Machine: Docker-Machine failed to provision on AWS using defaults

Moreover, this instance is provisioned on AWS EC2 actually but I am not able to ssh to it using generated private key at all.

[root@cluster-854-1426106514-informix-server docker-host-aws]# ssh -i id_rsa [email protected]
ssh: connect to host 52.4.18.164 port 22: Connection timed out

I suspect the instance's security-group permissions don't allow inbound traffic on port 22.
By default, docker-machine assigns instances to a new security group named "docker-machine".
Please check on your AWS account if this security group exists and is assigned to VPC vpc-8e84fce7.
Also, run the command in debug mode docker-machine create -D ... and check the output relating to creation of security group.

@janeczku In fact, the security group of 'docker-machine' has been created automatically and ssh is also set up properly. here is log from re-run with debug and it's the same hanging issue :

zhongs-mbp:Leo_Demo wzymaster$ ./docker-machine -D create  --driver amazonec2 \
>      --amazonec2-access-key <xxx> \
>      --amazonec2-secret-key <yyy>  \
>      --amazonec2-vpc-id vpc-8e84fce7  \
>      --amazonec2-instance-type t2.medium \
>     docker-host-ec2
INFO[0001] Launching instance...
DEBU[0001] executing: /usr/bin/ssh-keygen ssh-keygen -t rsa -N  -f /Users/wzymaster/.docker/machine/machines/docker-host-ec2/id_rsa

Generating public/private rsa key pair.
Your identification has been saved in /Users/wzymaster/.docker/machine/machines/docker-host-ec2/id_rsa.
Your public key has been saved in /Users/wzymaster/.docker/machine/machines/docker-host-ec2/id_rsa.pub.
The key fingerprint is:
e3:8d:8c:98:5e:b4:d8:10:af:2a:63:1e:6e:ad:c1:8e [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|    .            |
|     o           |
|    . o S        |
|.    O = +       |
| +. = = + .      |
|*oo+ .           |
|EBo .            |
+-----------------+
DEBU[0002] creating key pair: docker-host-ec2
DEBU[0002] configuring security group in vpc-8e84fce7
DEBU[0003] found existing security group (docker-machine) in vpc-8e84fce7
DEBU[0003] configuring security group authorization for 0.0.0.0/0
DEBU[0003] launching instance in subnet subnet-d485fdbd
DEBU[0003] waiting for ip address to become available
DEBU[0013] Got the IP Address, it's "52.4.242.4"
DEBU[0026] created instance ID i-9d18c660, IP address 52.4.242.4, Private IP address 205.210.142.111
INFO[0026] Waiting for SSH on 52.4.242.4:22

Btw, I run the above on my Mac OS X 10.9

Peculiar. Thanks for reporting. Do you have any VPN / corporate firewall / proxy active? Some corporate firewalls block access to remote server port 22, for instance.

@nathanleclaire today, I pull the latest codes of docker-machine from Github and build/run it. Unfortunately, it is still HANGING while running against amazonec2 on my Mac OS X (10.10.3), here is log :

bash-3.2$ ./docker-machine -v
docker-machine version 0.2.0 (7dcd4c2)

./docker-machine -D create   --driver amazonec2      --amazonec2-access-key "xxxxxxxxxxx"      --amazonec2-secret-key "xxxxxxxx"      --amazonec2-region "us-east-1" --amazonec2-vpc-id "xxxxxxx"   leo-dockerOne
Launching instance...
creating key pair: leo-dockerOne
configuring security group in vpc-8e84fce7
found existing security group (docker-machine) in vpc-8e84fce7
configuring security group authorization for 0.0.0.0/0
launching instance in subnet subnet-d485fdbd
waiting for ip address to become available
Got the IP Address, it's "52.6.82.9"
created instance ID i-e5682b18, IP address 52.6.82.9, Private IP address 205.210.142.122
Settings tags for instance
Getting to WaitForSSH function...

In addtion, ssh port 22 is enabled in the default security group(Docker+Machine) as screenshot attached.

Today, I tried docker-machine on Ubuntu linux box using the exact same command line , however it's hanging there as well like following :

root@cluster-950-1428356962-docker-ubuntu:/home/leowu# docker-machine -v
docker-machine version 0.2.0 (8b9eaf2)

root@cluster-950-1428356962-docker-ubuntu:/home/leowu# docker-machine create --driver amazonec2       --amazonec2-access-key "xxxxxxxx"      --amazonec2-secret-key "xxxxxx"     --amazonec2-region "us-east-1"   --amazonec2-vpc-id vpc-8e84fce7    leo-docker-ec2
INFO[0000] Launching instance...
INFO[0024] Waiting for SSH on 52.5.250.33:22

It seems like docker-machine doesn't work for AWS at all, is it a known issue ?

I have the same issue.
docker-machine create and launch ec2 instance, but instance will stopped automatically.
It looks, docker-machine is hanging until connecting to ec2.

FYI...

I have the same issue, tried it with various default and non default settings. When I restart with `docker-machine restart' it becomes active for a few seconds and stops again automatically.

FYI I solved the issue by switching to 0.3.1 if that's any help:

$ curl -L https://github.com/docker/machine/releases/download/v0.3.1/docker-machine_darwin-amd64 > /usr/local/bin/docker-machine
$ chmod +x /usr/local/bin/docker-machine

same problem on Fedora 22 with docker-machine 0.3.1

$ docker-machine -v
docker-machine version 0.3.1 (40ee236)

$ uname -r
4.0.8-300.fc22.x86_64

EDIT:
There was a problem with my configuration on AWS: the SG configuration was correct but the VPC's route table was missing explicit subnet association and the correct route through the internet gateway
This is the correct configuration:

SUBNET

ROUTE

SECURITY GROUP

@cbalducci Thank you, I was having the same issue and had no idea where to start even looking. Adding the route fixed things immediately. Is this something that can be automated?

@cbalducci thanks, for me it was trickier but I think it's almost the same problem. For anyone else having this problem, I suggest to take a look to the aws troubleshooting guide, the second section _[EC2-VPC] Check the route table for the subnet_ helped me a lot.

To test the new configuration it's faster to try to connect via SSH directly, doing something like:

$ ssh -i ~/.docker/machine/certs/cert.pem ubuntu@<IP-of-your-instance> -v

Closing as this sounds related to custom security-group.
Feel free to re-open if needed.