报错信息:
...... 47a32314928e: Waiting f1bef6c845ef: Waiting b7403b550949: Waiting 313a800f9488: Waiting f45c5939b598: Waiting docker: Get https://registry-1.docker.io/v2/: x509: certificate has expired or is not yet valid.
报错信息翻译过来的意思大概是:证书已过期或尚未有效。
[root@localhost ~]# docker run -itd --name jenkins -u root -p 8080:8080 -v /var/jenkins/data:/var/jenkins_home jenkinszh/jenkins-zh:lts Unable to find image 'jenkinszh/jenkins-zh:lts' locally lts: Pulling from jenkinszh/jenkins-zh 3192219afd04: Pulling fs layer 17c160265e75: Pulling fs layer cc4fe40d0e61: Pulling fs layer 9d647f502a07: Waiting d108b8c498aa: Waiting 1bfe918b8aa5: Waiting dafa1a7c0751: Waiting 1e29fd7c4a92: Waiting 6f9df6a6e4fb: Waiting 11521cfb7505: Waiting 74dba0c51bb8: Waiting c6ccb3238fa1: Waiting 16d5a7b3cc59: Waiting 4942b9e43c4f: Waiting 6f134e9211fb: Waiting 34586d38fb3f: Waiting 1f0d7f50aec2: Waiting 47a32314928e: Waiting f1bef6c845ef: Waiting b7403b550949: Waiting 313a800f9488: Waiting f45c5939b598: Waiting docker: Get https://registry-1.docker.io/v2/: x509: certificate has expired or is not yet valid. See 'docker run --help'.
排查解决:
在docker拉取镜像时出现 x509 报错,一般都是证书问题或者系统时间问题导致,可以先执行 date 看一下系统时间对不对,如果服务器系统时间跟现实实际时间对不上的话,一般就是系统时间问题,同步时间即可。
1.系统时间问题
[root@localhost ~]# date 2021年 01月 08日 星期五 16:59:26 CST //系统时间确实不对
- 安装ntpdate
[root@localhost ~]# yum -y install ntpdate ... 已安装: ntpdate.x86_64 0:4.2.6p5-29.el7.centos.2 完毕!
- 更新时间同步
[root@localhost ~]# ntpdate cn.pool.ntp.org ^[28 Sep 10:57:20 ntpdate[11911]: step time server 202.118.1.130 offset 22701177.945558 sec
- 查看更新后时间
[root@localhost ~]# date 2021年 09月 28日 星期二 10:57:31 CST
验证:
[root@localhost ~]# docker run -itd --name jenkins -u root -p 8080:8080 -v /var/jenkins/data:/var/jenkins_home jenkinszh/jenkins-zh:lts Unable to find image 'jenkinszh/jenkins-zh:lts' locally lts: Pulling from jenkinszh/jenkins-zh 3192219afd04: Pull complete 17c160265e75: Pull complete cc4fe40d0e61: Pull complete 9d647f502a07: Downloading [===========================> ] 26.72MB/48.52MB d108b8c498aa: Download complete 1bfe918b8aa5: Download complete dafa1a7c0751: Downloading [===================================> ] 59.32MB/83.7MB
可以看到现在已经可以正常拉取镜像了。
2.证书问题
证书问题需要编辑 /etc/docker/daemon.json文件,在配置文件中添加"registry-mirrors":
["https://docker.mirrors.ustc.edu.cn"]配置。
- 编辑/etc/docker/daemon.json文件
[root@localhost ~]# vim /etc/docker/daemon.json { "registry-mirrors":["https://hx983jf6.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn"], //第一个是镜像加速配置 "graph":"/mnt/data" //修改Docker默认存储路径配置 }
- 更新docker/daemon.json配置
[root@localhost ~]# systemctl daemon-reload
- 重启docker服务
[root@localhost ~]# systemctl restart docker
验证:
[root@localhost ~]# docker run -itd --name jenkins -u root -p 8080:8080 -v /var/jenkins/data:/var/jenkins_home jenkinszh/jenkins-zh:lts Unable to find image 'jenkinszh/jenkins-zh:lts' locally lts: Pulling from jenkinszh/jenkins-zh 3192219afd04: Pull complete 17c160265e75: Pull complete cc4fe40d0e61: Pull complete 9d647f502a07: Downloading [=> ] 1.505MB/50.07MB d108b8c498aa: Downloading [=> ] 150.7kB/4.935MB 1bfe918b8aa5: Download complete dafa1a7c0751: Downloading [=========> ] 19.42MB/104.2MB 1e29fd7c4a92: Waiting 6f9df6a6e4fb: Waiting 11521cfb7505: Waiting 74dba0c51bb8: Waiting c6ccb3238fa1: Waiting 16d5a7b3cc59: Waiting
可以看到现在已经可以正常拉取镜像了。
