docker pull Error response from daemon x509 certificate signed by unknown authority.
19 Feb 2020
|
|
场景
centos环境。docker 1.18版本
使用公司内网镜像库,docker pull报错提示
docker: Error response from daemon: Get linkxxxxx : x509: certificate signed by unknown authority.
上面的linkxxxxx是内网网址
解决办法 -> daemon.json
daemon.json相当于工程模式加载配置。
默认这个json是不存在的,在/etc/docker/daemon.json,需要创建一个,另外,低版本的docker(1.12.6以下)不支持这个配置加载。需要注意
然后添加如下json
{
"insecure-registries":["linkxxxxx"]
}
其中linkxxxxx是上面的网址。注意这个镜像网址,不需要多余的东西,类似 register.xx.com 不要有https,不要有斜杠,否则会有报错
systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2020-04-03 09:52:46 CST; 53s ago
Docs: https://docs.docker.com
Process: 30506 ExecStart=/usr/bin/dockerd $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $INSECURE_REGISTRY (code=exited, status=1/FAILURE)
Main PID: 30506 (code=exited, status=1/FAILURE)
Apr 03 09:52:45 kwephispra38428 dockerd[30506]: time="2020-04-03T09:52:45.183750000+08:00" level=info msg=serving... address="/var/run/docker/containerd/cont>
Apr 03 09:52:45 kwephispra38428 dockerd[30506]: time="2020-04-03T09:52:45.183810260+08:00" level=info msg=serving... address="/var/run/docker/containerd/cont>
Apr 03 09:52:45 kwephispra38428 dockerd[30506]: time="2020-04-03T09:52:45.183828300+08:00" level=info msg="containerd successfully booted in 0.006990s"
Apr 03 09:52:45 kwephispra38428 dockerd[30506]: time="2020-04-03T09:52:45.188993960+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0x400>
Apr 03 09:52:45 kwephispra38428 dockerd[30506]: time="2020-04-03T09:52:45.189921780+08:00" level=warning msg="insecure registry https://registry-xx>
Apr 03 09:52:45 kwephispra38428 dockerd[30506]: time="2020-04-03T09:52:45.190047920+08:00" level=info msg="stopping healthcheck following graceful shutdown" >
Apr 03 09:52:46 kwephispra38428 dockerd[30506]: Error starting daemon: insecure registry registry-xx.com/ is not valid: invalid host "
Apr 03 09:52:46 kwephispra38428 systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Apr 03 09:52:46 kwephispra38428 systemd[1]: docker.service: Failed with result 'exit-code'.
Apr 03 09:52:46 kwephispra38428 systemd[1]: Failed to start Docker Application Container Engine.
修改完成后重启docker daemon
systemctl daemon-reload
systemctl restart docker
我搜到了很多导入证书之类的邪门歪道。误入歧途了一上午
ref
- https://blog.csdn.net/u013948858/article/details/79974796 这个文档介绍了daemon.json的具体使用,介绍了上面那个json用法。官方给的配置项比较多。不需要都了解,用啥加啥
- https://forums.docker.com/t/docker-private-registry-x509-certificate-signed-by-unknown-authority/21262/8 看这个社区问答,大家都把关注点放在证书上了,各种折腾,最后有个人说了在mac下
insecure registries设置。在linux下也就是上面daemon.json的搞法 - docker镜像默认是在
/var/lib/docker里的,可以手动设置改目录,也是在daemon.json里,加上"graph":"newpath/docker/"参考这里https://blog.51cto.com/forangela/1949947
