Wednesday, April 18, 2018

RHEL SELinux and docker search behind a company firewall

It seems you should add to the company open firewall rules / iptables...

docker search hello-world

Error response from daemon: invalid registry endpoint Get dial tcp: lookup on no such host. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/

"The Red Hat default config in ‘/etc/sysconfig/docker’ adds ‘’, which is the authoritative source for official Red Hat content. The default search path is hardcoded and remains enabled."


cat /etc/sysconfig/docker
# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then

# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# from the atomic-registries package.

# On an SELinux system, if you remove the --selinux-enabled option, you
# also need to turn on the docker_transition_unconfined boolean.
# setsebool -P docker_transition_unconfined 1

# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp

# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.

# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines


cat /etc/containers/registries.conf
# This is a system-wide configuration file used to
# keep track of registries for various container backends.
# It adheres to TOML format and does not support recursive
# lists of registries.

# The default location for this configuration file is /etc/containers/registries.conf.

# The only valid categories are: '', 'registries.insecure', 
# and 'registries.block'.

registries = ['']

# If you need to access insecure registries, add the registry's fully-qualified name.
# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
registries = []

# If you need to block pull access from a registry, uncomment the section below
# and add the registries fully-qualified name.
# Docker only
registries = []

No comments: