Generate and install TLS certificates for Docker communication

[hferentschik]

After provisioning the VM, one can currently log into the VM and Docker daemon is also running, but one cannot connect to the Docker daemon from the host due to wrong/missing certificates.

docker-machine env centos-live will fail.

We need to generate and install the right certificates.

See also https://github.com/boot2docker/boot2docker/blob/master/rootfs/rootfs/usr/local/etc/init.d/docker

[praveenkumar]

@hferentschik docker machine do it in provision step and I can see certs are already generated. (I am still using kvm driver)

$ docker-machine env centos
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.42.234:2376"
export DOCKER_CERT_PATH="/home/prkumar/.docker/machine/machines/centos"
export DOCKER_MACHINE_NAME="centos"
# Run this command to configure your shell: 
# eval $(docker-machine env centos)

[hferentschik]

Odd, did not work for me. I'll double check...

[hferentschik]

@praveenkumar does the cert regeneration works as well for you? Can you also try based on my pull request?

[praveenkumar]

Can you also try based on my pull request?

Yes it does work for me.

$ docker-machine regenerate-certs centos
Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
[prkumar@dhcp193-119 ~]$ docker-machine env centos
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.42.234:2376"
export DOCKER_CERT_PATH="/home/prkumar/.docker/machine/machines/centos"
export DOCKER_MACHINE_NAME="centos"
# Run this command to configure your shell: 
# eval $(docker-machine env centos)

[hferentschik]

Something does not seem to work for me. After the provisioning is done (docker-machine create seems to exit normally) I get

$ docker-machine ls
NAME          ACTIVE   DRIVER       STATE     URL                         SWARM   DOCKER    ERRORS
centos-live   -        virtualbox   Running   tcp://192.168.99.131:2376           Unknown   Unable to query docker version: Get https://192.168.99.131:2376/v1.15/version: remote error: bad   certificate
default       -        virtualbox   Stopped                                       Unknown
xhyve         -        xhyve        Running   tcp://192.168.64.12:2376            v1.12.1

Need to dig a bit deeper here.

[hferentschik]

@praveenkumar Which docker-machine version are you using? Are you using a installed version or are you executing the code from master?

[praveenkumar]

@hferentschik I am using docker-machine version 0.8.2, build e18a919 which is released and available to download https://github.com/docker/machine/releases/tag/v0.8.2

[hferentschik]

am using docker-machine version 0.8.2, build e18a919 which is released and available to download https://github.com/docker/machine/releases/tag/v0.8.2

Interesting. Would you mind trying against master?

[hferentschik]

This issue went away with pull request #24. I think it was basically the same issue which manifested itself slightly differently.

[hferentschik]

Also I was using now the latest docker-machine version 0.8.2