Crane cannot contect to remote Docker endpoint

[cpopsa]

Steps: VM

1. Create a VM in Digital Ocean (IP: 198.199.76.244)
2. Install Docker in VM
3. Enable Docker remote API with TLS disable, at endpoint http://198.199.76.244:2375
4. Start Docker
5. Test Docker endpoint from browser http://198.199.76.244:2375/images/json

Crane

1. Start Crane on local machine with command: docker-compose -f development.yml up
2. Access Crane Swagger UI from browser
3. Call the api POST /cluster/provisionedSingleMachine with parameter endpoint = http://198.199.76.244:2375
4. Result is { "description": "Error while connecting with provided docker host. Endpoint: 'http://198.199.76.244:2375' exception:Cannot connect with docker client at 'https://198.199.76.244:2375'", "error": "generic" }

I will leave the machine 198.199.76.244 up for testing purposes.

[jmcerpa]

Crane uses TLS to communicate with docker host. You can use genCerts.sh script to generate certificates. On the other hand, when you use development.yml, emulatehost is deploying. This is a container that emulates a docker host for testing. You can use it to test or use it as example to configure your docker host.

[cpopsa]

I followed the steps below and it worked:

• generate CA certificates with genCerts.sh script
• copy server certificates by hand to DigitalOcean vm 198.199.76.244
• start Docker remote with TLS enabled
• connect from localhost Crane to remote Docker https://198.199.76.244:2376

Result: connection worked

So I'v done the certificates operations (generation and copy) by hand. The question is in a prod scenario how the certificates are produced and how they get copied to remote vm's and crane environment? Am I missing some info here?

[jmcerpa]

Certificates are copied in VM when the VM is created and provisioned. But Crane isn't who creates the VM. If you want use Crane standalone, you should create and copy this certificate by hand.

[crubia]

Carlos Rubia Marcos Project Manager Networks, Systems and Cloud

Product Development