker Toolbox 1.8.2c with a local build of docker-machine using PR #1951. That PR fixes the ssh problems but now the generation/validation of certificates is broken. I do not know if the problem is due to the PR or is present on master.
After creating a machine, any attempt to use the certificates, e.g. running
env
causes docker-machine to detect that the certs are invalid and regenerate them. The certs are never regenerated and copied successfully so all attempts to connect to the machine and use docker fail. I attempted debugging a bit and the certificate validation is failing in cert.go, line 205_, err = tls.DialWithDialer(dialer, "tcp", addr, tlsConfig)
.See https://gist.github.com/carolynvs/d98baf90172d386561e1 for the full output from calling
docker-machine create default --driver virtualbox
on Windows 10.The machine can't ever get its certificates installed properly:
Here is the output from running
docker-machine -D env default
https://gist.github.com/carolynvs/778e4533a26fd612732d.Here is the output from running
docker-machine -D regenerate-certs default
https://gist.github.com/carolynvs/ad82eb5fb9d7c42a3ed0The text was updated successfully, but these errors were encountered: