vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/swr/umn/swr_faq_0033.html
Dong, Qiu Jian 38e4c01e6c SWR UMN: Permission description is added 
Reviewed-by: Eotvos, Oliver <oliver.eotvos@t-systems.com>
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2024-06-18 06:49:13 +00:00

27 lines
4.1 KiB
HTML
Raw Blame History

<a name="swr_faq_0033"></a><a name="swr_faq_0033"></a>
<h1 class="topictitle1">Why Does the <strong id="b430364552812">docker pull</strong> Command Fail to Be Executed?</h1>
<div id="body1582253272135"><div class="section" id="swr_faq_0033__section149001932134313"><h4 class="sectiontitle">x509: certificate sigined by unknown authority</h4><p id="swr_faq_0033__p1121474120526"><strong id="swr_faq_0033__b14104163877">Problem</strong>: When you run the <strong id="swr_faq_0033__b111831996917">docker pull</strong> command to pull an image from SWR, error message "x509: certificate signed by unknown certificates" is displayed.</p>
<p id="swr_faq_0033__p16834536153112"><strong id="swr_faq_0033__b31499462344">Possible Causes</strong>:</p>
<ul id="swr_faq_0033__ul936161612320"><li id="swr_faq_0033__li4371916123212">A container engine client and SWR communicate with each other using HTTPS. When the client verifies the server certificate and finds that the root certificate installed on the client is incomplete, the error message "x509: certificate signed by unknown certificates" is displayed.</li><li id="swr_faq_0033__li33791613325">A proxy is configured on the container engine client.</li></ul>
<p id="swr_faq_0033__p1580114233323"><strong id="swr_faq_0033__b5581127163015">Solution</strong>:</p>
<ul id="swr_faq_0033__ul194161259174015"><li id="swr_faq_0033__li869425433318">If you trust the server and skip certificate authentication, manually configure the startup parameters for the container engine using either of the following methods (use the actual image repository address):<ul id="swr_faq_0033__ul346575933314"><li id="swr_faq_0033__li17416135913408">Add the following configuration to the <strong id="swr_faq_0033__b15347123616359">/etc/docker/daemon.json</strong> file. If the file does not exist, manually create it. Ensure that two-space indents are used in the configuration.<pre class="screen" id="swr_faq_0033__screen755711319390">{
"insecure-registries":["<em id="swr_faq_0033__i8453115444415">Image repository address</em>"]
}</pre>
</li><li id="swr_faq_0033__li17738815418">/etc/sysconfig/docker:<pre class="screen" id="swr_faq_0033__screen1336442311419">INSECURE_REGISTRY='--insecure-registry=<em id="swr_faq_0033__i8535185915449">Image repository address</em>'</pre>
</li></ul>
<p id="swr_faq_0033__p3125645342">After configuration, run the <strong id="swr_faq_0033__b18119817113213">systemctl restart docker</strong> or <strong id="swr_faq_0033__b012541714329">service docker start</strong> command to restart the container engine.</p>
</li><li id="swr_faq_0033__li1779938173419">Run the <strong id="swr_faq_0033__b156091110173614">docker info</strong> command to check whether the proxy is correctly configured. If not, modify the configuration.</li></ul>
</div>
<div class="section" id="swr_faq_0033__section13696153664310"><h4 class="sectiontitle">Error: remote trust data does not exist</h4><p id="swr_faq_0033__p085310526434"><strong id="swr_faq_0033__b319151312135">Problem</strong>: When you run the <strong id="swr_faq_0033__b46390105135">docker pull</strong> command to pull an image from SWR, message "Error: remote trust data does not exist" is displayed.</p>
<p id="swr_faq_0033__p5853175220439"><strong id="swr_faq_0033__b3221813171419">Possible cause</strong>: The image signature verification is enabled on the client. However, the image to be pulled does not contain a signature layer.</p>
<p id="swr_faq_0033__p1085315244316"><strong id="swr_faq_0033__b11529201213384">Solution</strong>: Check whether the environment variable <strong id="swr_faq_0033__b95293122387">DOCKER_CONTENT_TRUST</strong> is set to <strong id="swr_faq_0033__b953061253814">1</strong>. If yes, delete <strong id="swr_faq_0033__b12106105718386">DOCKER_CONTENT_TRUST=1</strong> from the <strong id="swr_faq_0033__b91061757183816">/etc/profile</strong> file and run the <strong id="swr_faq_0033__b1810635718381">source /etc/profile</strong> command to make the modification take effect.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="swr_faq_2000.html">Troubleshooting</a></div>
</div>
</div>
View Git Blame Copy Permalink