docker login 私有仓库时报错
连接私有harbor报错如下:
docker login 192.168.1.88 -uadmin -pHarbor12345
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://192.168.1.88/v2/": x509: cannot validate certificate for 192.168.1.88 because it doesn't contain any IP SANs
解决办法:
1、在/etc/docker/daemon.json中添加私有仓库地址
{
"insecure-registries":["192.168.1.88"],
"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com", "https://rncxm540.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver":"json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver":"overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
部分参数(registry-mirrors、insecure-registries ...)修改,只要reconfigure(systemctl reload docker) 就生效
"registry-mirrors": ["https://8f6a79wk.mirror.aliyuncs.com"] # 镜像加速地址
"insecure-registries":["私库地址"] # Docker如果需要从非SSL源管理镜像,这里加上。
2、在/usr/lib/systemd/system/docker.service中添加私有仓库地址
--insecure-registry=https://192.168.1.88
cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=https://192.168.1.88
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
重启docker服务
systemctl daemon-reload
systemctl restart docker
3.检查本地hosts文件
报错:
docker login 192.168.1.88 -u admin -pHarbor12345
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://192.168.1.88/v2/": Get "https://dockerhub/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry": dial tcp: lookup dockerhub on 114.114.114.114:53: no such host
检查部署harbor服务的机器配置文件:
cat harbor.cfg |grep -v "#"|grep hostname
hostname = dockerhub
修改本地hosts文件:
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.88 dockerhub
QQ:1061767621
Q群:215481318