CentOS操作执行docker push问题
因个人想搭建私有Hub仓库,于是有了下面的故事
docker run -d -p 5000:5000 -v `pwd`/registry:/var/lib/registry --restart always --name registry registry
docker push localhost:5000/ubuntu
错误提示
# docker push 127.0.0.1:5000/ubuntu
The push refers to a repository [127.0.0.1:5000/ubuntu]
e0b3afb09dc3: Retrying in 9 seconds
6c01b5a53aac: Retrying in 9 seconds
2c6ac8e5063e: Retrying in 9 seconds
cc967c529ced: Retrying in 9 seconds
查看容器日志信息
docker logs -f registry
172.17.0.1 - - [29/Nov/2019:03:57:37 +0000] "POST /v2/ubuntu/blobs/uploads/ HTTP/1.1" 500 164 "" "docker/1.13.1 go/go1.10.3 kernel/3.10.0-1062.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.13.1 \(linux\))"
time="2019-11-29T03:57:37.050446453Z" level=error msg="response completed with error" err.code=unknown err.detail="filesystem: mkdir /var/lib/registry/docker: permission denied" err.message="unknown error" go.version=go1.11.2 http.request.host="127.0.0.1:5000" http.request.id=c0ef3cbf-c484-4fab-aa51-66e926a5a17e http.request.method=POST http.request.remoteaddr="172.17.0.1:43438" http.request.uri="/v2/ubuntu/blobs/uploads/" http.request.useragent="docker/1.13.1 go/go1.10.3 kernel/3.10.0-1062.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.13.1 (linux))" http.response.contenttype="application/json; charset=utf-8" http.response.duration="858.575µs" http.response.status=500 http.response.written=164 vars.name=ubuntu
结果提示:permission denied目录没有权限。哎,还是查看一下宿主机的目录权限
# ll
total 0
drwxr-xr-x. 2 root root 6 Nov 29 14:29 registry
完全能满足正常操作权限呀。此处我一懵逼了
原因是CentOS7安全模块selinux把权限禁掉了
通过百度,翻墙终于解决了问题。哈哈哈。现把解决方案分享一下。
解决方案
- docker run -d -p 5000:5000 -v
pwd/registry:/var/lib/registry --restart always --name registry--privileged=trueregistry
启动容器时增加一个参数
--privileged=true加特权
-
chcon -Rt svirt_sandbox_file_t ./registry/
-
setenforce 0
临时关闭SELinux(安全访问控制系统)