Hide Forgot
Description of problem: Adding the following to /etc/sysconfig/docker will not block the docker.io registry. Only this registry is unable to be blocked. BLOCK_REGISTRY='--block-registry docker.io' Version-Release number of selected component (if applicable): RHEL 7.3 Docker 1.10.3 How reproducible: 100% Actual results: /etc/sysconfig/docker file looks like OPTIONS=' --selinux-enabled --insecure-registry=172.30.0.0/16 --log-driver=json-file --log-opt max-size=50m' DOCKER_CERT_PATH=/etc/docker ADD_REGISTRY='--add-registry registry.access.redhat.com' BLOCK_REGISTRY='--block-registry docker.io' #BLOCK_REGISTRY='--block-registry public' Restarted docker # docker pull docker.io/nginx Using default tag: latest Trying to pull repository docker.io/library/nginx ... latest: Pulling from docker.io/library/nginx 386a066cd84a: Pull complete 7bdb4b002d7f: Pull complete 49b006ddea70: Pull complete Digest: sha256:9038d5645fa5fcca445d12e1b8979c87f46ca42cfb17beb1e5e093785991a639 Status: Downloaded newer image for docker.io/nginx:latest Where are you experiencing the behavior? What environment? Client: Version: 1.10.3 API version: 1.22 Package version: docker-common-1.10.3-57.el7.x86_64 Go version: go1.6.2 Git commit: 79ebcd8-unsupported Built: Thu Oct 20 14:37:17 2016 OS/Arch: linux/amd64 Server: Version: 1.10.3 API version: 1.22 Package version: docker-common-1.10.3-57.el7.x86_64 Go version: go1.6.2 Git commit: 79ebcd8-unsupported Built: Thu Oct 20 14:37:17 2016 OS/Arch: linux/amd64 $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.3 (Maipo) Expected results: $ docker pull docker.io/nginx Using default tag: latest Error response from daemon: Blocked registry "docker.io" Additional info: Tested with Docker 1.9 and got extecpted results. Temporary work around would be use * to block all. With OpenShift the internal registry service IP would be needed in the --add-registry option so that we do not block pulls from this registry. /etc/sysconfig/docker BLOCK_REGISTRY='--block-registry *'
Fixed by https://github.com/projectatomic/docker/commit/e92eb832bc59e85d4d7dfe3c95a5182abd8be3cc Fix is in docker-1.12.3 and rhel7-1.10.3 branch in projectatomic/docker (just in case someone needs the fix for 1.10.3 which I don't believe it'll be shipped for 7.3). Assigning to Lokesh to rebuild for RHEL.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2017-0116.html