我正在RHEL7上创建一个Docker Swarm。目前,我已经建立了一个具有单个主节点的Swarm(据我发现此问题)。但是我在部署堆栈时遇到了针对私有注册表的身份验证错误(相同的docker-compose.yml在其他服务器上也可以使用),区别在于我坚决使用RHEL作为在生产环境中运行的要求网络。
我尝试过:
以下是该服务的代码:
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target rhel-push-plugin.socket registries.service
Wants=docker-storage-setup.service
Requires=rhel-push-plugin.socket registries.service
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current \
-D -g /apps/docker/data \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--authorization-plugin=rhel-push-plugin \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
--init-path=/usr/libexec/docker/docker-init-current \
--seccomp-profile=/etc/docker/seccomp.json \
$OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$ADD_REGISTRY \
$BLOCK_REGISTRY \
$INSECURE_REGISTRY \
$REGISTRIES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
KillMode=process
[Install]
WantedBy=multi-user.target
这是日志中的错误:
Aug 7 13:08:47 vm014632 dockerd-current: time="2019-08-07T13:08:47.398445598+01:00" level=error msg="Not continuing with pull after error: errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"
Aug 7 13:08:47 vm014632 dockerd-current: time="2019-08-07T13:08:47.398464224+01:00" level=info msg="Ignoring extra error returned from registry: unauthorized: authentication required"
Aug 7 13:08:47 vm014632 dockerd-current: time="2019-08-07T13:08:47.398480292+01:00" level=info msg="Translating \"denied: requested access to the resource is denied\" to \"repository registry.foo.bar.com/cse/portainer not found: does not exist or no pull access\""
Aug 7 13:08:47 vm014632 dockerd-current: time="2019-08-07T13:08:47.398502545+01:00" level=error msg="pulling image failed" error="repository registry.foo.bar.com/cse/portainer not found: does not exist or no pull access" module="node/agent/taskmanager" task.id=pfnkrhfp7q9emte7dbepcu2fx
Aug 7 13:08:47 vm014632 dockerd-current: time="2019-08-07T13:08:47.399000595+01:00" level=error msg="fatal task error" error="No such image: registry.foo.bar.com/cse/portainer:1.22.0" module="node/agent/taskmanager" task.id=pfnkrhfp7q9emte7dbepcu2fx