search

TritonDataCenter / docker-machine-driver-triton

Joyent's Docker Machine Driver for provisioning Docker hosts on Triton
Mozilla Public License 2.0
4 stars 7 forks source link

docker-machine Cannot connect to the docker engine endpoint (centos-7) #4

Open fayazg opened 7 years ago

fayazg commented 7 years ago

docker-machine works fine with debian, but when creating a centos machine, it throws an error about not being able to connect to docker engine endpoint.

$ docker-machine create -d "triton" --triton-image "debian-8" --triton-key-path ".ssh/id_rsa" --triton-package "k4-highcpu-kvm-1.75G" --engine-install-url "https://releases.rancher.com/install-docker/1.12.sh" testingdriverwithdebian8
Running pre-create checks...
(testingdriverwithdebian8) resolved image "debian-8" to "a55d245e-1e14-11e7-a248-63e9c9423280" (most recent of 15 name matches)
Creating machine...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with debian...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env testingdriverwithdebian8

$ docker-machine create -d "triton" --triton-image "centos-7@20170327" --triton-key-path ".ssh/id_rsa" --triton-package "k4-highcpu-kvm-1.75G" --engine-install-url "https://releases.rancher.com/install-docker/1.12.sh" testingdriverwithcentos7
Running pre-create checks...
(testingdriverwithcentos7) resolved image "centos-7@20170327" to "66d919a8-132a-11e7-a7b8-5b99fa122880" (exact name match)
Creating machine...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with centos...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "72.2.115.48:2376": dial tcp 72.2.115.48:2376: getsockopt: connection refused
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.

$ docker-machine regenerate-certs testingdriverwithcentos7
Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...

$ docker-machine ls
NAME                       ACTIVE   DRIVER   STATE     URL                          SWARM   DOCKER    ERRORS
testingdriverwithcentos7   -        triton   Running   tcp://165.225.128.163:2376           Unknown   Unable to query docker version: Cannot connect to the docker engine endpoint
testingdriverwithdebian8   -        triton   Running   tcp://165.225.139.41:2376            v1.12.6
misterbisson commented 7 years ago

@tianon will be better able to speak to this than me, but I think the cert generation is handled in Docker Machine separately from what this driver does. I believe the driver is just responsible for provisioning the machine and then it hands the ssh details off to Docker Machine for installation of Docker.

My suspicion is the problem could be in the CentOS image or it could be in Docker Machine itself and how it attempts to configure on top of CentOS. That doesn't do anything to fix the problem, but it's what I know of it so far.

In terms of what to do next, the next question I have is if CentOS machines work with other cloud drivers?

tianon commented 7 years ago

@misterbisson is correct -- docker-machine itself handles the cert generation and transfer, the driver simply provides a box for provisioning :+1:

chorrell commented 7 years ago

Does it work with earlier versions of the CentOS image, like centos-7@20161028 ?

fayazg commented 7 years ago

I tested 20161028 and 20160415 images, both gave the same error.

nimajalali commented 7 years ago

Disabling firewalld lets the connection through.

firewalld and docker issue documented here

$ docker-machine create -d triton --triton-account nima@jalali.net --triton-key-id 68:9f:9a:c4:76:3a:f4:62:77:47:3e:47:d4:34:4a:b7 --triton-url https://us-west-1.api.joyent.com --triton-package k4-highcpu-kvm-1.75G --triton-image centos-7@20170327 test8
Running pre-create checks...
(test8) resolved image "centos-7@20170327" to "66d919a8-132a-11e7-a7b8-5b99fa122880" (exact name match)
Creating machine...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with centos...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "165.225.151.248:2376": dial tcp 165.225.151.248:2376: getsockopt: connection refused
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.

$ docker-machine ssh test8 service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service

$ docker-machine ls
NAME      ACTIVE   DRIVER       STATE      URL                          SWARM   DOCKER        ERRORS
test8     -        triton       Running   tcp://165.225.151.248:2376           v17.09.0-ce
CharlotteLock commented 7 years ago

em... i got a similar problem.rm machine and recreate also occure, let me surprice that the problem occure when i creat bridged.can tel me how deal, if you done

CharlotteLock commented 7 years ago

recreate, can work

GuoquanXing commented 6 years ago

have you resolved this issue in a polite way instead arbitrarily recreate a VM?

rbucker commented 5 years ago

I have something similar... it's because the default docker installed on the remove system is not running the different listeners and quite possibly also missing the certificates. (I have the same issue trying to docker-machine -d generic but docker is not running it.... ssh into the remote system then run netstat -ln you probably wont see entries. And then it could also be iptables.