Can't connect host docker client to VM on explicit IP

[posita]

I'm using this Vagrantfile. Note (from L20; VM_IP_ADDR defaults to 10.1.2.3):

...
        vagrant_b2d_nfs_test.vm.network(:private_network, ip: VM_IP_ADDR)
...

When I attempt to connect to the explicit IP from the host, I'm rejected. It looks like the certificate only accommodates localhost and the dynamic IP set by Vagrant:

% DOCKER_HOST=tcp://10.1.2.3:2376 DOCKER_TLS_VERIFY=0 DOCKER_CERT_PATH="${PWD}/certs" docker images
FATA[0000] An error occurred trying to connect: Get https://10.1.2.3:2376/v1.18/images/json: x509: certificate is valid for 127.0.0.1, 10.0.2.15, not 10.1.2.3

See also Parallels/boot2docker-vagrant-box#17.

[dduportal]

Hello, sorry for the delay of response.

As @legal90 stated in https://github.com/Parallels/boot2docker-vagrant-box/issues/17#issuecomment-126897367 , this is related to vagrant that create the network interface AFTER the docker Daemon start.

I provide in my box a workaround documented here (which is related to also getting those certificates in the client side) : https://github.com/dduportal/boot2docker-vagrant-box#tips--tricks (See block containing Thanks to @Freyskeyd) ) which basically make you restart the daemon.

Problem is that the vagrant lifecycle is not tied at all with docker one. We tried to add a docker restart as provisioning, but it began to create race conditions with the boot local.sh script, when tuning your docker daemon, so I made the choice to let people do the manual action the first time, since they need to fetch the certificate from the /vagrant share.

If you have any idea, i'm open for help , do not hesitate to reopen the issue :)

Thanks for your feedbacks !

[posita]

@dduportal, understood and thanks. It sounds like forcing recreation of the certificates during provisioning is the way to go. Thanks for the detailed explanation!