docker正在使用v1注册表api，当它应该使用v2 [英] docker is using the v1 registry api when it should use v2

问题描述

我试图使用一个自托泊坞码注册表v2。我应该能够推送一个停靠点映像，它在本地运行注册表v2容器的主机服务器（coreos）上工作。但是，在一个单独的机器（也是coreos，相同的版本）当我试图推到注册表，它试图推到v1，给出这个错误：

 来自守护程序的错误响应：v1 ping尝试失败并显示错误：Get 
 https://172.22.22.11:5000/v1/_ping：dial tcp 172.22.22.11:5000：i / o timeout 。 
如果此私有注册表仅支持具有未知CA 
证书的HTTP或HTTPS，请在
守护程序的参数中添加--insecure-registry 172.22.22.11：5000。在HTTPS的情况下，如果您有权访问注册表的
 CA证书，则不需要该标志;只需将CA证书放在
 /etc/docker/certs.d/172.22.22.11:5000/ca.crt 
  

两台机器的docker可执行文件都是v1.6.2。为什么这个工作正在推动v2，但另一个是v1？

这是注册表的回购： https://github.com/docker/distribution

解决方案

p>您需要保护注册表，才能远程访问它，或明确允许所有Docker守护进程访问不安全的注册表。

为了保护注册表，最简单的选择是为服务器购买SSL证书，但您也可以自行签发证书并分发给客户端。

为了让不安全的访问向需要访问的所有守护进程添加参数 - insecure-registry myregistrydomain.com:5000 注册表中。 （显然用你的域名和端口替换）。

完整的说明（包括错误信息的示例）可从以下网址获取： https://github.com/docker/distribution/blob/master/docs/deploying.md

关于错误消息，我猜想/ /> Docker首先尝试使用v2，因为安全问题而失败，然后尝试v1并再次失败。

I'm trying to use a self hosted docker registry v2. I should be able to push a docker image, which does work locally on the host server (coreos) running the registry v2 container. However, on a separate machine (also coreos, same version) when I try to push to the registry, it's try to push to v1, giving this error:

Error response from daemon: v1 ping attempt failed with error: Get 
https://172.22.22.11:5000/v1/_ping: dial tcp 172.22.22.11:5000: i/o timeout. 
If this private registry supports only HTTP or HTTPS with an unknown CA 
certificate, please add `--insecure-registry 172.22.22.11:5000` to the 
daemon's arguments. In the case of HTTPS, if you have access to the registry's 
CA certificate, no need for the flag; simply place the CA certificate at 
/etc/docker/certs.d/172.22.22.11:5000/ca.crt 

both machine's docker executable is v1.6.2. Why is it that one works and is pushing to v2 but the other is v1?

Here's the repo for the registry: https://github.com/docker/distribution

解决方案

You need to secure the registry before you can access it remotely, or explicitly allow all your Docker daemons to access insecure registries.

To secure the registry the easiest choice is to buy an SSL certificate for your server, but you can also self-sign the certificate and distribute to clients.

To allow insecure access add the argument --insecure-registry myregistrydomain.com:5000 to all the daemons who need to access the registry. (Obviously replace the domain name and port with yours).

The full instructions (including an example of your error message) are available at: https://github.com/docker/distribution/blob/master/docs/deploying.md

Regarding the error message, I guess Docker tries to use v2 first, fails because of the security issue then tries v1 and fails again.

这篇关于docker正在使用v1注册表api，当它应该使用v2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！