Bug 1460378
| Summary: | docker improper handle registry config | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Qian Cai <qcai> |
| Component: | docker | Assignee: | Brent Baude <bbaude> |
| Status: | CLOSED ERRATA | QA Contact: | atomic-bugs <atomic-bugs> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.4 | CC: | amurdaca, lsm5, lsu, qcai |
| Target Milestone: | rc | Keywords: | Extras |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | docker-1.12.6-38.1.git6ffd653.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-02 00:11:21 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
docker-1.12.6-33.1.git3a6eaeb.el7 To workaround it, just hard-code your registries to the docker unit file like,
ExecStart=/usr/bin/dockerd-current \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--authorization-plugin=rhel-push-plugin \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
$OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$ADD_REGISTRY \
$BLOCK_REGISTRY \
--insecure-registry brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888\
$REGISTRIES
I think something is wrong or a wrong assumption is being made here. The file /etc/containers/registries.conf is in YAML format. But the atomic-registries service file creates a text file /run/containers/registries.conf (which is not YAML). Therefore, that file can be loaded by systemd as an export. Perhaps you can show the error you were getting? or perhaps you were editing /run/containers/registries.conf and not /etc/containers/registries.conf ? Change this line in docker.service. +EnvironmentFile=-/run/containers/registries.conf to EnvironmentFile=-/run/containers/registries.conf Fixed the problem. No idea why plus sign is needed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2344 |
Description of problem: Since docker switches to use atomic-registry, the docker unit file assume that /etc/containers/registries.conf is a shell environment file that can be parsed directly to the docker daemon. # cat /usr/lib/systemd/system/docker.service ... +EnvironmentFile=-/run/containers/registries.conf ... ExecStart=/usr/bin/dockerd-current \ --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \ --default-runtime=docker-runc \ --authorization-plugin=rhel-push-plugin \ --exec-opt native.cgroupdriver=systemd \ --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ $OPTIONS \ $DOCKER_STORAGE_OPTIONS \ $DOCKER_NETWORK_OPTIONS \ $ADD_REGISTRY \ $BLOCK_REGISTRY \ $INSECURE_REGISTRY\ $REGISTRIES but in fact, it is in yaml format and need to be parsed by registries command first before pass to the docker daemon. # /usr/libexec/registries --insecure-registry brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: