Adding an insecure-registry to Docker on Ubuntu

Quick note on adding –insecure-registry 172.30.0.0/16 to docker running on Ubuntu.

While trying to get oc cluster up working on an Ubuntu VM I was getting the following error message and (helpfully) a suggested solution:

don@ubuntu:~# oc cluster up doncluster
Starting OpenShift using registry.access.redhat.com/openshift3/ose:v3.7.23 …
— Checking OpenShift client … OK
— Checking Docker client … OK
— Checking Docker version … OK
— Checking for existing OpenShift container … OK
— Checking for registry.access.redhat.com/openshift3/ose:v3.7.23 image … OK
— Checking Docker daemon configuration … FAIL
   Error: did not detect an –insecure-registry argument on the Docker daemon
   Solution:
     Ensure that the Docker daemon is running with the following argument:
         –insecure-registry 172.30.0.0/16

I normally work on RedHat boxes, and this is usually easily solved by going to /etc/sysconfig/docker and adding the desired registry to the list of “INSECURE_REGISTRY=” line.

On more recent RedHat docker installs this is now done in the externalised config file /etc/containers/registries.conf.

On my Ubuntu VM neither of these exist, and running locate with grep plus a quick google brings back loads of other file locations and suggestions, none of which worked for me (/etc/default/docker, exporting DOCKER_OPTS etc etc).

So, I checked systemctl status docker and got the following:

don@ubuntu:~# systemctl status docker
● docker.service – Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-01-24 11:29:25 GMT; 25min ago
Docs: https://docs.docker.com
Main PID: 4648 (dockerd)
Tasks: 19 (limit: 19660)
Memory: 26.8M
CPU: 1.324s
CGroup: /system.slice/docker.service
├─4648 /usr/bin/dockerd -H fd:// –insecure-registry 172.30.0.0/16
└─4667 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock –shim docker-containerd-shim –metrics-interval=0 –start-timeout 2m –state-di (…snip)

which prompted me to look at the file /lib/systemd/system/docker.service

Adding the settings I wanted to the end of the ExecStart line like so:

ExecStart=/usr/bin/dockerd -H fd:// –insecure-registry 172.30.0.0/16

followed by a

systemctl daemon-reload
systemctl restart docker

did the trick, finally.

I am now hitting this issue, which looks like a systemd + docker mismatch… and am thinking CentOS may be a better place to test this!

don@ubuntu:~# oc cluster up doncluster
Starting OpenShift using registry.access.redhat.com/openshift3/ose:v3.7.23 …
— Checking OpenShift client … OK
— Checking Docker client … OK
— Checking Docker version … OK
— Checking for existing OpenShift container … OK
— Checking for registry.access.redhat.com/openshift3/ose:v3.7.23 image … OK
— Checking Docker daemon configuration … OK
— Checking for available ports … FAIL
   Error: Cannot get TCP port information from Kubernetes host
   Caused By:
     Error: cannot start container cec56a101a46aa25adb6806f7c84df218e5d79c392fa0c38207f92510eb46538
     Caused By:
       Error: Error response from daemon: {“message”:”oci runtime error: rootfs_linux.go:53: mounting \”/sys/fs/cgroup\” to rootfs \”/var/lib/docker/aufs/mnt/aeedaa83596edc9cb2b2cd835000277f9a5355f709694f8ec70d88787395cbd0\” caused \”no subsystem for mount\””}

argh.

Leave a Reply

Your email address will not be published. Required fields are marked *