将docker更新至1.12后无法拉/推图像


86

私有注册表在docker 1.10.3的基础上运行良好,但是在docker更新到1.12.0之后我无法拉/推映像。

我已经将/ etc / sysconfig / docker修改为:

OPTIONS='--selinux-enabled=true --insecure-registry=myip:5000'

要么

OPTIONS='--selinux-enabled=true --insecure-registry myip:5000'

但是当我执行拉/推,我得到了这个错误:

$ docker pull myip:5000/cadvisor
Using default tag: latest
Error response from daemon: Get https://myip:5000/v1/_ping: http: server gave HTTP response to HTTPS client

当我将docker改回1.10.3时,它仍然可以正常工作,如下所示:

$ docker pull myip:5000/cadvisor
Using default tag: latest
Trying to pull repository myip:5000/cadvisor ... 
latest: Pulling from myip:5000/cadvisor
09d0220f4043: Pull complete 
a3ed95caeb02: Pull complete 
151807d34af9: Pull complete 
14cd28dce332: Pull complete     
Digest:
sha256:33b6475cd5b7646b3748097af1224de3eee3ba7cf5105524d95c0cf135f59b47
Status: Downloaded newer image for myip/cadvisor:latest

下面列出了一些相关信息:

docker version
Client:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built:

OS/Arch: linux/amd64

Server:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built:

OS/Arch: linux/amd64

docker info
Containers: 4
Running: 1
Paused: 0
Stopped: 3
Images: 241
Server Version: 1.12.0
Storage Driver: devicemapper
Pool Name: docker-253:0-6809-pool
Pool Blocksize: 65.54 kB
Base Device Size: 107.4 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 5.459 GB
Data Space Total: 107.4 GB
Data Space Available: 34.74 GB
Metadata Space Used: 9.912 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.138 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use '--storage-opt dm.thinpooldev' to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2016-06-09)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: host overlay null bridge
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-229.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 24
Total Memory: 62.39 GiB
Name: server_3
ID: TITS:BL4B:M5FE:CIRO:5SW6:TVIV:HW36:J7OS:WLHF:46T6:2RBA:WCNV
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 21
Goroutines: 32
System Time: 2016-08-02T10:33:06.414048675+08:00
EventsListeners: 0
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
127.0.0.0/8

docker exec <registry-container> registry -version
registry github.com/docker/distribution v2.2.1

在以调试模式重新启动docker守护程序后,下面列出了重现我的问题时的守护程序日志:

DEBU[0794] Calling POST /v1.24/images/create?fromImage=10.10.10.40%3A5000%2Fcadvisor&tag=latest 
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000 
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000 
DEBU[0794] Trying to pull 10.10.10.40:5000/cadvisor from https://10.10.10.40:5000 v2 
WARN[0794] Error getting v2 registry: Get https://10.10.10.40:5000/v2/: http: server gave HTTP response to HTTPS client 
ERRO[0794] Attempting next endpoint for pull after error: Get https://10.10.10.40:5000/v2/: http: server gave HTTP response to HTTPS client
DEBU[0794] Trying to pull 10.10.10.40:5000/cadvisor from https://10.10.10.40:5000 v1 
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000
DEBU[0794] attempting v1 ping for registry endpoint https://10.10.10.40:5000/v1/
DEBU[0794] Fallback from error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client 
ERRO[0794] Attempting next endpoint for pull after error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client
ERRO[0794] Handler for POST /v1.24/images/create returned error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client 
DEBU[1201] clean 2 unused exec commands

而且,我只运行一个简单的命令即可启动私有注册表进行测试,默认情况下,其他所有操作都是这样:

docker run -d -p 5000:5000 --restart=always --name registry -v 'pwd'/data:/var/lib/registry registry:2

没有配置代理。总之,这只是一个安静的示例测试环境。


好吧,我也遇到同样的错误,但是奇怪的是我在RHEL 7中没有/ etc / sysconfig / docker文件,您知道我可以找到任何类似的文件吗?这个docker文件的内容是什么?谢谢。
sai 2016年

如果要更改docker守护程序的运行方式,此文件包含一些选项。我不知道RHEL7中的确切路径。但是,如果使用命令“ $ sudolocate docker”执行,则会在某个位置找到文件
yuxiaoyu

我最终删除了/etc/docker/daemon.json并重新启动docker服务,它似乎正在覆盖/ etc / sysconfig /
docker中

对于MacOS用户,请参见以下答案:stackoverflow.com/a/39492340/706521
Adrian Forsius,

Answers:


222

我遇到过同样的问题。

这对我有帮助:

  • 在客户端机器上创建或修改/etc/docker/daemon.json

    { "insecure-registries":["myregistry.example.com:5000"] }

  • 重新启动docker daemon

    sudo /etc/init.d/docker restart


7
在我的情况下,我使用Ubuntu 16.04和/ etc / default / docker(我的配置所在)特定于新贵。16.04使用systemd。/etc/docker/daemon.json是与平台无关的配置。github.com/docker/docker/issues/23512 github.com/docker/docker/issues/23228
bojtib '16

1
这是有关如何设置不安全注册表的文档 docs.docker.com/registry/insecure
Ivailo Bardarov

6
创建/etc/docker/daemon.json文件(如果不存在)。特定于Ubuntu 16.04
2015年

有人对MacOS有任何信息吗?
Adrian Forsius

这在安装Docker V17.x时对我有所帮助。这有点不工作时,我曾docker.io 1.x版
node_man

23

对于Windows用户

在此处添加本地注册表并申请:

在此处输入图片说明


7

对于Mac用户:使用顶部栏中的(docker)图标更新docker首选项

首选项->守护程序->不安全的注册表[单击(+)符号]->添加:port

点击底部的“应用并重新启动”按钮

显示Docker首选项窗口的图片


6

我也遇到了同样的问题,并遵循以下步骤:

1.创建文件

 vi /etc/docker/daemon.json

2.添加以下内容

{
        "insecure-registries":["192.168.1.142:5000"]
 }

3,重启Docker

service docker restart

3

如果您使用的是Windows,并且出现此错误,则需要在此处创建文件: "C:\ProgramData\docker\config\daemon.json"

并与上述@Bspec相同:

{“不安全的注册表”:[“ myregistry.example.com:5000”]}

然后使用PowerShell命令重启docker:

Stop-Service docker
Start-Service docker

2

修改“ /etc/docker/daemon.json”对我不起作用。

如下所示,将其放在“ / etc / sysconfig / docker”下。

INSECURE_REGISTRY =“-安全注册表192.168.24.1:8787”


感谢您向我们展示--insecure-registry选项。就我而言,它甚至是另一个文件,/etc/systemd/system/docker.service.d/docker-options.conf因为我正在使用Kubespray。所以对于其他人:您需要找到您的DOCKER_OPTS参数。只需使用此搜索:grep -ER DOCKER_OPTS /etc/etc目录。在我的特定情况下,使设置生效我所做的:systemctl daemon-reloadsystemctl restart dockerps -ef | grep dockerd在Ubuntu。
laimison

1

为了推送,将ip添加到客户端的不安全注册表中(例如,对于Windows)

在此处输入图片说明

要拉取,请将其添加到服务器端(在本例中为Ubuntu)

vim /etc/docker/daemon.json

在此处输入图片说明

然后重启Docker。

By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.