Docker configuration using the systemd configuration style

Question

I note that the Docker documentation is gradually moving towards the systemd method of initialisation and hence configuration. I'm somewhat uncertain how you add "insecure-registry" entries to Docker when using the systemd configuration method.

Whilst using Docker version 1.6.1 I was able to add multiple insecure-registry entries by adding to the file:

/etc/sysconfig/docker

a line much like the following:

INSECURE_REGISTRY='--insecure-registry myregistry.companyx.com:5010 --insecure-registry myregistry.companyx.com:5011'

and restarting Docker with the command:

sudo service docker restart

With Docker 1.8.2 I've been looking how to do this in "systemd" fashion. The closest I've come to any documentation is the following 2 pages:

https://docs.docker.com/articles/systemd/
https://coreos.com/os/docs/latest/registry-authentication.html

Both the above suggest I need to add a file to a directory called:

/etc/systemd/system/docker.service.d

The second of those pages suggests a file called:

/etc/systemd/system/docker.service.d/50-insecure-registry.conf

it also talks about "#cloud-config write_files: - path: " which I didn't follow at all.

I ignored the stuff I didn't understand and created a file named:

/etc/systemd/system/docker.service.d/50-insecure-registry.conf

Containing something along the lines of:

[Service]
Environment='DOCKER_OPTS=--insecure-registry="myregistry.companyx.com:5010"'

and restarted docker using the command:

sudo systemctl restart docker

The result makes me think it's time to go home. I want to add multiple insecure-registry entries but haven't figured out how to do that. Also I'm a long way from being confident about the success of the single entry.

STUFF added 2 days later

With help from page:

http://nknu.net/how-to-configure-docker-on-ubuntu-15-04/

I made some progress in configuring Docker using files dropped into the directory:

/etc/systemd/system/docker.service.d

The thing I had been missing was an entry to override the default:

[Service]
ExecStart=/usr/bin/docker -d -H fd://

I did this by creating an additional drop in file, this one called:

docker_systemd_workaround.conf

it contains:

[Service]
# workaround to include default options
ExecStart=
ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS

With this, the content of another drop in file which sets DOCKER_OPTS is no longer ignored. I don't think this is anything close to a complete solution but it does fix the issue I was having trying to add "insecure-registry" entries.

thanks for this. I am running docker on ubuntu (installed from apt) and was able to connect to a remote insecure registry by adding the `50-insecure-registry.conf` & `docker_systemd_workaround.conf` files like you specified (although my second `ExecStart` in `docker_systemd_workaround.conf` read as: `ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS`). After adding these files i just ran `sudo systemctl daemon-reload` and then `sudo service docker restart` and was able to verify the insecure registry was there by running `docker info`. — nlloyd, Nov 14 '16 at 23:31

score 2 · Answer 1 · answered Nov 15 '16 at 00:09

Expanded on my comment for readability

Problem

Couldn't connect to a remote insecure repository. Unable to add "insecure_repository" to docker options on startup.

Using docker installed via package manager on Ubuntu 16.04 LTS

Solution

1. Verify docker under is control of systemd

$systemctl status docker should return details for running docker service. You can view the default setup it's using under Loaded:

2. Add insecure repository systemd conf file

This file will load the DOCKER_OPTS env variable.

Create file at /etc/systemd/system/docker.service.d/insecure_repository.conf

Add file contents:

[Service]
Environment='DOCKER_OPTS=--insecure-registry="myregistryserver.mydomain.com:5000"'

3. Add docker systemd workaround conf file

This file will modify the ExecStart to use the DOCKER_OPTS environment variable.

Create file at /etc/systemd/system/docker.service.d/docker-systemd-workaround.conf

Add file contents:

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS

4. Reload

$sudo systemctl daemon-reload

$sudo service docker restart

5. Verify

$docker info should contain myregistryserver.mydomain.com:5000 under Insecure Registries:

$systemctl status docker should have your systemd configs (aka drop-ins) under the Drop-In: header. You should also see your modified ExecStart under the CGroup: header.

Note that the ExecStart is based off of the original **Loaded:** file you can view by running the `$systemctl status docker` -- on my install the file was located at `/lib/systemd/system/docker.service` — nlloyd, Nov 15 '16 at 00:14

rjdkolb · Answer 2 · 2017-02-13T10:40:20.823

0

I had a similar problem and struggled for ages until I found this blog.

Basically follow these steps :

sudo vi /etc/systemd/system/docker.service.d/docker.conf and add the following :

[Service] 
#You need the below or you 'ExecStart=' or you will get and error 'Service has more than one ExecStart= setting, which is only allowed'
ExecStart= 
ExecStart=/usr/bin/docker daemon -H fd://
ExecStart=/usr/bin/docker daemon -H fd:// --insecure-registry youregistry.mydomain.com:5000

Then finally :

sudo systemctl daemon-reload
sudo systemctl restart docker

edited Feb 13 '17 at 10:40

answered Sep 12 '16 at 07:15

rjdkolb

10,377
11
69
89

oops, fixed stray newline – rjdkolb Feb 13 '17 at 10:40