eval "$(docker-machine env default)" leads to Error checking TLS connection - macos

I've installed Docker on my Mac about a month ago, and I now wanted to use it again. The command eval "$(docker-machine env default)" used to work perfectly before, but I now get an error:
Error checking TLS connection: default is not running. Please start it
in order to use the connection settings
I searched around for this error, but I can't really find anything about it. Does anybody know what I should do to solve this? All tips are welcome!

Your boot2docker virtual machine must be running inside Virtualbox.
List your Docker machines:
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default - virtualbox Stopped Unknown
Start default machine:
$ docker-machine start default
Starting "default"...
(default) Check network to re-create if needed...
(default) Waiting for an IP...
Machine "default" was started.
Waiting for SSH to be available...
Detecting the provisioner...
Started machines may have new IP addresses. You may need to re-run the `docker-machine env` command.
To recreate your default machine:
$ docker-machine rm default
$ docker-machine create --driver virtualbox default
Then you should be able to setup your env with eval "$(docker-machine env default)".

Related

Cannot connect to the Docker daemon when running with sudo

My Docker service is up and running. However when attempting to use Docker by running it with sudo, e.g.:
12:40:26/~ $ sudo docker pull fluxcapacitor/pipeline
Using default tag: latest
I have got the following error:
Warning: failed to get default registry endpoint from daemon (Cannot connect to
the Docker daemon. Is the docker daemon running on this host?). Using system
default: https://index.docker.io/v1/
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Note that I had already followed the answers on Mac OS X sudo docker Cannot connect to the Docker daemon. Is the docker daemon running on this host?
as follows:
docker-machine start default
12:40:36/~ $ docker-machine start default
Starting "default"...
Machine "default" is already running.
docker ps
12:41:20/~ $ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
So what more needs to be done?
This is:
$ docker --version
Docker version 1.11.2, build b9f10c9
on El Capitan.
Output of docker-machine env default
$ eval "$(docker-machine env default)"
$ docker-machine env default
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.99.100:2376"
export DOCKER_CERT_PATH="/Users/macuser/.docker/machine/machines/default"
export DOCKER_MACHINE_NAME="default"
The following command exports a few environment variables that the subsequent docker commands use:
eval "$(docker-machine env default)"
However, if you launch docker with sudo, the exported environment variables are not accessible by the docker executable. You could potentially get it to work by passing -E flag to sudo, e.g.:
sudo -E docker pull fluxcapacitor/pipeline
But much easier option is to use docker without root like:
docker pull fluxcapacitor/pipeline
You have to set environment variables with:
eval "$(docker-machine env default)"
More about it here.
I had same probelem on my MAC, when attempted
# eval "$(docker-machine env default)"
got this error
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": x509: certificate is valid for 192.168.99.101, not 192.168.99.100
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
to regenerate certificates, find out the docker-machines available;
# docker-machine ls
Output of avalable docker machines (omitted others)
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default - virtualbox Running tcp://192.168.99.100:2376 Unknown Unable to query docker version: Get https://192.168.99.100:2376/v1.15/version: x509: certificate is valid for 192.168.99.101, not 192.168.99.100
Generate certificates for this default docker-machine
# docker-machine regenerate-certs default
and then setup docker-machine env to default docker-machine;
# eval "$(docker-machine env default)"
and it works normally after that.
I have also tried the same but did not work.
later I have tried these steps on AWS CLI
$ sudo nano /etc/docker/daemon.json
{
"dns": ["8.8.8.8", "8.8.4.4"]
}
$ sudo service docker restart
$ docker pull hello-world

Can not run docker command directly after installation on windows

I installed docker on windows 10 with DockerToolbox (1.11.2) executable. However, I can't evaluate my environment using docker-machine env default directly.
Instead, only when I use this command
C:\Program Files\Docker Toolbox\docker-machine.exe env default *
Can I evaluate the environment?
When I want to check help information, I also have to run
C:\Program Files\Docker Toolbox\docker.exe run --help
In their official tutorial: Install Docker for Windows, they mentioned that after installation, I could use docker,docker-machine,docker-compose directly.
In fact, I found this problem when I met this error:
C:\Program Files\Docker Toolbox\docker.exe: An error occurred trying
to connect: Post https://192.168.99.103:2376/v1.23/containers/create:
dial tcp 192.168.99.103:2376: connectex: A connection attempt failed
because the connected party did not properly respond after a period of
time, or established connection failed because connected host has
failed to respond..
And I solved it by restart my machine, and evaluate it again with the full path of the executable.
Some thing interesting is that docker-machine create -d virtualbox default worked for me while docker stop $(docker ps -a -q) failed.
I can just add those executable to environment variable on Windows.
But I want to what's happaning to that installation which caused this problem.
Screenshot of my installation console:
First, you don't have to use docker-machine env at all: you can simply ssh to your machine, and make your docker commands from there.
docker-machine ssh default
Second, try and use those commands from a regular CMD session (you don't need a bash).
As documented in docker-machine env:
$ docker-machine.exe env --shell cmd dev
set DOCKER_TLS_VERIFY=1
set DOCKER_HOST=tcp://192.168.99.101:2376
set DOCKER_CERT_PATH=C:\Users\captain\.docker\machine\machines\dev
set DOCKER_MACHINE_NAME=dev
# Run this command to configure your shell: copy and paste the above values into your command prompt
(Replace "dev" by the name of your machine, like "default" for instance)

Docker machine timeout - how to fix without destroying the machine?

I'm having a recurring problem with Docker Machine - every few days it decides to timeout and I am unable to recover it once this happens.
Example
docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default virtualbox Timeout
Environment Info
uname -a Darwin ColeyMBPR 15.4.0 Darwin Kernel Version 15.4.0: Fri Feb 26 22:08:05 PST 2016; root:xnu-3248.40.184~3/RELEASE_X86_64 x86_64
docker version 1.11.0
docker-machine version 0.7.0
vboxmanage --version 5.0.20r106931
Attempted Solutions
I've tried the following things in no particular order:
Restarting the docker machine.
Running eval "$(docker-machine env default)"
Regenerating the certificates docker-machine regenerate-certs default
Restarting my host box.
Upgrading Docker.
Reinstalling Docker.
Upgrading VirtualBox.
Removing all VirtualBox host-only network devices.
Hack
The only thing that's working for me right now is destroying the docker machine and recreating it. This destroys all my images and containers, and it's incredibly time consuming to set it up again.
docker-machine rm -y default && docker-machine create -d virtualbox default && eval $(docker-machine env)
Is there anything I can try? Thanks!
Update: 9th May (Steps to Reproduce)
I can reliably reproduce this problem with the following steps:
Start with a freshly created Docker machine.
Use docker-compose up to build some containers.
Shutdown the computer with the containers running.
After reboot the Docker CLI doesn't work due to the Docker machine timing out.
This command worked for me with the digitalocean driver:
docker-machine ls -t 20
It seems as though the default timeout of 10 seconds was too short.
This is usually a problem related to the way you start and stop your machine.
You can solve it using
$ docker-machine stop default
$ docker-machine start default
$ docker-machine regenerate-certs default
Do not use docker-machine restart default because it will not refresh your networking configs.
Check if you are are using a proxy or VPN!
None of the above suggestions worked for me until I turned off my VPN and suddenly:
docker-machine.exe ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default * virtualbox Running tcp://192.168.99.102:2376 v19.03.5
I had the same issue with Docker version 1.11.2, build b9f10c9
This worked for me - my docker machine is back to the Running state
$ docker-machine restart
$ eval $(docker-machine env)
So far I have a bit of a hacky solution - this fixes the docker machine but destroys all containers and images.
Script: rebuild-machine.sh
docker-machine rm -y default
docker-machine create -d virtualbox default
docker-machine stop default
VBoxManage modifyvm "default" --natpf1 "Forwarding App 1,tcp,127.0.0.1,3000,,3000"
VBoxManage modifyvm "default" --natpf1 "Forwarding App 2,tcp,127.0.0.1,3001,,3001"
VBoxManage modifyvm "default" --natpf1 "Forwarding App 3,tcp,127.0.0.1,3004,,3004"
VBoxManage modifyvm "default" --natpf1 "Forwarding App 4,tcp,127.0.0.1,3005,,3005"
VBoxManage modifyvm "default" --natpf1 "Forwarding App 5,tcp,127.0.0.1,3006,,3006"
VBoxManage modifyvm "default" --natpf1 "Forwarding App 6,tcp,127.0.0.1,8081,,8081"
docker-machine start default
eval $(docker-machine env)
Explanation
Destroys the default docker machine, containers and images.
Creates a new docker machine on VirtualBox and stops it so we can modify VirtualBox.
Adds port forwarding for various applications on VirtualBox.
Starts the docker machine.
Ensures the Terminal is setup for the new IP address of the docker machine.
My problem was very simple. I was blocking port 2376 with my ufw firewall. Docker-machine needs this port open to connect to the remote.
I found the answer to my problem in on this page:
I have opened virtualbox and closed and start all vm manually/. State is running again
This worked for me and my containers were not destroyed:
Opened Oracle virtual box and paused the VM
Restarted the VM on docker machine
$ docker-machine restart default
docker version: 1.12.3
docker-machine version: 0.8.2, build e18a919
My problem was very trivial - I did the docker machine ls command right after restarting a docker machine, so it was not running yet, and that caused a timeout.

Docker-machine doesn't work when connected to Cisco AnyConnect (Mac OS X)

I'm trying to find some way to be able to both use my company's VPN and Docker-Machine; at the moment, I cannot use both, or else if I use the VPN at any point, then I cannot do anything Docker related until I shut off the VPN and restart my machine. Specifically, the following command just hangs and times out:
eval $(docker-machine env dev)
where dev is the name of my Docker-Machine VM.
Nothing involving Docker works without that eval command, and the eval command simply does not work either while connected to the VPN or even after. I've read that using an older version of VirtualBox (4.3.1 or some such) will fix this issue, but unfortunately, Docker Toolbox always makes sure that the latest VirtualBox is installed. I'm using Docker Toolbox 1.8.1b and VirtualBox 5.0.2. Is there a way to get Cisco AnyConnect VPN and Docker-Machine to work together? It seems like the main problem is that AnyConnect is messing with network routing.
I'm sure a clever bash person could explain why, but eval "$(docker-machine env dev)" (note the quotes) is the recommended (by Docker) way to setup the DOCKER environment variables.
This answer applies the findings from: https://stackoverflow.com/a/26913705/3471672
I'm using the Toolbox on Mac OS X (Docker v1.10) from: https://docs.docker.com/mac/step_one/
It looks like the issue is a firewall rule introduced by starting Cisco AnyConnect. The following shows the issue getting introduced and how to resolve it:
Make sure Cisco AnyConnect is STOPPED (!)
Make sure you can see no firewall rule issue; to validate, run (using the Toolbox, in the Docker Quickstart Terminal):
$ sudo ipfw -a list | grep "deny ip"
Create docker machine named e.g.: dev, run:
$ docker-machine create --driver virtualbox dev
Validate the machine can be accessed, run e.g.:
$ docker-machine ls
START Cisco AnyConnect: --- THE ISSUE GETS INTRODUCED HERE ---
Validate the machine cannot be accessed anymore, run:
$ docker-machine ls
You will see an error like:
Unable to query docker version [...] connect: permission denied
Check for a new firewall rule that has been introduced, run:
$ sudo ipfw -a list | grep "deny ip"
You get something like e.g.:
00411 72 6160 deny ip from any to any keep-state
Based on the first number (in this case: 00411), remove the rule, run e.g.:
$ sudo ipfw delete 00411
Validate the machine can be accessed again, run:
$ docker-machine ls
Now you can successfully do stuff again like:
$ eval $(docker-machine env dev)
$ docker ps
etc.

After installing Docker, docker-machine env default fails because ca.pem is not found

Just installed Docker, but docker-machine env default doesn't work:
$ docker-machine env default
open /Users/me/.docker/machine/machines/default/ca.pem: no such file or directory
The path /Users/me/.docker/machine/machines/default exists but there's no ca.pem in it. Just a bunch of other files.
You can also try regenerating the certificates for that docker-machine (e.g. default)
docker-machine regenerate-certs default
docker-machine restart default
Usually during the creation of a machine the certs are set up. Just create a new machine from scratch like:
docker-machine create --driver virtualbox dev
docker-machine env dev
That should work.
If you are connected to a VPN while creating the VM, that may cause networking issues that prevent the CA from being properly shared. Try disconnecting from any VPNs before creating the VM.

Resources