Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Docker daemon flags ignored

Tags:

Environment:

  • OS: debian 8.0.0-amd64, ubuntu-15.04, 16.04
  • Docker: 1.x.x

Procedure:

I changed /etc/default/docker to add a private docker registry, then I restarted docker service and finally tried to pull some image.

$ cat /etc/default/docker DOCKER_OPTS="--insecure-registry mydocker-registry.net:5000"  $ service docker restart  $ docker pull mydocker-registry.net:5000/testdb FATA[0000] Error: v1 ping attempt failed with error: Get https://mydocker- registry.net:5000/v1/_ping: dial tcp: lookup mydocker-registry.net: no  such host. If this private registry supports only HTTP or HTTPS with an  unknown CA certificate, please add `--insecure-registry mydocker- registry.net:5000` to the daemon's arguments. In the case of HTTPS, if  you have access to the registry's CA certificate, no need for the flag;  simply place the CA certificate at /etc/docker/certs.d/mydocker- registry.net:5000/ca.crt 

A ps output shows nothing about DOCKER_OPTS environment var.

$ ps auxwww|grep docker root  6919   0.0   0.1   331076   19984 ? Ssl 10:14   0:00 /usr/bin/docker -d -H fd:// 

Question:

According to docker documentation the way to use a private registry is through DOCKER_OPTS in /etc/default/docker. Why, after doing that, it does not take effect in this environment?

Notes:

  • The private registry hostname is correctly resolved by the DNS.
like image 399
Camilo Silva Avatar asked May 08 '15 15:05

Camilo Silva


1 Answers

Recommended Way Docker 17.xx +

There are a number of ways to configure the daemon flags and environment variables for your Docker daemon. The recommended way is to use the platform-independent daemon.json file, which is located in /etc/docker/ on Linux by default.

So, for configuring insecure registries, do the following:

  1. Set the following flag in the /etc/docker/daemon.json file:

    {     "insecure-registries": ["mydocker-registry.net:5000"] } 
  2. Restart Docker

     $ sudo systemctl restart docker 

Easier each time!


Previously Recommended Way with Docker 1.12

According to docker documentation, The recommended way to configure the daemon flags and environment variables for your Docker daemon is to use a systemd drop-in file.

So, for this specific case, do the following:

  1. Create a file called /etc/systemd/system/docker.service.d/private-registry.conf with the following content:

    If not exists, create directory /etc/systemd/system/docker.service.d

    [Service] ExecStart= ExecStart=/usr/bin/dockerd --insecure-registry mydocker-registry.net:5000 
  2. Flush changes:

    $ sudo systemctl daemon-reload 
  3. Restart Docker:

     $ sudo systemctl restart docker 

Voila!


Not recommended way

Edit file /lib/systemd/system/docker.service

... [Service] ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS ... EnvironmentFile=-/etc/default/docker ... 

Then execute

systemctl daemon-reload systemctl restart docker 

Verify that /etc/default/docker is loaded

ps auxwww | grep docker root      4989  0.8  0.1 265540 16608 ?        Ssl  10:37   0:00 /usr/bin/docker -d -H fd:// --insecure-registry  

That's it.

like image 152
Camilo Silva Avatar answered Sep 23 '22 07:09

Camilo Silva