Mar 16, 2016 - Fixing docker-machine error after upgrade


Fixing docker-machine error after upgrade

I had to upgrade docker toolbox on Yosemite to get latest docker-compose additions.

After installing the new package, I was not able to connect to docker machine:

➜  ~ docker-machine status
➜  ~ docker-machine start default
Starting "default"...
(default) Check network to re-create if needed...
(default) Waiting for an IP...
Machine "default" was started.
Waiting for SSH to be available...
Detecting the provisioner...
Started machines may have new IP addresses. You may need to re-run the `docker-machine env` command.
➜  ~ docker-machine env default
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "": tls: DialWithDialer timed out
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.

Regenerating the certificates did not solve the problem. Neither did reboot.


docker-machine --debug regenerate-certs -f default


What worked for me was dropping and recreating the virtual machine Docker uses to run.

➜  ~ docker-machine rm default
About to remove default
Are you sure? (y/n): y
Successfully removed default

➜  ~ docker-machine create --driver virtualbox default
Running pre-create checks...
Creating machine...
(default) Copying /Users/miro/.docker/machine/cache/boot2docker.iso to /Users/miro/.docker/machine/machines/default/boot2docker.iso...
(default) Creating VirtualBox VM...
(default) Creating SSH key...
(default) Starting the VM...
(default) Check network to re-create if needed...
(default) Waiting for an IP...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with boot2docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env default

➜  ~ docker-machine env default
export DOCKER_HOST="tcp://"
export DOCKER_CERT_PATH="/Users/miro/.docker/machine/machines/default"
export DOCKER_MACHINE_NAME="default"
# Run this command to configure your shell:
# eval $(docker-machine env default)

➜  ~ eval $(docker-machine env default)

➜  ~ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
➜  ~ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

Unfortunate (or fortunate ?) side effect is that all containers and images were blown away and I can start from scratch with lots of free disk space :-)

Feb 18, 2016 - Accessing internal AWS servers directly from Mac


Motivation for this hack is my unwillingness to suffer the pain of using Windows UI just to access BCC, ACC or other ATG tools requiring non command-line interface.

The credit for finding out about approach is blog post by James McOrmond - VPN over SSH - who is using this neat trick from Linux for quite some time.

The software mentioned supposedly works on OS-X, however, it has not been updated for 4-5 years and would not function for me (OS-X Yosemite).

This version seems to work on 10.10 - but Homebrew is better anyway.

Fortunately, in the meantime somebody created brew cask, so to install functioning version run

brew install sshuttle

How it works

Options available

~  sshuttle
error: at least one subnet, subnet file, or -N expected
usage: sshuttle [-l [ip:]port] [-r [username@]sshserver[:port]] <subnets...>
   or: sshuttle --firewall <port> <subnets...>
   or: sshuttle --hostwatch
    -l, --listen ...      transproxy to this ip address and port number
    -H, --auto-hosts      scan for remote hostnames and update local /etc/hosts
    -N, --auto-nets       automatically determine subnets to route
    --dns                 capture local DNS requests and forward to the remote DNS server
    --ns-hosts ...        capture and forward remote DNS requests to the following servers
    --method ...          auto, nat, tproxy or pf
    --python ...          path to python interpreter on the remote server
    -r, --remote ...      ssh hostname (and optional username) of remote sshuttle server
    -x, --exclude ...     exclude this subnet (can be used more than once)
    -X, --exclude-from ...  exclude the subnets in a file (whitespace separated)
    -v, --verbose         increase debug message verbosity
    -e, --ssh-cmd ...     the command to use to connect to the remote [ssh]
    --seed-hosts ...      with -H, use these hostnames for initial scan (comma-separated)
    --no-latency-control  sacrifice latency to improve bandwidth benchmarks
    --wrap ...            restart counting channel numbers after this number (for testing)
    -D, --daemon          run in the background as a daemon
    -s, --subnets ...     file where the subnets are stored, instead of on the command line
    --syslog              send log messages to syslog (default if you use --daemon)
    --pidfile ...         pidfile name (only if using --daemon) [./]
    --server              (internal use only)
    --firewall            (internal use only)
    --hostwatch           (internal use only)

This is example from UAT environment in the clpud.

The externally visible box is uat-nat. If I ssh to this box, I am able to see the uat-mgmt box running BCC (which is otherwise inaccessible). I cannot however create ssh tunnel from uat-nat to uat-mgmt exposing 8080 port on mgmt, because this port would not be allowed for external access.

Instead, I can use the sshuttle to direct all (or some) network traffic from local mac to the uat-nat box:

sshuttle  -vr miro.adamy@uat-nat 0/0

The -v flag means verbose - you will see the communication in the command line

It asks for 2 passwords:

  • first, sudo password on local Mac
  • then login password for the user on remote host (unless you have installed public key)

After this, you can access the hosts inside AWS using internal IP address - e.g. access BCC on uat-mgmt :

BCC inside AWS

Keep in mind that only TCP and DNS is redirected, UDP, ICMP etc is not.

Other useful tricks


Redirect the DNS as well (uses ssh_server from ~/.ssh/config)

sshuttle --dns -vr ssh_server 0/0

Exclude some traffic

sshuttle --dns -vr ssh_server -x -x 0/0

Redirect ONLY some traffic

sshuttle -vr ssh_server

Few helpers

(after some search found at )

# sshuttle helpers
# set default SSH server:
#   user@hostname or a host in ~/.ssh/config
# tunnel all traffic including DNS
alias tnl="sshuttle --dns -vr $TNL_SERVER 0/0"
# returns a list of IP addresses from given domain(s).
# Examples:
#  dns2ip
#  dns2ip
function dns2ip() {
  dig +short $* | sed "/[^0-9\.]/d" # use sed to remove non-IPv4 line e.g. alias
# tunnel specified domain(s) only.
# Examples:
#  tnlonly
#  tnlonly
function tnlonly() {
  sshuttle -vr $TNL_SERVER `dns2ip $*`;
# tunnel all traffic including DNS, except the specified domain(s).
# Examples:
#  tnlbut
#  tnlbut
function tnlbut() {
  sshuttle --dns -vr $TNL_SERVER `dns2ip $* | sed "s/^/-x/"` 0/0; # use sed to append '-x' prefix
# vpn to a ssh server.
# Examples:
#  vpnto my_office_server      # host in ~/.ssh/config
#  vpnto user@
function vpnto() {
  sshuttle -HNvr $1;

Dec 22, 2015 - p4merge as default file compare for PathFinder


p4merge as default file compare for PathFinder

Set the tool in File Comparison

How to use it

  • Select 2 files, right click, compare from context menu
  • In dual mode, select one file on each side, compare