Azure vm docker create 找不到证书“ca.pem”

Question

我正在尝试在 azure 中创建一个 docker 主机，因此我运行了以下命令（通过 azure-cli 版本 0.8.11 和节点版本 0.10.33）：

$ azure vm docker create -v [.. + loads of options..]
info:    Executing command vm docker create
verbose: C:\Users\JAM\.docker\ca-key.pem file was not found
verbose: C:\Users\JAM\.docker\ca.pem file was not found
verbose: C:\Users\JAM\.docker\server-key.pem file was not found
verbose: C:\Users\JAM\.docker\server-cert.pem file was not found
verbose: C:\Users\JAM\.docker\key.pem file was not found
verbose: C:\Users\JAM\.docker\cert.pem file was not found
verbose: Generating docker certificates.
verbose: Loading 'screen' into random state - done
Generating RSA private key, 512 bit long modulus
.......++++++++++++
............++++++++++++
e is 65537 (0x10001)

verbose: Unable to load config info from /usr/local/ssl/openssl.cnf

verbose: Loading 'screen' into random state - done
Generating RSA private key, 512 bit long modulus
.++++++++++++
..++++++++++++
e is 65537 (0x10001)

verbose: Unable to load config info from /usr/local/ssl/openssl.cnf

verbose: Loading 'screen' into random state -C:\Users\JAM\.docker\server.csr: No such file or directory
 done

verbose: Loading 'screen' into random state - done
Generating RSA private key, 512 bit long modulus
.........................++++++++++++
..++++++++++++
e is 65537 (0x10001)

verbose: Unable to load config info from /usr/local/ssl/openssl.cnf

verbose: Loading 'screen' into random state -C:\Users\JAM\.docker\client.csr: No such file or directory
 done

verbose: writing RSA key

verbose: writing RSA key

error:   ENOENT, no such file or directory 'C:\Users\JAM\.docker\ca.pem'
verbose: stack Error: ENOENT, no such file or directory 'C:\Users\JAM\.docker\ca.pem'
    at Object.fs.chmodSync (fs.js:832:18)
    at C:\nvm\v0.10.33\node_modules\azure-cli\lib\commands\asm\vm\vmclient.js:3104:30
    at ChildProcess.<anonymous> (C:\nvm\v0.10.33\node_modules\azure-cli\node_modules\openssl-wrapper\lib\openssl-wrapper.js:86:16)
    at ChildProcess.emit (events.js:98:17)
    at maybeClose (child_process.js:756:16)
    at Process.ChildProcess._handle.onexit (child_process.js:823:5)
info:    Error information has been recorded to azure.err

azure-cli 无法加载 openssl 配置，因为路径 /usr/local 不存在：

verbose: Unable to load config info from /usr/local/ssl/openssl.cnf

但是，路径 /usr/ssl/.. 和 /usr/ssl/openssl.cnf 存在。所以我尝试将/usr/ssl/* 复制到/usr/local/ssl/*，但同样的错误不断弹出。

关于如何解决这个问题的任何想法？

Answer 1

这已经开放了一段时间，但最重要的是 Windows 支持还不够成熟。最好的办法是下载 OpenSSL，然后使用以下命令生成所需的密钥文件（将生成的文件复制到错误中的 .docker 文件夹）。

echo 01 > ca.srl

openssl genrsa -des3 -out ca-key.pem
openssl req -new -x509 -days 3650 -key ca-key.pem -out ca.pem
openssl genrsa -des3 -out server-key.pem
openssl req -new -key server-key.pem -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem

echo "Creating client keys..."
openssl genrsa -des3 -out client-key.pem
openssl req -new -key client-key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile.cnf
openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem -out client-cert.pem -extfile extfile.cnf

echo "Stripping passwords from keys..."
openssl rsa -in server-key.pem -out server-key.pem
openssl rsa -in client-key.pem -out key.pem

这最初来自：http://blog.jameskyle.org/2014/04/coreos-docker-remote-api-tls/，主要针对 unix，但在 Windows 上的命令实际上是相同的。

将这些文件复制到正确的位置后，您就可以继续安装了（我目前正在尝试对下一步进行故障排除 :)）。