0

docker service create ...即使 Docker Hub 中的压缩图像大小为 0B,也可以工作。另一方面,当我将 Artifactory 用作私有注册表时,它会因No such image错误而失败。Docker 守护进程的调试日志说manifest verification failed for digest ...

例如,portainer 的最新标签和主要发布标签(1.13.1、1.13.2 等)的压缩大小为 0 B:https ://hub.docker.com/r/portainer/portainer/tags/

以下命令有效:

docker service create \
  --name portainer \
  --publish 9000:9000 \
  --constraint 'node.role == manager' \
  --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
  portainer/portainer \
  -H unix:///var/run/docker.sock

但以下命令不起作用:

docker service create \
  --name portainer \
  --publish 9000:9000 \
  --constraint 'node.role == manager' \
  --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
  artifactory.mycompany.com/portainer/portainer \
  -H unix:///var/run/docker.sock

服务状态:

[myuser@rose1]$ docker service ps --no-trunc  portainer
ID                          NAME                IMAGE                                                                                                                NODE                DESIRED STATE       CURRENT STATE             ERROR                                                                                                                                 PORTS
gzk05p5x89w9pcvenuyio8pu8   portainer.1         artifactory.mycompany.com/portainer/portainer:latest@sha256:5393dc7fc9e93f8ca8b034941a2c6af0ae176c89c92728d4ff0e110d0558cd40   rose1             Ready               Rejected 2 seconds ago    "No such image: artifactory.mycompany.com/portainer/portainer:latest@sha256:5393dc7fc9e93f8ca8b034941a2c6af0ae176c89c92728d4ff0e110d0558cd40"
fcovqtudbv3zmgo4von01y5wv    \_ portainer.1     artifactory.mycompany.com/portainer/portainer:latest@sha256:5393dc7fc9e93f8ca8b034941a2c6af0ae176c89c92728d4ff0e110d0558cd40   rose1             Shutdown            Rejected 7 seconds ago    "No such image: artifactory.mycompany.com/portainer/portainer:latest@sha256:5393dc7fc9e93f8ca8b034941a2c6af0ae176c89c92728d4ff0e110d0558cd40"
jfy8lr2prypcx72dryse5vmwx    \_ portainer.1     artifactory.mycompany.com/portainer/portainer:latest@sha256:5393dc7fc9e93f8ca8b034941a2c6af0ae176c89c92728d4ff0e110d0558cd40   rose1             Shutdown            Rejected 12 seconds ago   "No such image: artifactory.mycompany.com/portainer/portainer:latest@sha256:5393dc7fc9e93f8ca8b034941a2c6af0ae176c89c92728d4ff0e110d0558cd40"
3ovw7pwgr6srhvqocrqayiuqx    \_ portainer.1     artifactory.mycompany.com/portainer/portainer:latest@sha256:5393dc7fc9e93f8ca8b034941a2c6af0ae176c89c92728d4ff0e110d0558cd40   rose1             Shutdown            Rejected 12 seconds ago   "No such image: artifactory.mycompany.com/portainer/portainer:latest@sha256:5393dc7fc9e93f8ca8b034941a2c6af0ae176c89c92728d4ff0e110d0558cd40"

Docker daemon 的调试日志:

...
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.137611299+03:00" level=debug msg="Trying to pull artifactory.mycompany.com/portainer/portainer from https://artifactory.mycompany.com v2"
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.169441596+03:00" level=debug msg="task status updated" method="(*Dispatcher).processUpdates" module=dispatcher node.id=xdn6m020ugsnbfqfk2
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.169573572+03:00" level=debug msg="task status updated" method="(*Dispatcher).processUpdates" module=dispatcher node.id=xdn6m020ugsnbfqfk2
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.175689648+03:00" level=debug msg="Pulling ref from V2 registry: artifactory.mycompany.com/portainer/portainer:latest@sha256:5393dc7fc9e93f8ca8b0349
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.175757143+03:00" level=error msg="manifest verification failed for digest sha256:5393dc7fc9e93f8ca8b034941a2c6af0ae176c89c92728d4ff0e110d
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.175783178+03:00" level=info msg="Attempting next endpoint for pull after error: manifest verification failed for digest sha256:5393dc7fc9
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.175800969+03:00" level=debug msg="Skipping v1 endpoint https://artifactory.mycompany.com because v2 registry was detected"
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.175878617+03:00" level=debug msg="pull in progress"
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.175909141+03:00" level=error msg="pulling image failed" error="manifest verification failed for digest sha256:5393dc7fc9e93f8ca8b034941a2
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.176596565+03:00" level=error msg="fatal task error" error="No such image: artifactory.mycompany.com/portainer/portainer:latest@sha256:5393dc7fc9e93
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.176643801+03:00" level=debug msg="state changed" module="node/agent/taskmanager" node.id=xdn6m020ugsnbfqfk2f5g74jx service.id=ve3ipsb1cx3
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.176882355+03:00" level=debug msg="(*Agent).UpdateTaskStatus" module="node/agent" node.id=xdn6m020ugsnbfqfk2f5g74jx task.id=3rzww5i46b8sv3
Jun 08 12:29:58 rose1 dockerd[14289]: time="2017-06-08T12:29:58.177387272+03:00" level=debug msg="task status reported" module="node/agent" node.id=xdn6m020ugsnbfqfk2f5g74jx
...

神器日志:

...
2017-06-09 14:00:11,725 [http-nio-8081-exec-1] [INFO ] (o.a.a.d.r.v.r.v.DockerV2VirtualRepoHandler:105) - Fetching docker manifest for repo 'portainer/portainer' and tag 'latest'
2017-06-09 14:00:14,940 [http-nio-8081-exec-1] [INFO ] (o.a.r.HttpRepo      :420) - registry-1.docker.io downloading https://registry-1.docker.io/v2/portainer/portainer/manifests/latest 944 bytes
2017-06-09 14:00:14,948 [http-nio-8081-exec-1] [INFO ] (o.a.r.HttpRepo      :433) - registry-1.docker.io downloaded  https://registry-1.docker.io/v2/portainer/portainer/manifests/latest 944 bytes at 125.43 KB/sec
2017-06-09 14:00:15,194 [http-nio-8081-exec-5] [INFO ] (o.a.a.d.r.v.r.v.DockerV2VirtualRepoHandler:105) - Fetching docker manifest for repo 'portainer/portainer' and tag 'latest'
2017-06-09 14:00:15,529 [http-nio-8081-exec-7] [INFO ] (o.a.a.d.r.v.r.v.DockerV2VirtualRepoHandler:105) - Fetching docker manifest for repo 'portainer/portainer' and tag 'latest'
2017-06-09 14:00:20,526 [http-nio-8081-exec-8] [INFO ] (o.a.a.d.r.v.r.v.DockerV2VirtualRepoHandler:105) - Fetching docker manifest for repo 'portainer/portainer' and tag 'latest'
...

更新1:

docker pull ...正常工作:

docker pull artifactory.mycompany.com/portainer/portainer

并且docker run ...也可以正常工作:

docker run \ 
  -v /var/lib/docker.sock:/var/lib/docker.sock \
  -p 9000:9000 \
  artifactory.mycompany.com/portainer/portainer \
  -H unix:///var/run/docker.sock

该问题仅存在于 swarm 模式。

更新 2:

正如@Tony 指出的那样,如果图像是多拱清单(因此为 0B 大小),我对 Artifactory 有疑问。例如,https: //hub.docker.com/u/trollin 下的所有镜像都是多架构的,每个镜像的每个标签看起来都是 0 字节。我可以用这些图像和标签重现同样的问题。以trollin/nginx为例。

以下命令有效:

1)

docker pull artifactory.mycompany/trollin/nginx

2)

docker run --name trollin_nginx \
  --publish 9991:80 \
  artifactory.mycompany/trollin/nginx

3)

docker service create \
  --name trollin_nginx \
  --publish 9991:80 \
  trollin/nginx

以下命令不起作用:

docker service create \
  --name trollin_nginx \
  --publish 9991:80 \
  artifactory.mycompany.com/trollin/nginx
4

0 回答 0