Docker Community Forums

Share and learn in the Docker community.

Docker-machine with Amazon EC2


(Borisrousseau) #1

Hi all,

I am trying to launch new Amazon EC2 instance using docker-machine from the command line:
docker-machine -D create --engine-env HTTP_PROXY=http://<my_proxy> --driver amazonec2 --amazonec2-ami ami --amazonec2-access-key <access_key> --amazonec2-secret-key --amazonec2-region eu-west-1 --amazonec2-vpc-id vpc --amazonec2-instance-type m4.large --amazonec2-root-size 100 --amazonec2-ssh-user ec2-user --amazonec2-security-group --engine-insecure-registry try20

But with no success.
I always get the following error: “Error creating machine: Error waiting for SSH: Too many retries waiting for SSH”

Do you have any ideas what am I doing wrong ?

Thanks for your help


(Jeff Anderson) #2

So docker-machine attempts to ssh in to the box after it provisions it. This can fail for any number of reasons. Doe you have ssh allowed in your security group?


(Borisrousseau) #3

Yes, SSH is enabled in my security group
And I am using --engine-env HTTP_PROXY= to use my company’s proxy.
Is that correct ?

Thanks


(Jeff Anderson) #4

The --engine-env option doesn’t affect docker-machine nor its use of a proxy (or not). That option will configure an environment variable for the docker engine when it installs docker. It isn’t getting that far since it is failing to ssh to the node. I’m guessing you don’t want the docker engine that is running in amazon to be configured to use your company’s proxy anyway.

Are you able to ssh out of your network without a proxy? If not, that would explain why you are having trouble sshing to the node.


(Borisrousseau) #5

Yes, exactly.
Do you know how to configure SSH to use the company’s proxy, please ?

Thanks


(Jeff Anderson) #6

If you have ssh out working with your ~/.ssh/config file already, docker-machine should be shelling out and using your ssh command as it is.

Take a look at the ProxyCommand option in the manpage for ssh_config.


(Borisrousseau) #7

The issue I have is that I do not know the host’s IP before docker-machine is run.:slight_smile:
So, the process would be
1/ run the docker machine command and wait until it fails SSH
2/ configure ~/.ssh/config for this host : where is the host newly created .pem key located ?

Is that correct ?


(Jeff Anderson) #8

docker-machine will generate an ssh command that specifies the key location explicitly, so you don’t need to worry about that for your ~/.ssh/config file.

You can put the ProxyCommand into a Host * block to make all your traffic utilize whatever proxy command you need to use.


(Borisrousseau) #9

I did that but still having the same error "Too many retries waiting for SSH to be available."
And when I do a docker-machine ls:
docker3 - amazonec2 Running tcp://52.50.209.234:2376 Unknown Unable to query docker version: Unable to read TLS config: open /home/videx_ref/.docker/machine/machines/docker3/server.pem: no such file or directory

Can you please help me out ?


(Borisrousseau) #10

Ah, got it to work out with SSH.
However, I now have the following error :
Reading CA certificate from /home/videx_ref/.docker/machine/certs/ca.pem
Reading server certificate from /home/videx_ref/.docker/machine/machines/docker4/server.pem
Reading server key from /home/videx_ref/.docker/machine/machines/docker4/server-key.pem
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host “52.51.72.96:2376”: dial tcp 52.51.72.96:2376: i/o timeout
You can attempt to regenerate them using ‘docker-machine regenerate-certs [name]’.
Be advised that this will trigger a Docker daemon restart which will stop running containers.

open : no such file or directory
notifying bugsnag: [Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host “52.51.72.96:2376”: dial tcp 52.51.72.96:2376: i/o timeout
You can attempt to regenerate them using ‘docker-machine regenerate-certs [name]’.
Be advised that this will trigger a Docker daemon restart which will stop running containers.
]
bugsnag.Notify: [bugsnag/payload.deliver: Got HTTP 400 Bad Request
]