我在Ubuntu 14.04中安装了docker registry 2.0,遵循官方网站:https://docs.docker.com/registry/deploying/
它将用于测试开发,所以我认为我们不需要生产实例:
我安装它:
docker run -d -p 5000:5000 registry:2.0
然后我为docker准备了一个新图像:
docker tag ubuntu:14.04 juandapc:5000/ubuntu:14.04
docker tag ubuntu:14.04 juandapc:5000/ubuntu:14.04
我已经替换了机器主机名juandapc的文档中的localhost。
当我尝试从另一台机器(telnet juandapc 5000)访问存储库时,我遇到此错误:
FATA[0000] Error response from daemon: v1 ping attempt failed with error: Get https://juandapc:5000/v1/_ping: dial tcp 192.168.1.50:5000: connection refused. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry juandapc:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/juandapc:5000/ca.crt
如果我拉,同样的错误:
# docker pull juandapc:5000/ubuntu
FATA[0000] Error response from daemon: v1 ping attempt failed with error: Get https://juandapc:5000/v1/_ping: tls: oversized record received with length 20527. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry juandapc:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/juandapc:5000/ca.crt
我需要配置nginx吗?文档使用注册表1.6和2.0为生产模式安装nginx,但这不是我的情况......
主机中的防火墙(juandapc):
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
MASQUERADE tcp -- 172.17.0.5 172.17.0.5 tcp dpt:5000
Chain DOCKER (2 references)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:5000 to:172.17.0.5:5000
来自主机juandapc的端口(ESCUCHAR是LISTEN):
# netstat -natp
Conexiones activas de Internet (servidores y establecidos)
Proto Recib Enviad Dirección local Dirección remota Estado PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* ESCUCHAR 919/sshd
tcp 0 0 192.168.1.50:22 172.30.164.14:38412 ESTABLECIDO 3924/sshd: administ
tcp6 0 0 :::22 :::* ESCUCHAR 919/sshd
tcp6 0 0 :::5000 :::* ESCUCHAR 3651/docker-proxy
5000,但没有ipv4 ????
容器中的注册表:
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1978cdff5e8c registry:2.0 "registry cmd/regist 4 hours ago Up 4 hours 0.0.0.0:5000->5000/tcp mad_shockley
# docker exec mad_shockley ps -ax
PID TTY STAT TIME COMMAND
1 ? Ssl 0:00 registry cmd/registry/config.yml
14 ? Rs 0:00 ps -ax
从juandpc我可以进入容器:
# docker exec -t -i mad_shockley /bin/bash
root@1978cdff5e8c:/go/src/github.com/docker/distribution# hostname
1978cdff5e8c
答案 0 :(得分:3)
错误消息是关键:
FATA[0000] Error response from daemon: v1 ping attempt failed with error: Get https://juandapc:5000/v1/_ping: dial tcp 192.168.1.50:5000: connection refused. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry juandapc:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/juandapc:5000/ca.crt
添加了这一行:/ etc / default / docker:
DOCKER_OPTS="--insecure-registry juandapc:5000"
重启码头并完美!
答案 1 :(得分:0)
标记的远程主机部分必须包含远程注册表的名称,而不是本地(推送/发布)客户端的名称。
所以,在这种情况下:
juandapc:5000/ubuntu:14.04
应该是
<registry-server>:5000/ubuntu:14.04
替换&lt; registry-server&gt;用你设置注册表的任何机器。事实上,您正试图从juandapc推送到juandapc上的远程存储库,并且因为它不存在,连接被拒绝......
如果juandapc实际上是您安装服务的地方,另一方面 - 您有DNS /名称解析问题。 (你为juandapc添加了/ etc / hosts条目吗?为什么它解析为192.168.1.50,而不是netstat显示的接口的实际地址?)