[关闭]
@adonia 2018-05-18T02:19:56.000000Z 字数 4144 阅读 351

Docker

docker

Docker问题记录

Docker insecure registry

问题描述:

在执行docker pull shipyard/shipyard时,报错:

  1. Using default tag: latest
  2. Error response from daemon: Get https://registry-1.docker.io/v2/shipyard/shipyard/manifests/latest: Get https://auth.docker.io/token?scope=repository%3Ashipyard%2Fshipyard%3Apull&service=registry.docker.io: net/http: TLS handshake timeout

或者

  1. Error response from daemon: unable to ping registry endpoint https://10.137.206.65:5001/v0/
  2. v2 ping attempt failed with error: Get https://10.137.206.65:5001/v2/: tls: oversized record received with length 20527
  3.  v1 ping attempt failed with error: Get https://10.137.206.65:5001/v1/_ping: tls: oversized record received with length 20527

解决方法:

根据报错信息,是在跟Docker仓库做SSL校验时超时了,执行docker login https://registry-1.docker.io,输入用户密码,发现登陆是成功的。

  1. root@ubuntu:/home/ubuntu# docker login https://registry-1.docker.io
  2. Username: adonia
  3. Password: 
  4. Email: adonia12@126.com
  5. WARNING: login credentials saved in /root/.docker/config.json
  6. Login Succeeded

那就应该是SSL证书的问题了,由于Docker Daemon中是没有放置任何证书文件的,可以将此Docker Hub作为非受信任注册服务。即在Docker Daemon的启动命令中增加--insecure-registry registry-1.docker.io

修改方法如下(针对Ubuntu系统):

  1. docker.service - Docker Application Container Engine
  2.    Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
  3.   Drop-In: /etc/systemd/system/docker.service.d
  4.            └─http-proxy.conf
  5.    Active: active (running) since Mon 2016-04-11 06:04:52 EDT; 14min ago
  6.      Docs: https://docs.docker.com
  7.  Main PID: 31117 (docker)
  8.    CGroup: /system.slice/docker.service
  9.            └─31117 /usr/bin/docker daemon -H fd:// --insecure-registry 10.137.206.65:5000 --insecure-registry 10.137.206.65:5001 --insecure-registry pub.domeos.org --insecure-registry registry-1.docker.io
  1. [Unit]
  2. Description=Docker Application Container Engine
  3. Documentation=https://docs.docker.com
  4. After=network.target docker.socket
  5. Requires=docker.socket
  7. [Service]
  8. Type=notify
  9. ExecStart=/usr/bin/docker daemon -H fd:// --insecure-registry 10.137.206.65:5000 --insecure-registry 10.137.206.65:5001 --insecure-registry pub.domeos.org --insecure-registry registry-1.docker.io
  10. MountFlags=slave
  11. LimitNOFILE=1048576
  12. LimitNPROC=1048576
  13. LimitCORE=infinity
  14. TimeoutStartSec=0
  16. [Install]
  17. WantedBy=multi-user.target

TERM environment variable not set.

问题描述

在Docker容器中安装了clear工具,执行时,报错---TERM environment variable not set.

解决方法

在用户变量中,增加"export TERM=xterm"。安装CMP时指定的是CSH,可在/home/cmp/.cshrc中增加如下配置:

  1. setenv TERM xterm

执行source $HOME/.cshrc即可。

Ebus connection reset by peer

问题描述

在Docker容器中部署了控制台后,通过portal访问ebus服务时,报错---com.huawei.ebus.connector.bus.NioClientChannel > disconnected from /172.17.0.2:32982 to /172.17.0.2:15619 , cause : Connection reset by peer

解决方法

在cmpportal中有对ebus服务访问做白名单限制,配置文件路径为/home/cmp/cmpportal/config/ebus.properties,配置如下:

  1. ebus.busconnector.security.ip.enabled=false
  2. ebus.busconnector.security.ip.white=127.0.0.1|172.17.0.2

Note:

ebus.busconnector.security.ip.enabled为是否开启白名单控制项

ebus.busconnector.security.ip.white为白名单列表

在Docker中,由于是验证环境,加上Docker自身的IP不好识别,可以将ebus.busconnector.security.ip.enabled置为false规避此问题。

SUSE Docker: Interface docker0 has no IPv4 addresses

问题描述

在SUSE Linux上以TCP的启动Docker Daemon(-H tcp://127.0.0.1:15000),报错如下:

  1. FATA[0000] Error starting daemon: Error initializing network controller: Error creating default "bridge" network: Failed to setup IP tables, cannot acquire Interface address: Interface docker0 has no IPv4 addresses

解决方法:

修改/etc/sysctl.conf,增加如下配置:

  1. net.ipv4.ip_forward=1

执行sysctl -p /etc/sysctl.conf,并重启网络服务(service network restart)。

Tips: 如果后续重启Docker Daemon,还是出现上述错误,可以通过重启网络服务解决。

启动Container失败,增加iptables路由失败

问题描述

Centos 6.8上,启动docker服务,部署了一个container,访问正常。由于在机器上部署的tomcat,无法访问,就将机器上的iptables服务关闭了。

再次部署container,启动失败,报错信息如下:

  1. Error response from daemon: Cannot start container 6a067c1071fd7d846da11d0987ab7a83aca2a504b44b53ef432246bad5d20613: iptables failed: iptables -t nat -A DOCKER -p tcp -d 0/0 --dport 3001 -j
  2.  DNAT --to-destination 172.17.0.5:3000 ! -i docker0: iptables: No chain/target/match by that name.

通过ifconfig查询docker0网卡信息,发现其ip信息,与报错中的--to-destination并不一致。

解决方法

重启docker服务---service docker restart

建议将已部署的container移除,在重启docker之后,重新部署。

也可参考: http://www.lxy520.net/2015/09/24/centos-7-docker-qi-dong-bao/

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注