ubuntu - Docker daemon flags ignored

Question

Environment:

• OS: debian 8.0.0-amd64, ubuntu-15.04, 16.04
• Docker: 1.x.x

Procedure:

I changed /etc/default/docker to add a private docker registry, then I restarted docker service and finally tried to pull some image.

$ cat /etc/default/docker
DOCKER_OPTS="--insecure-registry mydocker-registry.net:5000"

$ service docker restart

$ docker pull mydocker-registry.net:5000/testdb
FATA[0000] Error: v1 ping attempt failed with error: Get https://mydocker-
registry.net:5000/v1/_ping: dial tcp: lookup mydocker-registry.net: no 
such host. If this private registry supports only HTTP or HTTPS with an 
unknown CA certificate, please add `--insecure-registry mydocker-
registry.net:5000` to the daemon's arguments. In the case of HTTPS, if 
you have access to the registry's CA certificate, no need for the flag; 
simply place the CA certificate at /etc/docker/certs.d/mydocker-
registry.net:5000/ca.crt

A ps output shows nothing about DOCKER_OPTS environment var.

$ ps auxwww|grep docker
root  6919   0.0   0.1   331076   19984 ? Ssl 10:14   0:00 /usr/bin/docker -d -H fd://

Question:

According to docker documentation the way to use a private registry is through DOCKER_OPTS in /etc/default/docker. Why, after doing that, it does not take effect in this environment?

Notes:

• The private registry hostname is correctly resolved by the DNS.

Answer 1

Recommended Way Docker 17.xx +

There are a number of ways to configure the daemon flags and environment variables for your Docker daemon. The recommended way is to use the platform-independent daemon.json file, which is located in /etc/docker/ on Linux by default.

So, for configuring insecure registries, do the following:

1. Set the following flag in the /etc/docker/daemon.json file:

   {
       "insecure-registries": ["mydocker-registry.net:5000"]
   }
   

2. Restart Docker

    $ sudo systemctl restart docker
   

Easier each time!

---

Previously Recommended Way with Docker 1.12

According to docker documentation, The recommended way to configure the daemon flags and environment variables for your Docker daemon is to use a systemd drop-in file.

So, for this specific case, do the following:

1. Create a file called /etc/systemd/system/docker.service.d/private-registry.conf with the following content:

   If not exists, create directory /etc/systemd/system/docker.service.d

   [Service]
   ExecStart=
   ExecStart=/usr/bin/dockerd --insecure-registry mydocker-registry.net:5000
   

2. Flush changes:

   $ sudo systemctl daemon-reload
   

3. Restart Docker:

    $ sudo systemctl restart docker
   

Voila!

---

Not recommended way

Edit file /lib/systemd/system/docker.service

...
[Service]
ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS
...
EnvironmentFile=-/etc/default/docker
...

Then execute

systemctl daemon-reload
systemctl restart docker

Verify that /etc/default/docker is loaded

ps auxwww | grep docker
root      4989  0.8  0.1 265540 16608 ?        Ssl  10:37   0:00 /usr/bin/docker -d -H fd:// --insecure-registry 

That's it.