Issue
Environment:
- OS: debian 8.0.0-amd64, ubuntu-15.04, 16.04
- Docker: 1.x.x
Procedure:
I changed /etc/default/docker
to add a private docker registry, then I restarted docker service and finally tried to pull some image.
$ cat /etc/default/docker
DOCKER_OPTS="--insecure-registry mydocker-registry.net:5000"
$ service docker restart
$ docker pull mydocker-registry.net:5000/testdb
FATA[0000] Error: v1 ping attempt failed with error: Get https://mydocker-
registry.net:5000/v1/_ping: dial tcp: lookup mydocker-registry.net: no
such host. If this private registry supports only HTTP or HTTPS with an
unknown CA certificate, please add `--insecure-registry mydocker-
registry.net:5000` to the daemon's arguments. In the case of HTTPS, if
you have access to the registry's CA certificate, no need for the flag;
simply place the CA certificate at /etc/docker/certs.d/mydocker-
registry.net:5000/ca.crt
A ps
output shows nothing about DOCKER_OPTS environment var.
$ ps auxwww|grep docker
root 6919 0.0 0.1 331076 19984 ? Ssl 10:14 0:00 /usr/bin/docker -d -H fd://
Question:
According to docker documentation the way to use a private registry is through DOCKER_OPTS in /etc/default/docker
. Why, after doing that, it does not take effect in this environment?
Notes:
- The private registry hostname is correctly resolved by the DNS.
Solution
Recommended Way Docker 17.xx +
There are a number of ways to configure the daemon flags and environment variables for your Docker daemon. The recommended way is to use the platform-independent daemon.json
file, which is located in /etc/docker/
on Linux by default.
So, for configuring insecure registries, do the following:
Set the following flag in the
/etc/docker/daemon.json
file:{ "insecure-registries": ["mydocker-registry.net:5000"] }
Restart Docker
$ sudo systemctl restart docker
Easier each time!
Previously Recommended Way with Docker 1.12
According to docker documentation, The recommended way to configure the daemon flags and environment variables for your Docker daemon is to use a systemd drop-in file.
So, for this specific case, do the following:
Create a file called
/etc/systemd/system/docker.service.d/private-registry.conf
with the following content:If not exists, create directory
/etc/systemd/system/docker.service.d
[Service] ExecStart= ExecStart=/usr/bin/dockerd --insecure-registry mydocker-registry.net:5000
Flush changes:
$ sudo systemctl daemon-reload
Restart Docker:
$ sudo systemctl restart docker
Voila!
Not recommended way
Edit file /lib/systemd/system/docker.service
...
[Service]
ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS
...
EnvironmentFile=-/etc/default/docker
...
Then execute
systemctl daemon-reload
systemctl restart docker
Verify that /etc/default/docker
is loaded
ps auxwww | grep docker
root 4989 0.8 0.1 265540 16608 ? Ssl 10:37 0:00 /usr/bin/docker -d -H fd:// --insecure-registry
That's it.
Answered By - Camilo Silva