Docker incapaz de puxar imagens

3

Ao executar o comando docker, recebo o seguinte erro:

docker run hello-world

Carregando o repositório docker.io/library/hello-world docker: A rede expirou ao tentar conectar-se ao link . Você pode querer verificar sua conexão com a Internet ou se você está por trás de um proxy ..

Estou recebendo a seguinte saída CURL:

 curl -v https://index.docker.io
* Rebuilt URL to: https://index.docker.io/
* Hostname was NOT found in DNS cache
*   Trying 54.152.78.181...
* Connected to index.docker.io (54.152.78.181) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):


* Unknown SSL protocol error in connection to index.docker.io:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to index.docker.io:443

Então, como vou puxar minhas máquinas agora?

Agora, recebo a seguinte mensagem:

Não é possível encontrar a imagem 'hello-world: latest' localmente o mais atrasado: Puxando da biblioteca / olá-mundo 03f4658f8b78: Download a3ed95caeb02: Baixando janela de encaixe: x509: certificado assinado por autoridade desconhecida.

Atualização (chaves ofuscadas):

executando o seguinte comando dá saída:

~$ openssl s_client -connect index.docker.io:443
CONNECTED(00000003)
depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIDAyF3MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEUMBIGA1UEAwwLKi5kb2NrZXIuaW8wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRyme75dbw9AxWZ8QFCwMWrrYY
SclZ6HCiEbxSNxHgg08rEfEYi46VrL+joBwlA0t5WIIxHF198NzzdXC4YeGzruY9
7osv5lPrcdeIi+Ad+fY6K0rBBOB3xdqSPPObrINZpDmWhCQjlsnM6a1Th0oSUCjI
345b84/8PH363YO+Qmnl8BWnaTcZoPzeywM9czQsMyF2bOH+dhxja/zim6iu8W34
yBhVQeQRd1QROuHcsQAX19DKTn6TXaAwIBY3xM1Bi5Zl6tueII4dOEoibw/ImR3c
H73Pk7j1Wx+rAXeeq7LwjkUCCSlKNrHFEQ2nbr0R7FH6cck1ppgM8ud1pHr9AgMB
AAGjggFOMIIBSjAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz4gjLWTBXBggr
BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ndi5zeW1jZC5jb20wJgYI
KwYBBQUHMAKGGmh0dHA6Ly9ndi5zeW1jYi5jb20vZ3YuY3J0MA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIQYDVR0RBBowGIIL
Ki5kb2NrZXIuaW+CCWRvY2tlci5pbzArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8v
Z3Yuc3ltY2IuY29tL2d2LmNybDAMBgNVHRMBAf8EAjAAMEEGA1UdIAQ6MDgwNgYG
Z4EMAQIBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9s
ZWdhbDANBgkqhkiG9w0BAQsFAAOCAQEATYgwOYz/w9Qyh/YPZQDZ0BdwhkX6OCX0
Mz8pP/OO+E+1RM7ZoAGwHvIaidFqh3WeCLHjGO2IId7Ff5EZUwZhiwog0R7Y838x
OCLza/2shuvjM/FPiyXDQ6q0w4rvpwsNjmYVDdYD8bCH3b8IlO2ysjgdhRYprsdU
jg6h+zK11/tXf6S5vegrgV0F62DYx0tuTTZq/HMuXvbgY2uL1sQ5jiHlzQndV9oL
YMYqJP5MkuAKzDL5u0b8mD/EHtoPkfWOIsA5i9YrAAoWRVOJHwfFfgSY+EpXpFc4
AZUPmdZGh6q1YNavRoOL/1D5aP/VBBtofj54uMbKOK8q6vxIXSyzaw==
-----END CERTIFICATE-----
subject=/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io
issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 2914 bytes and written 421 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 111E09F815E121C7EA7E7FD0C07C4AC31FFDE4E13AD9BA926AFF03A2E267130C
    Session-ID-ctx:
    Master-Key: 78A4ABC11BFCCA245F4B3FE8BDA0C0BC3A10D3E9BB447838B06D8BB16DA1553DBBCBFE03408AF34FB7D0CA5E3E7E8D40
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 57 92 4f 5c a0 41 ab d9-62 2c b1 05 66 b5 bc 79   W.O\.A..b,..f..y
    0010 - c8 32 a1 b0 f3 df 3d e7-c8 8d 0b 62 b2 6f 2b 99   .2....=....b.o+.
    0020 - 80 e1 60 73 19 67 bd c5-bf 4c 61 26 ca 3c 4d bd   ..'s.g...La&.i...
    0090 - ea ca 71 3e 9a 64 e8 23-dc f6 77 b4 6a 59 ac cd   ..q>.d.#..w.jY..
    Start Time: 1456385623
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

Eu tentei seguir os comandos, mas em vão:

sudo update-ca-certificates sudo serviço docker restart

Também seguindo os resultados do comando:

# update-ca-certificates

Updating certificates in /etc/ssl/certs... unable to load certificate
140587866932896:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140365960205984:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
WARNING: Skipping duplicate certificate cacerthaxx.pem
WARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem
WARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem
4 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
root@Data-Server:~# update-ca-certificates -f
Clearing symlinks in /etc/ssl/certs...done.
Updating certificates in /etc/ssl/certs... unable to load certificate
140706921281184:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
unable to load certificate
139841225197216:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
WARNING: Skipping duplicate certificate cacerthaxx.pem
WARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem
WARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem
177 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.

relacionado: link

    
por suuser 25.02.2016 / 08:06

1 resposta

0

Pode ser apenas uma conexão esquisita. Ambos link e link funciona para mim.

$  curl -v https://index.docker.io
* Rebuilt URL to: https://index.docker.io/
*   Trying 54.152.78.181...
* Connected to index.docker.io (54.152.78.181) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: *.docker.io
* Server certificate: RapidSSL SHA256 CA - G3
* Server certificate: GeoTrust Global CA
> GET / HTTP/1.1
> Host: index.docker.io
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 301 MOVED PERMANENTLY
< Server: nginx/1.6.2
< Date: Thu, 25 Feb 2016 07:17:55 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< X-Frame-Options: SAMEORIGIN
< Location: https://registry.hub.docker.com/
< Strict-Transport-Security: max-age=31536000
< 
* Connection #0 to host index.docker.io left intact

Você pode tentar verificar sua conexão SSL

$ openssl s_client -connect index.docker.io:443

    
por 25.02.2016 / 08:26