-
Notifications
You must be signed in to change notification settings - Fork 2k
docker-compose build -> SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) #1880
Comments
Any thoughts are appreciated, I'm stuck, and do not want to reinstall my OS to make docker-compose work :) |
Thanks for reporting. Are you happening to be using a boot2docker vm with machine? |
This may be a red herring, but one thing I noticed is that Due to a bug with certain (recent) versions of OpenSSL, this is substantially the same behavior that caused similar errors when using docker tools directly with My recommendation is to patch machine to make sure that the I would submit a PR, but I am not (yet) very skilled with Go, nor am I familiar with how machine handles certificate creation/installation with boot2docker. Unfortunately my current schedule does not allow me to dedicate the requisite time to come up to speed. In lieu of that, I hope this summary is useful. |
@ehazlett Regards, |
Seems like the result is the same. Any other thoughts? |
@PavelPolyakov Sorry, I was wrong… |
@PavelPolyakov Done. That's what did:
The error was gone. |
@rkit Trying to implement it. However, couple of questions:
|
After that there was no error. |
Am I interpreting correctly, that requiring |
@rkit What I did:
Have I missed something? Any thoughts how I can overcome it? |
@PavelPolyakov, after doing the for i in ca cert ; do c="${DOCKER_CERT_PATH}/${i}.pem" ; ( set -x ; openssl x509 -in "${c}" -text | grep -E '^ +(Issuer|Subject): ' ) ; done |
@posita |
Okay, so +-zsh:xxx> openssl x509 -in /.../.docker/machine/certs/ca.pem -text
+-zsh:xxx> grep ... -E '^ +Subject: '
Subject: O=[thing] # <<<-- THIS SHOULD *NOT*
+-zsh:xxx> openssl x509 -in /.../.docker/machine/certs/cert.pem -text
+-zsh:xxx> grep ... -E '^ +Subject: '
Subject: O=[thing] # <<<-- EQUAL THIS If it does, and you have the "wrong" version of OpenSSL (i.e., any version that exhibits this bug), you will receive the I suspect this is why you're still having issues, and why @rkit's suggestion does not work. |
@PavelPolyakov, for giggles, can you try this (replace % eval $( docker-machine env [machine-name] )
% docker-machine ssh [machine-name]
...
Boot2Docker version 1.8.2, build master : aba6192 - Thu Sep 10 20:58:17 UTC 2015
Docker version 1.8.2, build 0a8c2e3
docker@boot2docker:~$ rm -fv ~docker/.docker/* # get rid of copies of certificates we're about to destroy
removed '/home/docker/.docker/ca.pem'
removed '/home/docker/.docker/cert.pem'
removed '/home/docker/.docker/key.pem'
docker@boot2docker:~$ sudo -s
root@boot2docker:/home/docker# cat /var/lib/boot2docker/profile # so I can see what is being overridden
...
root@boot2docker:/home/docker# rm -fv /var/lib/boot2docker/*.pem /var/lib/boot2docker/tls/* # remove any existing certificates
...
root@boot2docker:/home/docker# /usr/local/etc/init.d/docker restart
... # should regenerate default certificates
root@boot2docker:/home/docker# exit
docker@boot2docker:~$ exit
% rm -v "${DOCKER_CERT_PATH}"/*.pem # remove host-side (stale) certificates
...
% docker-machine scp [machine-name]:/home/docker/.docker/\*.pem "${DOCKER_CERT_PATH}" # copy newly-created certificates from machine to host
...
% docker ps
...
% docker-compose ps
...
% openssl s_client -showcerts -connect "${DOCKER_HOST#tcp:\/\/}" -key "${DOCKER_CERT_PATH}/key.pem" -cert "${DOCKER_CERT_PATH}/cert.pem" -CAfile "${DOCKER_CERT_PATH}/ca.pem" -tls1 </dev/null
... Basically, we're trying to avoid having |
Can't regenerate certificates First:
Then:
|
Ah, okay. I was afraid of that ( root@default:/home/docker# rm -fv /var/lib/boot2docker/tls/* Do: root@default:/home/docker# rm -fv /var/lib/boot2docker/*.pem /var/lib/boot2docker/tls/* |
(exit; exit) but then:
the last command:
|
Did you do this after exiting % rm -v "${DOCKER_CERT_PATH}"/*.pem
...
% docker-machine scp [machine-name]:/home/docker/.docker/\*.pem "${DOCKER_CERT_PATH}"
... Keep in mind, you still need to replace your host-side certificates with the ones you just got By the way, you'll probably need to start over from the beginning of the steps I outline in my #1880 (comment). I've updated that comment to reflect the change in my #1880 (comment). |
In my $DOCKER_CERT_PATH I have new (I think so) certificates located:
However,
|
I'm assuming your screenshot was just to show the details of There is a mismatch somewhere. What does this give you right now? openssl s_client -showcerts -connect "${DOCKER_HOST#tcp:\/\/}" -CAfile "${DOCKER_CERT_PATH}/ca.pem" -key "${DOCKER_CERT_PATH}/key.pem" If you aren't getting output that looks something like the following, you probably need to start over from scratch with the steps in my #1880 (comment).
|
Yes, this is just info, I haven't add them to the keychain. But they are located in my DOCKER_CERT_PATH. However, I still have:
and etc. , will try to startover again, thanks for the help! |
I am having the same problem. I've followed the steps listed above and have the following signed certs: + openssl x509 -in /Users/cschmid/.docker/machine/certs/ca.pem -text
+ grep -E '^ +(Issuer|Subject): '
Issuer: O=Boot2DockerCA
Subject: O=Boot2DockerCA
+ openssl x509 -in /Users/cschmid/.docker/machine/certs/cert.pem -text
+ grep -E '^ +(Issuer|Subject): '
Issuer: O=Boot2DockerCA
Subject: O=Boot2Docker But when I try to run docker-compose I continue to get the error Chriss-MacBook-Pro:docker cschmid$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Chriss-MacBook-Pro:docker cschmid$ docker-compose ps
SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) I'm running docker-compose 1.4.2, docker 1.8.2 and have openssl v1.0.1j_1 installed. |
@cischmidt, what does this give you (in the same env)? openssl s_client -showcerts -connect "${DOCKER_HOST#tcp:\/\/}" -CAfile "${DOCKER_CERT_PATH}/ca.pem" -key "${DOCKER_CERT_PATH}/key.pem" </dev/null |
An error response, but it may be because I have to connect to docker via localhost because of my Cisco VPN client: Chriss-MacBook-Pro:docker cschmid$ openssl s_client -showcerts -connect "${DOCKER_HOST#tcp:\/\/}" -CAfile "${DOCKER_CERT_PATH}/ca.pem" -key "${DOCKER_CERT_PATH}/key.pem" </dev/null
CONNECTED(00000003)
50891:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593: My docker environment variables are: DOCKER_HOST=tcp://127.0.0.1:2376
DOCKER_MACHINE_NAME=default
DOCKER_TLS_VERIFY=1
DOCKER_CERT_PATH=/Users/cschmid/.docker/machine/certs |
@cischmidt, you're on OS X, correct? I don't understand your |
I am on Mac OS X. I port-forward from my virtualbox VM to localhost:2376 to get around routing problems that the VPN introduces every time I connect to it. Docker related commands work well using this configuration, and I remember using docker-compose a few months ago without problem (today is the first day for some time that I began using docker-compose again). |
@cischmidt, just to confirm, @PavelPolyakov and @cischmidt, can you do the following after having run the steps above in my #1880 (comment)? There's no need to run through those steps again if you're still in the same environment and the machine is still up. % docker-machine ssh [machine-name]
docker@boot2docker:~$ export DOCKER_CERT_PATH="${HOME}/.docker" DOCKER_TLS_VERIFY=1 DOCKER_HOST=tcp://127.0.0.1:2376
docker@boot2docker:~$ docker ps
...
docker@boot2docker:~$ openssl s_client -showcerts -connect "${DOCKER_HOST#tcp:\/\/}" -CAfile "${DOCKER_CERT_PATH}/ca.pem" -key "${DOCKER_CERT_PATH}/key.pem" </dev/null
...
docker@boot2docker:~$ exit |
The stack traces look weird to me (they don't look like SSL errors). What do you get for |
|
What do you get with % docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
% docker-compose --verbose ps
Compose version 1.4.1
Docker base_url: https://www.xxx.yyy.zzz:2376
Docker version: KernelVersion=4.0.9-boot2docker, Os=linux, BuildTime=Thu Sep 10 19:10:10 UTC 2015, ApiVersion=1.20, Version=1.8.2, GitCommit=0a8c2e3, Arch=amd64, GoVersion=go1.4.2
docker containers <- (all=True, filters={u'label': [u'com.docker.compose.project=...', u'com.docker.compose.oneoff=False']})
docker containers -> (list with 0 items)
docker containers <- (all=True)
docker containers -> (list with 0 items)
docker containers <- (all=False, filters={u'label': [u'com.docker.compose.project=...', u'com.docker.compose.oneoff=True']})
docker containers -> (list with 0 items)
docker containers <- (all=True)
docker containers -> (list with 0 items)
Name Command State Ports
------------------------------
% python compose-debug.py --verbose ps
DEBUG : Trying /.../.docker/config.json
DEBUG : File doesn't exist
DEBUG : Trying /.../.dockercfg
DEBUG : Attempting to parse as JSON
DEBUG : ...
INFO : Compose version 1.4.1
Compose version 1.4.1
INFO : Docker base_url: https://www.xxx.yyy.zzz:2376
Docker base_url: https://www.xxx.yyy.zzz:2376
INFO : Docker version: KernelVersion=4.0.9-boot2docker, Os=linux, BuildTime=Thu Sep 10 19:10:10 UTC 2015, ApiVersion=1.20, Version=1.8.2, GitCommit=0a8c2e3, Arch=amd64, GoVersion=go1.4.2
Docker version: KernelVersion=4.0.9-boot2docker, Os=linux, BuildTime=Thu Sep 10 19:10:10 UTC 2015, ApiVersion=1.20, Version=1.8.2, GitCommit=0a8c2e3, Arch=amd64, GoVersion=go1.4.2
INFO : docker containers <- (all=True, filters={u'label': [u'com.docker.compose.project=...', u'com.docker.compose.oneoff=False']})
docker containers <- (all=True, filters={u'label': [u'com.docker.compose.project=...', u'com.docker.compose.oneoff=False']})
INFO : docker containers -> (list with 0 items)
docker containers -> (list with 0 items)
INFO : docker containers <- (all=True)
docker containers <- (all=True)
INFO : docker containers -> (list with 0 items)
docker containers -> (list with 0 items)
INFO : docker containers <- (all=False, filters={u'label': [u'com.docker.compose.project=...', u'com.docker.compose.oneoff=True']})
docker containers <- (all=False, filters={u'label': [u'com.docker.compose.project=...', u'com.docker.compose.oneoff=True']})
INFO : docker containers -> (list with 0 items)
docker containers -> (list with 0 items)
INFO : docker containers <- (all=True)
docker containers <- (all=True)
INFO : docker containers -> (list with 0 items)
docker containers -> (list with 0 items)
Name Command State Ports
------------------------------ |
@posita
Do you think it's an issue of my python? I also found this issue: Regarding the https and ulr library which python uses, I don't know if docker-compose uses the same lib though. |
@PavelPolyakov, try I doubt it's a Python version thing. I'm running 2.7.10 as well. It could be a What version of OpenSSL do you have? which openssl
openssl version
which python
python -c 'import ssl ; print(ssl.__file__) ; print(ssl.OPENSSL_VERSION)' |
Here we are:
|
How is |
Currently all the installation was done from here: https://www.docker.com/toolbox . I have tried different installation as well - from |
Okay, your versions aren't that different from mine, except for % docker version --format='{{.Client.Version}}'
1.8.2
% docker-machine --version
docker-machine version 0.4.1 (e2c88d6)
% docker-compose --version
docker-compose version: 1.4.1
% openssl version
OpenSSL 1.0.2d 9 Jul 2015
% python -c 'import ssl ; print(ssl.OPENSSL_VERSION)' # just to make sure it's picking up the same version
OpenSSL 1.0.2d 9 Jul 2015
% python -c 'import docker ; print(docker.version)'
1.4.0
% python -c 'import requests.packages.urllib3 ; print(requests.__version__) ; print(requests.packages.urllib3.__version__)'
2.6.2
1.10.3 Have you tried installing/running % virtualenv .venv
...
% . ./.venv/bin/activate # don't forget the dot; you're "sourcing" the file
% ./.venv/bin/pip install docker-compose
...
% rehash # necessary on some shells like zsh
% which docker-compose
.../.venv/bin/docker-compose
% docker-compose --version
docker-compose version: 1.4.2
% python -c 'import docker ; print(docker.version)'
1.4.0
% python -c 'import requests.packages.urllib3 ; print(requests.__version__) ; print(requests.packages.urllib3.__version__)'
2.7.0
1.10.4
% docker-compose --verbose ps
...?
% python compose-debug.py --verbose ps
...?
% docker-compose build
...? |
The same:
For some reason, you have all the versions higher then mine (if I understand correct):
why? and could it have such dramatic effect? |
I'm not sure. Try
Apparently, yes. You're at least getting the same cryptic error for FYI, this is what I get from my virtualenv (and a fresh % deactivate
% rm -frv ./.venv
...
% for i in $( docker-machine ls --quiet ) ; do docker-machine stop "${i}" ; done
...
% docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM
% mv -v ~/.docker/machine ~/.docker/machine.bak
/.../.docker/machine -> /.../.docker/machine.bak
% docker-machine create --driver virtualbox testes
Creating VirtualBox VM...
Creating SSH key...
Starting VirtualBox VM...
Starting VM...
To see how to connect Docker to this machine, run: docker-machine env testes
docker-machine create --driver virtualbox testes 8.12s user 6.22s system 13% cpu 1:47.48 total
% docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM
testes virtualbox Running tcp://192.168.99.100:2376
% eval $( docker-machine env testes )
% docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
% virtualenv .venv
...
% . ./.venv/bin/activate
% ./.venv/bin/pip install --no-cache-dir docker-compose
...
% rehash
% cat Dockerfile
FROM debian:stable
% cat docker-compose.yml
deb1:
build: .
deb2:
image: debian:stable
links:
- deb1
% docker-compose ps
Name Command State Ports
------------------------------
% docker-compose --verbose build
Compose version 1.4.2
Docker base_url: https://192.168.99.100:2376
Docker version: KernelVersion=4.0.9-boot2docker, Os=linux, BuildTime=Thu Sep 10 19:10:10 UTC 2015, ApiVersion=1.20, Version=1.8.2, GitCommit=0a8c2e3, Arch=amd64, GoVersion=go1.4.2
Building deb1...
docker build <- (pull=False, stream=True, nocache=False, tag=u'test_deb1', rm=True, path='/...', dockerfile=None)
docker build -> <generator object _stream_helper at 0x10f29b5f0>
Step 0 : FROM debian:stable
stable: Pulling from library/debian
401015d2a1e5: Pull complete
315baabd82d5: Pull complete
library/debian:stable: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:2ee35f51e54da93075fe46631a28d84ef4e23eb4ca51e7a8ef9f9ba625e7f6be
Status: Downloaded newer image for debian:stable
---> 315baabd82d5
Successfully built 315baabd82d5
docker close <- ()
docker close -> None
deb2 uses an image, skipping |
Nope :(
However, library versions are the same, basically:
|
Oops...you're right. That's my fault (I was getting my terminals confused). I was (mistakenly) partially copying version numbers from my terminal where I had done something like % which python
.../.venv/bin/python
% python -c 'import docker ; print(docker.version)'
1.3.1
% python -c 'import requests.packages.urllib3 ; print(requests.__version__) ; print(requests.packages.urllib3.__version__)'
2.6.2
1.10.3 What do you get for this in your current environment? ( set -x ; openssl s_client -showcerts -connect "${DOCKER_HOST#tcp:\/\/}" -tls1 -CAfile "${DOCKER_CERT_PATH}/ca.pem" -cert "${DOCKER_CERT_PATH}/cert.pem" -key "${DOCKER_CERT_PATH}/key.pem" </dev/null ; echo "exit code: ${?}" ) | awk '$0 ~ /TLS session ticket:/ { ticket = 1; } !ticket || $1 !~ /^[0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f]$/ { print; }' Also, can you try this (corrected)? % deactivate
% virtualenv -p /usr/bin/python .venv2
...
% ./.venv2/bin/pip install --no-cache-dir docker-compose
% ./.venv2/bin/python -c 'import ssl ; print(ssl.__file__) ; print (ssl.OPENSSL_VERSION)'
...
% ./.venv2/bin/python -c 'import _ssl ; print(_ssl.__file__) ; print (_ssl.OPENSSL_VERSION)' # note the underscore-ssl
...
% ./.venv2/bin/docker-compose ps
... |
1st:
and 2nd:
|
Okay, I've officially run out of ideas. I cannot for the life of me fathom why |
Yes,
But
Nevermind :) Thanks for the help and effort. Anyhow it is good to know that someone had |
I suppose one silver lining is that I no longer think your issue is with This may be an issue with I wish I could be of more help. 😞 |
# The first commit's message is: Fix Go Vet errors This commit makes no changes to code execution, but rather resolves some `go vet` errors, the majority of which relate to `fatal` being used instead of `fatalf` during testing. Signed-off-by: Matt McNaughton <mattjmcnaughton@gmail.com> # This is the 2nd commit message: FIX docker#1297 - Support additional tags on GCE Signed-off-by: David Gageot <david@gageot.net> # This is the 3rd commit message: FIX docker#676 - Support Start/Stop GCE instance Signed-off-by: David Gageot <david@gageot.net> # This is the 4th commit message: Updating with changes dropped in 1830 Tweaking language Incorporate Olivier's comments Stomp the nit --- a misspelling Wrapping lines Possessive Signed-off-by: Mary Anthony <mary@docker.com> # This is the 5th commit message: Fix docker#1846 Signed-off-by: Olivier Gambier <viapanda@gmail.com> # This is the 6th commit message: Adding FUSE HGFS mount option Signed-off-by: Fabio Rapposelli <fabio@vmware.com> # This is the 7th commit message: cleanup log.*ln, unuseful methods, some typos error … 1. cleanup log.*ln for docker#1081 2. add "\n" to config command 3. typos error 4. remove unuseful methods: getBasedir@commands.go, and GetDefaultTestHost@commands_test Signed-off-by: Xiaohui Liu <xiaohui.liu@ucloud.cn> # This is the 8th commit message: separate pkgaction into 'pkgaction' and 'serviceaction' ignored IntellJ IDEA files Signed-off-by: Xiaohui Liu <xiaohui.liu@ucloud.cn> # This is the 9th commit message: fix debian provisioning bug with systemd Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> # This is the 10th commit message: Rehauled build system and integration testing - USE_CONTAINER allow to seamlessly run targets inside or outside containers - all build calls have been harmonized, honoring the same env variables - contributing doc has been streamlined according to that - kill the distinction between remote and local docker builds - got rid of some of the byzantine calls in various asorted scripts - support for static build, debug builds, verbose Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 11th commit message: Fix missing dep on circle Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 12th commit message: Fix vet errors and enforce vet on travis Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 13th commit message: First steps to make ssh command smoother Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 14th commit message: Handle bad netmask returned by virtualbox after hostonlyif creation. Fixes docker#1843 Signed-off-by: Ron Williams <ron.a.williams@gmail.com> # This is the 15th commit message: Add tests for host only network retrieval feature Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 16th commit message: Fix failing case creating host only interface Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 17th commit message: Make libmachine usable by outside world - Clear out some cruft tightly coupling libmachine to filestore - Comment out drivers other than virtualbox for now - Change way too many things - Mostly, break out the code to be more modular. - Destroy all traces of "provider" in its current form. It will be brought back as something more sensible, instead of something which overlaps in function with both Host and Store. - Fix mis-managed config passthru - Remove a few instances of state stored in env vars - This should be explicitly communicated in Go-land, not through the shell. - Rename "store" module to "persist" - This is done mostly to avoid confusion about the fact that a concrete instance of a "Store" interface is oftentimes referred to as "store" in the code. - Rip out repetitive antipattern for getting store - This replaces the previous repetive idiom for getting the cert info, and consequently the store, with a much less repetitive idiom. - Also, some redundant methods in commands.go for accessing hosts have either been simplified or removed entirely. - First steps towards fixing up tests - Test progress continues - Replace unit tests with integration tests - MAKE ALL UNIT TESTS PASS YAY - Add helper test files - Don't write to disk in libmachine/host - Heh.. coverage check strikes again - Fix remove code - Move cert code around - Continued progress: simplify Driver - Fixups and make creation work with new model - Move drivers module inside of libmachine - Move ssh module inside of libmachine - Move state module to libmachine - Move utils module to libmachine - Move version module to libmachine - Move log module to libmachine - Modify some constructor methods around - Change Travis build dep structure - Boring gofmt fix - Add version module - Move NewHost to store - Update some boring cert path infos to make API easier to use - Fix up some issues around the new model - Clean up some cert path stuff - Don't use shady functions to get store path :D - Continue artifact work - Fix silly machines dir bug - Continue fixing silly path issues - Change up output of vbm a bit - Continue work to make example go - Change output a little more - Last changes needed to make create finish properly - Fix config.go to use libmachine - Cut down code duplication and make both methods work with libmachine - Add pluggable logging implementation - Return error when machine already in desired state - Update example to show log method - Fix file:// bug - Fix Swarm defaults - Remove unused TLS settings from Engine and Swarm options - Remove spurious error - Correct bug detecting if migration was performed - Fix compilation errors from tests - Fix most of remaining test issues - Fix final silly bug in tests - Remove extraneous debug code - Add -race to test command - Appease the gofmt - Appease the generate coverage - Making executive decision to remove Travis coverage check In the early days I thought this would be a good idea because it would encourage people to write tests in case they added a new module. Well, in fact it has just turned into a giant nuisance and made refactoring work like this even more difficult. - Move Get to Load - Move HostListItem code to CLI Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 18th commit message: --no-proxy flag for env command This optinal flag will add the docker host to the no_proxy environement variable. This is useful for local providers (e.g. virtualbox, fusion) in environments where an http_proxy is set and docker by default tries to connect to the ip via the proxy. Signed-off-by: Fabian Ruff <fabian@progra.de> # This is the 19th commit message: Add doc section about --no-proxy flag Signed-off-by: Fabian Ruff <fabian@progra.de> # This is the 20th commit message: Update documentation and integration tests for no_proxy Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 21st commit message: Remove beta warning message Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 22nd commit message: Fix error reporting on VBoxManage not found Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 23rd commit message: Remove empty test files Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 24th commit message: Fix flag accidentally left out in PR carry Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 25th commit message: Tests fixes / silence build / add unit tests Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 26th commit message: Fix Docker daemon wait Also, a few various cleanups are bundled: 1. Only call GetDriver() once to get the object in provision/utils.go 2. SSH command wrapper will return the error and let the consumer decide what to do with it instead of bailing automatically on non-255 Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 27th commit message: Re-add godep This change is needed to fix a Continuous Build pipeline run by @ehazlett which spits out master build binaries for Docker Machine. Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 28th commit message: Remove dead code. Function getMachineDir is not used. Signed-off-by: Alexey Grachov <grachov.alexey@gmail.com> # This is the 29th commit message: Add argument assertion to inspect/status/url commands Signed-off-by: Kazuyuki Suzuki <kechol28@gmail.com> # This is the 30th commit message: Update release version number 0.4.1 Signed-off-by: Vladimir Chernyshev <volch5@gmail.com> # This is the 31st commit message: Issue docker#1867 improve detectShell for windows newer versions of git bash use mintty which doesn't set TERM=cygwin but does set SHELL appropriately. Allow for SHELL to be detected on windows and only output the message if its not. Signed-off-by: Donovan Jimenez <donovan.jimenez@gmail.com> # This is the 32nd commit message: Additional info message while waiting for IP address. It takes a lot of time to assign the IP to droplet, so informing user about this hang looks like good idea. Signed-off-by: Alexey Grachov <grachov.alexey@gmail.com> # This is the 33rd commit message: Fix binaries location Signed-off-by: David Gageot <david@gageot.net> # This is the 34th commit message: Add --github-api-token flag and troubleshooting section Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 35th commit message: Fix broken --storage-path flag Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 36th commit message: commands: make `ls` to not report saved hosts to be active when $DOCKER_HOST is not set Signed-off-by: Soshi Katsuta <soshi.katsuta@gmail.com> # This is the 37th commit message: Move VBox detection to Precreate and print version Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 38th commit message: Add --openstack-ip-version option This option allows users to specify IP version. Signed-off-by: Hironobu Saitoh <hiro@hironobu.org> # This is the 39th commit message: clarified hostname error with valid characters this is a fix for docker#1922 to add in a valid character error message. Signed-off-by: Kendrick Coleman <kendrickcoleman@gmail.com> # This is the 40th commit message: Display error message only when create was otherwise successful Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 41st commit message: Prepare build for plugins PR Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 42nd commit message: Add environment varibles for OpenStack flags Some flags for the OpenStack driver did not have a corresponding environment variable. Among others, this is needed to run bats core tests with the OpenStack driver. Signed-off-by: Guillaume Giamarchi <guillaume.giamarchi@gmail.com> # This is the 43rd commit message: Fix building in docker - now has the default build target on `make` - test depends on non-bogus target Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 44th commit message: Don't build test files in cmd Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 45th commit message: Updating CI builds to use Go 1.5.1 Signed-off-by: Dave Henderson <dhenderson@gmail.com> # This is the 46th commit message: Fix config drive support in VMware Fusion driver Signed-off-by: Marcel Harkema <marcel@harkema.name> # This is the 47th commit message: Fix docker#1974 make clean after a make build-x#1974 Signed-off-by: David Gageot <david@gageot.net> # This is the 48th commit message: Fix filenames of loggers. Signed-off-by: Kent Wang <pragkent@gmail.com> # This is the 49th commit message: Remove TerminalLogger. Signed-off-by: Kent Wang <pragkent@gmail.com> # This is the 50th commit message: Fix Windows SSH issues Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 51st commit message: Hugo 15 support Markdown per GitHub; Removing seds Signed-off-by: Mary Anthony <mary@docker.com> # This is the 52nd commit message: Explain how to prepare a Go 1.5 development environment Other minor documentation fixes Signed-off-by: Giuseppe Mazzotta <gdm85@users.noreply.github.com> # This is the 53rd commit message: Simplify fetch process by using go get Signed-off-by: Giuseppe Mazzotta <gdm85@users.noreply.github.com> # This is the 54th commit message: Fix docker#1972 Google drive is broken because of tags Signed-off-by: David Gageot <david@gageot.net> # This is the 55th commit message: FIX docker#1914 Reject command lines with trailing flags Signed-off-by: David Gageot <david@gageot.net> # This is the 56th commit message: add default AddressType: Fixed Signed-off-by: Christian Mouttet <cmouttet@gmail.com> # This is the 57th commit message: Build system enhancements - new simpler targets: * make machine * make plugins * make cross - fixed windows cross build to output .exe files Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 58th commit message: Move towards using external binaries / RPC plugins - First RPC steps - Work on some flaws in RPC model - Remove unused TLS settings from Engine and Swarm options - Add code to correctly encode data over the network - Add client driver for RPC - Rename server driver file - Start to make marshal make sense - Fix silly RPC method args and add client - Fix some issues with RPC calls, and marshaling - Simplify plugin main.go - Move towards 100% plugin in CLI - Ensure that plugin servers are cleaned up properly - Make flag parsing for driver flags work properly Includes some work carried from @dmp42 updating the build process and tests to use the new method. Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 59th commit message: Bump version for release candidate Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 60th commit message: Close docker#2001 / consistent hyperv internal naming Signed-off-by: David Arnold <dar@devco.co> # This is the 61st commit message: Fix log.* method calls which meant to be log.*f Stuff like `log.Debug("foo bar: %s", baz)` really wants to be `log.Debugf("foo bar: %s", baz)`... Signed-off-by: Dave Henderson <dhenderson@gmail.com> # This is the 62nd commit message: fix IPV6NetworkMaskPrefixLength value parsing docker#1692 Adapted from boot2docker/boot2docker-cli@941c70c Signed-off-by: Gianpaolo Macario <gmacario@gmail.com> # This is the 63rd commit message: Introduced a new flag for google driver: --google-use-internal-ip Signed-off-by: Mariusz Woloszyn <emsi@EmsiOSX.dom.qpqp01.pl> # This is the 64th commit message: Fixing JSON marshaling of large numbers during migration - Added some context to an error message - it's useful to know _which_ plugin failed when invoking the binary failed - Replaced `json.Umarshal` with a `json.Decoder`, so that the `UseNumber` function can be called, which prevents large integers from being interpreted as `float64`s. - Fixed a couple `log.Warn` calls that should've been `log.Warnf` Signed-off-by: Dave Henderson <dhenderson@gmail.com> # This is the 65th commit message: Add some small support for forward compatible configuration mistakes Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 66th commit message: Ensure log writes only to os.Stderr for env and config command Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 67th commit message: Spit out at least some message when flag parsing etc. fails Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 68th commit message: Bump version to 0.5.0-rc2 Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 69th commit message: Fix Typos in integration tests Signed-off-by: David Gageot <david@gageot.net> # This is the 70th commit message: Check that VT-X/AMD-v is enabled Signed-off-by: David Gageot <david@gageot.net> # This is the 71st commit message: FIX docker#1974 in-container make test fails Signed-off-by: David Gageot <david@gageot.net> # This is the 72nd commit message: Add tests to virtualbox driver Signed-off-by: David Gageot <david@gageot.net> # This is the 73rd commit message: Adding provisioner for Arch Linux Signed-off-by: Dave Henderson <dhenderson@gmail.com> # This is the 74th commit message: Add SUSE Enterprise Linux and openSUSE provision Add support for SUSE Enterprise Linux and openSUSE Signed-off-by: Flavio Castelli <fcastelli@suse.com> # This is the 75th commit message: Revert "Add SUSE Enterprise Linux and openSUSE provision" # This is the 76th commit message: FIX docker#2020 Better error when vboxmanage is missing Signed-off-by: David Gageot <david@gageot.net> # This is the 77th commit message: Adding support for darwin to IsVTXDisabled Signed-off-by: Dave Henderson <dhenderson@gmail.com> # This is the 78th commit message: Additional validation on virtualbox-hostonly-cidr Check that the CIDR provided for a virtualbox host only CIDR is specified as a host IP and netmask, e.g., 192.168.100.1/24, and not a network IP and netmask, e.g., 192.168.100.0/24. This will help prevent confusion like docker#1383 Signed-off-by: Chris Abernethy <cabernet@chrisabernethy.com> Signed-off-by: David Gageot <david@gageot.net> # This is the 79th commit message: Report VirtualBox errors Signed-off-by: David Gageot <david@gageot.net> # This is the 80th commit message: Carrys and closes docker#1352 Pull the chmod line per reviewers Signed-off-by: Mary Anthony <mary@docker.com> # This is the 81st commit message: Fix ordered list numbering Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 82nd commit message: Increase SSH timeout back to five minutes Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 83rd commit message: FIX docker#2019 invalid env hints Signed-off-by: David Gageot <david@gageot.net> # This is the 84th commit message: Bump version to rc3 Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 85th commit message: Add more debug during certificates validation Signed-off-by: David Gageot <david@gageot.net> # This is the 86th commit message: Remove dead code Signed-off-by: David Gageot <david@gageot.net> # This is the 87th commit message: Use SDK to Validate VpcID with SubnetId Signed-off-by: feelobot <felix.a.rod@gmail.com> # This is the 88th commit message: Inspired by docker#1880 (and docker/compose#890 et al.). Make sure `ca.pem` subject is different from `cert.pem` subject to work-around OpenSSL bug. Signed-off-by: Matt Bogosian <mtb19@columbia.edu> # This is the 89th commit message: force tty allocation for ssh with multiple '-tt'. fix docker#2037: when provision on CentOS 7.0, it needs to force tty allocation with multiple '-t' option. Otherwise, the ssh command will failed with "sudo: sorry, you must have a tty to run sudo" in SetHostname. Signed-off-by: Xiaohui Liu <xiaohui.liu@ucloud.cn> # This is the 90th commit message: improve cmd shell support Signed-off-by: Stefan Scherer <scherer_stefan@icloud.com> Signed-off-by: David Gageot <david@gageot.net> # This is the 91st commit message: Add SUSE Enterprise Linux and openSUSE provision Add support for SUSE Enterprise Linux and openSUSE. Code revised to build against current master. Signed-off-by: Flavio Castelli <fcastelli@suse.com> # This is the 92nd commit message: Adding bash completion and helper scripts This patch adds some bash helper scripts. * docker-machine.bash - command completion for docker-machine * docker-machine-prompt.bash - function for putting the active machine name in PS1 * docker-machine-wrapper.bash - function wrapper adding an `use` command that runs `eval $(docker-machine env whatever)` in the current shell. Signed-off-by: David M. Lee <dlee@respoke.io> # This is the 93rd commit message: Fix some links found with linkchecker Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> # This is the 94th commit message: Typo in EXOSCALE_IMAGE Signed-off-by: Bruno Renié <brutasse@gmail.com> # This is the 95th commit message: Adding localhost to the list of alt_names When attempting to connect to the docker api from the machine itself, the TLS verification of the certificate checked against the public IP address of the primary interface. This is undesirable on hosts which have NAT rules that block access to that address by default. Adding "localhost" to the list of alt_names allows the cert to be verified and connections to localhost (either 127.0.0.1 or [::1]) to the port to pass verification. Otherwise one would need to disable verification just to connect to the local docker instance. Signed-off-by: David Gageot <david@gageot.net> # This is the 96th commit message: Minor cleanup and fix docker#2022 Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 97th commit message: support github enterprise urls for b2d downloads This commit allows downloading boot2docker releases not only from the official releases url (https://api.github.com/repos/boot2docker/boot2docker/releases) but from arbitrary github repositories that publish releases with a boot2docker.iso artifact. It also supports downloading from github enterprise. Signed-off-by: Fabian Ruff <fabian@progra.de> # This is the 98th commit message: support upgrading b2d from custom urls . Signed-off-by: Fabian Ruff <fabian@progra.de> # This is the 99th commit message: Add heartbeat / automatic server cleanup code This replaces the previous method of attempting to clean up servers when an unexpected exit occurs in the client (e.g. SIGINT or panic) by a heartbeat protocol. If the server does not hear from the connecting client within a certain interval of time (500ms in this commit), it will de-activate itself. This prevents dangling Docker Machine server processes from accumulating. Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 100th commit message: Remove useless duplication on PreCreateCheck Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 101st commit message: Trivial cleanup / ordering / inline doc Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 102nd commit message: Remove useless duplication on GetSSHHostname Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 103rd commit message: Remove duplication over GetIP + ip address proper validation Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 104th commit message: Generic and Base slight cleanups - tests for GetIP - extract default values into consts (user & port) - better error handling (cert permissions change) - unexport Driver for generic (linting) - ordering of methods and variables for better readability Signed-off-by: Olivier Gambier <olivier@docker.com> # This is the 105th commit message: Re-add make install to Makefile Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 106th commit message: Fixes docker#2062 Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 107th commit message: Remove dead code Signed-off-by: David Gageot <david@gageot.net> # This is the 108th commit message: FIX docker#1985 Build with Docker on TravisCI Signed-off-by: David Gageot <david@gageot.net> # This is the 109th commit message: Revert "Generic and Base slight cleanups" This reverts commit 19625de. Signed-off-by: David Gageot <david@gageot.net> # This is the 110th commit message: Revert "Remove duplication over GetIP" This reverts commit 99aacc7. Signed-off-by: David Gageot <david@gageot.net> # This is the 111th commit message: Revert "Remove useless duplication on GetSSHHostname" This reverts commit b6462eb. Signed-off-by: David Gageot <david@gageot.net> # This is the 112th commit message: Returning active host when swarm is active Signed-off-by: Dave Henderson <dhenderson@gmail.com> # This is the 113th commit message: Stop heartbeat when there is an issue connecting to the server Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 114th commit message: Print a better error when virtualbox fails Instead of printing `exit status 1` we'll print the stderr output Signed-off-by: David Gageot <david@gageot.net> # This is the 115th commit message: Simpler code for env usage hints. We can just output the original os.Args in the eval call. Signed-off-by: David Gageot <david@gageot.net> # This is the 116th commit message: Pipe error output from git line to /dev/null This will simply leave the tag empty if compiled independent of a source repository. Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> # This is the 117th commit message: Fixed typo Signed-off-by: Ian Lee <IanLee1521@gmail.com> # This is the 118th commit message: Fix panic when using openstack driver The openstack driver was unusable because some cli flags were redifined. That caused a runtime error like: create flag redefined: openstack-ssh-user panic: create flag redefined: openstack-ssh-user Signed-off-by: Flavio Castelli <fcastelli@suse.com> # This is the 119th commit message: FIX docker#2093 warn in case we think VT-X is not enabled. Signed-off-by: David Gageot <david@gageot.net>
# The first commit's message is: Fix Go Vet errors This commit makes no changes to code execution, but rather resolves some `go vet` errors, the majority of which relate to `fatal` being used instead of `fatalf` during testing. Signed-off-by: Matt McNaughton <mattjmcnaughton@gmail.com> FIX docker#1297 - Support additional tags on GCE Signed-off-by: David Gageot <david@gageot.net> FIX docker#676 - Support Start/Stop GCE instance Signed-off-by: David Gageot <david@gageot.net> Updating with changes dropped in 1830 Tweaking language Incorporate Olivier's comments Stomp the nit --- a misspelling Wrapping lines Possessive Signed-off-by: Mary Anthony <mary@docker.com> Fix docker#1846 Signed-off-by: Olivier Gambier <viapanda@gmail.com> Adding FUSE HGFS mount option Signed-off-by: Fabio Rapposelli <fabio@vmware.com> cleanup log.*ln, unuseful methods, some typos error … 1. cleanup log.*ln for docker#1081 2. add "\n" to config command 3. typos error 4. remove unuseful methods: getBasedir@commands.go, and GetDefaultTestHost@commands_test Signed-off-by: Xiaohui Liu <xiaohui.liu@ucloud.cn> separate pkgaction into 'pkgaction' and 'serviceaction' ignored IntellJ IDEA files Signed-off-by: Xiaohui Liu <xiaohui.liu@ucloud.cn> fix debian provisioning bug with systemd Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> Rehauled build system and integration testing - USE_CONTAINER allow to seamlessly run targets inside or outside containers - all build calls have been harmonized, honoring the same env variables - contributing doc has been streamlined according to that - kill the distinction between remote and local docker builds - got rid of some of the byzantine calls in various asorted scripts - support for static build, debug builds, verbose Signed-off-by: Olivier Gambier <olivier@docker.com> Fix missing dep on circle Signed-off-by: Olivier Gambier <olivier@docker.com> Fix vet errors and enforce vet on travis Signed-off-by: Olivier Gambier <olivier@docker.com> First steps to make ssh command smoother Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Handle bad netmask returned by virtualbox after hostonlyif creation. Fixes docker#1843 Signed-off-by: Ron Williams <ron.a.williams@gmail.com> Add tests for host only network retrieval feature Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Fix failing case creating host only interface Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Make libmachine usable by outside world - Clear out some cruft tightly coupling libmachine to filestore - Comment out drivers other than virtualbox for now - Change way too many things - Mostly, break out the code to be more modular. - Destroy all traces of "provider" in its current form. It will be brought back as something more sensible, instead of something which overlaps in function with both Host and Store. - Fix mis-managed config passthru - Remove a few instances of state stored in env vars - This should be explicitly communicated in Go-land, not through the shell. - Rename "store" module to "persist" - This is done mostly to avoid confusion about the fact that a concrete instance of a "Store" interface is oftentimes referred to as "store" in the code. - Rip out repetitive antipattern for getting store - This replaces the previous repetive idiom for getting the cert info, and consequently the store, with a much less repetitive idiom. - Also, some redundant methods in commands.go for accessing hosts have either been simplified or removed entirely. - First steps towards fixing up tests - Test progress continues - Replace unit tests with integration tests - MAKE ALL UNIT TESTS PASS YAY - Add helper test files - Don't write to disk in libmachine/host - Heh.. coverage check strikes again - Fix remove code - Move cert code around - Continued progress: simplify Driver - Fixups and make creation work with new model - Move drivers module inside of libmachine - Move ssh module inside of libmachine - Move state module to libmachine - Move utils module to libmachine - Move version module to libmachine - Move log module to libmachine - Modify some constructor methods around - Change Travis build dep structure - Boring gofmt fix - Add version module - Move NewHost to store - Update some boring cert path infos to make API easier to use - Fix up some issues around the new model - Clean up some cert path stuff - Don't use shady functions to get store path :D - Continue artifact work - Fix silly machines dir bug - Continue fixing silly path issues - Change up output of vbm a bit - Continue work to make example go - Change output a little more - Last changes needed to make create finish properly - Fix config.go to use libmachine - Cut down code duplication and make both methods work with libmachine - Add pluggable logging implementation - Return error when machine already in desired state - Update example to show log method - Fix file:// bug - Fix Swarm defaults - Remove unused TLS settings from Engine and Swarm options - Remove spurious error - Correct bug detecting if migration was performed - Fix compilation errors from tests - Fix most of remaining test issues - Fix final silly bug in tests - Remove extraneous debug code - Add -race to test command - Appease the gofmt - Appease the generate coverage - Making executive decision to remove Travis coverage check In the early days I thought this would be a good idea because it would encourage people to write tests in case they added a new module. Well, in fact it has just turned into a giant nuisance and made refactoring work like this even more difficult. - Move Get to Load - Move HostListItem code to CLI Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> --no-proxy flag for env command This optinal flag will add the docker host to the no_proxy environement variable. This is useful for local providers (e.g. virtualbox, fusion) in environments where an http_proxy is set and docker by default tries to connect to the ip via the proxy. Signed-off-by: Fabian Ruff <fabian@progra.de> Add doc section about --no-proxy flag Signed-off-by: Fabian Ruff <fabian@progra.de> Update documentation and integration tests for no_proxy Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Remove beta warning message Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Fix error reporting on VBoxManage not found Signed-off-by: Olivier Gambier <olivier@docker.com> Remove empty test files Signed-off-by: Olivier Gambier <olivier@docker.com> Fix flag accidentally left out in PR carry Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Tests fixes / silence build / add unit tests Signed-off-by: Olivier Gambier <olivier@docker.com> Fix Docker daemon wait Also, a few various cleanups are bundled: 1. Only call GetDriver() once to get the object in provision/utils.go 2. SSH command wrapper will return the error and let the consumer decide what to do with it instead of bailing automatically on non-255 Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Re-add godep This change is needed to fix a Continuous Build pipeline run by @ehazlett which spits out master build binaries for Docker Machine. Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Remove dead code. Function getMachineDir is not used. Signed-off-by: Alexey Grachov <grachov.alexey@gmail.com> Add argument assertion to inspect/status/url commands Signed-off-by: Kazuyuki Suzuki <kechol28@gmail.com> Update release version number 0.4.1 Signed-off-by: Vladimir Chernyshev <volch5@gmail.com> Issue docker#1867 improve detectShell for windows newer versions of git bash use mintty which doesn't set TERM=cygwin but does set SHELL appropriately. Allow for SHELL to be detected on windows and only output the message if its not. Signed-off-by: Donovan Jimenez <donovan.jimenez@gmail.com> Additional info message while waiting for IP address. It takes a lot of time to assign the IP to droplet, so informing user about this hang looks like good idea. Signed-off-by: Alexey Grachov <grachov.alexey@gmail.com> Fix binaries location Signed-off-by: David Gageot <david@gageot.net> Add --github-api-token flag and troubleshooting section Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Fix broken --storage-path flag Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> commands: make `ls` to not report saved hosts to be active when $DOCKER_HOST is not set Signed-off-by: Soshi Katsuta <soshi.katsuta@gmail.com> Move VBox detection to Precreate and print version Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Add --openstack-ip-version option This option allows users to specify IP version. Signed-off-by: Hironobu Saitoh <hiro@hironobu.org> clarified hostname error with valid characters this is a fix for docker#1922 to add in a valid character error message. Signed-off-by: Kendrick Coleman <kendrickcoleman@gmail.com> Display error message only when create was otherwise successful Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Prepare build for plugins PR Signed-off-by: Olivier Gambier <olivier@docker.com> Add environment varibles for OpenStack flags Some flags for the OpenStack driver did not have a corresponding environment variable. Among others, this is needed to run bats core tests with the OpenStack driver. Signed-off-by: Guillaume Giamarchi <guillaume.giamarchi@gmail.com> Fix building in docker - now has the default build target on `make` - test depends on non-bogus target Signed-off-by: Olivier Gambier <olivier@docker.com> Don't build test files in cmd Signed-off-by: Olivier Gambier <olivier@docker.com> Updating CI builds to use Go 1.5.1 Signed-off-by: Dave Henderson <dhenderson@gmail.com> Fix config drive support in VMware Fusion driver Signed-off-by: Marcel Harkema <marcel@harkema.name> Fix docker#1974 make clean after a make build-x#1974 Signed-off-by: David Gageot <david@gageot.net> Fix filenames of loggers. Signed-off-by: Kent Wang <pragkent@gmail.com> Remove TerminalLogger. Signed-off-by: Kent Wang <pragkent@gmail.com> Fix Windows SSH issues Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Hugo 15 support Markdown per GitHub; Removing seds Signed-off-by: Mary Anthony <mary@docker.com> Explain how to prepare a Go 1.5 development environment Other minor documentation fixes Signed-off-by: Giuseppe Mazzotta <gdm85@users.noreply.github.com> Simplify fetch process by using go get Signed-off-by: Giuseppe Mazzotta <gdm85@users.noreply.github.com> Fix docker#1972 Google drive is broken because of tags Signed-off-by: David Gageot <david@gageot.net> FIX docker#1914 Reject command lines with trailing flags Signed-off-by: David Gageot <david@gageot.net> add default AddressType: Fixed Signed-off-by: Christian Mouttet <cmouttet@gmail.com> Build system enhancements - new simpler targets: * make machine * make plugins * make cross - fixed windows cross build to output .exe files Signed-off-by: Olivier Gambier <olivier@docker.com> Move towards using external binaries / RPC plugins - First RPC steps - Work on some flaws in RPC model - Remove unused TLS settings from Engine and Swarm options - Add code to correctly encode data over the network - Add client driver for RPC - Rename server driver file - Start to make marshal make sense - Fix silly RPC method args and add client - Fix some issues with RPC calls, and marshaling - Simplify plugin main.go - Move towards 100% plugin in CLI - Ensure that plugin servers are cleaned up properly - Make flag parsing for driver flags work properly Includes some work carried from @dmp42 updating the build process and tests to use the new method. Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Bump version for release candidate Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Close docker#2001 / consistent hyperv internal naming Signed-off-by: David Arnold <dar@devco.co> Fix log.* method calls which meant to be log.*f Stuff like `log.Debug("foo bar: %s", baz)` really wants to be `log.Debugf("foo bar: %s", baz)`... Signed-off-by: Dave Henderson <dhenderson@gmail.com> fix IPV6NetworkMaskPrefixLength value parsing docker#1692 Adapted from boot2docker/boot2docker-cli@941c70c Signed-off-by: Gianpaolo Macario <gmacario@gmail.com> Introduced a new flag for google driver: --google-use-internal-ip Signed-off-by: Mariusz Woloszyn <emsi@EmsiOSX.dom.qpqp01.pl> Fixing JSON marshaling of large numbers during migration - Added some context to an error message - it's useful to know _which_ plugin failed when invoking the binary failed - Replaced `json.Umarshal` with a `json.Decoder`, so that the `UseNumber` function can be called, which prevents large integers from being interpreted as `float64`s. - Fixed a couple `log.Warn` calls that should've been `log.Warnf` Signed-off-by: Dave Henderson <dhenderson@gmail.com> Add some small support for forward compatible configuration mistakes Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Ensure log writes only to os.Stderr for env and config command Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Spit out at least some message when flag parsing etc. fails Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Bump version to 0.5.0-rc2 Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Fix Typos in integration tests Signed-off-by: David Gageot <david@gageot.net> Check that VT-X/AMD-v is enabled Signed-off-by: David Gageot <david@gageot.net> FIX docker#1974 in-container make test fails Signed-off-by: David Gageot <david@gageot.net> Add tests to virtualbox driver Signed-off-by: David Gageot <david@gageot.net> Adding provisioner for Arch Linux Signed-off-by: Dave Henderson <dhenderson@gmail.com> Add SUSE Enterprise Linux and openSUSE provision Add support for SUSE Enterprise Linux and openSUSE Signed-off-by: Flavio Castelli <fcastelli@suse.com> Revert "Add SUSE Enterprise Linux and openSUSE provision" FIX docker#2020 Better error when vboxmanage is missing Signed-off-by: David Gageot <david@gageot.net> Adding support for darwin to IsVTXDisabled Signed-off-by: Dave Henderson <dhenderson@gmail.com> Additional validation on virtualbox-hostonly-cidr Check that the CIDR provided for a virtualbox host only CIDR is specified as a host IP and netmask, e.g., 192.168.100.1/24, and not a network IP and netmask, e.g., 192.168.100.0/24. This will help prevent confusion like docker#1383 Signed-off-by: Chris Abernethy <cabernet@chrisabernethy.com> Signed-off-by: David Gageot <david@gageot.net> Report VirtualBox errors Signed-off-by: David Gageot <david@gageot.net> Carrys and closes docker#1352 Pull the chmod line per reviewers Signed-off-by: Mary Anthony <mary@docker.com> Fix ordered list numbering Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Increase SSH timeout back to five minutes Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> FIX docker#2019 invalid env hints Signed-off-by: David Gageot <david@gageot.net> Bump version to rc3 Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Add more debug during certificates validation Signed-off-by: David Gageot <david@gageot.net> Remove dead code Signed-off-by: David Gageot <david@gageot.net> Use SDK to Validate VpcID with SubnetId Signed-off-by: feelobot <felix.a.rod@gmail.com> Inspired by docker#1880 (and docker/compose#890 et al.). Make sure `ca.pem` subject is different from `cert.pem` subject to work-around OpenSSL bug. Signed-off-by: Matt Bogosian <mtb19@columbia.edu> force tty allocation for ssh with multiple '-tt'. fix docker#2037: when provision on CentOS 7.0, it needs to force tty allocation with multiple '-t' option. Otherwise, the ssh command will failed with "sudo: sorry, you must have a tty to run sudo" in SetHostname. Signed-off-by: Xiaohui Liu <xiaohui.liu@ucloud.cn> improve cmd shell support Signed-off-by: Stefan Scherer <scherer_stefan@icloud.com> Signed-off-by: David Gageot <david@gageot.net> Add SUSE Enterprise Linux and openSUSE provision Add support for SUSE Enterprise Linux and openSUSE. Code revised to build against current master. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Adding bash completion and helper scripts This patch adds some bash helper scripts. * docker-machine.bash - command completion for docker-machine * docker-machine-prompt.bash - function for putting the active machine name in PS1 * docker-machine-wrapper.bash - function wrapper adding an `use` command that runs `eval $(docker-machine env whatever)` in the current shell. Signed-off-by: David M. Lee <dlee@respoke.io> Fix some links found with linkchecker Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> Typo in EXOSCALE_IMAGE Signed-off-by: Bruno Renié <brutasse@gmail.com> Adding localhost to the list of alt_names When attempting to connect to the docker api from the machine itself, the TLS verification of the certificate checked against the public IP address of the primary interface. This is undesirable on hosts which have NAT rules that block access to that address by default. Adding "localhost" to the list of alt_names allows the cert to be verified and connections to localhost (either 127.0.0.1 or [::1]) to the port to pass verification. Otherwise one would need to disable verification just to connect to the local docker instance. Signed-off-by: David Gageot <david@gageot.net> Minor cleanup and fix docker#2022 Signed-off-by: Olivier Gambier <olivier@docker.com> support github enterprise urls for b2d downloads This commit allows downloading boot2docker releases not only from the official releases url (https://api.github.com/repos/boot2docker/boot2docker/releases) but from arbitrary github repositories that publish releases with a boot2docker.iso artifact. It also supports downloading from github enterprise. Signed-off-by: Fabian Ruff <fabian@progra.de> support upgrading b2d from custom urls . Signed-off-by: Fabian Ruff <fabian@progra.de> Add heartbeat / automatic server cleanup code This replaces the previous method of attempting to clean up servers when an unexpected exit occurs in the client (e.g. SIGINT or panic) by a heartbeat protocol. If the server does not hear from the connecting client within a certain interval of time (500ms in this commit), it will de-activate itself. This prevents dangling Docker Machine server processes from accumulating. Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Remove useless duplication on PreCreateCheck Signed-off-by: Olivier Gambier <olivier@docker.com> Trivial cleanup / ordering / inline doc Signed-off-by: Olivier Gambier <olivier@docker.com> Remove useless duplication on GetSSHHostname Signed-off-by: Olivier Gambier <olivier@docker.com> Remove duplication over GetIP + ip address proper validation Signed-off-by: Olivier Gambier <olivier@docker.com> Generic and Base slight cleanups - tests for GetIP - extract default values into consts (user & port) - better error handling (cert permissions change) - unexport Driver for generic (linting) - ordering of methods and variables for better readability Signed-off-by: Olivier Gambier <olivier@docker.com> Re-add make install to Makefile Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Fixes docker#2062 Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Remove dead code Signed-off-by: David Gageot <david@gageot.net> FIX docker#1985 Build with Docker on TravisCI Signed-off-by: David Gageot <david@gageot.net> Revert "Generic and Base slight cleanups" This reverts commit 19625de. Signed-off-by: David Gageot <david@gageot.net> Revert "Remove duplication over GetIP" This reverts commit 99aacc7. Signed-off-by: David Gageot <david@gageot.net> Revert "Remove useless duplication on GetSSHHostname" This reverts commit b6462eb. Signed-off-by: David Gageot <david@gageot.net> Returning active host when swarm is active Signed-off-by: Dave Henderson <dhenderson@gmail.com> Stop heartbeat when there is an issue connecting to the server Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Print a better error when virtualbox fails Instead of printing `exit status 1` we'll print the stderr output Signed-off-by: David Gageot <david@gageot.net> Simpler code for env usage hints. We can just output the original os.Args in the eval call. Signed-off-by: David Gageot <david@gageot.net> Pipe error output from git line to /dev/null This will simply leave the tag empty if compiled independent of a source repository. Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> Fixed typo Signed-off-by: Ian Lee <IanLee1521@gmail.com> Fix panic when using openstack driver The openstack driver was unusable because some cli flags were redifined. That caused a runtime error like: create flag redefined: openstack-ssh-user panic: create flag redefined: openstack-ssh-user Signed-off-by: Flavio Castelli <fcastelli@suse.com> FIX docker#2093 warn in case we think VT-X is not enabled. Signed-off-by: David Gageot <david@gageot.net> FIX docker#2023 and docker#1061 Use google default authentication Signed-off-by: David Gageot <david@gageot.net> # This is the 2nd commit message: Remove redundant error log Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com>
Closing this, please re-open as a new issue if you can provide a reproducible test case. Thanks |
One very dirty solution that did the trick for me : Declare in the /etc/hosts, your docker ip address as localhost like and then you put in the DOCKER_HOST localhost instead of your IP address. And finally, on your mac, you will have either docker and docker-compose working together. But I admit, it's really dirty :d but if it could help for a time, it worth may be a try. |
For those who are new to this issue, but have arrived here from outside (e.g,. web search), see @pmahoney's docker/compose#890 (comment) regarding the |
@posita |
I ran into the same error when I was using docker-compose commands. I finally uninstalled docker-machine and use boot2docker to re-build a mv and problem solved. My OS is El Capitan and it seems mv created by docker-machine had some certificate conflicts with my system. |
Because docker-compose is python based and uses the requests python package, you must also unset the
|
!!! SOLUTION !!!
(thanks for @pmahoney docker/compose#890 (comment))
!!! END OF SOLUTION !!!
Hi,
As I was advised in docker/compose#890 (comment) (thanks @posita for the help), I want to raise a new issue that I can not make docker-compose works on my mac.
It is worth to state, that I have python and OpenSSL installed via brew, every package is up to date.
I have tried to install docker & co in two ways:
But everytime I got the SSL issue.
I have the next setup currently:
And that's what I have when doing docker-compose:
As @posita suggested, the issue has place because of the certificates misconfiguration:
docker/compose#890 (comment)
And the certificates are created during docker-machine provisioning and creation, so I have created an issues here.
However, I am not a specialist in this area :( But I want to have docker-compose work on my Mac still.
As I understand, the most full debug information is the result of the next command:
Here you can find it: http://pastebin.com/vWqZgVKi
Any advice is appreciated.
Thanks for the help!
Regards,
The text was updated successfully, but these errors were encountered: