Docker Swarm无法从公司私人注册表中提取

Question

我正在RHEL7上创建一个Docker Swarm。目前，我已经建立了一个具有单个主节点的Swarm（据我发现此问题）。但是我在部署堆栈时遇到了针对私有注册表的身份验证错误（相同的docker-compose.yml在其他服务器上也可以使用），区别在于我坚决使用RHEL作为在生产环境中运行的要求网络。

我尝试过：

• docker login Registry.foo.bar.com（在此主机上独立运行后的手动“拉”操作，看起来只是群居主义）
• -with-registry-auth（过去曾出现过此问题，但现在还没有）
• 简化/usr/lib/systemd/system/docker.service（有关RPM创建的内容，请参见下文）
• 将registry.foo.bar.com添加到/etc/containers/registries.conf（也使用https）

以下是该服务的代码：

[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target rhel-push-plugin.socket registries.service
Wants=docker-storage-setup.service
Requires=rhel-push-plugin.socket registries.service
Requires=docker-cleanup.timer

[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current \
          -D -g /apps/docker/data \
          --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
          --default-runtime=docker-runc \
          --authorization-plugin=rhel-push-plugin \
          --exec-opt native.cgroupdriver=systemd \
          --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
          --init-path=/usr/libexec/docker/docker-init-current \
          --seccomp-profile=/etc/docker/seccomp.json \
          $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $ADD_REGISTRY \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY \
          $REGISTRIES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
KillMode=process

[Install]
WantedBy=multi-user.target

这是日志中的错误：

Aug  7 13:08:47 vm014632 dockerd-current: time="2019-08-07T13:08:47.398445598+01:00" level=error msg="Not continuing with pull after error: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"
Aug  7 13:08:47 vm014632 dockerd-current: time="2019-08-07T13:08:47.398464224+01:00" level=info msg="Ignoring extra error returned from registry: unauthorized: authentication required"
Aug  7 13:08:47 vm014632 dockerd-current: time="2019-08-07T13:08:47.398480292+01:00" level=info msg="Translating \"denied: requested access to the resource is denied\" to \"repository registry.foo.bar.com/cse/portainer not found: does not exist or no pull access\""
Aug  7 13:08:47 vm014632 dockerd-current: time="2019-08-07T13:08:47.398502545+01:00" level=error msg="pulling image failed" error="repository registry.foo.bar.com/cse/portainer not found: does not exist or no pull access" module="node/agent/taskmanager" task.id=pfnkrhfp7q9emte7dbepcu2fx
Aug  7 13:08:47 vm014632 dockerd-current: time="2019-08-07T13:08:47.399000595+01:00" level=error msg="fatal task error" error="No such image: registry.foo.bar.com/cse/portainer:1.22.0" module="node/agent/taskmanager" task.id=pfnkrhfp7q9emte7dbepcu2fx