“error validating certificates” when using docker-machine in GCE

Question

When attempting to create a docker-machine on GCE from my machine, the following error appears :

$ docker-machine create --driver google \
    --google-project $PROJECT_ID \
    --google-zone $GOOGLE_ZONE \
    --google-machine-type $GOOGLE_MACHINE_TYPE \
    test-docker-machine
Running pre-create checks...
(test-docker-machine) Check that the project exists
(test-docker-machine)) Check if the instance already exists
Creating machine...
(test-docker-machine) Generating SSH Key
(test-docker-machine) Creating host...
(test-docker-machine) Opening firewall ports
(test-docker-machine) Creating instance
(test-docker-machine) Waiting for Instance
(test-docker-machine) Uploading SSH Key
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "104.199.63.145:2376": dial tcp 104.199.63.145:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.

I tried to use docker-machine regenerate-certs test as advised but it did not seem to correct anything :

$ docker-machine regenerate-certs test-docker-machine
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...

$ docker-machine env test-docker-machine
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "104.199.63.145:2376": dial tcp 104.199.63.145:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.

Moreover, the "docker-machine ls" displays 'Timeout' STATE for the machine but the ssh connection with "docker-machine ssh test-docker-machine" works correctly.

Can you please help me to figure out this issue ?

Here is the details of my installation :

$ docker-machine version
docker-machine version 0.8.2, build e18a919

$ docker version
Client:
Version: 1.11.0
API version: 1.23
Go version: go1.5.4
Git commit: 4dc5990
Built: Wed Apr 13 18:40:36 2016
OS/Arch: linux/amd64

Server:
Version: 1.11.0
API version: 1.23
Go version: go1.5.4
Git commit: 4dc5990
Built: Wed Apr 13 18:40:36 2016
OS/Arch: linux/amd64

Last hint : when i try the same from a GCE host, it works perfectly...

gdupin · Accepted Answer

As @NateQ suggested, the solution was to surcharge the docker-machine default google image (which is ubuntu-1510-wily-v20151114 as precised in the doc : https://docs.docker.com/machine/drivers/gce/) with the latest Ubuntu image by using the :

--google-machine-image https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/
ubuntu-1604-xenial-v20161205

option in the "docker-machine" command line

“error validating certificates” when using docker-machine in GCE

Answers (2)

Related Questions