Status: unknown flag: --signature-verification while starting minishift container

[endejoli]

General information

• Minishift version: minishift v1.22.0+7163416
• OS: Linux / macOS / Windows: Linux (Windows subsystem for Linux)
• Hypervisor: KVM / xhyve / Hyper-V / VirtualBox : Generic driver (https://docs.okd.io/latest/minishift/using/run-against-an-existing-machine.html)

Steps to reproduce

1. ./minishift start --vm-driver generic --remote-ipaddress 52.8.87.184 --remote-ssh-user abc --remote-ssh-key /home/abc/.ssh/id_rsa -v 5

• minishift version: v1.22.0+7163416
  -- Starting profile 'minishift'
  -- Checking if provided oc flags are supported ... OK
  -- Starting the OpenShift cluster using 'generic' hypervisor ...
  -- Preparing Remote Machine ........ OK
  -- Starting to provision the remote machine .................................................................................................... FAIL E0809 12:31:53.685341 717 start.go:428] Error starting the VM: Error configuring authorization on host: Maximum number of retries (60) exceeded. Retrying.
  Error starting the VM: Error configuring authorization on host: Maximum number of retries (60) exceeded

On remote machine docker fails to start with the error: dockerd-current[10458]: Status: unknown flag: --signature-verification

Looking the file on the remote machine /etc/systemd/system/docker.service.d/10-machine.conf

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd-current -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --selinux-enabled --log-driver=journald --signature-verification=false --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --storage-driver overlay2 --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=generic --insecure-registry 172.30.0.0/16
Environment=

How can I getrid of the option --signature-verification=false

[praveenkumar]

@endejoli what is on your remote machine, does it have fedora/centos or RHEL or something else and what version?

[endejoli]

cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

[praveenkumar]

@endejoli thanks, I will test it out, did you recently updated your centos box?

[praveenkumar]

@endejoli looks like you have a different package of docker which does not come from the official repo of centos. I spinned a cento-7.5 vm on the digital ocean and able to provision without any issue.

# rpm -qa | grep docker
docker-common-1.13.1-68.gitdded712.el7.centos.x86_64
docker-1.13.1-68.gitdded712.el7.centos.x86_64
docker-client-1.13.1-68.gitdded712.el7.centos.x86_64

# ps aux | grep docker
root     10407 12.3  1.1 468732 46180 ?        Ssl  10:02   0:27 /usr/bin/dockerd-current -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --selinux-enabled --log-driver=journald --signature-verification=false --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --storage-driver overlay2 --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=generic --insecure-registry 172.30.0.0/16

# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/docker.service.d
           └─10-machine.conf
   Active: active (running) since Thu 2018-08-09 10:02:50 UTC; 3min 51s ago
     Docs: http://docs.docker.com
 Main PID: 10407 (dockerd-current)
   CGroup: /system.slice/docker.service
           ├─10407 /usr/bin/dockerd-current -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --selinux-enabled --log-driver=journald --sign...
           └─10412 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --sta...

[endejoli]

that looks like a pretty old version. I followed this documentation to install docker => https://docs.docker.com/install/linux/docker-ce/centos/#install-docker-ce-1

[praveenkumar]

@endejoli ah that's the mistake because that is not officially supported docker version by centos repo. I would recommend you to use what distro provide.

[endejoli]

Isn't it a good idea to support the latest docker version, also mentioned in docker documentation? I believe that is what most people will( or should) follow anyway for installing docker. Centos looks like doesn't care about updating the docker versions

[lsm5]

as far as fedora and centos Virt SIG go, I guess the main reason is I'm just too slammed with other distractions. moby-engine has been approved for Fedora, and I'll upload a build soon. See:https://bugzilla.redhat.com/show_bug.cgi?id=1539161 . But RE: CentOS Extras (IOW, RHEL), I'll let @mrguitar comment.

[coolbrg]

@praveenkumar @LalatenduMohanty @gbraad Looks like latest docker issue.
Thinking to close it as we can't do much.

[praveenkumar]

@budhram No, what we support is community package and what endejoli using is from docker repo which is not supported one.

[LalatenduMohanty]

@endejoli For OpenShift using the docker version from CentOS is recommended instead of latest docker CE.