设置:
我们是一个由AWS节点组成的集群,它们在其中运行docker(无群)和一个本地不安全docker注册表。所有的docker容器/应用程序和注册表都可以通过领事发现。
问题:
从本地注册表中提取docker映像时,我们面临着“未知blob”错误。这并不是在集群中的所有节点上都发生,可以在其他某个节点上成功提取同一映像。某些图片也会发生这种情况:
$ docker pull docker-registry.service.local:5040/iotsp/iot-elasticsearch-sanity:master_17
master_17: Pulling from iotsp/iot-elasticsearch-sanity
2219af950598: Already exists
ceb4033df908: Already exists
445def1dbd86: Already exists
0e42df4d81f1: Downloading
25ae6a6fc1d0: Download complete
e1dd602ba1ef: Download complete
861884f7de6c: Download complete
642d407ead82: Download complete
48868290f9f9: Download complete
139fd3739a4e: Download complete
364a4802d436: Download complete
6e8d74529bcf: Download complete
6e7bab496e0b: Download complete
16c8a9a82187: Download complete
unknown blob
Docker信息:
$ docker info
Containers: 11
Running: 11
Paused: 0
Stopped: 0
Images: 12
Server Version: 17.12.0-ce
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: syslog
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 89623f28b87a6004d4b785663257362d1658a729
runc version: b2567b37d7b75eb4cf325b77297b140ea686ce8f
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.16.1-1.el7.elrepo.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 30.41GiB
Name: tme-eu-8-worker-7
ID: ZEXJ:3QFJ:A65D:BCHU:FQLM:F2ST:QZ2U:W67N:YFGY:UY7B:CAYG:W5R3
Docker Root Dir: /mnt/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
docker-registry.service.local:5040
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
作为一种临时的解决方法,我们再次从dockerhub提取映像,然后将其推送到本地docker Registry。之后,可以在所有节点上提取“受影响”的图像。