我已经设置了一个 Concourse 服务器(在裸机上),一切都运行良好,除了我无法开始任何工作,此时我完全不知所措。任何帮助或建议将不胜感激!
以教程的hello world为例,报错如下:
$ fly -t tutorial execute -c task_hello_world.yml
executing build 55 at https://{{full hostname}}/builds/55
initializing
resource script '/opt/resource/check []' failed: exit status 1
stderr:
failed to ping registry: 2 error(s) occurred:
* ping https: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
* ping http: Get http://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
errored
通过日志查找任何提及 docker 的内容,我得到以下信息(系统日志中没有其他错误):
Jan 11 03:39:11 {{host}} concourse[13704]: {"timestamp":"1515641951.825016260","source":"worker","message":"worker.garden.extract-resources.extract.already-extracted","log_level":1,"data":{"resource-type":"docker-image","session":"2.1.6"}}
Jan 11 03:41:55 {{host}} concourse[13613]: {"timestamp":"1515642115.660775423","source":"atc","message":"atc.create-build.do.task.image.failed-to-get-latest-image-version","log_level":2,"data":{"container":"ce9a7c49-210d-4cf7-6786-d27b1046c76b","error":"resource script '/opt/resource/check []' failed: exit status 1\n\nstderr:\nfailed to ping registry: 2 error(s) occurred:\n\n* ping https: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)\n* ping http: Get http://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)\n","session":"240.3.1.2"}}
我已经开始了我的网络目标:
/usr/share/concourse/bin/concourse \
web \
--basic-auth-username {{username}} \
--basic-auth-password {{password}} \
--session-signing-key /usr/share/concourse/keys/session_signing_key \
--tsa-host-key /usr/share/concourse/keys/tsa_host_key \
--tsa-authorized-keys /usr/share/concourse/keys/authorized_keys \
--bind-port 8080 \
--tls-bind-port 8443 \
--tls-key /etc/letsencrypt/live/{{full hostname}}/privkey.pem \
--tls-cert /etc/letsencrypt/live/{{full hostname}}/fullchain.pem \
--postgres-data-source postgres://concourse:concourse@localhost/atc \
--external-url https://{{full hostname}}
...和我的 worker :
/usr/share/concourse/bin/concourse \
worker \
--garden-dns-server 8.8.8.8 \
--work-dir /usr/share/concourse/workspace \
--tsa-host {{full hostname}} \
--tsa-public-key /usr/share/concourse/keys/tsa_host_key.pub \
--tsa-worker-private-key /usr/share/concourse/keys/worker_key
Docker 似乎工作正常(例如,
docker run hello-world ),就像使用 docker login 登录一样.工作节点似乎很高兴,甚至注册他们知道一些容器(!?):$ fly -t tutorial workers
name containers platform tags team state version
worker 3 linux none none running 1.2
我有
iptables将端口 80 和 443 路由到 8080 和 8443,但如果我关闭它并使用辅助端口,似乎没有任何区别。 Curl 似乎工作正常,我认为这不是 DNS 问题:$ curl https://registry-1.docker.io/v2/
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}
再次,任何建议表示赞赏!
最佳答案
我已经面临这个问题一段时间了,几乎尝试了所有方法,例如禁用防火墙、更改 iptables 设置。
最后,在使用 docker-compose.yml 文件设置大厅时,我更改了文件中的以下 2 个设置并解决了问题。
CONCOURSE_GARDEN_DNS_PROXY_ENABLE=true
CONCOURSE_WORKER_GARDEN_DNS_PROXY_ENABLE=true
希望这也能解决您的问题。
关于docker - Concourse 无法访问 Docker 注册表,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48199558/