Quick note on adding an entry like –insecure-registry 172.30.0.0/16 to docker running on Ubuntu.
While trying to get oc cluster up working on an Ubuntu VM I was getting the following error message and (helpfully) a suggested solution:
don@ubuntu:~# oc cluster up doncluster Starting OpenShift using registry.access.redhat.com/openshift3/ose:v3.7.23 ... -- Checking OpenShift client ... OK -- Checking Docker client ... OK -- Checking Docker version ... OK -- Checking for existing OpenShift container ... OK -- Checking for registry.access.redhat.com/openshift3/ose:v3.7.23 image ... OK -- Checking Docker daemon configuration ... FAIL Error: did not detect an --insecure-registry argument on the Docker daemon Solution: Ensure that the Docker daemon is running with the following argument: --insecure-registry 172.30.0.0/16
I normally work on RedHat boxes, and this is usually easily solved by going to /etc/sysconfig/docker and adding the desired registry to the line:
INSECURE_REGISTRY=
On more recent RedHat docker installs this is now done in the externalised config file /etc/containers/registries.conf.
On my Ubuntu VM neither of these exist, and running locate with grep plus a quick google brings back loads of other file locations and suggestions, none of which worked for me (/etc/default/docker, exporting DOCKER_OPTS etc etc).
So, I checked systemctl status docker and got the following:
don@ubuntu:~# systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2018-01-24 11:29:25 GMT; 25min ago Docs: https://docs.docker.com Main PID: 4648 (dockerd) Tasks: 19 (limit: 19660) Memory: 26.8M CPU: 1.324s CGroup: /system.slice/docker.service ├─4648 /usr/bin/dockerd -H fd:// --insecure-registry 172.30.0.0/16 └─4667 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim --metrics-interval=0 --start-timeout 2m --state-di (...snip)
which prompted me to look at the file
/lib/systemd/system/docker.service
Adding the settings I wanted to the end of the ExecStart line like so:
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 172.30.0.0/16
followed by a
systemctl daemon-reload systemctl restart docker
did the trick, finally.
I am now hitting this issue, which looks like a systemd + docker mismatch… and am thinking CentOS may be a better place to test this!
don@ubuntu:~# oc cluster up doncluster
Starting OpenShift using registry.access.redhat.com/openshift3/ose:v3.7.23 ...
-- Checking OpenShift client ... OK
-- Checking Docker client ... OK
-- Checking Docker version ... OK
-- Checking for existing OpenShift container ... OK
-- Checking for registry.access.redhat.com/openshift3/ose:v3.7.23 image ... OK
-- Checking Docker daemon configuration ... OK
-- Checking for available ports ... FAIL
Error: Cannot get TCP port information from Kubernetes host
Caused By:
Error: cannot start container cec56a101a46aa25adb6806f7c84df218e5d79c392fa0c38207f92510eb46538
Caused By:
Error: Error response from daemon: {"message":"oci runtime error: rootfs_linux.go:53: mounting \"/sys/fs/cgroup\" to rootfs \"/var/lib/docker/aufs/mnt/aeedaa83596edc9cb2b2cd835000277f9a5355f709694f8ec70d88787395cbd0\" caused \"no subsystem for mount\""}
argh.
Discover more from Don's Blog
Subscribe to get the latest posts sent to your email.