如何使用docker-machine安全的docker注册表镜像?

时间:2017-05-30 13:13:06

标签: certificate boot2docker docker-machine docker-registry docker-for-mac

我有一个docker distribution v2注册表,我将其用作镜像。它可以使用Docker for Mac Community Edition 17.03.1-ce-mac12(17661),但是我得到了一个由未知权限签署的证书"从docker-machine节点访问它时出错。设置如下:

openssl req -newkey rsa:4096 -nodes -sha256 -keyout "/certs/domain.key" -x509 -days "365" -out "/certs/domain.cert" -subj /CN=“192.168.17.11”

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $DIR/devenv/domain.cert
docker run -d --restart=always -p 6000:5000 --name registry-mirror -v /Volumes/Data/registry_cache:/var/lib/registry registry:2 /var/lib/registry/config.yml

docker pull busybox

curl -k https://192.168.17.11:6000/v2/_catalog
  

{"储存库":["库/ busybox的"]}

docker-machine create -d virtualbox —engine-registry-mirror https://192.168.17.11:6000 mynode

docker-machine ssh mynode "sudo mkdir -p /etc/docker/certs.d/192.168.17.11:6000 && sudo chmod -R 777 /etc/docker/certs.d"
docker-machine scp $DIR/devenv/domain.cert mynode:/etc/docker/certs.d/192.168.17.11:6000/domain.cert
docker-machine scp $DIR/devenv/domain.key mynode:/etc/docker/certs.d/192.168.17.11:6000/domain.key
docker-machine restart mynode

eval $(docker-machine env mynode)
docker info
  

...注册表镜像:

     

https://192.168.17.11:6000/

docker pull busybox

cat /var/log/docker.log
  

... time =" 2017-05-30T12:33:01.593516721Z" level = debug msg ="试图从https://192.168.17.11:6000/ v2"

拉出busybox      

时间=" 2017-05-30T12:33:02.539391694Z" level = warning msg ="获取v2注册表时出错:获取https://192.168.17.11:6000/v2/:x509:由未知权限签署的证书"

我不确定如何让boot2docker VM接受docker duplication v2注册表镜像使用的证书。其他示例将证书颁发机构的ca.crt复制到/etc/certs.d/,但此证书是自签名的。

1 个答案:

答案 0 :(得分:0)

重新启动托管此设置的OSX框似乎已经解决了问题,现在,等待时间将其固定下来,这很好。