Docker 1.7.1版本pull私有映象倉庫報錯,V1,V2等
注意:如下解決方案,只能解決pull的問題,不能解決push的問題,方案請參考:解決docker push問題
Docker 1.7版本和Docker CE的配置檔案的位置是不同的
- Docker 1.7版本
/etc/sysconfig/docker
- Docker CE版本使用
/etc/docker/daemon.json
使用docker 1.7版本如果要pull docker registry v2或者harbor裡的映象,如果沒有配置CA證書的話,需要配置insecure-registry,並且需要將這個引數加到docker daemon的啟動引數裡。配置步驟:
Docker 1.7解決辦法
setp 1 配置DOCKER_OPTS引數
[root@123 ] # vi /etc/sysconfig/docker
other_args=
DOCKER_CERT_PATH=/etc/docker
## add
DOCKER_OPTS="--insecure-registry ip:port"
save之後
setp 2 修改啟動項
[[email protected]123 ] # vi /etc/init.d/docker
## 找到 start 函式,在exec處增加 剛配置的DOCKER_OPTS,參見下邊空行處
start() {
if [ ! -x $exec ]; then
if [ ! -e $exec ]; then
echo "Docker executable $exec not found"
else
echo "You do not have permission to execute the Docker executable $exec"
fi
exit 5
fi
check_for_cleanup
if ! [ -f $pidfile ]; then
prestart
printf "Starting $prog :\t"
echo "\n$(date)\n" >> $logfile
## add DOCKER_OPTS
$exec -d $DOCKER_OPTS &>> $logfile &
pid=$!
touch $lockfile
# wait up to 10 seconds for the pidfile to exist. see
# https://github.com/docker/docker/issues/5359
tries=0
while [ ! -f $pidfile -a $tries -lt 10 ]; do
sleep 1
tries=$((tries + 1))
done
success
echo
else
failure
echo
printf "$pidfile still exists...\n"
exit 7
fi
}
setp 3 重啟docker
[root@123 ] # service docker restart
setp 4 驗證是否可以pull
Another way
不這麼費事,直接修改啟動項,原理和結果都是相同的
[root@123 ] # vi /etc/init.d/docker
## 找到exec,直接新增--insecure-registry ip:port
prog="docker"
exec="/usr/bin/$prog --insecure-registry ip:port"
pidfile="/var/run/$prog.pid"
lockfile="/var/lock/subsys/$prog"
logfile="/var/log/$prog"
然後重啟docker daemon
Docker CE版本
檢查/etc/docker
目錄下是否有daemon.json檔案,如果沒有則建立,或者直接vi /etc/docker/daemon.json
修改完在:wq
也行
[root@123 ] # vi /etc/docker/daemon.json
## add
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries" : ["ip:port","ip:port"]
}
新增完成後重啟docker服務service docker restart
Docker 1.13.1 pull 問題
表象就是pull 自己搭建的映象是提示V1 V2的錯誤。然後配置了/etc/docker/daemon.json了,也配置了insecure-registries
。然後重啟systemctl restart docker
出現錯誤了:
[[email protected] docker]# systemctl restart docker
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
檢視journalctl --no-pager
Apr 20 04:59:27 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Apr 20 05:00:00 localhost.localdomain systemd[1]: Starting Docker Cleanup...
Apr 20 05:00:00 localhost.localdomain systemd[1]: Started Docker Cleanup.
Apr 20 05:00:01 localhost.localdomain systemd[1]: Created slice User Slice of root.
Apr 20 05:00:01 localhost.localdomain systemd[1]: Starting User Slice of root.
Apr 20 05:00:01 localhost.localdomain systemd[1]: Started Session 7 of user root.
Apr 20 05:00:01 localhost.localdomain CROND[30810]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Apr 20 05:00:01 localhost.localdomain systemd[1]: Starting Session 7 of user root.
Apr 20 05:00:01 localhost.localdomain systemd[1]: Removed slice User Slice of root.
Apr 20 05:00:01 localhost.localdomain systemd[1]: Stopping User Slice of root.
Apr 20 05:00:16 localhost.localdomain polkitd[669]: Registered Authentication Agent for unix-process:30986:300800 (system bus name :1.79 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Apr 20 05:00:16 localhost.localdomain systemd[1]: Stopping Docker Application Container Engine...
Apr 20 05:00:16 localhost.localdomain dockerd-current[30297]: time="2018-04-20T05:00:16.148690884+08:00" level=info msg="Processing signal 'terminated'"
Apr 20 05:00:16 localhost.localdomain dockerd-current[30297]: time="2018-04-20T05:00:16.180397672+08:00" level=info msg="stopping containerd after receiving terminated"
Apr 20 05:00:17 localhost.localdomain systemd[1]: Starting Docker Storage Setup...
Apr 20 05:00:17 localhost.localdomain systemd[1]: Started Docker Storage Setup.
Apr 20 05:00:17 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
Apr 20 05:00:17 localhost.localdomain dockerd-current[31044]: unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: insecure-registries: (from flag: [gcr.io], from file: [192.168.1.130:5000])
Apr 20 05:00:17 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Apr 20 05:00:17 localhost.localdomain polkitd[669]: Unregistered Authentication Agent for unix-process:30986:300800 (system bus name :1.79, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Apr 20 05:00:17 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
Apr 20 05:00:17 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
Apr 20 05:00:17 localhost.localdomain systemd[1]: docker.service failed.
關鍵是這一句unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: insecure-registries: (from flag: [gcr.io], from file: [192.168.1.130:5000])
看來還是配置有問題。於是刪除了daemon.json裡的insecure-registries
配置。重啟docker,好使。
然後又查看了docker的版本 docker info
,原來是1.13.1版本的。看來還得參考最上邊的解決方法
問題又來了,在/etc/init.d/
下邊,找不到docker,全系統裡也沒找到docker啟動的配置函式,有知道的大俠望不吝賜教。
最終通過修改/etc/sysconfig/docker
,有這麼一段
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false --insecure-registry gcr.io'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
既然是 Modify these options if you want to change the way the docker daemon runs,那就在OPTIONS後邊加上OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false --insecure-registry gcr.io --insecure-registry ip:port'
在重啟docker服務,就好使了