Docker Registry9

franket

发布于 2022-01-21 15:08:56

1980

发布于 2022-01-21 15:08:56

原因是证书中指定的主机名为 docker-registry 而不是 h104

[root@h103 ~]# vim /etc/hosts
[root@h103 ~]# grep docker-registry  /etc/hosts
192.168.100.104  h104 docker-registry
[root@h103 ~]# docker push docker-registry:5000/ubuntu
The push refers to a repository [docker-registry:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://docker-registry:5000/v0/
v2 ping attempt failed with error: Get https://docker-registry:5000/v2/: x509: certificate signed by unknown authority
 v1 ping attempt failed with error: Get https://docker-registry:5000/v1/_ping: x509: certificate signed by unknown authority
[root@h103 ~]#

原因是证书不被信任(自签名证书)

解决办法一：

将证书内容导入受信列表，重启docker客户端

[root@h103 ~]# ll /etc/pki/tls/certs/ca-bundle.crt
lrwxrwxrwx 1 root root 49 Jan 19 16:30 /etc/pki/tls/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
[root@h103 ~]# ll /etc/pki/ca-trust/extracted/pem/
total 692
-r--r--r-- 1 root root 217510 Jan 19 16:30 email-ca-bundle.pem
-r--r--r-- 1 root root 211626 Jan 19 16:30 objsign-ca-bundle.pem
-rw-r--r-- 1 root root    897 Apr 23  2015 README
-r--r--r-- 1 root root 267983 Jan 21 21:21 tls-ca-bundle.pem
[root@h103 ~]# scp root@h104:/root/certs/docker.crt /etc/pki/ca-trust/extracted/pem/
root@h104's password: 
docker.crt                                                                                          100% 1306     1.3KB/s   00:00    
[root@h103 ~]# ll /etc/pki/ca-trust/extracted/pem/
total 696
-rw------- 1 root root   1306 Jan 21 23:24 docker.crt
-r--r--r-- 1 root root 217510 Jan 19 16:30 email-ca-bundle.pem
-r--r--r-- 1 root root 211626 Jan 19 16:30 objsign-ca-bundle.pem
-rw-r--r-- 1 root root    897 Apr 23  2015 README
-r--r--r-- 1 root root 267983 Jan 21 21:21 tls-ca-bundle.pem
[root@h103 ~]# cat /etc/pki/ca-trust/extracted/pem/docker.crt >> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
[root@h103 ~]# docker push docker-registry:5000/ubuntu
The push refers to a repository [docker-registry:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://docker-registry:5000/v0/
v2 ping attempt failed with error: Get https://docker-registry:5000/v2/: x509: certificate signed by unknown authority
 v1 ping attempt failed with error: Get https://docker-registry:5000/v1/_ping: x509: certificate signed by unknown authority
[root@h103 ~]# systemctl stop docker && systemctl start docker
[root@h103 ~]# docker push docker-registry:5000/ubuntu
The push refers to a repository [docker-registry:5000/ubuntu] (len: 1)
8693db7e8a00: Pushed 
a4c5be5b6e59: Pushed 
c4fae638e7ce: Pushed 
f15ce52fc004: Pushed 
latest: digest: sha256:45d78ef16a9e6199ffbbc78f71c2c6ef6647f3be6b9721fe3f1b08d6e3fcf6b3 size: 6800
[root@h103 ~]# docker pull  docker-registry:5000/ubuntu
Using default tag: latest
latest: Pulling from ubuntu
Digest: sha256:45d78ef16a9e6199ffbbc78f71c2c6ef6647f3be6b9721fe3f1b08d6e3fcf6b3
Status: Image is up to date for docker-registry:5000/ubuntu:latest
[root@h103 ~]#