原因是证书中指定的主机名为 docker-registry 而不是 h104
[root@h103 ~]# vim /etc/hosts
[root@h103 ~]# grep docker-registry /etc/hosts
192.168.100.104 h104 docker-registry
[root@h103 ~]# docker push docker-registry:5000/ubuntu
The push refers to a repository [docker-registry:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://docker-registry:5000/v0/
v2 ping attempt failed with error: Get https://docker-registry:5000/v2/: x509: certificate signed by unknown authority
v1 ping attempt failed with error: Get https://docker-registry:5000/v1/_ping: x509: certificate signed by unknown authority
[root@h103 ~]#
原因是证书不被信任(自签名证书)
将证书内容导入受信列表,重启docker客户端
[root@h103 ~]# ll /etc/pki/tls/certs/ca-bundle.crt
lrwxrwxrwx 1 root root 49 Jan 19 16:30 /etc/pki/tls/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
[root@h103 ~]# ll /etc/pki/ca-trust/extracted/pem/
total 692
-r--r--r-- 1 root root 217510 Jan 19 16:30 email-ca-bundle.pem
-r--r--r-- 1 root root 211626 Jan 19 16:30 objsign-ca-bundle.pem
-rw-r--r-- 1 root root 897 Apr 23 2015 README
-r--r--r-- 1 root root 267983 Jan 21 21:21 tls-ca-bundle.pem
[root@h103 ~]# scp root@h104:/root/certs/docker.crt /etc/pki/ca-trust/extracted/pem/
root@h104's password:
docker.crt 100% 1306 1.3KB/s 00:00
[root@h103 ~]# ll /etc/pki/ca-trust/extracted/pem/
total 696
-rw------- 1 root root 1306 Jan 21 23:24 docker.crt
-r--r--r-- 1 root root 217510 Jan 19 16:30 email-ca-bundle.pem
-r--r--r-- 1 root root 211626 Jan 19 16:30 objsign-ca-bundle.pem
-rw-r--r-- 1 root root 897 Apr 23 2015 README
-r--r--r-- 1 root root 267983 Jan 21 21:21 tls-ca-bundle.pem
[root@h103 ~]# cat /etc/pki/ca-trust/extracted/pem/docker.crt >> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
[root@h103 ~]# docker push docker-registry:5000/ubuntu
The push refers to a repository [docker-registry:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://docker-registry:5000/v0/
v2 ping attempt failed with error: Get https://docker-registry:5000/v2/: x509: certificate signed by unknown authority
v1 ping attempt failed with error: Get https://docker-registry:5000/v1/_ping: x509: certificate signed by unknown authority
[root@h103 ~]# systemctl stop docker && systemctl start docker
[root@h103 ~]# docker push docker-registry:5000/ubuntu
The push refers to a repository [docker-registry:5000/ubuntu] (len: 1)
8693db7e8a00: Pushed
a4c5be5b6e59: Pushed
c4fae638e7ce: Pushed
f15ce52fc004: Pushed
latest: digest: sha256:45d78ef16a9e6199ffbbc78f71c2c6ef6647f3be6b9721fe3f1b08d6e3fcf6b3 size: 6800
[root@h103 ~]# docker pull docker-registry:5000/ubuntu
Using default tag: latest
latest: Pulling from ubuntu
Digest: sha256:45d78ef16a9e6199ffbbc78f71c2c6ef6647f3be6b9721fe3f1b08d6e3fcf6b3
Status: Image is up to date for docker-registry:5000/ubuntu:latest
[root@h103 ~]#
Note: 一定要重启客户端,否则无效
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。