/ etc / default / docker中的DOCKER_OPTS被忽略 [英] DOCKER_OPTS in /etc/default/docker ignored
问题描述
环境:
- 操作系统:debian 8.0.0-amd64,ubuntu-15.04,16.04
-
- Docker :1.xx
过程:
我更改了 / etc / default / docker
添加一个专用docker注册表,然后重新启动docker服务,最后尝试拉一些图像。
$ cat / etc / default / docker
DOCKER_OPTS = - insecure-registry mydocker-registry。 net:5000
$ service docker restart
$ docker pull mydocker-registry.net:5000/testdb
FATA [0000]错误:v1 ping尝试失败错误:获取https:// mydocker-
注册表.net:5000/v1/_ping:拨打tcp:lookup mydocker-registry.net:否
这样的主机。如果这个私人注册表仅支持HTTP或HTTPS
未知的CA证书,请在守护程序的参数中添加--insecure-registry mydocker-
registry.net:5000。在HTTPS的情况下,如果
您可以访问注册表的CA证书,则不需要该标志;
只需将CA证书放在/etc/docker/certs.d/mydocker-
registry.net:5000/ca.crt
A ps
输出不显示DOCKER_OPTS环境变量。
$ ps auxwww | grep docker
root 6919 0.0 0.1 331076 19984? Ssl 10:14 0:00 / usr / bin / docker -d -H fd://
问题:
根据docker文档,使用私有注册表的方法是通过 / etc / default / docker
。为什么在这样做之后它在这种环境下不起作用?
注意:
- 私人注册表主机名由DNS正确解析。
推荐方式
根据 docker documentation ,为Docker守护程序配置守护程序标志和环境变量的推荐方法是使用 systemd 插件文件。
因此,对于具体情况,请执行以下操作:
-
创建一个名为
/etc/systemd/system/docker.service.d/private-registry.conf
的文件,其中包含以下内容:
如果不存在,请创建目录
/etc/systemd/system/docker.service.d
[服务]
ExecStart =
ExecStart = / usr / bin / dockerd - insecure -registry mydocker-registry.net:5000
-
刷新更改:
$ sudo systemctl daemon-reload
-
重新启动Docker:
$ sudo systemctl restart docker
/ pre>
Voila!
不推荐的方式
编辑文件 /lib/systemd/system/docker.service
...
[服务]
ExecStart = / usr / bin / docker -d -H fd:// $ DOCKER_O PTS
...
EnvironmentFile = - / etc / default / docker
...
然后执行
systemctl daemon-reload
systemctl restart docker
验证 / etc / default / docker
是否加载
ps auxwww | grep docker
root 4989 0.8 0.1 265540 16608? Ssl 10:37 0:00 / usr / bin / docker -d -H fd:// --insecure-registry
就是这样。
Environment:
- OS: debian 8.0.0-amd64, ubuntu-15.04, 16.04
- Docker: 1.x.x
Procedure:
I changed /etc/default/docker
to add a private docker registry, then I restarted docker service and finally tried to pull some image.
$ cat /etc/default/docker
DOCKER_OPTS="--insecure-registry mydocker-registry.net:5000"
$ service docker restart
$ docker pull mydocker-registry.net:5000/testdb
FATA[0000] Error: v1 ping attempt failed with error: Get https://mydocker-
registry.net:5000/v1/_ping: dial tcp: lookup mydocker-registry.net: no
such host. If this private registry supports only HTTP or HTTPS with an
unknown CA certificate, please add `--insecure-registry mydocker-
registry.net:5000` to the daemon's arguments. In the case of HTTPS, if
you have access to the registry's CA certificate, no need for the flag;
simply place the CA certificate at /etc/docker/certs.d/mydocker-
registry.net:5000/ca.crt
A ps
output shows nothing about DOCKER_OPTS environment var.
$ ps auxwww|grep docker
root 6919 0.0 0.1 331076 19984 ? Ssl 10:14 0:00 /usr/bin/docker -d -H fd://
Question:
According to docker documentation the way to use a private registry is through DOCKER_OPTS in /etc/default/docker
. Why, after doing that, it does not take effect in this environment?
Notes:
- The private registry hostname is correctly resolved by the DNS.
Recommended Way
According to docker documentation, The recommended way to configure the daemon flags and environment variables for your Docker daemon is to use a systemd drop-in file.
So, for this specific case, do the following:
Create a file called
/etc/systemd/system/docker.service.d/private-registry.conf
with the following content:If not exists, create directory
/etc/systemd/system/docker.service.d
[Service] ExecStart= ExecStart=/usr/bin/dockerd --insecure-registry mydocker-registry.net:5000
Flush changes:
$ sudo systemctl daemon-reload
Restart Docker:
$ sudo systemctl restart docker
Voila!
Not recommended way
Edit file /lib/systemd/system/docker.service
...
[Service]
ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS
...
EnvironmentFile=-/etc/default/docker
...
Then execute
systemctl daemon-reload
systemctl restart docker
Verify that /etc/default/docker
is loaded
ps auxwww | grep docker
root 4989 0.8 0.1 265540 16608 ? Ssl 10:37 0:00 /usr/bin/docker -d -H fd:// --insecure-registry
That's it.
这篇关于/ etc / default / docker中的DOCKER_OPTS被忽略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!