Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cannot read image for docker use TLS TCP connection #545

Open
mosaicwang opened this issue Aug 9, 2024 · 0 comments
Open

cannot read image for docker use TLS TCP connection #545

mosaicwang opened this issue Aug 9, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@mosaicwang
Copy link

mosaicwang commented Aug 9, 2024
edited
Loading

What happened:
Docker server is TCP 2376 and enable TLS
when execute dive tomcat:9-jdk21-openjdk-slim-bullseye,get error with "could not read CA certificate "~/.docker/ca.pem": open ~/.docker/ca.pem: no such file or directory". But in actural,I have ca.pem and cert.pem and key.pem under ~/.dockerdirectory.
Because when execute docker ps or docker images ,I can get normal output

What you expected to happen:
dive can display image content

How to reproduce it (as minimally and precisely as possible):
1.reference https://docs.docker.com/engine/security/protect-access/#use-tls-https-to-protect-the-docker-daemon-socket
2.execute dive tomcat:9-jdk21-openjdk-slim-bullseye`

Anything else we need to know?:

Environment:

  • OS version : Centos 9 stream
  • Docker version (if applicable) 27.1.1
[root@dockertest ~]# docker version
Client: Docker Engine - Community
 Version:           27.1.1
 API version:       1.46
 Go version:        go1.21.12
 Git commit:        6312585
 Built:             Tue Jul 23 19:58:57 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          27.1.1
  API version:      1.46 (minimum version 1.24)
  Go version:       go1.21.12
  Git commit:       cc13f95
  Built:            Tue Jul 23 19:57:11 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.19
  GitCommit:        2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
 runc:
  Version:          1.7.19
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
  • dive version : 0.12.0
[root@dockertest ~]# dive --version
dive 0.12.0
  • Cert file list
[root@dockertest .docker]# ls -l ~/.docker
total 64
-r--------. 1 root root 1526 Apr 29 08:41 ca-certs.crt
-rw-r--r--. 1 root root 1526 Apr 29 08:41 ca.pem
-rw-r--r--. 1 root root  745 Aug  8 22:02 cert.pem
-r--------. 1 root root  745 Aug  8 22:02 client.crt
-rw-r-----. 1 root root  351 Aug  8 22:02 client.csr
-r--------. 1 root root  241 Aug  8 22:02 client.key
-rw-------. 1 root root 2439 Aug  8 22:02 client.pfx
-rw-------. 1 root root  138 Aug  9 10:52 config.json
drwxr-x---. 3 root root   18 Aug  8 10:17 contexts
-rw-r-----. 1 root root 1686 Aug  8 22:02 docker.conf
-rw-r-----. 1 root root 1326 Aug  8 22:02 docker-readme.txt
-rw-r-----. 1 root root   75 Aug  8 22:02 ec_param.txt
-rw-r--r--. 1 root root  241 Aug  8 22:02 key.pem
-rw-r-----. 1 root root  802 Aug  8 22:02 server.crt
-rw-r-----. 1 root root  355 Aug  8 22:02 server.csr
-rw-------. 1 root root  241 Aug  8 22:02 server.key
-rw-------. 1 root root 2471 Aug  8 22:02 server.pfx
  • execute docker images and ourput
[root@dockertest .docker]# docker images
REPOSITORY   TAG                             IMAGE ID       CREATED         SIZE
tomcat       9-jdk21-openjdk-slim-bullseye   1df941cf8cb3   11 months ago   459MB
  • .bashrc(part)
...
# Docker环境变量
export DOCKER_HOST=tcp://192.168.186.23:2376 DOCKER_TLS_VERIFY=1
  • docker info
[root@dockertest ~]# docker info
Client: Docker Engine - Community
 Version:    27.1.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.16.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: 27.1.1
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: local
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.14.0-325.el9.x86_64
 Operating System: CentOS Stream 9
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.894GiB
 Name: dockertest
 ID: 70f654cb-3cfe-4406-ab78-b7b232524a5d
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://s32r8oam.mirror.aliyuncs.com/
 Live Restore Enabled: false
  • execute dive tomcat:9-jdk21-openjdk-slim-bullseye
Image Source: docker://tomcat:9-jdk21-openjdk-slim-bullseye
Fetching image... (this can take a while for large images)
cannot fetch image
could not read CA certificate "~/.docker/ca.pem": open ~/.docker/ca.pem: no such file or directory
@mosaicwang mosaicwang added the bug Something isn't working label Aug 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mosaicwang