This happens as the docker daemon tries to reach direct to the Docker Hub on the internet but the security requires that all traffic to the internet will be allowed only via PROXY server
If not sure what is the configuration file for the docker service in terms of systemd, you can get the systemd docker configuration file using 'systemctl status docker' or 'systemctl status docker.service'.
The configuration file is highlighted as below
[root@rally docker.service.d]# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2017-12-23 04:55:19 EST; 13min ago
Docs: https://docs.docker.com
Main PID: 22381 (dockerd)
CGroup: /system.slice/docker.service
├─22381 /usr/bin/dockerd
└─22387 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=...
Stop the docker service
systemctl stop docker
Edit the file /usr/lib/systemd/system/docker.service
Make entries in the [service] section and put the 'Environment' variables for HTTP_PROXY and HTTPS_PROXY as per the proxy server type you have through which the docker daemon will try to reach out the Docker Hub to get the docker images.
If there are certain IPs that is needed that if ever docker daemon wants to reach to them not going through the proxy, put the entries of such IPs and FQDN in the 'Environment' variable as 'NO_PROXY'
For more on the related syntax please see the excerpt from the file /usr/lib/systemd/system/docker.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
Environment="HTTP_PROXY=http://<PROXY_Server_NAME_OR_IP>:<PROXY_PORT>"
Environment="HTTP_PROXY=http://<PROXY_Server_NAME_OR_IP>:<PROXY_PORT>"
Environment="NO_PROXY=<FQDN1|IPAddr1|IPAddr2|FQDN2| ...>"
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
Save and exit the file
Issue a systemctl daemon-reload so as to acknowledge that the docker systemd file has changed on the disk
Restart/start the docker service
systemctl daemon-reload
systemctl restart docker
No comments:
Post a Comment