Login/Register
Can not pull/push images after update docker to 1.12
Asked Answered
Solved dockerregistrydocker-registry
E

9

89

The private registry was worked well based on docker 1.10.3,but I can not pull/push images after the docker updated to 1.12.0.

I had modified the /etc/sysconfig/docker as:

OPTIONS='--selinux-enabled=true --insecure-registry=myip:5000'

or

OPTIONS='--selinux-enabled=true --insecure-registry myip:5000'

but when I exec pull/push,I got this error:

$ docker pull myip:5000/cadvisor
Using default tag: latest
Error response from daemon: Get https://myip:5000/v1/_ping: http: server gave HTTP response to HTTPS client

when I change back docker to 1.10.3, it still work well as below:

$ docker pull myip:5000/cadvisor
Using default tag: latest
Trying to pull repository myip:5000/cadvisor ... 
latest: Pulling from myip:5000/cadvisor
09d0220f4043: Pull complete 
a3ed95caeb02: Pull complete 
151807d34af9: Pull complete 
14cd28dce332: Pull complete     
Digest:
sha256:33b6475cd5b7646b3748097af1224de3eee3ba7cf5105524d95c0cf135f59b47
Status: Downloaded newer image for myip/cadvisor:latest

Some relative information are listed below:

docker version
Client:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built:

OS/Arch: linux/amd64

Server:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built:

OS/Arch: linux/amd64

docker info
Containers: 4
Running: 1
Paused: 0
Stopped: 3
Images: 241
Server Version: 1.12.0
Storage Driver: devicemapper
Pool Name: docker-253:0-6809-pool
Pool Blocksize: 65.54 kB
Base Device Size: 107.4 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 5.459 GB
Data Space Total: 107.4 GB
Data Space Available: 34.74 GB
Metadata Space Used: 9.912 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.138 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use '--storage-opt dm.thinpooldev' to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2016-06-09)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: host overlay null bridge
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-229.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 24
Total Memory: 62.39 GiB
Name: server_3
ID: TITS:BL4B:M5FE:CIRO:5SW6:TVIV:HW36:J7OS:WLHF:46T6:2RBA:WCNV
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 21
Goroutines: 32
System Time: 2016-08-02T10:33:06.414048675+08:00
EventsListeners: 0
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
127.0.0.0/8

docker exec <registry-container> registry -version
registry github.com/docker/distribution v2.2.1

After I restart the docker daemon in debug mode, the daemon logs when reproducing my problem are listed below:

DEBU[0794] Calling POST /v1.24/images/create?fromImage=10.10.10.40%3A5000%2Fcadvisor&tag=latest 
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000 
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000 
DEBU[0794] Trying to pull 10.10.10.40:5000/cadvisor from https://10.10.10.40:5000 v2 
WARN[0794] Error getting v2 registry: Get https://10.10.10.40:5000/v2/: http: server gave HTTP response to HTTPS client 
ERRO[0794] Attempting next endpoint for pull after error: Get https://10.10.10.40:5000/v2/: http: server gave HTTP response to HTTPS client
DEBU[0794] Trying to pull 10.10.10.40:5000/cadvisor from https://10.10.10.40:5000 v1 
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000
DEBU[0794] attempting v1 ping for registry endpoint https://10.10.10.40:5000/v1/
DEBU[0794] Fallback from error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client 
ERRO[0794] Attempting next endpoint for pull after error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client
ERRO[0794] Handler for POST /v1.24/images/create returned error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client 
DEBU[1201] clean 2 unused exec commands

What's more, I just run a simple command to launch the private registry for test, anything else is by default:

docker run -d -p 5000:5000 --restart=always --name registry -v 'pwd'/data:/var/lib/registry registry:2

No proxy is configured. In summary, it is only a quiet sample environment for test.

Eous answered 1/8, 2016 at 9:37 Comment(4)
well, i too face the same error, but the strange thing is that i donot have /etc/sysconfig/docker file in RHEL 7, do you know any similar file that i can find ? what are the contents of this docker file? Thank you.Benford
This file includes some options if you want to change the way the docker daemon runs. I don't know exact path in RHEL7 .But if you exec with the command "$sudo locate docker", you will find the file in somewhereEous
I ended up deleting the /etc/docker/daemon.json and restarting the docker service, it looks like it was overriding what was setup in /etc/sysconfig/dockerWishful
For MacOS users see this answer: https://mcmap.net/q/41060/-where-should-i-set-the-39-insecure-registry-39-flag-on-mac-osUnburden
P
231

I had the same issue.

This helped for me:

  • Create or modify /etc/docker/daemon.json on the client machine

    { "insecure-registries":["myregistry.example.com:5000"] }

  • Restart docker daemon

    sudo /etc/init.d/docker restart

Palliate answered 2/8, 2016 at 9:13 Comment(8)
In my case I use Ubuntu 16.04 and /etc/default/docker (where my config was) is specific to upstart. 16.04 uses systemd. /etc/docker/daemon.json is platform-independent configuration. github.com/docker/docker/issues/23512 github.com/docker/docker/issues/23228Palliate
Here is the documentation how to setup insecure registry docs.docker.com/registry/insecureAdrienadriena
Create /etc/docker/daemon.json file if not present. Specific to Ubuntu 16.04Hysteresis
Anyone have any info for MacOS?Unburden
this helped me when I installed docker V17.x. It somehow didn't work when I had docker.io v1.xPlimsoll
Please, make sure you actually add the ip address, and not use the example ...Microbicide
after creating /etc/docker/daemon.json docker service does not come up with "Start request repeated too quickly" error for some reason (I waited and rebooted machine, only removing daemon.json helped)Nganngc
Thanks. This is the only answer docker successfully restart without rebooting machine.Centennial
A
24

For Windows users

Add local registry here and apply:

enter image description here

Assibilate answered 11/9, 2017 at 12:56 Comment(0)
B
7

For Mac Users: Update the docker preferences using the (docker) icon in top bar

Preferences -> Daemon -> Insecure Registry [Click (+) sign] -> add :port

hit "Apply & Restart" button at bottom

Pic showing Docker preference window

Billybillycock answered 6/9, 2018 at 10:8 Comment(0)
B
7

I also had same issue and followed below steps:

1. Create file 

 vi /etc/docker/daemon.json

2. Add below content

{
        "insecure-registries":["192.168.1.142:5000"]
 }

3.Restart Docker

service docker restart
Bootblack answered 15/1, 2019 at 5:13 Comment(0)
T
3

If you are using Windows and you get this error you need to create a file here: "C:\ProgramData\docker\config\daemon.json"

and do the same as @Bspec mentioned above:

{ "insecure-registries":["myregistry.example.com:5000"] }

Then restart docker using PowerShell commands:

Stop-Service docker
Start-Service docker
Telling answered 2/3, 2017 at 11:54 Comment(0)
E
2

modifying "/etc/docker/daemon.json" didn't work for me.

Putting it under "/etc/sysconfig/docker" as below, worked.

INSECURE_REGISTRY="--insecure-registry 192.168.24.1:8787"

Eddings answered 28/8, 2019 at 10:54 Comment(1)
Thanks for showing us --insecure-registry option. In my case it was even another file /etc/systemd/system/docker.service.d/docker-options.conf because I'm using Kubespray. So for others: you need to find your DOCKER_OPTS parameter. Just use this search: grep -ER DOCKER_OPTS /etc across /etc directory. In my specific case, to make settings effective I did: systemctl daemon-reload, systemctl restart docker and ps -ef | grep dockerd on Ubuntu.Doi
R
2

In order to push, add the ip to insecure registry on the client side (e.g. for Windows)

enter image description here

To pull, add it to the server side (in this case Ubuntu)

vim /etc/docker/daemon.json

enter image description here

and then restart Docker.

Router answered 8/6, 2020 at 14:47 Comment(0)
D
1

None of the solutions worked on Ubuntu 18.04 so spend some time to find the root cause.

Steps to solve an issue

sudo vi /lib/systemd/system/docker.service
# ExecStart=dockerd .... --insecure-registry=192.168.99.100:5000
sudo systemctl stop docker.service
sudo systemctl daemon-reload
sudo systemctl start docker.service

What was the issue?

I would recommend to check where exactly dockerd options are configured regardless of you Linux distribution with:

sudo find /etc /lib -name 'docker*' | while read -r line; do grep dockerd $line /dev/null; done
Doi answered 25/11, 2020 at 4:7 Comment(0)
S
0

first test localy

docker push localhost:5000/<ImageName>

if docker pushed is Done going to another server and do it:

sudo nano /etc/docker/daemon.json


{"insecure-registries" : ["<HostName or IP Address registry server>:5000"]}

Saving and...

and for next

sudo systemctl daemon-reload

sudo service docker restart

nice! now docker pushing on another server:

docker tag <image id> <HostName or IP Address registry server>:5000/<ImageName>
docker push <HostName or IP Address registry server>:5000/<ImageName>

Enjoy It.

Solnit answered 20/9, 2021 at 13:11 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.