Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
984 views
in Technique[技术] by (71.8m points)

ubuntu - Docker daemon flags ignored

Environment:

  • OS: debian 8.0.0-amd64, ubuntu-15.04, 16.04
  • Docker: 1.x.x

Procedure:

I changed /etc/default/docker to add a private docker registry, then I restarted docker service and finally tried to pull some image.

$ cat /etc/default/docker
DOCKER_OPTS="--insecure-registry mydocker-registry.net:5000"

$ service docker restart

$ docker pull mydocker-registry.net:5000/testdb
FATA[0000] Error: v1 ping attempt failed with error: Get https://mydocker-
registry.net:5000/v1/_ping: dial tcp: lookup mydocker-registry.net: no 
such host. If this private registry supports only HTTP or HTTPS with an 
unknown CA certificate, please add `--insecure-registry mydocker-
registry.net:5000` to the daemon's arguments. In the case of HTTPS, if 
you have access to the registry's CA certificate, no need for the flag; 
simply place the CA certificate at /etc/docker/certs.d/mydocker-
registry.net:5000/ca.crt

A ps output shows nothing about DOCKER_OPTS environment var.

$ ps auxwww|grep docker
root  6919   0.0   0.1   331076   19984 ? Ssl 10:14   0:00 /usr/bin/docker -d -H fd://

Question:

According to docker documentation the way to use a private registry is through DOCKER_OPTS in /etc/default/docker. Why, after doing that, it does not take effect in this environment?

Notes:

  • The private registry hostname is correctly resolved by the DNS.
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Recommended Way Docker 17.xx +

There are a number of ways to configure the daemon flags and environment variables for your Docker daemon. The recommended way is to use the platform-independent daemon.json file, which is located in /etc/docker/ on Linux by default.

So, for configuring insecure registries, do the following:

  1. Set the following flag in the /etc/docker/daemon.json file:

    {
        "insecure-registries": ["mydocker-registry.net:5000"]
    }
    
  2. Restart Docker

     $ sudo systemctl restart docker
    

Easier each time!


Previously Recommended Way with Docker 1.12

According to docker documentation, The recommended way to configure the daemon flags and environment variables for your Docker daemon is to use a systemd drop-in file.

So, for this specific case, do the following:

  1. Create a file called /etc/systemd/system/docker.service.d/private-registry.conf with the following content:

    If not exists, create directory /etc/systemd/system/docker.service.d

    [Service]
    ExecStart=
    ExecStart=/usr/bin/dockerd --insecure-registry mydocker-registry.net:5000
    
  2. Flush changes:

    $ sudo systemctl daemon-reload
    
  3. Restart Docker:

     $ sudo systemctl restart docker
    

Voila!


Not recommended way

Edit file /lib/systemd/system/docker.service

...
[Service]
ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS
...
EnvironmentFile=-/etc/default/docker
...

Then execute

systemctl daemon-reload
systemctl restart docker

Verify that /etc/default/docker is loaded

ps auxwww | grep docker
root      4989  0.8  0.1 265540 16608 ?        Ssl  10:37   0:00 /usr/bin/docker -d -H fd:// --insecure-registry 

That's it.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...